openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
June 2019
- 2 participants
- 93 discussions
[security-announce] openSUSE-SU-2019:1576-1: moderate: Security update for sssd
by opensuse-security@opensuse.org 18 Jun '19
by opensuse-security@opensuse.org 18 Jun '19
18 Jun '19
openSUSE Security Update: Security update for sssd
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1576-1
Rating: moderate
References: #1124194 #1132879
Cross-References: CVE-2018-16838
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for sssd fixes the following issues:
Security issue fixed:
- CVE-2018-16838: Fixed an authentication bypass related to the Group
Policy Objects implementation (bsc#1124194).
Non-security issue fixed:
- Create directory to download and cache GPOs (bsc#1132879)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1576=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libipa_hbac-devel-1.13.4-21.1
libipa_hbac0-1.13.4-21.1
libipa_hbac0-debuginfo-1.13.4-21.1
libsss_idmap-devel-1.13.4-21.1
libsss_idmap0-1.13.4-21.1
libsss_idmap0-debuginfo-1.13.4-21.1
libsss_nss_idmap-devel-1.13.4-21.1
libsss_nss_idmap0-1.13.4-21.1
libsss_nss_idmap0-debuginfo-1.13.4-21.1
libsss_sudo-1.13.4-21.1
libsss_sudo-debuginfo-1.13.4-21.1
python-ipa_hbac-1.13.4-21.1
python-ipa_hbac-debuginfo-1.13.4-21.1
python-sss_nss_idmap-1.13.4-21.1
python-sss_nss_idmap-debuginfo-1.13.4-21.1
python-sssd-config-1.13.4-21.1
python-sssd-config-debuginfo-1.13.4-21.1
sssd-1.13.4-21.1
sssd-ad-1.13.4-21.1
sssd-ad-debuginfo-1.13.4-21.1
sssd-debuginfo-1.13.4-21.1
sssd-debugsource-1.13.4-21.1
sssd-ipa-1.13.4-21.1
sssd-ipa-debuginfo-1.13.4-21.1
sssd-krb5-1.13.4-21.1
sssd-krb5-common-1.13.4-21.1
sssd-krb5-common-debuginfo-1.13.4-21.1
sssd-krb5-debuginfo-1.13.4-21.1
sssd-ldap-1.13.4-21.1
sssd-ldap-debuginfo-1.13.4-21.1
sssd-proxy-1.13.4-21.1
sssd-proxy-debuginfo-1.13.4-21.1
sssd-tools-1.13.4-21.1
sssd-tools-debuginfo-1.13.4-21.1
- openSUSE Leap 42.3 (x86_64):
sssd-32bit-1.13.4-21.1
sssd-debuginfo-32bit-1.13.4-21.1
References:
https://www.suse.com/security/cve/CVE-2018-16838.html
https://bugzilla.suse.com/1124194
https://bugzilla.suse.com/1132879
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1572-1: moderate: Security update for php7
by opensuse-security@opensuse.org 18 Jun '19
by opensuse-security@opensuse.org 18 Jun '19
18 Jun '19
openSUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1572-1
Rating: moderate
References: #1118832 #1119396 #1126711 #1126713 #1126821
#1126823 #1126827 #1127122 #1128722 #1128883
#1128886 #1128887 #1128889 #1128892 #1129032
#1132837 #1132838 #1134322
Cross-References: CVE-2018-19935 CVE-2018-20783 CVE-2019-11034
CVE-2019-11035 CVE-2019-11036 CVE-2019-9020
CVE-2019-9021 CVE-2019-9022 CVE-2019-9023
CVE-2019-9024 CVE-2019-9637 CVE-2019-9638
CVE-2019-9639 CVE-2019-9640 CVE-2019-9641
CVE-2019-9675
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves 16 vulnerabilities and has two fixes
is now available.
Description:
This update for php7 fixes the following issues:
Security issues fixed:
- CVE-2019-9637: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128892).
- CVE-2019-9675: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128886).
- CVE-2019-9638: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension ((bsc#1128889).
- CVE-2019-9639: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128887).
- CVE-2019-9640: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128883).
- CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS
server to make PHP misuse memcpy (bsc#1126827).
- CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
could allow to a hostile XMLRPC server to cause memory read outside the
allocated areas (bsc#1126821).
- CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
(bsc#1126711).
- CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which
could allow an attacker to read allocated and unallocated memory when
parsing a phar file (bsc#1127122).
- CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
reading functions which could allow an attacker to read allocated and
unallocated memory when parsing a phar file (bsc#1126713).
- CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
mbstring regular expression functions (bsc#1126823).
- CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
and improved insecure implementation
of rename function (bsc#1128722).
- CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be
triggered via an empty string in the message argument to imap_mail
(bsc#1118832).
- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
(bsc#1132838).
- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
(bsc#1132837).
- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function
leading to information disclosure (bsc#1134322).
Other issue addressed:
- Deleted README.default_socket_timeout which is not needed anymore
(bsc#1129032).
- Enabled php7 testsuite (bsc#1119396).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1572=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
apache2-mod_php7-7.2.5-lp151.6.3.1
apache2-mod_php7-debuginfo-7.2.5-lp151.6.3.1
php7-7.2.5-lp151.6.3.1
php7-bcmath-7.2.5-lp151.6.3.1
php7-bcmath-debuginfo-7.2.5-lp151.6.3.1
php7-bz2-7.2.5-lp151.6.3.1
php7-bz2-debuginfo-7.2.5-lp151.6.3.1
php7-calendar-7.2.5-lp151.6.3.1
php7-calendar-debuginfo-7.2.5-lp151.6.3.1
php7-ctype-7.2.5-lp151.6.3.1
php7-ctype-debuginfo-7.2.5-lp151.6.3.1
php7-curl-7.2.5-lp151.6.3.1
php7-curl-debuginfo-7.2.5-lp151.6.3.1
php7-dba-7.2.5-lp151.6.3.1
php7-dba-debuginfo-7.2.5-lp151.6.3.1
php7-debuginfo-7.2.5-lp151.6.3.1
php7-debugsource-7.2.5-lp151.6.3.1
php7-devel-7.2.5-lp151.6.3.1
php7-dom-7.2.5-lp151.6.3.1
php7-dom-debuginfo-7.2.5-lp151.6.3.1
php7-embed-7.2.5-lp151.6.3.1
php7-embed-debuginfo-7.2.5-lp151.6.3.1
php7-enchant-7.2.5-lp151.6.3.1
php7-enchant-debuginfo-7.2.5-lp151.6.3.1
php7-exif-7.2.5-lp151.6.3.1
php7-exif-debuginfo-7.2.5-lp151.6.3.1
php7-fastcgi-7.2.5-lp151.6.3.1
php7-fastcgi-debuginfo-7.2.5-lp151.6.3.1
php7-fileinfo-7.2.5-lp151.6.3.1
php7-fileinfo-debuginfo-7.2.5-lp151.6.3.1
php7-firebird-7.2.5-lp151.6.3.1
php7-firebird-debuginfo-7.2.5-lp151.6.3.1
php7-fpm-7.2.5-lp151.6.3.1
php7-fpm-debuginfo-7.2.5-lp151.6.3.1
php7-ftp-7.2.5-lp151.6.3.1
php7-ftp-debuginfo-7.2.5-lp151.6.3.1
php7-gd-7.2.5-lp151.6.3.1
php7-gd-debuginfo-7.2.5-lp151.6.3.1
php7-gettext-7.2.5-lp151.6.3.1
php7-gettext-debuginfo-7.2.5-lp151.6.3.1
php7-gmp-7.2.5-lp151.6.3.1
php7-gmp-debuginfo-7.2.5-lp151.6.3.1
php7-iconv-7.2.5-lp151.6.3.1
php7-iconv-debuginfo-7.2.5-lp151.6.3.1
php7-intl-7.2.5-lp151.6.3.1
php7-intl-debuginfo-7.2.5-lp151.6.3.1
php7-json-7.2.5-lp151.6.3.1
php7-json-debuginfo-7.2.5-lp151.6.3.1
php7-ldap-7.2.5-lp151.6.3.1
php7-ldap-debuginfo-7.2.5-lp151.6.3.1
php7-mbstring-7.2.5-lp151.6.3.1
php7-mbstring-debuginfo-7.2.5-lp151.6.3.1
php7-mysql-7.2.5-lp151.6.3.1
php7-mysql-debuginfo-7.2.5-lp151.6.3.1
php7-odbc-7.2.5-lp151.6.3.1
php7-odbc-debuginfo-7.2.5-lp151.6.3.1
php7-opcache-7.2.5-lp151.6.3.1
php7-opcache-debuginfo-7.2.5-lp151.6.3.1
php7-openssl-7.2.5-lp151.6.3.1
php7-openssl-debuginfo-7.2.5-lp151.6.3.1
php7-pcntl-7.2.5-lp151.6.3.1
php7-pcntl-debuginfo-7.2.5-lp151.6.3.1
php7-pdo-7.2.5-lp151.6.3.1
php7-pdo-debuginfo-7.2.5-lp151.6.3.1
php7-pgsql-7.2.5-lp151.6.3.1
php7-pgsql-debuginfo-7.2.5-lp151.6.3.1
php7-phar-7.2.5-lp151.6.3.1
php7-phar-debuginfo-7.2.5-lp151.6.3.1
php7-posix-7.2.5-lp151.6.3.1
php7-posix-debuginfo-7.2.5-lp151.6.3.1
php7-readline-7.2.5-lp151.6.3.1
php7-readline-debuginfo-7.2.5-lp151.6.3.1
php7-shmop-7.2.5-lp151.6.3.1
php7-shmop-debuginfo-7.2.5-lp151.6.3.1
php7-snmp-7.2.5-lp151.6.3.1
php7-snmp-debuginfo-7.2.5-lp151.6.3.1
php7-soap-7.2.5-lp151.6.3.1
php7-soap-debuginfo-7.2.5-lp151.6.3.1
php7-sockets-7.2.5-lp151.6.3.1
php7-sockets-debuginfo-7.2.5-lp151.6.3.1
php7-sodium-7.2.5-lp151.6.3.1
php7-sodium-debuginfo-7.2.5-lp151.6.3.1
php7-sqlite-7.2.5-lp151.6.3.1
php7-sqlite-debuginfo-7.2.5-lp151.6.3.1
php7-sysvmsg-7.2.5-lp151.6.3.1
php7-sysvmsg-debuginfo-7.2.5-lp151.6.3.1
php7-sysvsem-7.2.5-lp151.6.3.1
php7-sysvsem-debuginfo-7.2.5-lp151.6.3.1
php7-sysvshm-7.2.5-lp151.6.3.1
php7-sysvshm-debuginfo-7.2.5-lp151.6.3.1
php7-testresults-7.2.5-lp151.6.3.1
php7-tidy-7.2.5-lp151.6.3.1
php7-tidy-debuginfo-7.2.5-lp151.6.3.1
php7-tokenizer-7.2.5-lp151.6.3.1
php7-tokenizer-debuginfo-7.2.5-lp151.6.3.1
php7-wddx-7.2.5-lp151.6.3.1
php7-wddx-debuginfo-7.2.5-lp151.6.3.1
php7-xmlreader-7.2.5-lp151.6.3.1
php7-xmlreader-debuginfo-7.2.5-lp151.6.3.1
php7-xmlrpc-7.2.5-lp151.6.3.1
php7-xmlrpc-debuginfo-7.2.5-lp151.6.3.1
php7-xmlwriter-7.2.5-lp151.6.3.1
php7-xmlwriter-debuginfo-7.2.5-lp151.6.3.1
php7-xsl-7.2.5-lp151.6.3.1
php7-xsl-debuginfo-7.2.5-lp151.6.3.1
php7-zip-7.2.5-lp151.6.3.1
php7-zip-debuginfo-7.2.5-lp151.6.3.1
php7-zlib-7.2.5-lp151.6.3.1
php7-zlib-debuginfo-7.2.5-lp151.6.3.1
- openSUSE Leap 15.1 (noarch):
php7-pear-7.2.5-lp151.6.3.1
php7-pear-Archive_Tar-7.2.5-lp151.6.3.1
References:
https://www.suse.com/security/cve/CVE-2018-19935.html
https://www.suse.com/security/cve/CVE-2018-20783.html
https://www.suse.com/security/cve/CVE-2019-11034.html
https://www.suse.com/security/cve/CVE-2019-11035.html
https://www.suse.com/security/cve/CVE-2019-11036.html
https://www.suse.com/security/cve/CVE-2019-9020.html
https://www.suse.com/security/cve/CVE-2019-9021.html
https://www.suse.com/security/cve/CVE-2019-9022.html
https://www.suse.com/security/cve/CVE-2019-9023.html
https://www.suse.com/security/cve/CVE-2019-9024.html
https://www.suse.com/security/cve/CVE-2019-9637.html
https://www.suse.com/security/cve/CVE-2019-9638.html
https://www.suse.com/security/cve/CVE-2019-9639.html
https://www.suse.com/security/cve/CVE-2019-9640.html
https://www.suse.com/security/cve/CVE-2019-9641.html
https://www.suse.com/security/cve/CVE-2019-9675.html
https://bugzilla.suse.com/1118832
https://bugzilla.suse.com/1119396
https://bugzilla.suse.com/1126711
https://bugzilla.suse.com/1126713
https://bugzilla.suse.com/1126821
https://bugzilla.suse.com/1126823
https://bugzilla.suse.com/1126827
https://bugzilla.suse.com/1127122
https://bugzilla.suse.com/1128722
https://bugzilla.suse.com/1128883
https://bugzilla.suse.com/1128886
https://bugzilla.suse.com/1128887
https://bugzilla.suse.com/1128889
https://bugzilla.suse.com/1128892
https://bugzilla.suse.com/1129032
https://bugzilla.suse.com/1132837
https://bugzilla.suse.com/1132838
https://bugzilla.suse.com/1134322
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1571-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 18 Jun '19
by opensuse-security@opensuse.org 18 Jun '19
18 Jun '19
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1571-1
Rating: important
References: #1012382 #1050242 #1051510 #1053043 #1056787
#1058115 #1061840 #1064802 #1065600 #1065729
#1066129 #1068546 #1071995 #1075020 #1082387
#1083647 #1085535 #1093389 #1099658 #1103992
#1104353 #1104427 #1111666 #1111696 #1113722
#1115688 #1117114 #1117158 #1117561 #1118139
#1120091 #1120423 #1120566 #1120902 #1124503
#1126206 #1126356 #1127616 #1128432 #1130699
#1131673 #1133190 #1133612 #1133616 #1134090
#1134671 #1134730 #1134738 #1134743 #1134806
#1134936 #1134945 #1134946 #1134947 #1134948
#1134949 #1134950 #1134951 #1134952 #1134953
#1134972 #1134974 #1134975 #1134980 #1134981
#1134983 #1134987 #1134989 #1134990 #1134994
#1134995 #1134998 #1134999 #1135018 #1135021
#1135024 #1135026 #1135027 #1135028 #1135029
#1135031 #1135033 #1135034 #1135035 #1135036
#1135037 #1135038 #1135039 #1135041 #1135042
#1135044 #1135045 #1135046 #1135047 #1135049
#1135051 #1135052 #1135053 #1135055 #1135056
#1135058 #1135153 #1135542 #1135556 #1135642
#1135661 #1136188 #1136206 #1136215 #1136345
#1136347 #1136348 #1136353 #1136424 #1136428
#1136430 #1136432 #1136434 #1136435 #1136438
#1136439 #1136456 #1136460 #1136461 #1136469
#1136477 #1136478 #1136498 #1136573 #1136586
#1136598 #1136881 #1136922 #1136935 #1136978
#1136990 #1137151 #1137152 #1137153 #1137162
#1137201 #1137224 #1137232 #1137233 #1137236
#1137372 #1137429 #1137444 #1137586 #1137739
#1137752 #1137995 #1137996 #1137998 #1137999
#1138000 #1138002 #1138003 #1138005 #1138006
#1138007 #1138008 #1138009 #1138010 #1138011
#1138012 #1138013 #1138014 #1138015 #1138016
#1138017 #1138018 #1138019 #1138291 #1138293
#1138336 #1138374 #1138375
Cross-References: CVE-2019-10124 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479 CVE-2019-11487 CVE-2019-12380
CVE-2019-12382 CVE-2019-12456 CVE-2019-12818
CVE-2019-12819 CVE-2019-3846
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 167 fixes
is now available.
Description:
The openSUSE Leap 15.1 was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote
attacker such that one can trigger an integer overflow, leading to a
kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which would fragment the TCP retransmission queue. A remote attacker may
have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection. (bsc#1137586)
- CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which would fragment the RACK send map. A remote attacker may be able to
further exploit the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that same TCP
connection. This would have resulted in excess resource consumption due
to low mss values. (bsc#1137586)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a
fixed_mdio_bus_init use-after-free. This will cause a denial of service
(bnc#1138291).
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller did not check for
this, it will trigger a NULL pointer dereference. This will cause denial
of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c
(bnc#1138293).
- CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in
_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local
users to cause a denial of service or possibly have unspecified other
impact by changing the value of ioc_number between two kernel reads of
that value, aka a "double fetch" vulnerability. (bnc#1136922)
- CVE-2019-12380: An issue was discovered in the efi subsystem in the
Linux kernel phys_efi_set_virtual_address_map in
arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
arch/x86/platform/efi/efi_64.c mishandle memory allocation failures
(bnc#1136598).
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network (bnc#1136424).
- CVE-2019-10124: An attacker could exploit an issue in the hwpoison
implementation to cause a denial of service (BUG). (bsc#1130699)
- CVE-2019-12382: In the drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which
might allow an attacker to cause a denial of service (NULL pointer
dereference and system crash) (bnc#1136586).
- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count
overflow, with resultant use-after-free issues, if about 140 GiB of RAM
exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,
mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests
(bnc#1133190).
The following non-security bugs were fixed:
- ACPI: Add Hygon Dhyana support ().
- ACPI: fix menuconfig presentation of ACPI submenu (bsc#1117158).
- ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
(bsc#1051510).
- ALSA: firewire-motu: fix destruction of data for isochronous resources
(bsc#1051510).
- ALSA: hda/realtek - Enable micmute LED for Huawei laptops (bsc#1051510).
- ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops
(bsc#1051510).
- ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510).
- ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
- ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
- arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
- arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158).
- arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).
- arm64: fix ACPI dependencies (bsc#1117158).
- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
table (bsc#1117158).
- arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_ACPI
- ARM: iop: do not use using 64-bit DMA masks (bsc#1051510).
- ARM: orion: do not use using 64-bit DMA masks (bsc#1051510).
- ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
- ASoC: eukrea-tlv320: fix a leaked reference by adding missing
of_node_put (bsc#1051510).
- ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
- ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510).
- ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
(bsc#1051510).
- ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510).
- batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
(bsc#1051510).
- bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
(jsc#SLE-4797).
- blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
- block: Do not revalidate bdev of hidden gendisk (bsc#1120091).
- Bluetooth: Check key sizes only when Secure Simple Pairing is enabled
(bsc#1135556).
- bnx2x: Add support for detection of P2P event packets (bsc#1136498
jsc#SLE-4699).
- bnx2x: Bump up driver version to 1.713.36 (bsc#1136498 jsc#SLE-4699).
- bnx2x: fix spelling mistake "dicline" -> "decline" (bsc#1136498
jsc#SLE-4699).
- bnx2x: fix various indentation issues (bsc#1136498 jsc#SLE-4699).
- bnx2x: Remove set but not used variable 'mfw_vn' (bsc#1136498
jsc#SLE-4699).
- bnx2x: Replace magic numbers with macro definitions (bsc#1136498
jsc#SLE-4699).
- bnx2x: Use struct_size() in kzalloc() (bsc#1136498 jsc#SLE-4699).
- bnx2x: Utilize FW 7.13.11.0 (bsc#1136498 jsc#SLE-4699).
- bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices
(bsc#1137224).
- bnxt_en: Add support for BCM957504 (bsc#1137224).
- bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090
jsc#SLE-5954).
- bnxt_en: Fix possible BUG() condition when calling pci_disable_msix()
(bsc#1134090 jsc#SLE-5954).
- bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error
conditions (bsc#1134090 jsc#SLE-5954).
- bnxt_en: Fix statistics context reservation logic (bsc#1134090
jsc#SLE-5954).
- bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090
jsc#SLE-5954).
- bnxt_en: Free short FW command HWRM memory in error path in
bnxt_init_one() (bsc#1050242).
- bnxt_en: Improve multicast address setup logic (bsc#1134090
jsc#SLE-5954).
- bnxt_en: Improve multicast address setup logic
(networking-stable-19_05_04).
- bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954).
- bnxt_en: Pass correct extended TX port statistics size to firmware
(bsc#1134090 jsc#SLE-5954).
- bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090
jsc#SLE-5954).
- bonding: fix event handling for stacked bonds
(networking-stable-19_04_19).
- bpf: add map_lookup_elem_sys_only for lookups from syscall side
(bsc#1083647).
- bpf: Add missed newline in verifier verbose log (bsc#1056787).
- bpf, lru: avoid messing with eviction heuristics upon syscall lookup
(bsc#1083647).
- brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510).
- brcmfmac: fix missing checks for kmemdup (bsc#1051510).
- brcmfmac: fix NULL pointer derefence during USB disconnect (bsc#1111666).
- brcmfmac: fix Oops when bringing up interface during USB disconnect
(bsc#1051510).
- brcmfmac: fix race during disconnect when USB completion is in progress
(bsc#1051510).
- brcmfmac: fix WARNING during USB disconnect in case of unempty psq
(bsc#1051510).
- broadcom: Mark expected switch fall-throughs (bsc#1136498 jsc#SLE-4699).
- btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881).
- btrfs: fix fsync not persisting changed attributes of a directory
(bsc#1137151).
- btrfs: fix race between ranged fsync and writeback of adjacent ranges
(bsc#1136477).
- btrfs: fix race updating log root item during fsync (bsc#1137153).
- btrfs: fix wrong ctime and mtime of a directory after log replay
(bsc#1137152).
- btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer
dereference (bsc#1134806).
- btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON()
(bsc#1133612).
- btrfs: tree-checker: detect file extent items with overlapping ranges
(bsc#1136478).
- chardev: add additional check for minor range overlap (bsc#1051510).
- chelsio: use BUG() instead of BUG_ON(1) (bsc#1136345 jsc#SLE-4681).
- config: arm64: enable CN99xx uncore pmu References: bsc#1117114
- configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510).
- cpufreq: Add Hygon Dhyana support ().
- cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().
- crypto: chcr - ESN for Inline IPSec Tx (bsc#1136353 jsc#SLE-4688).
- crypto: chcr - small packet Tx stalls the queue (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - avoid using sa_entry imm (bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - check set_msg_len overflow in generate_b0 (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - cleanup:send addr as value in function argument
(bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - clean up various indentation issues (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - count incomplete block in IV (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Fixed Traffic Stall (bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - Fix NULL pointer dereference (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_op
(bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - Fix softlockup with heavy I/O (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Fix wrong error counter increments (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Handle PCI shutdown event (bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - Inline single pdu only (bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - remove set but not used variable 'kctx_len'
(bsc#1136353 jsc#SLE-4688).
- crypto: chelsio - remove set but not used variables 'adap' (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Reset counters on cxgb4 Detach (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Swap location of AAD and IV sent in WR (bsc#1136353
jsc#SLE-4688).
- crypto: chelsio - Use same value for both channel in single WR
(bsc#1136353 jsc#SLE-4688).
- crypto: chtls - remove cdev_list_lock (bsc#1136353 jsc#SLE-4688).
- crypto: chtls - remove set but not used variables 'err, adap, request,
hws' (bsc#1136353 jsc#SLE-4688).
- crypto: prefix header search paths with $(srctree)/ (bsc#1136353
jsc#SLE-4688).
- crypto: qat - move temp buffers off the stack (jsc#SLE-4818).
- crypto: qat - no need to check return value of debugfs_create functions
(jsc#SLE-4818).
- crypto: qat - Remove unused goto label (jsc#SLE-4818).
- crypto: qat - Remove VLA usage (jsc#SLE-4818).
- crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661,
bsc#1137162).
- crypto: vmx - return correct error code on failed setkey (bsc#1135661,
bsc#1137162).
- cxgb4: Add new T6 PCI device ids 0x608b (bsc#1136345 jsc#SLE-4681).
- cxgb4: add tcb flags and tcb rpl struct (bsc#1136345 jsc#SLE-4681).
- cxgb4: Add VF Link state support (bsc#1136345 jsc#SLE-4681).
- cxgb4/chtls: Prefix adapter flags with CXGB4 (bsc#1136345 jsc#SLE-4681).
- cxgb4/cxgb4vf: Display advertised FEC in ethtool (bsc#1136345
jsc#SLE-4681).
- cxgb4/cxgb4vf: Fix up netdev->hw_features (bsc#1136345 jsc#SLE-4681).
- cxgb4/cxgb4vf_main: Mark expected switch fall-through (bsc#1136345
jsc#SLE-4681).
- cxgb4: Delete all hash and TCAM filters before resource cleanup
(bsc#1136345 jsc#SLE-4681).
- cxgb4: Do not return EAGAIN when TCAM is full (bsc#1136345 jsc#SLE-4681).
- cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681).
- cxgb4: Enable outer UDP checksum offload for T6 (bsc#1136345
jsc#SLE-4681).
- cxgb4: Fix error path in cxgb4_init_module (bsc#1136345 jsc#SLE-4681).
- cxgb4: free mac_hlist properly (bsc#1136345 jsc#SLE-4681).
- cxgb4: kfree mhp after the debug print (bsc#1136345 jsc#SLE-4681).
- cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1136345
jsc#SLE-4681).
- cxgb4: remove DEFINE_SIMPLE_DEBUGFS_FILE() (bsc#1136345 jsc#SLE-4681).
- cxgb4: remove set but not used variables 'multitrc, speed' (bsc#1136345
jsc#SLE-4681).
- cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size"
(bsc#1136345 jsc#SLE-4681).
- cxgb4: TLS record offload enable (bsc#1136345 jsc#SLE-4681).
- cxgb4: Update 1.23.3.0 as the latest firmware supported (bsc#1136345
jsc#SLE-4681).
- cxgb4: use firmware API for validating filter spec (bsc#1136345
jsc#SLE-4681).
- cxgb4vf: Call netif_carrier_off properly in pci_probe (bsc#1136347
jsc#SLE-4683).
- cxgb4vf: Enter debugging mode if FW is inaccessible (bsc#1136347
jsc#SLE-4683).
- cxgb4vf: free mac_hlist properly (bsc#1136345 jsc#SLE-4681).
- cxgb4vf: Prefix adapter flags with CXGB4VF (bsc#1136347 jsc#SLE-4683).
- cxgb4vf: Revert force link up behaviour (bsc#1136347 jsc#SLE-4683).
- dmaengine: at_xdmac: remove BUG_ON macro in tasklet (bsc#1111666).
- dmaengine: ioat: constify pci_device_id (jsc#SLE-5442).
- dmaengine: ioatdma: add descriptor pre-fetch support for v3.4
(jsc#SLE-5442).
- dmaengine: ioatdma: Add intr_coalesce sysfs entry (jsc#SLE-5442).
- dmaengine: ioatdma: Add Snow Ridge ioatdma device id (jsc#SLE-5442).
- dmaengine: ioatdma: disable DCA enabling on IOATDMA v3.4 (jsc#SLE-5442).
- dmaengine: ioatdma: set the completion address register after channel
reset (jsc#SLE-5442).
- dmaengine: ioatdma: support latency tolerance report (LTR) for v3.4
(jsc#SLE-5442).
- dmaengine: ioat: do not use DMA_ERROR_CODE (jsc#SLE-5442).
- dmaengine: ioat: fix prototype of ioat_enumerate_channels (jsc#SLE-5442).
- dmaengine: pl330: _stop: clear interrupt status (bsc#1111666).
- dmaengine: Replace WARN_TAINT_ONCE() with pr_warn_once() (jsc#SLE-5442).
- dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666).
- dmaengine: tegra210-adma: restore channel status (bsc#1111666).
- docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
- Documentation: Add MDS vulnerability documentation (bsc#1135642).
- Documentation: Correct the possible MDS sysfs values (bsc#1135642).
- Documentation: perf: Add documentation for ThunderX2 PMU uncore driver
().
- drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
- drbd: disconnect, if the wrong UUIDs are attached on a connected peer
(bsc#1051510).
- drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
- drbd: skip spurious timeout (ping-timeo) when failing promote
(bsc#1051510).
- drivers: acpi: add dependency of EFI for arm64 (bsc#1117158).
- drivers/dma/ioat: Remove now-redundant smp_read_barrier_depends()
(jsc#SLE-5442).
- drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver ().
- drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
- drm: add non-desktop quirk for Valve HMDs (bsc#1111666).
- drm: add non-desktop quirks to Sensics and OSVR headsets (bsc#1111666).
- drm/amd/display: Fix Divide by 0 in memory calculations (bsc#1111666).
- drm/amd/display: fix releasing planes when exiting odm (bsc#1111666).
- drm/amd/display: Set stream->mode_changed when connectors change
(bsc#1111666).
- drm/amd/display: Use plane->color_space for dpp if specified
(bsc#1111666).
- drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510).
- drm/amdgpu/psp: move psp version specific function pointers to
early_init (bsc#1111666).
- drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when
hotplug-in (bsc#1111666).
- drm: do not block fb changes for async plane updates (bsc#1111666).
- drm_dp_cec: add note about good MegaChips 2900 CEC support (bsc#1136978).
- drm_dp_cec: check that aux has a transfer function (bsc#1136978).
- drm/drv: Hold ref on parent device during drm_device lifetime
(bsc#1051510).
- drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
- drm: etnaviv: avoid DMA API warning when importing buffers (bsc#1111666).
- drm/etnaviv: lock MMU while dumping core (bsc#1113722)
- drm/gma500/cdv: Check vbt config bits when detecting lvds panels
(bsc#1051510).
- drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722)
- drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware
(bsc#1051510).
- drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722)
- drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bsc#1111666).
- drm/i915/gvt: refine ggtt range validation (bsc#1113722)
- drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+
(bsc#1113722)
- drm/i915: Maintain consistent documentation subsection ordering
(bsc#1111666).
- drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
- drm/i915/sdvo: Implement proper HDMI audio support for SDVO
(bsc#1051510).
- drm/lease: Make sure implicit planes are leased (bsc#1111666).
- drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
(bsc#1111666).
- drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
(bsc#1111666).
- drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
- drm/mediatek: fix unbind functions (bsc#1111666).
- drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
- drm/msm: a5xx: fix possible object reference leak (bsc#1111666).
- drm/msm: fix fb references in async update (bsc#1111666).
- drm/nouveau/bar/nv50: ensure BAR is mapped (bsc#1111666).
- drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
configuration (bsc#1051510).
- drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722)
- drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd
when encoders change (bsc#1111666).
- drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
(bsc#1111666).
- drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
(bsc#1111666).
- drm/panel: otm8009a: Add delay at the end of initialization
(bsc#1111666).
- drm/pl111: fix possible object reference leak (bsc#1111666).
- drm/radeon: prefer lower reference dividers (bsc#1051510).
- drm/sun4i: dsi: Change the start delay calculation (bsc#1111666).
- drm/sun4i: dsi: Enforce boundaries on the start delay (bsc#1111666).
- drm/sun4i: Fix sun8i HDMI PHY clock initialization (bsc#1111666).
- drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz
(bsc#1111666).
- drm/v3d: Handle errors from IRQ setup (bsc#1111666).
- drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set
(bsc#1051510).
- drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
invalid read (bsc#1051510).
- drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
(bsc#1113722)
- drm: Wake up next in drm_read() chain if we are forced to putback the
event (bsc#1051510).
- dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902).
- dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902).
- dt-bindings: net: Add binding for the external clock for TI WiLink
(bsc#1085535).
- dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902).
- e1000e: Disable runtime PM on CNP+ (jsc#SLE-4804).
- e1000e: Exclude device from suspend direct complete optimization
(jsc#SLE-4804).
- e1000e: fix a missing check for return value (jsc#SLE-4804).
- EDAC, amd64: Add Hygon Dhyana support ().
- efi: add API to reserve memory persistently across kexec reboot
(bsc#1117158).
- efi/arm: Defer persistent reservations until after paging_init()
(bsc#1117158).
- efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158
bsc#1115688 bsc#1120566). Enable NFSv4.2 support - jsc@PM-231 This
requires a module parameter for NFSv4.2 to actually be available on
SLE12 and SLE15-SP0
- efi/arm: libstub: add a root memreserve config table (bsc#1117158).
- efi/arm: map UEFI memory map even w/o runtime services enabled
(bsc#1117158).
- efi/arm: preserve early mapping of UEFI memory map longer for BGRT
(bsc#1117158).
- efi/arm: Revert "Defer persistent reservations until after
paging_init()" (bsc#1117158).
- efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158).
- efi: honour memory reservations passed via a linux specific config table
(bsc#1117158).
- efi: Permit calling efi_mem_reserve_persistent() from atomic context
(bsc#1117158).
- efi: Permit multiple entries in persistent memreserve data structure
(bsc#1117158).
- efi: Prevent GICv3 WARN() by mapping the memreserve table before first
use (bsc#1117158).
- efi: Reduce the amount of memblock reservations for persistent
allocations (bsc#1117158).
- ext4: avoid panic during forced reboot due to aborted journal
(bsc#1126356).
- ext4: fix data corruption caused by overlapping unaligned and aligned IO
(bsc#1136428).
- ext4: make sanity check in mballoc more strict (bsc#1136439).
- ext4: wait for outstanding dio during truncate in nojournal mode
(bsc#1136438).
- extcon: arizona: Disable mic detect if running when driver is removed
(bsc#1051510).
- fbdev: fix divide error in fb_var_to_videomode (bsc#1113722)
- fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722)
- firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).
- fm10k: TRIVIAL cleanup of extra spacing in function comment
(jsc#SLE-4796).
- fm10k: use struct_size() in kzalloc() (jsc#SLE-4796).
- fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback
(bsc#1136432).
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
into workqueue when umount (bsc#1136435).
- ftrace/x86_64: Emulate call function while updating in breakpoint
handler (bsc#1099658).
- fuse: fallocate: fix return with locked inode (bsc#1051510).
- fuse: fix writepages on 32bit (bsc#1051510).
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).
- gpio: fix gpio-adp5588 build errors (bsc#1051510).
- gpio: Remove obsolete comment about gpiochip_free_hogs() usage
(bsc#1051510).
- HID: core: move Usage Page concatenation to Main item (bsc#1093389).
- HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429).
- HID: logitech-hidpp: change low battery level threshold from 31 to 30
percent (bsc#1051510).
- HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
(bsc#1051510).
- HID: wacom: Add ability to provide explicit battery status info
(bsc#1051510).
- HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
- HID: wacom: Add support for Pro Pen slim (bsc#1051510).
- HID: wacom: convert Wacom custom usages to standard HID usages
(bsc#1051510).
- HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
(bsc#1051510).
- HID: wacom: Do not report anything prior to the tool entering range
(bsc#1051510).
- HID: wacom: Do not set tool type until we're in range (bsc#1051510).
- HID: wacom: fix mistake in printk (bsc#1051510).
- HID: wacom: generic: add the "Report Valid" usage (bsc#1051510).
- HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
- HID: wacom: generic: Leave tool in prox until it completely leaves sense
(bsc#1051510).
- HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
- HID: wacom: generic: Report AES battery information (bsc#1051510).
- HID: wacom: generic: Reset events back to zero when pen leaves
(bsc#1051510).
- HID: wacom: generic: Scale battery capacity measurements to percentages
(bsc#1051510).
- HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
(bsc#1051510).
- HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range
(bsc#1051510).
- HID: wacom: generic: Support multiple tools per report (bsc#1051510).
- HID: wacom: generic: Use generic codepath terminology in
wacom_wac_pen_report (bsc#1051510).
- HID: wacom: Mark expected switch fall-through (bsc#1051510).
- HID: wacom: Move handling of HID quirks into a dedicated function
(bsc#1051510).
- HID: wacom: Move HID fix for AES serial number into
wacom_hid_usage_quirk (bsc#1051510).
- HID: wacom: Properly handle AES serial number and tool type
(bsc#1051510).
- HID: wacom: Queue events with missing type/serial data for later
processing (bsc#1051510).
- HID: wacom: Remove comparison of u8 mode with zero and simplify
(bsc#1051510).
- HID: wacom: Replace touch_max fixup code with static touch_max
definitions (bsc#1051510).
- HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
(bsc#1051510).
- HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible
(bsc#1051510).
- HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
- HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
(bsc#1051510).
- HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
- HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
(bsc#1051510).
- hwmon: (core) add thermal sensors only if dev->of_node is present
(bsc#1051510).
- hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
(bsc#1051510).
- hwrng: omap - Set default quality (bsc#1051510).
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510).
- i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331).
- i2c: synquacer: fix synquacer_i2c_doxfer() return value (bsc#1111666).
- i40e: Able to add up to 16 MAC filters on an untrusted VF (jsc#SLE-4797).
- i40e: add new pci id for X710/XXV710 N3000 cards (jsc#SLE-4797).
- i40e: add num_vectors checker in iwarp handler (jsc#SLE-4797).
- i40e: Add support FEC configuration for Fortville 25G (jsc#SLE-4797).
- i40e: Add support for X710 B/P & SFP+ cards (jsc#SLE-4797).
- i40e: add tracking of AF_XDP ZC state for each queue pair (jsc#SLE-4797).
- i40e: change behavior on PF in response to MDD event (jsc#SLE-4797).
- i40e: Changed maximum supported FW API version to 1.8 (jsc#SLE-4797).
- i40e: Change unmatched function types (jsc#SLE-4797).
- i40e: check queue pairs num in config queues handler (jsc#SLE-4797).
- i40e: clean up several indentation issues (jsc#SLE-4797).
- i40e: do not allow changes to HW VLAN stripping on active port VLANs
(jsc#SLE-4797).
- i40e: Fix for 10G ports LED not blinking (jsc#SLE-4797).
- i40e: Fix for allowing too many MDD events on VF (jsc#SLE-4797).
- i40e: fix i40e_ptp_adjtime when given a negative delta (jsc#SLE-4797).
- i40e: Fix misleading error message (jsc#SLE-4797).
- i40e: fix misleading message about promisc setting on un-trusted VF
(jsc#SLE-4797).
- i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
(jsc#SLE-4797).
- i40e: Fix the typo in adding 40GE KR4 mode (jsc#SLE-4797).
- i40e: Further implementation of LLDP (jsc#SLE-4797).
- i40e: Implement DDP support in i40e driver (jsc#SLE-4797).
- i40e: increase indentation (jsc#SLE-4797).
- i40e: Introduce recovery mode support (jsc#SLE-4797).
- i40e: Limiting RSS queues to CPUs (jsc#SLE-4797).
- i40e: Memory leak in i40e_config_iwarp_qvlist (jsc#SLE-4797).
- i40e: missing input validation on VF message handling by the PF
(jsc#SLE-4797).
- i40e: move i40e_xsk_umem function (jsc#SLE-4797).
- i40e: print PCI vendor and device ID during probe (jsc#SLE-4797).
- i40e: Queues are reserved despite "Invalid argument" error
(jsc#SLE-4797).
- i40e: remove debugfs tx_timeout support (jsc#SLE-4797).
- i40e: remove error msg when vf with port vlan tries to remove vlan 0
(jsc#SLE-4797).
- i40e: Remove misleading messages for untrusted VF (jsc#SLE-4797).
- i40e: remove out-of-range comparisons in i40e_validate_cloud_filter
(jsc#SLE-4797).
- i40e: Remove umem from VSI (jsc#SLE-4797).
- i40e: Report advertised link modes on 40GBase_LR4, CR4 and fibre
(jsc#SLE-4797).
- i40e: Report advertised link modes on 40GBASE_SR4 (jsc#SLE-4797).
- i40e: Revert ShadowRAM checksum calculation change (jsc#SLE-4797).
- i40e: save PTP time before a device reset (jsc#SLE-4797).
- i40e: Setting VF to VLAN 0 requires restart (jsc#SLE-4797).
- i40e: ShadowRAM checksum calculation change (jsc#SLE-4797).
- i40e: The driver now prints the API version in error message
(jsc#SLE-4797).
- i40e: Update i40e_init_dcb to return correct error (jsc#SLE-4797).
- i40e: update version number (jsc#SLE-4797).
- i40e: update version number (jsc#SLE-4797).
- i40e: Use struct_size() in kzalloc() (jsc#SLE-4797).
- i40e: VF's promiscuous attribute is not kept (jsc#SLE-4797).
- i40e: Wrong truncation from u16 to u8 (jsc#SLE-4797).
- i40iw: Avoid panic when handling the inetdev event (jsc#SLE-4793).
- i40iw: remove support for ib_get_vector_affinity (jsc#SLE-4793).
- i40iw: remove use of VLAN_TAG_PRESENT (jsc#SLE-4793).
- IB/hfi1: Add debugfs to control expansion ROM write protect
(jsc#SLE-4925).
- IB/hfi1: Add selected Rcv counters (jsc#SLE-4925).
- IB/hfi1: Close VNIC sdma_progress sleep window (jsc#SLE-4925).
- IB/hfi1: Consider LMC in 16B/bypass ingress packet check (jsc#SLE-4925).
- IB/hfi1: Correctly process FECN and BECN in packets (jsc#SLE-4925).
- IB/hfi1: Dump pio info for non-user send contexts (jsc#SLE-4925).
- IB/hfi1: Eliminate opcode tests on mr deref (jsc#SLE-4925).
- IB/hfi1: Failed to drain send queue when QP is put into error state
(jsc#SLE-4925).
- IB/hfi1: Fix the allocation of RSM table (jsc#SLE-4925).
- IB/hfi1: Fix two format strings (jsc#SLE-4925).
- IB/hfi1: Fix WQ_MEM_RECLAIM warning (jsc#SLE-4925).
- IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state
(jsc#SLE-4925).
- IB/hfi1: Incorrect sizing of sge for PIO will OOPs (jsc#SLE-4925).
- IB/hfi1: Limit VNIC use of SDMA engines to the available count
(jsc#SLE-4925).
- IB/hfi1: Reduce lock contention on iowait_lock for sdma and pio
(jsc#SLE-4925).
- IB/hfi1: Remove overly conservative VM_EXEC flag check (jsc#SLE-4925).
- IB/hfi1: Remove WARN_ON when freeing expected receive groups
(jsc#SLE-4925).
- IB/hfi1: Unreserve a reserved request when it is completed
(jsc#SLE-4925).
- IB/hw: Remove unneeded semicolons (bsc#1136456 jsc#SLE-4689).
- ibmvnic: Add device identification to requested IRQs (bsc#1137739).
- ibmvnic: Do not close unopened driver during reset (bsc#1137752).
- ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
- ibmvnic: Refresh device multicast list after reset (bsc#1137752).
- ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
- IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace (jsc#SLE-4925).
- IB/rdmavt: Fix frwr memory registration (jsc#SLE-4925).
- IB/rdmavt: Fix loopback send with invalidate ordering (jsc#SLE-4925).
- IB/{rdmavt, hfi1): Miscellaneous comment fixes (jsc#SLE-4925).
- ice: Add 52 byte RSS hash key support (jsc#SLE-4803).
- ice: add and use new ice_for_each_traffic_class() macro (jsc#SLE-4803).
- ice: Add code for DCB initialization part 1/4 (jsc#SLE-4803).
- ice: Add code for DCB initialization part 2/4 (jsc#SLE-4803).
- ice: Add code for DCB initialization part 3/4 (jsc#SLE-4803).
- ice: Add code for DCB initialization part 4/4 (jsc#SLE-4803).
- ice: Add code for DCB rebuild (jsc#SLE-4803).
- ice: Add code to control FW LLDP and DCBX (jsc#SLE-4803).
- ice: Add code to get DCB related statistics (jsc#SLE-4803).
- ice: Add code to process LLDP MIB change events (jsc#SLE-4803).
- ice: add const qualifier to mac_addr parameter (jsc#SLE-4803).
- ice: Add ethtool private flag to make forcing link down optional
(jsc#SLE-4803).
- ice: Add ethtool set_phys_id handler (jsc#SLE-4803).
- ice: Add function to program ethertype based filter rule on VSIs
(jsc#SLE-4803).
- ice: Add missing case in print_link_msg for printing flow control
(jsc#SLE-4803).
- ice: Add missing PHY type to link settings (jsc#SLE-4803).
- ice: Add more validation in ice_vc_cfg_irq_map_msg (jsc#SLE-4803).
- ice: Add priority information into VLAN header (jsc#SLE-4803).
- ice: Add reg_idx variable in ice_q_vector structure (jsc#SLE-4803).
- ice: Add support for adaptive interrupt moderation (jsc#SLE-4803).
- ice: Add support for new PHY types (jsc#SLE-4803).
- ice: Add support for PF/VF promiscuous mode (jsc#SLE-4803).
- ice: Allow for software timestamping (jsc#SLE-4803).
- ice: Always free/allocate q_vectors (jsc#SLE-4803).
- ice: Audit hotpath structures with pahole (jsc#SLE-4803).
- ice: avoid multiple unnecessary de-references in probe (jsc#SLE-4803).
- ice: Bump driver version (jsc#SLE-4803).
- ice: Bump version (jsc#SLE-4803).
- ice: Calculate ITR increment based on direct calculation (jsc#SLE-4803).
- ice: change VF VSI tc info along with num_queues (jsc#SLE-4803).
- ice: check for a leaf node presence (jsc#SLE-4803).
- ice: clear VF ARQLEN register on reset (jsc#SLE-4803).
- ice: code cleanup in ice_sched.c (jsc#SLE-4803).
- ice: configure GLINT_ITR to always have an ITR gran of 2 (jsc#SLE-4803).
- ice: Configure RSS LUT and HASH KEY in rebuild path (jsc#SLE-4803).
- ice: Create a generic name for the ice_rx_flg64_bits structure
(jsc#SLE-4803).
- ice: Create framework for VSI queue context (jsc#SLE-4803).
- ice: Determine descriptor count and ring size based on PAGE_SIZE
(jsc#SLE-4803).
- ice: Disable sniffing VF traffic on PF (jsc#SLE-4803).
- ice: Do not bail out when filter already exists (jsc#SLE-4803).
- ice: Do not let VF know that it is untrusted (jsc#SLE-4803).
- ice: Do not remove VLAN filters that were never programmed
(jsc#SLE-4803).
- ice: Do not set LB_EN for prune switch rules (jsc#SLE-4803).
- ice: do not spam VFs with link messages (jsc#SLE-4803).
- ice: Do not unnecessarily initialize local variable (jsc#SLE-4803).
- ice: Enable LAN_EN for the right recipes (jsc#SLE-4803).
- ice: Enable link events over the ARQ (jsc#SLE-4803).
- ice: Enable MAC anti-spoof by default (jsc#SLE-4803).
- ice: enable VF admin queue interrupts (jsc#SLE-4803).
- ice : Ensure only valid bits are set in ice_aq_set_phy_cfg
(jsc#SLE-4803).
- ice: Fix added in VSI supported nodes calc (jsc#SLE-4803).
- ice: Fix broadcast traffic in port VLAN mode (jsc#SLE-4803).
- ice: Fix for adaptive interrupt moderation (jsc#SLE-4803).
- ice: Fix for allowing too many MDD events on VF (jsc#SLE-4803).
- ice: Fix for FC get rx/tx pause params (jsc#SLE-4803).
- ice: fix ice_remove_rule_internal vsi_list handling (jsc#SLE-4803).
- ice: Fix incorrect use of abbreviations (jsc#SLE-4803).
- ice: Fix issue reclaiming resources back to the pool after reset
(jsc#SLE-4803).
- ice: Fix issue reconfiguring VF queues (jsc#SLE-4803).
- ice: Fix issue when adding more than allowed VLANs (jsc#SLE-4803).
- ice: fix issue where host reboots on unload when iommu=on (jsc#SLE-4803).
- ice: Fix issue with VF attempt to delete default MAC address
(jsc#SLE-4803).
- ice: Fix issue with VF reset and multiple VFs support on PFs
(jsc#SLE-4803).
- ice: fix numeric overflow warning (jsc#SLE-4803).
- ice: fix overlong string, update stats output (jsc#SLE-4803).
- ice: fix some function prototype and signature style issues
(jsc#SLE-4803).
- ice: fix stack hogs from struct ice_vsi_ctx structures (jsc#SLE-4803).
- ice: fix static analysis warnings (jsc#SLE-4803).
- ice: Fix the calculation of ICE_MAX_MTU (jsc#SLE-4803).
- ice: fix the divide by zero issue (jsc#SLE-4803).
- ice: Fix typos in code comments (jsc#SLE-4803).
- ice: flush Tx pipe on disable queue timeout (jsc#SLE-4803).
- ice: Gather the rx buf clean-up logic for better reuse (jsc#SLE-4803).
- ice: Get resources per function (jsc#SLE-4803).
- ice: Get rid of ice_pull_tail (jsc#SLE-4803).
- ice: Get VF VSI instances directly via PF (jsc#SLE-4803).
- ice: Implement flow to reset VFs with PFR and other resets
(jsc#SLE-4803).
- ice: Implement getting and setting ethtool coalesce (jsc#SLE-4803).
- ice: Implement pci_error_handler ops (jsc#SLE-4803).
- ice: Implement support for normal get_eeprom[_len] ethtool ops
(jsc#SLE-4803).
- ice: Introduce bulk update for page count (jsc#SLE-4803).
- ice: Limit the ice_add_rx_frag to frag addition (jsc#SLE-4803).
- ice: map Rx buffer pages with DMA attributes (jsc#SLE-4803).
- ice: Move aggregator list into ice_hw instance (jsc#SLE-4803).
- ice: Offload SCTP checksum (jsc#SLE-4803).
- ice: only use the VF for ICE_VSI_VF in ice_vsi_release (jsc#SLE-4803).
- ice: Preserve VLAN Rx stripping settings (jsc#SLE-4803).
- ice: Prevent unintended multiple chain resets (jsc#SLE-4803).
- ice: Pull out page reuse checks onto separate function (jsc#SLE-4803).
- ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset
(jsc#SLE-4803).
- ice: Reduce scope of variable in ice_vsi_cfg_rxqs (jsc#SLE-4803).
- ice: Refactor a few Tx scheduler functions (jsc#SLE-4803).
- ice: Refactor getting/setting coalesce (jsc#SLE-4803).
- ice: Refactor link event flow (jsc#SLE-4803).
- ice: Remove "2 BITS" comment (jsc#SLE-4803).
- ice: Remove __always_unused attribute (jsc#SLE-4803).
- ice: remove redundant variable and if condition (jsc#SLE-4803).
- ice: Remove runtime change of PFINT_OICR_ENA register (jsc#SLE-4803).
- ice: Remove unnecessary braces (jsc#SLE-4803).
- ice: Remove unnecessary newlines from log messages (jsc#SLE-4803).
- ice: Remove unnecessary wait when disabling/enabling Rx queues
(jsc#SLE-4803).
- ice: Remove unused function prototype (jsc#SLE-4803).
- ice: Remove unused function prototype (jsc#SLE-4803).
- ice: Remove unused vsi_id field (jsc#SLE-4803).
- ice: Reset all VFs with VFLR during SR-IOV init flow (jsc#SLE-4803).
- ice: Resolve static analysis reported issue (jsc#SLE-4803).
- ice: Restore VLAN switch rule if port VLAN existed before (jsc#SLE-4803).
- ice: Retrieve rx_buf in separate function (jsc#SLE-4803).
- ice: Return configuration error without queue to disable (jsc#SLE-4803).
- ice: Rework queue management code for reuse (jsc#SLE-4803).
- ice: Separate if conditions for ice_set_features() (jsc#SLE-4803).
- ice: Set LAN_EN for all directional rules (jsc#SLE-4803).
- ice: Set physical link up/down when an interface is set up/down
(jsc#SLE-4803).
- ice: sizeof(<type>) should be avoided (jsc#SLE-4803).
- ice: Suppress false-positive style issues reported by static analyzer
(jsc#SLE-4803).
- ice: Update comment regarding the ITR_GRAN_S (jsc#SLE-4803).
- ice: Update function header for __ice_vsi_get_qs (jsc#SLE-4803).
- ice: Update rings based on TC information (jsc#SLE-4803).
- ice: update VSI config dynamically (jsc#SLE-4803).
- ice: use absolute vector ID for VFs (jsc#SLE-4803).
- ice: Use bitfields where possible (jsc#SLE-4803).
- ice: Use dev_err when ice_cfg_vsi_lan fails (jsc#SLE-4803).
- ice: Use ice_for_each_q_vector macro where possible (jsc#SLE-4803).
- ice: use ice_for_each_vsi macro when possible (jsc#SLE-4803).
- ice: use irq_num var in ice_vsi_req_irq_msix (jsc#SLE-4803).
- ice: Use more efficient structures (jsc#SLE-4803).
- ice: Use pf instead of vsi-back (jsc#SLE-4803).
- ice: use virt channel status codes (jsc#SLE-4803).
- ice: Validate ring existence and its q_vector per VSI (jsc#SLE-4803).
- igb: Bump version number (jsc#SLE-4798).
- igb: Exclude device from suspend direct complete optimization
(jsc#SLE-4798).
- igb: fix various indentation issues (jsc#SLE-4798).
- igb: Fix WARN_ONCE on runtime suspend (jsc#SLE-4798).
- igb: use struct_size() helper (jsc#SLE-4798).
- igc: Add ethtool support (jsc#SLE-4799).
- igc: Add multiple receive queues control supporting (jsc#SLE-4799).
- igc: Add support for statistics (jsc#SLE-4799).
- igc: Add support for the ntuple feature (jsc#SLE-4799).
- igc: Extend the ethtool supporting (jsc#SLE-4799).
- igc: Fix code redundancy (jsc#SLE-4799).
- igc: Fix the typo in igc_base.h header definition (jsc#SLE-4799).
- igc: Remove the 'igc_get_phy_id_base' method (jsc#SLE-4799).
- igc: Remove the 'igc_read_mac_addr_base' method (jsc#SLE-4799).
- igc: Remove unneeded code (jsc#SLE-4799).
- igc: Remove unneeded hw_dbg prints (jsc#SLE-4799).
- igc: Remove unreachable code from igc_phy.c file (jsc#SLE-4799).
- igc: Remove unused code (jsc#SLE-4799).
- igc: Use struct_size() helper (jsc#SLE-4799).
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
(bsc#1051510).
- iio: common: ssp_sensors: Initialize calculated_time in
ssp_common_process_data (bsc#1051510).
- iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).
- include/linux/bitops.h: introduce BITS_PER_TYPE (bsc#1136345
jsc#SLE-4681).
- indirect call wrappers: helpers to speed-up indirect calls of builtin
(bsc#1124503).
- infiniband: hfi1: drop crazy DEBUGFS_SEQ_FILE_CREATE() macro
(jsc#SLE-4925).
- infiniband: hfi1: no need to check return value of debugfs_create
functions (jsc#SLE-4925).
- infiniband/qedr: Potential null ptr dereference of qp (bsc#1136456
jsc#SLE-4689).
- intel: correct return from set features callback (jsc#SLE-4795).
- iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump
kernel (bsc#1117158).
- iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158
bsc#1134671).
- ip_gre: fix parsing gre header in ipgre_err (git-fixes).
- ipv4: add sanity checks in ipv4_link_failure() (git-fixes).
- ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
(git-fixes).
- ipv4: ensure rcu_read_lock() in ipv4_link_failure()
(networking-stable-19_04_19).
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
(networking-stable-19_05_04).
- ipv4: recompile ip options in ipv4_link_failure
(networking-stable-19_04_19).
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day
(networking-stable-19_04_30).
- ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes).
- ipv6: invert flowlabel sharing check in process and user mode
(git-fixes).
- ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes).
- iw_cxgb4: Check for send WR also while posting write with completion WR
(bsc#1136348 jsc#SLE-4684).
- iw_cxgb4: complete the cached SRQ buffers (bsc#1136348 jsc#SLE-4684).
- iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684).
- iw_cxgb4: fix srqidx leak during connection abort (bsc#1136348
jsc#SLE-4684).
- iw_cxgb4: Make function read_tcb() static (bsc#1136348 jsc#SLE-4684).
- iw_cxgb4: use listening ep tos when accepting new connections
(bsc#1136348 jsc#SLE-4684).
- iw_cxgb4: use tos when finding ipv6 routes (bsc#1136348 jsc#SLE-4684).
- iw_cxgb4: use tos when importing the endpoint (bsc#1136348 jsc#SLE-4684).
- iw_cxgb*: kzalloc the iwcm verbs struct (bsc#1136348 jsc#SLE-4684).
- iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
(bsc#1051510).
- iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510).
- ixgbe: fix mdio bus registration (jsc#SLE-4795).
- ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN
(jsc#SLE-4795).
- ixgbe: register a mdiobus (jsc#SLE-4795).
- ixgbe: remove magic constant in ixgbe_reset_hw_82599() (jsc#SLE-4795).
- ixgbe: use mii_bus to handle MII related ioctls (jsc#SLE-4795).
- ixgbe: Use struct_size() helper (jsc#SLE-4795).
- jbd2: check superblock mapped prior to committing (bsc#1136430).
- kabi: arm64: cpuhotplug: Reuse other arch's cpuhp_state ().
- kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
- kabi i40e ignore include (jsc#SLE-4797).
- kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647).
- kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout
(bsc#1137586).
- kABI: protect dma-mapping.h include (kabi).
- kabi protect struct iw_cm_id (bsc#1136348 jsc#SLE-4684).
- kABI: protect struct pci_dev (kabi).
- kabi protect struct vf_info (bsc#1136347 jsc#SLE-4683).
- kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730
LTC#173388).
- kabi/severities: exclude hns3 symbols (bsc#1134948)
- kabi/severities: exclude qed* symbols (bsc#1136461)
- kabi/severities: missed hns roce module
- kabi/severities: Whitelist airq_iv_* (s390-specific)
- kabi/severities: Whitelist more s390x internal symbols
- kabi/severities: Whitelist s390 internal-only symbols
- kABI workaround for the new pci_dev.skip_bus_pm field addition
(bsc#1051510).
- kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes).
- kernel/sys.c: prctl: fix false positive in validate_prctl_map()
(git-fixes).
- keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642).
- KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers
(bsc#1061840).
- KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough
interrupts (bsc#1061840).
- KVM: PPC: Book3S: Protect memslots while validating user address
(bsc#1061840).
- KVM: PPC: Release all hardware TCE tables attached to a group
(bsc#1061840).
- KVM: PPC: Remove redundand permission bits removal (bsc#1061840).
- KVM: PPC: Validate all tces before updating tables (bsc#1061840).
- KVM: PPC: Validate TCEs against preregistered memory page sizes
(bsc#1061840).
- KVM: s390: fix memory overwrites when not using SCA entries
(bsc#1136206).
- KVM: s390: provide io interrupt kvm_stat (bsc#1136206).
- KVM: s390: use created_vcpus in more places (bsc#1136206).
- KVM: s390: vsie: fix < 8k check for the itdba (bsc#1136206).
- leds: avoid flush_work in atomic context (bsc#1051510).
- libcxgb: fix incorrect ppmax calculation (bsc#1136345 jsc#SLE-4681).
- livepatch: Convert error about unsupported reliable stacktrace into a
warning (bsc#1071995).
- livepatch: Remove custom kobject state handling (bsc#1071995).
- livepatch: Remove duplicated code for early initialization (bsc#1071995).
- mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).
- mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).
- media: au0828: Fix NULL pointer dereference in
au0828_analog_stream_enable() (bsc#1051510).
- media: au0828: stop video streaming only when last user stops
(bsc#1051510).
- media: coda: clear error return value before picture run (bsc#1051510).
- media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
- media: go7007: avoid clang frame overflow warning with KASAN
(bsc#1051510).
- media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
(bsc#1051510).
- media: ov2659: make S_FMT succeed even if requested format does not
match (bsc#1051510).
- media: saa7146: avoid high stack usage with clang (bsc#1051510).
- media: smsusb: better handle optional alignment (bsc#1051510).
- media: usb: siano: Fix false-positive "uninitialized variable" warning
(bsc#1051510).
- media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).
- memcg: make it work on sparse non-0-node systems (bnc#1133616).
- memcg: make it work on sparse non-0-node systems kabi (bnc#1133616).
- mfd: da9063: Fix OTP control register names to match datasheets for
DA9063/63L (bsc#1051510).
- mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
- mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510).
- mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
- mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
- mlxsw: spectrum: Fix autoneg status in ethtool
(networking-stable-19_04_30).
- mmc: block: Delete gendisk before cleaning up the request queue
(bsc#1127616).
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
(bsc#1051510).
- mmc: core: Verify SD bus width (bsc#1051510).
- mmc: mmci: Prevent polling for busy detection in IRQ context
(bsc#1051510).
- mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time
problem (bsc#1051510).
- mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
(bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
(bsc#1051510).
- mmc_spi: add a status check for spi_sync_locked (bsc#1051510).
- mm-Fix-modifying-of-page-protection-by-insert_pfn.patch: Fix buggy
backport leading to MAP_SYNC failures (bsc#1137372)
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
- mount: copy the port field into the cloned nfs_server structure
(bsc#1136990).
- mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash
(jsc#SLE-5358).
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
- mwifiex: Fix possible buffer overflows at parsing bss descriptor
- neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes).
- net: atm: Fix potential Spectre v1 vulnerabilities
(networking-stable-19_04_19).
- net: chelsio: Add a missing check on cudg_get_buffer (bsc#1136345
jsc#SLE-4681).
- net: cxgb4: fix various indentation issues (bsc#1136345 jsc#SLE-4681).
- net: do not keep lonely packets forever in the gro hash (git-fixes).
- net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
(networking-stable-19_05_04).
- net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
(git-fixes).
- net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696
bsc#1117561).
- netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
(git-fixes).
- netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
(git-fixes).
- netfilter: nf_tables: fix leaking object reference count (git-fixes).
- netfilter: nft_compat: do not dump private area (git-fixes).
- net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
(networking-stable-19_04_19).
- net: hns3: add counter for times RX pages gets allocated (bsc#1104353
bsc#1134947).
- net: hns3: add error handler for initializing command queue (bsc#1104353
bsc#1135058).
- net: hns3: add function type check for debugfs help information
(bsc#1104353 bsc#1134980).
- net: hns3: Add handling of MAC tunnel interruption (bsc#1104353
bsc#1134983).
- net: hns3: add hns3_gro_complete for HW GRO process (bsc#1104353
bsc#1135051).
- net: hns3: add linearizing checking for TSO case (bsc#1104353
bsc#1134947).
- net: hns3: add protect when handling mac addr list (bsc#1104353 ).
- net: hns3: add queue's statistics update to service task (bsc#1104353
bsc#1134981).
- net: hns3: add reset statistics for VF (bsc#1104353 bsc#1134995).
- net: hns3: add reset statistics info for PF (bsc#1104353 bsc#1134995).
- net: hns3: add some debug info for hclgevf_get_mbx_resp() (bsc#1104353
bsc#1134994).
- net: hns3: add some debug information for hclge_check_event_cause
(bsc#1104353 bsc#1134994).
- net: hns3: add support for dump ncl config by debugfs (bsc#1104353
bsc#1134987).
- net: hns3: Add support for netif message level settings (bsc#1104353
bsc#1134989).
- net: hns3: adjust the timing of hns3_client_stop when unloading
(bsc#1104353 bsc#1137201).
- net: hns3: always assume no drop TC for performance reason (bsc#1104353
bsc#1135049).
- net: hns3: check 1000M half for hns3_ethtool_ops.set_link_ksettings
(bsc#1104353 bsc#1137201).
- net: hns3: check resetting status in hns3_get_stats() (bsc#1104353
bsc#1137201).
- net: hns3: code optimization for command queue' spin lock (bsc#1104353
bsc#1135042).
- net: hns3: combine len and checksum handling for inner and outer header
(bsc#1104353 bsc#1134947).
- net: hns3: deactive the reset timer when reset successfully (bsc#1104353
bsc#1137201).
- net: hns3: divide shared buffer between TC (bsc#1104353 bsc#1135047).
- net: hns3: do not initialize MDIO bus when PHY is inexistent
(bsc#1104353 bsc#1135045).
- net: hns3: do not request reset when hardware resetting (bsc#1104353
bsc#1137201).
- net: hns3: dump more information when tx timeout happens (bsc#1104353
bsc#1134990).
- net: hns3: extend the loopback state acquisition time (bsc#1104353).
- net: hns3: fix data race between ring->next_to_clean (bsc#1104353
bsc#1134975 bsc#1134945).
- net: hns3: fix error handling for desc filling (bsc#1104353 ).
- net: hns3: fix for HNS3_RXD_GRO_SIZE_M macro (bsc#1104353 bsc#1137201).
- net: hns3: fix for tunnel type handling in hns3_rx_checksum (bsc#1104353
bsc#1134946).
- net: hns3: fix for TX clean num when cleaning TX BD (bsc#1104353 ).
- net: hns3: fix for vport->bw_limit overflow problem (bsc#1104353
bsc#1134998).
- net: hns3: fix keep_alive_timer not stop problem (bsc#1104353
bsc#1135055).
- net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info()
(bsc#1104353 bsc#1134990).
- net: hns3: fix pause configure fail problem (bsc#1104353 bsc#1134951
bsc#1134951).
- net: hns3: fix set port based VLAN for PF (bsc#1104353 bsc#1135053).
- net: hns3: fix set port based VLAN issue for VF (bsc#1104353
bsc#1135053).
- net: hns3: fix sparse: warning when calling hclge_set_vlan_filter_hw()
(bsc#1104353 bsc#1134999).
- net: hns3: fix VLAN offload handle for VLAN inserted by port
(bsc#1104353 bsc#1135053).
- net: hns3: free the pending skb when clean RX ring (bsc#1104353
bsc#1135044).
- net: hns3: handle pending reset while reset fail (bsc#1104353
bsc#1135058).
- net: hns3: handle the BD info on the last BD of the packet (bsc#1104353
bsc#1134974).
- net: hns3: ignore lower-level new coming reset (bsc#1104353 bsc#1137201).
- net: hns3: Make hclge_destroy_cmd_queue static (bsc#1104353 bsc#1137201).
- net: hns3: Make hclgevf_update_link_mode static (bsc#1104353
bsc#1137201).
- net: hns3: minor optimization for datapath (bsc#1104353 ).
- net: hns3: minor optimization for ring_space (bsc#1104353 ).
- net: hns3: minor refactor for hns3_rx_checksum (bsc#1104353 bsc#1135052).
- net: hns3: modify HNS3_NIC_STATE_INITED flag in
hns3_reset_notify_uninit_enet (bsc#1104353).
- net: hns3: modify the VF network port media type acquisition method
(bsc#1104353 bsc#1137201).
- net: hns3: modify VLAN initialization to be compatible with port based
VLAN (bsc#1104353 bsc#1135053).
- net: hns3: not reset TQP in the DOWN while VF resetting (bsc#1104353
bsc#1134952).
- net: hns3: not reset vport who not alive when PF reset (bsc#1104353
bsc#1137201).
- net: hns3: optimize the barrier using when cleaning TX BD (bsc#1104353
bsc#1134945).
- net: hns3: prevent change MTU when resetting (bsc#1104353 bsc#1137201).
- net: hns3: prevent double free in hns3_put_ring_config() (bsc#1104353
bsc#1134950).
- net: hns3: reduce resources use in kdump kernel (bsc#1104353
bsc#1137201).
- net: hns3: refactor BD filling for l2l3l4 info (bsc#1104353 bsc#1134947).
- net: hns3: refine tx timeout count handle (bsc#1104353 bsc#1134990).
- net: hns3: remove redundant assignment of l2_hdr to itself (bsc#1104353).
- net: hns3: remove reset after command send failed (bsc#1104353
bsc#1134949).
- net: hns3: remove resetting check in hclgevf_reset_task_schedule
(bsc#1104353 bsc#1135056).
- net: hns3: return 0 and print warning when hit duplicate MAC
(bsc#1104353 bsc#1137201).
- net: hns3: set dividual reset level for all RAS and MSI-X errors
(bsc#1104353 bsc#1135046).
- net: hns3: set up the vport alive state while reinitializing
(bsc#1104353 bsc#1137201).
- net: hns3: set vport alive state to default while resetting (bsc#1104353
bsc#1137201).
- net: hns3: simplify hclgevf_cmd_csq_clean (bsc#1104353 ).
- net: hns3: some cleanup for struct hns3_enet_ring (bsc#1104353
bsc#1134947).
- net: hns3: split function hnae3_match_n_instantiate() (bsc#1104353).
- net: hns3: stop mailbox handling when command queue need re-init
(bsc#1104353 bsc#1135058).
- net: hns3: stop sending keep alive msg when VF command queue needs
reinit (bsc#1104353 bsc#1134972).
- net: hns3: unify maybe_stop_tx for TSO and non-TSO case (bsc#1104353
bsc#1134947).
- net: hns3: unify the page reusing for page size 4K and 64K (bsc#1104353
bsc#1134947).
- net: hns3: use a reserved byte to identify need_resp flag (bsc#1104353).
- net: hns3: use atomic_t replace u32 for arq's count (bsc#1104353
bsc#1134953).
- net: hns3: use devm_kcalloc when allocating desc_cb (bsc#1104353
bsc#1134947).
- net: hns3: use napi_schedule_irqoff in hard interrupts handlers
(bsc#1104353 bsc#1134947).
- net/ibmvnic: Remove tests of member address (bsc#1137739).
- net/ipv4: defensive cipso option parsing (git-fixes).
- net: make skb_partial_csum_set() more robust against overflows
(git-fixes).
- net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
(networking-stable-19_04_30).
- net/mlx5e: Fix trailing semicolon (bsc#1075020).
- net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020).
- net: phy: marvell: add new default led configure for m88e151x
(bsc#1135018).
- net: phy: marvell: change default m88e1510 LED configuration
(bsc#1135018).
- net: phy: marvell: Enable interrupt function on LED2 pin (bsc#1135018).
- net: phy: marvell: Fix buffer overrun with stats counters
(networking-stable-19_05_04).
- net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30).
- net/rose: fix unbound loop in rose_loopback_timer()
(networking-stable-19_04_30).
- net/sched: do not dereference a->goto_chain to read the chain index
(bsc#1064802 bsc#1066129).
- net: stmmac: move stmmac_check_ether_addr() to driver probe
(networking-stable-19_04_30).
- net: thunderx: do not allow jumbo frames with XDP
(networking-stable-19_04_19).
- net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19).
- net/tls: free ctx in sock destruct (bsc#1136353 jsc#SLE-4688).
- net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).
- net: use indirect call wrappers at GRO network layer (bsc#1124503).
- net: use indirect call wrappers at GRO transport layer (bsc#1124503).
- NFS add module option to limit NFSv4 minor version (jsc#PM-231).
- nvme: Do not remove namespaces during reset (bsc#1131673).
- nvme: flush scan_work when resetting controller (bsc#1131673).
- nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
- nvmem: core: fix read buffer in place (bsc#1051510).
- nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
- nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us
(bsc#1051510).
- nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
(bsc#1051510).
- nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
- nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
- nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function
(bsc#1051510).
- nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
- nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
- nvmem: imx-ocotp: Update module description (bsc#1051510).
- nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
- nvme-rdma: fix possible free of a non-allocated async event buffer
(bsc#1120423).
- nvme: skip nvme_update_disk_info() if the controller is not live
(bsc#1128432).
- objtool: Fix function fallthrough detection (bsc#1058115).
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434).
- of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
- p54: drop device reference count if fails to enable device (bsc#1135642).
- parport: Fix mem leak in parport_register_dev_model (bsc#1051510).
- PCI: endpoint: Use EPC's device in
dma_alloc_coherent()/dma_free_coherent() (git-fixes).
- PCI: Factor out pcie_retrain_link() function (git-fixes).
- PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
- PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
(git-fixes).
- perf tools: Add Hygon Dhyana support ().
- platform/chrome: cros_ec_proto: check for NULL transfer function
(bsc#1051510).
- platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
(bsc#1111666).
- platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Add Package cstates residency info
(jsc#SLE-5226).
- platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown
(jsc#SLE-5226).
- platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
registration (bsc#1051510).
- platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems
DMI table (bsc#1051510).
- platform/x86: pmc_atom: Add several Beckhoff Automation boards to
critclk_systems DMI table (bsc#1051510).
- PM / core: Propagate dev->power.wakeup_path when no callbacks
(bsc#1051510).
- powerpc: Always initialize input array when calling epapr_hypercall()
(bsc#1065729).
- powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
(bsc#1138374, LTC#178199).
- powerpc/eeh: Fix race with driver un/bind (bsc#1065729).
- powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729).
- powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729).
- powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
- powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729).
- powerpc/process: Fix sparse address space warnings (bsc#1065729).
- powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375,
LTC#178204).
- powerpc/pseries/mobility: prevent cpu hotplug during DT update
(bsc#1138374, LTC#178199).
- powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
(bsc#1138374, LTC#178199).
- power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
- power: supply: sysfs: prevent endless uevent loop with
CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
- ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
(git-fixes).
- qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461
jsc#SLE-4692).
- qed: Add infrastructure for error detection and recovery (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461
jsc#SLE-4692).
- qed: Add llh ppfid interface and 100g support for offload protocols
(bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461
jsc#SLE-4692).
- qede: Fix internal loopback failure with jumbo mtu configuration
(bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qede: fix write to free'd pointer error and double free of ptp
(bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qede: place ethtool_rx_flow_spec after code after TC flower codebase
(bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qede: Populate mbi version in ethtool driver query data (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: fix indentation issue with statements in an if-block (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Fix iWARP buffer size provided for syn packet processing
(bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Fix iWARP syn packet mac address validation (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461
jsc#SLE-4692).
- qed: fix spelling mistake "faspath" -> "fastpath" (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: fix spelling mistake "inculde" -> "include" (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461
jsc#SLE-4692).
- qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Modify api for performing a dmae to another PF (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Modify offload protocols to use the affined engine (bsc#1136460
jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qedr: Change the MSI-X vectors selection to be based on affined engine
(bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Revise load sequence to avoid PCI errors (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691
bsc#1136461 jsc#SLE-4692).
- qla2xxx: kABI fixes for v10.00.00.14-k (bsc#1136215).
- qla2xxx: kABI fixes for v10.01.00.15-k (bsc#1136215).
- qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
- qlcnic: remove assumption that vlan_tci != 0 (bsc#1136469 jsc#SLE-4695).
- qlcnic: remove set but not used variables 'cur_rings, max_hw_rings,
tx_desc_info' (bsc#1136469 jsc#SLE-4695).
- qlcnic: remove set but not used variables 'op, cmd_op' (bsc#1136469
jsc#SLE-4695).
- qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
- RDMA/cxbg: Use correct sizing on buffers holding page DMA addresses
(bsc#1136348 jsc#SLE-4684).
- RDMA/cxgb4: Do not expose DMA addresses (bsc#1136348 jsc#SLE-4684).
- RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
(bsc#1136348 jsc#SLE-4684).
- RDMA/cxgb4: Fix spelling mistake "immedate" -> "immediate" (bsc#1136348
jsc#SLE-4684).
- RDMA/cxgb4: Remove kref accounting for sync operation (bsc#1136348
jsc#SLE-4684).
- RDMA/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684).
- RDMA/hns: Add constraint on the setting of local ACK timeout
(bsc#1104427 bsc#1137233).
- RDMA/hns: Add SCC context allocation support for hip08 (bsc#1104427
bsc#1126206).
- RDMA/hns: Add SCC context clr support for hip08 (bsc#1104427
bsc#1126206).
- RDMA/hns: Add the process of AEQ overflow for hip08 (bsc#1104427
bsc#1126206).
- RDMA/hns: Add timer allocation support for hip08 (bsc#1104427
bsc#1126206).
- RDMA/hns: Bugfix for mapping user db (bsc#1104427 bsc#1137236).
- RDMA/hns: Bugfix for posting multiple srq work request (bsc#1104427
bsc#1137236).
- RDMA/hns: Bugfix for SCC hem free (bsc#1104427 bsc#1137236).
- RDMA/hns: Bugfix for sending with invalidate (bsc#1104427 bsc#1137236).
- RDMA/hns: Bugfix for set hem of SCC (bsc#1104427 bsc#1137236).
- RDMA/hns: Bugfix for the scene without receiver queue (bsc#1104427
bsc#1137233).
- RDMA/hns: Configure capacity of hns device (bsc#1104427 bsc#1137236).
- RDMA/hns: Delete unused variable in hns_roce_v2_modify_qp function
(bsc#1104427).
- RDMA/hns: Delete useful prints for aeq subtype event (bsc#1104427
bsc#1126206).
- RDMA/hns: Fix bad endianess of port_pd variable (bsc#1104427 ).
- RDMA/hns: Fix bug that caused srq creation to fail (bsc#1104427 ).
- RDMA/hns: Fix the bug with updating rq head pointer when flush cqe
(bsc#1104427 bsc#1137233).
- RDMA/hns: Fix the chip hanging caused by sending doorbell during reset
(bsc#1104427 bsc#1137232).
- RDMA/hns: Fix the chip hanging caused by sending mailbox&CMQ during
reset (bsc#1104427 bsc#1137232).
- RDMA/hns: Fix the Oops during rmmod or insmod ko when reset occurs
(bsc#1104427 bsc#1137232).
- RDMA/hns: Fix the state of rereg mr (bsc#1104427 bsc#1137236).
- RDMA/hns: Hide error print information with roce vf device (bsc#1104427
bsc#1137236).
- RDMA/hns: Limit minimum ROCE CQ depth to 64 (bsc#1104427 bsc#1137236).
- RDMA/hns: Limit scope of hns_roce_cmq_send() (bsc#1104427 ).
- RDMA/hns: Make some function static (bsc#1104427 bsc#1126206).
- RDMA/hns: Modify qp&cq&pd specification according to UM (bsc#1104427
bsc#1137233).
- RDMA/hns: Modify the pbl ba page size for hip08 (bsc#1104427
bsc#1137233).
- RDMA/hns: Move spin_lock_irqsave to the correct place (bsc#1104427
bsc#1137236).
- RDMA/hns: Only assgin some fields if the relatived attr_mask is set
(bsc#1104427).
- RDMA/hns: Only assign the fields of the rq psn if IB_QP_RQ_PSN is set
(bsc#1104427).
- RDMA/hns: Only assign the relatived fields of psn if IB_QP_SQ_PSN is set
(bsc#1104427).
- RDMA/hns: RDMA/hns: Assign rq head pointer when enable rq record db
(bsc#1104427 bsc#1137236).
- RDMA/hns: Remove jiffies operation in disable interrupt context
(bsc#1104427 bsc#1137236).
- RDMA/hns: Remove set but not used variable 'rst' (bsc#1104427
bsc#1126206).
- RDMA/hns: Set allocated memory to zero for wrid (bsc#1104427
bsc#1137236).
- RDMA/hns: Support to create 1M srq queue (bsc#1104427 ).
- RDMA/hns: Update CQE specifications (bsc#1104427 bsc#1137236).
- RDMA/hns: Update the range of raq_psn field of qp context (bsc#1104427).
- RDMA/i40iw: Handle workqueue allocation failure (jsc#SLE-4793).
- RDMA/iwcm: add tos_set bool to iw_cm struct (bsc#1136348 jsc#SLE-4684).
- RDMA/iw_cxgb4: Always disconnect when QP is transitioning to TERMINATE
state (bsc#1136348 jsc#SLE-4684).
- RDMA/qedr: Fix incorrect device rate (bsc#1136188).
- RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1136456
jsc#SLE-4689).
- RDMA/rdmavt: Use correct sizing on buffers holding page DMA addresses
(jsc#SLE-4925).
- RDMA/rxe: Consider skb reserve space based on netdev of GID
(bsc#1082387, bsc#1103992).
- Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire
laptops" (bsc#1051510).
- Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen
enters range" (bsc#1051510).
- rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).
- rtc: da9063: set uie_unsupported when relevant (bsc#1051510).
- rtc: do not reference bogus function pointer in kdoc (bsc#1051510).
- rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510).
- rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
- rtlwifi: fix potential NULL pointer dereference (bsc#1111666).
- s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 bsc#1134730
LTC#173388).
- s390/airq: recognize directed interrupts (jsc#SLE-5789 bsc#1134730
LTC#173388).
- s390: enable processes for mio instructions (jsc#SLE-5802 bsc#1134738
LTC#173387).
- s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802
bsc#1134738 LTC#173387).
- s390/pci: add parameter to disable usage of MIO instructions
(jsc#SLE-5802 bsc#1134738 LTC#173387).
- s390/pci: add parameter to force floating irqs (jsc#SLE-5789 bsc#1134730
LTC#173388).
- s390/pci: clarify interrupt vector usage (jsc#SLE-5789 bsc#1134730
LTC#173388).
- s390/pci: fix assignment of bus resources (jsc#SLE-5802 bsc#1134738
LTC#173387).
- s390/pci: fix struct definition for set PCI function (jsc#SLE-5802
bsc#1134738 LTC#173387).
- s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789
bsc#1134730 LTC#173388).
- s390/pci: mark command line parser data __initdata (jsc#SLE-5789
bsc#1134730 LTC#173388).
- s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789
bsc#1134730 LTC#173388).
- s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802
bsc#1134738 LTC#173387).
- s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789
bsc#1134730 LTC#173388).
- s390/pci: provide support for MIO instructions (jsc#SLE-5802 bsc#1134738
LTC#173387).
- s390/pci: remove stale rc (jsc#SLE-5789 bsc#1134730 LTC#173388).
- s390/pci: remove unused define (jsc#SLE-5789 bsc#1134730 LTC#173388).
- s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759
bsc#1135153 LTC#173151).
- s390/protvirt: block kernel command line alteration (jsc#SLE-5759
bsc#1135153 LTC#173151).
- s390/sclp: detect DIRQ facility (jsc#SLE-5789 bsc#1134730 LTC#173388).
- s390: show statistics for MSI IRQs (jsc#SLE-5789 bsc#1134730 LTC#173388).
- s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 bsc#1135153
LTC#173151).
- scsi: hisi: KABI ignore new symbols (bsc#1135038).
- scsi: hisi_sas: add host reset interface for test (bsc#1135041).
- scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset()
(bsc#1135033).
- scsi: hisi_sas: Adjust the printk format of functions
hisi_sas_init_device() (bsc#1135037).
- scsi: hisi_sas: allocate different SAS address for directly attached
situation (bsc#1135036).
- scsi: hisi_sas: Do not fail IT nexus reset for Open Reject timeout
(bsc#1135033).
- scsi: hisi_sas: Do not hard reset disk during controller reset
(bsc#1135034).
- scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected
(bsc#1135038).
- scsi: hisi_sas: Remedy inconsistent PHY down state in software
(bsc#1135039).
- scsi: hisi_sas: remove the check of sas_dev status in
hisi_sas_I_T_nexus_reset() (bsc#1135037).
- scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP
target port (bsc#1135037).
- scsi: hisi_sas: Set PHY linkrate when disconnected (bsc#1135038).
- scsi: hisi_sas: Some misc tidy-up (bsc#1135031).
- scsi: hisi_sas: Support all RAS events with MSI interrupts (bsc#1135035).
- scsi: libsas: Do discovery on empty PHY to update PHY info (bsc#1135024).
- scsi: libsas: Improve vague log in SAS rediscovery (bsc#1135027).
- scsi: libsas: Inject revalidate event for root port event (bsc#1135026).
- scsi: libsas: Print expander PHY indexes in decimal (bsc#1135021).
- scsi: libsas: Stop hardcoding SAS address length (bsc#1135029).
- scsi: libsas: Support SATA PHY connection rate unmatch fixing during
discovery (bsc#1135028).
- scsi: libsas: Try to retain programmed min linkrate for SATA min pathway
unmatch fixing (bsc#1135028).
- scsi: qedf: fixup bit operations (bsc#1135542).
- scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542).
- scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542).
- scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism
(bsc#1136215).
- scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1136215).
- scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1136215).
- scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1136215).
- scsi: qla2xxx: Add new FW dump template entry types (bsc#1136215).
- scsi: qla2xxx: Add protection mask module parameters (bsc#1136215).
- scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1136215).
- scsi: qla2xxx: Add support for multiple fwdump templates/segments
(bsc#1136215).
- scsi: qla2xxx: Add support for setting port speed (bsc#1136215).
- scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not
supported (bsc#1136215).
- scsi: qla2xxx: avoid printf format warning (bsc#1136215).
- scsi: qla2xxx: Check for FW started flag before aborting (bsc#1136215).
- scsi: qla2xxx: check for kstrtol() failure (bsc#1136215).
- scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1136215).
- scsi: qla2xxx: Correction and improvement to fwdt processing
(bsc#1136215).
- scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1136215).
- scsi: qla2xxx: Declare local functions 'static' (bsc#1137444).
- scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1136215).
- scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary
(bsc#1136215).
- scsi: qla2xxx: fix error message on <qla2400 (bsc#1118139).
- scsi: qla2xxx: Fix function argument descriptions (bsc#1118139).
- scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by
firmware (bsc#1136215).
- scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139).
- scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
(bsc#1136215).
- scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash()
(bsc#1136215).
- scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1136215).
- scsi: qla2xxx: fix spelling mistake: "existant" -> "existent"
(bsc#1118139).
- scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1136215).
- scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444).
- scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).
- scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444).
- scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp()
(bsc#1137444).
- scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze
(bsc#1137444).
- scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes
'res' (bsc#1137444).
- scsi: qla2xxx: Move debug messages before sending srb preventing panic
(bsc#1136215).
- scsi: qla2xxx: Move marker request behind QPair (bsc#1136215).
- scsi: qla2xxx: no need to check return value of debugfs_create functions
(bsc#1136215).
- scsi: qla2xxx: NULL check before some freeing functions is not needed
(bsc#1137444).
- scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1136215).
- scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1136215).
- scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444).
- scsi: qla2xxx: Remove FW default template (bsc#1136215).
- scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1136215).
- scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139).
- scsi: qla2xxx: Remove two arguments from qlafx00_error_entry()
(bsc#1137444).
- scsi: qla2xxx: Remove unused symbols (bsc#1118139).
- scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1136215).
- scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1136215).
- scsi: qla2xxx: Simplification of register address used in qla_tmpl.c
(bsc#1136215).
- scsi: qla2xxx: Simplify conditional check again (bsc#1136215).
- scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function
(bsc#1137444).
- scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1136215).
- scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1136215).
- scsi: qla2xxx: Update flash read/write routine (bsc#1136215).
- scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of
reinventing them (bsc#1137444).
- scsi: qla2xxx: Use %p for printing pointers (bsc#1118139).
- scsi: zfcp: make DIX experimental, disabled, and independent of DIF
(jsc#SLE-6772).
- sctp: avoid running the sctp state machine recursively
(networking-stable-19_05_04).
- serial: sh-sci: disable DMA for uart_console (bsc#1051510).
- signal: Always notice exiting tasks (git-fixes).
- signal: Better detection of synchronous signals (git-fixes).
- signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
(bsc#1051510).
- spi: Fix zero length xfer bug (bsc#1051510).
- spi-nor: intel-spi: Add support for Intel Comet Lake SPI serial flash
(jsc#SLE-5358).
- spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331).
- spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
- spi: spi-fsl-spi: call spi_finalize_current_message() at the end
(bsc#1051510).
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
- spi: tegra114: reset controller on probe (bsc#1051510).
- Staging: vc04_services: Fix a couple error codes (bsc#1051510).
- staging: vc04_services: prevent integer overflow in create_pagelist()
(bsc#1051510).
- staging: wlan-ng: fix adapter initialization failure (bsc#1051510).
- stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30).
- supported.conf: Add cls_bpf, sch_ingress to kernel-default-base
(bsc#1134743).
- switchtec: Fix unintended mask of MRPC event (git-fixes).
- tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
- tcp: limit payload size of sacked skbs (bsc#1137586).
- tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
- tcp: tcp_grow_window() needs to respect tcp_space()
(networking-stable-19_04_19).
- team: fix possible recursive locking when add slaves
(networking-stable-19_04_30).
- test_firmware: Use correct snprintf() limit (bsc#1135642).
- thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
- tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes).
- tipc: missing entries in name table of publications
(networking-stable-19_04_19).
- tools/cpupower: Add Hygon Dhyana support ().
- tracing: Fix partial reading of trace event's id file (bsc#1136573).
- treewide: Use DEVICE_ATTR_WO (bsc#1137739).
- tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
- tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).
- udp: use indirect call wrappers for GRO socket lookup (bsc#1124503).
- Update config files for NFSv4.2
- Update cx2072x patches to follow the upstream development (bsc#1068546)
- USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
(bsc#1051510).
- USB: core: Do not unbind interfaces following device reset failure
(bsc#1051510).
- usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
- USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
(bsc#1051510).
- usbip: usbip_host: fix BUG: sleeping function called from invalid
context (bsc#1051510).
- usbip: usbip_host: fix stub_dev lock context imbalance regression
(bsc#1051510).
- usbnet: fix kernel crash after disconnect (bsc#1051510).
- USB: rio500: fix memory leak in close after disconnect (bsc#1051510).
- USB: rio500: refuse more than one device at a time (bsc#1051510).
- USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).
- userfaultfd: use RCU to free the task struct when fork fails (git-fixes).
- vhost: reject zero size iova range (networking-stable-19_04_19).
- video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
- video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
- virtio_console: initialize vtermno value for ports (bsc#1051510).
- vxlan: trivial indenting fix (bsc#1051510).
- vxlan: use __be32 type for the param vni in __vxlan_fdb_delete
(bsc#1051510).
- w1: fix the resume command API (bsc#1051510).
- watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
- wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
(bsc#1111666).
- x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
- x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
- x86/alternative: Init ideal_nops for Hygon Dhyana ().
- x86/amd_nb: Check vendor in AMD-only functions ().
- x86/apic: Add Hygon Dhyana support ().
- x86/bugs: Add Hygon Dhyana to the respective mitigation machinery ().
- x86/CPU: Add Icelake model number (jsc#SLE-5226).
- x86/cpu: Create Hygon Dhyana architecture support file ().
- x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().
- x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
processors ().
- x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().
- x86/events: Add Hygon Dhyana support to PMU infrastructure ().
- x86/kvm: Add Hygon Dhyana support to KVM ().
- x86/mce: Add Hygon Dhyana support to the MCA infrastructure ().
- x86/mce: Do not disable MCA banks when offlining a CPU on AMD ().
- x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge ().
- x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana ().
- x86/umip: Make the UMIP activated message generic (bsc#1138336).
- x86/umip: Print UMIP line only once (bsc#1138336).
- x86/xen: Add Hygon Dhyana support to Xen ().
- xenbus: drop useless LIST_HEAD in xenbus_write_watch() and
xenbus_file_write() (bsc#1065600).
- xen/pciback: Do not disable PCI_COMMAND on PCI device reset
(bsc#1065600).
- xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018).
- xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013).
- xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003).
- xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999).
- xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005).
- xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019).
- xfs: fix s_maxbytes overflow problems (bsc#1137996).
- xfs: make xfs_writepage_map extent map centric (bsc#1138009).
- xfs: minor cleanup for xfs_get_blocks (bsc#1138000).
- xfs: move all writeback buffer_head manipulation into xfs_map_at_offset
(bsc#1138014).
- xfs: refactor the tail of xfs_writepage_map (bsc#1138016).
- xfs: remove the imap_valid flag (bsc#1138012).
- xfs: remove unused parameter from xfs_writepage_map (bsc#1137995).
- xfs: remove XFS_IO_INVALID (bsc#1138017).
- xfs: remove xfs_map_cow (bsc#1138007).
- xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).
- xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006).
- xfs: remove xfs_start_page_writeback (bsc#1138015).
- xfs: rename the offset variable in xfs_writepage_map (bsc#1138008).
- xfs: serialize unaligned dio writes against all other dio writes
(bsc#1134936).
- xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly
(bsc#1138011).
- xfs: skip CoW writes past EOF when writeback races with truncate
(bsc#1137998).
- xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002).
- xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
(bsc#1051510).
- xhci: update bounce buffer with correct sg num (bsc#1051510).
- xhci: Use %zu for printing size_t type (bsc#1051510).
- xsk: export xdp_get_umem_from_qid (jsc#SLE-4797).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1571=1
Package List:
- openSUSE Leap 15.1 (x86_64):
kernel-debug-4.12.14-lp151.28.7.1
kernel-debug-base-4.12.14-lp151.28.7.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.7.1
kernel-debug-debuginfo-4.12.14-lp151.28.7.1
kernel-debug-debugsource-4.12.14-lp151.28.7.1
kernel-debug-devel-4.12.14-lp151.28.7.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.7.1
kernel-default-4.12.14-lp151.28.7.1
kernel-default-base-4.12.14-lp151.28.7.1
kernel-default-base-debuginfo-4.12.14-lp151.28.7.1
kernel-default-debuginfo-4.12.14-lp151.28.7.1
kernel-default-debugsource-4.12.14-lp151.28.7.1
kernel-default-devel-4.12.14-lp151.28.7.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.7.1
kernel-kvmsmall-4.12.14-lp151.28.7.1
kernel-kvmsmall-base-4.12.14-lp151.28.7.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.7.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.7.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.7.1
kernel-kvmsmall-devel-4.12.14-lp151.28.7.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.7.1
kernel-obs-build-4.12.14-lp151.28.7.1
kernel-obs-build-debugsource-4.12.14-lp151.28.7.1
kernel-obs-qa-4.12.14-lp151.28.7.1
kernel-syms-4.12.14-lp151.28.7.1
kernel-vanilla-4.12.14-lp151.28.7.1
kernel-vanilla-base-4.12.14-lp151.28.7.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.7.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.7.1
kernel-vanilla-debugsource-4.12.14-lp151.28.7.1
kernel-vanilla-devel-4.12.14-lp151.28.7.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.7.1
- openSUSE Leap 15.1 (noarch):
kernel-devel-4.12.14-lp151.28.7.1
kernel-docs-4.12.14-lp151.28.7.1
kernel-docs-html-4.12.14-lp151.28.7.1
kernel-macros-4.12.14-lp151.28.7.1
kernel-source-4.12.14-lp151.28.7.1
kernel-source-vanilla-4.12.14-lp151.28.7.1
References:
https://www.suse.com/security/cve/CVE-2019-10124.html
https://www.suse.com/security/cve/CVE-2019-11477.html
https://www.suse.com/security/cve/CVE-2019-11478.html
https://www.suse.com/security/cve/CVE-2019-11479.html
https://www.suse.com/security/cve/CVE-2019-11487.html
https://www.suse.com/security/cve/CVE-2019-12380.html
https://www.suse.com/security/cve/CVE-2019-12382.html
https://www.suse.com/security/cve/CVE-2019-12456.html
https://www.suse.com/security/cve/CVE-2019-12818.html
https://www.suse.com/security/cve/CVE-2019-12819.html
https://www.suse.com/security/cve/CVE-2019-3846.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1050242
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1056787
https://bugzilla.suse.com/1058115
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1064802
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1066129
https://bugzilla.suse.com/1068546
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1075020
https://bugzilla.suse.com/1082387
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1093389
https://bugzilla.suse.com/1099658
https://bugzilla.suse.com/1103992
https://bugzilla.suse.com/1104353
https://bugzilla.suse.com/1104427
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1111696
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1115688
https://bugzilla.suse.com/1117114
https://bugzilla.suse.com/1117158
https://bugzilla.suse.com/1117561
https://bugzilla.suse.com/1118139
https://bugzilla.suse.com/1120091
https://bugzilla.suse.com/1120423
https://bugzilla.suse.com/1120566
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1124503
https://bugzilla.suse.com/1126206
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127616
https://bugzilla.suse.com/1128432
https://bugzilla.suse.com/1130699
https://bugzilla.suse.com/1131673
https://bugzilla.suse.com/1133190
https://bugzilla.suse.com/1133612
https://bugzilla.suse.com/1133616
https://bugzilla.suse.com/1134090
https://bugzilla.suse.com/1134671
https://bugzilla.suse.com/1134730
https://bugzilla.suse.com/1134738
https://bugzilla.suse.com/1134743
https://bugzilla.suse.com/1134806
https://bugzilla.suse.com/1134936
https://bugzilla.suse.com/1134945
https://bugzilla.suse.com/1134946
https://bugzilla.suse.com/1134947
https://bugzilla.suse.com/1134948
https://bugzilla.suse.com/1134949
https://bugzilla.suse.com/1134950
https://bugzilla.suse.com/1134951
https://bugzilla.suse.com/1134952
https://bugzilla.suse.com/1134953
https://bugzilla.suse.com/1134972
https://bugzilla.suse.com/1134974
https://bugzilla.suse.com/1134975
https://bugzilla.suse.com/1134980
https://bugzilla.suse.com/1134981
https://bugzilla.suse.com/1134983
https://bugzilla.suse.com/1134987
https://bugzilla.suse.com/1134989
https://bugzilla.suse.com/1134990
https://bugzilla.suse.com/1134994
https://bugzilla.suse.com/1134995
https://bugzilla.suse.com/1134998
https://bugzilla.suse.com/1134999
https://bugzilla.suse.com/1135018
https://bugzilla.suse.com/1135021
https://bugzilla.suse.com/1135024
https://bugzilla.suse.com/1135026
https://bugzilla.suse.com/1135027
https://bugzilla.suse.com/1135028
https://bugzilla.suse.com/1135029
https://bugzilla.suse.com/1135031
https://bugzilla.suse.com/1135033
https://bugzilla.suse.com/1135034
https://bugzilla.suse.com/1135035
https://bugzilla.suse.com/1135036
https://bugzilla.suse.com/1135037
https://bugzilla.suse.com/1135038
https://bugzilla.suse.com/1135039
https://bugzilla.suse.com/1135041
https://bugzilla.suse.com/1135042
https://bugzilla.suse.com/1135044
https://bugzilla.suse.com/1135045
https://bugzilla.suse.com/1135046
https://bugzilla.suse.com/1135047
https://bugzilla.suse.com/1135049
https://bugzilla.suse.com/1135051
https://bugzilla.suse.com/1135052
https://bugzilla.suse.com/1135053
https://bugzilla.suse.com/1135055
https://bugzilla.suse.com/1135056
https://bugzilla.suse.com/1135058
https://bugzilla.suse.com/1135153
https://bugzilla.suse.com/1135542
https://bugzilla.suse.com/1135556
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135661
https://bugzilla.suse.com/1136188
https://bugzilla.suse.com/1136206
https://bugzilla.suse.com/1136215
https://bugzilla.suse.com/1136345
https://bugzilla.suse.com/1136347
https://bugzilla.suse.com/1136348
https://bugzilla.suse.com/1136353
https://bugzilla.suse.com/1136424
https://bugzilla.suse.com/1136428
https://bugzilla.suse.com/1136430
https://bugzilla.suse.com/1136432
https://bugzilla.suse.com/1136434
https://bugzilla.suse.com/1136435
https://bugzilla.suse.com/1136438
https://bugzilla.suse.com/1136439
https://bugzilla.suse.com/1136456
https://bugzilla.suse.com/1136460
https://bugzilla.suse.com/1136461
https://bugzilla.suse.com/1136469
https://bugzilla.suse.com/1136477
https://bugzilla.suse.com/1136478
https://bugzilla.suse.com/1136498
https://bugzilla.suse.com/1136573
https://bugzilla.suse.com/1136586
https://bugzilla.suse.com/1136598
https://bugzilla.suse.com/1136881
https://bugzilla.suse.com/1136922
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1136978
https://bugzilla.suse.com/1136990
https://bugzilla.suse.com/1137151
https://bugzilla.suse.com/1137152
https://bugzilla.suse.com/1137153
https://bugzilla.suse.com/1137162
https://bugzilla.suse.com/1137201
https://bugzilla.suse.com/1137224
https://bugzilla.suse.com/1137232
https://bugzilla.suse.com/1137233
https://bugzilla.suse.com/1137236
https://bugzilla.suse.com/1137372
https://bugzilla.suse.com/1137429
https://bugzilla.suse.com/1137444
https://bugzilla.suse.com/1137586
https://bugzilla.suse.com/1137739
https://bugzilla.suse.com/1137752
https://bugzilla.suse.com/1137995
https://bugzilla.suse.com/1137996
https://bugzilla.suse.com/1137998
https://bugzilla.suse.com/1137999
https://bugzilla.suse.com/1138000
https://bugzilla.suse.com/1138002
https://bugzilla.suse.com/1138003
https://bugzilla.suse.com/1138005
https://bugzilla.suse.com/1138006
https://bugzilla.suse.com/1138007
https://bugzilla.suse.com/1138008
https://bugzilla.suse.com/1138009
https://bugzilla.suse.com/1138010
https://bugzilla.suse.com/1138011
https://bugzilla.suse.com/1138012
https://bugzilla.suse.com/1138013
https://bugzilla.suse.com/1138014
https://bugzilla.suse.com/1138015
https://bugzilla.suse.com/1138016
https://bugzilla.suse.com/1138017
https://bugzilla.suse.com/1138018
https://bugzilla.suse.com/1138019
https://bugzilla.suse.com/1138291
https://bugzilla.suse.com/1138293
https://bugzilla.suse.com/1138336
https://bugzilla.suse.com/1138374
https://bugzilla.suse.com/1138375
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1570-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 18 Jun '19
by opensuse-security@opensuse.org 18 Jun '19
18 Jun '19
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1570-1
Rating: important
References: #1005778 #1005780 #1005781 #1012382 #1019695
#1019696 #1022604 #1053043 #1063638 #1065600
#1066223 #1085535 #1085539 #1090888 #1099658
#1100132 #1106110 #1106284 #1106929 #1108838
#1109137 #1112178 #1117562 #1119086 #1120642
#1120843 #1120902 #1125580 #1126356 #1127155
#1128052 #1129770 #1131107 #1131543 #1131565
#1132374 #1132472 #1133190 #1133874 #1134338
#1134806 #1134813 #1135120 #1135281 #1135603
#1135642 #1135661 #1135878 #1136424 #1136438
#1136448 #1136449 #1136451 #1136452 #1136455
#1136458 #1136539 #1136573 #1136575 #1136586
#1136590 #1136598 #1136623 #1136810 #1136922
#1136935 #1136990 #1136993 #1137142 #1137162
#1137586 #1137739 #1137752 #1137915 #1138291
#1138293 #1138374
Cross-References: CVE-2018-7191 CVE-2019-11190 CVE-2019-11191
CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
CVE-2019-11487 CVE-2019-11833 CVE-2019-12380
CVE-2019-12382 CVE-2019-12456 CVE-2019-12818
CVE-2019-12819 CVE-2019-3846 CVE-2019-5489
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 62 fixes
is now available.
Description:
Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote
attacker such that one can trigger an integer overflow, leading to a
kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which would fragment the TCP retransmission queue. A remote attacker may
have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection. (bsc#1137586)
- CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which would fragment the RACK send map. A remote attacker may be able to
further exploit the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that same TCP
connection. This would have resulted in excess resource consumption due
to low mss values. (bsc#1137586)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a
fixed_mdio_bus_init use-after-free. This will cause a denial of service
(bnc#1138291).
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller did not check for
this, it will trigger a NULL pointer dereference. This will cause denial
of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c
(bnc#1138293).
- CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in
_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local
users to cause a denial of service or possibly have unspecified other
impact by changing the value of ioc_number between two kernel reads of
that value, aka a "double fetch" vulnerability (bnc#1136922).
- CVE-2019-12380: phys_efi_set_virtual_address_map in
arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
arch/x86/platform/efi/efi_64.c mishandle memory allocation failures
(bnc#1136598).
- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count
overflow, with resultant use-after-free issues, if about 140 GiB of RAM
exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,
mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests
(bnc#1133190).
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network (bnc#1136424).
- CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of
fwstr, which might allow an attacker to cause a denial of service (NULL
pointer dereference and system crash) (bnc#1136586).
- CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed
local attackers to observe page cache access patterns of other processes
on the same system, potentially allowing sniffing of secret information.
(Fixing this affects the output of the fincore program.) Limited remote
exploitation may be possible, as demonstrated by latency differences in
accessing public files from an Apache HTTP Server (bnc#1120843).
- CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory
region in the extent tree block, which might allow local users to obtain
sensitive information by reading uninitialized data in the filesystem
(bnc#1135281).
- CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called
before register_netdevice. This allowed local users to cause a denial of
service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)
call with a dev name containing a / character. This is similar to
CVE-2013-4343 (bnc#1135603).
- CVE-2019-11190, CVE-2019-11191: The Linux kernel allowed local users to
bypass ASLR on setuid programs (such as /bin/su) because
install_exec_creds() is called too late in load_elf_binary() in
fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race
condition when reading /proc/pid/stat (bnc#1131543 bnc#1132374
bnc#1132472).
The following non-security bugs were fixed:
- ALSA: line6: use dynamic buffers (bnc#1012382).
- ARM: dts: pfla02: increase phy reset duration (bnc#1012382).
- ARM: iop: do not use using 64-bit DMA masks (bnc#1012382).
- ARM: orion: do not use using 64-bit DMA masks (bnc#1012382).
- ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382).
- ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382).
- ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382).
- ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382).
- ath6kl: Only use match sets when firmware supports it (bsc#1120902).
- backlight: lm3630a: Return 0 on success in update_status functions
(bsc#1106929)
- bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382).
- block: fix use-after-free on gendisk (bsc#1136448).
- bluetooth: Align minimum encryption key size for LE and BR/EDR
connections (bnc#1012382).
- bnxt_en: Improve multicast address setup logic (bnc#1012382).
- bonding: fix arp_validate toggling in active-backup mode (bnc#1012382).
- bonding: show full hw address in sysfs for slave entries (bnc#1012382).
- bpf: reject wrong sized filters earlier (bnc#1012382).
- bridge: Fix error path for kobject_init_and_add() (bnc#1012382).
- btrfs: add a helper to return a head ref (bsc#1134813).
- btrfs: breakout empty head cleanup to a helper (bsc#1134813).
- btrfs: delayed-ref: Introduce better documented delayed ref structures
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: delayed-ref: Use btrfs_ref to refactor
btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: delayed-ref: Use btrfs_ref to refactor
btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes()
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent()
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref()
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: Factor out common delayed refs init code (bsc#1134813).
- btrfs: Introduce init_delayed_ref_head (bsc#1134813).
- btrfs: move all ref head cleanup to the helper function (bsc#1134813).
- btrfs: move extent_op cleanup to a helper (bsc#1134813).
- btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
- btrfs: Open-code add_delayed_data_ref (bsc#1134813).
- btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
- btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer
dereference (bsc#1134806).
- btrfs: qgroup: Do not scan leaf if we're modifying reloc tree
(bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON()
(bsc#1134338).
- btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
- btrfs: split delayed ref head initialization and addition (bsc#1134813).
- btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
- btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
- cdc-acm: cleaning up debug in data submission path (bsc#1136539).
- cdc-acm: fix race between reset and control messaging (bsc#1106110).
- cdc-acm: handle read pipe errors (bsc#1135878).
- cdc-acm: reassemble fragmented notifications (bsc#1136590).
- cdc-acm: store in and out pipes in acm structure (bsc#1136575).
- cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382).
- cifs: keep FileInfo handle live during oplock break (bsc#1106284,
bsc#1131565).
- clk: fix mux clock documentation (bsc#1090888).
- cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1138374,
LTC#178199).
- cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1138374,
LTC#178199).
- cpupower: remove stringop-truncation waring (bsc#1119086).
- cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382
bsc#1112178).
- crypto: vmx - CTR: always increment IV as quadword (bsc#1135661,
bsc#1137162).
- crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661,
bsc#1137162).
- crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661,
bsc#1137162).
- crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162).
- crypto: vmx - return correct error code on failed setkey (bsc#1135661,
bsc#1137162).
- debugfs: fix use-after-free on symlink traversal (bnc#1012382).
- Documentation: Add MDS vulnerability documentation (bnc#1012382).
- Documentation: Add nospectre_v1 parameter (bnc#1012382).
- Documentation: Correct the possible MDS sysfs values (bnc#1012382).
- Documentation: Move L1TF to separate directory (bnc#1012382).
- Do not jump to compute_result state from check_result state
(bnc#1012382).
- drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
(bnc#1012382).
- drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
(bnc#1012382).
- drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929)
- drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929)
- drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to
(bsc#1106929)
- drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
(bsc#1106929)
- Drop multiversion(kernel) from the KMP template (bsc#1127155).
- dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458).
- ext4: actually request zeroing of inode table after grow (bsc#1136451).
- ext4: avoid panic during forced reboot due to aborted journal
(bsc#1126356).
- ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452).
- ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449).
- ext4: make sure enough credits are reserved for dioread_nolock writes
(bsc#1136623).
- ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810).
- ext4: wait for outstanding dio during truncate in nojournal mode
(bsc#1136438).
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382).
- ftrace/x86_64: Emulate call function while updating in breakpoint
handler (bsc#1099658).
- genirq: Prevent use-after-free and work list corruption (bnc#1012382).
- gpu: ipu-v3: dp: fix CSC handling (bnc#1012382).
- HID: debug: fix race condition with between rdesc_show() and device
removal (bnc#1012382).
- HID: input: add mapping for Expose/Overview key (bnc#1012382).
- HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
(bnc#1012382).
- hugetlbfs: fix memory leak for resv_map (bnc#1012382).
- IB/hfi1: Eliminate opcode tests on mr deref ().
- IB/hfi1: Unreserve a reserved request when it is completed ().
- ibmvnic: Add device identification to requested IRQs (bsc#1137739).
- ibmvnic: Do not close unopened driver during reset (bsc#1137752).
- ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
- ibmvnic: Refresh device multicast list after reset (bsc#1137752).
- ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
- IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace ().
- IB/rdmavt: Fix frwr memory registration ().
- igb: Fix WARN_ONCE on runtime suspend (bnc#1012382).
- iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382).
- init: initialize jump labels before command line option parsing
(bnc#1012382).
- Input: snvs_pwrkey - initialize necessary driver data before enabling
IRQ (bnc#1012382).
- ipmi:ssif: compare block number correctly for multi-part return messages
(bsc#1135120).
- ipv4: Fix raw socket lookup for local traffic (bnc#1012382).
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
(bnc#1012382).
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382).
- ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382).
- ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382).
- ipv6: invert flowlabel sharing check in process and user mode
(bnc#1012382).
- ipvs: do not schedule icmp errors from tunnels (bnc#1012382).
- iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).
- jffs2: fix use-after-free on symlink traversal (bnc#1012382).
- kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
- kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout
(bsc#1137586).
- kbuild: simplify ld-option implementation (bnc#1012382).
- kconfig: display recursive dependency resolution hint just once
(bsc#1100132).
- kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382).
- keys: Timestamp new keys (bsc#1120902).
- KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
(bnc#1012382).
- KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
tracing (bnc#1012382).
- libata: fix using DMA buffers on stack (bnc#1012382).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382).
- mac80211_hwsim: validate number of different channels (bsc#1085539).
- media: pvrusb2: Prevent a buffer overflow (bsc#1135642).
- media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382).
- MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382).
- mount: copy the port field into the cloned nfs_server structure
(bsc#1136990).
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
- net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562).
- net: ethernet: ti: fix possible object reference leak (bnc#1012382).
- netfilter: bridge: set skb transport_header before entering
NF_INET_PRE_ROUTING (bnc#1012382).
- netfilter: compat: initialize all fields in xt_init (bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382).
- net: hns: Fix WARNING when remove HNS driver with SMMU enabled
(bnc#1012382).
- net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382).
- net: ibm: fix possible object reference leak (bnc#1012382).
- net/ibmvnic: Remove tests of member address (bsc#1137739).
- net: ks8851: Delay requesting IRQ until opened (bnc#1012382).
- net: ks8851: Dequeue RX packets explicitly (bnc#1012382).
- net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382).
- net: ks8851: Set initial carrier state to down (bnc#1012382).
- net: Remove NO_IRQ from powerpc-only network drivers (bsc#1137739).
- net: stmmac: move stmmac_check_ether_addr() to driver probe
(bnc#1012382).
- net: ucc_geth - fix Oops when changing number of buffers in the ring
(bnc#1012382).
- net: xilinx: fix possible object reference leak (bnc#1012382).
- nfsd: Do not release the callback slot unless it was actually held
(bnc#1012382).
- NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family
(bnc#1012382).
- ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
- nvme: Do not allow to reset a reconnecting controller (bsc#1133874).
- packet: Fix error path in packet_init (bnc#1012382).
- packet: validate msg_namelen in send directly (bnc#1012382).
- PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142).
- PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642).
- perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes).
- perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
(bnc#1012382).
- platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382).
- powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382).
- powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382
bsc#1131107).
- powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382).
- powerpc/64s: Include cpu header (bnc#1012382).
- powerpc/booke64: set RI in default MSR (bnc#1012382).
- powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
(bsc#1138374, LTC#178199).
- powerpc/eeh: Fix race with driver un/bind (bsc#1066223).
- powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
(bnc#1012382).
- powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot
arg (bnc#1012382).
- powerpc/fsl: Add infrastructure to fixup branch predictor flush
(bnc#1012382).
- powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382).
- powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382).
- powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382).
- powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
(bnc#1012382).
- powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
(bnc#1012382).
- powerpc/fsl: Fix the flush of branch predictor (bnc#1012382).
- powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382).
- powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
(bnc#1012382).
- powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
(bnc#1012382).
- powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
(bnc#1012382).
- powerpc/fsl: Update Spectre v2 reporting (bnc#1012382).
- powerpc/lib: fix book3s/32 boot failure due to code patching
(bnc#1012382).
- powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043).
- powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043).
- powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
- powerpc/perf: Infrastructure to support addition of blacklisted events
(bsc#1053043).
- powerpc/process: Fix sparse address space warnings (bsc#1066223).
- powerpc/pseries/mobility: prevent cpu hotplug during DT update
(bsc#1138374, LTC#178199).
- powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
(bsc#1138374, LTC#178199).
- powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382).
- qede: fix write to free'd pointer error and double free of ptp
(bsc#1019695 bsc#1019696).
- qlcnic: Avoid potential NULL pointer dereference (bnc#1012382).
- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780
bsc#1005781).
- RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604).
- Revert "block/loop: Use global lock for ioctl() operation."
(bnc#1012382).
- Revert "cpu/speculation: Add 'mitigations=' cmdline option" (stable
backports).
- Revert "Do not jump to compute_result state from check_result state"
(git-fixes).
- Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155,
bsc#1109137)." This reverts commit
4cc83da426b53d47f1fde9328112364eab1e9a19.
- Revert "sched: Add sched_smt_active()" (stable backports).
- Revert "x86/MCE: Save microcode revision in machine check records"
(kabi).
- Revert "x86/speculation/mds: Add 'mitigations=' support for MDS" (stable
backports).
- Revert "x86/speculation: Support 'mitigations=' cmdline option" (stable
backports).
- rtc: da9063: set uie_unsupported when relevant (bnc#1012382).
- rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382).
- rtlwifi: fix false rates in _rtl8821ae_mrate_idx_to_arfr_id()
(bsc#1120902).
- s390/3270: fix lockdep false positive on view->lock (bnc#1012382).
- s390: ctcm: fix ctcm_new_device error return code (bnc#1012382).
- s390/dasd: Fix capacity calculation for large volumes (bnc#1012382).
- sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
(bnc#1012382).
- sc16is7xx: move label 'err_spi' to correct section (git-fixes).
- sched: Add sched_smt_active() (bnc#1012382).
- sched/numa: Fix a possible divide-by-zero (bnc#1012382).
- scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
(bnc#1012382).
- scsi: libsas: fix a race condition when smp task timeout (bnc#1012382).
- scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS
routines (bnc#1012382).
- scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382).
- scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382).
- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
(bnc#1012382).
- selftests/net: correct the return value for run_netsocktests
(bnc#1012382).
- selinux: never allow relabeling on context mounts (bnc#1012382).
- signals: avoid random wakeups in sigsuspend() (bsc#1137915)
- slip: make slhc_free() silently accept an error pointer (bnc#1012382).
- staging: iio: adt7316: allow adt751x to use internal vref for all dacs
(bnc#1012382).
- staging: iio: adt7316: fix the dac read calculation (bnc#1012382).
- staging: iio: adt7316: fix the dac write calculation (bnc#1012382).
- tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
- tcp: limit payload size of sacked skbs (bsc#1137586).
- tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
- team: fix possible recursive locking when add slaves (bnc#1012382).
- timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382).
- tipc: check bearer name with right length in
tipc_nl_compat_bearer_enable (bnc#1012382).
- tipc: check link name with right length in tipc_nl_compat_link_set
(bnc#1012382).
- tipc: handle the err returned from cmd header function (bnc#1012382).
- tools lib traceevent: Fix missing equality check for strcmp
(bsc#1129770).
- trace: Fix preempt_enable_no_resched() abuse (bnc#1012382).
- tracing: Fix partial reading of trace event's id file (bsc#1136573).
- treewide: Use DEVICE_ATTR_WO (bsc#1137739).
- UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770).
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
(bsc#1136455).
- Update config files: disable IDE on ppc64le
- usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).
- usb: cdc-acm: fix unthrottle races (bsc#1135642).
- usb: core: Fix bug caused by duplicate interface PM usage counter
(bnc#1012382).
- usb: core: Fix unterminated string returned by usb_string()
(bnc#1012382).
- usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382).
- usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382).
- usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382).
- usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382).
- usbnet: ipheth: fix potential null pointer dereference in
ipheth_carrier_set (bnc#1012382).
- usbnet: ipheth: prevent TX queue timeouts when device not ready
(bnc#1012382).
- usb: serial: fix unthrottle races (bnc#1012382).
- usb: serial: use variable for status (bnc#1012382).
- usb: u132-hcd: fix resource leak (bnc#1012382).
- usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382).
- usb: w1 ds2490: Fix bug caused by improper use of altsetting array
(bnc#1012382).
- usb: yurex: Fix protection fault after device removal (bnc#1012382).
- vfio/pci: use correct format characters (bnc#1012382).
- vlan: disable SIOCSHWTSTAMP in container (bnc#1012382).
- vrf: sit mtu should not be updated when vrf netdev is the link
(bnc#1012382).
- x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
- x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382).
- x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU
features (bnc#1012382).
- x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382).
- x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382).
- x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382).
- x86/MCE: Save microcode revision in machine check records (bnc#1012382).
- x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382).
- x86/microcode/intel: Add a helper which gives the microcode revision
(bnc#1012382).
- x86/microcode/intel: Check microcode revision before updating sibling
threads (bnc#1012382).
- x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
(bnc#1012382).
- x86/microcode: Update the new microcode revision unconditionally
(bnc#1012382).
- x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382).
- x86/process: Consolidate and simplify switch_to_xtra() code
(bnc#1012382).
- x86/speculataion: Mark command line parser data __initdata (bnc#1012382).
- x86/speculation: Add command line control for indirect branch
speculation (bnc#1012382).
- x86/speculation: Add prctl() control for indirect branch speculation
(bnc#1012382).
- x86/speculation: Add seccomp Spectre v2 user space protection mode
(bnc#1012382).
- x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382).
- x86/speculation: Disable STIBP when enhanced IBRS is in use
(bnc#1012382).
- x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382).
- x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382).
- x86/speculation: Mark string arrays const correctly (bnc#1012382).
- x86/speculation/mds: Fix comment (bnc#1012382).
- x86/speculation/mds: Fix documentation typo (bnc#1012382).
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common() (bnc#1012382).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382).
- x86/speculation: Prepare for conditional IBPB in switch_mm()
(bnc#1012382).
- x86/speculation: Prepare for per task indirect branch speculation
control (bnc#1012382).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382).
- x86/speculation: Provide IBPB always command line options (bnc#1012382).
- x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
(bnc#1012382).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common()
(bnc#1012382).
- x86/speculation: Rename SSBD update functions (bnc#1012382).
- x86/speculation: Reorder the spec_v2 code (bnc#1012382).
- x86/speculation: Reorganize speculation control MSRs update
(bnc#1012382).
- x86/speculation: Split out TIF update (bnc#1012382).
- x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382).
- x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382
bsc#1112178).
- x86/speculation: Unify conditional spectre v2 print functions
(bnc#1012382).
- x86/speculation: Update the TIF_SSBD comment (bnc#1012382).
- xenbus: drop useless LIST_HEAD in xenbus_write_watch() and
xenbus_file_write() (bsc#1065600).
- xsysace: Fix error handling in ace_setup (bnc#1012382).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1570=1
Package List:
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.180-102.1
kernel-docs-4.4.180-102.1
kernel-docs-html-4.4.180-102.1
kernel-docs-pdf-4.4.180-102.1
kernel-macros-4.4.180-102.1
kernel-source-4.4.180-102.1
kernel-source-vanilla-4.4.180-102.1
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.180-102.1
kernel-debug-base-4.4.180-102.1
kernel-debug-base-debuginfo-4.4.180-102.1
kernel-debug-debuginfo-4.4.180-102.1
kernel-debug-debugsource-4.4.180-102.1
kernel-debug-devel-4.4.180-102.1
kernel-debug-devel-debuginfo-4.4.180-102.1
kernel-default-4.4.180-102.1
kernel-default-base-4.4.180-102.1
kernel-default-base-debuginfo-4.4.180-102.1
kernel-default-debuginfo-4.4.180-102.1
kernel-default-debugsource-4.4.180-102.1
kernel-default-devel-4.4.180-102.1
kernel-obs-build-4.4.180-102.1
kernel-obs-build-debugsource-4.4.180-102.1
kernel-obs-qa-4.4.180-102.1
kernel-syms-4.4.180-102.1
kernel-vanilla-4.4.180-102.1
kernel-vanilla-base-4.4.180-102.1
kernel-vanilla-base-debuginfo-4.4.180-102.1
kernel-vanilla-debuginfo-4.4.180-102.1
kernel-vanilla-debugsource-4.4.180-102.1
kernel-vanilla-devel-4.4.180-102.1
References:
https://www.suse.com/security/cve/CVE-2018-7191.html
https://www.suse.com/security/cve/CVE-2019-11190.html
https://www.suse.com/security/cve/CVE-2019-11191.html
https://www.suse.com/security/cve/CVE-2019-11477.html
https://www.suse.com/security/cve/CVE-2019-11478.html
https://www.suse.com/security/cve/CVE-2019-11479.html
https://www.suse.com/security/cve/CVE-2019-11487.html
https://www.suse.com/security/cve/CVE-2019-11833.html
https://www.suse.com/security/cve/CVE-2019-12380.html
https://www.suse.com/security/cve/CVE-2019-12382.html
https://www.suse.com/security/cve/CVE-2019-12456.html
https://www.suse.com/security/cve/CVE-2019-12818.html
https://www.suse.com/security/cve/CVE-2019-12819.html
https://www.suse.com/security/cve/CVE-2019-3846.html
https://www.suse.com/security/cve/CVE-2019-5489.html
https://bugzilla.suse.com/1005778
https://bugzilla.suse.com/1005780
https://bugzilla.suse.com/1005781
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1019695
https://bugzilla.suse.com/1019696
https://bugzilla.suse.com/1022604
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1085539
https://bugzilla.suse.com/1090888
https://bugzilla.suse.com/1099658
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1106110
https://bugzilla.suse.com/1106284
https://bugzilla.suse.com/1106929
https://bugzilla.suse.com/1108838
https://bugzilla.suse.com/1109137
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1117562
https://bugzilla.suse.com/1119086
https://bugzilla.suse.com/1120642
https://bugzilla.suse.com/1120843
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1125580
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127155
https://bugzilla.suse.com/1128052
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1131107
https://bugzilla.suse.com/1131543
https://bugzilla.suse.com/1131565
https://bugzilla.suse.com/1132374
https://bugzilla.suse.com/1132472
https://bugzilla.suse.com/1133190
https://bugzilla.suse.com/1133874
https://bugzilla.suse.com/1134338
https://bugzilla.suse.com/1134806
https://bugzilla.suse.com/1134813
https://bugzilla.suse.com/1135120
https://bugzilla.suse.com/1135281
https://bugzilla.suse.com/1135603
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135661
https://bugzilla.suse.com/1135878
https://bugzilla.suse.com/1136424
https://bugzilla.suse.com/1136438
https://bugzilla.suse.com/1136448
https://bugzilla.suse.com/1136449
https://bugzilla.suse.com/1136451
https://bugzilla.suse.com/1136452
https://bugzilla.suse.com/1136455
https://bugzilla.suse.com/1136458
https://bugzilla.suse.com/1136539
https://bugzilla.suse.com/1136573
https://bugzilla.suse.com/1136575
https://bugzilla.suse.com/1136586
https://bugzilla.suse.com/1136590
https://bugzilla.suse.com/1136598
https://bugzilla.suse.com/1136623
https://bugzilla.suse.com/1136810
https://bugzilla.suse.com/1136922
https://bugzilla.suse.com/1136935
https://bugzilla.suse.com/1136990
https://bugzilla.suse.com/1136993
https://bugzilla.suse.com/1137142
https://bugzilla.suse.com/1137162
https://bugzilla.suse.com/1137586
https://bugzilla.suse.com/1137739
https://bugzilla.suse.com/1137752
https://bugzilla.suse.com/1137915
https://bugzilla.suse.com/1138291
https://bugzilla.suse.com/1138293
https://bugzilla.suse.com/1138374
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] A new high severity kernel security issue was published
by Marcus Meissner 17 Jun '19
by Marcus Meissner 17 Jun '19
17 Jun '19
Hi folks,
Just now one of the more severe security issues of this year has been
published.
A remote attacker able to make TCP connections to a Linux machine can
crash this machine, regardless of the service running.
The codename is "SACK Panic" / CVE-2019-11477.
There are two more issues in the block, but these are less severe
(just causing higher memory, compute time or bandwith usage.)
- CVE-2019-11478: SACK Slowness or Excess Resource Usage
- CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values
All SUSE Linux and openSUSE versions are affected, and we are just
releasing all SLE update kernels, and building openSUSE kernels.
There are workarounds, you can disable "SACK" in the system itself
for the first 2 issues, and adding Firewall filtering for low MSS values,
either on the machine or on a firewall in the path.
SUSE TID: https://www.suse.com/de-de/support/kb/doc/?id=7023928
Blog: https://www.suse.com/c/suse-address-the-sack-panic-tcp-remote-denial-of-ser…
openSUSE Leap kernels are building right now (as they had to wait for
Embargo End) and will be released tomorrow.
Ciao, Marcus
1
0
[security-announce] openSUSE-SU-2019:1561-1: important: Security update for vim
by opensuse-security@opensuse.org 17 Jun '19
by opensuse-security@opensuse.org 17 Jun '19
17 Jun '19
openSUSE Security Update: Security update for vim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1561-1
Rating: important
References: #1137443
Cross-References: CVE-2019-12735
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for vim fixes the following issue:
Security issue fixed:
- CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability
in getchar.c (bsc#1137443).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1561=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1561=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
gvim-8.0.1568-lp151.5.3.1
gvim-debuginfo-8.0.1568-lp151.5.3.1
vim-8.0.1568-lp151.5.3.1
vim-debuginfo-8.0.1568-lp151.5.3.1
vim-debugsource-8.0.1568-lp151.5.3.1
- openSUSE Leap 15.1 (noarch):
vim-data-8.0.1568-lp151.5.3.1
vim-data-common-8.0.1568-lp151.5.3.1
- openSUSE Leap 15.0 (i586 x86_64):
gvim-8.0.1568-lp150.4.3.1
gvim-debuginfo-8.0.1568-lp150.4.3.1
vim-8.0.1568-lp150.4.3.1
vim-debuginfo-8.0.1568-lp150.4.3.1
vim-debugsource-8.0.1568-lp150.4.3.1
- openSUSE Leap 15.0 (noarch):
vim-data-8.0.1568-lp150.4.3.1
vim-data-common-8.0.1568-lp150.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-12735.html
https://bugzilla.suse.com/1137443
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1562-1: important: Security update for vim
by opensuse-security@opensuse.org 17 Jun '19
by opensuse-security@opensuse.org 17 Jun '19
17 Jun '19
openSUSE Security Update: Security update for vim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1562-1
Rating: important
References: #1137443
Cross-References: CVE-2019-12735
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for vim fixes the following issue:
Security issue fixed:
- CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability
in getchar.c (bsc#1137443).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1562=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
gvim-7.4.326-13.4.1
gvim-debuginfo-7.4.326-13.4.1
vim-7.4.326-13.4.1
vim-debuginfo-7.4.326-13.4.1
vim-debugsource-7.4.326-13.4.1
- openSUSE Leap 42.3 (noarch):
vim-data-7.4.326-13.4.1
References:
https://www.suse.com/security/cve/CVE-2019-12735.html
https://bugzilla.suse.com/1137443
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1557-1: important: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '19
by opensuse-security@opensuse.org 15 Jun '19
15 Jun '19
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1557-1
Rating: important
References: #1137332
Cross-References: CVE-2019-5828 CVE-2019-5829 CVE-2019-5830
CVE-2019-5831 CVE-2019-5832 CVE-2019-5833
CVE-2019-5834 CVE-2019-5835 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839
CVE-2019-5840
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
This update for chromium to version 75.0.3770.80 fixes the following
issues:
Security issues fixed:
- CVE-2019-5828: Fixed a Use after free in ServiceWorker
- CVE-2019-5829: Fixed Use after free in Download Manager
- CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS
- CVE-2019-5831: Fixed an incorrect map processing in V8
- CVE-2019-5832: Fixed an incorrect CORS handling in XHR
- CVE-2019-5833: Fixed an inconsistent security UI placemen
- CVE-2019-5835: Fixed an out of bounds read in Swiftshader
- CVE-2019-5836: Fixed a heap buffer overflow in Angle
- CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache
- CVE-2019-5838: Fixed an overly permissive tab access in Extensions
- CVE-2019-5839: Fixed an incorrect handling of certain code points in
Blink
- CVE-2019-5840: Fixed a popup blocker bypass
- CVE-2019-5834: Fixed a URL spoof in Omnibox on iOS
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1557=1
Package List:
- openSUSE Leap 15.1 (x86_64):
chromedriver-75.0.3770.80-lp151.2.6.1
chromedriver-debuginfo-75.0.3770.80-lp151.2.6.1
chromium-75.0.3770.80-lp151.2.6.1
chromium-debuginfo-75.0.3770.80-lp151.2.6.1
chromium-debugsource-75.0.3770.80-lp151.2.6.1
References:
https://www.suse.com/security/cve/CVE-2019-5828.html
https://www.suse.com/security/cve/CVE-2019-5829.html
https://www.suse.com/security/cve/CVE-2019-5830.html
https://www.suse.com/security/cve/CVE-2019-5831.html
https://www.suse.com/security/cve/CVE-2019-5832.html
https://www.suse.com/security/cve/CVE-2019-5833.html
https://www.suse.com/security/cve/CVE-2019-5834.html
https://www.suse.com/security/cve/CVE-2019-5835.html
https://www.suse.com/security/cve/CVE-2019-5836.html
https://www.suse.com/security/cve/CVE-2019-5837.html
https://www.suse.com/security/cve/CVE-2019-5838.html
https://www.suse.com/security/cve/CVE-2019-5839.html
https://www.suse.com/security/cve/CVE-2019-5840.html
https://bugzilla.suse.com/1137332
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1558-1: important: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '19
by opensuse-security@opensuse.org 15 Jun '19
15 Jun '19
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1558-1
Rating: important
References: #1137332
Cross-References: CVE-2019-5828 CVE-2019-5829 CVE-2019-5830
CVE-2019-5831 CVE-2019-5832 CVE-2019-5833
CVE-2019-5834 CVE-2019-5835 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839
CVE-2019-5840
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
This update for chromium to version 75.0.3770.80 fixes the following
issues:
Security issues fixed:
- CVE-2019-5828: Fixed a Use after free in ServiceWorker
- CVE-2019-5829: Fixed Use after free in Download Manager
- CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS
- CVE-2019-5831: Fixed an incorrect map processing in V8
- CVE-2019-5832: Fixed an incorrect CORS handling in XHR
- CVE-2019-5833: Fixed an inconsistent security UI placemen
- CVE-2019-5835: Fixed an out of bounds read in Swiftshader
- CVE-2019-5836: Fixed a heap buffer overflow in Angle
- CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache
- CVE-2019-5838: Fixed an overly permissive tab access in Extensions
- CVE-2019-5839: Fixed an incorrect handling of certain code points in
Blink
- CVE-2019-5840: Fixed a popup blocker bypass
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1558=1
Package List:
- openSUSE Leap 15.0 (x86_64):
chromedriver-75.0.3770.80-lp150.215.1
chromedriver-debuginfo-75.0.3770.80-lp150.215.1
chromium-75.0.3770.80-lp150.215.1
chromium-debuginfo-75.0.3770.80-lp150.215.1
chromium-debugsource-75.0.3770.80-lp150.215.1
References:
https://www.suse.com/security/cve/CVE-2019-5828.html
https://www.suse.com/security/cve/CVE-2019-5829.html
https://www.suse.com/security/cve/CVE-2019-5830.html
https://www.suse.com/security/cve/CVE-2019-5831.html
https://www.suse.com/security/cve/CVE-2019-5832.html
https://www.suse.com/security/cve/CVE-2019-5833.html
https://www.suse.com/security/cve/CVE-2019-5834.html
https://www.suse.com/security/cve/CVE-2019-5835.html
https://www.suse.com/security/cve/CVE-2019-5836.html
https://www.suse.com/security/cve/CVE-2019-5837.html
https://www.suse.com/security/cve/CVE-2019-5838.html
https://www.suse.com/security/cve/CVE-2019-5839.html
https://www.suse.com/security/cve/CVE-2019-5840.html
https://bugzilla.suse.com/1137332
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2019:1559-1: important: Security update for chromium
by opensuse-security@opensuse.org 15 Jun '19
by opensuse-security@opensuse.org 15 Jun '19
15 Jun '19
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1559-1
Rating: important
References: #1137332
Cross-References: CVE-2019-5828 CVE-2019-5829 CVE-2019-5830
CVE-2019-5831 CVE-2019-5832 CVE-2019-5833
CVE-2019-5834 CVE-2019-5835 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839
CVE-2019-5840
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
This update for chromium to version 75.0.3770.80 fixes the following
issues:
Security issues fixed:
- CVE-2019-5828: Fixed a Use after free in ServiceWorker
- CVE-2019-5829: Fixed Use after free in Download Manager
- CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS
- CVE-2019-5831: Fixed an incorrect map processing in V8
- CVE-2019-5832: Fixed an incorrect CORS handling in XHR
- CVE-2019-5833: Fixed an inconsistent security UI placemen
- CVE-2019-5835: Fixed an out of bounds read in Swiftshader
- CVE-2019-5836: Fixed a heap buffer overflow in Angle
- CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache
- CVE-2019-5838: Fixed an overly permissive tab access in Extensions
- CVE-2019-5839: Fixed an incorrect handling of certain code points in
Blink
- CVE-2019-5840: Fixed a popup blocker bypass
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1559=1
Package List:
- openSUSE Leap 42.3 (x86_64):
chromedriver-75.0.3770.80-214.1
chromedriver-debuginfo-75.0.3770.80-214.1
chromium-75.0.3770.80-214.1
chromium-debuginfo-75.0.3770.80-214.1
chromium-debugsource-75.0.3770.80-214.1
References:
https://www.suse.com/security/cve/CVE-2019-5828.html
https://www.suse.com/security/cve/CVE-2019-5829.html
https://www.suse.com/security/cve/CVE-2019-5830.html
https://www.suse.com/security/cve/CVE-2019-5831.html
https://www.suse.com/security/cve/CVE-2019-5832.html
https://www.suse.com/security/cve/CVE-2019-5833.html
https://www.suse.com/security/cve/CVE-2019-5834.html
https://www.suse.com/security/cve/CVE-2019-5835.html
https://www.suse.com/security/cve/CVE-2019-5836.html
https://www.suse.com/security/cve/CVE-2019-5837.html
https://www.suse.com/security/cve/CVE-2019-5838.html
https://www.suse.com/security/cve/CVE-2019-5839.html
https://www.suse.com/security/cve/CVE-2019-5840.html
https://bugzilla.suse.com/1137332
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0