Oracle Errata System Oracle Linux 5.3 2017-12-13T00:00:00 Oracle Linux 7 [4.4.0-14.0.1.el7_3.1.1] - Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818] [4.4.0-14.1.1] - Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy - ipa-kdb: search for password policies globally - Renamed patches 1011 and 1012 to 0146 and 0145, as they were merged upstream [4.4.0-14.1] - Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy - password policy: Add explicit default password policy for hosts and services - Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod - certprofile-mod: correctly authorise config update MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7030 CVE-2016-9575 Oracle Linux 7 [9.07-20_1] - Added security fixes for: - CVE-2013-5653 (bug #1380327) - CVE-2016-7977 (bug #1380415) - CVE-2016-7978 (bug #1382300) - CVE-2016-7979 (bug #1382305) - CVE-2016-8602 (bug #1383940) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7979 CVE-2016-8602 CVE-2013-5653 CVE-2016-7977 CVE-2016-7978 Oracle Linux 6 [8.70-21_1] - Added security fixes for: - CVE-2013-5653 (bug #1380327) - CVE-2016-7977 (bug #1380415) - CVE-2016-7979 (bug #1382305) - CVE-2016-8602 (bug #1383940) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7979 CVE-2016-8602 CVE-2013-5653 CVE-2016-7977 Oracle Linux 7 [0.10.23-22] - h264parse: Ensure codec_data has the required size when reading number of SPS Resolves: rhbz#1400838 [0.10.23-21] - Remove insecure NSF plugin - vmncdec: Sanity-check width/height before using it Resolves: rhbz#1400838 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9445 CVE-2016-9447 CVE-2016-9809 Oracle Linux 7 [0.10.31-12] - Disable insecure FLX plugin Resolves: rhbz#1400842 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9634 CVE-2016-9635 Oracle Linux 7 [1.4.5-3] - Remove insecure FLX plugin Resolves: rhbz#1400892 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9634 CVE-2016-9635 Oracle Linux 7 [1.4.5-6] - Fix h264 and h265 buffer size checks - Fix mpegts pat parsing and add more size checks Resolves: rhbz#1400897 [1.4.5-5] - vmncdec: Sanity-check width/height before using it Resolves: rhbz#1400897 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9445 CVE-2016-9813 CVE-2016-9809 CVE-2016-9812 Oracle Linux 6 [2.6.32-642.13.1] - [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390805 1390046] {CVE-2016-7117} - [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1396479 1381585] - [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379527 1379529] {CVE-2016-6828} - [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998} - [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998} - [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998} - [net] ipv6: Don't change dst->flags using assignments (Marcelo Leitner) [1391974 1389478] - [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1392818 1383078] - [netdrv] sfc: report supported link speeds on SFP connections (Jarod Wilson) [1388168 1384621] - [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1392875 1342114] - [hv] avoid vfree() on crash (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: handle various crash scenarios (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: Support kexec on ws2012 r2 and above (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: Support handling messages on multiple CPUs (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: avoid wait_for_completion() on crash (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: don't loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: Force all channel messages to be delivered on CPU 0 (Vitaly Kuznetsov) [1385482 1333167] - [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1396272 1374743] - [fs] nfs4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done (Steve Dickson) [1385480 1376467] - [firmware] dmi_scan: DMI information in sysfs is missing on SMBIOS 3.0 based systems (Steve Best) [1393464 1353807] [2.6.32-642.12.1] - [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1392799 1384212] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7117 CVE-2016-6828 CVE-2016-4998 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.41-1.13.13.1.0.1] - Add oracle-enterprise.patch [1:1.6.0.41-1.13.13.1] - Update to new 1.13.13 and b41 tarballs to correct TCK failure. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Remove --htmldir option which is not supported by older autotools. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Remove --docdir option which is not supported by older autotools. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Update to new 1.13.13 tarball with PR3275 and PR3276 fixes. - Ignore any xz tarballs as RHEL 5.11 does not support them. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Update to IcedTea 1.13.13 & OpenJDK 6 b41. - Fix context for rpath patch following PR3213. - Resolves: rhbz#1381990 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-5542 CVE-2016-5554 CVE-2016-5582 CVE-2016-5597 CVE-2016-5573 Oracle Linux 7 [32:9.9.4-38.1] - Fix CVE-2016-9131 (ISC change 4508) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Fix CVE-2016-9444 (ISC change 4517) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Oracle Linux 5 Oracle Linux 6 [30:9.3.6-25.P1.12] - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9147 Oracle Linux 5 [32:9.7.0-21.P2.10] - Fix CVE-2016-9147 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9147 Oracle Linux 7 [1.5.3-126.el7_3.3] - kvm-net-check-packet-payload-length.patch [bz#1398217] - Resolves: bz#1398217 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-7.3.z]) [1.5.3-126.el7_3.2] - kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1393484] - kvm-virtio-introduce-virtqueue_discard.patch [bz#1393484] - kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1393484] - kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1393484] - kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1393484] - kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1393484] - kvm-virtio-add-virtqueue_rewind.patch [bz#1393484] - kvm-virtio-balloon-fix-stats-vq-migration.patch [bz#1393484] - Resolves: bz#1393484 ([RHEL7.3] KVM guest shuts itself down after 128th reboot) [1.5.3-126.el7_3.1] - kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1393042] - kvm-hw-i386-regenerate-checked-in-AML-payload-RHEL-only.patch [bz#1392027] - kvm-SPEC-file-flip-the-build-from-IASL-to-checked-in-AML.patch [bz#1392027] - Resolves: bz#1392027 (shutdown rhel 5.11 guest failed and stop at 'system halted') - Resolves: bz#1393042 (system_reset should clear pending request for error (IDE)) LOW Copyright 2017 Oracle, Inc. CVE-2016-2857 Oracle Linux 7 - [3.10.0-514.6.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.6.1] - [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399458 1399459] {CVE-2016-9555} - [net] sctp: rename WORD_TRUNC/ROUND macros (Hangbin Liu) [1399458 1399459] {CVE-2016-9555} - [net] sctp: keep fragmentation point aligned to word size (Hangbin Liu) [1399458 1399459] {CVE-2016-9555} - [x86] Mark Intel Purley supported (Steve Best) [1402824 1371748] - [acpi] sleep: Do not save NVS for new machines to accelerate S3 (Prarit Bhargava) [1402326 1385527] - [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1398179 1380447] - [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1398179 1380447] - [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1398179 1380447] - [netdrv] net/hyperv: avoid uninitialized variable (Vitaly Kuznetsov) [1395578 1392220] - [netdrv] netvsc: Remove mistaken udp.h inclusion (Vitaly Kuznetsov) [1395578 1392220] - [netdrv] netvsc: fix checksum on UDP IPV6 (Vitaly Kuznetsov) [1395578 1392220] - [netdrv] hv_netvsc: add ethtool statistics for tx packet issues (Vitaly Kuznetsov) [1395578 1392220] - [netdrv] hv_netvsc: rearrange start_xmit (Vitaly Kuznetsov) [1395578 1392220] - [fs] Retry operation on EREMOTEIO on an interrupted slot (Steve Dickson) [1394710 1378981] - [fs] rbd: don't retry watch reregistration if header object is gone (Ilya Dryomov) [1393485 1378186] - [fs] rbd: don't wait for the lock forever if blacklisted (Ilya Dryomov) [1393485 1378186] - [fs] rbd: lock_on_read map option (Ilya Dryomov) [1393485 1378186] - [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1392035 1378615] - [netdrv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1391617 1388702] - [x86] kvm: lapic: cap __delay at lapic_timer_advance_ns (Marcelo Tosatti) [1391614 1389431] - [x86] kvm: x86: move nsec_to_cycles from x86.c to x86.h (Marcelo Tosatti) [1391614 1389431] - [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379530 1379531] {CVE-2016-6828} [3.10.0-514.5.1] - [fs] Fix regression which breaks DFS mounting (Sachin Prabhu) [1400055 1302329] - [fs] Move check for prefix path to within cifs_get_root() (Sachin Prabhu) [1400055 1302329] - [fs] Compare prepaths when comparing superblocks (Sachin Prabhu) [1400055 1302329] - [fs] Fix memory leaks in cifs_do_mount() (Sachin Prabhu) [1400055 1302329] - [fs] cifs: make share unaccessible at root level mountable (Sachin Prabhu) [1400055 1302329] - [kernel] sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [1398361 1392466] - [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1398175 1380441] - [x86] smp: Fix __max_logical_packages value setup (Prarit Bhargava) [1398173 1394239] - [x86] revert 'smp: Fix __max_logical_packages value setup' (Prarit Bhargava) [1398173 1394239] - [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1397747 1382798] - [x86] kexec: Fix kexec crash in syscall kexec_file_load() (Pingfan Liu) [1395573 1385109] - [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Steve Best) [1395565 1387244] - [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1394711 1392978] - [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1394708 1378509] - [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1394707 1367989] - [powerpc] pseries: use pci_host_bridge.release_fn() to kfree(phb) (Steve Best) [1393724 1385635] - [misc] genwqe: Change default access rights for device node (Steve Best) [1393723 1325797] - [misc] hpilo: Changes to support new security states in iLO5 FW (Nigel Croxon) [1393720 1376576] - [kernel] sched/core: Fix a race between try_to_wake_up() and a woken up task (Lauro Ramos Venancio) [1393719 1379256] - [hid] i2c-hid: exit if the IRQ is not valid (David Arcari) [1393717 1376599] - [x86] Add support for missing Kabylake Sunrise Point PCH (David Arcari) [1392033 1379401] - [net] sctp: not return ENOMEM err back in sctp_packet_transmit (Xin Long) [1392025 1371362] - [net] sctp: make sctp_outq_flush/tail/uncork return void (Xin Long) [1392025 1371362] - [net] sctp: save transmit error to sk_err in sctp_outq_flush (Xin Long) [1392025 1371362] - [net] sctp: free msg->chunks when sctp_primitive_SEND return err (Xin Long) [1392025 1371362] - [net] sctp: do not return the transmit err back to sctp_sendmsg (Xin Long) [1392025 1371362] - [net] sctp: remove the unnecessary state check in sctp_outq_tail (Xin Long) [1392025 1371362] - [net] netdev, sched/wait: Fix sleeping inside wait event (Paolo Abeni) [1392024 1382175] - [net] Separate the close_list and the unreg_list (Paolo Abeni) [1392024 1382175] - [vfio] pci: Fix ordering of eventfd vs virqfd shutdown (Alex Williamson) [1391611 1322026] - [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390806 1390047] {CVE-2016-7117} - [fs] nfsd: don't return an unhashed lock stateid after taking mutex ('J. Bruce Fields') [1390672 1368577] - [fs] nfsd: Fix race between FREE_STATEID and LOCK ('J. Bruce Fields') [1390672 1368577] - [fs] nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock ('J. Bruce Fields') [1390672 1368577] - [fs] nfsd: Extend the mutex holding region around in nfsd4_process_open2() ('J. Bruce Fields') [1390672 1368577] - [fs] nfsd: Always lock state exclusively ('J. Bruce Fields') [1390672 1368577] - [infiniband] ib/ipoib: move back IB LL address into the hard header (Jonathan Toppins) [1390668 1378656] [3.10.0-514.4.1] - [net] rtnetlink: fix rtnl_vfinfo_size (Sabrina Dubroca) [1395811 1392128] - [netdrv] ixgbe: test for trust in macvlan adjustments for vf (Ken Cox) [1395572 1379787] - [kernel] timekeeping: Copy the shadow-timekeeper over the real timekeeper last (Prarit Bhargava) [1395577 1344747] [3.10.0-514.3.1] - [net] team: Fixing a bug in team driver due to incorrect 'unsigned int' to 'int' conversion (Hangbin Liu) [1392023 1382098] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9555 CVE-2016-7117 CVE-2016-6828 Oracle Linux 6 Oracle Linux 7 [1:1.8.0.121-0.b13] - Update to aarch64-jdk8u121-b13. - Update PR1834/RH1022017 fix to reduce curves reported by SSL to apply against u121. - Re-generate RH1393047 ObjectInputStream patch against u121. - Resolves: rhbz#1410612 [1:1.8.0.112-0.b16] - Update to aarch64-jdk8u112-b16. - Drop upstreamed patches for 8044762, 8049226, 8154210, 8158260 and 8160122. - Re-generate size_t and key size (RH1163501) patches against u112. - Resolves: rhbz#1410612 [1:1.8.0.111-3.b14] - Enable a full bootstrap on JIT archs to ensure stability. - Resolves: rhbz#1410612 [1:1.8.0.111-2.b18] - Use java-1.7.0-openjdk to bootstrap on RHEL to allow us to use main build target - Resolves: rhbz#1410612 [1:1.8.0.111-2.b18] - Update to aarch64-jdk8u111-b18, synced with upstream u111, S8170873 and new AArch64 fixes - Replace our correct version of 8159244 with the amendment to the 8u version from 8160122. - Resolves: rhbz#1410612 CRITICAL Copyright 2017 Oracle, Inc. CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3272 CVE-2016-5552 CVE-2017-3231 CVE-2017-3261 CVE-2017-3289 Oracle Linux 7 [7:3.5.20-2.2] - Resolves: #1412735 - CVE-2016-10002 squid: Information disclosure in HTTP request processing MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10002 Oracle Linux 6 [7:3.4.14-9.4] - Resolves: #1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10002 Oracle Linux 6 [5.1.73-8.0.1] - fix date in the test [5.1.73-8] - Fix CVE-2016-6662 and CVE-2016-6663 Resolves: #1397309 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6663 CVE-2016-5616 CVE-2016-6662 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.7.0-1] - Updated to 45.7.0 (B1) [45.6.0-2] - Enabled ffmpeg > 54.35.1 (rhbz#1330898, mozbz#1263665) CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5373 CVE-2017-5375 CVE-2017-5378 CVE-2017-5380 CVE-2017-5386 CVE-2017-5376 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 Oracle Linux 6 Oracle Linux 7 [3.9.4-21] - Fix patch for CVE-2016-5652 - Related: #1412078 [3.9.4-20] - Fix CWE-476 defect found by covscan - Related: #1412078 [3.9.4-19] - Add patches for CVEs: - CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 - CVE-2016-9536 CVE-2016-9537 CVE-2016-9540 - CVE-2016-5652 - Resolves: #1412078 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9537 CVE-2016-9540 CVE-2015-8870 CVE-2016-5652 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.7.0-1] - Update to 45.7.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5373 CVE-2017-5375 CVE-2017-5378 CVE-2017-5380 CVE-2017-5376 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 Oracle Linux 6 Oracle Linux 7 [4.2.6p5-25.0.1.el7_3.1] - Bump release to avoid ULN conflict with Oracle modified errata. [4.2.6p5-25.el7_3.1] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 CVE-2016-7426 CVE-2016-7429 Oracle Linux 6 [0.12.4-13.2] - Fix buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages. Resolves: CVE-2016-9577 - Fix remote DoS via crafted message. Resolves: CVE-2016-9578 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9577 CVE-2016-9578 Oracle Linux 7 [0.12.4-20] - Fix buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages. Resolves: CVE-2016-9577 - Fix remote DoS via crafted message. Resolves: CVE-2016-9578 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9577 CVE-2016-9578 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.131-2.6.9.0.0.1] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Oracle Linux' [1:1.7.0.131-2.6.9.0] - Add blacklisted.certs to installation file list. - Resolves: rhbz#1410612 [1:1.7.0.131-2.6.9.0] - Bump to 2.6.9 and u131b00. - Remove patch application debris in fsg.sh. - Re-generate RH1022017 against 2.6.9. - Resolves: rhbz#14106122 CRITICAL Copyright 2017 Oracle, Inc. CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3272 CVE-2016-5552 CVE-2017-3231 CVE-2017-3261 CVE-2017-3289 Oracle Linux 7 [32:9.9.4-38.2] - Fix CVE-2017-3135 (ISC change 4557) - Fix and test caching CNAME before DNAME (ISC change 4558) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3135 Oracle Linux 6 Oracle Linux 7 [1.0.1e-48.4] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts MODERATE Copyright 2017 Oracle, Inc. CVE-2016-8610 CVE-2017-3731 Oracle Linux 6 [2.6.32-642.13.2] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 Oracle Linux 7 - [3.10.0-514.6.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.6.2] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 Oracle Linux 7 - [3.10.0-514.6.2.0.1.el7] - [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 Oracle Linux 6 [2.6.32-642.15.1] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074} [2.6.32-642.14.1] - [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399456 1399457] {CVE-2016-9555} - [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1403143 1342659] - [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359302 1359304] {CVE-2016-6136} - [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1399172 1353844] - [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1399172 1353844] - [fs] nfs: Don't pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1399172 1353844] - [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1399174 1397552] - [scsi] hpsa: correct logical resets (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1399175 1083110] - [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1397808 1351798] - [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1397739 1378614] - [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1398185 1387243] MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9555 CVE-2016-6136 Oracle Linux 6 [0.12.1.2-2.491.el6_8.6] - kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1418230 bz#1419416] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418230 bz#1419416] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418230 bz#1419416] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418230 bz#1419416] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418230 bz#1419416] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418230 bz#1419416] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418230 bz#1419416] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418230 bz#1419416] - Resolves: bz#1418230 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.8.z]) - Resolves: bz#1419416 (CVE-2017-2615 qemu-kvm-rhev: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.8.z]) [0.12.1.2-2.491.el6_8.5] - kvm-net-check-packet-payload-length.patch [bz#1398213] - Resolves: bz#1398213 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-6.8.z]) [0.12.1.2-2.491.el6.4] - kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1408389] - kvm-virtio-introduce-virtqueue_discard.patch [bz#1408389] - kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1408389] - kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1408389] - kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1408389] - kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1408389] - Resolves: bz#1408389 ([RHEL6.8.z] KVM guest shuts itself down after 128th reboot) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2615 CVE-2016-2857 Oracle Linux 5 kernel [2.6.18-419] - [net] dccp: Use AF-independent rebuild_header routine (Hannes Frederic Sowa) [1424751] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424633] {CVE-2017-6074} - [redhat] kernel.spec.template: disable autoloading for dccp proto (Hannes Frederic Sowa) [1425177] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 CVE-2017-2634 Oracle Linux 5 kernel - 2.6.18-419.0.0.0.1 - [netfront] fix ring buffer index go back led vif stop [orabug 18272251] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 CVE-2017-2634 Oracle Linux 6 [0.12.1.2-2.491.el6_8.7] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420486 bz#1420488] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420486 bz#1420488] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420486 bz#1420488] - Resolves: bz#1420486 (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.8.z]) - Resolves: bz#1420488 (EMBARGOED CVE-2017-2620 qemu-kvm-rhev: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.8.z]) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2620 Oracle Linux 7 - [3.10.0-514.10.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.10.2] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463] [3.10.0-514.10.1] - [block] blk-mq: Fix NULL pointer updating nr_requests (David Milburn) [1416133 1384066] - [scsi] cxlflash: Fix crash in cxlflash_restore_luntable() (Gustavo Duarte) [1415146 1400524] - [scsi] cxlflash: Improve context_reset() logic (Gustavo Duarte) [1415146 1400524] - [scsi] cxlflash: Avoid command room violation (Gustavo Duarte) [1415146 1400524] - [x86] Mark Kaby Lake with Kaby Lake PCH as supported (David Arcari) [1415094 1391219] - [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1414687 1324918] - [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1414687 1324918] - [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1414687 1324918] - [mm] meminit: initialise more memory for inode/dentry hash tables in early boot (Yasuaki Ishimatsu) [1413623 1404584] - [s390] mem_detect: Revert 'add DAT sanity check' (Hendrik Brueckner) [1413600 1391540] - [cpufreq] intel_pstate: Fix code ordering in intel_pstate_set_policy() (Prarit Bhargava) [1411818 1398072] - [scsi] cxlflash: Improve EEH recovery time (Steve Best) [1402442 1397588] - [scsi] cxlflash: Fix to avoid EEH and host reset collisions (Steve Best) [1402442 1397588] - [scsi] cxlflash: Remove the device cleanly in the system shutdown path (Steve Best) [1402442 1397588] - [scsi] cxlflash: Scan host only after the port is ready for I/O (Steve Best) [1402442 1397588] - [x86] kvm: x86: Check memopp before dereference (Mateusz Guzik) [1395805 1395806] {CVE-2016-8630} - [vfio] pci: Fix integer overflows, bitmask check (Mateusz Guzik) [1394627 1394991 1394628 1394992] {CVE-2016-9083 CVE-2016-9084} - [acpi] acpi / scan: use platform bus type by default for _HID enumeration (Tony Camuso) [1393727 1383505] - [acpi] acpi / scan: introduce platform_id device PNP type flag (Tony Camuso) [1393727 1383505] - [char] ipmi: Convert the IPMI SI ACPI handling to a platform device (Tony Camuso) [1393727 1383505] - [acpi] acpi / ipmi: Cleanup coding styles (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Cleanup some inclusion codes (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Cleanup some initialization codes (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Cleanup several acpi_ipmi_device members (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Add reference counting for ACPI IPMI transfers (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Use global IPMI operation region handler (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI user (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Fix race caused by the timed out ACPI IPMI transfers (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI transfers (David Arcari) [1393725 1373703] - [acpi] acpi / ipmi: Fix potential response buffer overflow (David Arcari) [1393725 1373703] [3.10.0-514.9.1] - [drm] i915/kbl: Remove preliminary_hw_support protection from KBL. (Rob Clark) [1413092 1305702] - [netdrv] slip: Fix deadlock in write_wakeup (Steve Best) [1412225 1403497] - [netdrv] slip: fix spinlock variant (Steve Best) [1412225 1403497] - [kernel] kmod: use system_unbound_wq instead of khelper (Luiz Capitulino) [1411816 1395860] - [nvme] switch abort to blk_execute_rq_nowait (David Milburn) [1411669 1392923] - [netdrv] ibmveth: calculate gso_segs for large packets (Gustavo Duarte) [1411382 1361958] - [netdrv] ibmveth: set correct gso_size and gso_type (Gustavo Duarte) [1411382 1361958] - [netdrv] allow macvlans to move to net namespace (Jarod Wilson) [1409829 1368830] - [pci] Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) (Myron Stowe) [1406290 1387674] - [pci] Export pcie_find_root_port() (Myron Stowe) [1406290 1387674] - [rtc] cmos: Initialize hpet timer before irq is registered (Pratyush Anand) [1404184 1299001] - [x86] amd: Fix cpu_llc_id for AMD Fam17h systems (Suravee Suthikulpanit) [1402444 1395399] - [powerpc] powernv: Fix stale PE primary bus (Steve Best) [1402440 1395275] - [misc] cxl: Fix coredump generation when cxl_get_fd() is used (Gustavo Duarte) [1402439 1397943] - [pci] cxl: use pcibios_free_controller_deferred() when removing vPHBs (Gustavo Duarte) [1402438 1395323] - [scsi] qla2xxx: do not abort all commands in the adapter during EEH recovery (Gustavo Duarte) [1402436 1393254] - [scsi] qla2xxx: fix invalid DMA access after command aborts in PCI device remove (Gustavo Duarte) [1402436 1393254] - [scsi] qla2xxx: do not queue commands when unloading (Gustavo Duarte) [1402436 1393254] - [net] packet: fix race condition in packet_set_ring (Hangbin Liu) [1401852 1401853] {CVE-2016-8655} [3.10.0-514.8.1] - [netdrv] i40e: Fix corruption when transferring large files (Stefan Assmann) [1413101 1404060] [3.10.0-514.7.1] - [kernel] printk: avoid livelock if another CPU printks continuously (Denys Vlasenko) [1402314 1294066] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-8630 CVE-2016-9083 CVE-2016-9084 CVE-2016-8655 Oracle Linux 7 [4.4.0-14.0.1.el7_3.6] - Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818] [4.4.0-14.6] - Resolves: #1416488 replication race condition prevents IPA to install - wait_for_entry: use only DN as parameter - Wait until HTTPS principal entry is replicated to replica - Use proper logging for error messages [4.4.0-14.5] - Resolves: #1410760 ipa-ca-install fails on replica when IPA Master is installed without CA - Set up DS TLS on replica in CA-less topology - Resolves: #1413137 CVE-2017-2590 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands - ca: correctly authorise ca-del, ca-enable and ca-disable - Resolves: #1416481 IPA replica install fails with dirsrv errors. - Do not configure PKI ajp redirection to use '::1' MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2590 Oracle Linux 7 [1.5.3-126.el7_3.5] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420490] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420490] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420490] - Resolves: bz#1420490 (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-7.3.z]) [1.5.3-126.el7_3.4] - kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1420049] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418232] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418232] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418232] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418232] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418232] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418232] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418232] - Resolves: bz#1418232 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-7.3.z]) - Resolves: bz#1420049 (system_reset should clear pending request for error (virtio-blk)) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2615 CVE-2017-2620 Oracle Linux 5 [83-277.0.1.el5_11] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [83-277.el5_11] - kvm-Fix-hardware-accelerated-video-to-video-copy-on-Cirr.patch [bz#1421564] - kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1421564] - kvm-cirrus-fix-blit-region-check.patch [bz#1421564] - kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1421564] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1421564] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1421564] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1421564] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1421564] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1421564] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1421564] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1421564] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1421564] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1421564] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1421564] - Resolves: bz#1421564 (CVE-2017-2615 kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-5.11.z]) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2615 CVE-2017-2620 Oracle Linux 5 Oracle Linux 6 [45.8.0-2.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.8.0-2] - Update to 45.8.0 ESR (B2) [45.8.0-1] - Update to 45.8.0 ESR [45.7.0-2] - Enabled ppc/s390 arches (rhbz#1418765) CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5404 CVE-2017-5407 CVE-2017-5402 CVE-2017-5405 CVE-2017-5408 CVE-2017-5410 Oracle Linux 7 [52.0-4.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5404 CVE-2017-5407 CVE-2017-5402 CVE-2017-5405 CVE-2017-5408 CVE-2017-5410 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.8.0-1] - Update to 45.8.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5404 CVE-2017-5407 CVE-2017-5402 CVE-2017-5405 CVE-2017-5408 CVE-2017-5410 Oracle Linux 6 [0:6.0.24-105] - Related: rhbz#1402664 CVE-2016-6816 Adding system property from asfbz-60594 to allow use of some un-encoded characters - Related: rhbz#1402664 CVE-2016-6816 Resolving a security regression (2017-6056) caused by CVE-2016-6816 [0:6.0.24-104] - Related: rhbz#1402664 build. reverting ExcludeArch to fix composes [0:6.0.24-102] - Resolves: rhbz#1413589 CVE-2016-8745 tomcat6: tomcat: information disclosure due to incorrect Processor sharing - Resolves: rhbz#1402664 CVE-2016-6816 tomcat6: tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests MODERATE Copyright 2017 Oracle, Inc. CVE-2016-6816 CVE-2016-8745 Oracle Linux 7 [52.0-5.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5428 Oracle Linux 6 [1.3-16] - Revert previous changes in patch for CVE-2016-5159 - Fix double free in patch for CVE-2016-5139 - Fix memory leaks and invalid read in cio_bytein Related: #1419775 [1.3-15] - Add two more allocation checks to patch for CVE-2016-5159 Related: #1419775 [1.3-14] - Add patches for CVE-2016-5139, CVE-2016-5158, CVE-2016-5159 Related: #1419775 [1.3-13] - Fix patch name: CVE-2016-9675 => CVE-2016-7163 Related: #1419775 [1.3-12] - Add patch for CVE-2016-9675 - Fix Coverity issues Resolves: #1419775 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-5139 CVE-2016-5158 CVE-2016-9675 CVE-2016-5159 CVE-2016-7163 Oracle Linux 6 [1:1.20.11-20] - inspection: fix detection of /usr in separate partition resolves: rhbz#1388407 [1:1.20.11-19] - libguestfs-java: bump the java Require to >= 1.7.0, matching the Build-Require, and the generated bytecode resolves: rhbz#1319086 [1:1.20.11-18] - Fix buffer overflow and information leak CVE-2015-8869 resolves: rhbz#1343103 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8869 Oracle Linux 6 [3.11.2-5] - Enable execshield stack protection on ppc/ppc64 (572826) related: rhbz#1343082 - Fix strict-aliasing warnings in build (990540). [3.11.2-3] - Fix buffer overflow and information leak CVE-2015-8869 resolves: rhbz#1343082 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8869 Oracle Linux 6 [2.12.23-21] - Upgraded to 2.12.23 to incorporate multiple TLS 1.2 fixes (#1326389, #1326073, #1323215, #1320982, #1328205, #1321112) - Modified gnutls-serv to accept --sni-hostname (#1333521) - Modified gnutls-serv to always reply with an alert message (#1327656) - Removed support for DSA2 as it causes interoperability issues (#1321112) - Allow sending and receiving certificates which were not in the signature algorithms extension (#1328205) - Removed support for EXPORT ciphersuites (#1337460) - Raised the minimum acceptable DH size to 1024 (#1335924) - Restricted the number of alert that can be received during handshake (#1388730) - Added fixes for OpenPGP parsing issues (CVE-2017-5337, CVE-2017-5336, CVE-2017-5335) - The exposed (but internal) crypto back-end registration API is deprecated and no longer functional. The ABI is kept compatible (#1415682) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-8610 CVE-2017-5335 CVE-2017-5337 CVE-2017-5336 Oracle Linux 6 [0.12.1.2-2.503.el6] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420487 bz#1420489] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420487 bz#1420489] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420487 bz#1420489] - Resolves: bz#1420487 (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.9]) - Resolves: bz#1420489 (EMBARGOED CVE-2017-2620 qemu-kvm-rhev: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.9]) [0.12.1.2-2.502.el6] - kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1418231 bz#1419417] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418231 bz#1419417] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418231 bz#1419417] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418231 bz#1419417] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418231 bz#1419417] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418231 bz#1419417] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418231 bz#1419417] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418231 bz#1419417] - Resolves: bz#1418231 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.9]) - Resolves: bz#1419417 (CVE-2017-2615 qemu-kvm-rhev: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.9]) [0.12.1.2-2.501.el6] - kvm-Revert-iotests-Use-_img_info.patch [bz#1405882] - kvm-Revert-block-commit-speed-is-an-optional-parameter.patch [bz#1405882] - kvm-Revert-iotests-Disable-086.patch [bz#1405882] - kvm-Revert-iotests-Fix-049-s-reference-output.patch [bz#1405882] - kvm-Revert-iotests-Fix-026-s-reference-output.patch [bz#1405882] - kvm-Revert-qcow2-Support-exact-L1-table-growth.patch [bz#1405882] - kvm-Revert-qcow2-Free-allocated-L2-cluster-on-error.patch [bz#1405882] - kvm-net-check-packet-payload-length.patch [bz#1398214] - Resolves: bz#1398214 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-6.9]) - Reverts: bz#1405882 (test cases 026 030 049 086 and 095 of qemu-iotests fail for qcow2 with qemu-kvm-rhev-0.12.1.2-2.498.el6) [0.12.1.2-2.500.el6] - kvm-qcow2-Free-allocated-L2-cluster-on-error.patch [bz#1405882] - kvm-qcow2-Support-exact-L1-table-growth.patch [bz#1405882] - kvm-iotests-Fix-026-s-reference-output.patch [bz#1405882] - kvm-iotests-Fix-049-s-reference-output.patch [bz#1405882] - kvm-iotests-Disable-086.patch [bz#1405882] - kvm-block-commit-speed-is-an-optional-parameter.patch [bz#1405882] - kvm-iotests-Use-_img_info.patch [bz#1405882] - Resolves: bz#1405882 (test cases 026 030 049 086 and 095 of qemu-iotests fail for qcow2 with qemu-kvm-rhev-0.12.1.2-2.498.el6) [0.12.1.2-2.499.el6] - kvm-rename-qemu_aio_context-to-match-upstream.patch [bz#876993] - kvm-block-stop-relying-on-io_flush-in-bdrv_drain_all.patch [bz#876993] - kvm-block-add-bdrv_drain.patch [bz#876993] - kvm-block-avoid-very-long-pauses-at-the-end-of-mirroring.patch [bz#876993] - Resolves: bz#876993 (qemu-kvm: vms become non-responsive during migrate disk load from 2 domains to a 3ed) [0.12.1.2-2.498.el6] - kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1392520] - kvm-virtio-introduce-virtqueue_discard.patch [bz#1392520] - kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1392520] - kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1392520] - kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1392520] - kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1392520] - kvm-PATCH-1-4-e1000-pre-initialize-RAH-RAL-registers.patch [bz#1300626] - kvm-net-update-nic-info-during-device-reset.patch [bz#1300626] - kvm-net-e1000-update-network-information-when-macaddr-is.patch [bz#1300626] - kvm-net-rtl8139-update-network-information-when-macaddr-.patch [bz#1300626] - Resolves: bz#1300626 (e1000/rtl8139: qemu mac address can not be changed via set the hardware address in guest) - Resolves: bz#1392520 ([RHEL6.9] KVM guest shuts itself down after 128th reboot) [0.12.1.2-2.497.el6] - kvm-vmstate-fix-breakage-by-7e72abc382b700a72549e8147bde.patch [bz#1294941] - Resolves: bz#1294941 (QEMU crash on snapshot revert when using Cirrus) [0.12.1.2-2.496.el6] - kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1361490] - kvm-virtio-scsi-Prevent-assertion-on-missed-events.patch [bz#1333697] - Resolves: bz#1333697 (qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:724: virtio_scsi_push_event: Assertion event == 0 failed) - Resolves: bz#1361490 (system_reset should clear pending request for error (virtio-blk)) [0.12.1.2-2.495.el6] - kvm-qemu-img-add-support-for-fully-allocated-images.patch [bz#1297653] - kvm-qemu-img-fix-usage-instruction-for-qemu-img-convert.patch [bz#1297653] - kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I.patch [bz#1292678 bz#1320066] - Resolves: bz#1292678 (Qemu should report error when cmdline set threads=2 in amd host) - Resolves: bz#1297653 (qemu-img convert cant create a fully allocated image passed a -S 0 option) - Resolves: bz#1320066 (Qemu should not report error when cmdline set threads=2 in Intel host) [0.12.1.2-2.494.el6] - kvm-rtl8139-flush-queued-packets-when-RxBufPtr-is-writte.patch [bz#1356924] - kvm-block-Detect-unaligned-length-in-bdrv_qiov_is_aligne.patch [bz#1321862] - kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1281713] - kvm-atapi-fix-halted-DMA-reset.patch [bz#1281713] - Resolves: bz#1281713 (system_reset should clear pending request for error (IDE)) - Resolves: bz#1321862 (Backport 'block: Detect unaligned length in bdrv_qiov_is_aligned()') - Resolves: bz#1356924 (rtl8139 driver hangs in widows guests) [0.12.1.2-2.493.el6] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359725] - Resolves: bz#1359725 (CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-6.9]) [0.12.1.2-2.492.el6] - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331408] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331408] - kvm-vga-use-constants-from-vga.h.patch [bz#1331408] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331408] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331408] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331408] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331408] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331408] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331408] - kvm-vga-add-sr_vbe-register-set.patch [bz#1331408 bz#1346981] - Resolves: bz#1331408 (CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.9]) - Resolves: bz#1346981 (Regression from CVE-2016-3712: windows installer fails to start) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-3712 Oracle Linux 6 [1.1.0-24] - Proper global init/deinit of GnuTLS Resolves: bz#1418946 [1.1.0-23] - Fix buffer overflow in FullFramePixelBuffer::fillRect Resolves: bz#1416289 [1.1.0-22] - Fix buffer overflow in FullFramePixelBuffer::fillRect Resolves: bz#1416289 [1.1.0-21] - Enable DRI2 and DRI3 Resolves: bz#1323065 [1.1.0-20] - Rebuild against fixed xorg-x11-server to avoid automatical disconnects when initiazed from xinetd Resolves: bz#1390458 [1.1.0-19] - Restore default behaviour to listen on TCP Resolves: bz#1378922 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10207 CVE-2017-5581 Oracle Linux 6 [1.8.10-25.0.1] - Fix ocfs2 dissector (John Haxby) [orabug 21505640] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.8.10-25] - rebuilt [1.8.10-24] - Related: #1245887 - segfault with CVE-2013-4075 capture - valgrind error with CVE-2015-3812 capture [1.8.10-23] - Resolves: #1238166 - tshark -F option fails to create capture files in .pcap format [1.8.10-22] - Resolves: #1240675 - No dissection of the TLS Certificate Verify message [1.8.10-21] - Resolves: #1222902 - Encrypt-then-MAC TLS extension unrecognised - Patch also include master secret extension decoding in TLS [1.8.10-20] - Resolves: #1222895 - Problems decoding TLS Server Key Exchange messages [1.8.10-19] - Security patches - Resolves: CVE-2013-4075 [1.8.10-18] - Security patches - Resolves: CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2013-4075 Oracle Linux 6 [5.3p1-122] - Allow to use ibmca crypto hardware (#1397547) - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (1405374) [5.3p1-121] - Fix missing hmac-md5-96 from server offer (#1373836) [5.3p1-120] - Prevent infinite loop when Ctrl+Z pressed at password prompt (#1218424) - Remove RC4 cipher and MD5 based MAC from the default client proposal (#1373836) [5.3p1-119] - Resolve sftp force permission colision with umask (#1341747) - Relax bits needed check to allow hmac-sha2-512 with gss-group1-sha1- (#1353359) - close ControlPersist background process stderr when not in debug mode (#1335539) - Do not add a message 'The agent has no identities.' in ~/.ssh/authorized_keys (#1353410) MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8325 Oracle Linux 6 [8.4-46.0.1] - clean up empty file if cp is failed [Orabug 15973168] [8.4-46] - pure rebuild to bring back support for acl_extended_file_nofollow() on x86_64 [8.4-45] - su: deny killing other processes with root privileges (CVE-2017-2616) [8.4-44] - fix the functionality of 'sort -h -k ...' in multi-byte locales (#1357979) - use correct path to grep(1) in colorls.sh (#1376892) - make colorls.sh compatible with ksh (#1321643) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2616 Oracle Linux 6 [3.6.23-41.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-41] - resolves: #1413672 - Auth regression after secret changed [3.6.23-40] - resolves: #1405356 - CVE-2016-2125 CVE-2016-2126 [3.6.23-39] - resolves: #1297805 - Fix issues with printer unpublishing from AD [3.6.23-38] - resolves: #1347843 - Fix RPC queryUserList returning NO_MEMORY for empty list [3.6.23-37] - resolves: #1380151 - Fix memory leak in idmap_ad module - resolves: #1333561 - Fix smbclient connection issues to DFS shares - resolves: #1372611 - Allow ntlmsssp session key setup without signing (Workaround for broken NetApp and EMC NAS) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-2126 CVE-2016-2125 Oracle Linux 6 [2.12-1.209.0.1] - Update newmode size to fix a possible corruption [2.12-1.209] - Fix AF_INET6 getaddrinfo with nscd (#1416496) [2.12-1.208] - Update tests for struct sockaddr_storage changes (#1338673) [2.12-1.207] - Use FL_CLOEXEC in internal calls to fopen (#1012343). [2.12-1.206] - Fix CVE-2015-8779 glibc: Unbounded stack allocation in catopen function (#1358015). [2.12-1.205] - Make padding in struct sockaddr_storage explicit (#1338673) [2.12-1.204] - Fix detection of Intel FMA hardware (#1384281). [2.12-1.203] - Add support for el_GR@euro, ur_IN, and wal_ET locales (#1101858). [2.12-1.202] - Change malloc/tst-malloc-thread-exit.c to use fewer threads and avoid timeout (#1318380). [2.12-1.201] - df can fail on some systems (#1307029). [2.12-1.200] - Log uname, cpuinfo, meminfo during build (#1307029). [2.12-1.199] - Draw graphs for heap and stack only if MAXSIZE_HEAP and MAXSIZE_STACK are non-zero (#1331304). [2.12-1.198] - Avoid unneeded calls to __check_pf in getadddrinfo (#1270950) [2.12-1.197] - Fix CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r (#1358013). [2.12-1.196] - Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() (#1358011). [2.12-1.195] - tzdata-update: Ignore umask setting (#1373646) [2.12-1.194] - CVE-2014-9761: Fix unbounded stack allocation in nan* (#1358014) [2.12-1.193] - Avoid using uninitialized data in getaddrinfo (#1223095) MODERATE Copyright 2017 Oracle, Inc. CVE-2014-9761 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779 Oracle Linux 6 [4.1.2-48] - Fix signal handling in read builtin Resolves: #1421926 [4.1.2-47] - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: #1396383 [4.1.2-46] - CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4 variables Resolves: #1379630 [4.1.2-45] - CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname Resolves: #1377613 [4.1.2-44] - Avoid crash in parameter expansion while expanding long strings Resolves: #1359142 [4.1.2-43] - Stop reading input when SIGHUP is received Resolves: #1325753 [4.1.2-42] - Bash leaks memory while doing pattern removal in parameter expansion Resolves: #1283829 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 Oracle Linux 6 [4.2.10-9] - resolves: #1405358 - CVE-2016-2125 CVE-2016-2126 [4.2.10-8] - Synchronize patches for Samba 4.2.10 with RHEL 7.2.z - Resolves: #1383685 - Update samba4 to be on par with RHEL 7.2.z MODERATE Copyright 2017 Oracle, Inc. CVE-2016-2126 CVE-2016-2125 Oracle Linux 6 [0.99.15-14] - Resolves: #1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [0.99.15-13] - fix path of ripd pid file (#842308) [0.99.15-12] - fix start() function in watchqugga initscript (#862826, #1208617) [0.99.15-11] - fix for CVE-2013-2236 (#1391918) - fix for CVE-2016-1245 (#1391914) - fix for CVE-2016-2342 (#1391916) - fix for CVE-2016-4049 (#1391919) [0.99.15-11] - ospf6d: Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config (#770731) [0.99.15-10] - add watchquagga initscript (#862826, #1208617) - remove pidfile when service is stopped (#842308) - use QCONFDIR correctly in initscripts (#839620) - include watchquagga and ospfclient manpages (#674862) [0.99.15-9] - improve fix for CVE-2011-3325 [0.99.15-8] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0255 - fix CVE-2012-0249 and CVE-2012-0250 - fix CVE-2012-1820 MODERATE Copyright 2017 Oracle, Inc. CVE-2013-2236 CVE-2016-2342 CVE-2017-5495 CVE-2016-1245 CVE-2016-4049 Oracle Linux 6 [2.6.32-696.OL6] - Update genkey [bug 25599697] [2.6.32-696] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074} [2.6.32-695] - [block] nvme: Dont poll device being removed (David Milburn) [1422521] [2.6.32-694] - [fs] posix_acl: Clear SGID bit when setting file permissions (Andreas Grunbacher) [1371252] {CVE-2016-7097} - [fs] switch posix_acl_equiv_mode() to umode_t * (Andreas Grunbacher) [1371252] {CVE-2016-7097} - [perf] sched latency: Fix thread pid reuse issue (Jiri Olsa) [1400743] - [fs] ext4: fix races of writeback with punch hole and zero range (Lukas Czerner) [1394786] - [fs] ext4: validate s_reserved_gdt_blocks on mount (Lukas Czerner) [1394786] - [fs] ext4: release bh in make_indexed_dir (Lukas Czerner) [1394786] - [fs] ext4: reinforce check of i_dtime when clearing high fields of uid and gid (Lukas Czerner) [1394786] - [fs] ext4: validate that metadata blocks do not overlap superblock (Lukas Czerner) [1394786] - [fs] ext4: short-cut orphan cleanup on error (Lukas Czerner) [1394786] - [fs] ext4: fix reference counting bug on block allocation error (Lukas Czerner) [1394786] - [fs] ext4: check for extents that wrap around (Lukas Czerner) [1394786] - [fs] ext4: silence UBSAN in ext4_mb_init() (Lukas Czerner) [1394786] - [fs] ext4: address UBSAN warning in mb_find_order_for_block() (Lukas Czerner) [1394786] - [fs] ext4: clean up error handling when orphan list is corrupted (Lukas Czerner) [1394786] - [fs] ext4: fix hang when processing corrupted orphaned inode list (Lukas Czerner) [1394786] - [fs] jbd2: Fix unreclaimed pages after truncate in data=journal mode (Lukas Czerner) [1394786] - [fs] ext4: Fix handling of extended tv_sec (Lukas Czerner) [1394786] - [fs] create and use seq_show_option for escaping (Lukas Czerner) [1394786] - [fs] ext4: replace open coded nofail allocation in ext4_free_blocks() (Lukas Czerner) [1394786] - [fs] ext4: Introduce EFSBADCRC and EFSCORRUPTED error codes (Lukas Czerner) [1394786] - [block] ensure request->part is valid (Jeff Moyer) [1416341] - [sound] alsa: hda - fix Lewisburg audio issue (Jaroslav Kysela) [1413134] [2.6.32-693] - [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1419396] - [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1419396] - [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1419396] - [netdrv] sfc: clean fallbacks between promisc/normal in efx_ef10_filter_sync_rx_mode (Jarod Wilson) [1419396] - [netdrv] sfc: support cascaded multicast filters (Jarod Wilson) [1419396] - [netdrv] sfc: Make failed filter removal less noisy (Jarod Wilson) [1410750] - [netdrv] sfc: re-factor efx_ef10_filter_sync_rx_mode() (Jarod Wilson) [1410750] - [netdrv] sfc: refactor debug-or-warnings printks (Jarod Wilson) [1410750] - [net] implement netif_cond_dbg macro (Jarod Wilson) [1410750] [2.6.32-692] - [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1401058] - [fs] revert 'sunrpc: make AF_LOCAL connect synchronous' (Benjamin Coddington) [1420044] [2.6.32-691] - [net] tcp: correct memory barrier usage in tcp_check_space() (Oleg Nesterov) [1386136] - [fs] epoll: prevent missed events on EPOLL_CTL_MOD (Oleg Nesterov) [1386136] - [acpi] acpica: Fix regression in FADT revision checks (Lenny Szubowicz) [1418339] - [net] ipv6: stop sending PTB packets for MTU < 1280 (Hannes Frederic Sowa) [1415931] {CVE-2016-10142} - [net] fix dst_ops_extend leaks (Sabrina Dubroca) [1399633] [2.6.32-690] - [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1405267] - [scsi] mpt3sas: Fix for block device of raid exists even after deleting raid disk (Tomas Henzl) [1416552] [2.6.32-689] - [netdrv] be2net: fix initial MAC setting (Ivan Vecera) [1415905] [2.6.32-688] - [netdrv] sfc: fix missing mc_promisc setting (Jarod Wilson) [1410750] [2.6.32-687] - [netdrv] sfc: reduce severity of PIO buffer alloc failures (Jarod Wilson) [1410750] - [netdrv] sfc: avoid division by zero (Jarod Wilson) [1410750] - [netdrv] sfc: Insert multicast filters as well as mismatch filters in promiscuous mode (Jarod Wilson) [1410750] - [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1410750] - [netdrv] sfc: warn if other functions have been reset by MCFW (Jarod Wilson) [1410750] - [netdrv] sfc: add output flag decoding to efx_mcdi_set_workaround (Jarod Wilson) [1410750] - [netdrv] sfc: get PIO buffer size from the NIC (Jarod Wilson) [1410750] - [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1410750] - [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1410750] - [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1410750] - [netdrv] sfc: Downgrade EPERM messages from MCDI to debug (Jarod Wilson) [1410750] - [netdrv] sfc: cope with ENOSYS from efx_mcdi_get_workarounds() (Jarod Wilson) [1410750] - [netdrv] sfc: enable cascaded multicast filters in MCFW (Jarod Wilson) [1410750] - [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1410750] - [dm] raid: fix transient device failure processing (Mike Snitzer) [1404425] [2.6.32-686] - [scsi] Add intermediate STARGET_REMOVE state to scsi_target_state (Ewan Milne) [1349623] - [scsi] restart list search after unlock in scsi_remove_target (Ewan Milne) [1349623] - [powerpc] pci: Support per-aperture memory offset (Laurent Vivier) [1413448] - [powerpc] pci: Dont add bogus empty resources to PHBs (Laurent Vivier) [1413448] - [mm] mmap.c: fix arithmetic overflow in __vm_enough_memory() (Jerome Marchand) [1413500] - [net] ping: check minimum size on ICMP header length (Mateusz Guzik) [1414202] {CVE-2016-8399} - [scsi] sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Ewan Milne) [1414823] {CVE-2016-10088 CVE-2016-9576} [2.6.32-685] - [kernel] ftrace: Do not function trace inlined functions (Pratyush Anand) [1413456] - [x86] paravirt: Do not trace _paravirt_ident_*() functions (Pratyush Anand) [1413456] - [netdrv] i40e: Fix for long link down notification time (Stefan Assmann) [1414274] - [scsi] megaraid_sas: fix done in queue_command (Tomas Henzl) [1415192] - [scsi] megaraid: fixes (Tomas Henzl) [1415192] - [netdrv] ixgbe: Add support for new X557 device (Ken Cox) [1408509] - [netdrv] ixgbe: Add KR backplane support for x550em_a (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for SGMII backplane interface (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for SFPs with retimer (Ken Cox) [1408509] - [netdrv] ixgbe: Introduce function to control MDIO speed (Ken Cox) [1408509] - [netdrv] ixgbe: Read and set instance id (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for x550em_a 10G MAC type (Ken Cox) [1408509] - [netdrv] ixgbe: Use method pointer to access IOSF devices (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for single-port X550 device (Ken Cox) [1408509] - [netdrv] ixgbe: Clean up interface for firmware commands (Ken Cox) [1408509] - [netdrv] ixgbe: Change the lan_id and func fields to a u8 to avoid casts (Ken Cox) [1408509] - [netdrv] ixgbe: Fix flow control for Xeon D KR backplane (Ken Cox) [1408509] - [netdrv] ixgbe: Make all unchanging ops structures const (Ken Cox) [1408509] - [netdrv] ixgbe: Update PTP to support X550EM_x devices (Ken Cox) [1408509] - [netdrv] ixgbe: convert to CYCLECOUNTER_MASK macro (Ken Cox) [1408509] - [netdrv] ixgbevf: add VF support for new hardware (Ken Cox) [1408507] - [netdrv] ixgbevf: Support Windows hosts (Hyper-V) (Ken Cox) [1408507] - [netdrv] ixgbevf: Add the device IDs presented while running on Hyper-V (Ken Cox) [1408507] - [netdrv] ixgbevf: Move API negotiation function into mac_ops (Ken Cox) [1408507] - [x86] tsc: Reset cycle_last after resume from S3/S4 (Lenny Szubowicz) [1406468] - [kernel] hung_task: allow hung_task_panic when hung_task_warnings is 0 (Waiman Long) [1410297] [2.6.32-684] - [s390] kernel/ap: Fix hang condition on crypto card config-off (Hendrik Brueckner) [1413552] - [s390] zcrypt: Improved invalid domain response handling (Hendrik Brueckner) [1406389] - [infiniband] ucm: Fix bitmap wrap when devnum > IB_UCM_MAX_DEVICES (Slava Shwartsman) [1413476] - [netdrv] mlx5e: Copy all L2 headers into inline segment (Kamal Heib) [1408937] - [netdrv] be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [1406659] - [netdrv] be2net: dont delete MAC on close on unprivileged BE3 VFs (Ivan Vecera) [1406659] - [netdrv] be2net: fix status check in be_cmd_pmac_add() (Ivan Vecera) [1406659] - [acpi] acpica: Tables: Update FADT handling (Lenny Szubowicz) [1408401] - [acpi] acpica: ACPI 6.0: Add changes for FADT table (Lenny Szubowicz) [1408401] - [acpi] acpica: Basic support for FADT version 5 (Lenny Szubowicz) [1408401] - [acpi] acpica: Remove use of unreliable FADT revision field (Lenny Szubowicz) [1408401] [2.6.32-683] - [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1411279] - [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1411279] - [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1411279] - [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1411279] - [net] mlx4_en: Fix type mismatch for 32-bit systems (Slava Shwartsman) [1399239] - [net] mlx4_en: Resolve dividing by zero in 32-bit system (Slava Shwartsman) [1399239] - [netdrv] e1000e: Initial support for KabeLake (Jarod Wilson) [1406917] - [netdrv] e1000e: Clear ULP configuration register on ULP exit (Jarod Wilson) [1406917] - [netdrv] e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Jarod Wilson) [1406917] - [netdrv] e1000e: Increase PHY PLL clock gate timing (Jarod Wilson) [1406917] - [netdrv] e1000e: Increase ULP timer (Jarod Wilson) [1406917] - [netdrv] e1000e: initial support for i219-LM (3) (Jarod Wilson) [1406917] - [netdrv] be2net: fix unicast list filling (Ivan Vecera) [1408247] - [netdrv] be2net: fix accesses to unicast list (Ivan Vecera) [1408247] - [netdrv] sfc: Downgrade or remove some error messages (Jarod Wilson) [1410750] - [netdrv] be2net: call be_set_uc_list() unconditionally (Ivan Vecera) [1402679] - [netdrv] mlx5e: Use hw_features through netdev_extended macro (Kamal Heib) [1385318] - [block] nvme: Dont stop kthread while clearing queues (David Milburn) [1399431] - [fs] dlm: Fix saving of NULL callbacks (Robert S Peterson) [1264492] [2.6.32-682] - [x86] kdump: Fix several bound checking error of crashkernel reserving (Baoquan He) [1349069] - [x86] kdump: Crashkernel auto reservation failed on large system (Baoquan He) [1349069] - [kdump] Fix wrong dmi_present argument in case efi_smbios_addr being used (Dave Young) [1404984] - [kdump] Add error check in case dmi_get_system_info return null (Dave Young) [1404984] - [netdrv] bnxt_en: Improve the delay logic for firmware response (John Linville) [1406129] - [netdrv] bnxt_en: Implement proper firmware message padding (John Linville) [1406129] - [netdrv] bnxt_en: Refactor _hwrm_send_message() (John Linville) [1406129] - [netdrv] bnxt_en: Fix dmesg log firmware error messages (John Linville) [1406129] - [netdrv] bnxt_en: Use firmware provided message timeout value (John Linville) [1406129] - [fs] nfs: Allow getattr to also report readdirplus cache hits (Scott Mayhew) [1325766] - [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Scott Mayhew) [1325766] - [fs] nfs: Fix a performance regression in readdir (Scott Mayhew) [1325766] [2.6.32-681] - [net] udplite: fast-path computation of checksum coverage (Hangbin Liu) [1404127] - [ata] libata: fix sff host state machine locking while polling (Cathy Avery) [1390972] - [ata] libata-sff: use WARN instead of BUG on illegal host state machine state (Cathy Avery) [1390972] - [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (Vitaly Kuznetsov) [1400428] - [fs] nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [1409002] - [fs] nfsd: fix deadlock secinfo+readdir compound (J. Bruce Fields) [1314505] - [fs] nfsd4: fix recovery-dir leak on nfsd startup failure (J. Bruce Fields) [1266405] - [x86] Mark Skylake processors with Kaby Lake PCH as unsupported (David Arcari) [1405459] - [infiniband] ipoib: Remove cant use GFP_NOIO warning (Slava Shwartsman) [1321529] - [netdrv] veth: allow changing the mac address while interface is up (David Arcari) [1402696] - [kernel] tracing: Protect tracer flags with trace_types_lock (Steven Rostedt) [1397661] - [acpi] acpica: Prevent circular object list in acpi_ns_exec_module_code (Lenny Szubowicz) [1401776] - [acpi] acpica: Fix possible memory leak for module-level code execution (Lenny Szubowicz) [1401776] - [acpi] acpica: Add additional module-level code support (Lenny Szubowicz) [1401776] - [fs] xfs: growfs: use uncached buffers for new headers (Bill ODonnell) [1134314] - [fs] xfs: catch invalid negative blknos in _xfs_buf_find() (Bill ODonnell) [1134314] - [fs] xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (Bill ODonnell) [1134314] [2.6.32-680] - [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1397807] [2.6.32-679] - [mm] Revert 'mm: Fix slab growing out of bound within a cpuset' (Larry Woodman) [1402713] - [netdrv] cxgb4: update latest firmware version supported (Sai Vemuri) [1381382] - [kernel] audit: correctly record file names with different path name types (Paul Moore) [1305103] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] - [scsi] megaraid_sas: ldio_outstanding variable is not decremented in completion path (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] - [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Tomas Henzl) [1306457] - [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Tomas Henzl) [1306457] - [scsi] megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] - [scsi] megaraid_sas: 128 MSIX Support (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] [2.6.32-678] - [netdrv] RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips (Sai Vemuri) [1381382] - [netdrv] cxgb4: Stop Rx Queues before freeing it up (Sai Vemuri) [1381382] - [netdrv] iw_cxgb4 : Added 'Fail' column in debug iw_cxgb4 stats (Sai Vemuri) [1381382] - [netdrv] cxgb4: Add info print to display number of MSI-X vectors allocated (Sai Vemuri) [1381382] - [netdrv] iwpm: crash fix for large connections test (Sai Vemuri) [1381382] - [netdrv] cxgb4/cxgb4vf : Use vlan_gro_frags_gr() for VLANs (Sai Vemuri) [1381382] - [netdrv] cxgb4vf : Using RHEL6 provided napi_gro_frags_gr() API which returns (enum gro_result) values (Sai Vemuri) [1381382] - [serial] 8250_pci: Detach low-level driver during PCI error recovery (Gustavo Duarte) [1400508] - [drm] reservation: Remove shadowing local variable 'ret' (Rob Clark) [1398084] - [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399457] {CVE-2016-9555} - [net] ipv6: add mtu lock check in __ip6_rt_update_pmtu (Xin Long) [1397295] - [net] Reduce queue allocation to one in kdump kernel (Sai Vemuri) [1321315] - [netdrv] cxgb4: Force cxgb4 driver as MASTER in kdump kernel (Sai Vemuri) [1321315] [2.6.32-677] - [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.15.37.0 (Sai Vemuri) [1349112] - [netdrv] be2net: fix locking (Ivan Vecera) [1397915] - [perf] tools: Initialize reference counts in map__clone() (Jiri Olsa) [1359100] - [perf] tools: Replace map->referenced & maps->removed_maps with map->refcnt (Jiri Olsa) [1359100] - [md] raid10: add rcu protection to rdev access in raid10_sync_request (Xiao Ni) [1395048] - [md] raid10: add rcu protection in raid10_status (Xiao Ni) [1395048] - [md] raid10: fix refounct imbalance when resyncing an array with a replacement device (Xiao Ni) [1395048] - [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1342659] - [x86] ACPI: add dynamic_debug support (Prarit Bhargava) [1252674] - [mm] hugetlb: fix huge_pte_alloc BUG_ON (Dave Anderson) [1397250] [2.6.32-676] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567] - [scsi] megaraid_sas: add in missing white spaces in error messages text (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1397873] - [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1392499] - [scsi] megaraid_sas: Do not fire DCMDs during PCI shutdown/detach (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Send correct PhysArm to FW for R1 VD downgrade (Tomas Henzl) [1396567] - [scsi] megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1392499] - [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1392499] - [scsi] megaraid_sas: clean function declarations in megaraid_sas_base.c up (Tomas Henzl) [1396567] - [scsi] megaraid_sas: add in missing white space in error message text (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Fix the search of first memory bar (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Use memdup_user() rather than duplicating its implementation (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Fix probing cards without io port (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Downgrade two success messages to info (Tomas Henzl) [1396567] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567] - [scsi] megaraid_sas: task management code optimizations (Tomas Henzl) [1396567] - [scsi] megaraid_sas: call ISR function to clean up pending replies in OCR path (Tomas Henzl) [1396567] - [scsi] megaraid_sas: reduce memory footprints in kdump mode (Tomas Henzl) [1396567] - [scsi] megaraid_sas: add missing curly braces in ioctl handler (Tomas Henzl) [1396567] - [scsi] mpt3sas: Bump driver version as '14.101.00.00' (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix for Endianness issue (Tomas Henzl) [1306469] - [scsi] mpt3sas: Use the new MPI 2.6 32-bit Atomic Request Descriptors for SAS35 devices (Tomas Henzl) [1306469] - [scsi] mpt3sas: set EEDP-escape-flags for SAS35 devices (Tomas Henzl) [1306469] - [scsi] mpt3sas: Increased/Additional MSIX support for SAS35 devices (Tomas Henzl) [1306469] - [scsi] mpt3sas: Added Device IDs for SAS35 devices and updated MPI header (Tomas Henzl) [1306469] - [scsi] mpt3sas: Dont spam logs if logging level is 0 (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix warnings exposed by W=1 (Tomas Henzl) [1306469] - [scsi] mpt3sas: Eliminate dead sleep_flag code (Tomas Henzl) [1306469] - [scsi] mpt3sas: Eliminate conditional locking in mpt3sas_scsih_issue_tm() (Tomas Henzl) [1306469] - [scsi] mpt3sas: Ensure the connector_name string is NUL-terminated (Tomas Henzl) [1306469] - [scsi] mpt3sas: Bump driver version as '14.100.00.00' (Tomas Henzl) [1306469] - [scsi] mpt3sas: Remove unused macro 'MPT_DEVICE_TLR_ON' (Tomas Henzl) [1306469] - [scsi] mpt3sas: Implement device_remove_in_progress check in IOCTL path (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix for incorrect numbers for MSIX vectors enabled when non RDPQ card is enumerated first (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix for improper info displayed in var log, while blocking or unblocking the device (Tomas Henzl) [1306469] - [net] increase xmit RECURSION_LIMIT to 10 (Sabrina Dubroca) [1392660] - [net] add a recursion limit in xmit path (Sabrina Dubroca) [1392660] - [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1390061] - [net] netfilter: ebtables: Fix extension lookup with identical name (Sabrina Dubroca) [1390061] - [net] ipv6: ipv6_find_hdr restore prev functionality (Paolo Abeni) [1392975] [2.6.32-675] - [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359304] {CVE-2016-6136} - [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1353844] - [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1353844] - [fs] nfs: Dont pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1353844] - [fs] dlm: Dont save callbacks after accept (Robert S Peterson) [1264492] - [fs] dlm: Save and restore socket callbacks properly (Robert S Peterson) [1264492] - [fs] dlm: Replace nodeid_to_addr with kernel_getpeername (Robert S Peterson) [1264492] - [fs] dlm: print kernel message when we get an error from kernel_sendpage (Robert S Peterson) [1264492] - [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1397552] - [hv] storvsc: Payload buffer incorrectly sized for 32 bit kernels (Cathy Avery) [1394756] - [fs] xfs: fix unbalanced inode reclaim flush locking (Brian Foster) [1384564] - [scsi] hpsa: correct logical resets (Joseph Szczypek) [1083110] - [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1083110] - [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1083110] - [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1083110] - [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1083110] - [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1083110] - [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1083110] - [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1372465] [2.6.32-674] - [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1351798] - [x86] Mark Intel Purley supported (Steve Best) [1271866] - [pnp] Prevent attaching to ACPI IPMI device (Charles Rose) [857150] [2.6.32-673] - [netdrv] ehea: fix operation state report (Gustavo Duarte) [1089134] - [block] nvme: Always use MSI/MSI-x interrupts (David Milburn) [1372023] - [fs] aio: aio_nr decrements dont need to be delayed (Jiri Olsa) [1386216] - [fs] aio: dont bother with async freeing on failure in ioctx_alloc() (Jiri Olsa) [1386216] - [fs] epoll: ep_unregister_pollwait() can use the freed pwq->whead (Lauro Ramos Venancio) [1392372] - [fs] epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() (Lauro Ramos Venancio) [1392372] [2.6.32-672] - [sched] Fix rq->nr_uninterruptible update race (Aaron Tomlin) [1377292] - [security] keys: Fix short sprintf buffer in /proc/keys show function (Frantisek Hrbata) [1375208] {CVE-2016-7042} - [net] bridge: fix switched interval for MLD Query types (Hangbin Liu) [1392327] - [net] netfilter: ipv6: move POSTROUTING invocation before fragmentation (Eric Garver) [1391240] - [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390046] {CVE-2016-7117} - [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1381585] - [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379529] {CVE-2016-6828} - [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351422] {CVE-2016-4998} - [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351422] {CVE-2016-4998} - [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351422] {CVE-2016-4998} - [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1388287] - [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1388287] - [net] tcp: mitigate ACK loops for connections as tcp_timewait_sock (Florian Westphal) [1388287] - [net] tcp: mitigate ACK loops for connections as tcp_sock (Florian Westphal) [1388287] - [net] tcp: mitigate ACK loops for connections as tcp_request_sock (Florian Westphal) [1388287] - [net] tcp: helpers to mitigate ACK loops by rate-limiting out-of-window dupacks (Florian Westphal) [1388287] - [net] ipv6: Dont change dst->flags using assignments (Marcelo Leitner) [1389478] - [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1385088] [2.6.32-671] - [perf] list: Fix rNNNN list output to appear only once (Jiri Olsa) [1291256 1374411] - [perf] symbols: Check kptr_restrict for root (Jiri Olsa) [1291256 1374411] - [fs] SUNRPC: Fix a regression when reconnecting (Benjamin Coddington) [1323801] - [fs] SUNRPC: Clear the request rq_bytes_sent field in xprt_release_write (Benjamin Coddington) [1323801] - [fs] SUNRPC: Lock the transport layer on shutdown (Benjamin Coddington) [1323801] - [virt] kvm: x86 emulator: implement IMUL REG, R/M (opcode 0F AF) (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: implement IMUL REG, R/M, IMM (opcode 69) (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: implement IMUL REG, R/M, imm8 (opcode 6B) (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: Use a register for ____emulate_2op() destination (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: pass destination type to ____emulate_2op() (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: add Src2Imm decoding (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: consolidate immediate decode into a function (Radim Krcmar) [1313468] - [hv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1388701] - [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1378614] - [hv] vmbus: Fix signaling logic in hv_need_to_signal_on_read() (Vitaly Kuznetsov) [1319054] - [hv] vmbus: Eliminate the spin lock on the read path (Vitaly Kuznetsov) [1319054] - [hv] ring_buffer: eliminate hv_ringbuffer_peek() (Vitaly Kuznetsov) [1319054] - [hv] remove code duplication between vmbus_recvpacket()/vmbus_recvpacket_raw() (Vitaly Kuznetsov) [1319054] - [hv] ring_buffer: remove code duplication from hv_ringbuffer_peek/read() (Vitaly Kuznetsov) [1319054] - [hv] ring_buffer.c: fix comment style (Vitaly Kuznetsov) [1319054] - [hv] netvsc: set nvdev link after populating chn_table (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: synchronize netvsc_change_mtu()/netvsc_set_channels() with netvsc_remove() (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: get rid of struct net_device pointer in struct netvsc_device (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: untangle the pointer mess (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: use start_remove flag to protect netvsc_link_change() (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: move start_remove flag to net_device_context (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Move subchannel waiting to rndis_filter_device_remove() (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Wait for sub-channels to be processed during probe (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Properly size the vrss queues (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Add close of RNDIS filter into change mtu call (Vitaly Kuznetsov) [1320094 1335926] - [hv] hv_netvsc: Add support to set MTU reservation from guest side (Vitaly Kuznetsov) [1352105] - [perf] probe: Clear probe_trace_event when add_probe_trace_event() fails (Jiri Olsa) [1291510] - [perf] probe: Move ftrace probe-event operations to probe-file.c (Jiri Olsa) [1291510] - [block] loop: fix comment typo in loop_config_discard (Lukas Czerner) [818597] - [block] loop: Limit the number of requests in the bio list (Lukas Czerner) [818597] - [fs] ext4: optimize test_root() (Lukas Czerner) [1236047] - [fs] ext4: verify group number in verify_group_input() before using it (Lukas Czerner) [1236047] - [fs] nfsd: use short read as well as i_size to set eof (Benjamin Coddington) [1302415] - [fs] xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (Carlos Maiolino) [1259493] - [fs] xfs: Fix rounding in xfs_alloc_fix_len() (Carlos Maiolino) [1259493] - [fs] jbd: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015] - [fs] jbd2: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015] [2.6.32-670] - [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1387243] - [misc] hpilo: Changes to support new security states in iLO5 FW (Joseph Szczypek) [1376584] - [misc] hpilo: Change e-mail address from hp.com to hpe.com (Joseph Szczypek) [1376584] - [misc] hpilo: cleanup hpilo (Joseph Szczypek) [1376584] - [mm] memory_hotplug.c: change normal message to use pr_debug (Jeremy McNicoll) [1255272] - [acpi] mem_hotplug: set memory info correctly when problems forcing mem online (Jeremy McNicoll) [1255272] - [fs] bio: Need to free integrity payload if the split bio gets memory by itself (Xiao Ni) [1268434] - [md] add rdev reference for super write (Xiao Ni) [1365718] - [netdrv] rtlwifi: fix memory leak for USB device (Stanislaw Gruszka) [1364597] - [fs] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() (Benjamin Coddington) [1353272] - [drm] nouveau/kms: take mode_config mutex in connector hotplug path (Ben Skeggs) [1349978] - [kernel] clocksource: Defer override invalidation unless clock is unstable (Prarit Bhargava) [1356231] - [kernel] clocksource: Reselect clocksource when watchdog validated high-res capability (Prarit Bhargava) [1356231] - [fs] nfs4: clnt: respect noresvport when establishing connections to DSes (Benjamin Coddington) [1346041] - [fs] nfs: Add nfs_client behavior flags (Benjamin Coddington) [1346041] - [block] fix /proc/diskstats in-flight - kABI workaround (Jerome Marchand) [1273339 1306879] - [block] add internal hd part table references (Jerome Marchand) [1273339 1306879] - [block] fix accounting bug on cross partition merges (Jerome Marchand) [1273339 1306879] - [block] kref: add kref_test_and_get (Jerome Marchand) [1273339 1306879] - [block] Revert 'block: fix accounting bug on cross partition merges' (Jerome Marchand) [1273339 1306879] - [perf] thread: Fix reference count initial state (Jiri Olsa) [1359100] - [perf] tools: Reference count struct map (Jiri Olsa) [1359100] - [perf] tools: Check if a map is still in use when deleting it (Jiri Olsa) [1359100] - [perf] tools: Protect accesses the map rbtrees with a rw lock (Jiri Olsa) [1359100] - [perf] tools: Introduce struct maps (Jiri Olsa) [1359100] - [perf] tools: Assign default value for some pointers (Jiri Olsa) [1359100] - [perf] tools: Use maps__first()/map__next() (Jiri Olsa) [1359100] - [perf] tools: Leave DSO destruction to the map destruction (Jiri Olsa) [1359100] - [perf] machine: Mark removed threads as such (Jiri Olsa) [1359100] - [perf] tools: Import rb_erase_init from block/ in the kernel sources (Jiri Olsa) [1359100] - [perf] tools: Nuke unused map_groups__flush() (Jiri Olsa) [1359100] - [perf] tools: Remove redundant initialization of thread linkage members (Jiri Olsa) [1359100] - [perf] tools: Rename maps__next (Jiri Olsa) [1359100] - [perf] machine: Do not call map_groups__delete(), drop refcnt instead (Jiri Olsa) [1359100] - [perf] hists: Rename add_hist_entry to hists__findnew_entry (Jiri Olsa) [1359100] - [perf] tools: Use atomic.h for the map_groups refcount (Jiri Olsa) [1359100] - [perf] tests: Fix map_groups refcount test (Jiri Olsa) [1359100] - [perf] machine: No need to keep a refcnt for last_match (Jiri Olsa) [1359100] - [perf] tests: Show refcounting broken expectations in thread-mg-share test (Jiri Olsa) [1359100] - [perf] machine: Protect the machine->threads with a rwlock (Jiri Olsa) [1359100] - [video] efifb: prevent null-deref when iterating dmi_list (Rob Clark) [1360982] - [video] configs: updates for fb backport (Rob Clark) [1360982] - [video] fbdev: efifb: bind to efi-framebuffer (Rob Clark) [1360982] - [video] fbdev: vesafb: bind to platform-framebuffer device (Rob Clark) [1360982] - [video] fbdev: simplefb: add common x86 RGB formats (Rob Clark) [1360982] - [video] x86: sysfb: move EFI quirks from efifb to sysfb (Rob Clark) [1360982] - [video] x86: provide platform-devices for boot-framebuffers (Rob Clark) [1360982] - [video] fbdev: simplefb: mark as fw and allocate apertures (Rob Clark) [1360982] - [video] fbdev: simplefb: add init through platform_data (Rob Clark) [1360982] - [video] drivers/video: implement a simple framebuffer driver (Rob Clark) [1360982] - [video] vesafb: fix memory leak (Rob Clark) [1360982] - [video] uvesafb,vesafb: create WC or WB PAT-entries (Rob Clark) [1360982] - [video] vesafb: fix comment a typo (Rob Clark) [1360982] - [video] vesafb: use platform_driver_probe() instead of platform_driver_register() (Rob Clark) [1360982] - [video] efifb: Fix call to wrong unregister function (Rob Clark) [1360982] - [video] efifb: Disallow manual bind and unbind (Rob Clark) [1360982] - [video] efifb: Fix mismatched request/release_mem_region (Rob Clark) [1360982] - [video] efifb: fix int to pointer cast warning (Rob Clark) [1360982] - [video] efifb: Add override for 11 Macbook Air 3,1 (Rob Clark) [1360982] - [video] efifb: Support overriding fields FW tells us with the DMI data (Rob Clark) [1360982] - [video] efifb: support AMD Radeon HD 6490 (Rob Clark) [1360982] - [video] efifb: support the EFI framebuffer on more Apple hardware (Rob Clark) [1360982] - [video] efifb: check that the base address is plausible on pci systems (Rob Clark) [1360982] - [video] drivers/video/efifb.c: support framebuffer for NVIDIA 9400M in MacBook Pro 5, 1 (Rob Clark) [1360982] [2.6.32-669] - [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1374067] - [netdrv] cxgb4: Enable SR-IOV configuration via PCI sysfs interface (Sai Vemuri) [1222751] - [netdrv] bnx2x: dont wait for Tx completion on recovery (Michal Schmidt) [1300681] - [pm] hibernate: Only crash if necessary in create/free_basic_memory_bitmaps() (Jerry Snitselaar) [1374378] - [netdrv] ixgbe: add WoL support for some 82599 subdevice IDs (Ken Cox) [1316845] - [kernel] cgroup: improve old cgroup handling in cgroup_attach_proc() (Lauro Ramos Venancio) [1372085] - [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1382496] - [watchdog] hpwdt: HP rebranding (Linda Knippers) [1388170] - [documentation] Fix hpwdt documentation to match RHEL6 (Linda Knippers) [1388170] - [acpi] acpica: Fix for a Store->ArgX when ArgX contains a reference to a field (Lenny Szubowicz) [1324697] - [acpi] acpica: Standardize all switch() blocks (Lenny Szubowicz) [1324697] - [acpi] acpica: Interpreter: Fix Store() when implicit conversion is not possible (Lenny Szubowicz) [1324697] - [fs] backing-dev: fix wakeup timer races with bdi_unregister() (Jeff Moyer) [1111683] - [fs] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1111683] - [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683] - [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683] - [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683] - [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683] - [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683] - [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683] - [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683] - [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683] - [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683] - [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683] - [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683] - [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683] - [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683] - [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683] - [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683] - [fs] writeback: bdi_writeback_task() must set task state before calling schedule() (Jeff Moyer) [1111683] - [fs] writeback: remove wb_list (Jeff Moyer) [1111683] - [s390] zfcp: close window with unblocked rport during rport gone (Hendrik Brueckner) [1383980] - [s390] zfcp: fix ELS/GS request&response length for hardware data router (Hendrik Brueckner) [1383981] - [s390] zfcp: fix fc_host port_type with NPIV (Hendrik Brueckner) [1383982] - [s390] zcrypt: toleration of new crypto adapter hardware with type 12 (Hendrik Brueckner) [1344041] - [s390] time: LPAR offset handling (Hendrik Brueckner) [1381564] - [s390] time: move PTFF definitions (Hendrik Brueckner) [1381564] - [scsi] libfc: Dont have fc_exch_find log errors on a new exchange (Chris Leech) [1368175] - [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1383078] - [scsi] libfc: dont advance state machine for incoming FLOGI (Chris Leech) [1368175] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1368175] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1368175] - [scsi] libfc: Do not take rdata->rp_mutex when processing a (Chris Leech) [1368175] - [scsi] libfc: Fixup disc_mutex handling (Chris Leech) [1368175] - [scsi] libfc: Revisit kref handling (Chris Leech) [1368175] - [scsi] fcoe: Stop fc_rport_priv structure leak (Chris Leech) [1368175] - [scsi] libfc: do not send ABTS when resetting exchanges (Chris Leech) [1368175] - [scsi] libfc: reset exchange manager during LOGO handling (Chris Leech) [1368175] - [scsi] libfc: send LOGO for PLOGI failure (Chris Leech) [1368175] - [scsi] libfc: Issue PRLI after a PRLO has been received (Chris Leech) [1368175] - [scsi] libfc: fix seconds_since_last_reset calculation (Chris Leech) [1368175] - [scsi] libfc: Update rport reference counting (Chris Leech) [1368175] - [scsi] libfc: XenServer fails to mount root filesystem (Chris Leech) [1368175] [2.6.32-668] - [netdrv] mlx5e: Fix minimum MTU (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Devices mtu field is u16 and not int (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Allow resetting VF admin mac to zero (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Correctly handle RSS indirection table when changing number of channels (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Fix ethtool RX hash func configuration change (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Fix LRO modify (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Remove wrong poll CQ optimization (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Do not BUG_ON during reset when PCI is offline (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Count HW buffer overrun only once (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: fix some error handling in mlx4_multi_func_init() (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Remove unused macro (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Initialize hop_limit when creating address handle (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5: Expose correct maximum number of CQE capacity (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: fix handling return value of mlx4_slave_convert_port (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Use vmalloc for WR buffers when needed (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Use correct order of variables in log message (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Expose correct max_sge_rd limit (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Avoid returning success in case of an error flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Replace VF zero mac with random mac in mlx4_core (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Fix resource tracker error flow in add_res_range (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Copy/set only sizeof struct mlx4_eqe bytes (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: really allow to change RSS key (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Fix incorrect cq flushing in error state (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Use correct SL on AH query under RoCE (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Forbid using sysfs to change RoCE pkeys (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Demote mcg message from warning to debug (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Fix potential deadlock when sending mad to wire (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4, mlx5, mthca: Expose max_sge_rd correctly (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Add extra check for total vfs for SRIOV (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Remove BUG_ON assert when checking if ring is full (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Relieve cpu load average on the port sending flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Fix wrong index in propagating port change event to VFs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Fix memory leak in do_slave_init (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Disable HA for SRIOV PF RoCE devices (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Release TX QP when destroying TX ring (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Disable Granular QoS per VF under IB/Eth VPI configuration (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: fix typo in mlx4_set_vf_mac (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: need to call close fw if alloc icm is called twice (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: double free of dev_vfs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] bnx2x: dont reset chip on cleanup if PCI function is offline (Michal Schmidt) [1386199] - [netdrv] bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [1386199] - [netdrv] bnx2x: avoid leaking memory on bnx2x_init_one() failures (Michal Schmidt) [1386199] - [netdrv] bnx2x: Prevent false warning for lack of FC NPIV (Michal Schmidt) [1386199] - [netdrv] bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [1386199] - [netdrv] bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix 84833 phy command handler (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix led setting for 84858 phy (Michal Schmidt) [1386199] - [netdrv] bnx2x: Correct 84858 PHY fw version (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix 84833 RX CRC (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix link-forcing for KR2 (Michal Schmidt) [1386199] - [netdrv] bnx2x: Warn about grc timeouts in register dump (Michal Schmidt) [1386199] - [netdrv] be2net: Enable VF link state setting for BE3 (Ivan Vecera) [1347812] - [netdrv] be2net: Fix TX stats for TSO packets (Ivan Vecera) [1347812] - [netdrv] be2net: NCSI FW section should be properly updated with ethtool for BE3 (Ivan Vecera) [1347812] - [netdrv] be2net: Provide an alternate way to read pf_num for BEx chips (Ivan Vecera) [1347812] - [netdrv] be2net: Fix mac address collision in some configurations (Ivan Vecera) [1347812] - [netdrv] be2net: Avoid redundant addition of mac address in HW (Ivan Vecera) [1347812] - [netdrv] be2net: Add privilege level check for OPCODE_COMMON_GET_EXT_FAT_CAPABILITIES SLI cmd (Ivan Vecera) [1347812] - [netdrv] be2net: Issue COMMON_RESET_FUNCTION cmd during driver unload (Ivan Vecera) [1347812] - [netdrv] be2net: Support UE recovery in BEx/Skyhawk adapters (Ivan Vecera) [1347812] - [netdrv] be2net: replace polling with sleeping in the FW completion path (Ivan Vecera) [1347812] - [netdrv] be2net: do not remove vids from driver table if be_vid_config() fails (Ivan Vecera) [1347812] - [netdrv] be2net: clear vlan-promisc setting before programming the vlan list (Ivan Vecera) [1347812] - [netdrv] be2net: perform temperature query in adapter regardless of its interface state (Ivan Vecera) [1347812] - [netdrv] be2net: Fix broadcast echoes from EVB in BE3 (Ivan Vecera) [1347812] - [netdrv] be2net: fix definition of be_max_eqs() (Ivan Vecera) [1347812] - [netdrv] be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Ivan Vecera) [1347812] - [netdrv] be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Ivan Vecera) [1347812] - [netdrv] be2net: use max-TXQs limit too while provisioning VF queue pairs (Ivan Vecera) [1347812] - [netdrv] benet: be_resume needs to protect be_open with rtnl_lock (Ivan Vecera) [1347812] - [netdrv] be2net: Dont leak iomapped memory on removal (Ivan Vecera) [1347812] - [netdrv] be2net: Fix a UE caused by passing large frames to the ASIC (Ivan Vecera) [1347812] - [netdrv] be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Ivan Vecera) [1347812] - [netdrv] be2net: Interpret and log new data thats added to the port misconfigure async event (Ivan Vecera) [1347812] - [netdrv] be2net: Request RSS capability of Rx interface depending on number of Rx rings (Ivan Vecera) [1347812] - [netdrv] be2net: Fix interval calculation in interrupt moderation (Ivan Vecera) [1347812] - [netdrv] be2net: Add retry in case of error recovery failure (Ivan Vecera) [1347812] - [netdrv] be2net: Fix Lancer error recovery (Ivan Vecera) [1347812] - [netdrv] be2net: Dont run ethtool self-tests for VFs (Ivan Vecera) [1347812] - [netdrv] be2net: SRIOV Queue distribution should factor in EQ-count of VFs (Ivan Vecera) [1347812] - [netdrv] be2net: Fix be_vlan_rem_vid() to check vlan id being removed (Ivan Vecera) [1347812] - [netdrv] be2net: check for INSUFFICIENT_PRIVILEGES error (Ivan Vecera) [1347812] - [netdrv] be2net: return error status from be_set_phys_id() (Ivan Vecera) [1347812] - [netdrv] be2net: fix port-res desc query of GET_PROFILE_CONFIG FW cmd (Ivan Vecera) [1347812] - [netdrv] be2net: fix VF link state transition from disabled to auto (Ivan Vecera) [1347812] - [netdrv] bnx2: fix locking when netconsole is used (Ivan Vecera) [1291369] - [netdrv] tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (Ivan Vecera) [1347828] - [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1347828] - [netdrv] tg3: Report the correct number of RSS queues through tg3_get_rxnfc (Ivan Vecera) [1347828] - [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1347828] - [netdrv] net: tg3: avoid uninitialized variable warning (Ivan Vecera) [1347828] - [net] ipv6: restrict hop_limit sysctl setting to range (1; 255) (Paolo Abeni) [1314305] - [net] ipv4: add limits to ip_default_ttl (Paolo Abeni) [1314305] - [net] route: enforce hoplimit max value (Paolo Abeni) [1313899] for userland (Sabrina Dubroca) [1317697] - [net] sctp: use the same clock as if sock source timestamps were on (Xin Long) [1334561] - [net] sctp: update the netstamp_needed counter when copying sockets (Xin Long) [1334561] - [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1312728] - [net] pppoe: fix memory corruption in padt work structure (Beniamino Galvani) [1317900] - [net] pppoe: drop pppoe device in pppoe_unbind_sock_work (Beniamino Galvani) [1317900] - [net] pppoe: Use workqueue to die properly when a PADT is received (Beniamino Galvani) [1317900] - [net] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [1327680] - [net] ipv6: Consolidate route lookup sequences (Jakub Sitnicki) [1327680] - [net] macvtap: Add support of packet capture on macvtap device (Sabrina Dubroca) [1373100] - [scsi] fnic: pci_dma_mapping_error() doesnt return an error code (Maurizio Lombardi) [1364593] - [scsi] fnic: Using rport->dd_data to check rport online instead of rport_lookup (Maurizio Lombardi) [1364593] - [scsi] fnic: Cleanup the I/O pending with fw and has timed out and is used to issue LUN reset (Maurizio Lombardi) [1364593] - [scsi] fnic: move printk()s outside of the critical code section (Maurizio Lombardi) [1364593] - [scsi] fnic: check pci_map_single() return value (Maurizio Lombardi) [1364593] - [scsi] be2iscsi: Driver version: 11.1.0.0 (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Replace _bh with _irqsave/irqrestore (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Remove redundant iscsi_wrb desc memset (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix async PDU handling path (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Reduce driver load/unload time (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix ExpStatSn in management tasks (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Update the driver version (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix WRB leak in login/logout path (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix async link event processing (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to process 25G link speed info from FW (Maurizio Lombardi) [1347815] - [scsi] scsi_transport_iscsi: Add 25G and 40G speed definition (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix IOPOLL implementation (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix return value for MCC completion (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Add FW config validation (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to handle misconfigured optics events (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix VLAN support for IPv6 network (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to remove shutdown entry point (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Added return value check for mgmt_get_all_if_id (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Set mbox timeout to 30s (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to synchronize tag allocation using spin_lock (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to use atomic bit operations for tag_state (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix mbox synchronization replacing spinlock with mutex (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix soft lockup in mgmt_get_all_if_id path using bmbx (Maurizio Lombardi) [1347815] - [scsi] scsi_debug: fix logical block provisioning support when unmap_alignment != 0 (Maurizio Lombardi) [1388096] - [scsi] scsi_debug: fix logical block provisioning support (Maurizio Lombardi) [1388096] - [scsi] mpt3sas: Fix resume on WarpDrive flash cards (Tomas Henzl) [1329353] - [scsi] mpt3sas: avoid mpt3sas_transport_port_add NULL parent_dev (Tomas Henzl) [1329353] - [scsi] mpt3sas: set num_phys after allocating phy space (Tomas Henzl) [1329353] - [scsi] mpt3sas: add missing curly braces (Tomas Henzl) [1329353] - [scsi] mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Tomas Henzl) [1329353] - [scsi] mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Tomas Henzl) [1329353] - [scsi] mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Tomas Henzl) [1329353] - [scsi] mpt3sas: Handle active cable exception event (Tomas Henzl) [1329353] - [scsi] mpt3sas: Update MPI header to 2.00.42 (Tomas Henzl) [1329353] - [scsi] mpt3sas: remove unused fw_event_work elements (Tomas Henzl) [1329353] - [scsi] mpt3sas: Remove usage of 'struct timeval' (Tomas Henzl) [1329353] - [scsi] mpt3sas: Dont overreach ioc->reply_post during initialization (Tomas Henzl) [1329353] - [scsi] mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Tomas Henzl) [1329353] - [scsi] mpt3sas: Free memory pools before retrying to allocate with different value (Tomas Henzl) [1329353] - [scsi] mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Tomas Henzl) [1329353] - [scsi] mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Tomas Henzl) [1329353] - [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO (Tomas Henzl) [1329353] - [scsi] mpt3sas: Updated MPI Header to 2.00.42 (Tomas Henzl) [1329353] - [scsi] mpt3sas: Add support for configurable Chain Frame Size (Tomas Henzl) [1329353] - [scsi] mpt3sas: Added smp_affinity_enable module parameter (Tomas Henzl) [1329353] - [scsi] mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Tomas Henzl) [1329353] - [scsi] mpt3sas: Never block the Enclosure device (Tomas Henzl) [1329353] - [scsi] mpt3sas: Fix static analyzer(coverity) tool identified defects (Tomas Henzl) [1329353] - [scsi] mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message (Tomas Henzl) [1329353] - [scsi] mpt3sas: Added support for high port count HBA variants (Tomas Henzl) [1329353] - [scsi] bnx2fc: Update version number to 2.10.3 (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Check sc_cmd device and host pointer before returning the command to the mid-layer (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Print netdev device name when FCoE is successfully initialized (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Print when we send a fip keep alive (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: bnx2fc_eh_abort(): fix wrong return code (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Show information about log levels in 'modinfo' (Maurizio Lombardi) [1380385] - [scsi] hpsa: update driver revision to 3.4.10-0-RH2 (Joseph Szczypek) [1377892] - [scsi] hpsa: correct scsi 6byte lba calculation (Joseph Szczypek) [1377892] - [scsi] lpfc: remove unknown ELS message warnings for RDP (Maurizio Lombardi) [1347811] - [scsi] smartpqi: add to config-generic (Scott Benesh) [1343743] - [scsi] smartpqi: raid bypass lba calculation fix (Scott Benesh) [1343743] - [scsi] smartpqi: bump driver version (Scott Benesh) [1343743] - [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1343743] - [scsi] smartpqi: update Kconfig (Scott Benesh) [1343743] - [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1343743] - [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1343743] - [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1343743] - [scsi] smartpqi: minor function reformating (Scott Benesh) [1343743] - [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1343743] - [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1343743] - [scsi] smartpqi: add kdump support (Scott Benesh) [1343743] - [scsi] smartpqi: enhance reset logic (Scott Benesh) [1343743] - [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1343743] - [scsi] smartpqi: simplify spanning (Scott Benesh) [1343743] - [scsi] smartpqi: change tmf macro names (Scott Benesh) [1343743] - [scsi] smartpqi: change aio sg processing (Scott Benesh) [1343743] - [scsi] aacraid: remove wildcard for series 9 controllers (Scott Benesh) [1343743] - [scsi] smartpqi: initial commit of Microsemi smartpqi driver (Scott Benesh) [1343743] [2.6.32-667] - [hv] get rid of id in struct vmbus_channel (Vitaly Kuznetsov) [1322802] - [hv] make VMBus bus ids persistent (Vitaly Kuznetsov) [1322802] - [hv] storvsc: Fix potential memory leak (Cathy Avery) [1322928 1352824] - [hv] storvsc: Filter out storvsc messages CD-ROM medium not present (Cathy Avery) [1322928 1352824] - [hv] storvsc: fix SRB_STATUS_ABORTED handling (Cathy Avery) [1322928 1352824] - [hv] storvsc: add logging for error/warning messages (Cathy Avery) [1322928 1352824] - [hv] storvsc: Fix a bug in the handling of SRB status flags (Cathy Avery) [1322928 1352824] - [hv] storvsc: Dont set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag (Cathy Avery) [1322928 1352824] - [hv] storvsc: Set the tablesize based on the information given by the host (Cathy Avery) [1322928 1352824] - [hv] storvsc: Dont assume that the scatterlist is not chained (Cathy Avery) [1322928 1352824] - [hv] storvsc: Retrieve information about the capability of the target (Cathy Avery) [1322928 1352824] - [hv] storvsc: Always send on the selected outgoing channel (Cathy Avery) [1322928 1352824] - [hv] vmbus: Support a vmbus API for efficiently sending page arrays (Cathy Avery) [1322928 1352824] - [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: reset host_specified_ha_region (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: dont crash when memory is added in non-sorted order (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case (Vitaly Kuznetsov) [1326999 1381617] - [hv] dont leak memory in vmbus_establish_gpadl() (Vitaly Kuznetsov) [1376860] - [hv] get rid of redundant messagecount in create_gpadl_header() (Vitaly Kuznetsov) [1376860] - [hv] vmbus: dont manipulate with clocksources on crash (Cathy Avery) [1365049] - [hv] correct tsc page sequence invalid value (Cathy Avery) [1365049] - [hv] vmbus: fix build warning (Cathy Avery) [1365049] - [hv] vmbus: Implement a clocksource based on the TSC page (Cathy Avery) [1365049] - [hv] kvp: cancel kvp_host_handshake_work on module unload (Vitaly Kuznetsov) [1321259] - [x86] mm/xen: Suppress hugetlbfs in PV guests (Vitaly Kuznetsov) [1312331] - [mm] hugetlb: allow hugepages_supported to be architecture specific (Vitaly Kuznetsov) [1312331] [2.6.32-666] - [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1360179] - [netdrv] i40evf: RSS Hash Option parameters (Stefan Assmann) [1360179] - [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1360179] - [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1360179] - [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1360179] - [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1360179] - [netdrv] i40evf: Allow PF driver to configure RSS (Stefan Assmann) [1360179] - [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1360179] - [netdrv] i40evf: Dont Panic (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1360179] - [netdrv] i40evf: properly handle VLAN features (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1360179] - [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1360179] - [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1360179] - [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1360179] - [netdrv] i40evf: Fix get_rss_aq (Stefan Assmann) [1360179] - [netdrv] i40evf: Add longer wait after remove module (Stefan Assmann) [1360179] - [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1360179] - [netdrv] i40evf: Fix VLAN features (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1360179] - [netdrv] i40evf: Add additional check for reset (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1360179] - [netdrv] i40evf: remove dead code (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1360179] - [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1360179] - [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1360179] - [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1360179] - [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1360179] - [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1360179] - [netdrv] i40evf: set adapter state on reset failure (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1360179] - [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1360179] - [netdrv] i40evf: support packet split receive (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1360179] - [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1360179] - [netdrv] i40evf: Change vf driver string to reflect all products i40evf supports (Stefan Assmann) [1360179] - [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1360179] - [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1360179] - [netdrv] i40evf: enable bus master after reset (Stefan Assmann) [1360179] - [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1360179] - [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1360179] - [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add external power class to get link status (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Geneve cloud tunnel type (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1360179] - [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1360179] - [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1360179] - [netdrv] i40evf: null out ring pointers on free (Stefan Assmann) [1360179] - [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1360179] - [netdrv] i40evf: allow channel bonding of VFs (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1360179] - [netdrv] treewide: Fix typos in printk (Stefan Assmann) [1360179] - [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1360179] - [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1360179] - [netdrv] i40evf: change version string generation (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1360179] - [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1360179] - [netdrv] i40evf: check rings before freeing resources (Stefan Assmann) [1360179] - [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: check for and deal with non-contiguous TCs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Update device ids for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Drop extra copy of function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Use consistent type for vf_id (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: PTP - avoid aggregate return warnings (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix uninitialized variable (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add VF promiscuous mode driver support (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add promiscuous on VLAN support (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove zero check (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Code cleanup in i40e_add_fdir_ethtool (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix errant PCIe bandwidth message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Move NVM event wait check to NVM code (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Restrict VF poll mode to only single function mode devices (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Move HW flush (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Leave debug_mask cleared at init (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Inserting a HW capability display info (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Request PHY media event at reset time (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Lower some message levels (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix for supported link modes in 10GBaseT PHYs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Disable link polling (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Make VF resets more reliable (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove unused variable (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: remove redundant check on vsi->active_vlans (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Change comment to reflect correct function name (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Change unknown event error msg to ignore message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Added code to prevent double resets (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Notify VFs of all resets (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove timer and task only if created (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Assure that adminq is alive in debug mode (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove MSIx only if created (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix up return code (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Save off VSI resource count when updating VSI (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: queue-specific settings for interrupt moderation (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: let go of the past (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: suspend scheduling during driver unload (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Use the new rx ctl register helpers. Dont use AQ calls from clear_hw (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add check for null VSI (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Expose some registers to program parser, FD and RSS logic (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix for unexpected messaging (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Do not wait for Rx queue disable in DCB reconfig (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Increase timeout when checking GLGEN_RSTAT_DEVSTATE bit (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix led blink capability for 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Clean-up Rx packet checksum handling (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Set skb->csum_level for encapsulated checksum (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Add exception handling for Tx checksum (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: better error reporting for nvmupdate (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: expand comment (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Do not disable queues in the Legacy/MSI Interrupt handler (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Removal of code which relies on BASE VEB SEID (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix PROMISC mode for Multi-function per port (MFP) devices (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: cleanup use of pf->hw (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: drop unused debugfs file 'dump' (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: get rid of magic number (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: dump descriptor indexes in hex (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: use new add_veb calling with VEB stats control (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add VEB stat control and remove L2 cloud filter (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: set shared bit for multicast filters (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Make the DCB firmware checks for X710/XL710 only (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: move sync_vsi_filters up in service_task (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add priv flag for automatic rule eviction (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: avoid large memcpy by assigning struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: count allocation errors (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: drop unused function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: negate PHY int mask bits (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: APIs to Add/remove port mirroring rules (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix: do not sleep in netdev_ops (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: allocate memory safer (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: fix missing space (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: drop duplicate definition (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: remove unnecessary local var (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: remove VF device IDs from PF (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add netdev info to VSI dump (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add a little more to an NVM update debug message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: refactor DCB function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add 20G speed for Tx bandwidth calculations (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add counter for arq overflows (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Store lan_vsi_idx and lan_vsi_id in the right size (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add 100Mb ethtool reporting (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Limit DCB FW version checks to X710/XL710 devices (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Extend ethtool RSS hooks for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add new device IDs for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: bump version to 1.4.10 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Cleanup the code with respect to restarting autoneg (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Replace X722 mac check in ethtool get_settings (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add mac_filter_element at the end of the list instead of HEAD (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: allow zero MAC address for VFs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: change log messages and error returns (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: clean whole mac filter list (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: hush little warnings (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: use explicit cast from u16 to u8 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: dont add zero MAC filter (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: properly delete VF MAC filters (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: chomp the BIT(_ULL) (Stefan Assmann) [1249250 1310402 1346978] MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9576 CVE-2016-10088 CVE-2016-7097 CVE-2016-8399 CVE-2016-10142 CVE-2016-7042 CVE-2016-2384 CVE-2016-6480 CVE-2016-2069 Oracle Linux 7 [0.31.3-1] - Rebase to upstream version 0.31.3. - This version includes multiple security fixes CVE-2017-5208, CVE-2017-5333, CVE-2017-5332, CVE-2017-6009, CVE-2017-6010, CVE-2017-6011 resolves: rhbz#1430610 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5208 CVE-2017-5333 CVE-2017-6010 CVE-2017-5332 CVE-2017-6009 CVE-2017-6011 Oracle Linux 7 [1.5.1-16] - Revert previous changes in patch for CVE-2016-5159 - Fix memory leaks Related: #1419772 [1.5.1-15] - Add two more allocation checks to patch for CVE-2016-5159 Related: #1419772 [1.5.1-14] - Fix CWE-825 errors in patch for CVE-2016-5158 Related: #1419772 [1.5.1-13] - Add patches for CVE-2016-5139, CVE-2016-5158, CVE-2016-5159 Related: #1419772 [1.5.1-12] - Fix patch name: CVE-2016-9675 => CVE-2016-7163 Related: #1419772 [1.5.1-11] - Fix decoding of chroma-subsampled images - Add patches for CVE-2016-9573 and CVE-2016-9675 - Fix Coverity issues Resolves: #1419772 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-5139 CVE-2016-5158 CVE-2016-9675 CVE-2016-5159 CVE-2016-7163 CVE-2016-9573 Oracle Linux 6 [7.19.7-53] - treat Negotiate authentication as connection-oriented (CVE-2017-2628) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2628 Oracle Linux 6 [2.6.32-696.1.1] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2636 CVE-2016-7910 Oracle Linux 6 [1.2.1.11.15-91] - Release 1.2.11.15-91 - Resolves: bug 1437777 - EMBARGOED CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages [1.2.11.15-90] - Release 1.2.11.15-90 - Resovles: #1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2668 Oracle Linux 7 [2.4.6-45.0.1.4] - replace index.html with Oracle's index page oracle_index.html [2.4.6-45.4] - Resolves: #1396197 - Backport: mod_proxy_wstunnel - AH02447: err/hup on backconn [2.4.6-45.3] - prefork: fix delay completing graceful restart (#1327624) - mod_ldap: fix authz regression, failing to rebind (#1415257) [2.4.6-45.2] - updated patch for CVE-2016-8743 [2.4.6-45.1] - Resolves: #1412975 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 httpd: various flaws MODERATE Copyright 2017 Oracle, Inc. CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Oracle Linux 7 [2.23.2-33.0.1.el7_u3.2] - fix Oracle bug 23001516 - backport lscpu: correct the Virtualization type on Xen DomU PV guest - Reviewed-by: Joe Jin <joe.jin@oracle.com> [2.23.2-33.el7_3.2] * fix CVE-2017-2616 - Sending SIGKILL to other processes with root privileges via su [2.23.2-33.el7_3.1] - fix #1405238 - findmnt --target behaviour changed in 7.3, shows all mount-points in chroot MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2616 Oracle Linux 7 [1:5.0.6.2-5.0.1.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.0.6.2-5.1] - Resolves: rhbz#1435534 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer [1:5.0.6.2-5] - Resolves: rhbz#1426348 Encrypted files opening as plain text after cancelling password dialog [1:5.0.6.2-4] - Resolves: rhbz#1425535 crash in calc on exit after using csv dialog with a11y enabled - Resolves: rhbz#1425536 crash in calc on closing dialog with a11y enabled [1:5.0.6.2-3] - Resolves: rhbz#1364335 tooltips are truncated [1:5.0.6.2-2] - Resolves: rhbz#1353839 CVE-2016-4324 dereference of invalid STL iterator on processing RTF file [1:5.0.6.2-1] - Related: rhbz#1290148 rebase to 5.0.6 - Related: rhbz#1290148 include more fixes from F-23 [1:5.0.5.2-2] - Related: rhbz#1290148 remove unintentional dependency of libreoffice-core on libreoffice-calc - Related: rhbz#1290148 restore lost changelog entry - Related: rhbz#1290148 add additional 5.0.6 patches [1:5.0.5.2-1] - Resolves: rhbz#1290148 rebase to 5.0.x MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3157 Oracle Linux 7 [1.3.5.10-20] - Bump version to 1.3.5.10-20 - Resolves: bug 1437005 - CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages [1.3.5.10-19] - Release 1.3.5.10-19 - Resolves: bug 1429495 - ns-slapd dies under heavy load - Resolves: bug 1429498 - A filtered nsrole that specifies an empty nsrole in its nsRoleFilter will result in a segfault IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2668 Oracle Linux 7 - [3.10.0-514.16.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.16.1] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') [1429919 1429920] {CVE-2017-2636} - [md] dm rq: cope with DM device destruction while in dm_old_request_fn() (Mike Snitzer) [1430334 1412854] - [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin Coddington) [1429514 1416532] - [fs] nfs: Don't let readdirplus revalidate an inode that was marked as stale (Benjamin Coddington) [1429514 1416532] - [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 1421263] - [kernel] percpu-refcount: fix reference leak during percpu-atomic transition (Jeff Moyer) [1429507 1418333] - [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state (Steve Best) [1425538 1383670] - [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik Brueckner) [1423438 1391532] - [net] skbuff: Fix skb checksum partial check (Lance Richardson) [1422964 1411480] - [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) [1422964 1411480] - [security] selinux: fix off-by-one in setprocattr (Paul Moore) [1422368 1422369] {CVE-2017-2618} - [virtio] balloon: check the number of available pages in leak balloon (David Hildenbrand) [1417194 1401615] - [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan Toppins) [1417191 1391299] - [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 1392593] - [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) [1416373 1392593] - [kernel] nohz: Affine unpinned timers to housekeepers (Luiz Capitulino) [1416373 1392593] - [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) [1416373 1392593] - [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version information (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) [1414715 1386692] - [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) [1414715 1386692] - [virtio] virtio-pci: alloc only resources actually used (Laurent Vivier) [1413093 1375153] - [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina Dubroca) [1412473 1412474] {CVE-2016-9793} - [netdrv] sfc: clear napi_hash state when copying channels (Jarod Wilson) [1401461 1394304] - [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398457 1398458] {CVE-2016-8650} - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) [1430687 1366564] - [md] dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (Mike Snitzer) [1430689 1422567] - [md] dm round robin: do not use this_cpu_ptr() without having preemption disabled (Mike Snitzer) [1430689 1422567] - Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738] - Revert: [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738] - Revert: [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738] - Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738] - Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738] [3.10.0-514.15.1] - [net] vxlan: fix oops in dev_fill_metadata_dst (Paolo Abeni) [1427847 1423068] - [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738] - [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738] - [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738] - [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738] - [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738] - [x86] perf/x86: Fix NMI measurements (Jiri Olsa) [1425804 1405101] - [x86] Warn when NMI handlers take large amounts of time (Jiri Olsa) [1425804 1405101] - [nvme] apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Gustavo Duarte) [1423439 1409122] - [crypto] qat - zero esram only for DH85x devices (Neil Horman) [1422575 1382849] - [crypto] qat - fix bar discovery for c62x (Neil Horman) [1422575 1382849] - [fs] xfs: remove racy hasattr check from attr ops (Brian Foster) [1421202 1395538] - [fs] dlm: free workqueues after the connections (Marcelo Leitner) [1421197 1383710] - [netdrv] igb: re-assign hw address pointer on reset after PCI error (Gustavo Duarte) [1419459 1413043] - [kernel] timekeeping: Increment clock_was_set_seq in timekeeping_init() (Prarit Bhargava) [1418947 1409214] - [kernel] timekeeping: Use timekeeping_update() instead of memcpy() (Prarit Bhargava) [1418947 1409214] - [fs] libceph: no need to drop con->mutex for ->get_authorizer() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: drop len argument of *verify_authorizer_reply() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: verify authorize reply on connect (Ilya Dryomov) [1418316 1408170] - [fs] libceph: no need for GFP_NOFS in ceph_monc_init() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: stop allocating a new cipher on every crypto request (Ilya Dryomov) [1418316 1408170] - [fs] libceph: uninline ceph_crypto_key_destroy() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: remove now unused ceph_*{en, de}crypt*() functions (Ilya Dryomov) [1418316 1408170] - [fs] libceph: switch ceph_x_decrypt() to ceph_crypt() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: switch ceph_x_encrypt() to ceph_crypt() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: tweak calcu_signature() a little (Ilya Dryomov) [1418316 1408170] - [fs] libceph: rename and align ceph_x_authorizer::reply_buf (Ilya Dryomov) [1418316 1408170] - [fs] libceph: introduce ceph_crypt() for in-place en/decryption (Ilya Dryomov) [1418316 1408170] - [fs] libceph: introduce ceph_x_encrypt_offset() (Ilya Dryomov) [1418316 1408170] - [fs] libceph: old_key in process_one_ticket() is redundant (Ilya Dryomov) [1418316 1408170] - [fs] libceph: ceph_x_encrypt_buflen() takes in_len (Ilya Dryomov) [1418316 1408170] - [fs] libceph: Remove unnecessary ivsize variables (Ilya Dryomov) [1418316 1408170] - [fs] libceph: Use skcipher (Ilya Dryomov) [1418316 1408170] - [scsi] scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands (Ewan Milne) [1417923 1403849] - [netdrv] ibmvnic: Start completion queue negotiation at server-provided optimum values (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: Fix missing brackets in init_sub_crq_irqs (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: Update MTU after device initialization (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: Fix GFP_KERNEL allocation in interrupt context (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: fix error return code in ibmvnic_probe() (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: convert to use simple_open() (Steve Best) [1415144 1403396] - [netdrv] ibmvnic: Handle backing device failover and reinitialization (Steve Best) [1418309 1403692] - [tools] perf ppc64le: Fix build failure when libelf is not present (Jiri Olsa) [1414710 1376534] - [tools] perf probe ppc64le: Fix probe location when using DWARF (Jiri Olsa) [1414710 1376534] - [tools] perf probe: Add function to post process kernel trace events (Jiri Olsa) [1414710 1376534] - [tools] perf symbols: Fix kallsyms perf test on ppc64le (Jiri Olsa) [1414710 1376534] - [tools] perf powerpc: Fix kprobe and kretprobe handling with kallsyms on ppc64le (Jiri Olsa) [1414710 1376534] - [netdrv] bnx2x: Use the correct divisor value for PHC clock readings (Michal Schmidt) [1413996 1175585] - [fs] seq_file: reset iterator to first record for zero offset (Miklos Szeredi) [1413681 1386642] [3.10.0-514.14.1] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463] {CVE-2017-6074} - [net] sctp: check af before verify address in sctp_addr_id2transport (Xin Long) [1419837 1414389] - [net] sctp: sctp_addr_id2transport should verify the addr before looking up assoc (Xin Long) [1419837 1414389] [3.10.0-514.13.1] - [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1422380 1406850] - [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1422380 1406850] - [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1422380 1406850] - [fs] xfs: ioends require logically contiguous file offsets (Brian Foster) [1421203 1398005] - [fs] xfs: don't chain ioends during writepage submission (Brian Foster) [1421203 1398005] - [fs] xfs: factor mapping out of xfs_do_writepage (Brian Foster) [1421203 1398005] - [fs] xfs: xfs_cluster_write is redundant (Brian Foster) [1421203 1398005] - [fs] xfs: Introduce writeback context for writepages (Brian Foster) [1421203 1398005] - [fs] xfs: remove xfs_cancel_ioend (Brian Foster) [1421203 1398005] - [fs] xfs: remove nonblocking mode from xfs_vm_writepage (Brian Foster) [1421203 1398005] - [fs] mm/filemap.c: make global sync not clear error status of individual inodes (Brian Foster) [1421203 1398005] [3.10.0-514.12.1] - [fs] fscache: Fix dead object requeue (David Howells) [1420737 1415402] [3.10.0-514.11.1] - [scsi] qla2xxx: Get mutex lock before checking optrom_state (Chad Dupuis) [1418317 1408387] - [mm] memcontrol: do not recurse in direct reclaim (Rik van Riel) [1417192 1397330] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2636 CVE-2017-2618 CVE-2016-8650 CVE-2016-9793 Oracle Linux 7 [0:7.0.69-11] - Resolves: rhbz#1413591 CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing - Resolves: rhbz#1402662 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests MODERATE Copyright 2017 Oracle, Inc. CVE-2016-6816 CVE-2016-8745 Oracle Linux 6 [1:4.3.7.2-2.0.1.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile (jingdong.lu@oracle.com) - Build with --with-vendor='Oracle America, Inc.' (jingdong.lu@oracle.com) [1:4.3.7.2-2.1] - Resolves: rhbz#1435532 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3157 Oracle Linux 7 [1.5.3-126.el7_3.6] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1430059] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1430059] - kvm-cirrus-add-option-to-disable-blitter.patch [bz#1430059] - kvm-cirrus-fix-cirrus_invalidate_region.patch [bz#1430059] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1430059] - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1430059] - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1430059] - Resolves: bz#1430059 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-7.3.z]) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9603 Oracle Linux 7 [32:9.9.4-38.3] - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3136 CVE-2017-3137 Oracle Linux 6 Oracle Linux 7 nss [3.28.4-1.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed [3.28.4-1] - Rebase to 3.28.4 nss-util [3.28.4-1] - Rebase to NSS 3.28.4 to accommodate base64 encoding fix CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5461 Oracle Linux 5 [3.21.3-2.0.1] - Fix out-of-bound issue in base64 encoding/decoding code {CVE-2017-5461} CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5461 Oracle Linux 6 [52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build [45.5.0-1] - Update to 45.5.0 ESR [45.4.0-3] - Added upcoming upstream patches mozbz#1018486 [45.4.0-2] - Added Laszlo Ersek patch for aarch64 crashes [45.4.0-1] - Update to 45.4.0 ESR [45.3.0-1] - Update to 45.3.0 ESR [45.2.0-3] - Added fix for mozbz#256180 [45.2.0-2] - Added fix for mozbz#975832, rhbz#1343202 [45.2.0-1] - Update to 45.2.0 ESR [45.1.1-2] - Added fix for mozbz#1270046 - new Samba auth response [45.1.1-1] - Update to 45.1.1 ESR [45.1.0-3] - Disabled ffmpeg (rhbz#1330898) [45.1.0-1] - Fixed some regressions introduced by rebase [45.1.0-1] - Update to 45.1.0 ESR [45.0.2-1] - Update to 45.0.2 ESR [45.0.1-1] - Update to 45.0.1 ESR [45.0-5] - Fixed crashed after start (rhbz#1323744, rhbz#1323738) [45.0-4] - Added system-level location for configuring Firefox (rhbz#1206239) [45.0-3] - Update to 45.0 ESR [38.5.0-3] - Update to 38.5.0 ESR [38.4.0-1] - Update to 38.4.0 ESR [38.3.0-2] - Update to 38.3.0 ESR [38.2.1-1] - Update to 38.2.1 ESR [38.2.0-4] - Update to 38.2.0 ESR [38.1.1-1] - Update to 38.1.1 ESR [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section [38.0.1-1] - Update to 38.0.1 ESR [38.0-4] - Fixed rhbz#1221286 - After update to Firefox 38 ESR all RH preferences are gone [38.0-3] - Enabled system nss - Removed unused patches * Mon May 04 2015 Jan Horak - 38.0-2 - Update to 38.0 ESR [38.0b8-0.11] - Update to 38.0 Beta 8 [38.0b6-0.10] - Added patch for mozbz#1152515 [38.0b6-0.9] - Update to 38.0 Beta 6 [38.0b5-0.8] - Update to 38.0 Beta 5 [38.0b3-0.7] - Update to 38.0 Beta 3 [38.0b1-0.6] - Added patch for mozbz#1152391 [38.0b1-0.5] - Fix build on AArch64 (based on upstream skia changes) [38.0b1-0.4] - Enabled debug build [38.0b1-1] - Update to 38.0b1 [31.5.0-2] - Update to 31.5.0 ESR Build 2 [31.4.0-1] - Update to 31.4.0 ESR [31.3.0-6] - Fixed Bug 1140385 - [HP HPS 7.1 bug] assertion 'sys_page_size == 0' when starting firefox [31.3.0-5] - Fixed problems with dictionary (mozbz#1097550) - JS JIT fixes for ppc64le [31.3.0-3] - Fixed geolocation key location [31.3.0-2] - Disable exact rooting for JS [31.3.0-1] - Update to 31.3.0 ESR Build 2 - Fix for geolocation API (rhbz#1063739) [31.2.0-5] - Enabled gstreamer-1 support (rhbz#1161077) [31.2.0-4] - Fix webRTC for aarch64, ppc64le (rhbz#1148622) [31.2.0-3] - Update to 31.2.0 ESR - Fix for mozbz#1042889 [31.1.0-7] - Enable WebM on all arches [31.1.0-6] - Enable all NPAPI plugins by default to keep compatibility with the FF24 line [31.1.0-5] - Added workaround for rhbz#1134876 [31.1.0-3] - Disable mozilla::pkix (mozbz#1063315) - Enable image cache [31.1.0-2] - A workaround for rhbz#1110291 [31.1.0-1] - Update to 31.1.0 ESR [31.0-3] - Built with system libvpx/WebM [31.0-2] - Built with system nss/nspr [31.0-1] - Update to 31.0 ESR [24.6.0-1] - Update to 24.6.0 ESR [24.5.0-2] - Removed unused patches [24.5.0-1] - Update to 24.5.0 ESR [24.4.0-3] - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 [24.4.0-2] - fixed rhbz#1067343 - Broken languagepack configuration after firefox update [24.4.0-1] - Update to 24.4.0 ESR [24.3.0-3] - fixed rhbz#1054832 - Firefox does not support Camellia cipher [24.3.0-1] - Update to 24.3.0 ESR [24.2.0-3] - Mass rebuild 2014-01-24 [24.2.0-2] - Mass rebuild 2013-12-27 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-5] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-4] - Fixed rhbz#1034541 - No translation being picked up from langpacks for firefox [24.1.0-3] - Conflicts with old, xulrunner based firefox [24.1.0-2] - Ship dependentlibs.list (rhbz#1027782) - Nss/nspr dependency update [24.1.0-1] - Update to 24.1.0 ESR [24.0-2] - Build as stand alone browser, without xulrunner [24.0-1] - Update to 24.0 ESR [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-2] - Desktop file update - Spec file tweaks [17.0.8-1] - Update to 17.0.8 ESR [17.0.7-2] - Updated manual page [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-3] - Removed mozilla prefix from desktop file (rhbz#826960) [17.0.5-2] - Updated XulRunner SDK check [17.0.5-1] - Update to 17.0.5 ESR [17.0.4-2] - Fixed rhbz#837606 - firefox has no x-scheme-handler/http mime [17.0.4-1] - Update to 17.0.4 ESR - Added fix for mozbz#239254 - [Linux] Support disk cache on a local path [17.0.2-3] - Added NM preferences [17.0.2-2] - Updated preferences (NFS, nspluginwrapper) [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-1] - Update to 17.0.1 ESR [10.0.8-2] - Update to 10.0.8 ESR [10.0.7-1] - Update to 10.0.7 ESR [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-4] - Enabled WebM [10.0.5-2] - Added fix for mozbz#703633, rhbz#818341 [10.0.5-1] - Update to 10.0.5 ESR [10.0.4-1] - Update to 10.0.4 ESR [10.0.3-1] - Update to 10.0.3 ESR [10.0.1-1] - Update to 10.0.1 ESR [10.0-3] - Update to 10.0 ESR [10.0-1] - Update to 10.0 [7.0-5] - Update to 7.0 [7.0-4] - Update to 7.0 Beta 6 [7.0-2] - Update to 7.0 Beta 4 [5.0-1] - Update to 5.0 [3.6.18-1] - Fixed #698313 - 'background-repeat' css property isn't rendered well - Update to 3.6.18 [3.6.17-1] - Update to 3.6.17 [3.6.15-1] - Update to 3.6.15 [3.6.14-4] - Update to build3 [3.6.14-3] - Update to build2 [3.6.14-2] - Update to 3.6.14 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5429 CVE-2017-5432 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5459 CVE-2017-5460 CVE-2017-5465 CVE-2017-5433 CVE-2017-5434 CVE-2017-5437 CVE-2017-5439 CVE-2017-5444 CVE-2017-5469 CVE-2017-5464 Oracle Linux 6 [32:9.8.2-0.62.rc1.1] - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3136 CVE-2017-3137 Oracle Linux 7 [52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5429 CVE-2017-5432 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5455 CVE-2017-5459 CVE-2017-5460 CVE-2017-5465 CVE-2017-5430 CVE-2017-5433 CVE-2017-5434 CVE-2017-5437 CVE-2017-5439 CVE-2017-5444 CVE-2017-5454 CVE-2017-5456 CVE-2017-5464 CVE-2017-5467 CVE-2017-5466 CVE-2017-5469 Oracle Linux 7 [1:1.8.0.131-2.b13] - Backport 'S8153711: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command' - Resolves: rhbz#1442162 [1:1.8.0.131-1.b11] - Update to aarch64-jdk8u131-b11. - Drop upstreamed patches for 8147910, 8161993, 8170888 and 8173783. - Update generate_source_tarball.sh to remove patch remnants. - Cleanup tarball creation documentation to avoid duplication. - Add MD5 checksum for the new java.security file (MD5 disabled for JAR signing) - Resolves: rhbz#1438751 [1:1.8.0.121-1.b13] - Add backports from 8u131 and 8u152 ahead of April CPU. - Apply backports before local RPM fixes so they will be the same as when applied upstream - Adjust RH1022017 following application of 8173783 - Resolves: rhbz#1438751 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3511 CVE-2017-3544 CVE-2017-3509 CVE-2017-3526 CVE-2017-3539 CVE-2017-3533 Oracle Linux 6 [1:1.8.0.131-0.b11] - Update to aarch64-jdk8u131-b11. - Drop upstreamed patches for 8147910, 8161993, 8170888 and 8173783. - Update generate_source_tarball.sh to remove patch remnants. - Cleanup tarball creation documentation to avoid duplication. - Resolves: rhbz#1438751 [1:1.8.0.121-2.b13] - Add backports from 8u131 and 8u152 ahead of April CPU. - Apply backports before local RPM fixes so they will be the same as when applied upstream - Adjust RH1022017 following application of 8173783 - Resolves: rhbz#1438751 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3511 CVE-2017-3544 CVE-2017-3509 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 Oracle Linux 6 Oracle Linux 7 [52.1.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.1.0-1] - Update to 52.1.0 [52.0.1-1] - Update to 52.0.1 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5429 CVE-2017-5432 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5459 CVE-2017-5460 CVE-2017-5465 CVE-2017-5433 CVE-2017-5434 CVE-2017-5439 CVE-2017-5444 CVE-2017-5454 CVE-2017-5464 CVE-2017-5467 CVE-2017-5466 CVE-2017-5469 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Oracle Linux 6 [32:9.8.2-0.62.rc1.2] - Fix DNSKEY that encountered a CNAME (#1447869, ISC change 3391) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3139 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.141-2.6.10.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.141-2.6.10.1] - Bump to u141b02 to include S8011123 fix for TCK failure. - Resolves: rhbz#1438751 [1:1.7.0.141-2.6.10.0] - Bump to 2.6.10 and u141b00. - Adjust RH1022017 following application of 8173783 - Add more detailed output to fsg.sh and generate_source_tarball.sh. - Bump to u141b01 to include S8043723 fix for s390. - Resolves: rhbz#1438751 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3511 CVE-2017-3544 CVE-2017-3509 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 Oracle Linux 6 [0.12.1.2-2.503.el6_9.3] - kvm-cirrus-avoid-write-only-variables.patch [bz#1444377 bz#1444379] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1444377 bz#1444379] - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1444377 bz#1444379] - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1444377 bz#1444379] - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444377 bz#1444379] - Resolves: bz#1444377 (CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.9.z]) - Resolves: bz#1444379 (CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.9.z]) [0.12.1.2-2.503.el6_9.2] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1443447 bz#1443449] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1443447 bz#1443449] - Resolves: bz#1443447 (CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue [rhel-6.9.z]) - Resolves: bz#1443449 (CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access issue [rhel-6.9.z]) - Resolves: bz#1447544 (CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.9.z] ) - Resolves: bz#1447540 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.9.z]) [0.12.1.2-2.503.el6_9.1] - kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch [bz#1428750] - kvm-vnc-apply-display-size-limits.patch [bz#1400438 bz#1425943] - Resolves: bz#1400438 (qemu-kvm coredump in vnc_refresh_server_surface [rhel-6.9.z]) - Resolves: bz#1425943 (CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.9.z]) - Resolves: bz#1428750 (Fails to build in brew) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 Oracle Linux 6 Oracle Linux 7 [1.900.1-21] - Bump release [1.900.1-20] - Multiple security fixes (fixed by thoger): CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 CVE-2016-10251 - Fix implicit declaration warning caused by security fixes above [1.900.1-19] - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183672) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680) [1.900.1-18] - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567) - CVE-2014-8138 - heap overflow in jp2_decode (#1173567) [1.900.1-17] - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171209) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10248 CVE-2016-10251 CVE-2016-2089 CVE-2016-2116 CVE-2016-8691 CVE-2016-8885 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2015-5203 CVE-2015-5221 CVE-2016-10249 CVE-2016-1577 CVE-2016-1867 CVE-2016-8654 CVE-2016-8690 CVE-2016-8692 CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-9262 CVE-2016-9387 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 Oracle Linux 6 Oracle Linux 7 [8.70-23.el6_9.2] - Security fix for CVE-2017-8291 updated to address SIGSEGV [8.70-23.el6_9.1] - Added security fix for CVE-2017-8291 (bug #1446063) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8291 Oracle Linux 7 [0.2.0-38_3] - Fixed typo in memory leaks patch (bz 1449462) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8779 Oracle Linux 7 [0.2.4-0.8_3] - Fixed for CVE-2017-8779 (bz 1449462) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8779 Oracle Linux 7 [6:4.14.8-6] - KAuth: verify that whoever is calling us is actually who he says he is (CVE-2017-8422) Resolves: CVE-2017-8422 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8422 Oracle Linux 7 [4.4.4-13] - resolves: #1437816 - Fix krb5 memory cache in libads sasl code - resolves: #1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-2126 CVE-2016-2125 CVE-2017-2619 Oracle Linux 6 [0.2.0-13_9] - Fix for CVE-2017-8779 (bz 1449461) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8779 Oracle Linux 6 [0.2.1-13_9] - Fix for CVE-2017-8779 (bz 1449458) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8779 Oracle Linux 6 Oracle Linux 7 [3.6.23-43.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.24-43] - resolves: #1450782 - Fix CVE-2017-7494 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7494 Oracle Linux 6 [4.2.10-10] - resolves: #1450779 - Security fix for CVE-2017-7494 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7494 Oracle Linux 5 [3.6.23-13.0.2] - Fix CVE-2017-7494 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7494 Oracle Linux 7 - [3.10.0-514.21.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.21.1] - [kernel] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (Gustavo Duarte) [1441547 1423400] - [drivers] Set dev->device_rh to NULL after free (Prarit Bhargava) [1441544 1414064] - [security] keys: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) [1441287 1408330] - [security] keys: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags (David Howells) [1441287 1408330] - [net] packet: fix overflow in check for tp_reserve (Hangbin Liu) [1441171 1441172] {CVE-2017-7308} - [net] packet: fix overflow in check for tp_frame_nr (Hangbin Liu) [1441171 1441172] {CVE-2017-7308} - [net] packet: fix overflow in check for priv area size (Hangbin Liu) [1441171 1441172] {CVE-2017-7308} - [powerpc] pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (Steve Best) [1439812 1423396] - [netdrv] fjes: Fix wrong netdevice feature flags (Yasuaki Ishimatsu) [1439802 1435603] - [kernel] mlx5e: Implement Fragmented Work Queue (WQ) (Don Dutile) [1439164 1368400] - [netdrv] mlx5e: Copy all L2 headers into inline segment (Don Dutile) [1439161 1383013] - [nvdimm] fix PHYS_PFN/PFN_PHYS mixup (Jeff Moyer) [1439160 1428115] - [s390] scsi: zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1433413 1421750] - [fs] gfs2: Avoid alignment hole in struct lm_lockname (Robert S Peterson) [1432554 1425450] - [fs] gfs2: Add missing rcu locking for glock lookup (Robert S Peterson) [1432554 1425450] - [fs] ext4: fix fencepost in s_first_meta_bg validation (Lukas Czerner) [1430969 1332503] {CVE-2016-10208} - [fs] ext4: sanity check the block and cluster size at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208} - [fs] ext4: validate s_first_meta_bg at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208} - [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353} - [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353} - [x86] perf/x86/intel/rapl: Make package handling more robust (Jiri Olsa) [1443902 1418688] - [x86] perf/x86/intel/rapl: Convert to hotplug state machine (Jiri Olsa) [1443902 1418688] - [x86] perf/x86: Set pmu->module in Intel PMU modules (Jiri Olsa) [1443902 1418688] - [kernel] sched/core, x86/topology: Fix NUMA in package topology bug (Jiri Olsa) [1441645 1369832] - [kernel] sched: Allow hotplug notifiers to be setup early (Jiri Olsa) [1441645 1369832] - [x86] x86/smpboot: Make logical package management more robust (Prarit Bhargava) [1441643 1414054] - [x86] x86/cpu: Deal with broken firmware (VMWare/XEN) (Prarit Bhargava) [1441643 1414054] - [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738] - [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738] - [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738] - [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738] - [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418550 1418551] {CVE-2016-7910} - [crypto] algif_hash - Only export and import on sockets with data (Herbert Xu) [1394101 1387632] {CVE-2016-8646} - [char] hwrng: core - sleep interruptible in read (Amit Shah) [1443503 1376397] - [char] hwrng: core - correct error check of kthread_run call (Amit Shah) [1443503 1376397] - [char] hwrng: core - Move hwrng_init call into set_current_rng (Amit Shah) [1443503 1376397] - [char] hwrng: core - Drop current rng in set_current_rng (Amit Shah) [1443503 1376397] - [char] hwrng: core - Do not register device opportunistically (Amit Shah) [1443503 1376397] - [char] hwrng: core - Fix current_rng init/cleanup race yet again (Amit Shah) [1443503 1376397] - [char] hwrng: core - Use struct completion for cleanup_done (Amit Shah) [1443503 1376397] - [char] hwrng: don't init list element we're about to add to list (Amit Shah) [1443503 1376397] - [char] hwrng: don't double-check old_rng (Amit Shah) [1443503 1376397] - [char] hwrng: fix unregister race (Amit Shah) [1443503 1376397] - [char] hwrng: use reference counts on each struct hwrng (Amit Shah) [1443503 1376397] - [char] hwrng: move some code out mutex_lock for avoiding underlying deadlock (Amit Shah) [1443503 1376397] - [char] hwrng: place mutex around read functions and buffers (Amit Shah) [1443503 1376397] - [char] virtio-rng: skip reading when we start to remove the device (Amit Shah) [1443503 1376397] - [char] virtio-rng: fix stuck of hot-unplugging busy device (Amit Shah) [1443503 1376397] - [infiniband] ib/mlx5: Resolve soft lock on massive reg MRs (Don Dutile) [1444347 1417285] [3.10.0-514.20.1] - [powerpc] fadump: Fix the race in crash_fadump() (Steve Best) [1439810 1420077] - [kernel] locking/mutex: Explicitly mark task as running after wakeup (Gustavo Duarte) [1439803 1423397] - [netdrv] ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (Ken Cox) [1438421 1383524] - [fs] nfsv4.0: always send mode in SETATTR after EXCLUSIVE4 (Benjamin Coddington) [1437967 1415780] - [net] fix creation adjacent device symlinks (Adrian Reber) [1436646 1412898] - [net] prevent of emerging cross-namespace symlinks (Adrian Reber) [1436646 1412898] - [netdrv] macvlan: unregister net device when netdev_upper_dev_link() fails (Adrian Reber) [1436646 1412898] - [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1435764 1394172] - [infiniband] ib/uverbs: Fix race between uverbs_close and remove_one (Don Dutile) [1435187 1417284] - [fs] gfs2: Prevent BUG from occurring when normal Withdraws occur (Robert S Peterson) [1433882 1404005] - [fs] jbd2: fix incorrect unlock on j_list_lock (Lukas Czerner) [1433881 1403346] - [fs] xfs: don't wrap ID in xfs_dq_get_next_id (Eric Sandeen) [1433415 1418182] - [net] tcp/dccp: avoid starving bh on connect (Paolo Abeni) [1433320 1401419] - [fs] xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [1432154 1412945] - [x86] kvm: vmx: handle PML full VMEXIT that occurs during event delivery (Radim Krcmar) [1431666 1421296] - [virt] kvm: vmx: ensure VMCS is current while enabling PML (Radim Krcmar) [1431666 1421296] - [net] ip_tunnel: Create percpu gro_cell (Jiri Benc) [1431197 1424076] - [x86] kvm: x86: do not save guest-unsupported XSAVE state (Radim Krcmar) [1431150 1401767] - [scsi] mpt3sas: Force request partial completion alignment (Tomas Henzl) [1430809 1418286] [3.10.0-514.19.1] - [fs] gfs2: Wake up io waiters whenever a flush is done (Robert S Peterson) [1437126 1404301] - [fs] gfs2: Made logd daemon take into account log demand (Robert S Peterson) [1437126 1404301] - [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1437126 1404301] - [net] ipv6: addrconf: fix dev refcont leak when DAD failed (Hangbin Liu) [1436588 1416105] [3.10.0-514.18.1] - [net] ipv6: don't increase size when refragmenting forwarded ipv6 skbs (Florian Westphal) [1434589 1430571] - [net] bridge: drop netfilter fake rtable unconditionally (Florian Westphal) [1434589 1430571] - [net] ipv6: avoid write to a possibly cloned skb (Florian Westphal) [1434589 1430571] - [net] netfilter: bridge: honor frag_max_size when refragmenting (Florian Westphal) [1434589 1430571] - [net] bridge: Add br_netif_receive_skb remove netif_receive_skb_sk (Ivan Vecera) [1434589 1352289] [3.10.0-514.17.1] - [netdrv] i40e: Be much more verbose about what we can and cannot offload (Stefan Assmann) [1433273 1383521] - [kernel] watchdog: prevent false hardlockup on overloaded system (Don Zickus) [1433267 1399881] - [net] dccp/tcp: fix routing redirect race (Eric Garver) [1433265 1387485] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-8646 CVE-2016-7910 CVE-2016-10208 CVE-2017-5986 CVE-2017-7308 Oracle Linux 6 [3.28.4-3.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed [3.28.4-3] - Fix zero-length record treatment for stream ciphers and SSLv2 [3.28.4-2] - Include CKBI 2.14 and updated CA constraints from NSS 3.28.5 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7502 Oracle Linux 7 [3.28.4-1.2.0.1] - Added nss-vendor.patch to change vendor [3.28.4-1.2] - Include CKBI 2.14 and updated CA constraints from NSS 3.28.5 [3.28.4-1.1] - Fix zero-length record treatment in SSL3_GatherData IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7502 Oracle Linux 6 [2.6.32-696.3.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.3.1] - [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1442979 1436527] - [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1439636 1429881] - [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1439636 1429881] - [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1443499 1146727] - [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1443234 1434560] - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430577 1430578] {CVE-2017-6214} [2.6.32-696.2.1] - [sched] fair: Rework throttle_count sync (Jiri Olsa) [1436241 1250762] - [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1436241 1250762] - [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1436241 1250762] - [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1436241 1250762] MODERATE Copyright 2017 Oracle, Inc. CVE-2017-6214 Oracle Linux 5 [1.7.2p1-29.0.1] - Fix CVE-2017-1000367 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000367 Oracle Linux 6 Oracle Linux 7 [1.8.6p3-28] - Fixes CVE-2017-1000367 Resolves: rhbz#1455399 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000367 Oracle Linux 7 [1.5.3-126.el7_3.9] - kvm-spice-fix-spice_chr_add_watch-pre-condition.patch [bz#1452332] - Resolves: bz#1452332 (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop) [1.5.3-126.el7_3.8] - kvm-char-change-qemu_chr_fe_add_watch-to-return-unsigned.patch [bz#1452332] - Resolves: bz#1452332 (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop) [1.5.3-126.el7_3.7] - kvm-char-serial-cosmetic-fixes.patch [bz#1452332] - kvm-char-serial-Use-generic-Fifo8.patch [bz#1452332] - kvm-char-serial-serial_ioport_write-Factor-out-common-co.patch [bz#1452332] - kvm-char-serial-fix-copy-paste-error-fifo8_is_full-vs-em.patch [bz#1452332] - kvm-char-serial-Fix-emptyness-check.patch [bz#1452332] - kvm-char-serial-Fix-emptyness-handling.patch [bz#1452332] - kvm-serial-poll-the-serial-console-with-G_IO_HUP.patch [bz#1452332] - kvm-serial-change-retry-logic-to-avoid-concurrency.patch [bz#1452332] - kvm-qemu-char-ignore-flow-control-if-a-PTY-s-slave-is-no.patch [bz#1452332] - kvm-serial-check-if-backed-by-a-physical-serial-port-at-.patch [bz#1452332] - kvm-serial-reset-thri_pending-on-IER-writes-with-THRI-0.patch [bz#1452332] - kvm-serial-clean-up-THRE-TEMT-handling.patch [bz#1452332] - kvm-serial-update-LSR-on-enabling-disabling-FIFOs.patch [bz#1452332] - kvm-serial-only-resample-THR-interrupt-on-rising-edge-of.patch [bz#1452332] - kvm-serial-make-tsr_retry-unsigned.patch [bz#1452332] - kvm-serial-simplify-tsr_retry-reset.patch [bz#1452332] - kvm-serial-separate-serial_xmit-and-serial_watch_cb.patch [bz#1452332] - kvm-serial-remove-watch-on-reset.patch [bz#1452332] - Resolves: bz#1452332 (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7718 CVE-2017-7980 Oracle Linux 6 Oracle Linux 7 [52.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.2.0-1] - Update to 52.2.0 ESR [52.1.1-1] - Update to 52.1.1 ESR CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5470 CVE-2017-5472 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7756 CVE-2017-7757 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7774 CVE-2017-7778 CVE-2017-7754 CVE-2017-7758 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7749 CVE-2017-7773 Oracle Linux 5 [2.5-123.0.2.el5_11.3] - Mitigation for CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations. IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000366 Oracle Linux 6 [2.12-1.209.0.3.2] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.209.2] - Avoid large allocas in the dynamic linker (#1452711) [2.12-1.209.1] - Fix thread cancellation issues for setmntent() and others (#1437618). IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000366 Oracle Linux 7 [2.17-157.4] - Avoid large allocas in the dynamic linker (#1452720) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000366 Oracle Linux 5 kernel - 2.6.18-419.0.0.0.2 - [mm] support large stack guard gap between vmas [orabug 26366330] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 Oracle Linux 7 - [3.10.0-514.21.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.21.2] - [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 Oracle Linux 6 [2.6.32-696.3.2.OL6] - Update genkey [bug 25599697] [2.6.32-696.3.2] - [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 Oracle Linux 6 Oracle Linux 7 [52.2.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.2.0-1] - Update to 52.2.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5470 CVE-2017-5472 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7756 CVE-2017-7757 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7774 CVE-2017-7778 CVE-2017-7749 CVE-2017-7754 CVE-2017-7758 CVE-2017-7773 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1.7.2p1-29.0.2] - Fix CVE-2017-1000368 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-1000368 Oracle Linux 6 Oracle Linux 7 [1.4-5] - Fixes CVE-2017-9462 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-9462 Oracle Linux 7 [3.0.4-8] - Disable internal OpenSSL cache and fix session cache file permissions. Resolves: Bug#1459131 CVE-2017-9148 freeradius: TLS resumption authentication bypass IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-9148 Oracle Linux 7 - [3.10.0-514.26.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514.26.1] - [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364} - Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444] [3.10.0-514.25.1] - [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252] - [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313] - [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313] - [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054] - [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054] - [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612] - [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895} - [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895} - [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444] - [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645} - [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768] - [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747] - [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477} - [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477} - [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005] - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214} - [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548] - [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548] - [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548] - [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583} - [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321] - [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818] - [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818] - [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818] - [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818] [3.10.0-514.24.1] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116] - [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403] - [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403] - [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068] - [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068] - [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068] - [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831] - [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776] - [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838] [3.10.0-514.23.1] - [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940] - [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940] - [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940] - [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940] - [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940] - [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940] [3.10.0-514.22.1] - [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2583 CVE-2017-6214 CVE-2017-7895 CVE-2017-7477 CVE-2017-7645 Oracle Linux 6 [32:9.8.2-0.62.rc1.4] - Fix CVE-2017-3142 and CVE-2017-3143 [32:9.8.2-0.62.rc1.3] - Update root servers and trust anchors (#1458234) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3142 CVE-2017-3143 Oracle Linux 7 [32:9.9.4-50.1] - Bump again above RHEL-7.4 [32:9.9.4-38.5] - Fix CVE-2017-3142 and CVE-2017-3143 [32:9.9.4-38.4] - Update root servers and trust anchor (#1459649) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3142 CVE-2017-3143 Oracle Linux 7 [1.5.3-126.el7_3.10] - kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch [bz#1460179] - kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch [bz#1460179] - Resolves: bz#1460179 (CVE-2017-9524 qemu-kvm: Qemu: nbd: segmentation fault due to client non-negotiation [rhel-7.3.z]) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-9524 Oracle Linux 6 [2.2.15-60.0.1.4] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-60.4] - Related: #1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects [2.2.15-60.3] - Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread [2.2.15-60.2] - Resolves: #1463354 - segfault in ap_proxy_set_scoreboard_lb [2.2.15-60.1] - Resolves: #1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects MODERATE Copyright 2017 Oracle, Inc. CVE-2016-8743 Oracle Linux 6 [2.6.32-696.6.3.OL6] - Update genkey [bug 25599697] [2.6.32-696.6.3] - [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1466667 1464237] - [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237] - Revert: [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237] [2.6.32-696.6.2] - [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366} [2.6.32-696.6.1] - [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1457347 1442030] - [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1449274 1446755] {CVE-2017-7895} - [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1449274 1446755] {CVE-2017-7895} - [scsi] libfc: quarantine timed out xids (Chris Leech) [1455550 1431440] - [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [1449096 869942] - [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [1449096 869942] - [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1444351 1431508] [2.6.32-696.5.1] - [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1450850 1448170] - [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1450870 1441909] [2.6.32-696.4.1] - [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1445179 1440361] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 Oracle Linux 6 [2.2.6-7] - Resolves: Bug#1469115 CVE-2017-10979 freeradius: Out-of-bounds write in rad_coalesce() - Resolves: Bug#1469118 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1469120 CVE-2017-10980 freeradius: Memory leak in decode_tlv() - Resolves: Bug#1469122 CVE-2017-10981 freeradius: Memory leak in fr_dhcp_decode() - Resolves: Bug#1469124 CVE-2017-10982 freeradius: Out-of-bounds read in fr_dhcp_decode_options() - Resolves: Bug#1469126 CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 IMPORTANT Copyright 2017 Oracle, Inc. Oracle Linux 6 Oracle Linux 7 [1:1.8.0.141-2.b16] - Update to aarch64-jdk8u141-b16. - Revert change to remove-intree-libraries.sh following backout of 8173207 - Resolves: rhbz#1466509 [1:1.8.0.141-2.b15] - Revert previous commit so we can revise the security update. - Resolves: rhbz#1468473 [1:1.8.0.141-1.b15] - Backport '8180048: Interned string and symbol table leak memory during parallel unlinking' - Resolves: rhbz#1468473 [1:1.8.0.141-0.b15] - Update to aarch64-jdk8u141-b15. - Update location of OpenJDK system library source code in remove-intree-libraries.sh - Drop upstreamed patches for 6515172, 8144566, 8155049, 8165231, 8174164, 8174729 and 8175097. - Update PR1983, PR2899 and PR2934 (SunEC + system NSS) to accomodate 8175110. - Resolves: rhbz#1466509 [1:1.8.0.131-1.b12] - Add backports from 8u152 (8179084/RH1455694, 8175887) ahead of July CPU. - Resolves: rhbz#1466509 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10102 CVE-2017-10109 CVE-2017-10090 CVE-2017-10096 CVE-2017-10107 CVE-2017-10108 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10101 CVE-2017-10116 CVE-2017-10135 CVE-2017-10193 CVE-2017-10198 CVE-2017-10053 Oracle Linux 7 [1.3.10-1] - Resolves: rhbz#1472290 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7771 CVE-2017-7772 CVE-2017-7774 CVE-2017-7778 CVE-2017-7773 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 Oracle Linux 7 [0:7.0.69-12] - Resolves: rhbz#1441487 CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object - Resolves: rhbz#1441480 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used - Resolves: rhbz#1459746 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5648 CVE-2017-5664 Oracle Linux 7 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2014-7975 CVE-2016-9576 CVE-2016-10088 CVE-2016-7097 CVE-2016-7042 CVE-2016-9806 CVE-2017-7187 CVE-2016-10147 CVE-2016-9588 CVE-2017-2596 CVE-2016-8645 CVE-2017-5970 CVE-2017-6001 CVE-2017-2647 CVE-2017-8890 CVE-2017-9077 CVE-2014-7970 CVE-2015-8970 CVE-2016-10200 CVE-2016-6213 CVE-2016-9604 CVE-2017-2671 CVE-2017-6951 CVE-2017-7616 CVE-2017-9074 CVE-2017-9076 CVE-2017-9242 CVE-2015-8839 CVE-2016-9685 CVE-2017-8797 CVE-2017-9075 CVE-2017-7889 Oracle Linux 7 [2.4.44-5] - fix CVE-2017-9287 openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (#1458210) [2.4.44-4] - NSS: Include some CHACHA20POLY1305 ciphers (#1432907) [2.4.44-3] - NSS: re-register NSS_Shutdown callback (#1405354) [2.4.44-2] - Include MDB tools in openldap-servers (#1428740) [2.4.44-1] - Rebase to openldap-2.4.44 (#1386365) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9287 Oracle Linux 7 [2.10.11-5] - Drop MXit support in RHEL Resolves: #1439296 [2.10.11-4] - Silence -Wsign-compare - Rename the previous patch for consistency Resolves: #1445921, #1446368 [2.10.11-3] - Avoid a use-after-free in an error path Resolves: #1445921 [2.10.11-2] - Add patch for CVE-2017-2640 Resolves: #1431022 [2.10.11-1] - Update to 2.10.11 Resolves: #1369526 MODERATE Copyright 2017 Oracle, Inc. CVE-2014-3694 CVE-2017-2640 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Oracle Linux 7 [1.5.3-141.el7] - kvm-Fix-memory-slot-page-alignment-logic-bug-1455745.patch [bz#1455745] - kvm-Do-not-hang-on-full-PTY.patch [bz#1452067] - kvm-serial-fixing-vmstate-for-save-restore.patch [bz#1452067] - kvm-serial-reinstate-watch-after-migration.patch [bz#1452067] - kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch [bz#1451614] - kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch [bz#1451614] - Resolves: bz#1451614 (CVE-2017-9524 qemu-kvm: segment fault when private user nmap qemu-nbd server [rhel-7.4]) - Resolves: bz#1452067 (migration can confuse serial port user) - Resolves: bz#1455745 (Backport fix for broken logic thats supposed to ensure memory slots are page aligned) [1.5.3-140.el7] - kvm-spice-fix-spice_chr_add_watch-pre-condition.patch [bz#1456983] - Resolves: bz#1456983 (Character device regression due to missing patch) [1.5.3-139.el7] - kvm-char-change-qemu_chr_fe_add_watch-to-return-unsigned.patch [bz#1451470] - Resolves: bz#1451470 (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop) [1.5.3-138.el7] - kvm-char-serial-cosmetic-fixes.patch [bz#1451470] - kvm-char-serial-Use-generic-Fifo8.patch [bz#1451470] - kvm-char-serial-serial_ioport_write-Factor-out-common-co.patch [bz#1451470] - kvm-char-serial-fix-copy-paste-error-fifo8_is_full-vs-em.patch [bz#1451470] - kvm-char-serial-Fix-emptyness-check.patch [bz#1451470] - kvm-char-serial-Fix-emptyness-handling.patch [bz#1451470] - kvm-serial-poll-the-serial-console-with-G_IO_HUP.patch [bz#1451470] - kvm-serial-change-retry-logic-to-avoid-concurrency.patch [bz#1451470] - kvm-qemu-char-ignore-flow-control-if-a-PTY-s-slave-is-no.patch [bz#1451470] - kvm-serial-check-if-backed-by-a-physical-serial-port-at-.patch [bz#1451470] - kvm-serial-reset-thri_pending-on-IER-writes-with-THRI-0.patch [bz#1451470] - kvm-serial-clean-up-THRE-TEMT-handling.patch [bz#1451470] - kvm-serial-update-LSR-on-enabling-disabling-FIFOs.patch [bz#1451470] - kvm-serial-only-resample-THR-interrupt-on-rising-edge-of.patch [bz#1451470] - kvm-serial-make-tsr_retry-unsigned.patch [bz#1451470] - kvm-serial-simplify-tsr_retry-reset.patch [bz#1451470] - kvm-serial-separate-serial_xmit-and-serial_watch_cb.patch [bz#1451470] - kvm-serial-remove-watch-on-reset.patch [bz#1451470] - Resolves: bz#1451470 (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop) [1.5.3-137.el7] - kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1299875] - Resolves: bz#1299875 (system_reset should clear pending request for error (IDE)) [1.5.3-136.el7] - kvm-target-i386-get-set-migrate-XSAVES-state.patch [bz#1327593] - kvm-Removing-texi2html-from-build-requirements.patch [bz#1440987] - kvm-Disable-build-of-32bit-packages.patch [bz#1441778] - kvm-Add-sample-images-to-srpm.patch [bz#1436280] - Resolves: bz#1327593 ([Intel 7.4 FEAT] KVM Enable the XSAVEC, XSAVES and XRSTORS instructions) - Resolves: bz#1436280 (sample images for qemu-iotests are missing in the SRPM) - Resolves: bz#1440987 (Remove texi2html build dependancy from RPM) - Resolves: bz#1441778 (Stop building qemu-img for 32bit architectures.) [1.5.3-135.el7] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1430060] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1430060] - kvm-cirrus-add-option-to-disable-blitter.patch [bz#1430060] - kvm-cirrus-fix-cirrus_invalidate_region.patch [bz#1430060] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1430060] - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1430060] - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1430060] - Resolves: bz#1430060 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-7.4]) [1.5.3-134.el7] - kvm-ui-vnc-introduce-VNC_DIRTY_PIXELS_PER_BIT-macro.patch [bz#1377977] - kvm-ui-vnc-derive-cmp_bytes-from-VNC_DIRTY_PIXELS_PER_BI.patch [bz#1377977] - kvm-ui-vnc-optimize-dirty-bitmap-tracking.patch [bz#1377977] - kvm-ui-vnc-optimize-setting-in-vnc_dpy_update.patch [bz#1377977] - kvm-ui-vnc-fix-vmware-VGA-incompatiblities.patch [bz#1377977] - kvm-ui-vnc-fix-potential-memory-corruption-issues.patch [bz#1377977] - kvm-vnc-fix-memory-corruption-CVE-2015-5225.patch [bz#1377977] - kvm-vnc-fix-overflow-in-vnc_update_stats.patch [bz#1377977] - kvm-i386-kvmvapic-initialise-imm32-variable.patch [bz#1335751] - kvm-qemu-iotests-Filter-out-actual-image-size-in-067.patch [bz#1427176] - vm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_ref2.patch [bz#1427176] - kvm-qemu-iotests-Fix-core-dump-suppression-in-test-039.patch [bz#1427176] - kvm-qemu-io-Add-sigraise-command.patch [bz#1427176] - kvm-iotests-Filter-for-Killed-in-qemu-io-output.patch [bz#1427176] - kvm-iotests-Fix-test-039.patch [bz#1427176] - kvm-blkdebug-Add-bdrv_truncate.patch [bz#1427176] - kvm-vhdx-Fix-zero-fill-iov-length.patch [bz#1427176] - kvm-qemu-iotests-Disable-030-040-041.patch [bz#1427176] - kvm-x86-add-AVX512_VPOPCNTDQ-features.patch [bz#1415830] - kvm-usb-ccid-check-ccid-apdu-length.patch [bz#1419818] - kvm-usb-ccid-better-bulk_out-error-handling.patch [bz#1419818] - kvm-usb-ccid-move-header-size-check.patch [bz#1419818] - kvm-usb-ccid-add-check-message-size-checks.patch [bz#1419818] - kvm-spec-Update-rdma-build-dependency.patch [bz#1433920] - Resolves: bz#1335751 (CVE-2016-4020 qemu-kvm: Qemu: i386: leakage of stack memory to guest in kvmvapic.c [rhel-7.4]) - Resolves: bz#1377977 (qemu-kvm coredump in vnc_raw_send_framebuffer_update [rhel-7.4]) - Resolves: bz#1415830 ([Intel 7.4 FEAT] Enable vpopcntdq for KNM - qemu/kvm) - Resolves: bz#1419818 (CVE-2017-5898 qemu-kvm: Qemu: usb: integer overflow in emulated_apdu_from_guest [rhel-7.4]) - Resolves: bz#1427176 (test cases of qemu-iotests failed) - Resolves: bz#1433920 (Switch from librdmacm-devel to rdma-core-devel) [1.5.3-133.el7] - kvm-target-i386-add-Ivy-Bridge-CPU-model.patch [bz#1368375] - kvm-x86-add-AVX512_4VNNIW-and-AVX512_4FMAPS-features.patch [bz#1382122] - kvm-target-i386-kvm_cpu_fill_host-Kill-unused-code.patch [bz#1382122] - kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-level.patch [bz#1382122] - kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-CPU-v.patch [bz#1382122] - kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-xleve.patch [bz#1382122] - kvm-target-i386-kvm_cpu_fill_host-Set-all-feature-words-.patch [bz#1382122] - kvm-target-i386-kvm_cpu_fill_host-Fill-feature-words-in-.patch [bz#1382122] - kvm-target-i386-kvm_check_features_against_host-Kill-fea.patch [bz#1382122] - kvm-target-i386-Make-TCG-feature-filtering-more-readable.patch [bz#1382122] - kvm-target-i386-Filter-FEAT_7_0_EBX-TCG-features-too.patch [bz#1382122] - kvm-target-i386-Filter-KVM-and-0xC0000001-features-on-TC.patch [bz#1382122] - kvm-target-i386-Define-TCG_-_FEATURES-earlier-in-cpu.c.patch [bz#1382122] - kvm-target-i386-Loop-based-copying-and-setting-unsetting.patch [bz#1382122] - kvm-target-i386-Loop-based-feature-word-filtering-in-TCG.patch [bz#1382122] - kvm-spice-remove-spice-experimental.h-include.patch [bz#1430606] - kvm-spice-replace-use-of-deprecated-API.patch [bz#1430606] - Resolves: bz#1368375 ([Intel 7.4 Bug] qemu-kvm does not support '-cpu IvyBridge') - Resolves: bz#1382122 ([Intel 7.4 FEAT] KVM Enable the avx512_4vnniw, avx512_4fmaps instructions in qemu) - Resolves: bz#1430606 (Cant build qemu-kvm with newer spice packages) [1.5.3-132.el7] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420492] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420492] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420492] - Resolves: bz#1420492 (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-7.4]) [1.5.3-131.el7] - kvm-memory-Allow-access-only-upto-the-maximum-alignment-.patch [bz#1342768] - kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1361488] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418233] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418233] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418233] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418233] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418233] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418233] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418233] - kvm-HMP-Fix-user-manual-typo-of-__com.redhat_qxl_screend.patch [bz#1419898] - kvm-HMP-Fix-documentation-of-__com.redhat.drive_add.patch [bz#1419898] - Resolves: bz#1342768 ([Intel 7.4 Bug] qemu-kvm crashes with Linux kernel 4.6.0 or above) - Resolves: bz#1361488 (system_reset should clear pending request for error (virtio-blk)) - Resolves: bz#1418233 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-7.4]) - Resolves: bz#1419898 (Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add) [1.5.3-130.el7] - kvm-gluster-correctly-propagate-errors.patch [bz#1151859] - kvm-gluster-Correctly-propagate-errors-when-volume-isn-t.patch [bz#1151859] - kvm-block-gluster-add-support-for-selecting-debug-loggin.patch [bz#1151859] - Resolves: bz#1151859 ([RFE] Allow the libgfapi logging level to be controlled.) [1.5.3-129.el7] - kvm-Update-qemu-kvm-package-Summary-and-Description.patch [bz#1378541] - kvm-vl-Don-t-silently-change-topology-when-all-smp-optio.patch [bz#1375507] - kvm-net-check-packet-payload-length.patch [bz#1398218] - kvm-qxl-Only-emit-QXL_INTERRUPT_CLIENT_MONITORS_CONFIG-o.patch [bz#1342489] - Resolves: bz#1342489 (Flickering Fedora 24 Login Screen on RHEL 7) - Resolves: bz#1375507 ('threads' option is overwritten if both 'sockets' and 'cores' is set on -smp) - Resolves: bz#1378541 (QEMU: update package summary and description) - Resolves: bz#1398218 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-7.4]) [1.5.3-128.el7] - kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1377968] - kvm-virtio-introduce-virtqueue_discard.patch [bz#1377968] - kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1377968] - kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1377968] - kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1377968] - kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1377968] - kvm-virtio-add-virtqueue_rewind.patch [bz#1377968] - kvm-virtio-balloon-fix-stats-vq-migration.patch [bz#1377968] - Resolves: bz#1377968 ([RHEL7.3] KVM guest shuts itself down after 128th reboot) [1.5.3-127.el7] - kvm-hw-i386-regenerate-checked-in-AML-payload-RHEL-only.patch [bz#1377087] - kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1377087] - Resolves: bz#1377087 (shutdown rhel 5.11 guest failed and stop at 'system halted') MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2633 CVE-2017-5898 CVE-2016-4020 Oracle Linux 7 [1.8.3-1] - bump to 1.8.3 - fix CVE-2017-8932 - Resolves: rhbz#1452616, rhbz#1452241, rhbz#1457169, rhbz#1448346 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-8932 Oracle Linux 7 [4.10-1] - Updated to the 4.x branch (#1360639) MODERATE Copyright 2017 Oracle, Inc. CVE-2015-2806 CVE-2015-3622 Oracle Linux 7 libICE [1.0.9-9] - Add upstream patch to not pull libbsd - Add custom patch for Fedora 24 & 25 [1.0.9-8] - Fix changelog [1.0.9-7] - Use libbsd for randoms (CVE-2017-2626, rhbz#1427715) [1.0.9-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.0.9-5] - Force disable documentation generation [1.0.9-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.0.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild libX11 [1.6.5-1] - libX11 1.6.5 [1.6.4-4] - Actually apply the patch from 1.6.4-3 [1.6.4-3] - Fix a bug in the memory leak fix from 1.6.4-2 [1.6.4-2] - Plug a memory leak in XListFonts() [1.6.4-1] - libX11 1.6.4 libXaw [1.0.13-4] - Force disable documentation generation [1.0.13-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.0.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.0.13-1] - libXaw 1.0.13 libXcursor [1.1.14-8] - Remove RHEL default cursor theme variant (rhbz#1388458) [1.1.14-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.1.14-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.1.14-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.1.14-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.1.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild libXdmcp [1.1.2-6] - Do not pull libbsd, use getentropy or getrandom syscall instead [1.1.2-5] - Use libbsd for randoms (CVE-2017-2625, rhbz#1427716) [1.1.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.1.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.1.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.1.2-1] - libXdmcp 1.1.2 [1.1.1-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild libXfixes [5.0.3-1] - libXfixes 5.0.3 libXfont [1.5.2-1] - libXfont 1.5.2 libXfont2 [2.0.1-2] - Add some fixes from upstream git master [2.0.2-1] - Initial packaging forked from libXfont libXi [1.7.9-1] - libXi 1.7.9 [1.7.8-1] - libXi 1.7.8 libXpm [3.5.12-1] - libXpm 3.5.12 libXrandr [1.5.1-2] - rebuild for new build of libXrender [1.5.1-1] - libXrandr 1.5.1 [1.5.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.5.0-1] - libXrandr 1.5.0 - fixup requires/br libXrender [0.9.10-1] - libXrender 0.9.10 libXt [1.1.5-3] - libXt 1.1.5 - Merge F25: - Fix duplicate documentation (#1001246) by not using %doc - Turn on verbose build output via V=1 make - Remove %defattr - Use %?_isa in explicit package deps - Exclude docs from main package libXtst [1.2.3-1] - libXtst 1.2.3 libXv [1.0.11-1] - libXv 1.0.11 - fixes CVE-2016-5407 [1.0.10-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.0.10-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild libXvMC [1.0.10-1] - libXvMC 1.0.10 - fixes CVE-2016-7953 [1.0.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.0.9-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.0.9-1] - libXvMC 1.0.9 [1.0.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.0.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild libXxf86vm [1.1.4-1] - libXxf86vm 1.1.4 libdrm [2.4.74-1] - libdrm 2.4.74 libepoxy [1.3.1-1] - libepoxy 1.3.1 libevdev [1.5.6-1] - libevdev 1.5.6 (#1401754) libfontenc [1.1.3-3] - libfontenc 1.1.3 (Merge fedora 25) libinput [1.6.3-2] - Fix test suite to build on RHEL 7.x (#1431640) [1.6.3-1] - libinput 1.6.3 (#1388484) [1.6.2-1] - libinput 1.6.2 (#1388484) [1.6.0-1] - libinput 1.6 [1.5.902-1] - libinput 1.6rc2 [1.5.901-1] - libinput 1.6rc1 [1.5.3-1] - libinput 1.5.3 [1.5.2-2] - Swap to the correct tarball so we match the checksums from upstream (had a local mixup of tarballs) [1.5.2-1] - libinput 1.5.2 [1.5.1-2] - Improve responsiveness of touchpads by reducing the motion history. [1.5.1-1] - libinput 1.5.1 [1.5.0-2] - Drop the synaptics 3-slot workaround [1.5.0-1] - libinput 1.5.0 [1.4.901-2] - Avoid spurious trackpoint events halting the touchpad (related #1364850) [1.4.901-1] - libinput 1.5rc1 [1.4.2-2] - Add quirk for the HP 8510w touchpad (#1351285) [1.4.2-1] - libinput 1.4.2 [1.4.1-1] - libinput 1.4.1 [1.4.0-1] - libinput 1.4 [1.3.901-1] - libinput 1.4rc1 [1.3.3-2] - Drop the now unnecessary patch [1.3.3-1] - libinput 1.3.3 [1.3.2-1] - libinput 1.3.2 [1.3.1-1] - libinput 1.3.1 [1.3.0-3] - Stop pointer jitter on the Dell E5420, E530 and Lenovo Yoga 2 [1.3.0-2] - Disable negative pressure transition on non-synaptics pads to avoid jerky movement (#1335249) [1.3.0-1] - libinput 1.3.0 [1.2.903-1] - libinput 1.3rc3 [1.2.902-1] - libinput 1.3rc2 [1.2.4-1] - libinput 1.2.4 [1.2.3-1] - libinput 1.2.3 [1.2.2-1] - libinput 1.2.2 [1.2.1-4] - Fix jerky pointer motion on the Lenovo T450/T460/X1 3rd hardware [1.2.1-3] - Fix segfault on mislabeled tablets (#1314955) [1.2.1-2] - Bump to maintain upgrade path with F23 [1.2.1-1] - libinput 1.2.1 [1.2.0-1] - libinput 1.2.0 [1.1.902-2] - Add libwacom-devel to BuildRequires [1.1.902-1] - libinput 1.2rc2 [1.1.7-1] - libinput 1.1.7 [1.1.6-1] - libinput 1.1.6 [1.1.5-4] - Fix patches from -3, they got corrupted somehow [1.1.5-3] - Disable the mode button on the Cyborg RAT 5 - Drop touchpad motion hysteresis by default [1.1.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.1.5-1] - libinput 1.1.5 [1.1.4-3] - disable MT for semi-mt devices to solve the various two- and three-finger issues (at the cost of pinch gestures) (#1295073) [1.1.4-2] - fix disable-while-typing on macbooks [1.1.4-1] - libinput 1.1.4 [1.1.3-1] - libinput 1.1.3 [1.1.2-1] - libinput 1.1.2 [1.1.1-2] - Reduce 2fg scroll threshold to 1mm (#1247958) [1.1.1-1] - libinput 1.1.1 [1.1.0-3] - Fix invalid device group pointer, causing invalid memory access [1.1.0-2] - Fix crash triggered by Asus RoG Gladius mouse (#1275407) [1.1.0-1] - libinput 1.1.0 [1.0.2-1] - libinput 1.0.2 [1.0.1-3] - Fix the number of clicks sent in multitap (fdo #92016) [1.0.1-2] - Don't interpret short scrolls as right click (#1256045) [1.0.1-1] - libinput 1.0.1 [1.0.0-1] - libinput 1.0 [0.99.1-1] - libinput 1.0RC1 [0.21.0-3] - Fix 2fg scroll threshold handling (#1249365) [0.21.0-2] - Fix pointer speed configuration, broke with 0.21.0 [0.21.0-1] - libinput 0.21.0 - fix 3fg touch detection on Synaptics semi-mt touchpads [0.20.0-6] - Fix broken 2fg scrolling on single-touch touchpads (#1246651) - Drop distance threshold for 2fg gesture detection (#1246868) [0.20.0-5] - Add a size hint for Apple one-button touchpads (#1246651) [0.20.0-4] - Disable 2fg scrolling on Synaptics semi-mt (#1235175) [0.20.0-3] - Disable thumb detection, too many false positives (#1246093) [0.20.0-2] - Restore parsing for trackpoing const accel [0.20.0-1] - libinput 0.20 [0.19.0-3] - Only edge scroll when the finger is on the actual edge [0.19.0-2] - enable edge scrolling on clickpads (#1225579) [0.19.0-1] - libinput 0.19.0 [0.18.0-5] - Improve trackpoint->touchpad transition responsiveness (#1233844) [0.18.0-4] - Steepen deceleration curve to get better 1:1 movement on slow speeds (#1231304) - Provide custom accel method for <1000dpi mice (#1227039) [0.18.0-3] - Fix stuck finger after a clickpad click on resolutionless touchpads [0.18.0-2] - Fix initial jump during edge scrolling [0.18.0-1] - libinput 0.18.0 [0.17.0-5] - Use physical values for the hystersis where possible (#1230462) - Disable right-edge palm detection when edge scrolling is active (fdo#90980) [0.17.0-4] - Avoid erroneous finger movement after a physical click (#1230441) [0.17.0-3] - Require udev.pc for the build [0.17.0-2] - Cap the minimum acceleration slowdown at 0.3 (#1227796) [0.17.0-1] - libinput 0.17 [0.16.0-4] - Always set the middle button as default button for button-scrolling (#1227182) [0.16.0-3] - Reduce tap-n-drag timeout (#1225998) [0.16.0-2] - Handle slow motions better (#1227039) [0.16.0-1] - libinput 0.16.0 [0.15.0-4] - Add tap-to-end-drag patch (#1225998) [0.15.0-3] - Refine disable-while-typing (#1209753) [0.15.0-2] - Add disable-while-typing feature (#1209753) [0.15.0-1] - libinput 0.15.0 [0.14.1-2] - Fix crash with the MS Surface Type Cover (#1206869) [0.14.1-1] - libinput 0.14.1 [0.13.0-6] - git add the patch... [0.13.0-5] - Reduce palm detection threshold to 70mm (#1209753) - Don't allow taps in the top part of the palm zone (#1209753) [0.13.0-4] - Fix finger miscounts on single-touch touchpads (#1209151) [0.13.0-3] - Fix mouse slowdown (#1208992) [0.13.0-2] - Fix crasher triggered by fake MT devices without ABS_X/Y (#1207574) [0.13.0-1] - libinput 0.13.0 [0.12.0-2] - Install the udev rules in the udevdir, not libdir (#1203645) [0.12.0-1] - libinput 0.12.0 [0.11.0-1] - libinput 0.11.0 [0.10.0-1] - libinput 0.10.0 [0.9.0-1] - libinput 0.9.0 [0.8.0-1] - libinput 0.8.0 [0.7.0-2.20141211git58abea394] - git snapshot, fixes a crasher and fd confusion after suspending a device [0.7.0-1] - libinput 0.7.0 [0.6.0-3.20141124git92d178f16] - Add the hooks to build from a git snapshot - Disable silent rules - Update to today's git master [0.6.0-2] - libinput 0.6.0 [0.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.5.0-1] - libinput 0.5.0 [0.4.0-2] - Add the new touchpad pointer acceleration code [0.4.0-1] - Update to 0.4.0 [0.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.2.0-1] - libinput 0.2.0 [0.1.0-1] - Initial Fedora packaging libvdpau [1.1.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild libwacom [0.24-1] - libwacom 0.24 (#1401752) [0.22-2] - Merge libwacom 0.22 from F25 (#1401752) libxcb [1.12-1] - libxcb 1.12 [1.11.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.11.1-1] - libxcb 1.11.1 [1.11-8] - followup fix for thread deadlocks (#1193742, fdo#84252) [1.11-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.11-6] - pull in (partial?) upstream fix for deadlocks (#1193742, fdo#84252) [1.11-5] - fix rpath harder (#1136546) - %build: --disable-silent-rules libxkbcommon [0.7.1-1] - xkbcommon 0.7.1 [0.7.0-1] - xkbcommon 0.7.0 [0.6.1-1] - xkbcommon 0.6.1 [0.5.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.5.0-3] - always build the x11 subpackage [0.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.5.0-1] - Update to 0.5.0 (#1154574) [0.4.3-2] - Require xkeyboard-config (#1145260) [0.4.3-1] - Update to 0.4.3 [0.4.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.4.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.4.2-3] - make -x11 support conditional (f21+, #1000497) - --disable-silent-rules [0.4.2-2] - Bump release to 2 to avoid confusion with non official non scratch 0.4.2-1 [0.4.2-1] - xkbcommon 0.4.2 (#1000497) - own %{_includedir}/xkbcommon/ - -x11: +ldconfig scriptlets - -devel: don't include xkbcommon-x11.h - run reautoconf in %prep (instead of %build) - tighten subpkg deps via %_isa - .spec cleanup, remove deprecated stuff - BR: pkgconfig(xcb-xkb) >= 1.10 [0.4.0-1] - xkbcommon 0.4.0 - Add new xkbcommon-x11 and xkbcommon-x11-devel subpackages [0.3.1-1] - xkbcommon 0.3.1 [0.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.3.0-1] - xkbcommon 0.3.0 [0.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.2.0-1] - xkbcommon 0.2.0 [0.1.0-8.20120917] - Today's git snapshot [0.1.0-7.20120306] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.1.0-6.20120306] - BuildRequire xkeyboard-config-devel to get the right XKB target path (#799717) [0.1.0-5.20120306] - Today's git snapshot [0.1.0-4.20111109] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.1.0-3] - Today's git snap [0.1.0-2.20101110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.1.0-1.20101110] - inital import libxkbfile [1.0.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.0.9-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.0.9-1] - libxkbfile 1.0.9 [1.0.8-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild mesa [17.0.1-6.20170307] - enable VDPAU drivers (#1297276) [17.0.1-5.20170307] - Use correct datalayout for llvmpipe (#1445423) [17.0.1-4.20170307] - Add ppc64le vulkan build [17.0.1-3.20170307] - Add temporary revert for #1438891 [17.0.1-2.20170307] - Allow compat shaders override. (#1429813) [17.0.1-1.20170307] - mesa 17.0.1 release [17.0.0-2.20170215] - enable more drivers on aarch64 + vulkan drivers (#1358444) [17.0.0-1.20170215] - mesa 17.0.0 release [17.0.0-0.2.20170123] - Rebuild against (and BuildRequire) mesa-private-llvm >= 3.9 [17.0.0-0.1.20170123] - mesa 17.0.0-rc1 mesa-private-llvm [3.9.1-3] - Add temporary revert for #1445423 [3.9.1-2] - Add fix for radeonsi regression [3.9.1-1] - Update to 3.9.1 vulkan [1.0.39.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.0.39.1-1] - Update to 1.0.39.1 release [1.0.39.0-1] - Update to 1.0.39.0 release - Add build requires libXrandr-devel [1.0.37.0-1] - Update to 1.0.37.0 release - Disable Mir as it's lame ubuntu rubbish [1.0.34.0-0.1.gitd4cd34f] - Update to latest git [1.0.30.0-2] - Fix VkLayer undefined symbol: util_GetExtensionProperties [1.0.30.0-1] - Update to 1.0.30.0 release [1.0.26.0-4] - Build with wayland support (rhbz 1383115) [1.0.26.0-3] - Move unversioned libraries - Disable vkjson build - Fix license tag [1.0.26.0-2] - Make layers conditional. [1.0.26.0-1] - Update to 1.0.26.0 release [1.0.26.0-0.3.gitfbb8667] - Clean up [1.0.26.0-0.2.gitfbb8667] - Change build requires python3 - Use release for cmake - Make build verbose [1.0.26.0-0.1.gitfbb8667] - Update to latest git [1.0.3-0.1.git1affe90] - Add ldconfig in post/postun - Use upstream tarball from commit + patches - Fix versioning. In fact it was never released - Fixup mixing of spaces/tabs - Remove rpath from vulkaninfo - Make filesystem subpkg noarch (it is really noarch) - BuildRequire gcc and gcc-c++ explicitly - Require main pkg with isa tag - Fix perms and perm of README.md - Use %license tag [1.0.3-0] - Update loader to not build cube or tri. Drop bundled LunarGLASS and llvm since they're only needed for those demos. [1.0.3-0] - Initial packaging xcb-proto [1.12-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1.12-1] - xcb-proto 1.12 [1.11-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild xkeyboard-config [2.20-1] - xkeyboard-config 2.20 (#1401753) xorg-x11-proto-devel [7.7-20] - xproto 7.0.31 [7.7-19] - inputproto 2.3.2 [7.7-18] - videoproto 2.3.3 [7.7-17] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - s/define/global/ [7.7-16] - xproto 7.0.28 [7.7-15] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [7.7-14] - randrproto-1.5.0 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10164 CVE-2017-2625 CVE-2017-2626 Oracle Linux 7 [2.7.5-58.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-58] - Set stream to None in case an _open() fails. Resolves: rhbz#1432003 [2.7.5-57] - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz#1441237 [2.7.5-56] - Fix shutil.make_archive ignoring empty directories when creating zip files Resolves: rhbz#1439734 [2.7.5-55] - Update Python RPM macros with new ones from EPEL7 to simplify packaging Resolves: rhbz#1297522 [2.7.5-54] - Protect key list during fork() Resolves: rhbz#1268226 [2.7.5-53] - Fix _ssl.c reference leaks Resolves: rhbz#1272562 [2.7.5-52] - Workaround Python's threading library issue with non returning wait, for signals with timeout Resolves: rhbz#1368076 [2.7.5-51] - Enable certificate verification by default Resolves: rhbz#1219110 [2.7.5-50] - Fix incorrect parsing of certain regular expressions Resolves: rhbz#1373363 [2.7.5-49] - Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs Resolves: rhbz#1364444 [2.7.5-48] - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359164 [2.7.5-47] - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data() Resolves: rhbz#1356364 [2.7.5-46] - Drop patch 221 that backported sslwrap function since it was introducing regressions - Refactor patch 227 Resolves: rhbz#1331425 [2.7.5-45] - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346357 [2.7.5-44] - Fix iteration over files with very long lines Resolves: rhbz#1271760 [2.7.5-43] - Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/ Resolves: rhbz#1288426 [2.7.5-42] - JSON decoder lone surrogates fix Resolves: rhbz#1301017 [2.7.5-41] - Updated PEP493 implementation Resolves: rhbz#1315758 [2.7.5-40] - Backport of Computed Goto dispatch Resolves: rhbz#1289277 MODERATE Copyright 2017 Oracle, Inc. CVE-2014-9365 Oracle Linux 7 [14:4.9.0-5] - Resolves: #1441597; use bigger capture buffer than in upstream [14:4.9.0-4] - Drop downstream patch (drop root privileges) - Add libcap-ng as a new build dependency - Related: #1262283 * Tue Apr 11 2017 root - 14:4.9.0-3 - Fix tests according to our patches and libpcap version [14:4.9.0-2] - Use getnameinfo instead of gethostbyaddr [14:4.9.0-1] - New upstream version 4.9.0. Resolves: #1422473 - Add legacy -P switch with warning. Related to #1422473 and #1292056 [14:4.5.1-6] - Drop root before creating any dump file. Resolves: #1262283 [14:4.5.1-5] - Use -Q instead of -P to set capture direction. Resolves: #1292056 [14:4.5.1-4] - Fix segfault with --help option. Resolves: #1297812 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-0261 CVE-2016-7926 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7929 CVE-2016-7927 CVE-2016-7928 CVE-2016-7931 CVE-2016-7940 CVE-2016-7975 CVE-2016-7993 CVE-2016-8575 CVE-2017-5202 CVE-2017-5205 CVE-2017-5341 CVE-2016-7930 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7973 CVE-2016-7974 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-8574 CVE-2017-5203 CVE-2017-5204 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Oracle Linux 7 [2.17-196] - Avoid large allocas in the dynamic linker (#1452721) [2.17-195] - Rounding issues on POWER (#1457177) [2.17-194] - Use a built-in list of system call names (#1439165) [2.17-193] - Inhibit FMA while compiling sqrt, pow (#1413638) [2.17-192] - Exclude lock elision support for older Intel hardware with Intel TSX that has hardware errata (#841653). [2.17-191] - Add transparent lock elision for default POSIX mutexes on IBM POWER hardware with support for IBM POWER HTM (#731835). [2.17-190] - Add transparent lock elision for default POSIX mutexes on Intel hardware with support for Intel TSX (#841653). - Update dynamic loader trampoline for Intel Skylake server (#1421155). [2.17-189] - Update dynamic loader trampoline for Intel SSE, AVX, and AVX512 usage (#1421155) [2.17-188] - Improve exp() and pow() performance in libm (#1409611) - Add optimized strcmp and strncmp for IBM POWER9 hardware (#1320947) [2.17-187] - Define MSG_FASTOPEN. (#1387874) [2.17-186] - Update patch for glibc-rh1288613.patch to include tst-res_hconf_reorder in the list of tests to be built and run. (#1367804) [2.17-185] - math: Regenerate ULPs for POWER (#1385004) [2.17-184] - Correct s390 definition of SIZE_MAX (#1385003) [2.17-183] - Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() (#1374658) [2.17-182] - Fix CVE-2015-8778: Integer overflow in hcreate and hcreate_r (#1374657) [2.17-181] - Fix rare case where calloc may not zero memory properly (#1430477) [2.17-180] - malloc: additional unlink hardening for non-small bins (#1326739) [2.17-179] - Add improvements and optimizations to take advantage of the new z13 processor design (#1380680) [2.17-178] - Backport the latest POWER8 performance optimizations (#1385004) [2.17-177] - LD_POINTER_GUARD in the environment is not sanitized (#1383951) [2.17-176] - Fix cmpli usage in power6 memset. (#1418997) [2.17-175] - Avoid accessing user-controlled stdio locks in forked child (#1322544) [2.17-174] - Fix unbounded stack allocation in catopen function (#1374654) [2.17-173] - Fix unbounded stack allocation in nan* functions (#1374652) [2.17-172] - Handle /var/cache/ldconfig/aux-cache corruption (#1325138) [2.17-171] - Make padding in struct sockaddr_storage explicit (#1338672) [2.17-170] - Add AF_VSOCK/PF_VSOCK, TCP_TIMESTAMP (#1417205) [2.17-169] - Define <inttypes.h> and <stdint.h> macros unconditionally (#1318877) [2.17-168] - Backport the groups merging feature (#1298975) [2.17-167] - Fix sunrpc UDP client timeout handling (#1228114) [2.17-166] - Add 'sss' service to the automount database in nsswitch.conf (#1392540) [2.17-165] - Fix use of uninitialized data in getaddrinfo with nscd (#1324568) - Remove the 'power8' AT_PLATFORM directory (#1404435) - Fix profil on aarch64 (#1144516) [2.17-164] - Fix TOC stub on powerpc64 clone() (#1398244) [2.17-163] - stdio buffer auto-tuning should reject large buffer sizes (#988869) [2.17-162] - Backport support/ subdirectory from upstream (#1418978) - Fix deadlock between fork, malloc, flush (NULL) (#906468) [2.17-161] - Fix tst-cancel17/tst-cancelx17 was sometimes segfaulting. Wait for the read to finish before returning. (#1337242) [2.17-160] - Add internal-only support for O_TMPFILE (#1330705) [2.17-158] - Do not set initgroups in default nsswitch.conf (#1366569) - nss_db: Request larger buffers for long group entries (#1318890) - nss_db: Fix get*ent crash without preceding set*ent (#1213603) - nss_db: Fix endless loop in services database processing (#1370630) MODERATE Copyright 2017 Oracle, Inc. CVE-2014-9761 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779 CVE-2015-8777 Oracle Linux 7 * Tue Mar 07 2017 Kamil Dudka <kdudka@redhat.com - 4.2.46-28 - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: #1429838 * Fri Feb 24 2017 Kamil Dudka <kdudka@redhat.com - 4.2.46-27 - CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 variables Resolves: #1426026 [4.2.46-26] - CVE-2016-0634: Fix for arbitrary code execution via malicious hostname Resolves: #1379237 [4.2.46-25] - Plug a leak related to compound assignments Resolves: #1264101 [4.2.46-24] - Recognize cd -e Resolves: #1267478 [4.2.46-23] - Add a condition before setting pipeline_pgrp to shell_pgrp Resolves: #1377496 [4.2.46-22] - Avoid crash in parameter expansion while expanding long strings Resolves: #1403255 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 Oracle Linux 7 [4.6.2-8] - resolves: #1459936 - Fix regression with 'follow symlinks = no' [4.6.2-7] - resolves: #1461336 - Fix smbclient username parsing - resolves: #1460937 - Fix username normalization with winbind [4.6.2-6] - resolves: #1459179 - Fix smbclient session setup printing [4.6.2-5] - related: #1277999 - Add missing patchset [4.6.2-4] - resolves: #1431986 - Fix expand_msdfs VFS module [4.6.2-3] - resolves: #1450785 - Security fix for CVE-2017-7494 [4.6.2-2] - resolves: #1448544 - Fix spoolss 32bit driver upload [4.6.2-1] - resolves: #1435734 - Fix refreshing winbind tickets [4.6.2-0] - Update to Samba 4.6.2 - related: #1430260 - Security fix for CVE-2017-2619 [4.6.1-0] - Update to Samba 4.6.1 - resolves: #1430260 - Security fix for CVE-2017-2619 [4.6.0-5] - related: #1391954 - Fix kerberos cross-realm referrals - resolves: #1430755 - Fix 'net ads' keytab handling [4.6.0-4] - Export internal arcfour_crypt_blob in Python as samba.arcfour_encrypt - related: #1391954 - Update to Samba 4.6.0 [4.6.0-3] - Ensure we set realm when updating ccache in auth/credentials - resolves: #1430759 - use GSSAPI gss_acquire_cred_from call for gssproxy support [4.6.0-2] - resolves: #1430759 - use GSSAPI gss_acquire_cred_from call for gssproxy support [4.6.0-1] - related: #1391954 - Update to Samba 4.6.0 - resolves: #1401505 - Improved idmap_hash documentation - resolves: #1218926 - Samba ignores default_keytab_name in krb5.conf - resolves: #1389786 - Add 'net ads dns unregister' [4.6.0-0.1.rc4] - related: #1391954 - Update to Samba 4.6.0rc4 - resolves: #1420130 - samba_krb5_wrapper does not list devices when called with no arguments - resolves: #1277999 - Change RPC port range to Windows defaults [4.6.0-0.1.rc3] - resolves: #1391954 - Update to Samba 4.6.0rc3 - resolves: #1271082 - Wrong groups listed when id command is called before login - resolves: #1327810 - Use 'printcap cache time' for the house keeping interval - resolves: #1356932 - Improve documentation for 'ldap ssl' in smb.conf manpage - resolves: #1365111 - Fix printer removal if 'List in Directory' checkbox is unticked and printer is not listed in AD - resolves: #1368439 - Fix ntlm_auth wrong password issues - resolves: #1397871 - Include the system krb5.conf in winbinds generated conf - resolves: #1397891 - Fix marsalling of spoolss SetPrinter info level 2 - resolves: #1397895 - Add missing support APD_COPY_FROM_DIRECTORY in AddPrinterDriver - resolves: #1403242 - Samba can not access trusted domains through transitive trusts - resolves: #1403975 - Fix trusted domain logins - resolves: #1411978 - Include the system krb5.conf in winbinds generated conf - resolves: #1416746 - Fix division by zero error in ctdb 05.system event script LOW Copyright 2017 Oracle, Inc. CVE-2017-9461 Oracle Linux 7 [1:5.0.6.2-14.0.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.0.6.2-14] - Resolves: rhbz#1454693 segv on interrupting tiled rendering [1:5.0.6.2-13] - Related: rhbz#1444437 remove timer if document closed before it fires [1:5.0.6.2-12] - Resolves: rhbz#1454598 crash on selecting bullet from toolbar [1:5.0.6.2-11] - Related: rhbz#1444437 restart second instance cleanly [1:5.0.6.2-10] - Resolves: rhbz#1444437 segv in gnome-documents integration [1:5.0.6.2-9] - Resolves: rhbz#1445635 CVE-2017-7870 Heap-buffer-overflow in tools::Polygon::Insert [1:5.0.6.2-8] - Resolves: rhbz#1437537 fix csv a11y [1:5.0.6.2-7] - Resolves: rhbz#1431539 gnome-documents needs libreofficekit - Resolves: rhbz#1435535 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer [1:5.0.6.2-6] - Resolves: rhbz#1401082 gnome hangs opening certain docx - Resolves: rhbz#1421726 drop use of CAIRO_OPERATOR_DIFFERENCE MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7870 Oracle Linux 7 [9.2.21-1] - update to 9.2.21 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-21.html http://www.postgresql.org/docs/9.2/static/release-9-2-20.html http://www.postgresql.org/docs/9.2/static/release-9-2-19.html [9.2.18-2] - package libpgport.a (rhbz#1305979) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7484 CVE-2017-7486 Oracle Linux 7 fltk [1.3.4-1] - Re-base to 1.3.4 (+ sync with Fedora) tigervnc [1.8.0-1] - Update to 1.8.0 Resolves: bz#1388620 [1.7.90-2] - Make RandR callbacks optional Resolves: bz#1444948 [1.7.90-1] - Update to 1.7.90 Resolves: bz#1388620 [1.7.1-3] - Delete underlying ssecurity in SSecurityVeNCrypt [CCVE-2017-7392] Resolves: bz#1439127 Prevent double free by crafted fences [CVE-2017-7393] Resolves: bz#1439134 [1.7.1-2] - Be more restrictive with shared memory mode bits Resolves: bz#1152552 Limit max username/password size in SSecurityPlain [CVE-2017-7394] Resolves: bz#1438737 Fix crash from integer overflow in SMsgReader::readClientCutText [CVE-2017-7395] Resolves: bz#1438742 [1.7.1-1] - Update to 1.7.1 Resolves: bz#1388620 Resolves: bz#1343899 Resolves: bz#1410164 Resolves: bz#1415547 Resolves: bz#1418945 Resolves: bz#1416290 Resolves: bz#1342956 - Fix shared memory leakage Resolves: bz#1358090 - Added systemd unit file for xvnc Resolves: bz#1393971 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10207 CVE-2017-5581 CVE-2017-7393 CVE-2017-7392 CVE-2017-7396 CVE-2017-7395 CVE-2017-7394 Oracle Linux 7 [1.8.3.1-11] - dissalow repo names beginning with dash Resolves: CVE-2017-8386 [-1.8.3.1-10] - do not put unsanitized branch names in Resolves: CVE-2014-9938 [-1.8.3.1-9] - add control of GSSAPI credential delegation to enable HTTP(S)-SSO authentication Resolves: #1369173 [1.8.3.1-8] - remove needles check of xmalloc from previous patch Resolves: #1318255 [1.8.3.1-7] - fix heap overflow CVE-2016-2315 CVE-2016-2324 Resolves: #1318255 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-8386 CVE-2014-9938 Oracle Linux 7 [7.29.0-42] - fix use of uninitialized variable detected by Covscan [7.29.0-41] - make FTPS work with --proxytunnel (#1420327) [7.29.0-40] - make FTPS work with --proxytunnel (#1420327) [7.29.0-39] - work around race condition in PK11_FindSlotByName() in NSS (#1404815) [7.29.0-38] - make FTPS work with --proxytunnel (#1420327) [7.29.0-37] - fix tight loop in non-blocking TLS handhsake over proxy (#1388162) - handle cookies with numerical IPv6 address (#1341503) - make libcurl recognize chacha20-poly1305 and SHA384 cipher-suites (#1374740) - curl -E: allow to escape ':' in cert nickname (#1376062) - run automake in %prep to avoid patching Makefile.in files from now on [7.29.0-36] - reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7167 Oracle Linux 7 [7.4p1-11 + 0.10.3-1] - Compiler warnings (#1341754) [7.4p1-10 + 0.10.3-1] - Add missing messages in FIPS mode (#1341754) [7.4p1-9 + 0.10.3-1] - Allow harmless syscalls for s390 crypto modules (#1451809) [7.4p1-8 + 0.10.3-1] - Fix multilib issue in documentation (#1450361) [7.4p1-6 + 0.10.3-1] - ControlPath too long should not be a fatal error (#1447561) [7.4p1-5 + 0.10.3-1] - Fix the default key exchange proposal in FIPS mode (#1438414) - Remove another wrong coverity chunk to unbreak gsskex (#1438414) [7.4p1-4 + 0.10.3-1] - Update seccomp filter to work on ppc64le (#1443916) [7.4p1-3 + 0.10.3-1] - Do not completely disable SHA-1 key exchange methods in FIPS (#1324493) - Remove wrong coverity patches [7.4p1-2 + 0.10.3-1] - Fix coverity scan results - Adjust FIPS algorithms list (#1420910) - Revert problematic feature for chroot(#1418062) - Fix CBC weakness in released OpenSSH 7.5 [7.4p1-1 + 0.10.3-1] - Rebase to openssh 7.4 and pam_ssh_agent_auth 0.10.3 (#1341754) - detach -cavs subpackage - enable seccomp filter for sandboxed child MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10009 CVE-2016-6515 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 Oracle Linux 7 clutter-gst2 [2.0.18-1] - Update to 2.0.18 - Remove obsolete patches - Use license macro for COPYING - Resolves: #1386833 gnome-video-effects [0.4.3-1] - Update to 0.4.3 - Resolves: #1386968 [0.4.1-5] - Fix URL (rhbz#1380981) gstreamer-plugins-bad-free [0.10.23-23] - Rebuild with hardened flags Resolves: #1420764 gstreamer-plugins-good [0.10.31-13] - Rebuild with correct hardening flags Resolves: #1420765 gstreamer1 [1.10.4-2] - fix origin - Resolves: #1420650 [1.10.4-1] - Update to 1.10.4 - update patches - Resolves: #1420650 gstreamer1-plugins-bad-free [1.10.4-2] - Disable plugins - Fix origin - Resolves: #1429587 [1.10.4-1] - Update to 1.10.4 - Remove unbuilt plugins - Resolves: #1429587 gstreamer1-plugins-base [1.10.4-1] - Update to 1.10.4 - Resolves: #1428918 [1.4.5-3] - Fix unit test on ppc64 - Resolves: #1265905 gstreamer1-plugins-good [1.10.4-2] - Fix origin Resolves: #1429577 [1.10.4-1] - Update to 1.10.4 Resolves: #1429577 orc [0.4.26-1] - Update to 0.4.26 - Remove upstreamed patches - Resolves: #1430051 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10198 CVE-2016-9810 CVE-2016-9811 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5848 CVE-2016-10199 CVE-2016-9446 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5844 CVE-2017-5845 Oracle Linux 7 gdm [3.22.3-11] - Add japanese translation Resolves: #1449632 [3.22.3-10] - Add patches to try to maintain some semblance of compatibility when live upgrading between 7.3 and 7.4 Related: #1448786 [3.22.3-9] - Make sure reauthentication is run within the user session. Resolves:#1448209 [3.22.3-8] - Reap transient login screens when they are no longer needed - Jump to login screen if we end up on a blank VT Resolves: #1301028 [3.22.3-7] - Fix user switching Related: #1386862 [3.22.3-6] - Fix indirect XDMCP Resolves: #1273156 [3.22.3-5] - Attempt to fix po file installation Related: #1386862 [3.22.3-4] - Drop reference to wayland in config file - use autosetup to simplify spec maintenance Related: #1386862 [3.22.3-3] - Don't fall over if autologin user isn't available Resolves #1373837 [1:3.22.3-2] - Honor anaconda's firstboot being disabled Resolves: #1226819 [3.22.3-1] - Rebase to 3.22.3 Resolves: #1386862 [3.14.2-19] - Add error traps around XKillClient calls, fixes regression on logout Resolves: #1377987 gnome-session [3.22.3-4] - fix crash in fail whale Resolves: #1392970 [3.22.3-3] - Fix the ability to disable a service from session properties Resolves: #1310975 [3.22.3-2] - Drop gnome-xorg.desktop Related: #1386957 [3.22.3-1] - Rebase to 3.22.3 Resolves: #1386957 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-7496 Oracle Linux 7 [9.07-28] - Security fix for CVE-2017-8291 updated to address SIGSEGV [9.07-27] - Added security fix for CVE-2017-8291 (bug #1446063) [9.07-26] - Updated requirements for lcms2 to avoid possible issues in the future [9.07-25] - Added security fix for CVE-2017-7207 (bug #1434353) - Added explicit requirement for lcms2 version we are build with (bug #1436273) [9.07-24] - Fix infinite 'for' loop in gdevp14.c file (bug #1424752) [9.07-23] - Fix for regression caused by previous CVE fixes (bug #1411725) [9.07-22] - Fix of SIGSEGV in cid_font_data_param when using ps2pdf (bug #1390847) [9.07-21] - Added security fixes for: - CVE-2013-5653 (bug #1380327) - CVE-2016-7977 (bug #1380415) - CVE-2016-7978 (bug #1382300) - CVE-2016-7979 (bug #1382305) - CVE-2016-8602 (bug #1383940) LOW Copyright 2017 Oracle, Inc. CVE-2017-7207 Oracle Linux 7 [1:5.5.56-2] - Do not fix context and change owner if run by root in mariadb-prepare-db-dir Related: #1458940 - Check properly that datadir includes only expected files Related: #1356897 [1:5.5.56-1] - Rebase to 5.5.56 That release also fixes the following security issues: CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3291 CVE-2017-3302 CVE-2016-5483/CVE-2017-3600 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 Resolves: #1458933 New deps required by upstream: checkpolicy and policycoreutils-python License text removed by upstream: COPYING.LESSER Do not ignore test-suite failure Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 Resolves: #1458940 [5.5.52-2] - Extension of mariadb-prepare-db-dir script - Resolves: #1356897 - Rebase to 5.5.52, that also include fix for CVE-2016-6662 Resolves: #1377974 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-5617 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 CVE-2017-3464 CVE-2016-5483 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3291 CVE-2017-3313 CVE-2017-3453 CVE-2017-3456 CVE-2017-3600 CVE-2017-3651 Oracle Linux 7 [0:7.0.76-2] - Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism - Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used [0:7.0.76-1] - Resolves: rhbz#1414895 Rebase tomcat to the current release [0:7.0.69-10] - Related: rhbz#1368122 [0:7.0.69-9] - Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz#1368122 [0:7.0.69-7] - Resolves: rhbz#1362545 [0:7.0.69-6] - Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service [0:7.0.69-5] - Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully [0:7.0.69-4] - Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service [0:7.0.69-3] - Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled) [0:7.0.69-2] - Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat - Rebase Resolves: rhbz#1320853 Add HSTS support - Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions - Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet - Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation - Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure - Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue - Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() - Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms - Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak [0:7.0.69-1] - Resolves: rhbz#1287928 Rebase to tomcat 7.0.69 - Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out - Resolves: rhbz#1277197 tomcat user has non-existing default shell set - Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7 - Resolves: rhbz#1229476 Tomcat startup ONLY options - Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar - Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit - Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion - Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file [0:7.0.54-2] - Resolves: CVE-2014-0227 [0:7.0.54-1] - Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd - artifacts. Rebase on 7.0.54. [0:7.0.43-6] - Resolves: CVE-2014-0099 - Resolves: CVE-2014-0096 - Resolves: CVE-2014-0075 [0:7.0.42-5] - Related: CVE-2013-4286 - Related: CVE-2013-4322 - Related: CVE-2014-0050 - revisit patches for above. [0:7.0.42-4] - Related: rhbz#1056696 correct packaging for sbin tomcat [0:7.0.42-3] - Related: CVE-2013-4286. increment build number. missed doing - it. - Resolves: rhbz#1038183 remove BR for ant-nodeps. it's - no long used. [0:7.0.42-2] - Resolves: rhbz#1056673 Invocation of useradd with shell - other than sbin nologin - Resolves: rhbz#1056677 preun systemv scriptlet unconditionally - stops service - Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7 - systemd rules. systemv subpackage is removed. - Resolves: CVE-2013-4286 - Resolves: CVE-2013-4322 - Resolves: CVE-2014-0050 - Built for rhel-7 RC [0:7.0.42-1] - Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is - deprecated. [07.0.40-3] - Mass rebuild 2013-12-27 [0:7.0.40-1] - Updated to 7.0.40 - Resolves: rhbz 956569 added missing commons-pool link [0:7.0.37-2] - Add depmaps for org.eclipse.jetty.orbit - Resolves: rhbz#917626 [0:7.0.39-1] - Updated to 7.0.39 [0:7.0.37-1] - Updated to 7.0.37 [0:7.0.35-1] - Updated to 7.0.35 - systemd SuccessExitStatus=143 for proper stop exit code processing [0:7.0.34-1] - Updated to 7.0.34 - ecj >= 4.2.1 now required - Resolves: rhbz 889395 concat classpath correctly; chdir to [0:7.0.33-2] - Resolves: rhbz 883806 refix logdir ownership [0:7.0.33-1] - Updated to 7.0.33 - Resolves: rhbz 873620 need chkconfig for update-alternatives [0:7.0.32-1] - Updated to 7.0.32 - Resolves: rhbz 842620 symlinks to taglibs [0:7.0.29-1] - Updated to 7.0.29 - Add pidfile as tmpfile - Use systemd for running as unprivileged user - Resolves: rhbz 847751 upgrade path was broken - Resolves: rhbz 850343 use new systemd-rpm macros [0:7.0.28-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0:7.0.28-1] - Updated to 7.0.28 - Resolves: rhbz 820119 Remove bundled apache-commons-dbcp - Resolves: rhbz 814900 Added tomcat-coyote POM - Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet - Remove redhat-lsb R [0:7.0.27-2] - Fixed native download hack [0:7.0.27-1] - Updated to 7.0.27 - Fixed jakarta-taglibs-standard BR and R [0:7.0.26-2] - Add more depmaps to J2EE apis to help jetty/glassfish updates [0:7.0.26-2] - Added the POM files for tomcat-api and tomcat-util (#803495) [0:7.0.26-1] - Updated to 7.0.26 - Bug 790334: Change ownership of logdir for logrotate [0:7.0.25-4] - Bug 790694: Priorities of jsp, servlet and el packages updated. [0:7.0.25-3] - Dropped indirect dependecy to tomcat 5 [0:7.0.25-2] - Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly [0:7.0.25-1] - Updated to 7.0.25 - Removed EntityResolver patch (changes already in upstream sources) - Place poms and depmaps in the same package as jars - Added javax.servlet.descriptor to export-package of servlet-api - Move several chkconfig actions and reqs to systemv subpackage - New maven depmaps generation method - Add patch to support java7. (patch sent upstream). - Require java >= 1:1.6.0 [0:7.0.23-5] - Exported javax.servlet.* packages in version 3.0 as 2.6 to make servlet-api compatible with Eclipse. [0:7.0.23-4] - Move jsvc support to subpackage [0:7.0.23-2] - Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream). [0:7.0.23-3] - Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for starting tomcat with jsvc, which allows tomcat to perform some privileged operations (e.g. bind to a port < 1024) and then switch identity to a non-privileged user. Must add USE_JSVC='true' to /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat. [0:7.0.23-1] - Updated to 7.0.23 [0:7.0.22-2] - Move tomcat-juli.jar to lib package - Drop %update_maven_depmap as in tomcat6 - Provide native systemd unit file ported from tomcat6 [0:7.0.22-1] - Updated to 7.0.22 [0:7.0.21-3.1] - rebuild (java), rel-eng#4932 [0:7.0.21-3] - Fix basedir mode [0:7.0.21-2] - Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli. [0:7.0.21-1] - Updated to 7.0.21 [0:7.0.20-3] - Require java = 1:1.6.0 [0:7.0.20-2] - Require java < 1.7.0 [0:7.0.20-1] - Updated to 7.0.20 [0:7.0.19-1] - Updated to 7.0.19 [0:7.0.16-1] - Updated to 7.0.16 [0:7.0.14-3] - Added initial systemd service - Fix some paths [0:7.0.14-2] - Fixed http source link - Securify some permissions - Added licenses for el-api and servlet-api - Added dependency on jpackage-utils for the javadoc subpackage [0:7.0.14-1] - Updated to 7.0.14 [0:7.0.12-4] - Provided local paths for libs - Fixed dependencies - Fixed update temp/work cleanup [0:7.0.12-3] - Fixed package groups - Fixed some permissions - Fixed some links - Removed old tomcat6 crap [0:7.0.12-2] - Package now named just tomcat instead of tomcat7 - Removed Provides: tomcat-log4j - Switched to apache-commons-* names instead of jakarta-commons-* . - Remove the old changelog - BR/R java >= 1:1.6.0 , same for java-devel - Removed old tomcat6 crap [0:7.0.12-1] - Tomcat7 LOW Copyright 2017 Oracle, Inc. CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-0762 CVE-2016-6797 Oracle Linux 7 [0.7.0-2] - Fix reserved data size (rhbz #1416783) - Fix inverted args in tests (rhbz #1416783) - Avoid sign extension problems (rhbz #1416783) - Fix crash with opening via GSocketAddress (rhbz #1416783) - Fix crash & error reporting during connection timeout (rhbz #1441120) - Fix incompatibility with libvncserver websockets (rhbz #921330) [0.7.0-1] - Update to 0.7.0 release (rhbz #1416783) - Release held keys when loosing focus (rhbz #921008) - Avoid warnings when disconnecting (rhbz #1126825) - Workaround to avoid hang connecting to SPICE guest (rhbz #921330) - CVE-2017-5884 - fix bounds checking for RRE, hextile and copyrect encodings (rhbz #1425367) - CVE-2017-5885 - fix color map index bounds checking (rhbz #1425367) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-5885 CVE-2017-5884 Oracle Linux 7 [6.2.8-30] - do not use /usr and LIBDIR together (#1455233) [6.2.8-29] - update translations (#1449625) [6.2.8-28] - ignore PAM_IGNORE for pam_succeed_if so application do not fail in pam_setcred() (#1450425) [6.2.8-27] - fix typo in the patch for CVE-2017-7488 (#1441604) [6.2.8-26] - CVE-2017-7488 authconfig: Information leak when SSSD is used for authentication against remote server (#1441604) [6.2.8-25] - faillock: change preauth phase to required and fix arguments handling (#1334449) [6.2.8-24] - faillock: add preauth phase so the account is actually blocked (#1334449) [6.2.8-23] - sssd: do not write SSSD PAM if there is no sssd.conf present (#1443949) [6.2.8-21] - sssd: do not ask for password with smartcards (#1441374) [6.2.8-20] - sssd: catch NoServiceError exception (#1441549) [6.2.8-19] - Add pam_faillock support (#1334449) [6.2.8-18] - Add SSSD Smartcard support (#1378943) [6.2.8-17] - Enable SSSD authentication also for local users (#1329598) [6.2.8-16] - Note that SSSD configuration may change with --updateall (#1339434) [6.2.8-15] - change pam module location from /lib[64] to /usr/lib[64] (#1414494) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7488 Oracle Linux 7 [3.3.26-9] - Address crash in OCSP status request extension, by eliminating the unneeded parsing (CVE-2017-7507, #1455828) [3.3.26-7] - Address interoperability issue with 3.5.x (#1388932) - Reject CAs which are both trusted and blacklisted in trust module (#1375303) - Added new functions to set issuer and subject ID in certificates (#1378373) - Reject connections with less than 1024-bit DH parameters (#1335931) - Fix issue that made GnuTLS parse only the first 32 extensions (#1383748) - Mention limitations of certtool in manpage (#1375463) - Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642) - Do not link directly to trousers but instead use dlopen (#1379739) - Fix incorrect OCSP validation (#1377569) - Added support for pin-value in PKCS#11 URIs (#1379283) - Added the --id option to p11tool (#1399232) - Improved sanity checks in RSA key generation (#1444780) - Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-5335 CVE-2017-5337 CVE-2017-5336 CVE-2016-7444 CVE-2017-5334 CVE-2017-7507 CVE-2017-7869 Oracle Linux 7 NetworkManager [1:1.8.0-9] - device: don't change MTU unless explicitly configured (rh #1460760) - core: don't remove external IPv4 addresses (rh #1459813) [1:1.8.0-8] - cli: fix output of iface in overview output (rh#1460219) - ppp: unexport NMPPPManager instance on dispose (rh#1459579) - cli: remove spurious device names from wifi subcommands output (rh#1460527) [1:1.8.0-7] - bond: fix crash comparing mode while generating bond connection (rh #1459580) - connectivity: fix route penalty if WWAN and BT device using ip-ifindex (rh #1459932) - device: persist nm-owned in run state (rh #1376199) - device: fix assuming master device on restart (rh #1452062) - device: apply route metric penality only when the default route exists (rh #1459604) [1:1.8.0-6] - connectivity: fix periodic connectivity check (rh #1458399) - bond: improve option matching on daemon restart (rh #1457909) - device: fix touching device after external activation (rh #1457242) [1:1.8.0-5] - ifcfg-rh: fix writing legacy NETMASK value (rh #1445414) - tui: fix crash during connect (rh #1456826) - libnm: fix libnm rejecting VLAN ID 4095 (rh #1456911) [1:1.8.0-4] - device: update external configuration before commit (rh #1449873) - bluetooth: fix crash on connecting to a NAP (rh #1454385) - device: release removed devices from master on cleanup (rh #1448907) - core: activate slaves using ifindex order by default (rh #1452585) - nmcli: fix crash when setting 802-1x.password-raw (rh #1456362) - po: update translations (rh #1382625) [1:1.8.0-3] - dhcp: don't add route to DHCP4 server (rh #1448987) - libnm: fix NUL termination of device's description (rh #1443114) - libnm, core: ensure valid UTF-8 in device properties (rh #1443114) - core: fix device's UDI property on D-Bus (rh #1443114) - ifcfg-rh: omit empty next hop for routes in legacy format (rh #1452648) [1:1.8.0-2] - core: fix persisting managed state of device (rh #1440171) - proxy: fix use-after-free (rh #1450459) - device: don't wrongly delay startup complete waiting for carrier (rh #1450444) [1:1.8.0-1] - Update to upstream release 1.8.0 - device: support dummy devices (rh#1398932) - core: support attaching user-data to connection profiles (rh#1421429) - core: fix allowing FQDN in dhcp-hostname setting (rh#1443437) - core: fix configuring firewall while device is activating (rh#1445242) - core: don't block activation without carrier for IPv6 DAD (rh#1446367) - tui: force writing master key to ifcfg file when editing connection (rh#1425409) [1:1.8.0-0.4.rc3] - Update to third Release Candidate of NetworkManager 1.8 - device: fix regressions in assuming devices on carryover from initrd (rh #1443878) - device: add support for SRIOV num_vfs (rh #1398934) - device: leave device up when setting it as unmanaged by user (rh #1371433) - core: properly track manager, route manager and default route manager references (rh #1440089) - route: properly deal with routes with non-empty host parts (rh #1439376) - vpn: fix a crash on disconnect (rh #1442064) - cli: fix hang on connection down (rh #1422786) - cli: fix interactive edit of bond slaves (rh #1440957) - vpn: fix early error handling on failed activations (rh #1440077) - core: only persist explicit managed state in device's state file (rh #1440171) [1:1.8.0-0.4.rc2] - Update to second Release Candidate of NetworkManager 1.8 - device: don't update disconnected devices routes after connectivity check (rh #1436978) - ifcfg-rh: also check BONDING_OPTS to determine the connection type (rh #1434555) - nmcli: fix nmcli con edit crash (rh #1436993) - nmcli: fix nmcli con down (rh #1436990) [1:1.8.0-0.4.rc1] - Update to first Release Candidate of NetworkManager 1.8 - nmcli: speedup with large numbers of VLANs (rh #1231526) - dns: avoid cleaning resolv.conf on exit if not needed (rh #1344303, rh #1426748) - device: bond: implement connection reapply (rh #1348198) - platform: add support for some route options (rh #1373698) - core: add mtu property to cdma and gsm settings (rh #1388613) - nmcli: fix output in terse mode (rh #1391170) - improve handling of unmanaged/assumed devices (rh #1394579) - policy: make DHCP hostname behaviour configurable (rh #1405275) - manager: ensure proper disposal of unrealized devices (rh #1433303) - nmcli: fix connection down (rh #1433883) - libnm-glib: fix memory leak (rh #1433912) - device: deal with non-existing IP settings in get_ip_config_may_fail() (rh #1436601) - nmcli: make --ask and --show-secrets global options (rh #1351263) - nmcli: improve error handling (rh #1394334) - device: apply a loose IPv4 rp_filter when it would interfere with multihoming (rh #1394344) - core: make connectivity checking per-device (rh #1394345) - manager: sort slaves to be autoconnected by device name (rh #1420708) - policy: add support to configurable hostname mode (rh #1422610) - team: support the ethernet.cloned-mac-address property (rh #1424641) - ifcfg-rh: fix reading team slave types of vlan type (rh #1427482) - default-route-manager: alyways force a sync of the default route (rh #1431268) - device: fail DHCPv6 if a link-local address is not present (rh #1432251) [1:1.8.0-0.3.git20170215.1d40c5f4] - Revert default behavior for clone-mac-address to permanent (rh #1413312) [1:1.8.0-0.2.git20170215.1d40c5f4] - Update to a 1.7.1 snapshot: - rebase NetworkManger package to new upstream 1.8.x version (rh #1414103) - device: introduce support to ipv6.method=shared (rh #1256822) - device: add support to vlan on virtual devices (rh #1312359) - core/supplicant: introduce support to MACsec connections (rh #1337997) - core: allow enforcing of 802-3 link properties (rh #1353612) - manager: allow a slave connection which has slaves to autoactivate them (rh #1360386) - cli: check the active-connection state to detect activation failure (rh #1367752, rh #1384937) - cli: remove the separate thread when in editor mode to fix races (rh #1368353) - ifcfg-rh: write the master device name even if the master property is an UUID (rh #1369008) - ifcfg-rh: higly improved parsing of ifcfg files (rh #1369380) - checkpoint: improved the checkpoint/rollback functionality (rh #1369716) - core: core: don't unmanage devices on shutdown (rh #1371126, rh #1378418) - cli: properly set multiple addresses in questionnaire mode (rh #1380165) - manager: keep scheduling connectivity check if there is a default active connection (rh #1386106) - device: allow custom MAC address on bond and bridge interfaces (rh #1386872) - core: avoid race reading permanent MAC address before udev initialized (rh #1388286) - ifcfg-rh: fix import of 802.1x connections with empty EAP-TLS identity (rh #1391477) - libnm-core: remove INFERRABLE flag from dhcp-hostname property (rh #1393997) - platform: preserve the order when multiple ip addresses are present (rh #1394500) - device: avoid a crash when both IPv4 and IPv6 configurations fail (rh #1404148) - dns: export dns state to DBUS (rh #1404594) - ppp: moved PPP support into a separate package (rh #1404598) - dns: don't apply DNS configuration coming from non-active devices (rh #1405431) - vlan: inherit default MTU from parent device (rh #1414186) - bond: fix crash when reading from sysfs 'NULL' (rh #1420244) - build: rebuild with correct hardening flags (rh #1420771) - platform: downgrade warning about failure to detect kernel support to debug (rh #1421019) - dns: change behavior for 'rc-manager=symlink' to preserve '/etc/resolv.conf' as file (rh #1367551) - libnm: order the property updates (rh #1417292) NetworkManager-libreswan [1.2.4-2] - po: update Japanese translation (rh #1383163) libnl3 [3.2.28-4] * lib: check for integer overflow in nl_reserve() (rh#1440788, rh#1442723) network-manager-applet [1.8.0-3] - editor: fix crash when destroying 802.1x page (rh #1458567) [1.8.0-2] - po: update Japanese translation (rh #1379642) [1.8.0-1] - Update to 1.8.0 release (rh #1441621) [1.8.0-0.1.git20170326.f260f8a] - Update to network-manager-applet 1.8 snapshot - c-e: add missing mnemonic characters to buttons (rh #1434317) - c-e: fix handling of devices without permanent MAC address in devices combo box (rh #1380424) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-0553 Oracle Linux 7 [10.4.1-11] - Resolves: rhbz #1469432 - ########################################################################## - RHEL 7.4: - ########################################################################## - Bugzilla Bug #1469432 - CMC plugin default change - Resolves CVE-2017-7537 - Fixes BZ #1470948 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7537 Oracle Linux 7 [3.22.1-5.2] - Related: #1469528 ensure .desktop file is still valid [3.22.1-5.1] + Fix arbitrary code execution via filename in tar-compressed comics archive - Resolves: #1469528 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000083 Oracle Linux 7 [3.0.13-8] - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469414 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() [3.0.13-7] - Resolves: Bug#1469409 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1469413 CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 - Resolves: Bug#1469414 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() - Resolves: Bug#1469417 CVE-2017-10985 freeradius: Infinite loop and memory exhaustion with 'concat' attributes - Resolves: Bug#1469418 CVE-2017-10986 freeradius: Infinite read in dhcp_attr2vp() - Resolves: Bug#1469421 CVE-2017-10987 freeradius: Buffer over-read in fr_dhcp_decode_suboptions() IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 Oracle Linux 5 kernel - 2.6.18-419.0.0.0.3 - nfsd: stricter decoding of write-like NFSv2/v3 ops [orabug 26586706] {CVE-2017-7895} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 Oracle Linux 7 [0:1.2.17-16] - Fix socket receiver deserialization vulnerability - Resolves: CVE-2017-5645 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5645 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.151-2.6.11.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.151-2.6.11.0] - Bump to 2.6.11 and u151b00. - Update java-access-bridge-security.patch to apply against 2.6.11. - Apply fix for 8185716 so ppc uses correct ins_encode format - Resolves: rhbz#1466509 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10102 CVE-2017-10109 CVE-2017-10116 CVE-2017-10135 CVE-2017-10053 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10107 CVE-2017-10108 CVE-2017-10110 CVE-2017-10115 CVE-2017-10243 Oracle Linux 7 [1.5.3-141.el7_4.1] - kvm-qemu-nbd-Ignore-SIGPIPE.patch [bz#1468107] - Resolves: bz#1468107 (CVE-2017-10664 qemu-kvm: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [rhel-7.4.z]) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-10664 Oracle Linux 6 Oracle Linux 7 [52.3.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.3.0-3] - Fix for rhbz#1470294 - bundling newer libffi for ppc* platforms [52.3.0-2] - Update to 52.3.0 ESR (b2) CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7786 CVE-2017-7798 CVE-2017-7785 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7807 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7809 Oracle Linux 7 [2.56.0-4] - Fix chunked decoding buffer overrun (CVE-2017-2885) (rh #1479322) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2885 Oracle Linux 7 [0.12.8-2.1] - Redo build properly versioned as a zstream build Related: CVE-2017-7506 [0.12.8-3] - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7506 Oracle Linux 7 - [3.10.0-693.1.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.1.1] - [fs] dentry name snapshots (Miklos Szeredi) [1471131 1470403] {CVE-2017-7533} - [fs] fix the regression from 'direct-io: Fix negative return from dio read beyond eof' (Eric Sandeen) [1475669 1473549] - [fs] direct-io: Fix negative return from dio read beyond eof (Eric Sandeen) [1475669 1473549] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7533 Oracle Linux 6 [2.2.15-60.0.1.5] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-60.5] - Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass - Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference - Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread - Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 Oracle Linux 7 [2.4.6-67.0.1.el7_4.2] - replace index.html with Oracle's index page oracle_index.html [2.4.6-67.2] - Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass - Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference - Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread - Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread - Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 CVE-2017-7668 Oracle Linux 7 [1.7.14-11] - add security fix for CVE-2017-9800 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-9800 Oracle Linux 7 [1.8.3.1-12] - prevent command injection via malicious ssh URLs Resolves: CVE-2017-1000117 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000117 Oracle Linux 6 [1.7.1-9] - prevent command injection via malicious ssh URLs Resolves: CVE-2017-1000117 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000117 Oracle Linux 7 [1.8.9-8] - Fix Information disclosure vulnerability - Resolves: CVE-2016-6814 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6814 Oracle Linux 7 [2.6.2-8] - Fix CVE-2017-1000115 and CVE-2017-1000116 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000115 CVE-2017-1000116 Oracle Linux 7 [1.2.20-7] - CVE-2017-1000061 - Related: #1472092 - Fix mis-applied patch hunk [1.2.20-6] - CVE-2017-1000061 - Resolves: #1472092 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-1000061 Oracle Linux 6 Oracle Linux 7 [52.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.3.0-1] - Update to 52.3.0 [52.2.1-1] - Update to 52.2.1 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7786 CVE-2017-7785 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7807 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7809 Oracle Linux 6 [0.12.4-12] - Resolves: rhbz#1479815 CVE-2017-9776 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9776 Oracle Linux 7 [0.26.5-17] - Resolves: rhbz#1482934 CVE-2017-9776 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9775 CVE-2017-9776 Oracle Linux 6 [5.3p1-123] - Fix for CVE-2016-6210: User enumeration via covert timing channel (#1357442) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-6210 Oracle Linux 7 [1.3.6.19-1] - Bump version to 1.3.6.19-1 - Remove old mozldap and db4 requirements - Resolves: Bug 1483865 - Crash while binding to a server during replication online init [1.3.6.1-18] - Bump version to 1.3.6.1-18 - Require srvcore 4.1.3 - Resolves: Bug 1479757 - dse.ldif and fsync - Resolves: Bug 1479755 - backup fails if changelog is enabled - Resolves: Bug 1479756 - Locked account provides different return code if password is correct [1.3.6.1-17] - Bump version to 1.3.6.1-17 - Resolves: Bug 1476161 - replication halt - pending list first CSN not committed, pending list increasing - Resolves: Bug 1476162 - Change the retrochangelog default cache size MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7551 Oracle Linux 7 - [3.10.0-693.2.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.2.2] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1489788 1489789] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000251 Oracle Linux 6 [2.6.32-696.10.2.OL6] - Update genkey [bug 25599697] [2.6.32-696.10.2] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000251 Oracle Linux 6 Oracle Linux 7 [4.66-2] - sdpd heap fixes Resolves: #1490008 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-1000250 Oracle Linux 7 [9.2.23-1] - update to 9.2.23 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-23.html [9.2.22-1] - update to 9.2.22 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-22.html MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7546 CVE-2017-7547 Oracle Linux 7 [1:24.3-20] - fix unsafe enriched mode translations (#1490452) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14482 Oracle Linux 7 [1.4.0-2.el7_4.1] - Fix CVE-2017-7555, improper handling of escaped strings (RHBZ#1481545) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7555 Oracle Linux 6 [3.6.23-45.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.24-45] - resolves: #1491210 - CVE-2017-2619 CVE-2017-12150 CVE-2017-12163 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2619 CVE-2017-12163 CVE-2017-12150 Oracle Linux 7 [4.6.2-11] - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-12163 CVE-2017-12150 CVE-2017-12151 Oracle Linux 6 [4.2.10-11] - resolves: #1491212 - CVE-2017-12150 CVE-2017-12163 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-12163 CVE-2017-12150 Oracle Linux 6 [2.6.32-696.10.3.OL6] - Update genkey [bug 25599697] [2.6.32-696.10.3] - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000253 Oracle Linux 5 kernel - 2.6.18-419.0.0.0.4 - [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253} - 2.6.18-419.0.0.0.3 - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [orabug 26586706] {CVE-2017-7895} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000253 Oracle Linux 6 Oracle Linux 7 [52.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build [45.5.0-1] - Update to 45.5.0 ESR [45.4.0-3] - Added upcoming upstream patches mozbz#1018486 [45.4.0-2] - Added Laszlo Ersek patch for aarch64 crashes [45.4.0-1] - Update to 45.4.0 ESR [45.3.0-1] - Update to 45.3.0 ESR [45.2.0-3] - Added fix for mozbz#256180 [45.2.0-2] - Added fix for mozbz#975832, rhbz#1343202 [45.2.0-1] - Update to 45.2.0 ESR [45.1.1-2] - Added fix for mozbz#1270046 - new Samba auth response [45.1.1-1] - Update to 45.1.1 ESR [45.1.0-3] - Disabled ffmpeg (rhbz#1330898) [45.1.0-1] - Fixed some regressions introduced by rebase [45.1.0-1] - Update to 45.1.0 ESR [45.0.2-1] - Update to 45.0.2 ESR [45.0.1-1] - Update to 45.0.1 ESR [45.0-5] - Fixed crashed after start (rhbz#1323744, rhbz#1323738) [45.0-4] - Added system-level location for configuring Firefox (rhbz#1206239) [45.0-3] - Update to 45.0 ESR [38.5.0-3] - Update to 38.5.0 ESR [38.4.0-1] - Update to 38.4.0 ESR [38.3.0-2] - Update to 38.3.0 ESR [38.2.1-1] - Update to 38.2.1 ESR [38.2.0-4] - Update to 38.2.0 ESR [38.1.1-1] - Update to 38.1.1 ESR [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section [38.0.1-1] - Update to 38.0.1 ESR [38.0-4] - Fixed rhbz#1221286 - After update to Firefox 38 ESR all RH preferences are gone [38.0-3] - Enabled system nss - Removed unused patches * Mon May 04 2015 Jan Horak - 38.0-2 - Update to 38.0 ESR [38.0b8-0.11] - Update to 38.0 Beta 8 [38.0b6-0.10] - Added patch for mozbz#1152515 [38.0b6-0.9] - Update to 38.0 Beta 6 [38.0b5-0.8] - Update to 38.0 Beta 5 [38.0b3-0.7] - Update to 38.0 Beta 3 [38.0b1-0.6] - Added patch for mozbz#1152391 [38.0b1-0.5] - Fix build on AArch64 (based on upstream skia changes) [38.0b1-0.4] - Enabled debug build [38.0b1-1] - Update to 38.0b1 [31.5.0-2] - Update to 31.5.0 ESR Build 2 [31.4.0-1] - Update to 31.4.0 ESR [31.3.0-6] - Fixed Bug 1140385 - [HP HPS 7.1 bug] assertion 'sys_page_size == 0' when starting firefox [31.3.0-5] - Fixed problems with dictionary (mozbz#1097550) - JS JIT fixes for ppc64le [31.3.0-3] - Fixed geolocation key location [31.3.0-2] - Disable exact rooting for JS [31.3.0-1] - Update to 31.3.0 ESR Build 2 - Fix for geolocation API (rhbz#1063739) [31.2.0-5] - Enabled gstreamer-1 support (rhbz#1161077) [31.2.0-4] - Fix webRTC for aarch64, ppc64le (rhbz#1148622) [31.2.0-3] - Update to 31.2.0 ESR - Fix for mozbz#1042889 [31.1.0-7] - Enable WebM on all arches [31.1.0-6] - Enable all NPAPI plugins by default to keep compatibility with the FF24 line [31.1.0-5] - Added workaround for rhbz#1134876 [31.1.0-3] - Disable mozilla::pkix (mozbz#1063315) - Enable image cache [31.1.0-2] - A workaround for rhbz#1110291 [31.1.0-1] - Update to 31.1.0 ESR [31.0-3] - Built with system libvpx/WebM [31.0-2] - Built with system nss/nspr [31.0-1] - Update to 31.0 ESR [24.6.0-1] - Update to 24.6.0 ESR [24.5.0-2] - Removed unused patches [24.5.0-1] - Update to 24.5.0 ESR [24.4.0-3] - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 [24.4.0-2] - fixed rhbz#1067343 - Broken languagepack configuration after firefox update [24.4.0-1] - Update to 24.4.0 ESR [24.3.0-3] - fixed rhbz#1054832 - Firefox does not support Camellia cipher [24.3.0-1] - Update to 24.3.0 ESR [24.2.0-3] - Mass rebuild 2014-01-24 [24.2.0-2] - Mass rebuild 2013-12-27 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-5] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-4] - Fixed rhbz#1034541 - No translation being picked up from langpacks for firefox [24.1.0-3] - Conflicts with old, xulrunner based firefox [24.1.0-2] - Ship dependentlibs.list (rhbz#1027782) - Nss/nspr dependency update [24.1.0-1] - Update to 24.1.0 ESR [24.0-2] - Build as stand alone browser, without xulrunner [24.0-1] - Update to 24.0 ESR [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-2] - Desktop file update - Spec file tweaks [17.0.8-1] - Update to 17.0.8 ESR [17.0.7-2] - Updated manual page [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-3] - Removed mozilla prefix from desktop file (rhbz#826960) [17.0.5-2] - Updated XulRunner SDK check [17.0.5-1] - Update to 17.0.5 ESR [17.0.4-2] - Fixed rhbz#837606 - firefox has no x-scheme-handler/http mime [17.0.4-1] - Update to 17.0.4 ESR - Added fix for mozbz#239254 - [Linux] Support disk cache on a local path [17.0.2-3] - Added NM preferences [17.0.2-2] - Updated preferences (NFS, nspluginwrapper) [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-1] - Update to 17.0.1 ESR [10.0.8-2] - Update to 10.0.8 ESR [10.0.7-1] - Update to 10.0.7 ESR [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-4] - Enabled WebM [10.0.5-2] - Added fix for mozbz#703633, rhbz#818341 [10.0.5-1] - Update to 10.0.5 ESR [10.0.4-1] - Update to 10.0.4 ESR [10.0.3-1] - Update to 10.0.3 ESR [10.0.1-1] - Update to 10.0.1 ESR [10.0-3] - Update to 10.0 ESR [10.0-1] - Update to 10.0 [7.0-5] - Update to 7.0 [7.0-4] - Update to 7.0 Beta 6 [7.0-2] - Update to 7.0 Beta 4 [5.0-1] - Update to 5.0 [3.6.18-1] - Fixed #698313 - 'background-repeat' css property isn't rendered well - Update to 3.6.18 [3.6.17-1] - Update to 3.6.17 [3.6.15-1] - Update to 3.6.15 [3.6.14-4] - Update to build3 [3.6.14-3] - Update to build2 [3.6.14-2] - Update to 3.6.14 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7793 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Oracle Linux 6 Oracle Linux 7 [3.28.4-12] - Backport patch to simplify transcript calculation for CertificateVerify IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7805 Oracle Linux 7 [2.76-2.2] - Small correction of CVE-2017-14491 [2.76-2.1] - Fix CVE-2017-14491 - Fix CVE-2017-14492 - Fix CVE-2017-14493 - Fix CVE-2017-14494 - Fix CVE-2017-14496 - Fix CVE-2017-14495 - extra fixes CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-14496 CVE-2017-14491 CVE-2017-14492 CVE-2017-14494 CVE-2017-14495 CVE-2017-14493 Oracle Linux 6 [2.48-18] - Fix CVE-2017-14491 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-14491 Oracle Linux 5 [2.45-1.1.0.1.el5] - Back port fix for CVE-2017-14491 from OL 6 errata ELSA-2017-2838 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-14491 Oracle Linux 6 [8.4.20-8] - backport fix for CVE-2017-7546 (rhbz#1484677) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7546 Oracle Linux 6 [2.6.32-696.13.2.OL6] - Update genkey [bug 25599697] [2.6.32-696.13.2] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} [2.6.32-696.13.1] - [netdv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474783 1474782] {CVE-2017-7541} - [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1482855 1466530] [2.6.32-696.12.1] - [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1479397 1464541] - [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1479397 1464541] - [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1479397 1464541] - [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1479397 1464541] [2.6.32-696.11.1] - [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1472127 1452358] MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7541 Oracle Linux 7 [2.4.6-67.0.1.el7_4.5] - replace index.html with Oracle's index page oracle_index.html [2.4.6-67.5] - Resolves: #1493064 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9798 Oracle Linux 6 Oracle Linux 7 [52.4.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.4.0-2] - Update to 52.4.0 (b2) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7793 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Oracle Linux 7 [1:2.6-5.1] - avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-13077 CVE-2017-13082 CVE-2017-13088 CVE-2017-13078 CVE-2017-13080 CVE-2017-13086 CVE-2017-13087 Oracle Linux 6 [1:0.7.3-9.2] - Fix backport errors (CVE-2017-13077, CVE-2017-13080) [1:0.7.3-9.1] - avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13087 Oracle Linux 7 - [3.10.0-693.5.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.5.2] - [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747] - Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747] [3.10.0-693.5.1] - [netdrv] i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Stefan Assmann) [1491972 1484232] - [netdrv] i40e: avoid NVM acquire deadlock during NVM update (Stefan Assmann) [1491972 1484232] - [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747] - [fs] nfsv4: Ensure we don't re-test revoked and freed stateids (Dave Wysochanski) [1491969 1459733] - [netdrv] bonding: commit link status change after propose (Jarod Wilson) [1491121 1469790] - [mm] page_alloc: ratelimit PFNs busy info message (Jonathan Toppins) [1491120 1383179] - [netdrv] cxgb4: avoid crash on PCI error recovery path (Gustavo Duarte) [1489872 1456990] - [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1489814 1468727] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488341 1487061] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488341 1487061] {CVE-2017-14106} - [net] sctp: Avoid out-of-bounds reads from address storage (Stefano Brivio) [1484356 1484355] {CVE-2017-7558} - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481530 1481535] {CVE-2017-1000112} - [net] udp: account for current skb length when deciding about UFO (Davide Caratti) [1481530 1481535] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481530 1481535] {CVE-2017-1000112} - [net] udp: avoid ufo handling on IP payload compression packets (Stefano Brivio) [1490263 1464161] - [pci] hv: Use vPCI protocol version 1.2 (Vitaly Kuznetsov) [1478256 1459202] - [pci] hv: Add vPCI version protocol negotiation (Vitaly Kuznetsov) [1478256 1459202] - [pci] hv: Use page allocation for hbus structure (Vitaly Kuznetsov) [1478256 1459202] - [pci] hv: Fix comment formatting and use proper integer fields (Vitaly Kuznetsov) [1478256 1459202] - [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Stefano Brivio) [1477007 1477010] {CVE-2017-7542} - [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [1477007 1477010] {CVE-2017-7542} - [net] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184} - [net] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184} - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1489788 1489789] {CVE-2017-1000251} [3.10.0-693.4.1] - [fs] nfsv4: Add missing nfs_put_lock_context() (Benjamin Coddington) [1487271 1476826] - [fs] nfs: discard nfs_lockowner structure (Benjamin Coddington) [1487271 1476826] - [fs] nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (Benjamin Coddington) [1487271 1476826] - [fs] nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (Benjamin Coddington) [1487271 1476826] - [fs] nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (Benjamin Coddington) [1487271 1476826] - [fs] nfsv4: add flock_owner to open context (Benjamin Coddington) [1487271 1476826] - [fs] nfs: remove l_pid field from nfs_lockowner (Benjamin Coddington) [1487271 1476826] - [x86] platform/uv/bau: Disable BAU on single hub configurations (Frank Ramsay) [1487159 1487160 1472455 1473353] - [x86] platform/uv/bau: Fix congested_response_us not taking effect (Frank Ramsay) [1487159 1472455] - [fs] cifs: Disable encryption capability for RHEL 7.4 kernel (Sachin Prabhu) [1485445 1485445] - [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1484269 1479043] - [fs] include/linux/printk.h: include pr_fmt in pr_debug_ratelimited (Sachin Prabhu) [1484267 1472823] - [fs] printk: pr_debug_ratelimited: check state first to reduce 'callbacks suppressed' messages (Sachin Prabhu) [1484267 1472823] - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481938 1481940] {CVE-2017-1000111} - [fs] proc: revert /proc/<pid>/maps [stack:TID] annotation (Waiman Long) [1481724 1448534] - [net] ping: check minimum size on ICMP header length (Matteo Croce) [1481578 1481573] {CVE-2016-8399} - [ipc] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476128 1476126] {CVE-2017-11176} - [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474778 1474784] {CVE-2017-7541} [3.10.0-693.3.1] - [block] blk-mq-tag: fix wakeup hang after tag resize (Ming Lei) [1487281 1472434] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-8399 CVE-2017-7184 CVE-2017-7541 CVE-2017-1000111 CVE-2017-14106 CVE-2017-11176 CVE-2017-7542 CVE-2017-7558 CVE-2017-1000112 Oracle Linux 6 [2.2.15-60.0.1.6] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-60.6] - Resolves: #1493061 - CVE-2017-9798 httpd: various flaws MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9798 CVE-2017-12171 Oracle Linux 6 Oracle Linux 7 [1:1.8.0.151-1.b12] - repack policies adapted to new counts and paths - note that also c-j-c is needed to make this apply in next update - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Correct fix to RH1191652 root patch so existing COMMON_CCXXFLAGS_JDK is not lost. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Update location of policy JAR files following 8157561. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Update SystemTap tapsets to version in IcedTea 3.6.0pre02 to fix RH1492139. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Fix premature shutdown of NSS in SunEC provider. - Move -ffp-no-contract fix to local fixes section. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Add 8075484/PR3473/RH1490713 which is listed as being in 8u151 but not supplied by Oracle. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Update to aarch64-jdk8u151-b12. - Update location of OpenJDK zlib system library source code in remove-intree-libraries.sh - Drop upstreamed patches for 8179084 and RH1367357 (part of 8183028). - Update RH1191652 (root) to accomodate 8151841 (GCC 6 support). - Update RH1163501 to accomodate 8181048 (crypto refactoring) - Resolves: rhbz#1499207 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-10274 CVE-2017-10281 CVE-2017-10345 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10285 CVE-2017-10295 CVE-2017-10346 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Oracle Linux 6 [4.2.6p5-12.0.1.el6_9.1] - add disable monitor to default ntp.conf [CVE-2013-5211] [4.2.6p5-12.el6_9.1] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) [4.2.6p5-12] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) [4.2.6p5-11] - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-6462 CVE-2017-6464 CVE-2017-6463 Oracle Linux 7 [1.14-15.1] - Fixed various security flaws (CVE-2017-13089, CVE-2017-13090) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-13089 CVE-2017-13090 Oracle Linux 6 [0:6.0.24-111] - Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws [0:6.0.24-110] - Resolves: rhbz#1461292 CVE-2017-5664 tomcat6: tomcat: Security constrained bypass in error page mechanism [0:6.0.24-109] - Resolves: rhbz#1461851 The tomcat6 build is incompatible with the ECJ update [0:6.0.24-106] - Resolves: rhbz#1441478 CVE-2017-5647 tomcat6: tomcat: Incorrect handling of pipelined requests when send file was used IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12615 CVE-2017-12617 CVE-2017-5647 CVE-2017-5664 Oracle Linux 7 [0:7.0.76-3] - Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws - Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning - Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12615 CVE-2017-12617 CVE-2017-5647 CVE-2017-7674 Oracle Linux 7 [2.5.2-11] - Resolves: CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744, CVE-2014-8184 MODERATE Copyright 2017 Oracle, Inc. CVE-2014-8184 CVE-2017-13740 CVE-2017-13743 CVE-2017-13738 CVE-2017-13741 CVE-2017-13742 CVE-2017-13744 Oracle Linux 6 [2.6.32-696.16.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.16.1] - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1498019 1441773] - [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1497976 1477288] - [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1497976 1477288] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488344 1488340] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488344 1488340] {CVE-2017-14106} - [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1487220 1441169] - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} - [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} [2.6.32-696.15.1] - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} [2.6.32-696.14.1] - [fs] nfs: don't disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1491123 1459636] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000111 CVE-2017-14106 CVE-2017-1000112 Oracle Linux 7 [5.4.16-43] - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 - gd: Signed Integer Overflow gd_io.c CVE-2016-10168 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10167 CVE-2016-10168 Oracle Linux 6 Oracle Linux 7 [52.5.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.5.0-1] - Update to 52.5.0 ESR CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Oracle Linux 7 [4.6.2-12] - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14746 CVE-2017-15275 Oracle Linux 7 [7.29.0-42.el7_4.1] - fix buffer overflow while processing IMAP FETCH response (CVE-2017-1000257) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-1000257 Oracle Linux 7 [3.22-36.1] - Fixed possible buffer overflow in loadbuf function Resolves: CVE-2017-16844 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-16844 Oracle Linux 6 Oracle Linux 7 [1.3.9-5.1] - Resolves: #1507346 - CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12613 Oracle Linux 6 [4.2.10-12] - resolves: #1514315 - Fix CVE-2017-14746 and CVE-2017-15275 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14746 CVE-2017-15275 Oracle Linux 7 - [3.10.0-693.11.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.11.1] - [powerpc] perf: Fix book3s kernel to userspace backtraces (Gustavo Duarte) [1506143 1492669] [3.10.0-693.10.1] - [mm] mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd() (Rafael Aquini) [1505164 1472460] - [mm] fix invalid node in alloc_migrate_target() (Rafael Aquini) [1505164 1472460] - [mm] add !pte_present() check on existing hugetlb_entry callbacks (Rafael Aquini) [1505164 1472460] - [fs] ceph: avoid accessing freeing inode in ceph_check_delayed_caps() (Ilya Dryomov) [1505163 1489426] - [fs] nfsd: Fix general protection fault in release_lock_stateid() (J. Bruce Fields) [1505160 1500815] - [fs] cifs: Reconnect expired SMB sessions (Leif Sahlberg) [1501526 1477052] - [fs] cifs: Separate SMB2 header structure (Leif Sahlberg) [1501526 1429710] [3.10.0-693.9.1] - [fs] ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (Bill O'Donnell) [1504115 1458728] - [fs] ext4: fix off-by-in loop termination in ext4_find_unwritten_pgoff() (Bill O'Donnell) [1501387 1469363] - [fs] ext4: fix SEEK_HOLE (Bill O'Donnell) [1501387 1469363] - [fs] xfs: Move handling of missing page into one place in xfs_find_get_desired_pgoff() (Bill O'Donnell) [1498736 1460446] - [fs] xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() (Bill O'Donnell) [1498736 1460446] - [fs] xfs: Fix missed holes in SEEK_HOLE implementation (Bill O'Donnell) [1498736 1460446] - [fs] xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() (Eryu Guan) [1502731 1458997] - [nvme] Test unit Ready broken for nvme drvices (David Milburn) [1502733 1478457] - [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Mohammed Gamal) [1495763 1491843] - [hv] vmbus: Fix error code returned by vmbus_post_msg() (Mohammed Gamal) [1495763 1467258] - [netdrv] netvsc: propagate MAC address change to VF slave (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: delay setup of VF device (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: make sure and unregister datapath (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: fix rtnl deadlock on unregister of vf (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: transparent VF management (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] hv_netvsc: Fix the carrier state error when data path is off (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] hv_netvsc: Fix the queue index computation in forwarding case (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: handle select_queue when device is being removed (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: report per-channel stats in ethtool statistics (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: account for packets/bytes transmitted after completion (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: group all per-channel state together (Vitaly Kuznetsov) [1500321 1477784] - [netdrv] netvsc: enhance transmit select_queue (Vitaly Kuznetsov) [1500321 1477784] [3.10.0-693.8.1] - [x86] kvm: x86: Fix potential preemption when get the current kvmclock timestamp (Marcelo Tosatti) [1503459 1496522] - [x86] kvm: x86: remove irq disablement around KVM_SET_CLOCK/KVM_GET_CLOCK (Marcelo Tosatti) [1503459 1496522] [3.10.0-693.7.1] - [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747] - Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747] [3.10.0-693.6.1] - [netdrv] mlx5: Avoid using pending command interface slots (Don Dutile) [1497604 1463367] - [x86] amd: Limit cpu_core_id fixup to families older than F17h (Suravee Suthikulpanit) [1497603 1477397] - [x86] cpu/amd: Fix Zen SMT topology (Suravee Suthikulpanit) [1497603 1477397] - [x86] cpu/amd: Bring back Compute Unit ID (Suravee Suthikulpanit) [1497603 1477397] - [x86] cpu/amd: Fix Bulldozer topology (Suravee Suthikulpanit) [1497603 1477397] - [x86] cpu/amd: Clean up cpu_llc_id assignment per topology feature (Suravee Suthikulpanit) [1497603 1477397] - [x86] cpu: Get rid of compute_unit_id (Suravee Suthikulpanit) [1497603 1477397] - [x86] amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (Suravee Suthikulpanit) [1497238 1477399] - [net] ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER (Matteo Croce) [1497121 1468935] - [fs] gfs2: Fix debugfs glocks dump (Andreas Grunbacher) [1497078 1493067] - [fs] gfs2: Replace rhashtable_walk_init with rhashtable_walk_enter (Andreas Grunbacher) [1497078 1493067] - [fs] gfs2: Deduplicate gfs2_{glocks,glstats}_open (Andreas Grunbacher) [1497078 1493067] - [cpufreq] intel_pstate: Fix unsafe HWP MSR access (Steve Best) [1497058 1457552] - [s390] af_iucv: correctly copy SKB data (add missing hunk from 04d0ec) (Hendrik Brueckner) [1494354 1459782] - [sound] alsa: timer: Use common error handling code in alsa_timer_init() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Adjust a condition check in snd_timer_resolution() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Follow standard EXPORT_SYMBOL() declarations (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Wrap with spinlock for queue access (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Improve user queue reallocation (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Fix race between read and ioctl (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Info leak in snd_timer_user_tinterrupt() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: remove some dead code (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} - [sound] alsa: timer: Reject user params with too small ticks (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000380 Oracle Linux 7 [1.5.3-141.el7_4.4] - kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501120] - Resolves: bz#1501120 (CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.4.z]) [1.5.3-141.el7_4.3] - kvm-bswap.h-Remove-cpu_to_32wu.patch [bz#1501294] - kvm-hw-use-ld_p-st_p-instead-of-ld_raw-st_raw.patch [bz#1501294] - kvm-vga-Start-cutting-out-non-32bpp-conversion-support.patch [bz#1501294] - kvm-vga-Remove-remainder-of-old-conversion-cruft.patch [bz#1501294] - kvm-vga-Separate-LE-and-BE-conversion-functions.patch [bz#1501294] - kvm-vga-Rename-vga_template.h-to-vga-helpers.h.patch [bz#1501294] - kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1501294] - kvm-vga-drop-line_offset-variable.patch [bz#1501294] - kvm-vga-Add-mechanism-to-force-the-use-of-a-shadow-surfa.patch [bz#1501294] - kvm-vga-handle-cirrus-vbe-mode-wraparounds.patch [bz#1501294] - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501294] - Resolves: bz#1501294 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-7.4.z]) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-14167 CVE-2017-15289 Oracle Linux 6 Oracle Linux 7 [52.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.5.0-1] - Update to 52.5.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Oracle Linux 7 [1.15.2-50.8] - Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z] [1.15.2-50.7] - Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z] MODERATE Copyright 2017 Oracle, Inc. CVE-2017-12173 Oracle Linux 6 Oracle Linux 7 [52.5.1-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.5.1-1] - Update to 52.5.1 ESR IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7843 Oracle Linux 7 [2.5.2-12] - Resolves: CVE-2017-15101 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-15101 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.161-2.6.12.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.161-2.6.12.0] - Remove superfluous %1 from policy JAR file path. - Resolves: rhbz#1499207 [1:1.7.0.161-2.6.12.0] - Update location of policy JAR files following 8157561. - Resolves: rhbz#1499207 [1:1.7.0.161-2.6.12.0] - Bump to 2.6.12 and u161b00. - Update SystemTap tapsets to version in IcedTea 2.6.12pre01 to fix RH1492139. - Drop 8185716 patch, now applied upstream. - Update location of OpenJDK zlib system library source code in remove-intree-libraries.sh - Fix name of SystemTap tarball, following update. - Resolves: rhbz#1499207 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-10274 CVE-2017-10281 CVE-2017-10345 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10285 CVE-2017-10295 CVE-2017-10346 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-10193 CVE-2017-10198 Oracle Linux 7 [9.2.23-3] - setup: keep PGSETUP_* variables after switching to not-privileged user [9.2.23-2] - fix CVE-2017-12172 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-12172 CVE-2017-15097 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.25] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042} - nvme: Limit command retries (Keith Busch) [Orabug: 25374751] - fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828} - tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666} - i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655} - netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806} - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793} [4.1.12-61.1.24] - rebuild bumping release IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6828 CVE-2016-7042 CVE-2016-8666 CVE-2016-8655 CVE-2016-9806 CVE-2016-9794 CVE-2016-9793 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.16.2] - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793} [3.8.13-118.16.1] - nvme: Limit command retries (Ashok Vairavan) [Orabug: 25374794] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374371] {CVE-2016-6828} - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 22505535] - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25203963] {CVE-2016-9794} - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25217756] {CVE-2016-8655} - x86: kvmclock: zero initialize pvclock shared memory area (Igor Mammedov) [Orabug: 25218431] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306373] {CVE-2016-7042} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6828 CVE-2016-7042 CVE-2016-8655 CVE-2016-9794 CVE-2016-9793 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.1] - nvme: Limit command retries (Ashok Vairavan) [Orabug: 25342947] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374376] {CVE-2016-6828} - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231728] {CVE-2016-9794} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231758] {CVE-2016-9793} - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306377] {CVE-2016-7042} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6828 CVE-2016-7042 CVE-2016-9794 CVE-2016-9793 Oracle Linux 6 Oracle Linux 7 [1.12.6-1.0.1] - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] [1.12.6] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix runC privilege escalation (CVE-2016-9962) [1.12.5] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix race on sending stdin close event [#29424](https://github.com/docker/docker/pull/29424) - Fix panic in docker network ls when a network was created with --ipv6 and no ipv6 --subnet in older docker versions [#29416](https://github.com/docker/docker/pull/29416) - Fix compilation on Darwin [#29370](https://github.com/docker/docker/pull/29370) [1.12.4] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix issue where volume metadata was not removed [#29083](https://github.com/docker/docker/pull/29083) - Asynchronously close streams to prevent holding container lock [#29050](https://github.com/docker/docker/pull/29050) - Fix selinux labels for newly created container volumes [#29050](https://github.com/docker/docker/pull/29050) - Remove hostname validation [#28990](https://github.com/docker/docker/pull/28990) - Fix deadlocks caused by IO races [#29095](https://github.com/docker/docker/pull/29095) [#29141](https://github.com/docker/docker/pull/29141) - Return an empty stats if the container is restarting [#29150](https://github.com/docker/docker/pull/29150) - Fix volume store locking [#29151](https://github.com/docker/docker/pull/29151) - Ensure consistent status code in API [#29150](https://github.com/docker/docker/pull/29150) - Fix incorrect opaque directory permission in overlay2 [#29093](https://github.com/docker/docker/pull/29093) - Detect plugin content and error out on docker pull [#29297](https://github.com/docker/docker/pull/29297) - Update Swarmkit [#29047](https://github.com/docker/docker/pull/29047) - orchestrator/global: Fix deadlock on updates [docker/swarmkit#1760](https://github.com/docker/swarmkit/pull/1760) - on leader switchover preserve the vxlan id for existing networks [docker/swarmkit#1773](https://github.com/docker/swarmkit/pull/1773) - Refuse swarm spec not named 'default' [#29152](https://github.com/docker/docker/pull/29152) - Update libnetwork [#29004](https://github.com/docker/docker/pull/29004) [#29146](https://github.com/docker/docker/pull/29146) - Fix panic in embedded DNS [docker/libnetwork#1561](https://github.com/docker/libnetwork/pull/1561) - Fix unmarhalling panic when passing --link-local-ip on global scope network [docker/libnetwork#1564](https://github.com/docker/libnetwork/pull/1564) - Fix panic when network plugin returns nil StaticRoutes [docker/libnetwork#1563](https://github.com/docker/libnetwork/pull/1563) - Fix panic in osl.(*networkNamespace).DeleteNeighbor [docker/libnetwork#1555](https://github.com/docker/libnetwork/pull/1555) - Fix panic in swarm networking concurrent map read/write [docker/libnetwork#1570](https://github.com/docker/libnetwork/pull/1570) - Allow encrypted networks when running docker inside a container [docker/libnetwork#1502](https://github.com/docker/libnetwork/pull/1502) - Do not block autoallocation of IPv6 pool [docker/libnetwork#1538](https://github.com/docker/libnetwork/pull/1538) - Set timeout for netlink calls [docker/libnetwork#1557](https://github.com/docker/libnetwork/pull/1557) - Increase networking local store timeout to one minute [docker/libkv#140](https://github.com/docker/libkv/pull/140) - Fix a panic in libnetwork.(*sandbox).execFunc [docker/libnetwork#1556](https://github.com/docker/libnetwork/pull/1556) - Honor icc=false for internal networks [docker/libnetwork#1525](https://github.com/docker/libnetwork/pull/1525) - Update syslog log driver [#29150](https://github.com/docker/docker/pull/29150) - Run 'dnf upgrade' before installing in fedora [#29150](https://github.com/docker/docker/pull/29150) - Add build-date back to RPM packages [#29150](https://github.com/docker/docker/pull/29150) - deb package filename changed to include distro to distinguish between distro code names [#27829](https://github.com/docker/docker/pull/27829) [1.12.3] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix ambient capability usage in containers (CVE-2016-8867) [#27610](https://github.com/docker/docker/pull/27610) - Prevent a deadlock in libcontainerd for Windows [#27136](https://github.com/docker/docker/pull/27136) - Fix error reporting in CopyFileWithTar [#27075](https://github.com/docker/docker/pull/27075) - Reset health status to starting when a container is restarted [#27387](https://github.com/docker/docker/pull/27387) - Properly handle shared mount propagation in storage directory [#27609](https://github.com/docker/docker/pull/27609) - Fix docker exec [#27610](https://github.com/docker/docker/pull/27610) - Fix backward compatibility with containerds events log [#27693](https://github.com/docker/docker/pull/27693) - Fix conversion of restart-policy [#27062](https://github.com/docker/docker/pull/27062) - Update Swarmkit [#27554](https://github.com/docker/docker/pull/27554) - Avoid restarting a task that has already been restarted [docker/swarmkit#1305](https://github.com/docker/swarmkit/pull/1305) - Allow duplicate published ports when they use different protocols [docker/swarmkit#1632](https://github.com/docker/swarmkit/pull/1632) - Allow multiple randomly assigned published ports on service [docker/swarmkit#1657](https://github.com/docker/swarmkit/pull/1657) - Fix panic when allocations happen at init time [docker/swarmkit#1651](https://github.com/docker/swarmkit/pull/1651) - Update libnetwork [#27559](https://github.com/docker/docker/pull/27559) - Fix race in serializing sandbox to string [docker/libnetwork#1495](https://github.com/docker/libnetwork/pull/1495) - Fix race during deletion [docker/libnetwork#1503](https://github.com/docker/libnetwork/pull/1503) - Reset endpoint port info on connectivity revoke in bridge driver [docker/libnetwork#1504](https://github.com/docker/libnetwork/pull/1504) - Fix a deadlock in networking code [docker/libnetwork#1507](https://github.com/docker/libnetwork/pull/1507) - Fix a race in load balancer state [docker/libnetwork#1512](https://github.com/docker/libnetwork/pull/1512) - Update fluent-logger-golang to v1.2.1 [#27474](https://github.com/docker/docker/pull/27474) - Update buildtags for armhf ubuntu-trusty [#27327](https://github.com/docker/docker/pull/27327) - Add AppArmor to runc buildtags for armhf [#27421](https://github.com/docker/docker/pull/27421) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9962 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.27] - vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] {CVE-2016-9083} {CVE-2016-9084} - Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] {CVE-2016-9576} - kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] {CVE-2016-8630} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] {CVE-2016-8646} - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] {CVE-2016-4485} [4.1.12-61.1.26] - xen-netback: fix extra_info handling in xenvif_tx_err() (Paul Durrant) [Orabug: 25445336] - net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug: 25458076] - tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076] - xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel) [Orabug: 25430143] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-8630 CVE-2016-4485 CVE-2016-9083 CVE-2016-9084 CVE-2016-9576 CVE-2016-8646 CVE-2016-4482 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.16.3] - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646} - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-4485 CVE-2016-8646 CVE-2016-4482 CVE-2013-7446 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.2] - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-4485 CVE-2016-8646 CVE-2016-4482 CVE-2013-7446 CVE-2015-1420 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.28] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598257] {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.16.4] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.3] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.33] - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} [4.1.12-61.1.32] - x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644} [4.1.12-61.1.31] - rebuild bumping release [4.1.12-61.1.30] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187} [4.1.12-61.1.29] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636} - If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783] - PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783] - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633} - usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951} - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951} - cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672} - kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596} - crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147} - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588} - KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645} - tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632} - fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178} - scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425} - tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097} - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097} - ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952} - ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952} - mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345} - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847] - ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970} - perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001} - ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897} - mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10088 CVE-2016-7097 CVE-2016-8399 CVE-2017-7187 CVE-2017-2636 CVE-2016-10147 CVE-2016-9588 CVE-2016-7425 CVE-2016-8633 CVE-2016-3951 CVE-2016-3672 CVE-2017-2596 CVE-2016-9756 CVE-2016-8645 CVE-2016-8632 CVE-2016-9178 CVE-2015-8952 CVE-2016-3140 CVE-2017-6345 CVE-2017-5970 CVE-2017-6001 CVE-2017-5897 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.17.4] - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644} [3.8.13-118.17.3] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399} [3.8.13-118.17.2] - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187} [3.8.13-118.17.1] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696686] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696686] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696686] {CVE-2017-2636} - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 21305080] {CVE-2015-4700} - net: filter: return -EINVAL if BPF_S_ANC* operation is not supported (Daniel Borkmann) [Orabug: 22187148] - KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) - KEYS: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451530] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463927] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463927] {CVE-2016-3672} - pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (WANG Cong) [Orabug: 25490335] {CVE-2015-8569} - sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490372] {CVE-2015-5707} - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507195] {CVE-2016-9588} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507230] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507230] {CVE-2016-8645} - fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507281] {CVE-2016-9178} - scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507328] {CVE-2016-7425} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507328] {CVE-2016-7425} - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512413] {CVE-2016-4580} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512471] {CVE-2016-3140} - ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25543892] {CVE-2017-5970} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682430] {CVE-2017-6345} - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646} - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2015-4700 CVE-2016-10088 CVE-2016-8399 CVE-2016-10142 CVE-2017-7187 CVE-2017-2636 CVE-2016-9588 CVE-2016-7425 CVE-2015-8569 CVE-2016-4580 CVE-2016-8633 CVE-2016-3672 CVE-2016-8645 CVE-2016-9178 CVE-2016-3140 CVE-2017-6345 CVE-2017-5970 CVE-2015-5707 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.6] - RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142} [2.6.39-400.294.5] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187} [2.6.39-400.294.4] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636} - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636} - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672} - sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425} - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700} - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2015-4700 CVE-2016-10088 CVE-2016-8399 CVE-2016-10142 CVE-2017-7187 CVE-2017-2636 CVE-2016-7425 CVE-2016-4580 CVE-2016-8633 CVE-2016-3672 CVE-2016-8645 CVE-2016-3140 CVE-2017-6345 CVE-2015-5707 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.17.5] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7910 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.7] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7910 CVE-2016-10229 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.34] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583} - ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208} - ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] {CVE-2016-10208} - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] {CVE-2016-10208} - ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] {CVE-2017-5986} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720805] {CVE-2017-6214} - ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839] {CVE-2017-6347} - udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839] {CVE-2017-6347} - udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] {CVE-2017-6347} - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] {CVE-2016-7910} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7910 CVE-2017-2583 CVE-2017-6214 CVE-2017-6347 CVE-2017-7184 CVE-2016-10208 CVE-2017-5986 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.4] - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 26075879] - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 26038830] [4.1.12-94.3.3] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986971] {CVE-2017-7895} [4.1.12-94.3.2] - sparc64: Detect DAX ra+pgsz when hvapi minor doesn't indicate it (Rob Gardner) [Orabug: 25997533] - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25997533] [Orabug: 25931417] - sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997226] - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137] - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790] - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747] - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25996655] - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628] - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546] - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522] - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475] - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] - megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] [4.1.12-94.3.1] - Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25968572] - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25946533] - NVMe: Set affinity after allocating request queues (Keith Busch) [Orabug: 25945973] - nvme: use an integer value to Linux errno values (Christoph Hellwig) [Orabug: 25945973] - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25945973] - x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 24819170] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 24819170] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25525433] - Btrfs: don't BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25534945] - Btrfs: clarify do_chunk_alloc()'s return value (Liu Bo) [Orabug: 25534945] - btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25534945] - Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25721518] - qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 25862953] - Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25866691] - Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25866691] - Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25866691] - Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25866691] - Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25866691] - Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) - Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25866691] - xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876652] {CVE-2016-10229} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.18.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895} [3.8.13-118.18.1] - fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] - xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] - xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] - VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] - VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583} - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214} - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] - USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782} - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669} - vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252} - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184} - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647} - USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257} - udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731} - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910} - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644} - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2583 CVE-2017-6214 CVE-2017-7184 CVE-2016-10208 CVE-2017-5986 CVE-2017-7895 CVE-2015-6252 CVE-2017-2647 CVE-2015-5257 CVE-2015-9731 CVE-2016-2782 CVE-2017-5669 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.295.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} [2.6.39-400.295.1] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214} - USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782} - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669} - vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252} - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184} - KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647} - USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257} - RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937} - udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731} - udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731} - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910} - RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142} - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187} - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636} - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636} - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672} - sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425} - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700} - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345} - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074} - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2015-6937 CVE-2017-2583 CVE-2017-6214 CVE-2017-7184 CVE-2017-5986 CVE-2017-7895 CVE-2015-6252 CVE-2017-2647 CVE-2015-5257 CVE-2015-9731 CVE-2016-2782 CVE-2017-5669 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.5] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26132091] {CVE-2017-8890} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8890 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.18.3] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108571] {CVE-2017-8890} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8890 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.296.2] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108573] {CVE-2017-8890} [2.6.39-400.296.1] - cifs: adjust sequence number downward after signing NT_CANCEL request (Albert Barbe) - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 CVE-2017-8890 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.6] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143545] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143545] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143545] {CVE-2017-7308} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7308 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.18.4] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7308 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.7] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326143] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326143] {CVE-2017-1000364} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.8] - macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26368162] {CVE-2017-7477} - macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26368162] {CVE-2017-7477} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366988] {CVE-2017-7645} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7477 CVE-2017-7645 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.2] - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] {CVE-2017-7645} [3.8.13-118.19.1] - selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25290650] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891907] {CVE-2017-7273} - udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905721] {CVE-2015-4167} - udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905721] {CVE-2015-4167} - udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905721] {CVE-2015-4167} - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948098] {CVE-2014-9710} - net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948145] {CVE-2015-2686} - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975506] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975506] - xsigo: [backport](UEK3)-Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 26007560] - ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032372] {CVE-2015-1465} - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26139385] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108571] {CVE-2017-8890} - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7645 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.3] - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366024] {CVE-2017-7645} [2.6.39-400.297.2] - dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug: 25645229] - xen/manage: Always freeze/thaw processes when suspend/resuming (Ross Lagerwall) [Orabug: 25795530] - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25955028] [2.6.39-400.297.1] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277602] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108573] {CVE-2017-8890} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7645 Oracle Linux 6 [2.6.39-400.297.4] - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326145] {CVE-2017-1000364} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.5.7] - Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26444722] - Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26444722] - Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26444722] - Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26444722] - blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26385993] - blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26385993] - nvme: Complete all stuck requests (Keith Busch) [Orabug: 26385993] - nvme: Don't suspend admin queue that wasn't created (Gabriel Krisman Bertazi) [Orabug: 26385993] - nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26385993] - nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26385993] - nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26385993] - sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26408570] - SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26221921] - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403952] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403952] {CVE-2017-1000380} - xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452561] - xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452561] - Revert 'SUNRPC: Refactor svc_set_num_threads()' (Kirtikar Kashyap) [Orabug: 26476721] - Revert 'NFSv4: Fix callback server shutdown' (Kirtikar Kashyap) [Orabug: 26476721] [4.1.12-94.5.6] - net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26367820] - net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26354016] - NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26361950] - btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362382] - btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362382] - btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362382] - btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362382] - btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362382] - btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362382] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403937] {CVE-2017-1000363} - NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403977] {CVE-2017-9059} - SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403977] {CVE-2017-9059} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404000] {CVE-2017-9077} [4.1.12-94.5.5] - Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26426837] - IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 26245885] - aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291288] - IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26308324] - aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26308827] - RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351414] - bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] - bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] - bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] - bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] - dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26402533] - bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] - bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] - bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] - bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] - x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 26387040] - x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 26387040] - x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 26387040] - perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 26387040] - perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 26387040] - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397292] - net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26406403] [4.1.12-94.5.4] - block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 25654233] - mlx4: add diagnostic counters via sysfs (Chris Gray) [Orabug: 25743434] - x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26355098] - net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350965] - macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26051882] {CVE-2017-7477} - macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26051882] {CVE-2017-7477} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366009] {CVE-2017-7645} [4.1.12-94.5.3] - xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354399] - xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354399] - xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354399] - xfs: don't reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354399] - xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354399] - xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354399] - xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354399] - xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354399] - xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354399] - xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354399] - xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354399] - xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354399] [4.1.12-94.5.2] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26337733] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26337733] {CVE-2017-1000364} - Fix Express lane queue creation. (James Smart) [Orabug: 26241742] - rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26298950] - IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304710] - vfio/pci: Fix unsigned comparison overflow (Alex Williamson) - blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321947] [4.1.12-94.5.1] - percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26223304] - percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26223304] - percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26223304] - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26223304] - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26223304] - block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26223304] - nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26247244] - nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26256275] - nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26033880] - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26033880] - nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26033880] - nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26033880] - net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265818] - IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 25993610] - Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 26107170] - Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 26107170] - NVMe: During NVMe probe, get NVMe device information before mapping the device. (Ashok Vairavan) [Orabug: 26227515] - PCI/AER: include header file (Sudip Mukherjee) [Orabug: 26138886] - NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 26138886] - nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 26138886] - nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 26138886] - nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 26138886] - nvme.h: add AER constants (Christoph Hellwig) [Orabug: 26138886] - nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 26138886] - nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 26138886] - nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 26138886] - NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 26138886] - NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 26138886] - NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 26138886] - NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 26138886] - NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 26138886] - nvme: Limit command retries (Keith Busch) [Orabug: 26138886] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 26138886] - NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 26138886] - nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 26138886] - nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 26138886] - nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 26138886] - blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 26138886] - NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 26138886] - NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 26138886] - NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 26138886] - NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 26138886] - NVMe: Unbind driver on failure (Keith Busch) [Orabug: 26138886] - NVMe: Delete only created queues (Keith Busch) [Orabug: 26138886] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 26138886] - nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 26138886] - nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 26138886] - NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 26138886] - nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 26138886] - nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 26138886] - nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 26138886] - nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 26138886] - nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 26138886] - NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 26138886] - NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 26138886] - NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 26138886] - nvme: fix cntlid type (Christoph Hellwig) [Orabug: 26138886] - nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 26138886] - nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 26138886] - NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 26138886] - NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 26138886] - block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 26138886] - nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 26138886] - NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 26138886] - nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 26138886] - block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 26138886] - nvme: rewrite discard support (Ming Lin) [Orabug: 26138886] - nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 26138886] - nvme: add missing lock nesting notation (Ming Lin) [Orabug: 26138886] - NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 26138886] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 26138886] - nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 26138886] - NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 26138886] - NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 26138886] - nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 26138886] - nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 26138886] - NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 26138886] - NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 26138886] - NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 26138886] - NVMe: Simplify device reset failure (Keith Busch) [Orabug: 26138886] - NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 26138886] - NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 26138886] - nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 26138886] - nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 26138886] - nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 26138886] - nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 26138886] - nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 26138886] - nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 26138886] - NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 26138886] - NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 26138886] - NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 26138886] - NVMe: Allow request merges (Keith Busch) [Orabug: 26138886] - NVMe: Fix io incapable return values (Keith Busch) [Orabug: 26138886] - nvme: split pci module out of core module (Ming Lin) [Orabug: 26138886] - nvme: split dev_list_lock (Ming Lin) [Orabug: 26138886] - nvme: move timeout variables to core.c (Ming Lin) [Orabug: 26138886] - nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 26138886] - nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 26138886] - nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 26138886] - NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 26138886] - nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 26138886] - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 26138886] - NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 26138886] - NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 26138886] - NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 26138886] - NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 26138886] - NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 26138886] - NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 26138886] - nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 26138886] - nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 26138886] - nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 26138886] - nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 26138886] - NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 26138886] - NVMe: Add pci error handlers (Keith Busch) [Orabug: 26138886] - nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 26138886] - nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 26138886] - nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 26138886] - nvme: simplify completion handling (Christoph Hellwig) [Orabug: 26138886] - nvme: special case AEN requests (Christoph Hellwig) [Orabug: 26138886] - nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 26138886] - nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 26138886] - NVMe: Simplify metadata setup (Keith Busch) [Orabug: 26138886] - NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 26138886] - NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 26138886] - nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 26138886] - nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 26138886] - nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 26138886] - nvme: simplify resets (Christoph Hellwig) [Orabug: 26138886] - nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 26138886] - nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 26138886] - nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 26138886] - nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 26138886] - nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 26138886] - nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 26138886] - nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 26138886] - nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 26138886] - nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 26138886] - nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 26138886] - nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 26138886] - nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 26138886] - nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 26138886] - nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 26138886] - nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 26138886] - nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 26138886] - nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 26138886] - nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 26138886] - nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 26138886] - nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 26138886] - nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 26138886] - nvme: use offset instead of a struct for registers (Christoph Hellwig) [Orabug: 26138886] - nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 26138886] - nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 26138886] - NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 26138886] - Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 26138886] - nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 26138886] - block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 26138886] - block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 26138886] - NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 26138886] - nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 26138886] - nvme include linux types.h (Christoph Hellwig) [Orabug: 26138886] - nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 26138886] - NVMe: Set affinity after allocating request queues (Keith Busch) [Orabug: 26138886] - NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 26138886] - NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 26138886] - Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) [Orabug: 26138886] - Revert 'nvme: Limit command retries' (Ashok Vairavan) [Orabug: 26138886] - Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) [Orabug: 26138886] - net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26268911] - net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26268911] - net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26268911] - net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26268911] - uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26270004] [Orabug: 25983319] - target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 26270004] - target: simplify backend driver registration (Christoph Hellwig) [Orabug: 26270004] - IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 26214325] - xsigo: UEK4-QU4:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199203] - xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 23585649] - xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 23585649] - xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 23585649] - xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 23585649] - xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 23585649] - xen-netfront: add rx page statistics (Joao Martins) [Orabug: 23585649] - xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 23585649] - xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 23585649] - xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 23585649] - xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 23585649] - xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 23585649] - xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 23585649] - xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 23585649] - include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 23585649] - xen-netback: fix type mismatch warning (Arnd Bergmann) [Orabug: 23585649] - xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) [Orabug: 23585649] - xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) [Orabug: 23585649] - xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) [Orabug: 23585649] - xen-netback: process guest rx packets in batches (David Vrabel) [Orabug: 23585649] - xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) [Orabug: 23585649] - xen-netback: refactor guest rx (David Vrabel) [Orabug: 23585649] - xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) [Orabug: 23585649] - xen-netback: separate guest side rx code into separate module (Paul Durrant) [Orabug: 23585649] - x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 23585649] - mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 26087732] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26095774] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308} - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108560] {CVE-2017-8890} [4.1.12-94.4.1] - I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25877674] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891893] {CVE-2017-7273} - Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) - NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 26046907] - xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26086380] - RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 26079995] - mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 26088056] - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 26075879] - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 26038830] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986971] {CVE-2017-7895} - sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25997533] - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25997533] [Orabug: 25931417] - sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997226] - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137] - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790] - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747] - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25996655] - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628] - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546] - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522] - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475] - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] - megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000363 CVE-2017-1000380 CVE-2017-9077 CVE-2017-7273 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.3] - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7097 Oracle Linux 6 [2.6.39-400.297.5] - selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25721485] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 25875426] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891914] {CVE-2017-7273} - udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948102] {CVE-2014-9710} - net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686} - xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975513] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975513] - ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2015-4167 CVE-2017-7273 CVE-2014-9710 CVE-2015-2686 CVE-2015-1465 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.5.9] - dentry name snapshots (Al Viro) [Orabug: 26630936] {CVE-2017-7533} [4.1.12-94.5.8] - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26621191] - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26621191] - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26621179] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26621176] {CVE-2016-10200} - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26621171] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26621163] {CVE-2017-9242} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10200 CVE-2016-6213 CVE-2016-9604 CVE-2017-9242 CVE-2017-7533 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.4] - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586047] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578198] {CVE-2017-9242} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10200 CVE-2016-9604 CVE-2017-9242 CVE-2016-9685 Oracle Linux 6 [2.6.39-400.297.6] - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586050] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586024] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578202] {CVE-2017-9242} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10200 CVE-2016-9604 CVE-2017-9242 CVE-2016-9685 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-103.3.8] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365} [4.1.12-103.3.7] - i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222] [4.1.12-103.3.6] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645497] [4.1.12-103.3.5] - dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533} [4.1.12-103.3.4] - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585981] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200} - ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - scsi: megaraid_sas: handle dma_addr_t right on 32-bit (Arnd Bergmann) [Orabug: 26560952] - scsi: megaraid_sas: NVME fast path io support (Shivasharan S) [Orabug: 26560952] - scsi: megaraid_sas: NVME interface target prop added (Shivasharan S) [Orabug: 26560952] - scsi: megaraid_sas: NVME Interface detection and prop settings (Shivasharan S) [Orabug: 26560952] - scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete (Shivasharan S) [Orabug: 26560952] - fs/fuse: fuse mount can cause panic with no memory numa node (Somasundaram Krishnasamy) [Orabug: 26151828] - Fix regression which breaks DFS mounting (Sachin Prabhu) [Orabug: 26335022] - ol7/spec: sync up linux-firmware version for ol74 (Ethan Zhao) [Orabug: 26567308] [Orabug: 26567283] - nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797} - nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797} - ol6/spec: sync up linux-firmware version for ol6 (Ethan Zhao) [Orabug: 26586911] [Orabug: 26586927] [4.1.12-103.3.2] - rds: tcp: cancel all worker threads before shutting down socket (Yuval Shaia) [Orabug: 26332905] - Revert 'ixgbevf: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] - Revert 'ixgbe: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] - xen: do not re-use pirq number cached in pci device msi msg data (Boris Ostrovsky) [Orabug: 26324865] - xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26520653] - ocfs2: fix deadlock caused by recursive locking in xattr (Eric Ren) [Orabug: 26554428] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26554428] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26554428] - Revert 'add OCFS2_LOCK_RECURSIVE arg_flags to ocfs2_cluster_lock() to prevent hang' (Ashish Samant) [Orabug: 26554428] - MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug: 26368162] {CVE-2017-7477} {CVE-2017-7477} - sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26492439] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671} - PCI: Workaround wrong flags completions for IDT switch (James Puthukattukaran) [Orabug: 26362330] - xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect (Annie Li) [4.1.12-103.3.1] - MSI: Dont assign MSI IRQ vector twice (Ashok Vairavan) [Orabug: 25982356] - IB/core: Remove stray semicolon in cma_init (Yuval Shaia) [Orabug: 26188883] - ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074} - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26473220] - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26473220] - blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26486215] - blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26486215] - nvme: Complete all stuck requests (Keith Busch) [Orabug: 26486215] - nvme: Dont suspend admin queue that wasnt created (Gabriel Krisman Bertazi) [Orabug: 26486215] - nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26486215] - nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26486215] - nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26486215] - Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26497331] - Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26497331] - Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26497331] - Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26497331] - net/sock: add WARN_ON(parent->sk) in sock_graft() (Sowmini Varadhan) [Orabug: 26243229] - rds: tcp: use sock_create_lite() to create the accept socket (Sowmini Varadhan) [Orabug: 26243229] - rds: tcp: set linger to 1 when unloading a rds-tcp (Sowmini Varadhan) [Orabug: 26236194] - rds: tcp: send handshake ping-probe from passive endpoint (Sowmini Varadhan) [Orabug: 26236194] - Revert 'SUNRPC: Refactor svc_set_num_threads()' (Dhaval Giani) [Orabug: 26450033] - Revert 'NFSv4: Fix callback server shutdown' (Dhaval Giani) [Orabug: 26450033] - mm: fix use-after-free if memory allocation failed in vma_adjust() (Kirill A. Shutemov) [Orabug: 25647067] - scsi: smartpqi: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 26191021] - scsi: smartpqi: bump driver version (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: remove writeq/readq function definitions (Corentin Labbe) [Orabug: 26191021] - scsi: smartpqi: add module parameters (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: cleanup list initialization (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add raid level show (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: make ioaccel references consistent (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: enhance device add and remove messages (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update timeout on admin commands (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: map more raid errors to SCSI errors (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: cleanup controller branding (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update rescan worker (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update device offline (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct aio error path (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add lockup action (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: remove qdepth calculations for logical volumes (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: enhance kdump (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: change return value for LUN reset operations (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add ptraid support (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update copyright (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: cleanup messages (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add new PCI device IDs (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: minor driver cleanup (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct BMIC identify physical drive (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: eliminate redundant error messages (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add pqi_wait_for_completion_io (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct bdma hw bug (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add heartbeat check (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add suspend and resume support (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: enhance resets (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add supporting events (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: ensure controller is in SIS mode at init (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add in controller checkpoint for controller lockups. (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: set pci completion timeout (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct remove scsi devices (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: fix time handling (Arnd Bergmann) [Orabug: 26191021] - Btrfs: fix extent_same allowing destination offset beyond i_size (Filipe Manana) [Orabug: 26376770] - NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26402457] - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380} - xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452559] - xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452559] - sparc64: Convert non-fatal error print to a debug print (DAX driver) (Sanath Kumar) [Orabug: 26476370] - selftests: sparc64: memory: Add tests for privileged ADI driver (Tom Hromatka) [Orabug: 26359060] - memory: sparc64: Add privileged ADI driver (Tom Hromatka) [Orabug: 26359060] - sparc64: Export the adi_state structure (Tom Hromatka) [Orabug: 26359060] - sparc64: Use cpu_poke to resume idle cpu (Vijay Kumar) [Orabug: 26399224] - sparc64: Add a new hypercall CPU_POKE (Vijay Kumar) [Orabug: 26399224] - cpuset: consider dying css as offline (Tejun Heo) [Orabug: 26475766] - sparc64: Treat ERESTARTSYS as an acceptable error (DAX driver) (Sanath Kumar) [Orabug: 26475734] - sparc64: fix out of order spin_lock_irqsave and spin_unlock_restore (Thomas Tai) [Orabug: 26430325] - SPARC64: vcc: delay device removal until close() (Aaron Young) [Orabug: 26315957] - bnxt_en: Fix SRIOV on big-endian architecture. (Michael Chan) [Orabug: 26443303] - arch/sparc: Enable queued spinlock support for SPARC (Allen Pais) [Orabug: 26373790] - arch/sparc: Introduce xchg16 for SPARC (Babu Moger) [Orabug: 26373790] - arch/sparc: Enable queued rwlocks for SPARC (Allen Pais) [Orabug: 26373790] - arch/sparc: Introduce cmpxchg_u8 SPARC (Babu Moger) [Orabug: 26373790] - arch/sparc: Define config parameter CPU_BIG_ENDIAN (Allen Pais) [Orabug: 26373790] - kernel/locking: Fix compile error with qrwlock.c (Babu Moger) [Orabug: 26373790] - arch/sparc: Remove the check #ifndef __LINUX_SPINLOCK_TYPES_H (Babu Moger) [Orabug: 26373790] - locking/qrwlock: Fix write unlock bug on big endian systems (pan xinhui) [Orabug: 26373790] - locking/qrwlock: Implement queue_write_unlock() using smp_store_release() (Will Deacon) [Orabug: 26373790] - locking/qspinlock: Avoid redundant read of next pointer (Waiman Long) [Orabug: 26373790] - locking/qspinlock: Prefetch the next node cacheline (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Reduce reader/writer to reader lock transfer latency (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Better optimization for interrupt context readers (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Rename functions to queued_*() (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Dont contend with readers when setting _QW_WAITING (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS (Babu Moger) [Orabug: 26373790] - locking/qspinlock: Use a simple write to grab the lock (Waiman Long) [Orabug: 26373790] - locking/qspinlock: Optimize for smaller NR_CPUS (Peter Zijlstra (Intel)) [Orabug: 26373790] - locking/qspinlock: Extract out code snippets for the next patch (Waiman Long) [Orabug: 26373790] - locking/qspinlock: Add pending bit (Peter Zijlstra (Intel)) [Orabug: 26373790] - locking/qspinlock: Introduce a simple generic 4-byte queued spinlock (Waiman Long) [Orabug: 26373790] - qede: Add support for ingress headroom (Mintz, Yuval) [Orabug: 25933053] - qede: Update receive statistic once per NAPI (Mintz, Yuval) [Orabug: 25933053] - qed: Make OOO archipelagos into an array (Michal Kalderon) [Orabug: 25933053] - qed: Provide iSCSI statistics to management (Mintz, Yuval) [Orabug: 25933053] - qed: Inform qedi the number of possible CQs (Mintz, Yuval) [Orabug: 25933053] - qed: Add missing stat for new isles (Mintz, Yuval) [Orabug: 25933053] - qed: Dont close the OUT_EN during init (Mintz, Yuval) [Orabug: 25933053] - qed: Configure cacheline size in HW (Tomer Tayar) [Orabug: 25933053] - qed: Dont use main-ptt in unrelated flows (Rahul Verma) [Orabug: 25933053] - qed: Warn PTT usage by wrong hw-function (Mintz, Yuval) [Orabug: 25933053] - qed: Correct MSI-x for storage (Mintz, Yuval) [Orabug: 25933053] - qed: fix missing break in OOO_LB_TC case (Colin Ian King) [Orabug: 25933053] - qed: Add a missing error code (Dan Carpenter) [Orabug: 25933053] - qed: RoCE doesnt need to use SRC (Mintz, Yuval) [Orabug: 25933053] - qed: Correct TM ILT lines in presence of VFs (Mintz, Yuval) [Orabug: 25933053] - qed: Fix TM block ILT allocation (Michal Kalderon) [Orabug: 25933053] - qed: Revise QM cofiguration (Ariel Elior) [Orabug: 25933053] - qed: Use BDQ resource for storage protocols (Mintz, Yuval) [Orabug: 25933053] - qed: Utilize resource-lock based scheme (Tomer Tayar) [Orabug: 25933053] - qed: Support management-based resource locking (Tomer Tayar) [Orabug: 25933053] - qed: Send pf-flr as part of initialization (Mintz, Yuval) [Orabug: 25933053] - qed: Move to new load request scheme (Tomer Tayar) [Orabug: 25933053] - qed: hw_init() to receive parameter-struct (Mintz, Yuval) [Orabug: 25933053] - qed: Correct HW stop flow (Tomer Tayar) [Orabug: 25933053] - qed: Reserve VF feature before PF (Mintz, Yuval) [Orabug: 25933053] - qed: Dont waste SBs unused by RoCE (Mintz, Yuval) [Orabug: 25933053] - qed: Correct endian order of MAC passed to MFW (Mintz, Yuval) [Orabug: 25933053] - qed: Pass src/dst sizes when interacting with MFW (Tomer Tayar) [Orabug: 25933053] - qed: Revise MFW command locking (Tomer Tayar) [Orabug: 25933053] - qed: Always publish VF link from leading hwfn (Mintz, Yuval) [Orabug: 25933053] - qed: Raise verbosity of Malicious VF indications (Mintz, Yuval) [Orabug: 25933053] - qed: Make qed_iov_mark_vf_flr() return bool (Mintz, Yuval) [Orabug: 25933053] - qed: Deprecate VF multiple queue-stop (Mintz, Yuval) [Orabug: 25933053] - qed: Uniform IOV queue validation (Mintz, Yuval) [Orabug: 25933053] - qed: Correct default VF coalescing configuration (Mintz, Yuval) [Orabug: 25933053] - qed: Set HW-channel to ready before ACKing VF (Mintz, Yuval) [Orabug: 25933053] - qed: Clean VF malicious indication when disabling IOV (Mintz, Yuval) [Orabug: 25933053] - qed: Increase verbosity of VF -> PF errors (Mintz, Yuval) [Orabug: 25933053] - qed*: Add support for QL41xxx adapters (Mintz, Yuval) [Orabug: 25933053] - qed: Enable iSCSI Out-of-Order (Mintz, Yuval) [Orabug: 25933053] - qed: Correct out-of-bound access in OOO history (Mintz, Yuval) [Orabug: 25933053] - qed: Fix interrupt flags on Rx LL2 (Ram Amrani) [Orabug: 25933053] - qed: Free previous connections when releasing iSCSI (Mintz, Yuval) [Orabug: 25933053] - qed: Fix mapping leak on LL2 rx flow (Mintz, Yuval) [Orabug: 25933053] - qed: Prevent creation of too-big u32-chains (Tomer Tayar) [Orabug: 25933053] - qed: Align CIDs according to DORQ requirement (Ram Amrani) [Orabug: 25933053] - qed*: Utilize Firmware 8.15.3.0 (Mintz, Yuval) [Orabug: 25933053] - qedi: Add PCI device-ID for QL41xxx adapters. (Manish Rangankar) [Orabug: 25933053] - qed: Fix copy of uninitialized memory (robert.foss@collabora.com) [Orabug: 25933053] - qed: Dont use attention PTT for configuring BW (Mintz, Yuval) [Orabug: 25933053] - qed: Fix race with multiple VFs (Mintz, Yuval) [Orabug: 25933053] - qede: Add driver support for PTP (Sudarsana Reddy Kalluru) [Orabug: 25933053] - qede: Remove unnecessary datapath dereference (Mintz, Yuval) [Orabug: 25933053] - qede - mark SKB as encapsulated (Manish Chopra) [Orabug: 25933053] - qede: Postpone reallocation until NAPI end (Mintz, Yuval) [Orabug: 25933053] - qede: Split filtering logic to its own file (Mintz, Yuval) [Orabug: 25933053] - qede: Break datapath logic into its own file (Mintz, Yuval) [Orabug: 25933053] - SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26276067] - btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362455] - btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362455] - btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] - btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] - btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362455] - btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362455] - Revert 'mm: meminit: only set page reserved in the memblock region' (Dhaval Giani) [Orabug: 25879295] - Revert 'mm: meminit: move page initialization into a separate function' (Dhaval Giani) [Orabug: 25879295] - net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26402662] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363} - drm/mgag200: Fix to always set HiPri for G200e4 V2 (Mathieu Larouche) [Orabug: 26408731] - dtrace: FBT module support and SPARCs return probes (Tomas Jedlicka) [Orabug: 26414392] [Orabug: 26414402] - bnx2x: Dont post statistics to malicious VFs (Mintz, Yuval) [Orabug: 26308277] - bnx2x: Allow vfs to disable txvlan offload (Mintz, Yuval) [Orabug: 26308277] - bnx2x: fix pf2vf bulletin DMA mapping leak (Michal Schmidt) [Orabug: 26308277] - bnx2x: Fix Multi-Cos (Mintz, Yuval) [Orabug: 26308277] - bnx2x: add missing configuration of VF VLAN filters (Michal Schmidt) [Orabug: 26308277] - bnx2x: fix incorrect filter count in an error message (Michal Schmidt) [Orabug: 26308277] - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (Michal Schmidt) [Orabug: 26308277] - bnx2x: fix detection of VLAN filtering feature for VF (Michal Schmidt) [Orabug: 26308277] - bnx2x: fix possible overrun of VFPF multicast addresses array (Michal Schmidt) [Orabug: 26308277] - bnx2x: lower verbosity of VF stats debug messages (Michal Schmidt) [Orabug: 26308277] - bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [Orabug: 26308277] - NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059} - SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077} - lpfc update for uek4 11.4.0.2 (rkennedy) [Orabug: 26283182] - lpfc: Driver responds LS_RJT to Beacon Off (James Smart) [Orabug: 26283182] - lpfc: Fix crash after firmware flash when (James Smart) [Orabug: 26283182] - lpfc: Vport creation is failing with Link (James Smart) [Orabug: 26283182] - lpfc: Null pointer dereference when (James Smart) [Orabug: 26283182] - lpfc: Fix return value of board_mode store (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix Port going offline after (James Smart) [Orabug: 26283182] - scsi: lpfc: fix spelling mistake 'entrys' (Colin Ian King) [Orabug: 26283182] - scsi: lpfc: Add MDS Diagnostic support. (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix used-RPI accounting problem. (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix panic on BFS configuration (James Smart) [Orabug: 26283182] - lpfc: Fix Express lane queue creation. (James Smart) [Orabug: 26283182] - lpfc: Fix driver usage of 128B WQEs when WQ_CREATE is (James Smart) [Orabug: 26283182] - lpfc: Add Fabric assigned WWN support. (James Smart) [Orabug: 26283182] - lpfc: Fix crash after issuing lip reset (James Smart) [Orabug: 26283182] - lpfc: Remove NULL ptr check before kfree. (James Smart) [Orabug: 26283182] - lpfc: Fix spelling in comments. (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix PT2PT PRLI reject (James Smart) [Orabug: 26283182] - scsi: lpfc: correct rdp diag portnames (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix eh_deadline setting for sli3 adapters. (rkennedy) [Orabug: 26283182] - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (James Smart) [Orabug: 26283182] - scsi: lpfc: fix missing spin_unlock on sql_list_lock (Colin Ian King) [Orabug: 26283182] - Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26402281] - blk-mq: dont redistribute hardware queues on a CPU hotplug event (Christoph Hellwig) [Orabug: 26039539] - RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351421] - xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26351649] - be2net: Update the driver version to 11.4.0.0 (Suresh Reddy) [Orabug: 26403544] - be2net: Fix UE detection logic for BE3 (Suresh Reddy) [Orabug: 26403544] - be2net: Fix offload features for Q-in-Q packets (Vlad Yasevich) [Orabug: 26403544] - benet: Use time_before_eq for time comparison (Karim Eshapa) [Orabug: 26403544] - be2net: Fix endian issue in logical link config command (Suresh Reddy) [Orabug: 26403544] - be2net: fix initial MAC setting (Ivan Vecera) [Orabug: 26403544] - drivers: net: generalize napi_complete_done() (Eric Dumazet) [Orabug: 26403544] - be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [Orabug: 26403544] - be2net: fix unicast list filling (Ivan Vecera) [Orabug: 26403544] - be2net: fix accesses to unicast list (Ivan Vecera) [Orabug: 26403544] - be2net: fix non static symbol warnings (Wei Yongjun) [Orabug: 26403544] - be2net: Avoid redundant addition of mac address in HW (Suresh Reddy) [Orabug: 26403544] - be2net: Support UE recovery in BEx/Skyhawk adapters (Sriharsha Basavapatna) [Orabug: 26403544] - be2net: replace polling with sleeping in the FW completion path (Sathya Perla) [Orabug: 26403544] - be2net: support asymmetric rx/tx queue counts (Sathya Perla) [Orabug: 26403544] - net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26409533] - net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26415107] - dtrace: Add support for manual triggered cyclics (Tomas Jedlicka) [Orabug: 26384803] - dtrace: LOW level cyclics should use workqueues (Tomas Jedlicka) [Orabug: 26384779] - sparc64: add DAX2 support to dax driver (Allen Pais) [Orabug: 26317606] - uek-rpm: change memory allocator from slab to slub (Allen Pais) - arch/sparc: Avoid DCTI Couples (Allen Pais) [Orabug: 26413522] - drivers/usb: Skip auto handoff for TI and RENESAS usb controllers (Babu Moger) [Orabug: 26389756] - sparc-config: Enable timestamp in dmesg output. (Atish Patra) [Orabug: 26389709] - sparc64: rtrap must set PSTATE.mcde before handling outstanding user work (Anthony Yznaga) [Orabug: 26388591] - i40e: Correct the macros for setting the DMA attributes (Jack Vogel) [Orabug: 26386323] - sparc64: Exclude perf user callchain during critical sections (Dave Aldridge) [Orabug: 26386213] - sunvnet: restrict advertized checksum offloads to just IP (Shannon Nelson) [Orabug: 26338709] - sparc64: add ccb kill and info to DAX driver (Jonathan Helman) [Orabug: 26317602] - i40e: fix annoying message (Jesse Brandeburg) [Orabug: 26420290] - watchdog: Move hardlockup detector to separate file (Allen Pais) [Orabug: 26420310] - watchdog: Move shared definitions to nmi.h (Allen Pais) [Orabug: 26420310] - sparc64: Suppress kmalloc (DAX driver) warning due to allocation failure (Sanath Kumar) [Orabug: 26338830] - i40evf: Use le32_to_cpu before evaluating HW desc fields. (Tushar Dave) [Orabug: 26420345] - sparc64: revert pause instruction patch for atomic backoff and cpu_relax() (Babu Moger) [Orabug: 26309070] - SPARC64: Correct ATU IOTSB binding flow (Tushar Dave) [Orabug: 26419957] - SPARC64: Introduce IOMMU BYPASS method (Tushar Dave) [Orabug: 26420209] - i40e: Revert i40e temporary workaround (Tushar Dave) [Orabug: 21149316] - sparc64: Enable 64-bit DMA (Tushar Dave) [Orabug: 21149316] - sparc64: Enable sun4v dma ops to use IOMMU v2 APIs (Allen Pais) [Orabug: 21149316] - sparc64: Bind PCIe devices to use IOMMU v2 service (Allen Pais) [Orabug: 21149316] - sparc64: Initialize iommu_map_table and iommu_pool (Tushar Dave) [Orabug: 21149316] - sparc64: Add ATU (new IOMMU) support (Allen Pais) [Orabug: 21149316] - sparc64: Make FORCE_MAX_ZONEORDER to 13 for ATU (Allen Pais) [Orabug: 21149316] - Revert 'sparc64: bypass iommu to use 64bit address space' (Allen Pais) [Orabug: 21149316] - [PATCH] RDS: When RDS socket is closed, print unreleased MRs (Rama Nichanamatlu) [Orabug: 26261993] - IB/IPoIB: ibX: failed to create mcg debug file (Shamir Rabinovitch) [Orabug: 24711873] [Orabug: 25175533] - scsi: qedi: Fix memory leak in tmf response processing. (Dupuis, Chad) [Orabug: 25667174] - scsi: qedi: fix build error without DEBUG_FS (Arnd Bergmann) [Orabug: 25667174] - scsi: qedi: fix missing return error code check on call to qedi_setup_int (Colin Ian King) [Orabug: 25667174] - scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() (Wei Yongjun) [Orabug: 25667174] - scsi: qedi: return via va_end to match corresponding va_start (Colin Ian King) [Orabug: 25667174] - scsi: qedi: fix build, depends on UIO (Randy Dunlap) [Orabug: 25667174] - scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. (Manish Rangankar) [Orabug: 25667174] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890} - Initialize fiblink list head during fib initialization (Dave Carroll) [Orabug: 26291272] - aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291272] - IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26409722] - bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] - bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] - bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] - bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] - bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] - bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] - bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] - bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] - IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 25908234] - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397428] - i40e: remove FDIR_REQUIRES_REINIT driver flag (Jacob Keller) [Orabug: 26403617] - i40e: remove a useless goto statement (Jacob Keller) [Orabug: 26403617] - i40e: Check for new arq elements before leaving the adminq subtask loop (Christopher N Bednarz) [Orabug: 26403617] - i40e: use register for XL722 control register read/write (Paul M Stillwell Jr) [Orabug: 26403617] - i40e: Clean up handling of private flags (Alexander Duyck) [Orabug: 26403617] - i40evf: enforce descriptor write-back mechanism for VF (Preethi Banala) [Orabug: 26403617] - i40e: initialize params before notifying of l2_param_changes (Jacob Keller) [Orabug: 26403617] - i40e/i40evf: Clean-up process_skb_fields (Alexander Duyck) [Orabug: 26403617] - i40e: removed no longer needed delays (Bimmy Pujari) [Orabug: 26403617] - i40e: Fixed race conditions in VF reset (Robert Konklewski) [Orabug: 26403617] - i40e/i40evf: Fix use after free in Rx cleanup path (Alexander Duyck) [Orabug: 26403617] - i40e: fix configuration of RSS table with DCB (Harshitha Ramamurthy) [Orabug: 26403617] - i40e: Do not enable NAPI on q_vectors that have no rings (Alexander Duyck) [Orabug: 26403617] - i40e: make use of hlist_for_each_entry_continue (Jacob Keller) [Orabug: 26403617] - i40e: document drivers use of ntuple filters (Jacob Keller) [Orabug: 26403617] - i40e: add support for SCTPv4 FDir filters (Jacob Keller) [Orabug: 26403617] - i40e: implement support for flexible word payload (Jacob Keller) [Orabug: 26403617] - i40e: add parsing of flexible filter fields from userdef (Jacob Keller) [Orabug: 26403617] - i40e: partition the ring_cookie to get VF index (Jacob Keller) [Orabug: 26403617] - i40e: allow changing input set for ntuple filters (Jacob Keller) [Orabug: 26403617] - i40e: restore default input set for each flow type (Jacob Keller) [Orabug: 26403617] - i40e: check current configured input set when adding ntuple filters (Jacob Keller) [Orabug: 26403617] - i40e: correctly honor the mask fields for ETHTOOL_SRXCLSRLINS (Jacob Keller) [Orabug: 26403617] - i40e: always remove old filter when adding new FDir filter (Jacob Keller) [Orabug: 26403617] - i40e: explicitly fail on extended MAC field for ethtool_rx_flow_spec (Jacob Keller) [Orabug: 26403617] - i40e: add counters for UDP/IPv4 and IPv4 filters (Jacob Keller) [Orabug: 26403617] - i40e: dont re-enable ATR when flushing filters if SB has TCP4/IPv4 rules (Jacob Keller) [Orabug: 26403617] - i40e: reset fd_tcp_rule count when restoring filters (Jacob Keller) [Orabug: 26403617] - i40e: remove redundant check for fd_tcp_rule when restoring filters (Jacob Keller) [Orabug: 26403617] - i40e: exit ATR mode only when adding TCP/IPv4 filter succeeds (Jacob Keller) [Orabug: 26403617] - i40e: return immediately when failing to add fdir filter (Jacob Keller) [Orabug: 26403617] - i40e: rework exit flow of i40e_add_fdir_ethtool (Jacob Keller) [Orabug: 26403617] - i40e: dont use arrays for (src|dst)_ip (Jacob Keller) [Orabug: 26403617] - i40e: send correct port number to AdminQ when enabling UDP tunnels (Jacob Keller) [Orabug: 26403617] - i40e: rename auto_disable_flags to hw_disabled_flags (Harshitha Ramamurthy) [Orabug: 26403617] - i40e/i40evf: Change version from 1.6.27 to 2.1.7 (Bimmy Pujari) [Orabug: 26403617] - i40e: Allow untrusted VFs to have more filters (Mitch Williams) [Orabug: 26403617] - i40e: Clarify steps in MAC/VLAN filters initialization routine (Filip Sadowski) [Orabug: 26403617] - i40e: fix RSS queues only operating on PF0 (Lihong Yang) [Orabug: 26403617] - i40e: fix ethtool to get EEPROM data from X722 interface (Lihong Yang) [Orabug: 26403617] - i40e: dont add more vectors to num_lan_msix than number of CPUs (Jacob Keller) [Orabug: 26403617] - i40e: KISS the client interface (Mitch Williams) [Orabug: 26403617] - i40e: fix up recent proxy and wol bits for X722_SUPPORT (Shannon Nelson) [Orabug: 26403617] - i40e: Acquire NVM lock before reads on all devices (Aaron Salter) [Orabug: 26403617] - scripts/spelling.txt: add 'varible' pattern and fix typo instances (Masahiro Yamada) [Orabug: 26403617] - i40e: Invoke softirqs after napi_reschedule (Benjamin Poirier) [Orabug: 26403617] - i40e: remove duplicate device id from PCI table (Carolyn Wyborny) [Orabug: 26403617] - i40e: mark the value passed to csum_replace_by_diff as __wsum (Jacob Keller) [Orabug: 26403617] - i40e: Error handling for link event (Harshitha Ramamurthy) [Orabug: 26403617] - i40e: properly convert le16 value to CPU format (Jacob Keller) [Orabug: 26403617] - i40e: convert to cpu from le16 to generate switch_id correctly (Jacob Keller) [Orabug: 26403617] - i40e: refactor AQ CMD buffer debug printing (Alan Brady) [Orabug: 26403617] - i40e: Fix Adaptive ITR enabling (Carolyn Wyborny) [Orabug: 26403617] - i40evf: add comment (Mitch Williams) [Orabug: 26403617] - i40evf: free rings in remove function (Mitch Williams) [Orabug: 26403617] - i40e: remove unnecessary call to i40e_update_link_info (Jacob Keller) [Orabug: 26403617] - i40e: enable mc magic pkt wakeup during power down (Joshua Hay) [Orabug: 26403617] - i40e: fix disable overflow promiscuous mode (Alan Brady) [Orabug: 26403617] - i40e: Save more link abilities when using ethtool (Henry Tieman) [Orabug: 26403617] - i40e: avoid race condition when sending filters to firmware for addition (Jacob Keller) [Orabug: 26403617] - i40e: allow i40e_update_filter_state to skip broadcast filters (Jacob Keller) [Orabug: 26403617] - i40e: dont warn every time we clear an Rx timestamp register (Jacob Keller) [Orabug: 26403617] - i40e: Save link FEC info from link up event (Henry Tieman) [Orabug: 26403617] - i40e: Add bus number info to i40e_bus_info struct (Sudheer Mogilappagari) [Orabug: 26403617] - i40e: Clean up dead code (Mitch Williams) [Orabug: 26403617] - i40e/i40evf : Changed version from 1.6.25 to 1.6.27 (Bimmy Pujari) [Orabug: 26403617] - i40e: update comment explaining where FDIR buffers are freed (Jacob Keller) [Orabug: 26403617] - i40e/i40evf: eliminate i40e_pull_tail() (Scott Peterson) [Orabug: 26403617] - i40e/i40evf: Moves skb from i40e_rx_buffer to i40e_ring (Scott Peterson) [Orabug: 26403617] - i40e/i40evf: Limit DMA sync of RX buffers to actual packet size (Scott Peterson) [Orabug: 26403617] - i40evf: track outstanding client request (Mitch Williams) - i40e: dont check params until after checking for client instance (Jacob Keller) [Orabug: 26403617] - i40e: add interrupt rate limit verbosity (Alan Brady) [Orabug: 26403617] - i40e: refactor macro INTRL_USEC_TO_REG (Alan Brady) [Orabug: 26403617] - i40e: remove unused function (Mitch Williams) [Orabug: 26403617] - i40e: Remove FPK HyperV VF device ID (Jayaprakash Shanmugam) - i40e: Quick refactor to start moving data off stack and into Tx buffer info (Alexander Duyck) [Orabug: 26403617] - i40e: remove unnecessary __packed (Tushar Dave) [Orabug: 26403617] - i40evf: remove unused device ID (Mitch Williams) - i40e: Deprecating unused macro (Bimmy Pujari) [Orabug: 26403617] - i40e: when adding or removing MAC filters, correctly handle VLANs (Jacob Keller) [Orabug: 26403617] - i40e: avoid O(n^2) loop when deleting all filters (Jacob Keller) [Orabug: 26403617] - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (Jacob Keller) [Orabug: 26403617] - i40e: dont allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (Jacob Keller) [Orabug: 26403617] - i40e: Changed version from 1.6.21 to 1.6.25 (Bimmy Pujari) [Orabug: 26403617] - i40e/i40evf: Add support for mapping pages with DMA attributes (Alexander Duyck) [Orabug: 26396552] - aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26367703] - bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26388629] - dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26388629] - sparc64: Set valid bytes of misaligned no-fault loads (Rob Gardner) [Orabug: 26316944] - fs/fuse: Fix for correct number of numa nodes (Babu Moger) [Orabug: 26369428] - sparc64: delete old wrap code (Pavel Tatashin) [Orabug: 26372254] - sparc64: new context wrap (Pavel Tatashin) [Orabug: 26372254] - sparc64: add per-cpu mm of secondary contexts (Pavel Tatashin) [Orabug: 26372254] - sparc64: redefine first version (Pavel Tatashin) [Orabug: 26372254] - sparc64: combine activate_mm and switch_mm (Pavel Tatashin) [Orabug: 26372254] - sparc64: reset mm cpumask after wrap (Pavel Tatashin) [Orabug: 26372254] - Revert 'sparc64: Restrict number of processes' (Pavel Tatashin) [Orabug: 26372230] - net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350974] - x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26361327] - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645} - sparc64: broken %tick frequency on spitfire cpus (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: use prom interface to get %stick frequency (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: optimize functions that access tick (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: add hot-patched and inlined get_tick() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: initialize time early (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: improve modularity tick options (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: optimize loads in clock_sched() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: show time stamps from zero (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: access tick function from variable (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: remove trailing white spaces (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 26372235] - macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477} - macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477} - sparc64: Add 16GB hugepage support (Nitin Gupta) [Orabug: 26319885] - xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354404] - xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354404] - xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354404] - xfs: dont reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354404] - xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354404] - xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354404] - xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354404] - xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354404] - xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354404] - xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354404] - xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354404] - xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354404] - rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: various endian-ness fixes (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: remove cp_outgoing (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: Take explicit refcounts on struct net (Sowmini Varadhan) [Orabug: 26235715] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364} - dtrace: add kprobe-unsafe addresses to FBT blacklist (Kris Van Hees) [Orabug: 26324039] - dtrace: convert FBT blacklist to RB-tree (Kris Van Hees) [Orabug: 26324039] - e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (Konstantin Khlebnikov) [Orabug: 26338952] - e1000e: Dont return uninitialized stats (Benjamin Poirier) [Orabug: 26338952] - e1000e: fix race condition around skb_tstamp_tx() (Jacob Keller) [Orabug: 26338952] - e1000e: Add Support for 38.4MHZ frequency (Sasha Neftin) [Orabug: 26338952] - e1000e: Add Support for CannonLake (Sasha Neftin) [Orabug: 26338952] - e1000e: Initial Support for CannonLake (Sasha Neftin) [Orabug: 26338952] - e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] - e1000e: fix timing for 82579 Gigabit Ethernet controller (Bernd Faust) [Orabug: 26338952] - e1000: Omit private ndo_get_stats function (Tobias Klauser) [Orabug: 26338952] - Revert 'e1000e: driver trying to free already-free irq' (Jeff Kirsher) [Orabug: 26338952] - e1000e: driver trying to free already-free irq (khalidm) [Orabug: 26338952] - e1000: use disable_hardirq() for e1000_netpoll() (WANG Cong) [Orabug: 26338952] - e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] - e1000e: factor out systim sanitization (Jarod Wilson) [Orabug: 26338952] - e1000e: prevent division by zero if TIMINCA is zero (Denys Vlasenko) [Orabug: 26338952] - e1000e: keep Rx/Tx HW_VLAN_CTAG in sync (Jarod Wilson) [Orabug: 26338952] - e1000e: keep VLAN interfaces functional after rxvlan off (Jarod Wilson) [Orabug: 26338952] - e1000e: dont modify SYSTIM registers during SIOCSHWTSTAMP ioctl (Jacob Keller) [Orabug: 26338952] - e1000e: mark shifted values as unsigned (Jacob Keller) [Orabug: 26338952] - e1000e: use BIT() macro for bit defines (Jacob Keller) [Orabug: 26338952] - e1000e: e1000e_cyclecounter_read(): do overflow check only if needed (Denys Vlasenko) [Orabug: 26338952] - e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check (Denys Vlasenko) [Orabug: 26338952] - e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64 (Denys Vlasenko) [Orabug: 26338952] - e1000e: Cleanup consistency in ret_val variable usage (Brian Walsh) [Orabug: 26338952] - e1000e: fix ethtool autoneg off for non-copper (Steve Shih) [Orabug: 26338952] - e1000: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] - e1000e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] - e1000: Double Tx descriptors needed check for 82544 (Alexander Duyck) [Orabug: 26338952] - e1000: Do not overestimate descriptor counts in Tx pre-check (Alexander Duyck) [Orabug: 26338952] - e1000e: Initial support for KabeLake (Raanan Avargil) [Orabug: 26338952] - e1000e: Clear ULP configuration register on ULP exit (Raanan Avargil) [Orabug: 26338952] - e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Raanan Avargil) [Orabug: 26338952] - e1000e: Increase PHY PLL clock gate timing (Raanan Avargil) [Orabug: 26338952] - e1000e: Increase ULP timer (Raanan Avargil) [Orabug: 26338952] - e1000e: Fix msi-x interrupt automask (Benjamin Poirier) [Orabug: 26338952] - e1000e: Do not write lsc to ics in msi-x mode (Benjamin Poirier) [Orabug: 26338952] - e1000e: Do not read ICR in Other interrupt (Benjamin Poirier) [Orabug: 26338952] - e1000e: Remove unreachable code (Benjamin Poirier) [Orabug: 26338952] - e1000e: Switch e1000e_up to void, drop code checking for error result (Alexander Duyck) [Orabug: 26338952] - e1000e: initial support for i219-LM (3) (Raanan Avargil) [Orabug: 26338952] - e1000e: Increase timeout of polling bit RSPCIPHY (Raanan Avargil) [Orabug: 26338952] - e1000e: fix division by zero on jumbo MTUs (Dmitry Fleytman) [Orabug: 26338952] - e1000: Elementary checkpatch warnings and checks removed (Janusz Wolak) [Orabug: 26338952] - e1000: get rid of duplicate exit path (Jean Sacren) [Orabug: 26338952] - e1000: fix kernel-doc argument being missing (Jean Sacren) [Orabug: 26338952] - e1000e: clean up the local variable (Jean Sacren) [Orabug: 26338952] - e1000: fix a typo in the comment (Jean Sacren) [Orabug: 26338952] - e1000: clean up the checking logic (Jean Sacren) [Orabug: 26338952] - e1000: Remove checkpatch coding style errors (Janusz Wolak) [Orabug: 26338952] - e1000: fix data race between tx_ring->next_to_clean (Dmitriy Vyukov) [Orabug: 26338952] - e1000: make eeprom read/write scheduler friendly (Joern Engel) [Orabug: 26338952] - e1000e: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26338952] - e1000: remove dead e1000_init_eeprom_params calls (Francois Romieu) [Orabug: 26338952] - e1000e: Modify Tx/Rx configurations to avoid null pointer dereferences in e1000_open (Jia-Ju Bai) [Orabug: 26338952] - ixgbe: fix incorrect status check (Emil Tantilov) [Orabug: 26339150] - ixgbe: add missing configuration for rate select 1 (Emil Tantilov) [Orabug: 26339150] - ixgbe: always call setup_mac_link for multispeed fiber (Emil Tantilov) [Orabug: 26339150] - ixgbe: add write flush when configuring CS4223/7 (Emil Tantilov) [Orabug: 26339150] - ixgbe: correct CS4223/7 PHY identification (Emil Tantilov) [Orabug: 26339150] - ixgbevf: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] - ixgbevf: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] - ixgbe: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] - ixgbe: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] - ixgbe: Add error checking to setting VF MAC (Tony Nguyen) [Orabug: 26339150] - ixgbe: Correct thermal sensor event check (Mark Rustad) [Orabug: 26339150] - ixgbe: enable L3/L4 filtering for Tx switched packets (Emil Tantilov) [Orabug: 26339150] - ixgbe: Remove MAC X550EM_X 1Gbase-t led_[on|off] support (Paul Greenwalt) [Orabug: 26339150] - ixgbevf: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] - ixgbevf: Fix errors in retrieving RETA and RSS from PF (Tony Nguyen) [Orabug: 26339150] - ixgbe: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] - ixgbe: Add 1000Base-T device based on X550EM_X MAC (Paul Greenwalt) [Orabug: 26339150] - ixgbe: Allow setting zero MAC address for VF (Tony Nguyen) [Orabug: 26339150] - ixgbevf: fix size of queue stats length (Emil Tantilov) [Orabug: 26339150] - ixgbe: clean macvlan MAC filter table on VF reset (Emil Tantilov) [Orabug: 26339150] - ixgbe: Acquire PHY semaphore before device reset (Paul Greenwalt) [Orabug: 26339150] - ixgbe: Fix output from ixgbe_dump (Alexander Duyck) [Orabug: 26339150] - ixgbe: add check for VETO bit when configuring link for KR (Tony Nguyen) [Orabug: 26339150] - ixgbe: Remove unused define (Don Skidmore) [Orabug: 26339150] - ixgbe: do not use adapter->num_vfs when setting VFs via module parameter (Emil Tantilov) [Orabug: 26339150] - ixgbe: return early instead of wrap block in if statement (Emil Tantilov) [Orabug: 26339150] - ixgbe: move num_vfs_macvlans allocation into separate function (Emil Tantilov) [Orabug: 26339150] - ixgbe: add default setup_link for x550em_a MAC type (Emil Tantilov) [Orabug: 26339150] - ixgbe: list X553 backplane speeds correctly (Don Skidmore) [Orabug: 26339150] - ixgbe: Add X552 XFI backplane support (Don Skidmore) [Orabug: 26339150] - ixgbe: Complete support for X553 sgmii (Don Skidmore) [Orabug: 26339150] - ixgbe: Remove driver config for KX4 PHY (Tony Nguyen) [Orabug: 26339150] - ixgbe: Remove pr_cont uses (Joe Perches) [Orabug: 26339150] - ixgbe: Avoid Tx hang by not allowing more than the number of VFs supported. (Usha Ketineni) [Orabug: 26339150] - ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines (Alexander Duyck) [Orabug: 26339150] - ixgbe: update the rss key on h/w, when ethtool ask for it (Paolo Abeni) [Orabug: 26339150] - ixgbe: Dont bother clearing buffer memory for descriptor rings (Alexander Duyck) [Orabug: 26339150] - ixgbe: Add private flag to control buffer mode (Alexander Duyck) [Orabug: 26339150] - ixgbe: Add support for padding packet (Alexander Duyck) [Orabug: 26339150] - ixgbe: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26339150] - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (Alexander Duyck) - ixgbe: Only DMA sync frame length (Alexander Duyck) [Orabug: 26339150] - ixgbe: Update version to reflect added functionality (Mark Rustad) [Orabug: 26339150] - ixgbe: prefix Data Center Bridge ops struct (Stephen Hemminger) [Orabug: 26339150] - ixgbe: Support 2.5Gb and 5Gb speed (Tony Nguyen) [Orabug: 26339150] - ixgbevf: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] - ixgbe: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] - ixgbe: Add PF support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] - ixgbevf: Add support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] - ixgbe: Implement support for firmware-controlled PHYs (Mark Rustad) [Orabug: 26339150] - ixgbe: Implement firmware interface to access some PHYs (Mark Rustad) [Orabug: 26339150] - ixgbe: Remove unused firmware version functions and method (Mark Rustad) [Orabug: 26339150] - ixgbe: Fix issues with EEPROM access (Mark Rustad) [Orabug: 26339150] - ixgbe: Configure advertised speeds correctly for KR/KX backplane (Don Skidmore) [Orabug: 26339150] - ixgbevf: restore hw_addr on resume or error (Emil Tantilov) [Orabug: 26339150] - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Yusuke Suzuki) [Orabug: 26339150] - ixgbevf: fix AER error handling (Emil Tantilov) [Orabug: 26339150] - ixgbe: fix AER error handling (Emil Tantilov) [Orabug: 26339150] - ixgbe: test for trust in macvlan adjustments for VF (Ken Cox) [Orabug: 26339150] - ixgbevf: handle race between close and suspend on shutdown (Emil Tantilov) [Orabug: 26339150] - ixgbe: handle close/suspend race with netif_device_detach/present (Emil Tantilov) [Orabug: 26339150] - ixgbe: Fix reporting of 100Mb capability (Tony Nguyen) [Orabug: 26339150] - ixgbe: Reduce I2C retry count on X550 devices (Tony Nguyen) [Orabug: 26339150] - ixgbe: Add bounds check for x540 LED functions (Tony Nguyen) [Orabug: 26339150] - ixgbe: add mask for 64 RSS queues (Emil Tantilov) [Orabug: 26339150] - ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset (Tony Nguyen) [Orabug: 26339150] - ixgbe: Report driver version to firmware for x550 devices (Tony Nguyen) [Orabug: 26339150] - ixgbe: do not disable FEC from the driver (Emil Tantilov) [Orabug: 26339150] - net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26258518] - net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26258518] - net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26258518] - net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26258518] - IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304670] - uek-config: disable CONFIG_MOUSE_PS2_VMMOUSE for ol6 (Ethan Zhao) [Orabug: 26264650] - igb: missing rtnl_unlock in igb_sriov_reinit() (Vasily Averin) [Orabug: 26242904] - igb: bump version to igb-5.4.0 (Todd Fujinaka) [Orabug: 26242904] - igbvf: bump version to igbvf-2.4.0 (Todd Fujinaka) [Orabug: 26242904] - igb: fix non static symbol warning (Wei Yongjun) [Orabug: 26242904] - igb: fix error code in igb_add_ethtool_nfc_entry() (Gangfeng Huang) [Orabug: 26242904] - igb: support RX flow classification by VLAN priority (Gangfeng Huang) [Orabug: 26242904] - igb: support RX flow classification by ethertype (Gangfeng Huang) [Orabug: 26242904] - igb: add support of RX network flow classification (Gangfeng Huang) [Orabug: 26242904] - igb: fix adjusting PTP timestamps for Tx/Rx latency (Kshitiz Gupta) [Orabug: 26242904] - igb: Only DMA sync frame length (Andrew Lunn) [Orabug: 26242904] - igb: call igb_ptp_suspend during suspend/resume cycle (Jacob Keller) [Orabug: 26242904] - igb: implement igb_ptp_suspend (Jacob Keller) [Orabug: 26242904] - igb: re-use igb_ptp_reset in igb_ptp_init (Jacob Keller) [Orabug: 26242904] - igb: introduce IGB_PTP_OVERFLOW_CHECK flag (Jacob Keller) [Orabug: 26242904] - igb: introduce ptp_flags variable and use it to replace IGB_FLAG_PTP (Jacob Keller) [Orabug: 26242904] - igbvf: use BIT() macro instead of shifts (Jacob Keller) [Orabug: 26242904] - igbvf: remove unused variable and dead code (Jacob Keller) [Orabug: 26242904] - igb: adjust PTP timestamps for Tx/Rx latency (Nathan Sullivan) [Orabug: 26242904] - igb: make igb_update_pf_vlvf static (Jacob Keller) [Orabug: 26242904] - igb: use BIT() macro or unsigned prefix (Jacob Keller) [Orabug: 26242904] - Revert 'igb: Fix a deadlock in igb_sriov_reinit' (Arika Chen) [Orabug: 26242904] - igb: Garbled output for 'ethtool -m' (Doron Shikmoni) [Orabug: 26242904] - igb: allow setting MAC address on i211 using a device tree blob (John Holland) [Orabug: 26242904] - igb: Fix sparse warning about passing __beXX into leXX_to_cpup (Alexander Duyck) [Orabug: 26242904] - igb: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26242904] - igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [Orabug: 26242904] - igbvf: remove 'link is Up' message when registering mcast address (Jon Maxwell) [Orabug: 26242904] - igbvf: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] - igb: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] - igb: rename igb define to be more generic (Todd Fujinaka) [Orabug: 26242904] - igb: add conditions for I210 to generate periodic clock output (Roland Hii) [Orabug: 26242904] - igb: enable WoL for OEM devices regardless of EEPROM setting (Todd Fujinaka) [Orabug: 26242904] - igb: constify e1000_phy_operations structure (Julia Lawall) [Orabug: 26242904] - igb: When GbE link up, wait for Remote receiver status condition (Takuma Ueba) [Orabug: 26242904] - igb: Add workaround for VLAN tag stripping on 82576 (Alexander Duyck) [Orabug: 26242904] - igb: Enable use of 'bridge fdb add' to set unicast table entries (Alexander Duyck) [Orabug: 26242904] - igb: Drop unnecessary checks in transmit path (Alexander Duyck) [Orabug: 26242904] - igb: Add support for VLAN promiscuous with SR-IOV and NTUPLE (Alexander Duyck) [Orabug: 26242904] - igb: Clean-up configuration of VF port VLANs (Alexander Duyck) [Orabug: 26242904] - igb: Merge VLVF configuration into igb_vfta_set (Alexander Duyck) [Orabug: 26242904] - igb: Always enable VLAN 0 even if 8021q is not loaded (Alexander Duyck) [Orabug: 26242904] - igb: Do not factor VLANs into RLPML calculation (Alexander Duyck) [Orabug: 26242904] - igb: Allow asymmetric configuration of MTU versus Rx frame size (Alexander Duyck) [Orabug: 26242904] - igb: Refactor VFTA configuration (Alexander Duyck) [Orabug: 26242904] - igb: clean up code for setting MAC address (Alexander Duyck) [Orabug: 26242904] - igb/igbvf: dont give up (Mitch Williams) [Orabug: 26242904] - igb: Unpair the queues when changing the number of queues (Shota Suzuki) [Orabug: 26242904] - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (Shota Suzuki) [Orabug: 26242904] - igb: Explicitly label self-test result indices (Joe Schultz) [Orabug: 26242904] - igb: Improve cable length function for I210, etc. (Joe Schultz) [Orabug: 26242904] - igb: Dont add PHY address to PCDL address (Aaron Sierra) [Orabug: 26242904] - igb: Remove GS40G specific defines/functions (Aaron Sierra) [Orabug: 26242904] - igb: improve handling of disconnected adapters (Jarod Wilson) [Orabug: 26242904] - igb: fix NULL derefs due to skipped SR-IOV enabling (Jan Beulich) [Orabug: 26242904] - igb: use the correct i210 register for EEMNGCTL (Todd Fujinaka) [Orabug: 26242904] - igb: dont unmap NULL hw_addr (Jarod Wilson) [Orabug: 26242904] - igb: add 88E1543 initialization code (Todd Fujinaka) [Orabug: 26242904] - net: igb: avoid using timespec (Arnd Bergmann) [Orabug: 26242904] - igb: assume MSI-X interrupts during initialization (Stefan Assmann) [Orabug: 26242904] - igbvf: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26242904] - igb: make sure SR-IOV init uses the right number of queues (Todd Fujinaka) [Orabug: 26242904] - igbvf: clear buffer_info->dma after dma_unmap_single() (Stefan Assmann) [Orabug: 26242904] - igb: Fix a memory leak in igb_probe (Jia-Ju Bai) [Orabug: 26242904] - igb: Fix a deadlock in igb_sriov_reinit (Jia-Ju Bai) [Orabug: 26242904] - igb: Teardown SR-IOV before unregister_netdev() (Alex Williamson) [Orabug: 26242904] - igb: add support for 1512 PHY (Todd Fujinaka) [Orabug: 26242904] - igb: implement high frequency periodic output signals (Richard Cochran) [Orabug: 26242904] - blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321954] - Documentation/sparc: Steps for sending break on sunhv console (Vijay Kumar) [Orabug: 26322031] - sparc64: Send break twice from console to return to boot prom (Vijay Kumar) [Orabug: 26322031] - sparc64: Migrate hvcons irq to panicked cpu (Vijay Kumar) [Orabug: 26322031] - sparc64: Set cpu state to offline when stopped (Vijay Kumar) [Orabug: 26322031] - dtrace: io provider probes for nfs (Nicolas Droux) [Orabug: 26145701] - ctf: fix a variety of memory leaks and use-after-free bugs (Nick Alcock) [Orabug: 26323755] - DTrace: IP provider use-after-free for drop-out probe points (Alan Maguire) [Orabug: 25924594] - net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265801] - nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26284735] - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26284735] - nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26284735] - nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26284735] - percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26290757] - percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26290757] - percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26290757] - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26290757] - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26290757] - block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26290757] - vfio/pci: Fix unsigned comparison overflow (Alex Williamson) - restore mutex_lock() call to blk_mq_freeze_queue_start() (Dan Duval) [Orabug: 26266917] - sparc64: mm: fix copy_tsb to correctly copy huge page TSBs (Mike Kravetz) [Orabug: 26273004] - nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26284603] - nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26284626] - IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 26290377] - btrfs: fix clone / extent-same deadlocks (Mark Fasheh) [Orabug: 26093112] - btrfs: dont update mtime/ctime on deduped inodes (Mark Fasheh) [Orabug: 26093112] - btrfs: allow dedupe of same inode (Mark Fasheh) [Orabug: 26093112] - btrfs: fix deadlock with extent-same and readpage (Mark Fasheh) [Orabug: 26093112] - btrfs: pass unaligned length to btrfs_cmp_data() (Mark Fasheh) [Orabug: 26093112] - Fix Express lane queue creation. (James Smart) [Orabug: 26102276] - uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26185792] [Orabug: 25983319] - rds: tcp: fix memory leak in TIME_WAIT sockets (Sowmini Varadhan) [Orabug: 26189892] - rds: tcp: canonical connection order for all paths with index > 0 (Sowmini Varadhan) [Orabug: 25436912] - rds: tcp: allow progress of rds_conn_shutdown if the rds_connection is marked ERROR by an intervening FIN (Sowmini Varadhan) [Orabug: 25436912] - Backport multipath RDS from upstream to UEK4 (Sowmini Varadhan) [Orabug: 25436912] [4.1.12-103.2.1] - uek-rpm: enable bnxt driver for sparc (Allen Pais) [Orabug: 26222502] - uek-rpm: set CONFIG_FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 26222494] - sparc: Fix kernel BUG at arch/sparc/kernel/mdesc.c (Thomas Tai) - sparc64: allocate sufficient space for machine description (Thomas Tai) [Orabug: 26222471] - sparc64/mlx4_core: relaxed order for mlx4_core dma mappings (Shamir Rabinovitch) [Orabug: 26222434] - xsigo: UEK4-QU5: poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199200] - NVMe: During NVMe probe, get NVMe device information before mapping the device (Ashok Vairavan) [Orabug: 26194850] - sparc64: Fix an error code returned by a DAX ioctl (Sanath Kumar) [Orabug: 26190999] - sparc64: fix M8 ADI support (Anthony Yznaga) [Orabug: 26190997] [4.1.12-103.1.1] - Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088208] - scsi: megaraid_sas: Driver version upgrade (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: array overflow in megasas_dump_frame() (Dan Carpenter) [Orabug: 26096381] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Indentation and smatch warning fixes (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Increase internal command pool (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Bail out the driver load if ld_list_query fails (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: update can_queue only if the new value is less (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: avoid unaligned access in ioctl path (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: big endian support changes (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Big endian RDPQ mode fix (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: MR_TargetIdToLdGet u8 to u16 and avoid invalid raid-map access (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: In validate raid map, raid capability is not converted to cpu format for all lds (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: reduce size of fusion_context and use vmalloc if kmalloc fails (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: add print in device removal path (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: enhance debug logs in OCR context (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: set residual bytes count during IO completion (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: raid 1 write performance for large io (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: change issue_dcmd to return void from int (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: megasas_get_request_descriptor always return valid desc (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Use DID_REQUEUE (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: RAID map is accessed for SYS PDs when use_seqnum_jbod_fp is not set (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Refactor MEGASAS_IS_LOGICAL macro using sdev (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: 32 bit descriptor fire cmd optimization (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: raid 1 fast path code optimize (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: cpu select rework. (Shivasharan S) [Orabug: 26096381] - Revert 'scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth' (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: driver version upgrade (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: ldio_outstanding variable is not decremented in completion path (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: 128 MSIX Support (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: sd: Check for unaligned partial completion (Damien Le Moal) [Orabug: 26178369] - PCI/AER: include header file (Sudip Mukherjee) [Orabug: 25130845] - NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 25258071] - nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 25130845] - nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 25130845] - nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 25130845] - nvme.h: add AER constants (Christoph Hellwig) [Orabug: 25130845] - nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 25130845] - nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 25130845] - nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 25130845] - NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 25130845] - NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 25130845] - NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 25130845] - NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 25130845] - NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25186219] - nvme: Limit command retries (Keith Busch) [Orabug: 25130845] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138123] - NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 25130845] - nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 25130845] - nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 25130845] - nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 25130845] - blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 25130845] - NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 25130845] - NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 25130845] - NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 25130845] - NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 25130845] - NVMe: Unbind driver on failure (Keith Busch) [Orabug: 25130845] - NVMe: Delete only created queues (Keith Busch) [Orabug: 25130845] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] - nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 25130845] - nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 25130845] - NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 25130845] - nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 25130845] - nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 25130845] - nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 25130845] - nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 25130845] - nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 25130845] - NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 25130845] - NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 25130845] - NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 25130845] - nvme: fix cntlid type (Christoph Hellwig) [Orabug: 25130845] - nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 25130845] - nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 25130845] - NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 25130845] - NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 25130845] - block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 25130845] - nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 25130845] - NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 25130845] - nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 25130845] - block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 25130845] - nvme: rewrite discard support (Ming Lin) [Orabug: 25130845] - nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 25130845] - nvme: add missing lock nesting notation (Ming Lin) [Orabug: 25130845] - NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 25130845] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] - nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 25130845] - NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 25130845] - NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 25130845] - nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 25130845] - nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 25130845] - NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 25130845] - NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 25130845] - NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 25130845] - NVMe: Simplify device reset failure (Keith Busch) [Orabug: 25130845] - NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 25130845] - NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 25130845] - nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 25130845] - nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 25130845] - nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 25130845] - nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 25130845] - nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 25130845] - nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 25130845] - NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 25130845] - NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 25130845] - NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 25130845] - NVMe: Allow request merges (Keith Busch) [Orabug: 25130845] - NVMe: Fix io incapable return values (Keith Busch) [Orabug: 25130845] - nvme: split pci module out of core module (Ming Lin) [Orabug: 25130845] - nvme: split dev_list_lock (Ming Lin) [Orabug: 25130845] - nvme: move timeout variables to core.c (Ming Lin) [Orabug: 25130845] - nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 25130845] - nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 25130845] - nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 25130845] - NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 25130845] - nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 25130845] - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25130845] - NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 25130845] - NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 25130845] - NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 25130845] - NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 25130845] - NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 25130845] - NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 25130845] - nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 25130845] - nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 25130845] - nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 25130845] - nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 25130845] - NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 25130845] - NVMe: Add pci error handlers (Keith Busch) [Orabug: 25130845] - nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 25130845] - nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 25130845] - nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 25130845] - nvme: simplify completion handling (Christoph Hellwig) [Orabug: 25130845] - nvme: special case AEN requests (Christoph Hellwig) [Orabug: 25130845] - nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 25130845] - nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 25130845] - NVMe: Simplify metadata setup (Keith Busch) [Orabug: 25130845] - NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 25130845] - NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 25130845] - nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 25130845] - nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 25130845] - nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 25130845] - nvme: simplify resets (Christoph Hellwig) [Orabug: 25130845] - nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 25130845] - nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 25130845] - nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 25130845] - nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 25130845] - nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 25130845] - nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 25130845] - nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] - nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 25130845] - nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 25130845] - nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 25130845] - nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 25130845] - nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 25130845] - nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 25130845] - nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 25130845] - nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 25130845] - nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 25130845] - nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 25130845] - nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 25130845] - nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 25130845] - nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 25130845] - nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 25130845] - nvme: use offset instead of a struct for registers (Christoph Hellwig) - nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 25130845] - nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 25130845] - NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] - Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 25130845] - nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 25130845] - block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 25130845] - block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 25130845] - NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 25130845] - nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 25130845] - nvme include linux types.h (Christoph Hellwig) [Orabug: 25130845] - nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 25130845] - NVMe: Set affinity after allocating request queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (Keith Busch) [Orabug: 25130845] - NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 25130845] - NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 25130845] - NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 25130845] - Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 25130845] - Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) - Revert 'nvme: Limit command retries' (Ashok Vairavan) - Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) - Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) - Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) - Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) - forcedeth: enable forcedeth kernel option (Zhu Yanjun) [Orabug: 25571921] - ipmi: Edit ambiguous error message for unknown command (Atish Patra) [Orabug: 25461958] - kabi whitelist: Remove all ib_ symbols from the list. (Knut Omang) [Orabug: 25955825] - ext4: print ext4 mount option data_err=abort correctly (Ales Novak) [Orabug: 25691020] - IB/sa: Allocate SA query with kzalloc (Kaike Wan) [Orabug: 26124118] - IB/sa: Fix netlink local service GFP crash (Kaike Wan) [Orabug: 26124118] - IB/sa: Fix rdma netlink message flags (Kaike Wan) [Orabug: 26124118] - IB/sa: Put netlink request into the request list before sending (Kaike Wan) [Orabug: 26124118] - IB/core: Fix a potential array overrun in CMA and SA agent (Yuval Shaia) [Orabug: 26124118] - IB/SA: Use correct free function (Mark Bloch) [Orabug: 26124118] - IB/sa: Route SA pathrecord query through netlink (Kaike Wan) [Orabug: 26124118] - IB/core: Add rdma netlink helper functions (Kaike Wan) [Orabug: 26124118] - IB/netlink: Add defines for local service requests through netlink (Kaike Wan) [Orabug: 26124118] - scsi: mpt3sas: remove redundant wmb (Sinan Kaya) [Orabug: 26096353] - scsi: mpt3sas: Updating driver version to v15.100.00.00 (Chaitra P B) [Orabug: 26096353] - scsi: mpt3sas: Fix for Crusader to achieve product targets with SAS devices. (Chaitra P B) [Orabug: 26096353] - scsi: mpt3sas: Fix Firmware fault state 0x2100 during heavy 4K RR FIO stress test. (Chaitra P B) [Orabug: 26096353] - scsi: mpt3sas: Added print to notify cable running at a degraded speed. (Chaitra P B) [Orabug: 26096353] - xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26072430] - qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 26021151] - Btrfs: dont BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25975316] - Btrfs: clarify do_chunk_alloc()s return value (Liu Bo) [Orabug: 25975316] - btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25975316] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25955089] - xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] - uek-rpm: configs: enable CONFIG_ACPI_NFIT (Todd Vierling) [Orabug: 25719149] - ipv6: Dont use ufo handling on later transformed packets (Jakub Sitnicki) [Orabug: 25533743] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308} - fs/file.c: __fget() and dup2() atomicity rules (Eric Dumazet) [Orabug: 25408921] - IB/ipoib: add get_settings in ethtool (Zhu Yanjun) [Orabug: 25048521] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26081079] - Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] - Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25975223] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895} - sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (Dave Kleikamp) [Orabug: 25491970] - sparc64: cache_line_size() returns larger value for cache line size. (chris hyser) - sparc64: fix inconsistent printing of handles in debug messages (Menno Lageman) - sparc64: set the ISCNTRLD bit for SP service handles (Menno Lageman) [Orabug: 25983868] - sparc64: DAX recursive lock removed (Rob Gardner) [Orabug: 26103487] - sparc/ftrace: Fix ftrace graph time measurement (Liam R. Howlett) [Orabug: 25995351] - sparc64: Increase max_phys_bits to 51 for M8. (Vijay Kumar) [Orabug: 25808647] - sparc64: 5-Level page table support for sparc (Vijay Kumar) [Orabug: 26076110] [Orabug: 25808647] - mm, gup: fix typo in gup_p4d_range() (Kirill A. Shutemov) [Orabug: 25808647] - mm: introduce __p4d_alloc() (Kirill A. Shutemov) [Orabug: 25808647] - mm: convert generic code to 5-level paging (Vijay Kumar) [Orabug: 25808647] (Vijay Kumar) [Orabug: 25808647] - arch, mm: convert all architectures to use 5level-fixup.h (Vijay Kumar) [Orabug: 25808647] - asm-generic: introduce __ARCH_USE_5LEVEL_HACK (Kirill A. Shutemov) [Orabug: 25808647] - asm-generic: introduce 5level-fixup.h (Kirill A. Shutemov) [Orabug: 25808647] - sparc64: prevent sunvdc from sending duplicate vdisk requests (Jag Raman) [Orabug: 25866770] - ldmvsw: stop the clean timer at beginning of remove (Shannon Nelson) [Orabug: 25748241] - sparc64: set CONFIG_EFI in config (Eric Snowberg) [Orabug: 26037358] - sparc64: /sys/firmware/efi missing during EFI boot (Eric Snowberg) [Orabug: 26037358] - Allow default value of npools used for iommu to be configured from cmdline (Allen Pais) - SPARC64: Add Linux vds driver Device ID support for Solaris guest boot (George Kennedy) [Orabug: 25836231] - sparc64: Remove locking of huge pages in DAX driver (Sanath Kumar) [Orabug: 25968141] - ldmvsw: unregistering netdev before disable hardware (Thomas Tai) - arch/sparc: Measure receiver forward progress to avoid send mondo timeout (Jane Chu) [Orabug: 25476541] - sparc64: update DAX submit to latest HV spec (Jonathan Helman) [Orabug: 25927558] - arch/sparc: increase CONFIG_NODES_SHIFT on SPARC to 5 (Jane Chu) [Orabug: 25577754] - arch/sparc: support NR_CPUS = 4096 (jane Chu) [Orabug: 25505750] - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 25973797] - sparc64: fix fault handling in NGbzero.S and GENbzero.S (Dave Aldridge) [Orabug: 25577560] - sparc64: modify sys_dax.h for new libdax (Jonathan Helman) [Orabug: 25927572] - bnx2x: Align RX buffers (Scott Wood) [Orabug: 25806778] - PCI: Fix unaligned accesses in VC code (David Miller) [Orabug: 25806778] - sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL (Daniel Jordan) [Orabug: 25830041] - lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined (Babu Moger) - config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc (Babu Moger) - sparc64: fix cdev_put() use-after-free when unbinding an LDom (Thomas Tai) [Orabug: 25911389] - sparc64: change DAX CCB_EXEC ENOBUFS print to debug (Jonathan Helman) [Orabug: 25927528] - xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 26107942] - xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 26107942] - xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 26107942] - xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 26107942] - xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 26107942] - xen-netfront: add rx page statistics (Joao Martins) [Orabug: 26107942] - xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 26107942] - xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 26107942] - xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 26107942] - xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 26107942] - xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 26107942] - xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 26107942] - xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 26107942] - include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 26107942] - xen-netback: fix type mismatch warning (Arnd Bergmann) - xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) - xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) - xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) - xen-netback: process guest rx packets in batches (David Vrabel) - xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) - xen-netback: refactor guest rx (David Vrabel) - xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) - xen-netback: separate guest side rx code into separate module (Paul Durrant) - x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 26107942] - Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25970637] - Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25970637] - Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25970637] - Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25970637] - Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25970637] - Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) [Orabug: 25970637] - Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25970637] - RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 25920916] - mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 25912737] - sched/wait: Fix the signal handling fix (Peter Zijlstra) [Orabug: 25908266] - sparc64: Fix mapping of 64k pages with MAP_FIXED (Nitin Gupta) [Orabug: 25885991] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229} - net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar) [Orabug: 25873690] - Revert 'restrict /dev/mem to idle io memory ranges' (Chuck Anderson) [Orabug: 25832750] - I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25831471] - xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] - mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 25440329] - xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] - xen: events: Replace BUG() with BUG_ON() (Shyam Saini) - xen: remove stale xs_input_avail() from header (Juergen Gross) - xen: return xenstore command failures via response instead of rc (Juergen Gross) - xen: xenbus driver must not accept invalid transaction ids (Juergen Gross) - xen/evtchn: use rb_entry() (Geliang Tang) - xen/setup: Dont relocate p2m over existing one (Ross Lagerwall) - xen/balloon: Only mark a page as managed when it is released (Ross Lagerwall) - xen/scsifront: dont request a slot on the ring until request is ready (Juergen Gross) - xen/x86: Increase xen_e820_map to E820_X_MAX possible entries (Alex Thorlton) - x86: Make E820_X_MAX unconditionally larger than E820MAX (Alex Thorlton) - xen/pci: Bubble up error and fix description. (Konrad Rzeszutek Wilk) - xen: xenbus: set error code on failure (Pan Bian) - xen: set error code on failures (Pan Bian) - xen/events: use xen_vcpu_id mapping for EVTCHNOP_status (Vitaly Kuznetsov) - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (Boris Ostrovsky) - tpm xen: Remove bogus tpm_chip_unregister (Jason Gunthorpe) - xen-scsifront: Add a missing call to kfree (Quentin Lambert) - xenfs: Use proc_create_mount_point() to create /proc/xen (Seth Forshee) - xen-netback: fix error handling output (Arnd Bergmann) - xen: make use of xenbus_read_unsigned() in xenbus (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-pciback (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-fbfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-scsifront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-pcifront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-netfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-netback (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-kbdfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-tpmfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-blkfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-blkback (Juergen Gross) - xen: introduce xenbus_read_unsigned() (Juergen Gross) - xen-netfront: cast grant table reference first to type int (Dongli Zhang) - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) - xenbus: check return value of xenbus_scanf() (Jan Beulich) - xenbus: prefer list_for_each() (Jan Beulich) - xenbus: advertise control feature flags (Juergen Gross) - xen/pciback: support driver_override (Juergen Gross) - xen/pciback: avoid multiple entries in slot list (Juergen Gross) - xen/pciback: simplify pcistub device handling (Juergen Gross) - x86/xen: add missing at end of printk warning message (Colin Ian King) - xen-netfront: avoid packet loss when ethernet header crosses page boundary (Vitaly Kuznetsov) - xen: Sync xen header (Juergen Gross) - xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() (Markus Elfring) - xen: Make VPMU init message look less scary (Juergen Gross) - xen: rename xen_pmu_init() in sys-hypervisor.c (Juergen Gross) - kexec: allow kdump with crash_kexec_post_notifiers (Petr Tesarik) - xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 (Jan Beulich) - proc: Allow creating permanently empty directories that serve as mount points (Eric W. Biederman) - xen: Resume PMU from non-atomic context (Boris Ostrovsky) [4.1.12-102] - Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 25829233] - Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 25829233] - Drivers: hv: vss: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] - Drivers: hv: vss: switch to using the hvutil_device_state state machine (Vitaly Kuznetsov) [Orabug: 25819105] - Drivers: hv: vss: process deferred messages when we complete the transaction (Vitaly Kuznetsov) [Orabug: 25819105] - Drivers: hv: kvp: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] - Revert 'ipv4: use skb coalescing in defragmentation' (Florian Westphal) [Orabug: 25819103] - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184} - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25802913] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345} - ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347} - udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347} - udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986} - ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208} - ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208} - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208} - ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208} - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583} - gfs2: fix slab corruption during mounting and umounting gfs file system (Thomas Tai) - gfs2: handle NULL rgd in set_rgrp_preferences (Abhi Das) [Orabug: 25791662] - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644} - sched/wait: Fix signal handling in bit wait helpers (Peter Zijlstra) [Orabug: 25416990] - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187} - xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25747721] - xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25747721] - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669} [4.1.12-101] - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088} - tcp: fix potential memory corruption (Eric Dumazet) [Orabug: 25140382] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910} - xfs: Correctly lock inode when removing suid and file capabilities (Jan Kara) [Orabug: 24803533] - fs: Call security_ops->inode_killpriv on truncate (Jan Kara) [Orabug: 24803533] - fs: Provide function telling whether file_remove_privs() will do anything (Jan Kara) [Orabug: 24803533] - fs: Rename file_remove_suid() to file_remove_privs() (Jan Kara) [Orabug: 24803533] - IB/uverbs: Fix leak of XRC target QPs (Tariq Toukan) [Orabug: 24761732] - Some unsupported ioctls get logged unnecessarily (Venkat Venkatsubra) [Orabug: 24510137] - IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 25993951] - dtrace: improve io provider coverage (Nicolas Droux) [Orabug: 25816537] [4.1.12-100] - ol7/config: enable nf_tables packet duplication support (Ethan Zhao) [Orabug: 24694570] - netfilter: nf_dup: add missing dependencies with NF_CONNTRACK (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: nf_tables: add nft_dup expression (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: factor out packet duplication for IPv4/IPv6 (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: xt_TEE: get rid of WITH_CONNTRACK definition (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: move tee_active to core (Florian Westphal) [Orabug: 24694570] - ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags (Martin KaFai Lau) [Orabug: 24694570] - ext4: Fix data exposure after failed AIO DIO (Jan Kara) [Orabug: 24393811] - xfs: fold xfs_vm_do_dio into xfs_vm_direct_IO (Christoph Hellwig) [Orabug: 24393811] - xfs: dont use ioends for direct write completions (Christoph Hellwig) [Orabug: 24393811] - direct-io: always call ->end_io if non-NULL (Christoph Hellwig) [Orabug: 24393811] - Btrfs: send, fix failure to rename top level inode due to name collision (Robbie Ko) [Orabug: 25994280] - PCI: Check pref compatible bit for mem64 resource of PCIe device (Yinghai Lu) [Orabug: 22855133] - OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Keep resource idx order with bridge register number (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Reserve legacy mmio after PCI mmio (Yinghai Lu) [Orabug: 22855133] - PCI: Add pci_find_bus_resource() (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Use correct offset for bus address to resource (Yinghai Lu) [Orabug: 22855133] - PCI: Remove __pci_mmap_make_offset() (Yinghai Lu) [Orabug: 22855133] - PCI: Let pci_mmap_page_range() take resource address (Yinghai Lu) [Orabug: 22855133] - PCI: Fix proc mmap on sparc (Yinghai Lu) [Orabug: 22855133] - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (Bjorn Helgaas) [Orabug: 22855133] - Revert 'sparc/PCI: Use correct bus address to resource offset' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Unify pci_register_region()' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Reserve legacy mmio after PCI mmio' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Keep resource idx order with bridge register number' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: kill wrong quirk about M7101' (Khalid Aziz) [Orabug: 22855133] - Revert 'OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Add has_mem64 for struct host_bridge' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Restore pref MMIO allocation logic for host bridge without mmio64' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc: Accommodate mem64_offset != mem_offset in pbm configuration' (Khalid Aziz) [Orabug: 22855133] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975482] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975482] - target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 25791789] - target: simplify backend driver registration (Christoph Hellwig) [Orabug: 25791789] - x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 25948913] - x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 25948913] - x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 25948913] - perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 25948913] - perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 25948913] - x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] - dtrace: proc:::exit should trigger only if thread group exits (Tomas Jedlicka) [Orabug: 25904298] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273} - ctf: prevent modules on the dedup blacklist from sharing any types at all (Nick Alcock) [Orabug: 26137220] - ctf: emit bitfields in in-memory order (Nick Alcock) [Orabug: 25815129] - ctf: bitfield support (Nick Alcock) [Orabug: 25815129] - ctf: emit file-scope static variables (Nick Alcock) [Orabug: 25962387] - ctf: speed up the dwarf2ctf duplicate detector some more (Nick Alcock) [Orabug: 25815306] - ctf: strdup() -> xstrdup() (Nick Alcock) [Orabug: 25815306] - ctf: speed up the dwarf2ctf duplicate detector (Nick Alcock) [Orabug: 25815306] - ctf: add module parameter to simple_dwfl_new() and adjust both callers (Nick Alcock) - ctf: fix the size of int and avoid duplicating it (Nick Alcock) [Orabug: 25815129] - ctf: allow overriding of DIE attributes: use it for parent bias (Nick Alcock) [Orabug: 25815129] - DTrace tcp/udp provider probes (Alan Maguire) [Orabug: 25815197] - dtrace: define DTRACE_PROBE_ENABLED to 0 when !CONFIG_DTRACE (Nick Alcock) [Orabug: 26145788] - dtrace: ensure limit is enforced even when pcs is NULL (Kris Van Hees) [Orabug: 25949692] - dtrace: make x86_64 FBT return probe detection less restrictive (Kris Van Hees) [Orabug: 25949048] - dtrace: support passing offset as arg0 to FBT return probes (Kris Van Hees) [Orabug: 25949086] - dtrace: make FBT entry probe detection less restrictive on x86_64 (Kris Van Hees) [Orabug: 25949030] - dtrace: adjust FBT entry probe dection for OL7 (Kris Van Hees) [Orabug: 25921361] [4.1.12-99] - Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25999937] - qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Pramont) [Orabug: 25908317] - Revert 'be2net: fix MAC addr setting on privileged BE3 VFs' (Somasundaram Krishnasamy) [Orabug: 25870303] - Revert 'be2net: fix initial MAC setting' (Somasundaram Krishnasamy) [Orabug: 25802842] - xfs: track and serialize in-flight async buffers against unmount (Brian Foster) [Orabug: 25550712] - xfs: exclude never-released buffers from buftarg I/O accounting (Brian Foster) [Orabug: 25550712] - dm era: save spacemap metadata root after the pre-commit (Somasundaram Krishnasamy) [Orabug: 25547820] - Btrfs: incremental send, do not issue invalid rmdir operations (Robbie Ko) [Orabug: 26000657] - x86/platform/uv/BAU: Remove __ro_after_init declaration (Somasundaram Krishnasamy) [Orabug: 25920237] - x86/platform: Remove warning message for duplicate NMI handlers (Mike Travis) [Orabug: 25920237] - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add wait_completion to bau_operations (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add status mmr location fields to bau_control (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add payload descriptor qualifier (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add uv_bau_version enumerated constants (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (Andrew Banman) [Orabug: 25920237] - fnic: Fixing sc abts status and flags assignment. (Satish Kharat) [Orabug: 25638880] - fnic: Adding debug IO, Abort latency counter and check condition count to fnic stats (Satish Kharat) [Orabug: 25638880] - fnic: Avoid false out-of-order detection for aborted command (Satish Kharat) [Orabug: 25638880] - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (Satish Kharat) [Orabug: 25638880] - fnic: minor white space changes (Satish Kharat) [Orabug: 25638880] - scsi: fnic: Avoid sending reset to firmware when another reset is in progress (Satish Kharat) [Orabug: 25638880] - ovl: Do d_type check only if work dir creation was successful (Vivek Goyal) [Orabug: 25802620] - ovl: Ensure upper filesystem supports d_type (Vivek Goyal) [Orabug: 25802620] - sparc64: Add hardware capabilities for M8 (Dave Aldridge) [Orabug: 25555746] - sparc64: Stop performance counter before updating (Dave Aldridge) [Orabug: 25441707] - sparc64: Fix a race condition when stopping performance counters (Dave Aldridge) [Orabug: 25441707] - arch/sparc: Use new misaligned load instructions for memcpy and copy_from_user (Allen Pais) [Orabug: 25381567] - arch/sparc: Add a separate kernel memcpy functions for M8 (Allen Pais) [Orabug: 25381567] - sparc64: perf: make sure we do not set the 'picnht' bit in the PCR (Dave Aldridge) [Orabug: 24926097] - sparc64: perf: move M7 pmu event definitions to seperate file (Dave Aldridge) [Orabug: 23333572] - sparc64: perf: add perf support for M8 devices (Dave Aldridge) [Orabug: 23333572] - sparc64: perf: Fix the mapping between perf events and perf counters (Dave Aldridge) [Orabug: 23333572] - SPARC64: Enable IOMMU bypass for IB (Allen Pais) [Orabug: 25573557] - SPARC64: Introduce IOMMU BYPASS method (Allen Pais) [Orabug: 25573557] - PCI: Add PCI IDs for Infiniband (Tushar Dave) [Orabug: 25573557] - sched/fair: Disable the task group load_avg update for the root_task_group (Waiman Long) [Orabug: 25544560] - sched/fair: Move the cache-hot 'load_avg' variable into its own cacheline (Atish Patra) [Orabug: 25544560] - sched/fair: Avoid redundant idle_cpu() call in update_sg_lb_stats() (Waiman Long) [Orabug: 25544560] - sched/fair: Clean up load average references (Atish Patra) [Orabug: 25544560] - sched/fair: Provide runnable_load_avg back to cfs_rq (Yuyang Du) [Orabug: 25544560] - sched/fair: Remove task and group entity load when they are dead (Yuyang Du) [Orabug: 25544560] - sched/fair: Init cfs_rqs sched_entity load average (Yuyang Du) [Orabug: 25544560] - sched/fair: Implement update_blocked_averages() for CONFIG_FAIR_GROUP_SCHED=n (Vincent Guittot) [Orabug: 25544560] - sched/fair: Rewrite runnable load and utilization average tracking (Atish Patra) [Orabug: 25544560] - sched/fair: Remove rqs runnable avg (Yuyang Du) [Orabug: 25544560] - sparc64: Allow enabling ADI on hugepages only (Khalid Aziz) [Orabug: 25969377] - sparc64: Save ADI tags on ADI enabled platforms only (Khalid Aziz) [Orabug: 25961592] - sparc64: increase FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 25448108] - sparc64: tsb size expansion (bob picco) [Orabug: 25448108] - sparc64: make tsb pointer computation symbolic (bob picco) [Orabug: 25448108] - sparc64: fix intermittent LDom hang waiting for vdc_port_up (Thomas Tai) - sparc64:block/sunvdc: Renamed bio variable name from req to bio (Vijay Kumar) [Orabug: 25128265] - sparc64:block/sunvdc: Added io stats accounting for bio based vdisk (Vijay Kumar) [Orabug: 25128265] - sparc64: Remove node restriction from PRIQ MSI assignments (chris hyser) [Orabug: 25110748] - blk-mq: Clean up all_q_list on request_queue deletion (chris hyser) [Orabug: 25569331] - sparc64: kern_addr_valid regression (bob picco) [Orabug: 25860542] [4.1.12-98] - sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25911008] - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25911008] [Orabug: 25931417] - sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997202] - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996411] - KVM: VMX: fix vmwrite to invalid VMCS (Radim Krcmar) - Revert 'i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter' (Brian Maly) [Orabug: 25877447] - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25888596] - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25835254] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] - Revert 'sparc64: DAX request for non 4MB memory should return with unique errno' (Allen Pais) - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25852910] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25835133] - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25827254] - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25820395] - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25870705] - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25820812] - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 23072809] - sparc64: fix an issue when trying to bring hotplug cpus online (Dave Aldridge) [Orabug: 25667277] - sparc64: Fix memory corruption when THP is enabled (Nitin Gupta) [Orabug: 25704426] - sparc64: Fix address range for page table free Orabug: 25704426 (Nitin Gupta) - sparc64: Add support for 2G hugepages (Nitin Gupta) [Orabug: 25704426] - sparc64: Fix size check in huge_pte_alloc (Nitin Gupta) [Orabug: 25704426] - sparc64: Fix build error in flush_tsb_user_page (Nitin Gupta) [Orabug: 25704426] - sparc64: Add 64K page size support (Nitin Gupta) [Orabug: 25704426] - sparc64: Remove xl-hugepages and add multi-page size support (Allen Pais) [Orabug: 25704426] - sparc64: do not dequeue stale VDS IO work entries (Jag Raman) [Orabug: 25455138] - SPARC64: Virtual Disk Device (vdsdev) Read-Only Option (options=ro) not working (George Kennedy) [Orabug: 23623853] - arch/sparc: Fix FPU register corruption with AES crypto test on M7 (Babu Moger) [Orabug: 25265878] - sunvnet: xoff not needed when removing port link (Shannon Nelson) [Orabug: 25190537] - sunvnet: count multicast packets (Shannon Nelson) [Orabug: 25190537] - sunvnet: track port queues correctly (Shannon Nelson) [Orabug: 25190537] - sunvnet: add stats to track ldom to ldom packets and bytes (Shannon Nelson) [Orabug: 25190537] - ldmvsw: better use of link up and down on ldom vswitch (Shannon Nelson) [Orabug: 25525312] - dtrace: fix handling of save_stack_trace sentinel (x86 only) (Kris Van Hees) [Orabug: 25727046] - dtrace: DTrace walltime lock-free implementation (Tomas Jedlicka) [Orabug: 25715256] [4.1.12-97] - megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] - sparc64: Restrict number of processes (Sanath Kumar) [Orabug: 24523680] - SPARC64: vds_blk_rw() does not handle drives with q->limits.chunk_sectors > 0 (George Kennedy) [Orabug: 25373818] - sparc64: Improve boot time by per cpu map update (Atish Patra) [Orabug: 25496463] - arch/sparc: memblock resizes are not handled properly (Pavel Tatashin) [Orabug: 25415396] - SPARC64: LDOM vnet 'Got unexpected MCAST reply' (George Kennedy) [Orabug: 24954702] - ldmvsw: disable tso and gso for bridge operations (Shannon Nelson) [Orabug: 23293104] - ldmvsw: update and simplify version string (Shannon Nelson) [Orabug: 23293104] - sunvnet: remove extra rcu_read_unlocks (Shannon Nelson) [Orabug: 23293104] - sunvnet: straighten up message event handling logic (Shannon Nelson) [Orabug: 23293104] - sunvnet: add memory barrier before check for tx enable (Shannon Nelson) [Orabug: 23293104] - sunvnet: update version and version printing (Shannon Nelson) [Orabug: 23293104] - sunvnet: remove unused variable in maybe_tx_wakeup (Sowmini Varadhan) [Orabug: 23293104] - sunvnet: make sunvnet common code dynamically loadable (Shannon Nelson) [Orabug: 23293104] - hwrng: n2 - update version info (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - support new hardware register layout (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - add device data descriptions (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - limit error spewage when self-test fails (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Anatoly Pugachev) [Orabug: 25127795] - tcp: fix tcp_fastopen unaligned access complaints on sparc (Shannon Nelson) [Orabug: 25163405] - vds: Add physical block support (Liam R. Howlett) [Orabug: 19420123] - sparc64: Add missing hardware capabilities for M7 (Dave Aldridge) [Orabug: 25555746] - SPARC64: Fix vds_vtoc_set_default debug with large disks (George Kennedy) [Orabug: 25423802] - sparc64: VDC threads in guest domain do not resume after primary domain reboot (Jag Raman) [Orabug: 25519961] - sunvdc: Add support for setting physical sector size (Liam R. Howlett) [Orabug: 19420123] - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 25641371] - SPARC64: VIO: Support for virtual-device MD node probing (Aaron Young) [Orabug: 24841906] [4.1.12-96] - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 257846022] [4.1.12-95] - PCI: hv: Microsoft changes in support of RHEL and UEK4 (Jake Oshins) [Orabug: 25507635] - Add the PCI Host driver into the UEK config files (Jack Vogel) [Orabug: 25507635] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12134 CVE-2017-1000365 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-103.3.8.1] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796363] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000251 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.7] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251} [3.8.13-118.19.6] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134} [3.8.13-118.19.5] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12134 CVE-2017-1000365 CVE-2017-1000251 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.8] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251} [2.6.39-400.297.7] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12134 CVE-2017-1000365 CVE-2017-1000251 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.9] - fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) [Orabug: 26870958] {CVE-2017-1000253} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000253 Oracle Linux 6 Oracle Linux 7 [4.1.12-103.7.3] - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26943541] {CVE-2017-7541} [4.1.12-103.7.2] - rebuild bumping release MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7541 Oracle Linux 6 Oracle Linux 7 [4.1.12-103.7.4] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011255] {CVE-2017-7542} - udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921320] {CVE-2017-1000112} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000112 CVE-2017-7542 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.10] - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176} [3.8.13-118.19.9] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111} [3.8.13-118.19.8] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000111 CVE-2017-11176 CVE-2017-7542 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.11] - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176} - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111} [2.6.39-400.297.10] - mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000111 CVE-2017-11176 CVE-2017-7542 Oracle Linux 6 Oracle Linux 7 [4.1.12-103.9.2] - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811] [4.1.12-103.9.1] - xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241] - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] {CVE-2017-14489} - nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26999097] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] {CVE-2017-7542} - udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] {CVE-2017-1000112} - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884] [4.1.12-103.8.1] - tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] {CVE-2017-10661} - kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154} - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26880590] {CVE-2017-7541} - crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] {CVE-2017-7618} - ovl: use O_LARGEFILE in ovl_copy_up() (David Howells) [Orabug: 25953280] - rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880508] {CVE-2017-7482} {CVE-2017-7482} - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] {CVE-2017-14106} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14106 CVE-2017-14489 CVE-2017-7482 CVE-2017-12154 CVE-2017-7618 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.12] - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] [3.8.13-118.19.11] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14489 CVE-2016-10044 CVE-2017-11473 CVE-2017-8831 CVE-2017-10661 CVE-2017-1000363 CVE-2017-1000380 CVE-2017-9077 CVE-2017-2671 CVE-2017-9075 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.12] - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14489 CVE-2016-10044 CVE-2017-11473 CVE-2017-8831 CVE-2017-10661 CVE-2017-7308 CVE-2017-1000363 CVE-2017-1000380 CVE-2017-9077 CVE-2017-9074 CVE-2017-9075 Oracle Linux 6 Oracle Linux 7 [4.1.12-103.9.4] - thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180] [4.1.12-103.9.3] - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618} - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192} - IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] - IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2618 CVE-2016-9191 CVE-2017-12192 Oracle Linux 6 Oracle Linux 7 [4.1.12-103.10.1] - mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879] {CVE-2017-1000405} - NFS: Add static NFS I/O tracepoints (Chuck Lever) - storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044692] - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] {CVE-2017-12190} - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038] {CVE-2017-12190} - packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649} - packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649} - net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649} - packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065] {CVE-2017-15649} - refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] {CVE-2017-15649} - locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649} - net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215225] {CVE-2017-16650} - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] {CVE-2017-16527} - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217] - ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129] - scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119628] - ocfs2: code clean up for direct io (Ryan Ding) - xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919] - KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062498] - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498] - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498] - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498] - uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] - thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180] - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618} - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192} - IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] - IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681] - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000405 CVE-2017-12190 CVE-2017-15649 CVE-2017-16527 CVE-2017-16650 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.1] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889} - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190} - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489} - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176} - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111} - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251} - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586047] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578198] {CVE-2017-9242} - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] {CVE-2017-7645} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12190 CVE-2017-7889 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.1] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] - RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671} - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190} - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489} - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176} - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111} - mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355] - fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) [Orabug: 26870958] {CVE-2017-1000253} - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251} - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586050] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586024] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578202] {CVE-2017-9242} - selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25721485] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 25875426] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891914] {CVE-2017-7273} - udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948102] {CVE-2014-9710} - net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686} - xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975513] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975513] - ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326145] {CVE-2017-1000364} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366024] {CVE-2017-7645} - dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug: 25645229] - xen/manage: Always freeze/thaw processes when suspend/resuming (Ross Lagerwall) [Orabug: 25795530] - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25955028] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12190 CVE-2017-2671 CVE-2017-7889 Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.1] - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (Eryu Guan) [Orabug: 27233471] [4.1.12-112.13.1] - cgroup: make sure a parent css isnt offlined before its children (Tejun Heo) [Orabug: 27179269] [4.1.12-112.12.1] - ctf: allow dwarf2ctf to run as root but produce no output (Nick Alcock) [Orabug: 27133094] - net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215221] {CVE-2017-16650} - ctf: fix thinko preventing linking of out-of-tree modules when CTF is off (Nick Alcock) [Orabug: 27215293] - Revert 'firmware: dmi_scan: add SBMIOS entry and DMI tables' (Dan Duval) [Orabug: 27100376] [4.1.12-112.11.1] - mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200880] {CVE-2017-1000405} - uek-rpm: Update linux firmware package for OL7 (Dhaval Giani) [Orabug: 27210206] - uek-rpm: Update firmware for OL6 UEK spec file (Dhaval Giani) [Orabug: 27210204] - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187218] - xen/time: do not decrease steal time after live migration on xen (Dongli Zhang) [Orabug: 26770163] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148272] {CVE-2017-16527} - scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call (Quinn Tran) [Orabug: 27149785] - scsi: qla2xxx: Initialize Work element before requesting IRQs (Himanshu Madhani) [Orabug: 27149785] - scsi: qla2xxx: Fix uninitialized work element (Quinn Tran) [Orabug: 27149785] [4.1.12-112.10.1] - Revert 'Improves clear_huge_page() using work queues' (Jack Vogel) [Orabug: 27055693] - packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649} - packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649} - net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069060] {CVE-2017-15649} - packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069060] {CVE-2017-15649} - refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069060] {CVE-2017-15649} - locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069060] {CVE-2017-15649} - scsi: qla2xxx: Fix slow mem alloc behind lock (Quinn Tran) [Orabug: 27100873] [4.1.12-112.9.1] - xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() (Jan Kara) [Orabug: 26862911] - xfs: Fix missed holes in SEEK_HOLE implementation (Jan Kara) [Orabug: 26862911] - ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff() (Jan Kara) [Orabug: 26862911] - ext4: fix SEEK_HOLE (Jan Kara) [Orabug: 26862911] - rtc: cmos: century support (Sylvain Chouleur) [Orabug: 27025943] - ocfs2: code clean up for direct io (Ryan Ding) [Orabug: 27117733] - scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119610] - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 26326914] [4.1.12-112.8.1] - uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] - uek-rpm: Add more missing modules to OL7 ueknano (Somasundaram Krishnasamy) [Orabug: 27028326] - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069034] {CVE-2017-12190} - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069034] {CVE-2017-12190} - usb: Quiet down false peer failure messages (Don Zickus) [Orabug: 26669801] - ovl: during copy up, switch to mounters creds early (Vivek Goyal) [Orabug: 27052885] - ovl: lookup: do getxattr with mounters permission (Miklos Szeredi) [Orabug: 27052885] - ovl: get rid of the dead code left from broken (and disabled) optimizations (Al Viro) [Orabug: 27052885] - selinux: Implement dentry_create_files_as() hook (Vivek Goyal) [Orabug: 27052885] - security, overlayfs: Provide hook to correctly label newly created files (Vivek Goyal) [Orabug: 27052885] - selinux: Pass security pointer to determine_inode_label() (Vivek Goyal) [Orabug: 27052885] - selinux: Implementation for inode_copy_up_xattr() hook (Vivek Goyal) [Orabug: 27052885] - security,overlayfs: Provide security hook for copy up of xattrs for overlay file (Vivek Goyal) [Orabug: 27052885] - selinux: Implementation for inode_copy_up() hook (Vivek Goyal) [Orabug: 27052885] - security, overlayfs: provide copy up security hook for unioned files (Vivek Goyal) [Orabug: 27052885] - selinux: delay inode label lookup as long as possible (Paul Moore) [Orabug: 27052885] - selinux: Add accessor functions for inode->i_security (Andreas Gruenbacher) [Orabug: 27052885] - selinux: Create a common helper to determine an inode label [ver #3] (David Howells) [Orabug: 27052885] - KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27056291] - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27056291] - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27056291] - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27056291] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077793] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077793] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077793] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077793] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077793] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] - uek-rpm: add update-el-x86; fix-up ol6/update-el (Chuck Anderson) [Orabug: 26844981] - xscore: add dma address check (Zhu Yanjun) [Orabug: 26994454] - qla2xxx: Update driver version to 9.00.00.00.40.0-k (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix delayed response to command for loop mode/direct connect. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Use IOCB interface to submit non-critical MBX. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Add async new target notification (Quinn Tran) [Orabug: 26844197] - qla2xxx: Allow relogin to proceed if remote login did not finish (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix sess_lock & hardware_lock lock order problem. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix inadequate lock protection for ABTS. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix request queue corruption. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix memory leak for abts processing (Quinn Tran) [Orabug: 26844197] - scsi: qla2xxx: Fix ql_dump_buffer (Joe Perches) [Orabug: 26844197] - scsi: qla2xxx: Fix response queue count for Target mode. (Michael Hernandez) [Orabug: 26844197] - scsi: qla2xxx: Cleaned up queue configuration code. (Michael Hernandez) [Orabug: 26844197] - qla2xxx: Fix a warning reported by the 'smatch' static checker (Quinn Tran) [Orabug: 26844197] - qla2xxx: Simplify usage of SRB structure in driver (Bart Van Assche) [Orabug: 26844197] - qla2xxx: Simplify usage of SRB structure in driver (Joe Carnuccio) [Orabug: 26844197] - qla2xxx: Improve RSCN handling in driver (Quinn Tran) [Orabug: 26844197] - qla2xxx: Add framework for async fabric discovery (Quinn Tran) [Orabug: 26844197] - qla2xxx: Track I-T nexus as single fc_port struct (Quinn Tran) [Orabug: 26844197] - qla2xxx: introduce a private sess_kref (Christoph Hellwig) [Orabug: 26844197] - qla2xxx: Use d_id instead of s_id for more clarity (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix wrong argument in sp done callback (Quinn Tran) [Orabug: 26844197] - qla2xxx: Remove SRR code (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Cleanup TMF code translation from qla_target (Quinn Tran) [Orabug: 26844197] - qla2xxx: Disable out-of-order processing by default in firmware (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix erroneous invalid handle message (Quinn Tran) [Orabug: 26844197] - qla2xxx: Reduce exess wait during chip reset (Quinn Tran) [Orabug: 26844197] - qla2xxx: Terminate exchange if corrupted (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix crash due to null pointer access (Quinn Tran) [Orabug: 26844197] - qla2xxx: Collect additional information to debug fw dump (Quinn Tran) [Orabug: 26844197] - qla2xxx: Reset reserved field in firmware options to 0 (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Include ATIO queue in firmware dump when in target mode (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Fix wrong IOCB type assumption (Quinn Tran) [Orabug: 26844197] - qla2xxx: Add DebugFS node for target sess list. (Quinn Tran) [Orabug: 26844197] - tcm_qla2xxx: Convert to target_alloc_session usage (Nicholas Bellinger) [Orabug: 26844197] - qla2xxx: Use ATIO type to send correct tmr response (Swapnil Nagle) [Orabug: 26844197] - qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM (Quinn Tran) [Orabug: 26844197] - qla2xxx: Move atioq to a different lock to reduce lock contention (Quinn Tran) [Orabug: 26844197] - qla2xxx: Remove dependency on hardware_lock to reduce lock contention. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Wait for all conflicts before acking PLOGI (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: Delete session if initiator is gone from FW (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: Added interface to send explicit LOGO. (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Add FW resource count in DebugFS. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Enable Target counters in DebugFS. (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: terminate exchange when command is aborted by LIO (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: drop cmds/tmrs arrived while session is being deleted (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: disable scsi_transport_fc registration in target mode (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: added sess generations to detect RSCN update races (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: Abort stale cmds on qla_tgt_wq when plogi arrives (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: delay plogi/prli ack until existing sessions are deleted (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: cleanup cmd in qla workqueue before processing TMR (Swapnil Nagle) [Orabug: 26844197] - qla2xxx: Add flush after updating ATIOQ consumer index. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Enable target mode for ISP27XX (Himanshu Madhani) [Orabug: 26844197] [4.1.12-112.7.1] - x86/platform/uv: Fix kdump for UV (Kirtikar Kashyap) [Orabug: 27031280] - firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) [Orabug: 27045425] - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050237] {CVE-2017-12192} - NFS: Add static NFS I/O tracepoints (Chuck Lever) - Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052680] - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Adding support for SAS3616 HBA device (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Display chassis slot information of the drive (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Updated MPI headers to v2.00.48 (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Reduce memory footprint in kdump kernel (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fixed memory leaks in driver (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Processing of Cable Exception events (Sreekanth Reddy) [Orabug: 26894579] - storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044703] - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036905] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - uek-rpm: Update kernel-ueknanos provides list. (Somasundaram Krishnasamy) [Orabug: 27022769] - uek-rpm: Add more modules to ueknano for OL7 (Somasundaram Krishnasamy) [Orabug: 27015961] - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001687] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618} - dtrace: Add CTF archive to the UEK nano package (Tomas Jedlicka) [Orabug: 27039123] - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Dhaval Giani) [Orabug: 27037801] - thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 26763484] [4.1.12-112.6.1] - ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 26808507] - rds: Proper init/exit declaration for module init/exit function (Ka-Cheong Poon) [Orabug: 26937730] - rds: Remove .exit from struct rds_transport (Ka-Cheong Poon) [Orabug: 26937730] - smartpqi: update driver version (Don Brace) [Orabug: 26882397] - smartpqi: cleanup raid map warning message (Kevin Barnett) [Orabug: 26882397] - smartpqi: update controller ids (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: remove the smp_handler stub (Christoph Hellwig) [Orabug: 26882397] - scsi: smartpqi: change driver version to 1.1.2-125 (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: add in new controller ids (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: update kexec and power down support (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: cleanup doorbell register usage. (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: update pqi passthru ioctl (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: enhance BMIC cache flush (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: add pqi reset quiesce support (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: make pdev pointer names consistent (Kevin Barnett) [Orabug: 26882397] - udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921314] {CVE-2017-1000112} - be2net: fix TSO6/GSO issue causing TX-stall on Lancer/BEx (Suresh Reddy) [Orabug: 26928620] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011248] {CVE-2017-7542} - xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013239] - nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26929569] [4.1.12-112.5.1] - uek-rpm: Build kernel ueknano rpm for OL7 (Somasundaram Krishnasamy) [Orabug: 26803594] - uek/config: enable NVME SG_IO support by default (Shan Hai) [Orabug: 26981802] - nvme: report the scsi TUR state correctly (Shan Hai) [Orabug: 26981802] - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesnt parse nlmsg properly (Xin Long) [Orabug: 26988631] {CVE-2017-14489} - CVE-2016-10318 missing authorization check fscrypt_process_policy (Jack Vogel) [Orabug: 26989776] - ovl: fix get_acl() on tmpfs (Miklos Szeredi) [Orabug: 26975443] [4.1.12-112.2.1] - ixgbe: Initialize 64-bit stats seqcounts (Florian Fainelli) [Orabug: 26785078] - ixgbe: Disable flow control for XFI (Tony Nguyen) [Orabug: 26785078] - ixgbe: Do not support flow control autonegotiation for X553 (Tony Nguyen) [Orabug: 26785078] - ixgbe: Update NW_MNG_IF_SEL support for X553 (Tony Nguyen) [Orabug: 26785078] - ixgbe: Enable LASI interrupts for X552 devices (Tony Nguyen) [Orabug: 26785078] - ixgbe: Ensure MAC filter was added before setting MACVLAN (Tony Nguyen) [Orabug: 26785078] - ixgbe: pci_set_drvdata must be called before register_netdev (Jeff Mahoney) [Orabug: 26785078] - ixgbe: Resolve cppcheck format string warning (Tony Nguyen) [Orabug: 26785078] - ixgbe: fix writes to PFQDE (Emil Tantilov) [Orabug: 26785078] - ixgbevf: Bump version number (Tony Nguyen) [Orabug: 26785078] - ixgbe: Bump version number (Tony Nguyen) [Orabug: 26785078] - ixgbe: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785078] - ixgbe: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785078] - ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785078] - ixgbe: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785078] - net: better skb->sender_cpu and skb->napi_id cohabitation (Eric Dumazet) [Orabug: 26953388] [Orabug: 26591689] - uek-rpm: Clean up installed directories when uninstalling kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 26929773] - uek-rpm: Add missing ko modules to nano rpm (Somasundaram Krishnasamy) [Orabug: 26929773] - i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Jacob Keller) [Orabug: 26785018] - i40e: avoid NVM acquire deadlock during NVM update (Anjali Singhai Jain) [Orabug: 26785018] - i40e/i40evf: avoid dynamic ITR updates when polling or low packet rate (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: remove ULTRA latency mode (Jacob Keller) [Orabug: 26785018] - i40e: invert logic for checking incorrect cpu vs irq affinity (Jacob Keller) [Orabug: 26785018] - i40e: initialize our affinity_mask based on cpu_possible_mask (Jacob Keller) [Orabug: 26785018] - i40e: move enabling icr0 into i40e_update_enable_itr (Jacob Keller) [Orabug: 26785018] - i40e: remove workaround for resetting XPS (Jacob Keller) [Orabug: 26785018] - i40e: Fix for unused value issue found by static analysis (Carolyn Wyborny) [Orabug: 26785018] - i40e: 25G FEC status improvements (Mariusz Stachura) [Orabug: 26785018] - i40e: force VMDQ device name truncation (Jacob Keller) [Orabug: 26785018] - i40evf: fix possible snprintf truncation of q_vector->name (Jacob Keller) [Orabug: 26785018] - i40e: Use correct flag to enable egress traffic for unicast promisc (Akeem G Abodunrin) [Orabug: 26785018] - i40e: prevent snprintf format specifier truncation (Jacob Keller) [Orabug: 26785018] - i40e: Store the requested FEC information (Mariusz Stachura) [Orabug: 26785018] - i40e: Update state variable for adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: synchronize nvmupdate command and adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: prevent changing ITR if adaptive-rx/tx enabled (Alan Brady) [Orabug: 26785018] - i40evf: use netdev variable in reset task (Alan Brady) [Orabug: 26785018] - i40e: move check for avoiding VID=0 filters into i40e_vsi_add_vlan (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: use cmpxchg64 when updating private flags in ethtool (Jacob Keller) [Orabug: 26785018] - i40e: Detect ATR HW Evict NVM issue and disable the feature (Anjali Singhai Jain) [Orabug: 26785018] - i40e: Fix a bug with VMDq RSS queue allocation (Anjali Singhai Jain) [Orabug: 26785018] - i40evf: prevent VF close returning before state transitions to DOWN (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: Initialize 64-bit statistics TX ring seqcount (Florian Fainelli) [Orabug: 26785018] - i40e: handle setting administratively set MAC address back to zero (Stefan Assmann) [Orabug: 26785018] - i40evf: remove unnecessary __packed (Tushar Dave) [Orabug: 26785018] - i40evf: add some missing includes (Jesse Brandeburg) [Orabug: 26785018] - i40e: display correct UDP tunnel type name (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: remove mismatched type warnings (Jesse Brandeburg) [Orabug: 26785018] - i40e/i40evf: make IPv6 ATR code clearer (Jesse Brandeburg) [Orabug: 26785018] - i40e: fix odd formatting and indent (Jesse Brandeburg) [Orabug: 26785018] - i40e: fix up 32 bit timespec references (Jesse Brandeburg) [Orabug: 26785018] - i40e: Handle admin Q timeout when releasing NVM (Paul M Stillwell Jr) [Orabug: 26785018] - i40e: remove WQ_UNBOUND and the task limit of our workqueue (Jacob Keller) [Orabug: 26785018] - i40e: Fix for trace found with S4 state (Carolyn Wyborny) [Orabug: 26785018] - i40e: fix incorrect variable assignment (Gustavo A R Silva) [Orabug: 26785018] - i40e: dont hold RTNL lock for the entire reset (Jacob Keller) [Orabug: 26785018] - i40e: clear only cause_ena bit (Shannon Nelson) [Orabug: 26785018] - i40e: fix disabling overflow promiscuous mode (Alan Brady) [Orabug: 26785018] - i40e: Add support for OEM firmware version (Filip Sadowski) [Orabug: 26785018] - i40e: genericize the partition bandwidth control (Shannon Nelson) [Orabug: 26785018] - i40e: Add message for unsupported MFP mode (Carolyn Wyborny) [Orabug: 26785018] - i40e: Support firmware CEE DCB UP to TC map re-definition (Greg Bowers) [Orabug: 26785018] - i40e: Fix potential out of bound array access (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: comment that udp_port must be in host byte order (Jacob Keller) [Orabug: 26785018] - i40e: use dev_dbg instead of dev_info when warning about missing routine (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: update WOL and I40E_AQC_ADDR_VALID_MASK flags (Alice Michael) [Orabug: 26785018] - i40evf: assign num_active_queues inside i40evf_alloc_queues (Jacob Keller) [Orabug: 26785018] - i40e: Fix a sleep-in-atomic bug (Jia-Ju Bai) [Orabug: 26785018] - i40e: fix handling of HW ATR eviction (Jacob Keller) [Orabug: 26785018] - i40evf: update i40evf.txt with new content (Jesse Brandeburg) [Orabug: 26785018] - i40evf: Add support for Adaptive Virtual Function (Preethi Banala) [Orabug: 26785018] - i40evf: drop i40e_type.h include (Jesse Brandeburg) [Orabug: 26785018] - i40e: Check for memory allocation failure (Christophe Jaillet) [Orabug: 26785018] - i40e: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785018] - i40e: use pf data structure directly in i40e_ptp_rx_hang (Jacob Keller) [Orabug: 26785018] - i40e: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785018] - i40e: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785018] - i40e: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785018] - i40evf: disable unused flags (Jesse Brandeburg) [Orabug: 26785018] - i40evf: fix merge error in older patch (Jesse Brandeburg) [Orabug: 26785018] - i40evf: fix duplicate lines (Jesse Brandeburg) [Orabug: 26785018] - i40evf: hide unused variable (Arnd Bergmann) [Orabug: 26785018] - i40evf: allocate queues before we setup the interrupts and q_vectors (Jacob Keller) [Orabug: 26785018] - i40evf: remove I40E_FLAG_FDIR_ATR_ENABLED (Jacob Keller) [Orabug: 26785018] - i40e: remove hw_disabled_flags in favor of using separate flag bits (Jacob Keller) [Orabug: 26785018] - i40evf: remove needless min_t() on num_online_cpus()*2 (Jacob Keller) [Orabug: 26785018] - i40e: remove unnecessary msleep() delay in i40e_free_vfs (Jacob Keller) [Orabug: 26785018] - i40e: amortize wait time when disabling lots of VFs (Jacob Keller) [Orabug: 26785018] - i40e: Reprogram port offloads after reset (Alexander Duyck) [Orabug: 26785018] - i40e: rename index to port to avoid confusion (Jacob Keller) [Orabug: 26785018] - i40e: make use of i40e_reset_all_vfs when initializing new VFs (Jacob Keller) [Orabug: 26785018] - i40e: properly spell I40E_VF_STATE_* flags (Jacob Keller) [Orabug: 26785018] - i40e: use i40e_stop_rings_no_wait to implement PORT_SUSPENDED state (Jacob Keller) [Orabug: 26785018] - i40e: reset all VFs in parallel when rebuilding PF (Jacob Keller) [Orabug: 26785018] - i40e: split some code in i40e_reset_vf into helpers (Jacob Keller) [Orabug: 26785018] - i40e: remove I40E_FLAG_IN_NETPOLL entirely (Jacob Keller) [Orabug: 26785018] - i40e: reduce wait time for adminq command completion (Jacob Keller) [Orabug: 26785018] - i40e: fix CONFIG_BUSY checks in i40e_set_settings function (Jacob Keller) [Orabug: 26785018] - i40e: factor out queue control from i40e_vsi_control_(tx|rx) (Jacob Keller) [Orabug: 26785018] - i40e: dont hold RTNL lock while waiting for VF reset to finish (Jacob Keller) [Orabug: 26785018] - i40e: new AQ commands (Jingjing Wu) [Orabug: 26785018] - i40e/i40evf: Add tracepoints (Scott Peterson) [Orabug: 26785018] - i40evf: add client interface (Mitch Williams) [Orabug: 26785018] - i40e: dump VF information in debugfs (Mitch Williams) [Orabug: 26785018] - i40e: Fix support for flow director programming status (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Remove VF Rx csum offload for tunneled packets (alice michael) [Orabug: 26785018] - i40evf: Use net_device_stats from struct net_device (Tobias Klauser) [Orabug: 26785018] - i40e: clean up historic deprecated flag definitions (Jacob Keller) [Orabug: 26785018] - i40e: remove I40E_FLAG_NEED_LINK_UPDATE (Alice Michael) [Orabug: 26785018] - i40e: remove extraneous loop in i40e_vsi_wait_queues_disabled (Jacob Keller) [Orabug: 26785018] - i40e: Simplify i40e_detect_recover_hung_queue logic (Alan Brady) [Orabug: 26785018] - i40e: Decrease the scope of rtnl lock (Maciej Sosin) [Orabug: 26785018] - i40e: Swap use of pf->flags and pf->hw_disabled_flags for ATR Eviction (Alexander Duyck) [Orabug: 26785018] - i40e: update error message when trying to add invalid filters (Jacob Keller) [Orabug: 26785018] - i40e: only register client on iWarp-capable devices (Mitch Williams) [Orabug: 26785018] - i40e: close client on remove and shutdown (Mitch Williams) [Orabug: 26785018] - i40e: register existing client on probe (Mitch Williams) [Orabug: 26785018] - i40e: remove client instance on driver unload (Mitch Williams) [Orabug: 26785018] - i40e: fix for queue timing delays (Wyborny, Carolyn) [Orabug: 26785018] - i40e/i40evf: Change the way we limit the maximum frame size for Rx (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Add legacy-rx private flag to allow fallback to old Rx flow (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Pull code for grabbing and syncing rx_buffer from fetch_buffer (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26785018] - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943864] [4.1.12-112.1.0] - x86/mm/64: Enable SWIOTLB if system has SRAT memory regions above MAX_DMA32_PFN (Igor Mammedov) [Orabug: 26754302] - x86/mm: Introduce max_possible_pfn (Igor Mammedov) [Orabug: 26754302] - dtrace lockstat provider probes (Alan Maguire) [Orabug: 26149674] [Orabug: 26149956] - rds: RDS diagnostics when connections are stuck in Receiver Not Ready state. (hui.han) - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26673877] {CVE-2017-10661} - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26540118] {CVE-2017-7541} - crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 25882988] {CVE-2017-7618} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883325] - selftests/memfd: add memfd_create hugetlbfs selftest (Mike Kravetz) [Orabug: 26768367] - mm/shmem: add hugetlbfs support to memfd_create() (Mike Kravetz) [Orabug: 26768367] - mm: shm: use new hugetlb size encoding definitions (Mike Kravetz) [Orabug: 26768367] - mm: arch: consolidate mmap hugetlb size encodings (Mike Kravetz) [Orabug: 26768367] - uapi/Kbuild: add new header file hugetlb_encode.h (Mike Kravetz) [Orabug: 26768367] - mm: hugetlb: define system call hugetlb size encodings in single file (Mike Kravetz) [Orabug: 26768367] - RDS: IB: Change the proxy qps path_mtu to IB_MTU_256 (Avinash Repaka) [Orabug: 26864694] - devpts: clean up interface to pty drivers (Linus Torvalds) [Orabug: 26743034] - tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26646104] - kvm: nVMX: Dont allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154} - dtrace: ensure SDT stub function returns 0 (Kris Van Hees) [Orabug: 26909775] - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26796038] {CVE-2017-14106} - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY (Sabrina Dubroca) [Orabug: 25959303] - rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26376434] {CVE-2017-7482} {CVE-2017-7482} - xen: dont print error message in case of missing Xenstore entry (Juergen Gross) [Orabug: 26841566] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26526968] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26526923] - rds: Fix non-atomic operation on shared flag variable (Hakon Bugge) [Orabug: 26842076] - rds: Fix incorrect statistics counting (Hakon Bugge) [Orabug: 26847583] - i40e: use cpumask_copy instead of direct assignment (Jacob Keller) [Orabug: 26822609] - mm: thp: set THP defrag by default to madvise and add a stall-free defrag option (Mel Gorman) [Orabug: 26587019] - crypto: testmgr - Set struct aead_testvec iv member size to MAX_IVLEN (Somasundaram Krishnasamy) [Orabug: 25925256] - SPEC: remove ctf.ko from ueknano modules list (Nick Alcock) [Orabug: 25815362] - SPEC: generate CTF when DTrace is enabled. (Nick Alcock) [Orabug: 25815362] - SPEC: bump libdtrace-ctf requirement to 0.7+. (Nick Alcock) [Orabug: 25815362] - Documentation: add watermark_scale_factor to the list of vm systcl file (Jerome Marchand) [Orabug: 26643957] - mm: scale kswapd watermarks in proportion to memory (Johannes Weiner) [Orabug: 26643957] - ctf: delete the deduplication blacklist (Nick Alcock) [Orabug: 26765112] - ctf: automate away the deduplication blacklist (Nick Alcock) [Orabug: 26765112] - ctf: drop CONFIG_DT_DISABLE_CTF, ctf.ko, and all that it implies (Nick Alcock) [Orabug: 25815362] - ctf: do not allow dwarf2ctf to run as root (Nick Alcock) [Orabug: 25815362] - ctf: decouple CTF building from the kernel build (Nick Alcock) [Orabug: 25815362] - ctf: handle the bit_offset in members with a DW_FORM_block data_member_location (Nick Alcock) [Orabug: 26387109] - ctf: handle DW_AT_specification (Nick Alcock) [Orabug: 26386100] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10318