Oracle Errata System Oracle Linux 5.3 2020-12-15T00:00:00 Oracle Linux 7 [68.4.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.4.1-1] - Update to 68.4.1esr build1 - Update to 68.4.0esr build1 - Fix for wrong intl.accept_lang when using non en-us langpack CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17024 CVE-2019-17022 CVE-2019-17016 CVE-2019-17017 CVE-2019-17026 Oracle Linux 6 [68.4.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17024 CVE-2019-17026 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 Oracle Linux 8 [68.4.1-1.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.4.1-1] - Update to 68.4.1esr build1 - Update to 68.4.0esr build1 - Fix for wrong intl.accept_lang when using non en-us langpack CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17022 CVE-2019-17016 CVE-2019-17017 CVE-2019-17024 CVE-2019-17026 Oracle Linux 7 [68.4.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17022 CVE-2019-17024 CVE-2019-17016 CVE-2019-17017 CVE-2019-17026 Oracle Linux 7 [1:11.0.6.10-1.0.1] - link atomic for ix86 build [1:11.0.6.10-1] - Add JDK-8236039 backport to resolve OpenShift blocker - Resolves: rhbz#1785753 [1:11.0.6.10-0] - Update to shenandoah-jdk-11.0.6+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1785753 [1:11.0.6.1-0.1.ea] - Update to shenandoah-jdk-11.0.6+1 (EA) - Switch to EA mode for 11.0.6 pre-release builds. - Add support for jfr binary. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2604 CVE-2020-2655 CVE-2020-2654 CVE-2020-2583 CVE-2020-2590 CVE-2020-2601 CVE-2020-2593 Oracle Linux 6 [68.4.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17017 CVE-2019-17024 CVE-2019-17026 CVE-2019-17016 CVE-2019-17022 Oracle Linux 7 [1.8.3.1-21] - Fix CVE-2019-1387 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-1387 Oracle Linux 8 [68.4.1-2.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17022 CVE-2019-17017 CVE-2019-17016 CVE-2019-17026 CVE-2019-17024 Oracle Linux 8 [1:11.0.6.10-1] - Update to shenandoah-jdk-11.0.6+10 (GA) - Switch to GA mode for final release. - Add JDK-8236039 backport to resolve OpenShift blocker - Resolves: rhbz#1785753 [1:11.0.6.1-0.0.ea] - Update to shenandoah-jdk-11.0.6+1 (EA) - Switch to EA mode for 11.0.6 pre-release builds. - Add support for jfr binary. - Drop JDK-8230923 now applied upstream. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2583 CVE-2020-2655 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 Oracle Linux 8 [102-2.0.1.el8_1] - support OL release scheme [3.0.102-2] - Fix prebuilts leaking into the final build - Fix regressions in binary hardering - Resolves: RHBZ#1788171 [3.0.102-1] - Update to .NET Core Runtime 3.0.2 and SDK 3.0.102 - Resolves: RHBZ#1788171 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-0602 CVE-2020-0603 Oracle Linux 6 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-3] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-2] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2590 CVE-2020-2604 CVE-2020-2601 CVE-2020-2593 CVE-2020-2659 CVE-2020-2583 CVE-2020-2654 Oracle Linux 7 [1.8.3-15] - Fix CVE-2014-0114 - Fix CVE-2019-10086 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-10086 Oracle Linux 7 [2.5-9.el7_7.1] - Do not eval strings passed to toColor - Resolves: #1788552 [2.5-9] - Mass rebuild 2014-01-24 [2.5-8] - Mass rebuild 2013-12-27 [2.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.5-6] - Add a dep on python-imaging to process images [2.5-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.5-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.5-2] - Update to version 2.5 of reportlab. - Remove tabs in specfile. [2.3-3] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.3-2] - Do not bundle fonts - Point the config to Fedora's font locations [2.3-1] - Updated to 2.3 - New version is no longer noarch. [2.1-6] - Rebuild for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.1-4] - Fix locations for Python 2.6 [2.1-3] - Rebuild for Python 2.6 [2.1-2] - Remove luxi font. (#427845) - Add patch to not search for the luxi font. [2.1-1] - Update to 2.1. [2.0-2] - Make docs subpackage. [2.0-1] - Update to 2.0. [1.21.1-2] - Rebuild against new python. [1.21.1-1] - Update to 1.20.1. [1.20-5] - rebuilt for new gcc4.1 snapshot and glibc changes [1.20-4] - Add dist tag. (#176479) [1.20-3.fc4] - Switchback to sitelib patch. - Make package noarch. [1.20-2.fc4] - Use python_sitearch to fix x86_64 build. [1.20-1.fc4] - Rebuild for Python 2.4. - Update to 1.20. - Switch to the new python macros for python-abi - Add dist tag. [0:1.19-0.fdr.2] - Removed ghosts. [0:1.19-0.fdr.1] - Initial Fedora RPM build. IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 Oracle Linux 7 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b06 (EA) - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b02. - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.1.ea] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-1] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2590 CVE-2020-2604 CVE-2020-2654 CVE-2020-2583 CVE-2020-2659 CVE-2020-2601 CVE-2020-2593 Oracle Linux 6 [2.3-3.el6_10.1] - Do not eval strings passed to toColor - Resolves: #1788551 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 Oracle Linux 6 [2.0.0-4] - Fix a heap-based buffer overflow vulnerability leading to remote code execution, CVE-2019-5544 Resolves: #1788447 CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-5544 Oracle Linux 8 [3.4.0-6.el8_1_0.2] - Fix Requires for doc subpackage - Resolves: #1788556 [3.4.0-6.el8_1_0.1] - Do not eval strings passed to toColor - Resolves: #1788555 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 Oracle Linux 8 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-4] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-3] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2601 CVE-2020-2659 CVE-2020-2604 CVE-2020-2590 CVE-2020-2593 CVE-2020-2583 CVE-2020-2654 Oracle Linux 7 [3.1.2-14] - Fix patch application error [3.1.2-13] - Fix CVE-2019-18408: RAR use-after-free IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18408 Oracle Linux 7 [3.7.17-8.1] - Fixes for CVE-2019-13734 (#1786505) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-13734 Oracle Linux 7 [2.3.1-2] - Fix CVE-2020-6851 resolves: #1790586 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6851 Oracle Linux 8 [3.3.2-8] - Fix CVE-2019-18408: RAR use-after-free IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18408 Oracle Linux 8 [3.26.0-4] - Fixed CVE-2019-13734 (#1786508) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-13734 Oracle Linux 8 [2.3.1-2] - Fix CVE-2020-6851 (#1790589) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6851 Oracle Linux 8 hivex libguestfs [1:1.38.4-14.0.1] - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.38.4-14] - v2v: use -T as argument of scp when copying vmx files via ssh resolves: rhbz#1738886 * Fri Jun 28 2019 Danilo de Paula <ddepaula@redhat.com> - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1:1.38.4-12] - v2v: update nbdkit information in documentation resolves: rhbz#1651115 - v2v: use proper SELinux label for nbdkit sockets resolves: rhbz#1717088 libguestfs-winsupport [8.0-4] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) libiscsi [1.18.0-8] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.18.0-7.el8] - libiscsi-redhat-Remove-disable-werror-from-spec-file.patch [bz#1581025] - Resolves: bz#1581025 (Remove --disable-werror from spec file) [-] - libiscsi-fix-connection-to-LUN-with-IPv6-address.patch [bz#1597942] - Resolves: bz#1597942 (Qemu-kvm fails to connect to iscsi LUN by IPV6 address) [1.18.0-5.el8] - libiscsi-iser_rcv_completion-unify-error-handling.patch [bz#1634541] - libiscsi-iser-fix-posting-of-receive-descriptors.patch [bz#1634541] - libiscsi-sync-remove-unnecessary-checks.patch [bz#1634541] - libiscsi-do-not-warn-for-strncpy.patch [bz#1634541] - libiscsi-avoid-fallthrough.patch [bz#1634541] - libiscsi-avoid-truncation-when-logging-message-that-includes-.patch [bz#1634541] - Resolves: bz#1634541 (Fix important coverity issues (libiscsi)) [1.18.0-4.el8] - Fixed a build issue with the latest rdma-core [1.18.0-2] - Fix rdma deps and don't restrict archs - Add --disable-werror to fix gcc8 build (bz #1556044) - Spec file cleanups (bz #1483290) [1.18.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.18.0-1] - Rebased to version 1.18.0 - Added patch to fix gcc7 warnings [1.15.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.15.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.15.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.15.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.15.0-1] - Rebased to version 1.15.0 - Removed patch 20 as it has been upstreamed - Disabled patch 12 as need for revised one is in question - Updated patch 13 to current tree - New tool iscsi-perf [1.11.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.11.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.11.0-1] - Rebased to version 1.11.0 - Most patches removed - New tool iscsi-swp + manpages [1.9.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.9.0-5] - Rebuild for new libgcrypt [1.9.0-4] - Cleaned up patches 18/19 to match upstream more closely [1.9.0-3] - Improved patch 18 to cover write side too [1.9.0-2] - Add patch 18 to fix QEMU's scsi-generic mode [1.9.0-1] - Rebase to 1.9.0 - Cherry-pick selected patches from upstream [1.7.0-6] - Add patch 5 to silence strict aliasing warnings [1.7.0-5] - Add patch 4 to enable installing of iscsi-test binary [1.7.0-4] - Add patch 2 for FIPS mode - Add patch 3 to avoid segmentation fault on iscsi-tools [1.7.0-3] - Correct license for libiscsi-utils, prefer %global to %define - Add Requires - Remove percent-clean section [1.7.0-2] - Use percent-config for ld.so.conf.d file. [1.7.0-1] - Initial version (bug 914752) libvirt [4.5.0-35.2.0.1.el8] - added librbd1 as dependency (Keshav Sharma) [4.5.0-35.2.el8] - cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135) - cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135) [4.5.0-35.1.el8] - cpu_conf: Pass policy to CPU feature filtering callbacks (rhbz#1775133, rhbz#1775134, rhbz#1775137) - qemuxml2*test: Add tests for Icelake-Server, -pconfig (rhbz#1775133, rhbz#1775134, rhbz#1775137) - qemu: Drop disabled CPU features unknown to QEMU (rhbz#1775133, rhbz#1775134, rhbz#1775137) - cputest: Add data for Ice Lake Server CPU (rhbz#1775133, rhbz#1775134, rhbz#1775137) - cpu_map: Drop pconfig from Icelake-Server CPU model (rhbz#1775133, rhbz#1775134, rhbz#1775137) - qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal (rhbz#1775133, rhbz#1775134, rhbz#1775137) [4.5.0-35] - vircgroupv2: fix setting cpu.max period (rhbz#1749227) [4.5.0-34] - vircgroupv2: fix abort in VIR_AUTOFREE (rhbz#1747440) [4.5.0-33] - vircgroupv2: fix parsing multiple values in single file (rhbz#1741825) - vircgroupv2: fix virCgroupV2GetCpuCfsQuota for 'max' value (rhbz#1741837) [4.5.0-32] - virDomainObjListAddLocked: Produce better error message than 'Duplicate key' (rhbz#1737790) - virdbus: Grab a ref as long as the while loop is executed (rhbz#1741900) [4.5.0-31] - virDomainObjListAddLocked: fix double free (rhbz#1728530) - docs: schemas: Decouple the virtio options from each other (rhbz#1729675) - util: command: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434) - util: command: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1721434) - util: netdevopenvswitch: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434) - util: virnetdevopenvswitch: Drop an unused variable @ovs_timeout (rhbz#1721434) - util: netdevopenvswitch: use VIR_AUTOPTR for aggregate types (rhbz#1721434) - util: suppress unimportant ovs-vsctl errors when getting interface stats (rhbz#1721434) - virNetDevOpenvswitchInterfaceStats: Optimize for speed (rhbz#1721434) - test: Introduce virnetdevopenvswitchtest (rhbz#1721434) - vircommand: Separate mass FD closing into a function (rhbz#1721434) - virCommand: use procfs to learn opened FDs (rhbz#1721434) - util: command: Ignore bitmap errors when enumerating file descriptors to close (rhbz#1721434) - util: Avoid possible error in virCommandMassClose (rhbz#1721434) - vircgroup: fix cgroups v2 controllers detection (rhbz#1689297) - vircgroupv2: store enabled controllers (rhbz#1689297) [4.5.0-30] - virWaitForDevices: Drop confusing part of comment (rhbz#1710575) - lib: Drop UDEVSETTLE (rhbz#1710575) - m4: Provide default value fore UDEVADM (rhbz#1710575) - m4: Drop needless string checks (rhbz#1710575) - util: vircgroup: introduce virCgroup(Get|Set)ValueRaw (rhbz#1658890) - util: vircgroup: move virCgroupGetValueStr out of virCgroupGetValueForBlkDev (rhbz#1658890) - util: vircgroupv1: add support for BFQ blkio files (rhbz#1658890) - util: vircgroupv2: add support for BFQ files (rhbz#1658890) - Handle copying bitmaps to larger data buffers (rhbz#1703160) [4.5.0-29] - cpu: allow include files for CPU definition (rhbz#1686895) - cpu: fix cleanup when signature parsing fails (rhbz#1686895) - cpu: push more parsing logic into common code (rhbz#1686895) - cpu: simplify failure cleanup paths (rhbz#1686895) - cpu_map: Add support for arch-capabilities feature (rhbz#1693433) - cputest: Add data for Intel(R) Xeon(R) CPU E5-2630 v4 (rhbz#1686895) - cputest: Add data for Intel(R) Core(TM) i7-7600U (rhbz#1686895) - cputest: Add data for Intel(R) Xeon(R) CPU E7540 (rhbz#1686895) - cputest: Add data for Intel(R) Xeon(R) CPU E5-2650 (rhbz#1686895) - cputest: Add data for Intel(R) Core(TM) i7-8700 (rhbz#1686895) - cpu_x86: Separate ancestor model parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Separate signature parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Separate vendor parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Separate feature list parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Make sure CPU model names are unique in cpu_map (rhbz#1686895) - cpu_x86: Add x86ModelCopySignatures helper (rhbz#1686895) - cpu_x86: Store CPU signature in an array (rhbz#1686895) - cpu_x86: Allow multiple signatures for a CPU model (rhbz#1686895) - cpu_x86: Log decoded CPU model and signatures (rhbz#1686895) - qemu_capabilities: Inroduce virQEMUCapsGetCPUModelX86Data (rhbz#1686895) - qemu_capabilities: Introduce virQEMUCapsGetCPUModelInfo (rhbz#1686895) - qemu_capabilities: Use virQEMUCapsGetCPUModelInfo (rhbz#1686895) - cpu_x86: Add virCPUx86DataGetSignature for tests (rhbz#1686895) - cpu_map: Add hex representation of signatures (rhbz#1686895) - cputest: Test CPU signatures (rhbz#1686895) - cpu_map: Add more signatures for Conroe CPU model (rhbz#1686895) - cpu_map: Add more signatures for Penryn CPU model (rhbz#1686895) - cpu_map: Add more signatures for Nehalem CPU models (rhbz#1686895) - cpu_map: Add more signatures for Westmere CPU model (rhbz#1686895) - cpu_map: Add more signatures for SandyBridge CPU models (rhbz#1686895) - cpu_map: Add more signatures for IvyBridge CPU models (rhbz#1686895) - cpu_map: Add more signatures for Haswell CPU models (rhbz#1686895) - cpu_map: Add more signatures for Broadwell CPU models (rhbz#1686895) - cpu_map: Add more signatures for Skylake-Client CPU models (rhbz#1686895) - cpu: Don't access invalid memory in virCPUx86Translate (rhbz#1686895) - cpu_x86: Require <cpuid> within <feature> in CPU map (rhbz#1697627) - cputest: Add data for Intel(R) Xeon(R) Platinum 8268 CPU (rhbz#1693433) - cpu_map: Add Cascadelake-Server CPU model (rhbz#1693433) - cpu_x86: Introduce virCPUx86DataItem container struct (rhbz#1697627) - cpu_x86: Rename virCPUx86Vendor.cpuid (rhbz#1697627) - cpu_x86: Rename virCPUx86DataItem variables (rhbz#1697627) - cpu_x86: Rename x86DataCpuidNext function (rhbz#1697627) - cpu_x86: Rename x86DataCpuid (rhbz#1697627) - cpu_x86: Rename virCPUx86CPUIDSorter (rhbz#1697627) - cpu_x86: Rename virCPUx86DataAddCPUIDInt (rhbz#1697627) - cpu_x86: Rename virCPUx86DataAddCPUID (rhbz#1697627) - cpu_x86: Rename virCPUx86VendorToCPUID (rhbz#1697627) - cpu_x86: Simplify x86DataAdd (rhbz#1697627) - cpu_x86: Introduce virCPUx86DataCmp (rhbz#1697627) - cpu_x86: Make x86cpuidSetBits more general (rhbz#1697627) - cpu_x86: Make x86cpuidClearBits more general (rhbz#1697627) - cpu_x86: Make x86cpuidAndBits more general (rhbz#1697627) - cpu_x86: Make x86cpuidMatchMasked more general (rhbz#1697627) - cpu_x86: Make x86cpuidMatch more general (rhbz#1697627) - cpu_x86: Store virCPUx86DataItem content in union (rhbz#1697627) - cpu_x86: Add support for storing MSR features in CPU map (rhbz#1697627) - cpu_x86: Move *CheckFeature functions (rhbz#1697627) - cputest: Add support for MSR features to cpu-parse.sh (rhbz#1697627) - util: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically (rhbz#1697627) - vircpuhost: Add support for reading MSRs (rhbz#1697627) - virhostcpu: Make virHostCPUGetMSR() work only on x86 (rhbz#1697627) - cpu_x86: Fix placement of *CheckFeature functions (rhbz#1697627) - cpu_conf: Introduce virCPUDefFilterFeatures (rhbz#1697627) - qemu_command: Use consistent syntax for CPU features (rhbz#1697627) - tests: Add QEMU caps data for future 4.1.0 (rhbz#1697627) - tests: Add domain capabilities case for QEMU 4.1.0 (rhbz#1697627) - qemuxml2argvtest: Add test for CPU features translation (rhbz#1697627) - qemu: Add APIs for translating CPU features (rhbz#1697627) - qemu: Probe for max-x86_64-cpu type (rhbz#1697627) - qemu: Probe for 'unavailable-features' CPU property (rhbz#1697627) - qemu: Probe host CPU after capabilities (rhbz#1697627) - qemu_command: Use canonical names of CPU features (rhbz#1697627) - qemu: Translate feature names from query-cpu-model-expansion (rhbz#1697627) - qemu: Don't use full CPU model expansion (rhbz#1697627) - qemu: Make qemuMonitorGetGuestCPU usable on x86 only (rhbz#1697627) - cpu: Introduce virCPUDataAddFeature (rhbz#1697627) - qemu: Add type filter to qemuMonitorJSONParsePropsList (rhbz#1697627) - util: string: Introduce macro for automatic string lists (rhbz#1697627) - util: json: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1697627) - qemu: Introduce generic qemuMonitorGetGuestCPU (rhbz#1697627) - qemu_process: Prefer generic qemuMonitorGetGuestCPU (rhbz#1697627) - util: Rework virStringListAdd (rhbz#1697627) - conf: Introduce virCPUDefCheckFeatures (rhbz#1697627) - cpu_x86: Turn virCPUx86DataIteratorInit into a function (rhbz#1697627) - cpu_x86: Introduce virCPUx86FeatureFilter*MSR (rhbz#1697627) - cpu_x86: Read CPU features from IA32_ARCH_CAPABILITIES MSR (rhbz#1697627) - cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features (rhbz#1697627) - qemu: Forbid MSR features with old QEMU (rhbz#1697627) - qemu: Drop MSR features from host-model with old QEMU (rhbz#1697627) - cpu_x86: Fix memory leak - virCPUx86GetHost (rhbz#1697627) - qemu: Use @tmpChr in qemuDomainDetachChrDevice to build device string (rhbz#1624204) - qemu: Drop 'user-' prefix for guestfwd netdev (rhbz#1624204) - qemu_hotplug: Attach guestfwd using netdev_add (rhbz#1624204) - qemu_hotplug: Detach guestfwd using netdev_del (rhbz#1624204) - qemuhotplugtest: Test guestfwd attach and detach (rhbz#1624204) - daemon: Register secret driver before storage driver (rhbz#1685151) - bhyve: Move autostarting of domains into bhyveStateInitialize (rhbz#1685151) - Revert 'virStateDriver - Separate AutoStart from Initialize' (rhbz#1685151) - Revert 'Separate out StateAutoStart from StateInitialize' (rhbz#1685151) - util: moving 'type' argument to avoid issues with mount() syscall. (rhbz#1689297) - util: cgroup: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1689297) - vircgroup: Rename structs to start with underscore (rhbz#1689297) - vircgroup: Introduce standard set of typedefs and use them (rhbz#1689297) - vircgroup: Extract file link resolving into separate function (rhbz#1689297) - vircgroup: Remove unused function virCgroupKill() (rhbz#1689297) - vircgroup: Unexport unused function virCgroupAddTaskController() (rhbz#1689297) - vircgroup: Unexport unused function virCgroupRemoveRecursively (rhbz#1689297) - vircgroup: Move function used in tests into vircgrouppriv.h (rhbz#1689297) - vircgroup: Remove pointless bool parameter (rhbz#1689297) - vircgroup: Extract mount options matching into function (rhbz#1689297) - vircgroup: Use virCgroupMountOptsMatchController in virCgroupDetectPlacement (rhbz#1689297) - vircgroup: Introduce virCgroupEnableMissingControllers (rhbz#1689297) - vircgroup: machinename will never be NULL (rhbz#1689297) - vircgroup: Remove virCgroupAddTaskController (rhbz#1689297) - vircgroup: Introduce virCgroupGetMemoryStat (rhbz#1689297) - lxc: Use virCgroupGetMemoryStat (rhbz#1689297) - vircgroup: fix MinGW build (rhbz#1689297) - vircgroup: Duplicate string before modifying (rhbz#1689297) - vircgroup: Extract controller detection into function (rhbz#1689297) - vircgroup: Extract placement validation into function (rhbz#1689297) - vircgroup: Split virCgroupPathOfController into two functions (rhbz#1689297) - vircgroup: Call virCgroupRemove inside virCgroupMakeGroup (rhbz#1689297) - vircgroup: Simplify if conditions in virCgroupMakeGroup (rhbz#1689297) - vircgroup: Remove obsolete sa_assert (rhbz#1689297) - tests: Resolve possible overrun (rhbz#1689297) - vircgroup: cleanup controllers not managed by systemd on error (rhbz#1689297) - vircgroup: fix bug in virCgroupEnableMissingControllers (rhbz#1689297) - vircgroup: rename virCgroupAdd.*Task to virCgroupAdd.*Process (rhbz#1689297) - vircgroup: introduce virCgroupTaskFlags (rhbz#1689297) - vircgroup: introduce virCgroupAddThread (rhbz#1689297) - vircgroupmock: cleanup unused cgroup files (rhbz#1689297) - vircgroupmock: rewrite cgroup fopen mocking (rhbz#1689297) - vircgrouptest: call virCgroupDetectMounts directly (rhbz#1689297) - vircgrouptest: call virCgroupNewSelf instead virCgroupDetectMounts (rhbz#1689297) - util: introduce vircgroupbackend files (rhbz#1689297) - vircgroup: introduce cgroup v1 backend files (rhbz#1689297) - vircgroup: extract virCgroupV1Available (rhbz#1689297) - vircgroup: detect available backend for cgroup (rhbz#1689297) - vircgroup: extract virCgroupV1ValidateMachineGroup (rhbz#1689297) - vircgroup: extract virCgroupV1CopyMounts (rhbz#1689297) - vircgroup: extract v1 detect functions (rhbz#1689297) - vircgroup: extract virCgroupV1CopyPlacement (rhbz#1689297) - vircgroup: extract virCgroupV1ValidatePlacement (rhbz#1689297) - vircgroup: extract virCgroupV1StealPlacement (rhbz#1689297) - vircgroup: extract virCgroupV1DetectControllers (rhbz#1689297) - vircgroup: extract virCgroupV1HasController (rhbz#1689297) - vircgroup: extract virCgroupV1GetAnyController (rhbz#1689297) - vircgroup: extract virCgroupV1PathOfController (rhbz#1689297) - vircgroup: extract virCgroupV1MakeGroup (rhbz#1689297) - vircgroup: extract virCgroupV1Remove (rhbz#1689297) - vircgroup: extract virCgroupV1AddTask (rhbz#1689297) - vircgroup: extract virCgroupV1HasEmptyTasks (rhbz#1689297) - vircgroup: extract virCgroupV1BindMount (rhbz#1689297) - vircgroup: extract virCgroupV1SetOwner (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioWeight (rhbz#1689297) - vircgroup: extract virCgroupV1GetBlkioIoServiced (rhbz#1689297) - vircgroup: extract virCgroupV1GetBlkioIoDeviceServiced (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWeight (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadIops (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteIops (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadBps (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteBps (rhbz#1689297) - vircgroup: extract virCgroupV1SetMemory (rhbz#1689297) - vircgroup: extract virCgroupV1GetMemoryStat (rhbz#1689297) - vircgroup: extract virCgroupV1GetMemoryUsage (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)Memory*Limit (rhbz#1689297) - vircgroup: extract virCgroupV1GetMemSwapUsage (rhbz#1689297) - vircgroup: extract virCgroupV1(Allow|Deny)Device (rhbz#1689297) - vircgroup: extract virCgroupV1(Allow|Deny)AllDevices (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpuShares (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpuCfsPeriod (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpuCfsQuota (rhbz#1689297) - vircgroup: extract virCgroupV1SupportsCpuBW (rhbz#1689297) - vircgroup: extract virCgroupV1GetCpuacct*Usage (rhbz#1689297) - vircgroup: extract virCgroupV1GetCpuacctStat (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)FreezerState (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpusetMems (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpusetMemoryMigrate (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpusetCpus (rhbz#1689297) - vircgroup: rename virCgroupController into virCgroupV1Controller (rhbz#1689297) - vircgroup: rename controllers to legacy (rhbz#1689297) - vircgroup: remove VIR_CGROUP_SUPPORTED (rhbz#1689297) - vircgroup: include system headers only on linux (rhbz#1689297) - vircgroupv1: fix build on non-linux OSes (rhbz#1689297) - Revert 'vircgroup: cleanup controllers not managed by systemd on error' (rhbz#1689297) - util: introduce cgroup v2 files (rhbz#1689297) - vircgroup: introduce virCgroupV2Available (rhbz#1689297) - vircgroup: introduce virCgroupV2ValidateMachineGroup (rhbz#1689297) - vircgroup: introduce virCgroupV2CopyMounts (rhbz#1689297) - vircgroup: introduce virCgroupV2CopyPlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2DetectMounts (rhbz#1689297) - vircgroup: introduce virCgroupV2DetectPlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2ValidatePlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2StealPlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2DetectControllers (rhbz#1689297) - vircgroup: introduce virCgroupV2HasController (rhbz#1689297) - vircgroup: introduce virCgroupV2GetAnyController (rhbz#1689297) - vircgroup: introduce virCgroupV2PathOfController (rhbz#1689297) - vircgroup: introduce virCgroupV2MakeGroup (rhbz#1689297) - vircgroup: introduce virCgroupV2Remove (rhbz#1689297) - vircgroup: introduce virCgroupV2AddTask (rhbz#1689297) - vircgroup: introduce virCgroupV2HasEmptyTasks (rhbz#1689297) - vircgroup: introduce virCgroupV2BindMount (rhbz#1689297) - vircgroup: introduce virCgroupV2SetOwner (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioWeight (rhbz#1689297) - vircgroup: introduce virCgroupV2GetBlkioIoServiced (rhbz#1689297) - vircgroup: introduce virCgroupV2GetBlkioIoDeviceServiced (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWeight (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadIops (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteIops (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadBps (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteBps (rhbz#1689297) - vircgroup: introduce virCgroupV2SetMemory (rhbz#1689297) - vircgroup: introduce virCgroupV2GetMemoryStat (rhbz#1689297) - vircgroup: introduce virCgroupV2GetMemoryUsage (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)MemoryHardLimit (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)MemorySoftLimit (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)MemSwapHardLimit (rhbz#1689297) - vircgroup: introduce virCgroupV2GetMemSwapUsage (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)CpuShares (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)CpuCfsPeriod (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)CpuCfsQuota (rhbz#1689297) - vircgroup: introduce virCgroupV2SupportsCpuBW (rhbz#1689297) - vircgroup: introduce virCgroupV2GetCpuacctUsage (rhbz#1689297) - vircgroup: introduce virCgroupV2GetCpuacctStat (rhbz#1689297) - vircgroup: register cgroup v2 backend (rhbz#1689297) - vircgroup: add support for hybrid configuration (rhbz#1689297) - vircgroupmock: change cgroup prefix (rhbz#1689297) - vircgroupmock: add support to test cgroup v2 (rhbz#1689297) - vircgrouptest: introduce initFakeFS and cleanupFakeFS helpers (rhbz#1689297) - vircgrouptest: prepare testCgroupDetectMounts for cgroup v2 (rhbz#1689297) - vircgrouptest: add detect mounts test for cgroup v2 (rhbz#1689297) - vircgrouptest: add detect mounts test for hybrid cgroups (rhbz#1689297) - vircgrouptest: prepare validateCgroup for cgroupv2 (rhbz#1689297) - vircgrouptest: add cgroup v2 tests (rhbz#1689297) - vircgrouptest: add hybrid tests (rhbz#1689297) - virt-host-validate: rewrite cgroup detection to use util/vircgroup (rhbz#1689297) - virt-host-validate: require freezer for LXC (rhbz#1689297) - virt-host-validate: Fix build on non-Linux (rhbz#1689297) - tests: Use correct function name in error path (rhbz#1689297) - util: Fix virCgroupGetMemoryStat (rhbz#1689297) - tests: Augment vcgrouptest to add virCgroupGetMemoryStat (rhbz#1689297) - vircgroup: introduce virCgroupKillRecursiveCB (rhbz#1689297) - vircgroupv2: fix virCgroupV2ValidateMachineGroup (rhbz#1689297) - util: implement virCgroupV2(Set|Get)CpusetMems (rhbz#1689297) - util: implement virCgroupV2(Set|Get)CpusetMemoryMigrate (rhbz#1689297) - util: implement virCgroupV2(Set|Get)CpusetCpus (rhbz#1689297) - util: enable cgroups v2 cpuset controller for threads (rhbz#1689297) - util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB (rhbz#1689297) - internal: introduce a family of NULLSTR macros (rhbz#1689297) - util: vircgroup: improve controller detection (rhbz#1689297) - util: vircgroupv2: use any controller to create thread directory (rhbz#1689297) - util: vircgroupv2: enable CPU controller only if it's available (rhbz#1689297) - util: vircgroupv2: separate return values of virCgroupV2EnableController (rhbz#1689297) - util: vircgroupv2: don't error out if enabling controller fails (rhbz#1689297) - util: vircgroupv2: mark only requested controllers as available (rhbz#1689297) - Revert 'util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB' (rhbz#1689297) - util: vircgroupv2: stop enabling missing controllers with systemd (rhbz#1689297) [4.5.0-28] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [4.5.0-27] - RHEL: spec: Disable gluster on i686 (rhbz#1722668) - rpc: virnetlibsshsession: update deprecated functions (rhbz#1722735) [4.5.0-26] - api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161) - api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166) - api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167) - api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168) [4.5.0-25] - admin: reject clients unless their UID matches the current UID (CVE-2019-10132) - locking: restrict sockets to mode 0600 (CVE-2019-10132) - logging: restrict sockets to mode 0600 (CVE-2019-10132) - util: skip RDMA detection for non-PCI network devices (rhbz#1693299) - virfile: Detect ceph as shared FS (rhbz#1698133) - virfile: added GPFS as shared fs (rhbz#1698133) - util: bitmap: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1716943) - qemu: Rework setting process affinity (rhbz#1716943) - qemu: Set up EMULATOR thread and cpuset.mems before exec()-ing qemu (rhbz#1716943) - conf: Add definitions for 'uid' and 'fid' PCI address attributes (rhbz#1508149) - qemu: Introduce zPCI capability (rhbz#1508149) - qemu: Enable PCI multi bus for S390 guests (rhbz#1508149) - conf: Introduce extension flag and zPCI member for PCI address (rhbz#1508149) - conf: Introduce address caching for PCI extensions (rhbz#1508149) - qemu: Auto add pci-root for s390/s390x guests (rhbz#1508149) - conf: use virXMLFormatElement() in virDomainDeviceInfoFormat() (rhbz#1508149) - conf: Introduce parser, formatter for uid and fid (rhbz#1508149) - qemu: Add zPCI address definition check (rhbz#1508149) - conf: Allocate/release 'uid' and 'fid' in PCI address (rhbz#1508149) - qemu: Generate and use zPCI device in QEMU command line (rhbz#1508149) - qemu: Add hotpluging support for PCI devices on S390 guests (rhbz#1508149) - qemuDomainRemoveRNGDevice: Remove associated chardev too (rhbz#1508149) - qemu_hotplug: remove erroneous call to qemuDomainDetachExtensionDevice() (rhbz#1508149) - qemu_hotplug: remove another erroneous qemuDomainDetachExtensionDevice() call (rhbz#1508149) - util: Propagate numad failures correctly (rhbz#1716907) - util: Introduce virBitmapUnion() (rhbz#1716908) - util: Introduce virNumaNodesetToCPUset() (rhbz#1716908) - qemu: Fix qemuProcessInitCpuAffinity() (rhbz#1716908) - qemu: Fix leak in qemuProcessInitCpuAffinity() (rhbz#1716908) - qemu: Drop cleanup label from qemuProcessInitCpuAffinity() (rhbz#1716908) - qemu: Fix NULL pointer access in qemuProcessInitCpuAffinity() (rhbz#1716908) - qemuBuildMemoryBackendProps: Pass @priv instead of its individual members (rhbz#1624223) - qemu: Don't use -mem-prealloc among with .prealloc=yes (rhbz#1624223) - nwfilter: fix adding std MAC and IP values to filter binding (rhbz#1691356) - qemuProcessBuildDestroyMemoryPathsImpl: Don't overwrite error (rhbz#1658112) - qemu_security: Fully implement qemuSecurityDomainSetPathLabel (rhbz#1658112) - qemu: process: SEV: Assume libDir to be the directory to create files in (rhbz#1658112) - qemu: process: SEV: Relabel guest owner's SEV files created before start (rhbz#1658112) [4.5.0-24] - tests: qemuxml2argv: add CAPS_ARCH_LATEST macro (rhbz#1698855) - qemu: Add ccw support for vhost-vsock (rhbz#1698855) - qemu: Allow creating ppc64 guests with graphics and no USB mouse (rhbz#1683681) - conf: Expose virDomainSCSIDriveAddressIsUsed (rhbz#1692354) - qemuhotplugtest: Don't plug a SCSI disk at unit 7 (rhbz#1692354) - qemu_hotplug: Check for duplicate drive addresses (rhbz#1692354) - cpu_map: Add support for cldemote CPU feature (rhbz#1537731) - util: alloc: add macros for implementing automatic cleanup functionality (rhbz#1505998) - qemu: domain: Simplify non-VFIO memLockLimit calculation for PPC64 (rhbz#1505998) - qemu_domain: add a PPC64 memLockLimit helper (rhbz#1505998) - qemu_domain: NVLink2 bridge detection function for PPC64 (rhbz#1505998) - PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough (rhbz#1505998) - cpu_x86: Do not cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) - qemu: Don't cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) - cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) - cpu_map: Define md-clear CPUID bit (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) [4.5.0-23] - network: explicitly allow icmp/icmpv6 in libvirt zonefile (rhbz#1650320) [4.5.0-22] - util: fix memory leak in virFirewallDInterfaceSetZone() (rhbz#1650320) [4.5.0-21] - docs: Drop /dev/net/tun from the list of shared devices (rhbz#1665400) - qemu: conf: Remove /dev/sev from the default cgroup device acl list (rhbz#1665400) - qemu: cgroup: Expose /dev/sev/ only to domains that require SEV (rhbz#1665400) - qemu: domain: Add /dev/sev into the domain mount namespace selectively (rhbz#1665400) - security: dac: Relabel /dev/sev in the namespace (rhbz#1665400) - qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues (rhbz#1665400) - qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root (rhbz#1665400) - Revert 'RHEL: Require firewalld-filesystem for firewalld rpm macros' (rhbz#1650320) - Revert 'RHEL: network: regain guest network connectivity after firewalld switch to nftables' (rhbz#1650320) - configure: change HAVE_FIREWALLD to WITH_FIREWALLD (rhbz#1650320) - util: move all firewalld-specific stuff into its own files (rhbz#1650320) - util: new virFirewallD APIs + docs (rhbz#1650320) - configure: selectively install a firewalld 'libvirt' zone (rhbz#1650320) - network: set firewalld zone of bridges to 'libvirt' zone when appropriate (rhbz#1650320) - network: allow configuring firewalld zone for virtual network bridge device (rhbz#1650320) - util: remove test code accidentally committed to virFirewallDZoneExists (rhbz#1650320) - qemu: command: Don't skip 'readonly' and throttling info for empty drive (rhbz#1670337) [4.5.0-20] - RHEL: qemu: Fix crash trying to use iSCSI hostdev (rhbz#1669424) [4.5.0-19] - qemu: Fix logic error in qemuSetUnprivSGIO (rhbz#1666605) - tests: qemuxml2argv: Add test case for empty CDROM with cache mode (rhbz#1553255) - qemu: command: Don't format image properties for empty -drive (rhbz#1553255) [4.5.0-18] - conf: correct false boot order error during domain parse (rhbz#1630393) - qemu: Remove duplicated qemuAgentCheckError (rhbz#1665000) - qemu: require reply from guest agent in qemuAgentGetInterfaces (rhbz#1665000) - qemu: Filter non SCSI hostdevs in qemuHostdevPrepareSCSIDevices (rhbz#1665244) - util: remove const specifier from nlmsghdr arg to virNetlinkDumpCallback() (rhbz#1583131) - util: add a function to insert new interfaces to IPv6CheckForwarding list (rhbz#1583131) - util: use nlmsg_find_attr() instead of an open-coded loop (rhbz#1583131) - util: check accept_ra for all nexthop interfaces of multipath routes (rhbz#1583131) - util: make forgotten changes suggested during review of commit d40b820c (rhbz#1583131) [4.5.0-17] - virsh: Strip XML declaration when extracting CPU XMLs (rhbz#1659048) - RHEL: qemu: Add ability to set sgio values for hostdev (rhbz#1582424) - RHEL: qemu: Add check for unpriv sgio for SCSI generic host device (rhbz#1582424) - qemu: Alter @val usage in qemuSetUnprivSGIO (rhbz#1656362) - qemu: Alter qemuSetUnprivSGIO hostdev shareable logic (rhbz#1656362) [4.5.0-16] - util: Don't overflow in virRandomBits (rhbz#1655586) - virrandom: Avoid undefined behaviour in virRandomBits (rhbz#1655586) - spec: remove libcgroup and cgconfig (rhbz#1602407) - qemu: Drop duplicated code from qemuDomainDefValidateFeatures() (rhbz#1647822) - tests: Add capabilities data for QEMU 3.1.0 on ppc64 (rhbz#1647822) - qemu: Introduce QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV (rhbz#1647822) - conf: Parse and format nested-hv feature (rhbz#1647822) - qemu: Format nested-hv feature on the command line (rhbz#1647822) - qemu: Add check for whether KVM nesting is enabled (rhbz#1645139) - secret: Add check/validation for correct usage when LookupByUUID (rhbz#1656255) - cpu: Add support for 'stibp' x86_64 feature (rhbz#1655032) [4.5.0-15] - virfile: Take symlink into account in virFileIsSharedFixFUSE (rhbz#1634782) - qemu: Ignore nwfilter binding instantiation issues during reconnect (rhbz#1648544) - qemu: Set identity for the reconnect all thread (rhbz#1648546) - Revert 'access: Modify the VIR_ERR_ACCESS_DENIED to include driverName' (rhbz#1631608) - access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608) - qemu: add vfio-ap capability (rhbz#1508146) - qemu: vfio-ap device support (rhbz#1508146) - qemu: Extract MDEV VFIO PCI validation code into a separate helper (rhbz#1508146) - conf: Move VFIO AP validation from post parse to QEMU validation code (rhbz#1508146) - qemu: Fix post-copy migration on the source (rhbz#1649169) [4.5.0-14] - storage: Remove secretPath from _virStorageBackendQemuImgInfo (rhbz#1645459) - storage: Allow for inputvol to have any format for encryption (rhbz#1645459) - storage: Allow inputvol to be encrypted (rhbz#1645459) - access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608) - docs: Enhance polkit documentation to describe secondary connection (rhbz#1631608) - qemu: Don't ignore resume events (rhbz#1634758, rhbz#1643338) [4.5.0-13] - Revert 'spec: Temporarily drop gluster support' (rhbz#1599339) [4.5.0-12] - RHEL: Require firewalld-filesystem for firewalld rpm macros (rhbz#1639932) [4.5.0-11] - virfile: fix cast-align error (rhbz#1634782) - virfiletest: Fix test name prefix for virFileInData test (rhbz#1634782) - virfiletst: Test virFileIsSharedFS (rhbz#1634782) - virFileIsSharedFSType: Detect direct mount points (rhbz#1634782) - virfile: Rework virFileIsSharedFixFUSE (rhbz#1634782) - RHEL: network: regain guest network connectivity after firewalld switch to nftables (rhbz#1638864) [4.5.0-10] - conf: Fix check for chardev source path (rhbz#1609723) - tests: Reuse qemucapabilities data for qemucaps2xml (rhbz#1629862) - tests: Add more tests to qemucaps2xml (rhbz#1629862) - qemu: Drop QEMU_CAPS_ENABLE_KVM (rhbz#1629862) - qemu: Avoid probing non-native binaries all the time (rhbz#1629862) - qemu: Clarify QEMU_CAPS_KVM (rhbz#1629862) - qemu: Don't check for /dev/kvm presence (rhbz#1629862) - tests: Follow up on qemucaps2xmldata rename (rhbz#1629862) - security: dac: also label listen UNIX sockets (rhbz#1634775) - spec: Set correct TLS priority (rhbz#1632269) - spec: Build ceph and gluster support everywhere (rhbz#1599546) - virsh: Require explicit --domain for domxml-to-native (rhbz#1634769) - virFileIsSharedFSType: Check for fuse.glusterfs too (rhbz#1634782) - qemu: fix up permissions for pre-created UNIX sockets (rhbz#1634775) - cpu_map: Add features for Icelake CPUs (rhbz#1527657, rhbz#1526625) - cpu_map: Add Icelake CPU models (rhbz#1526625) - qemu: Properly report VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT (rhbz#1634758) - qemu: Report more appropriate running reasons (rhbz#1634758) - qemu: Pass running reason to RESUME event handler (rhbz#1634758) - qemu: Map running reason to resume event detail (rhbz#1634758) - qemu: Avoid duplicate resume events and state changes (rhbz#1634758) - conf: qemu: add support for Hyper-V frequency MSRs (rhbz#1589702) - conf: qemu: add support for Hyper-V reenlightenment notifications (rhbz#1589702) - conf: qemu: add support for Hyper-V PV TLB flush (rhbz#1589702) [4.5.0-9] - RHEL: Fix virConnectGetMaxVcpus output (rhbz#1582222) - storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1622534) - access: Fix nwfilter-binding ACL access API name generation (rhbz#1622540) - conf: Add validation of input devices (rhbz#1591240) - tests: qemu: Remove disk from graphics-vnc-tls (rhbz#1598167) - tests: qemu: test more versions for graphics-vnc-tls (rhbz#1598167) - qemu: vnc: switch to tls-creds-x509 (rhbz#1598167) - qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624740) - virDomainDefCompatibleDevice: Relax alias change check (rhbz#1603133) - virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1603133) - virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623158) - RHEL: spec: Require python3-devel on RHEL-8 (rhbz#1518446) - qemu: monitor: Remove qemuMonitorJSONExtractCPUArchInfo wrapper (rhbz#1598829) - qemu: monitor: Use 'target' instead of 'arch' in reply of 'query-cpus-fast' (rhbz#1598829) [4.5.0-8] - tests: Add missing thread_siblings_list files (rhbz#1608479) - util: Rewrite virHostCPUCountThreadSiblings() (rhbz#1608479) - utils: Remove arbitrary limit on socket_id/core_id (rhbz#1608479) - tests: Add linux-high-ids test (rhbz#1608479) - qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618680) - tests: rename hugepages to hugepages-default (rhbz#1615461) - tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1615461) - tests: rename hugepages-numa into hugepages-numa-default (rhbz#1615461) - tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1615461) - tests: extract pages-discard out of hugepages-pages (rhbz#1615461) - tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1615461) - tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1615461) - tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1615461) - tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1615461) - tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1615461) - tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1615461) - tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1615461) - tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1615461) - tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1615461) - tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1615461) - tests: introduce hugepages-nodeset (rhbz#1615461) - conf: Move hugepage XML validation check out of qemu_command (rhbz#1615461) - conf: Move hugepages validation out of XML parser (rhbz#1615461) - conf: Introduce virDomainDefPostParseMemtune (rhbz#1615461) - tests: sev: Test launch-security with specific QEMU version (rhbz#1619150) - qemu: Fix probing of AMD SEV support (rhbz#1619150) - qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1619150) - conf: Parse guestfwd channel device info again (rhbz#1610072) [4.5.0-7] - qemu_migration: Avoid writing to freed memory (rhbz#1615854) [4.5.0-6] - qemu: Exempt video model 'none' from getting a PCI address on Q35 - conf: Fix a error msg typo in virDomainVideoDefValidate [4.5.0-5] - esx storage: Fix typo lsilogic -> lsiLogic - networkGetDHCPLeases: Don't always report error if unable to read leases file - nwfilter: Resolve SEGV for NWFilter Snoop processing - qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs - qemuDomainSaveMemory: Don't enforce dynamicOwnership - domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl - examples: Add clean-traffic-gateway into nwfilters [4.5.0-4] - qemu: hotplug: don't overwrite error message in qemuDomainAttachNetDevice - qemu: hotplug: report error when changing rom enabled attr for net iface - qemu: Fix setting global_period cputune element - tests: qemucaps: Add test data for upcoming qemu 3.0.0 - qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend - qemu: command: Move graphics iteration to its own function - qemu: address: Handle all the video devices within a single loop - conf: Introduce virDomainVideoDefClear helper - conf: Introduce virDomainDefPostParseVideo helper - qemu: validate: Enforce compile time switch type checking for videos - tests: Add capabilities data for QEMU 2.11 x86_64 - tests: Update capabilities data for QEMU 3.0.0 x86_64 - qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc - qemu: caps: Introduce a capability for egl-headless - qemu: Introduce a new graphics display type 'headless' - qemu: caps: Add vfio-pci.display capability - conf: Introduce virDomainGraphicsDefHasOpenGL helper - conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys - conf: Introduce new <hostdev> attribute 'display' - qemu: command: Enable formatting vfio-pci.display option onto cmdline - docs: Rephrase the mediated devices hostdev section a bit - conf: Introduce new video type 'none' - virt-xml-validate: Add schema for nwfilterbinding - tools: Fix typo generating adapter_wwpn field - src: Fix memory leak in virNWFilterBindingDispose [4.5.0-3] - qemu: hotplug: Do not try to add secret object for TLS if it does not exist - qemu: monitor: Make qemuMonitorAddObject more robust against programming errors - spec: Explicitly require matching libvirt-libs - virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash - qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one - qemuDomainValidateStorageSource: Relax PR validation - virStoragePRDefFormat: Suppress path formatting for migratable XML - qemu: Wire up PR_MANAGER_STATUS_CHANGED event - qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo - qemu: Fetch pr-helper process info on reconnect - qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject - virsh.pod: Fix a command name typo in nwfilter-binding-undefine - docs: schema: Add missing <alias> to vsock device - virnetdevtap: Don't crash on !ifname in virNetDevTapInterfaceStats - tests: fix TLS handshake failure with TLS 1.3 [4.5.0-2] - qemu: Add capability for the HTM pSeries feature - conf: Parse and format the HTM pSeries feature - qemu: Format the HTM pSeries feature - qemu: hotplug: Don't access srcPriv when it's not allocated - qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE - src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs - virsh.pod: Drop --persistent for detach-device-alias - qemu: don't use chardev FD passing with standalone args - qemu: remove chardevStdioLogd param from vhostuser code path - qemu: consolidate parameters of qemuBuildChrChardevStr into flags - qemu: don't use chardev FD passing for vhostuser backend - qemu: fix UNIX socket chardevs operating in client mode - qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set - spec: Temporarily drop gluster support [4.5.0-1] - Rebased to libvirt-4.5.0 [4.3.0-1] - Rebased to libvirt-4.3.0 [4.1.0-2] - Fix systemd macro argument with line continuations (rhbz#1558648) [4.1.0-1] - Rebase to version 4.1.0 [4.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [4.0.0-1] - Rebase to version 4.0.0 [3.10.0-2] - Rebuild for xen 4.10 [3.10.0-1] - Rebase to version 3.10.0 [3.9.0-1] - Rebase to version 3.9.0 [3.8.0-1] - Rebase to version 3.8.0 [3.7.0-1] - Rebase to version 3.7.0 [3.6.0-1] - Rebase to version 3.6.0 [3.5.0-4] - Rebuild with binutils fix for ppc64le (#1475636) [3.5.0-3] - Disabled RBD on i386, arm, ppc64 (rhbz #1474743) [3.5.0-2] - Rebuild for xen 4.9 [3.5.0-1] - Rebase to version 3.5.0 [3.4.0-1] - Rebase to version 3.4.0 [3.3.0-1] - Rebase to version 3.3.0 [3.2.0-1] - Rebase to version 3.2.0 [3.1.0-1] - Rebase to version 3.1.0 [3.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.0.0-1] - Rebase to version 3.0.0 libvirt-dbus libvirt-python nbdkit netcf [0.2.8-12] - Resolves: rhbz#1602628 perl-Sys-Virt qemu-kvm [2.12.0-88.0.1.el8_1_0.2] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-88.el8_1_0.2] - kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771970] - kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771970] - Resolves: bz#1771970 (CVE-2019-11135 virt:rhel/qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-8.1.0.z]) [2.12.0-88.el8_1_0.1] - kvm-s390-PCI-fix-IOMMU-region-init.patch [bz#1764829] - Resolves: bz#1764829 (RHEL8.1 Snapshot3 - Passthrough PCI card goes into error state if used in domain (kvm) [rhel-8.1.0.z]) [2.12.0-88.el8] - Revert fix for bz#1749724 - this got delayed to 8.2 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-8]) [2.12.0-86.el8] - kvm-Do-not-run-iotests-on-brew-build.patch [bz#1742819] - kvm-target-ppc-spapr-Add-workaround-option-to-SPAPR_CAP_.patch [bz#1744415] - kvm-target-ppc-spapr-Add-SPAPR_CAP_CCF_ASSIST.patch [bz#1744415] - kvm-i386-x86_cpu_list_feature_names-function.patch [bz#1747185] - kvm-i386-unavailable-features-QOM-property.patch [bz#1747185] - kvm-file-posix-Handle-undetectable-alignment.patch [bz#1738839] - kvm-iotests-Tweak-221-sizing-for-different-hole-granular.patch [bz#1738839] - kvm-iotests-Filter-175-s-allocation-information.patch [bz#1738839] - kvm-block-posix-Always-allocate-the-first-block.patch [bz#1738839] - kvm-iotests-Test-allocate_first_block-with-O_DIRECT.patch [bz#1738839] - Resolves: bz#1738839 (I/O error when virtio-blk disk is backed by a raw image on 4k disk) - Resolves: bz#1742819 (Remove iotests from qemu-kvm builds [RHEL 8.1.0]) - Resolves: bz#1744415 (Backport support for count cache flush Spectre v2 mitigation [slow train]) - Resolves: bz#1747185 ('filtered-features' QOM property is not available) [2.12.0-85.el8] - kvm-console-Avoid-segfault-in-screendump.patch [bz#1684383] - kvm-usb-hub-clear-suspend-on-detach.patch [bz#1619661] - kvm-qemu-img-fix-regression-copying-secrets-during-conve.patch [bz#1727821] - Resolves: bz#1619661 (the attach hub on one hub still exits in device manager after unhotplug) - Resolves: bz#1684383 (qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer) - Resolves: bz#1727821 (Failed to convert a source image to the qcow2 image encrypted by luks) [2.12.0-84.el8] - kvm-vnc-detect-and-optimize-pageflips.patch [bz#1727033] - kvm-block-backend-Make-blk_inc-dec_in_flight-public.patch [bz#1716349] - kvm-virtio-blk-Increase-in_flight-for-request-restart-BH.patch [bz#1716349] - kvm-block-Fix-AioContext-switch-for-drained-node.patch [bz#1716349] - kvm-test-bdrv-drain-AioContext-switch-in-drained-section.patch [bz#1716349] - kvm-block-Use-normal-drain-for-bdrv_set_aio_context.patch [bz#1716349] - kvm-block-Fix-AioContext-switch-for-bs-drv-NULL.patch [bz#1716347] - kvm-iothread-fix-crash-with-invalid-properties.patch [bz#1687541] - kvm-iothread-replace-init_done_cond-with-a-semaphore.patch [bz#1687541] - kvm-RHEL-disable-hostmem-memfd.patch [bz#1740797] - Resolves: bz#1687541 (qemu aborted when start guest with a big iothreads) - Resolves: bz#1716347 (Qemu Core dump when quit vm that's in status 'paused(io-error)' with data plane enabled) - Resolves: bz#1716349 (qemu with iothreads enabled crashes on resume after enospc pause for disk extension) - Resolves: bz#1727033 (vnc server should detect page-flips and avoid sending fullscreen updates then.) - Resolves: bz#1740797 (Disable memfd in QEMU) [2.12.0-83.el8] - kvm-hw-block-pflash_cfi01-Add-missing-DeviceReset-handle.patch [bz#1707192] - kvm-block-file-posix-Unaligned-O_DIRECT-block-status.patch [bz#1678979] - kvm-iotests-Test-unaligned-raw-images-with-O_DIRECT.patch [bz#1678979] - kvm-nbd-client-Lower-min_block-for-block-status-unaligne.patch [bz#1678979] - kvm-nbd-client-Reject-inaccessible-tail-of-inconsistent-.patch [bz#1678979] - kvm-nbd-client-Support-qemu-img-convert-from-unaligned-s.patch [bz#1678979] - kvm-block-Add-bdrv_get_request_alignment.patch [bz#1678979] - kvm-nbd-server-Advertise-actual-minimum-block-size.patch [bz#1678979] - kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1727642] - kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1727642] - kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1727642] - kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1727642] - kvm-tap-set-vhostfd-passed-from-qemu-cli-to-non-blocking.patch [bz#1732642] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734751] - Resolves: bz#1678979 (qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion ret == cpu->kvm_msr_buf->nmsrs' failed.) [2.12.0-71.el8] - kvm-s390-bios-Skip-bootmap-signature-entries.patch [bz#1683275] - Resolves: bz#1683275 ([IBM 8.1 FEAT] KVM: Secure Linux Boot Toleration (qemu)) [2.12.0-70.el8] - kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1561761] - kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1561761] - kvm-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761] - kvm-i386-Add-CPUID-bit-for-WBNOINVD.patch [bz#1561761] - kvm-i386-Add-new-CPU-model-Icelake-Server-Client.patch [bz#1561761] - kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1561761] - kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1561761] - kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1561761] - kvm-i386-remove-the-new-CPUID-PCONFIG-from-Icelake-Serve.patch [bz#1561761] - kvm-Revert-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761] - Resolves: bz#1561761 ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model) [2.12.0-69.el8] - kvm-tests-crypto-Use-the-IEC-binary-prefix-definitions.patch [bz#1680231] - kvm-crypto-expand-algorithm-coverage-for-cipher-benchmar.patch [bz#1680231] - kvm-crypto-remove-code-duplication-in-tweak-encrypt-decr.patch [bz#1680231] - kvm-crypto-introduce-a-xts_uint128-data-type.patch [bz#1680231] - kvm-crypto-convert-xts_tweak_encdec-to-use-xts_uint128-t.patch [bz#1680231] - kvm-crypto-convert-xts_mult_x-to-use-xts_uint128-type.patch [bz#1680231] - kvm-crypto-annotate-xts_tweak_encdec-as-inlineable.patch [bz#1680231] - kvm-crypto-refactor-XTS-cipher-mode-test-suite.patch [bz#1680231] - kvm-crypto-add-testing-for-unaligned-buffers-with-XTS-ci.patch [bz#1680231] - Resolves: bz#1680231 (severe performance impact using luks format) [2.12.0-68.el8] - kvm-s390x-ipl-Try-to-detect-Linux-vs-non-Linux-for-initi.patch [bz#1699070] - kvm-loader-Check-access-size-when-calling-rom_ptr-to-avo.patch [bz#1699070] - kvm-hw-s390x-Use-the-IEC-binary-prefix-definitions.patch [bz#1699070] - kvm-s390x-storage-attributes-fix-CMMA_BLOCK_SIZE-usage.patch [bz#1699070] - kvm-s390x-cpumodel-fix-segmentation-fault-when-baselinin.patch [bz#1699070] - kvm-hw-s390x-s390-pci-bus-Convert-sysbus-init-function-t.patch [bz#1699070] - kvm-s390x-pci-properly-fail-if-the-zPCI-device-cannot-be.patch [bz#1699070] - kvm-s390x-pci-rename-hotplug-handler-callbacks.patch [bz#1699070] - kvm-s390-avoid-potential-null-dereference-in-s390_pcihos.patch [bz#1699070] - kvm-s390x-pci-Send-correct-event-on-hotplug.patch [bz#1699070] - kvm-s390x-pci-Set-the-iommu-region-size-mpcifc-request.patch [bz#1699070] - kvm-s390x-pci-Always-delete-and-free-the-release_timer.patch [bz#1699070] - kvm-s390x-pci-Ignore-the-unplug-call-if-we-already-have-.patch [bz#1699070] - kvm-s390x-pci-Use-hotplug_dev-instead-of-looking-up-the-.patch [bz#1699070] - kvm-s390x-pci-Move-some-hotplug-checks-to-the-pre_plug-h.patch [bz#1699070] - kvm-s390x-pci-Introduce-unplug-requests-and-split-unplug.patch [bz#1699070] - kvm-s390x-pci-Drop-release-timer-and-replace-it-with-a-f.patch [bz#1699070] - kvm-s390x-pci-mark-zpci-devices-as-unmigratable.patch [bz#1699070] - kvm-s390x-pci-Fix-primary-bus-number-for-PCI-bridges.patch [bz#1699070] - kvm-s390x-pci-Fix-hotplugging-of-PCI-bridges.patch [bz#1699070] - kvm-s390x-pci-Warn-when-adding-PCI-devices-without-the-z.patch [bz#1699070] - kvm-s390x-pci-Unplug-remaining-requested-devices-on-pcih.patch [bz#1699070] - kvm-s390x-refactor-reset-reipl-handling.patch [bz#1699070] - kvm-s390-ipl-fix-ipl-with-no-reboot.patch [bz#1699070] - Resolves: bz#1699070 (Backport s390x-related fixes for qemu-kvm) [2.12.0-67.el8] - kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch [bz#1693116] - Resolves: bz#1693116 (CVE-2018-20815 qemu-kvm: QEMU: device_tree: heap buffer overflow while loading device tree blob [rhel-8.0]) [2.12.0-66.el8] - kvm-iotests-153-Fix-dead-code.patch [bz#1694148] - kvm-file-posix-Include-filename-in-locking-error-message.patch [bz#1694148] - kvm-file-posix-Skip-effectiveless-OFD-lock-operations.patch [bz#1694148] - kvm-file-posix-Drop-s-lock_fd.patch [bz#1694148] - kvm-tests-Add-unit-tests-for-image-locking.patch [bz#1694148] - kvm-file-posix-Fix-shared-locks-on-reopen-commit.patch [bz#1694148] - kvm-iotests-Test-file-posix-locking-and-reopen.patch [bz#1694148] - kvm-block-file-posix-do-not-fail-on-unlock-bytes.patch [bz#1694148] - kvm-hostmem-file-remove-object-id-from-pmem-error-messag.patch [bz#1687596] - kvm-redhat-setting-target-release-to-rhel-8.1.0.patch [] - kvm-redhat-removing-iotest-182.patch [] - Resolves: bz#1687596 ([Intel 8.1 BUG][KVM][Crystal Ridge]object_get_canonical_path_component: assertion failed: (obj->parent != NULL)) - Resolves: bz#1694148 (QEMU image locking needn't double open fd number, and it should not fail when attempting to release locks) [2.12.0-65.el8] - kvm-s390x-cpumodel-mepochptff-warn-when-no-mepoch-and-re.patch [bz#1664371] - kvm-s390x-cpumodel-add-z14-GA2-model.patch [bz#1664371] - kvm-redhat-s390x-cpumodel-enable-mepoch-by-default-for-z.patch [bz#1664371] - kvm-intel_iommu-fix-operator-in-vtd_switch_address_space.patch [bz#1662272] - kvm-intel_iommu-reset-intr_enabled-when-system-reset.patch [bz#1662272] - kvm-pci-msi-export-msi_is_masked.patch [bz#1662272] - kvm-i386-kvm-ignore-masked-irqs-when-update-msi-routes.patch [bz#1662272] - Resolves: bz#1662272 (Boot guest with device assignment+vIOMMU, qemu prompts 'vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0' when first rebooting guest) - Resolves: bz#1664371 ([IBM 8.1 FEAT] Update hardware CPU Model z14 (kvm) - qemu part) [2.12.0-64.el8] - kvm-doc-fix-the-configuration-path.patch [bz#1645411] - kvm-Increase-number-of-iotests-being-run-as-a-part-of-RH.patch [bz#1664463] - kvm-Load-kvm-module-during-boot.patch [bz#1676907 bz#1685995] - kvm-qemu-kvm.spec.template-Update-pyton-path-to-system-i.patch [] - Resolves: bz#1645411 (the 'fsfreeze-hook' script path shown by command 'qemu-ga --help' or 'man qemu-ga' is wrong) - Resolves: bz#1664463 (Modify iotest behavior to include luks and nbd and fail build if iotests fail) - Resolves: bz#1676907 (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt) - Resolves: bz#1685995 (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt) [2.12.0-63.el8] - kvm-scsi-generic-avoid-possible-out-of-bounds-access-to-.patch [bz#1668162] - Resolves: bz#1668162 (CVE-2019-6501 qemu-kvm: QEMU: scsi-generic: possible OOB access while handling inquiry request [rhel-8]) [2.12.0-62.el8] - kvm-slirp-check-data-length-while-emulating-ident-functi.patch [bz#1669069] - Resolves: bz#1669069 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-8.0]) [2.12.0-61.el8] - kvm-qemu-ga-make-get-fsinfo-work-over-pci-bridges.patch [bz#1666952] - kvm-qga-fix-driver-leak-in-guest-get-fsinfo.patch [bz#1666952] - Resolves: bz#1666952 (qemu-guest-agent does not parse PCI bridge links in 'build_guest_fsinfo_for_real_device' (q35)) [2.12.0-60.el8] - kvm-ne2000-fix-possible-out-of-bound-access-in-ne2000_re.patch [bz#1636784] - kvm-rtl8139-fix-possible-out-of-bound-access.patch [bz#1636784] - kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636784] - kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636784] - kvm-net-drop-too-large-packet-early.patch [bz#1636784] - kvm-net-hub-suppress-warnings-of-no-host-network-for-qte.patch [bz#1636784] - kvm-virtio-net-test-accept-variable-length-argument-in-p.patch [bz#1636784] - kvm-virtio-net-test-remove-unused-macro.patch [bz#1636784] - kvm-virtio-net-test-add-large-tx-buffer-test.patch [bz#1636784] - kvm-s390x-Return-specification-exception-for-unimplement.patch [bz#1668261] - kvm-cpus-ignore-ESRCH-in-qemu_cpu_kick_thread.patch [bz#1665844] - Resolves: bz#1636784 (CVE-2018-17963 qemu-kvm: Qemu: net: ignore packets with large size [rhel-8]) - Resolves: bz#1665844 (Guest quit with error when hotunplug cpu) - Resolves: bz#1668261 ([RHEL8] Backport diag308 stable exception fix (qemu-kvm)) [2.12.0-59.el8] - kvm-hw-scsi-cleanups-before-VPD-BL-emulation.patch [bz#1639957] - kvm-hw-scsi-centralize-SG_IO-calls-into-single-function.patch [bz#1639957] - kvm-hw-scsi-add-VPD-Block-Limits-emulation.patch [bz#1639957] - kvm-scsi-disk-Block-Device-Characteristics-emulation-fix.patch [bz#1639957] - kvm-scsi-generic-keep-VPD-page-list-sorted.patch [bz#1639957] - kvm-scsi-generic-avoid-out-of-bounds-access-to-VPD-page-.patch [bz#1639957] - kvm-scsi-generic-avoid-invalid-access-to-struct-when-emu.patch [bz#1639957] - kvm-scsi-generic-do-not-do-VPD-emulation-for-sense-other.patch [bz#1639957] - Resolves: bz#1639957 ([RHEL.8] scsi host device passthrough limits IO writes - slow train) [2.12.0-58.el8] - kvm-block-Update-flags-in-bdrv_set_read_only.patch [bz#1644996] - kvm-block-Add-auto-read-only-option.patch [bz#1644996] - kvm-rbd-Close-image-in-qemu_rbd_open-error-path.patch [bz#1644996] - kvm-block-Require-auto-read-only-for-existing-fallbacks.patch [bz#1644996] - kvm-nbd-Support-auto-read-only-option.patch [bz#1644996] - kvm-file-posix-Support-auto-read-only-option.patch [bz#1644996] - kvm-curl-Support-auto-read-only-option.patch [bz#1644996] - kvm-gluster-Support-auto-read-only-option.patch [bz#1644996] - kvm-iscsi-Support-auto-read-only-option.patch [bz#1644996] - kvm-block-Make-auto-read-only-on-default-for-drive.patch [bz#1644996] - kvm-qemu-iotests-Test-auto-read-only-with-drive-and-bloc.patch [bz#1644996] - kvm-block-Fix-update-of-BDRV_O_AUTO_RDONLY-in-update_fla.patch [bz#1644996] - kvm-qemu-img-Add-C-option-for-convert-with-copy-offloadi.patch [bz#1623082] - kvm-iotests-Add-test-for-qemu-img-convert-C-compatibilit.patch [bz#1623082] - Resolves: bz#1623082 ([rhel.8.0]Target files for 'qemu-img convert' do not support thin_provisoning with iscsi/nfs backend) - Resolves: bz#1644996 (block-commit can't be used with -blockdev) [2.12.0-57.el8] - kvm-qemu-kvm.spec.template-Update-files-for-tests-rpm-to.patch [bz#1601107] [2.12.0-56.el8] - kvm-Run-iotests-as-part-of-the-build-process.patch [bz#1661026] - kvm-Introduce-the-qemu-kvm-tests-rpm.patch [bz#1601107] - Resolves: bz#1601107 (qemu-kvm packaging: make running qemu-iotests more robust) - Resolves: bz#1661026 (Run iotests as part of build process) [2.12.0-55.el8] - kvm-block-Don-t-inactivate-children-before-parents.patch [bz#1659395] - kvm-iotests-Test-migration-with-blockdev.patch [bz#1659395] - Resolves: bz#1659395 (src qemu core dump when do migration ( block device node-name changed after change cdrom) - Slow Train) [2.12.0-54.el8] - kvm-s390x-tcg-avoid-overflows-in-time2tod-tod2time.patch [bz#1653569] - kvm-s390x-kvm-pass-values-instead-of-pointers-to-kvm_s39.patch [bz#1653569] - kvm-s390x-tod-factor-out-TOD-into-separate-device.patch [bz#1653569] - kvm-s390x-tcg-drop-tod_basetime.patch [bz#1653569] - kvm-s390x-tcg-properly-implement-the-TOD.patch [bz#1653569] - kvm-s390x-tcg-SET-CLOCK-COMPARATOR-can-clear-CKC-interru.patch [bz#1653569] - kvm-s390x-tcg-implement-SET-CLOCK.patch [bz#1653569] - kvm-s390x-tcg-rearm-the-CKC-timer-during-migration.patch [bz#1653569] - kvm-s390x-tcg-fix-locking-problem-with-tcg_s390_tod_upda.patch [bz#1653569] - kvm-hw-s390x-Include-the-tod-qemu-also-for-builds-with-d.patch [bz#1653569] - kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch [bz#1653569] - kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch [bz#1653569] - kvm-migration-discard-non-migratable-RAMBlocks.patch [bz#1539285] - kvm-vfio-pci-do-not-set-the-PCIDevice-has_rom-attribute.patch [bz#1539285] - kvm-memory-exec-Expose-all-memory-block-related-flags.patch [bz#1539285] - kvm-memory-exec-switch-file-ram-allocation-functions-to-.patch [bz#1539285] - kvm-configure-add-libpmem-support.patch [bz#1539285] - kvm-hostmem-file-add-the-pmem-option.patch [bz#1539285] - kvm-mem-nvdimm-ensure-write-persistence-to-PMEM-in-label.patch [bz#1539285] - kvm-migration-ram-Add-check-and-info-message-to-nvdimm-p.patch [bz#1539285] - kvm-migration-ram-ensure-write-persistence-on-loading-al.patch [bz#1539285] - Resolves: bz#1539285 ([Intel 8.0 Bug] [KVM][Crystal Ridge] Lack of data persistence guarantee of QEMU writes to host PMEM) - Resolves: bz#1653569 (Stress guest and stop it, then do live migration, guest hit call trace on destination end) [2.12.0-53.el8] - kvm-ui-add-qapi-parser-for-display.patch [bz#1652871] - kvm-ui-switch-trivial-displays-to-qapi-parser.patch [bz#1652871] - kvm-qapi-Add-rendernode-display-option-for-egl-headless.patch [bz#1652871] - kvm-ui-Allow-specifying-rendernode-display-option-for-eg.patch [bz#1652871] - kvm-qapi-add-query-display-options-command.patch [bz#1652871] - Resolves: bz#1652871 (QEMU doesn't expose rendernode option for egl-headless display type) [2.12.0-52.el8] - kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276] - Resolves: bz#1654276 (qemu-kvm: Should depend on the architecture-appropriate guest firmware) [2.12.0-51.el8] - kvm-x86-host-phys-bits-limit-option.patch [bz#1598284] - kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch [bz#1598284] - kvm-i386-do-not-migrate-MSR_SMI_COUNT-on-machine-types-2.patch [bz#1659565] - kvm-pc-x-migrate-smi-count-to-PC_RHEL_COMPAT.patch [bz#1659565] - kvm-slow-train-kvm-clear-out-KVM_ASYNC_PF_DELIVERY_AS_PF.patch [bz#1656829] - Resolves: bz#1598284 ([Intel 8.0 Alpha] physical bits should < 48 when host with 5level paging &EPT5 and qemu command with '-cpu qemu64' parameters.) - Resolves: bz#1656829 (8->7 migration failed: qemu-kvm: error: failed to set MSR 0x4b564d02 to 0x27fc13285) - Resolves: bz#1659565 (machine type: required compat flag x-migrate-smi-count=off) [2.12.0-51] - kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276] - Resolves: bz#1654276 (qemu-kvm: Should depend on the architecture-appropriate guest firmware) [-] - kvm-redhat-enable-tpmdev-passthrough.patch [bz#1654486] - Resolves: bz#1654486 ([RFE] enable TPM passthrough at compile time (qemu-kvm)) [qemu-kvm-2.12.0-48] - kvm-redhat-use-autopatch-instead-of-PATCHAPPLY.patch [bz#1613128] - kvm-redhat-Removing-some-unused-build-flags-in-the-spec-.patch [bz#1613128] - kvm-redhat-Fixing-rhev-ma-conflicts.patch [bz#1613126] - kvm-redhat-Remove-_smp_mflags-cleanup-workaround-for-s39.patch [bz#1613128] - kvm-redhat-Removing-dead-code-from-the-spec-file.patch [bz#1613128] - kvm-i386-Add-stibp-flag-name.patch [bz#1639446] - kvm-Add-functional-acceptance-tests-infrastructure.patch [bz#1655807] - kvm-scripts-qemu.py-allow-adding-to-the-list-of-extra-ar.patch [bz#1655807] - kvm-Acceptance-tests-add-quick-VNC-tests.patch [bz#1655807] - kvm-scripts-qemu.py-introduce-set_console-method.patch [bz#1655807] - kvm-Acceptance-tests-add-Linux-kernel-boot-and-console-c.patch [bz#1655807] - kvm-Bootstrap-Python-venv-for-tests.patch [bz#1655807] - kvm-Acceptance-tests-add-make-rule-for-running-them.patch [bz#1655807] - Resolves: bz#1613126 (Check and fix qemu-kvm-rhev and qemu-kvm-ma conflicts in qemu-kvm for rhel-8) - Resolves: bz#1613128 (Spec file clean up) - Resolves: bz#1639446 (Cross migration from RHEL7.5 to RHEL8 shouldn't fail with cpu flag stibp [qemu-kvm]) - Resolves: bz#1655807 (Backport avocado-qemu tests for QEMU 2.12) [qemu-kvm-2.12.0-47] - kvm-Disable-CONFIG_IPMI-and-CONFIG_I2C-for-ppc64.patch [bz#1640044] - kvm-Disable-CONFIG_CAN_BUS-and-CONFIG_CAN_SJA1000.patch [bz#1640042] - Resolves: bz#1640042 (Disable CONFIG_CAN_BUS and CONFIG_CAN_SJA1000 config switches) - Resolves: bz#1640044 (Disable CONFIG_I2C and CONFIG_IPMI in default-configs/ppc64-softmmu.mak) [qemu-kvm-2.12.0-46] - kvm-qcow2-Give-the-refcount-cache-the-minimum-possible-s.patch [bz#1656507] - kvm-docs-Document-the-new-default-sizes-of-the-qcow2-cac.patch [bz#1656507] - kvm-qcow2-Fix-Coverity-warning-when-calculating-the-refc.patch [bz#1656507] - kvm-include-Add-IEC-binary-prefixes-in-qemu-units.h.patch [bz#1656507] - kvm-qcow2-Options-documentation-fixes.patch [bz#1656507] - kvm-include-Add-a-lookup-table-of-sizes.patch [bz#1656507] - kvm-qcow2-Make-sizes-more-humanly-readable.patch [bz#1656507] - kvm-qcow2-Avoid-duplication-in-setting-the-refcount-cach.patch [bz#1656507] - kvm-qcow2-Assign-the-L2-cache-relatively-to-the-image-si.patch [bz#1656507] - kvm-qcow2-Increase-the-default-upper-limit-on-the-L2-cac.patch [bz#1656507] - kvm-qcow2-Resize-the-cache-upon-image-resizing.patch [bz#1656507] - kvm-qcow2-Set-the-default-cache-clean-interval-to-10-min.patch [bz#1656507] - kvm-qcow2-Explicit-number-replaced-by-a-constant.patch [bz#1656507] - kvm-block-backend-Set-werror-rerror-defaults-in-blk_new.patch [bz#1657637] - kvm-qcow2-Fix-cache-clean-interval-documentation.patch [bz#1656507] - Resolves: bz#1656507 ([RHEL.8] qcow2 cache is too small) - Resolves: bz#1657637 (Wrong werror default for -device drive=<node-name>) [qemu-kvm-2.12.0-45] - kvm-target-ppc-add-basic-support-for-PTCR-on-POWER9.patch [bz#1639069] - kvm-linux-headers-Update-for-nested-KVM-HV-downstream-on.patch [bz#1639069] - kvm-target-ppc-Add-one-reg-id-for-ptcr.patch [bz#1639069] - kvm-ppc-spapr_caps-Add-SPAPR_CAP_NESTED_KVM_HV.patch [bz#1639069] - kvm-Re-enable-CONFIG_HYPERV_TESTDEV.patch [bz#1651195] - kvm-qxl-use-guest_monitor_config-for-local-renderer.patch [bz#1610163] - kvm-Declare-cirrus-vga-as-deprecated.patch [bz#1651994] - kvm-Do-not-build-bluetooth-support.patch [bz#1654651] - kvm-vfio-helpers-Fix-qemu_vfio_open_pci-crash.patch [bz#1645840] - kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1650272] - kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1650272] - kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1650272] - kvm-vfio-ccw-pci-Allow-devices-to-opt-in-for-ballooning.patch [bz#1650272] - kvm-vfio-pci-Handle-subsystem-realpath-returning-NULL.patch [bz#1650272] - kvm-vfio-pci-Fix-failure-to-close-file-descriptor-on-err.patch [bz#1650272] - kvm-postcopy-Synchronize-usage-of-the-balloon-inhibitor.patch [bz#1650272] - Resolves: bz#1610163 (guest shows border blurred screen with some resolutions when qemu boot with -device qxl-vga ,and guest on rhel7.6 has no such question) - Resolves: bz#1639069 ([IBM 8.0 FEAT] POWER9 - Nested virtualization in RHEL8.0 KVM for ppc64le - qemu-kvm side) - Resolves: bz#1645840 (Qemu core dump when hotplug nvme:// drive via -blockdev) - Resolves: bz#1650272 (Ballooning is incompatible with vfio assigned devices, but not prevented) - Resolves: bz#1651195 (Re-enable hyperv-testdev device) - Resolves: bz#1651994 (Declare the 'Cirrus VGA' device emulation of QEMU as deprecated in RHEL8) - Resolves: bz#1654651 (Qemu: hw: bt: keep bt/* objects from building [rhel-8.0]) [qemu-kvm-2.12.0-44] - kvm-block-Make-more-block-drivers-compile-time-configura.patch [bz#1598842 bz#1598842] - kvm-RHEL8-Add-disable-configure-options-to-qemu-spec-fil.patch [bz#1598842] - Resolves: bz#1598842 (Compile out unused block drivers) [qemu-kvm-2.12.0-43] - kvm-configure-add-test-for-libudev.patch [bz#1636185] - kvm-qga-linux-report-disk-serial-number.patch [bz#1636185] - kvm-qga-linux-return-disk-device-in-guest-get-fsinfo.patch [bz#1636185] - kvm-qemu-error-introduce-error-warn-_report_once.patch [bz#1625173] - kvm-intel-iommu-start-to-use-error_report_once.patch [bz#1625173] - kvm-intel-iommu-replace-more-vtd_err_-traces.patch [bz#1625173] - kvm-intel_iommu-introduce-vtd_reset_caches.patch [bz#1625173] - kvm-intel_iommu-better-handling-of-dmar-state-switch.patch [bz#1625173] - kvm-intel_iommu-move-ce-fetching-out-when-sync-shadow.patch [bz#1625173 bz#1629616] - kvm-intel_iommu-handle-invalid-ce-for-shadow-sync.patch [bz#1625173 bz#1629616] - kvm-block-remove-bdrv_dirty_bitmap_make_anon.patch [bz#1518989] - kvm-block-simplify-code-around-releasing-bitmaps.patch [bz#1518989] - kvm-hbitmap-Add-advance-param-to-hbitmap_iter_next.patch [bz#1518989] - kvm-test-hbitmap-Add-non-advancing-iter_next-tests.patch [bz#1518989] - kvm-block-dirty-bitmap-Add-bdrv_dirty_iter_next_area.patch [bz#1518989] - kvm-blockdev-backup-add-bitmap-argument.patch [bz#1518989] - kvm-dirty-bitmap-switch-assert-fails-to-errors-in-bdrv_m.patch [bz#1518989] - kvm-dirty-bitmap-rename-bdrv_undo_clear_dirty_bitmap.patch [bz#1518989] - kvm-dirty-bitmap-make-it-possible-to-restore-bitmap-afte.patch [bz#1518989] - kvm-blockdev-rename-block-dirty-bitmap-clear-transaction.patch [bz#1518989] - kvm-qapi-add-transaction-support-for-x-block-dirty-bitma.patch [bz#1518989] - kvm-block-dirty-bitmaps-add-user_locked-status-checker.patch [bz#1518989] - kvm-block-dirty-bitmaps-fix-merge-permissions.patch [bz#1518989] - kvm-block-dirty-bitmaps-allow-clear-on-disabled-bitmaps.patch [bz#1518989] - kvm-block-dirty-bitmaps-prohibit-enable-disable-on-locke.patch [bz#1518989] - kvm-block-backup-prohibit-backup-from-using-in-use-bitma.patch [bz#1518989] - kvm-nbd-forbid-use-of-frozen-bitmaps.patch [bz#1518989] - kvm-bitmap-Update-count-after-a-merge.patch [bz#1518989] - kvm-iotests-169-drop-deprecated-autoload-parameter.patch [bz#1518989] - kvm-block-qcow2-improve-error-message-in-qcow2_inactivat.patch [bz#1518989] - kvm-bloc-qcow2-drop-dirty_bitmaps_loaded-state-variable.patch [bz#1518989] - kvm-dirty-bitmaps-clean-up-bitmaps-loading-and-migration.patch [bz#1518989] - kvm-iotests-improve-169.patch [bz#1518989] - kvm-iotests-169-add-cases-for-source-vm-resuming.patch [bz#1518989] - kvm-pc-dimm-turn-alignment-assert-into-check.patch [bz#1630116] - Resolves: bz#1518989 (RFE: QEMU Incremental live backup) - Resolves: bz#1625173 ([NVMe Device Assignment] Guest could not boot up with q35+iommu) - Resolves: bz#1629616 (boot guest with q35+vIOMMU+ device assignment, qemu terminal shows 'qemu-kvm: VFIO_UNMAP_DMA: -22' when return assigned network devices from vfio driver to ixgbe in guest) - Resolves: bz#1630116 (pc_dimm_get_free_addr: assertion failed: (QEMU_ALIGN_UP(address_space_start, align) == address_space_start)) - Resolves: bz#1636185 ([RFE] Report disk device name and serial number (qemu-guest-agent on Linux)) [2.12.0-42.el8] - kvm-luks-Allow-share-rw-on.patch [bz#1629701] - kvm-redhat-reenable-gluster-support.patch [bz#1599340] - kvm-redhat-bump-libusb-requirement.patch [bz#1627970] - Resolves: bz#1599340 (Reenable glusterfs in qemu-kvm once BZ#1567292 gets fixed) - Resolves: bz#1627970 (symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_set_option) - Resolves: bz#1629701 ('share-rw=on' does not work for luks format image - Fast Train) [2.12.0-41.el8] - kvm-block-rbd-pull-out-qemu_rbd_convert_options.patch [bz#1635585] - kvm-block-rbd-Attempt-to-parse-legacy-filenames.patch [bz#1635585] - kvm-block-rbd-add-deprecation-documentation-for-filename.patch [bz#1635585] - kvm-block-rbd-add-iotest-for-rbd-legacy-keyvalue-filenam.patch [bz#1635585] - Resolves: bz#1635585 (rbd json format of 7.6 is incompatible with 7.5) [2.12.0-40.el8] - kvm-vnc-call-sasl_server_init-only-when-required.patch [bz#1609327] - kvm-nbd-server-fix-NBD_CMD_CACHE.patch [bz#1636142] - kvm-nbd-fix-NBD_FLAG_SEND_CACHE-value.patch [bz#1636142] - kvm-test-bdrv-drain-bdrv_drain-works-with-cross-AioConte.patch [bz#1637976] - kvm-block-Use-bdrv_do_drain_begin-end-in-bdrv_drain_all.patch [bz#1637976] - kvm-block-Remove-recursive-parameter-from-bdrv_drain_inv.patch [bz#1637976] - kvm-block-Don-t-manually-poll-in-bdrv_drain_all.patch [bz#1637976] - kvm-tests-test-bdrv-drain-bdrv_drain_all-works-in-corout.patch [bz#1637976] - kvm-block-Avoid-unnecessary-aio_poll-in-AIO_WAIT_WHILE.patch [bz#1637976] - kvm-block-Really-pause-block-jobs-on-drain.patch [bz#1637976] - kvm-block-Remove-bdrv_drain_recurse.patch [bz#1637976] - kvm-test-bdrv-drain-Add-test-for-node-deletion.patch [bz#1637976] - kvm-block-Drain-recursively-with-a-single-BDRV_POLL_WHIL.patch [bz#1637976] - kvm-test-bdrv-drain-Test-node-deletion-in-subtree-recurs.patch [bz#1637976] - kvm-block-Don-t-poll-in-parent-drain-callbacks.patch [bz#1637976] - kvm-test-bdrv-drain-Graph-change-through-parent-callback.patch [bz#1637976] - kvm-block-Defer-.bdrv_drain_begin-callback-to-polling-ph.patch [bz#1637976] - kvm-test-bdrv-drain-Test-that-bdrv_drain_invoke-doesn-t-.patch [bz#1637976] - kvm-block-Allow-AIO_WAIT_WHILE-with-NULL-ctx.patch [bz#1637976] - kvm-block-Move-bdrv_drain_all_begin-out-of-coroutine-con.patch [bz#1637976] - kvm-block-ignore_bds_parents-parameter-for-drain-functio.patch [bz#1637976] - kvm-block-Allow-graph-changes-in-bdrv_drain_all_begin-en.patch [bz#1637976] - kvm-test-bdrv-drain-Test-graph-changes-in-drain_all-sect.patch [bz#1637976] - kvm-block-Poll-after-drain-on-attaching-a-node.patch [bz#1637976] - kvm-test-bdrv-drain-Test-bdrv_append-to-drained-node.patch [bz#1637976] - kvm-block-linux-aio-acquire-AioContext-before-qemu_laio_.patch [bz#1637976] - kvm-util-async-use-qemu_aio_coroutine_enter-in-co_schedu.patch [bz#1637976] - kvm-job-Fix-nested-aio_poll-hanging-in-job_txn_apply.patch [bz#1637976] - kvm-job-Fix-missing-locking-due-to-mismerge.patch [bz#1637976] - kvm-blockjob-Wake-up-BDS-when-job-becomes-idle.patch [bz#1637976] - kvm-aio-wait-Increase-num_waiters-even-in-home-thread.patch [bz#1637976] - kvm-test-bdrv-drain-Drain-with-block-jobs-in-an-I-O-thre.patch [bz#1637976] - kvm-test-blockjob-Acquire-AioContext-around-job_cancel_s.patch [bz#1637976] - kvm-job-Use-AIO_WAIT_WHILE-in-job_finish_sync.patch [bz#1637976] - kvm-test-bdrv-drain-Test-AIO_WAIT_WHILE-in-completion-ca.patch [bz#1637976] - kvm-block-Add-missing-locking-in-bdrv_co_drain_bh_cb.patch [bz#1637976] - kvm-block-backend-Add-.drained_poll-callback.patch [bz#1637976] - kvm-block-backend-Fix-potential-double-blk_delete.patch [bz#1637976] - kvm-block-backend-Decrease-in_flight-only-after-callback.patch [bz#1637976] - kvm-blockjob-Lie-better-in-child_job_drained_poll.patch [bz#1637976] - kvm-block-Remove-aio_poll-in-bdrv_drain_poll-variants.patch [bz#1637976] - kvm-test-bdrv-drain-Test-nested-poll-in-bdrv_drain_poll_.patch [bz#1637976] - kvm-job-Avoid-deadlocks-in-job_completed_txn_abort.patch [bz#1637976] - kvm-test-bdrv-drain-AIO_WAIT_WHILE-in-job-.commit-.abort.patch [bz#1637976] - kvm-test-bdrv-drain-Fix-outdated-comments.patch [bz#1637976] - kvm-block-Use-a-single-global-AioWait.patch [bz#1637976] - kvm-test-bdrv-drain-Test-draining-job-source-child-and-p.patch [bz#1637976] - kvm-qemu-img-Fix-assert-when-mapping-unaligned-raw-file.patch [bz#1639374] - kvm-iotests-Add-test-221-to-catch-qemu-img-map-regressio.patch [bz#1639374] - Resolves: bz#1609327 (qemu-kvm[37046]: Could not find keytab file: /etc/qemu/krb5.tab: Unknown error 49408) - Resolves: bz#1636142 (qemu NBD_CMD_CACHE flaws impacting non-qemu NBD clients) - Resolves: bz#1637976 (Crashes and hangs with iothreads vs. block jobs) - Resolves: bz#1639374 (qemu-img map 'Aborted (core dumped)' when specifying a plain file) [2.12.0-39.el8] - kvm-linux-headers-update.patch [bz#1508142] - kvm-s390x-cpumodel-Set-up-CPU-model-for-AP-device-suppor.patch [bz#1508142] - kvm-s390x-kvm-enable-AP-instruction-interpretation-for-g.patch [bz#1508142] - kvm-s390x-ap-base-Adjunct-Processor-AP-object-model.patch [bz#1508142] - kvm-s390x-vfio-ap-Introduce-VFIO-AP-device.patch [bz#1508142] - kvm-s390-doc-detailed-specifications-for-AP-virtualizati.patch [bz#1508142] - Resolves: bz#1508142 ([IBM 8.0 FEAT] KVM: Guest-dedicated Crypto Adapters - qemu part) [2.12.0-38.el8] - kvm-Revert-hw-acpi-build-build-SRAT-memory-affinity-stru.patch [bz#1609235] - kvm-add-udev-kvm-check.patch [bz#1552663] - kvm-aio-posix-Don-t-count-ctx-notifier-as-progress-when-.patch [bz#1623085] - kvm-aio-Do-aio_notify_accept-only-during-blocking-aio_po.patch [bz#1623085] - kvm-aio-posix-fix-concurrent-access-to-poll_disable_cnt.patch [bz#1632622] - kvm-aio-posix-compute-timeout-before-polling.patch [bz#1632622] - kvm-aio-posix-do-skip-system-call-if-ctx-notifier-pollin.patch [bz#1632622] - kvm-intel-iommu-send-PSI-always-even-if-across-PDEs.patch [bz#1450712] - kvm-intel-iommu-remove-IntelIOMMUNotifierNode.patch [bz#1450712] - kvm-intel-iommu-add-iommu-lock.patch [bz#1450712] - kvm-intel-iommu-only-do-page-walk-for-MAP-notifiers.patch [bz#1450712] - kvm-intel-iommu-introduce-vtd_page_walk_info.patch [bz#1450712] - kvm-intel-iommu-pass-in-address-space-when-page-walk.patch [bz#1450712] - kvm-intel-iommu-trace-domain-id-during-page-walk.patch [bz#1450712] - kvm-util-implement-simple-iova-tree.patch [bz#1450712] - kvm-intel-iommu-rework-the-page-walk-logic.patch [bz#1450712] - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1633928] - Resolves: bz#1450712 (Booting nested guest with vIOMMU, the assigned network devices can not receive packets (qemu)) - Resolves: bz#1552663 (81-kvm-rhel.rules is no longer part of initscripts) - Resolves: bz#1609235 (Win2016 guest can't recognize pc-dimm hotplugged to node 0) - Resolves: bz#1623085 (VM doesn't boot from HD) - Resolves: bz#1632622 (~40% virtio_blk disk performance drop for win2012r2 guest when comparing qemu-kvm-rhev-2.12.0-9 with qemu-kvm-rhev-2.12.0-12) - Resolves: bz#1633928 (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-8.0]) [2.12.0-37.el8] - kvm-block-for-jobs-do-not-clear-user_paused-until-after-.patch [bz#1635583] - kvm-iotests-Add-failure-matching-to-common.qemu.patch [bz#1635583] - kvm-block-iotest-to-catch-abort-on-forced-blockjob-cance.patch [bz#1635583] - Resolves: bz#1635583 (Quitting VM causes qemu core dump once the block mirror job paused for no enough target space) [2.12.0-36.el8] - kvm-check-Only-test-ivshm-when-it-is-compiled-in.patch [bz#1621817] - kvm-Disable-ivshmem.patch [bz#1621817] - kvm-mirror-Fail-gracefully-for-source-target.patch [bz#1637963] - kvm-commit-Add-top-node-base-node-options.patch [bz#1637970] - kvm-qemu-iotests-Test-commit-with-top-node-base-node.patch [bz#1637970] - Resolves: bz#1621817 (Disable IVSHMEM in RHEL 8) - Resolves: bz#1637963 (Segfault on 'blockdev-mirror' with same node as source and target) - Resolves: bz#1637970 (allow using node-names with block-commit) [2.12.0-35.el8] - kvm-redhat-make-the-plugins-executable.patch [bz#1638304] - Resolves: bz#1638304 (the driver packages lack all the library Requires) [2.12.0-34.el8] - kvm-seccomp-allow-sched_setscheduler-with-SCHED_IDLE-pol.patch [bz#1618356] - kvm-seccomp-use-SIGSYS-signal-instead-of-killing-the-thr.patch [bz#1618356] - kvm-seccomp-prefer-SCMP_ACT_KILL_PROCESS-if-available.patch [bz#1618356] - kvm-configure-require-libseccomp-2.2.0.patch [bz#1618356] - kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618356] - kvm-memory-cleanup-side-effects-of-memory_region_init_fo.patch [bz#1600365] - Resolves: bz#1600365 (QEMU core dumped when hotplug memory exceeding host hugepages and with discard-data=yes) - Resolves: bz#1618356 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-8]) [2.12.0-33.el8] - kvm-migration-postcopy-Clear-have_listen_thread.patch [bz#1608765] - kvm-migration-cleanup-in-error-paths-in-loadvm.patch [bz#1608765] - kvm-jobs-change-start-callback-to-run-callback.patch [bz#1632939] - kvm-jobs-canonize-Error-object.patch [bz#1632939] - kvm-jobs-add-exit-shim.patch [bz#1632939] - kvm-block-commit-utilize-job_exit-shim.patch [bz#1632939] - kvm-block-mirror-utilize-job_exit-shim.patch [bz#1632939] - kvm-jobs-utilize-job_exit-shim.patch [bz#1632939] - kvm-block-backup-make-function-variables-consistently-na.patch [bz#1632939] - kvm-jobs-remove-ret-argument-to-job_completed-privatize-.patch [bz#1632939] - kvm-jobs-remove-job_defer_to_main_loop.patch [bz#1632939] - kvm-block-commit-add-block-job-creation-flags.patch [bz#1632939] - kvm-block-mirror-add-block-job-creation-flags.patch [bz#1632939] - kvm-block-stream-add-block-job-creation-flags.patch [bz#1632939] - kvm-block-commit-refactor-commit-to-use-job-callbacks.patch [bz#1632939] - kvm-block-mirror-don-t-install-backing-chain-on-abort.patch [bz#1632939] - kvm-block-mirror-conservative-mirror_exit-refactor.patch [bz#1632939] - kvm-block-stream-refactor-stream-to-use-job-callbacks.patch [bz#1632939] - kvm-tests-blockjob-replace-Blockjob-with-Job.patch [bz#1632939] - kvm-tests-test-blockjob-remove-exit-callback.patch [bz#1632939] - kvm-tests-test-blockjob-txn-move-.exit-to-.clean.patch [bz#1632939] - kvm-jobs-remove-.exit-callback.patch [bz#1632939] - kvm-qapi-block-commit-expose-new-job-properties.patch [bz#1632939] - kvm-qapi-block-mirror-expose-new-job-properties.patch [bz#1632939] - kvm-qapi-block-stream-expose-new-job-properties.patch [bz#1632939] - kvm-block-backup-qapi-documentation-fixup.patch [bz#1632939] - kvm-blockdev-document-transactional-shortcomings.patch [bz#1632939] - Resolves: bz#1608765 (After postcopy migration, do savevm and loadvm, guest hang and call trace) - Resolves: bz#1632939 (qemu blockjobs other than backup do not support job-finalize or job-dismiss) [2.12.0-32.el8] - kvm-Re-enable-disabled-Hyper-V-enlightenments.patch [bz#1625185] - kvm-Fix-annocheck-issues.patch [bz#1624164] - kvm-exec-check-that-alignment-is-a-power-of-two.patch [bz#1630746] - kvm-curl-Make-sslverify-off-disable-host-as-well-as-peer.patch [bz#1575925] - Resolves: bz#1575925 ('SSL: no alternative certificate subject name matches target host name' error even though sslverify = off) - Resolves: bz#1624164 (Review annocheck distro flag failures in qemu-kvm) - Resolves: bz#1625185 (Re-enable disabled Hyper-V enlightenments) - Resolves: bz#1630746 (qemu_ram_mmap: Assertion skip_bytes < pnum' failed.) - Resolves: bz#1591076 (The driver of 'throttle' is not whitelisted) - Resolves: bz#1592817 (Retrying on serial_xmit if the pipe is broken may compromise the Guest) - Resolves: bz#1594135 (system_reset many times linux guests cause qemu process Aborted) - Resolves: bz#1595173 (blockdev-create is blocking) - Resolves: bz#1595180 (Can't set rerror/werror with usb-storage) - Resolves: bz#1595740 (RHEL-Alt-7.6 - qemu has error during migration of larger guests) - Resolves: bz#1599335 (Image creation locking is too tight and is not properly released) - Resolves: bz#1599515 (qemu core-dump with aio_read via hmp (util/qemu-thread-posix.c:64: qemu_mutex_lock_impl: Assertion *pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\' failed)) - Resolves: bz#1707192 (implement missing reset handler for cfi.pflash01 - slow train) - Resolves: bz#1727642 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu()) - Resolves: bz#1732642 (enable the virtio-net frontend to work with the vhost-net backend in SEV guests) - Resolves: bz#1734751 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-8.1.0]) [2.12.0-82.el8] - kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1629906] - kvm-i386-Update-stepping-of-Cascadelake-Server.patch [bz#1629906] - kvm-target-i386-Disable-MPX-support-on-named-CPU-models.patch [bz#1629906] - kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-NEW.patch [bz#1629906] - kvm-i386-Disable-OSPKE-on-CPU-model-definitions-NEW.patch [bz#1629906] - kvm-block-ssh-Convert-from-DPRINTF-macro-to-trace-events.patch [bz#1513367] - kvm-block-ssh-Do-not-report-read-write-flush-errors-to-t.patch [bz#1513367] - kvm-qemu-iotests-Fix-paths-for-NFS.patch [bz#1513367] - kvm-qemu-iotests-Filter-NFS-paths.patch [bz#1513367] - kvm-iotests-Filter-SSH-paths.patch [bz#1513367] - kvm-block-ssh-Implement-.bdrv_refresh_filename.patch [bz#1513367] - kvm-iotests-Use-Python-byte-strings-where-appropriate.patch [bz#1513367] - kvm-iotests-Unify-log-outputs-between-Python-2-and-3.patch [bz#1513367] - kvm-ssh-switch-from-libssh2-to-libssh.patch [bz#1513367] - kvm-redhat-switch-from-libssh2-to-libssh.patch [bz#1513367] - kvm-block-gluster-limit-the-transfer-size-to-512-MiB.patch [bz#1728657] - kvm-s390-cpumodel-fix-description-for-the-new-vector-fac.patch [bz#1729975] - kvm-s390x-cpumodel-remove-esort-from-the-default-model.patch [bz#1729975] - kvm-s390x-cpumodel-also-change-name-of-vxbeh.patch [bz#1729975] - kvm-s390x-cpumodel-change-internal-name-of-vxpdeh-to-mat.patch [bz#1729975] - kvm-target-i386-sev-Do-not-unpin-ram-device-memory-regio.patch [bz#1728958] - kvm-i386-Save-EFER-for-32-bit-targets.patch [bz#1689269] - kvm-target-i386-rename-HF_SVMI_MASK-to-HF_GUEST_MASK.patch [bz#1689269] - kvm-target-i386-kvm-add-VMX-migration-blocker.patch [bz#1689269] - kvm-target-i386-kvm-just-return-after-migrate_add_blocke.patch [bz#1689269] - kvm-target-i386-kvm-Delete-VMX-migration-blocker-on-vCPU.patch [bz#1689269] - kvm-Introduce-kvm_arch_destroy_vcpu.patch [bz#1689269] - kvm-target-i386-kvm-Use-symbolic-constant-for-DB-BP-exce.patch [bz#1689269] - kvm-target-i386-kvm-Re-inject-DB-to-guest-with-updated-D.patch [bz#1689269] - kvm-target-i386-kvm-Block-migration-for-vCPUs-exposed-wi.patch [bz#1689269] - kvm-target-i386-kvm-do-not-initialize-padding-fields.patch [bz#1689269] - kvm-linux-headers-synchronize-generic-and-x86-KVM-header.patch [bz#1689269] - kvm-vmstate-Add-support-for-kernel-integer-types.patch [bz#1689269] - kvm-target-i386-kvm-Add-support-for-save-and-restore-nes.patch [bz#1689269] - kvm-target-i386-kvm-Add-support-for-KVM_CAP_EXCEPTION_PA.patch [bz#1689269] - kvm-target-i386-kvm-Add-nested-migration-blocker-only-wh.patch [bz#1689269] - kvm-target-i386-kvm-Demand-nested-migration-kernel-capab.patch [bz#1689269] - kvm-target-i386-skip-KVM_GET-SET_NESTED_STATE-if-VMX-dis.patch [bz#1689269] - kvm-i386-kvm-Do-not-sync-nested-state-during-runtime.patch [bz#1689269] - Resolves: bz#1513367 (qemu with libssh) - Resolves: bz#1629906 ([Intel 8.1 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model) - Resolves: bz#1689269 (Nested KVM: support for migration of nested hypervisors - Slow Train) - Resolves: bz#1728657 ('qemu-io write' to a raw image over libgfapi fails) - Resolves: bz#1728958 (Hot unplug vfio-pci NIC devices from sev guest will cause qemu-kvm: sev_ram_block_removed: failed to unregister region) - Resolves: bz#1729975 (RHEL 8.1 Pre-Beta - Fix for hardware CPU Model) [2.12.0-81.el8] - kvm-target-i386-add-MDS-NO-feature.patch [bz#1714792] - kvm-virtio-gpu-pass-down-VirtIOGPU-pointer-to-a-bunch-of.patch [bz#1531543] - kvm-virtio-gpu-add-iommu-support.patch [bz#1531543] - kvm-virtio-gpu-fix-unmap-in-error-path.patch [bz#1531543] - Resolves: bz#1531543 ([RFE] add iommu support to virtio-gpu) - Resolves: bz#1714792 ([Intel 8.1 FEAT] MDS_NO exposure to guest) [2.12.0-80.el8] - kvm-qxl-check-release-info-object.patch [bz#1712705] - kvm-iotests-Make-182-do-without-device_add.patch [bz#1707598] - Resolves: bz#1707598 (qemu-iotest 182 fails without device hotplugging support) - Resolves: bz#1712705 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-8]) [15:2.12.0-79] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [2.12.0-78.el8] - kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1721983] - kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1721983] - Resolves: bz#1721983 (qemu-kvm can't be build with new gluster version (6.0.6)) [2.12.0-77.el8] - kvm-i386-Make-arch_capabilities-migratable.patch [bz#1709970] - kvm-spapr-Fix-ibm-max-associativity-domains-property-num.patch [bz#1710662] - kvm-linux-headers-Update-for-NVLink2-passthrough-downstr.patch [bz#1710662] - kvm-pci-Move-NVIDIA-vendor-id-to-the-rest-of-ids.patch [bz#1710662] - kvm-vfio-quirks-Add-common-quirk-alloc-helper.patch [bz#1710662] - kvm-vfio-Make-vfio_get_region_info_cap-public.patch [bz#1710662] - kvm-spapr-Support-NVIDIA-V100-GPU-with-NVLink2.patch [bz#1710662] - kvm-qemu-kvm.spec-bump-libseccomp-2.4.0.patch [bz#1719578] - Resolves: bz#1709970 ([Intel 8.1 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM - qemu-kvm) - Resolves: bz#1710662 ([IBM 8.1 FEAT] POWER9 - Virt: qemu: NVLink2 passthru to guest - Nvidia Volta (GPU) (kvm)) - Resolves: bz#1719578 (VM failed to start with error 'failed to install seccomp syscall filter in the kernel') [2.12.0-76.el8] - kvm-Introduce-new-no_guest_reset-parameter-for-usb-host-.patch [bz#1713677] - kvm-usb-call-reset-handler-before-updating-state.patch [bz#1713677] - kvm-usb-host-skip-reset-for-untouched-devices.patch [bz#1713677] - kvm-usb-host-avoid-libusb_set_configuration-calls.patch [bz#1713677] - kvm-virtio-scsi-Move-BlockBackend-back-to-the-main-AioCo.patch [bz#1673396 bz#1673401] - kvm-scsi-disk-Acquire-the-AioContext-in-scsi_-_realize.patch [bz#1673396 bz#1673401] - kvm-virtio-scsi-Forbid-devices-with-different-iothreads-.patch [bz#1673396 bz#1673401] - kvm-Disable-VXHS-support.patch [bz#1714933] - Resolves: bz#1673396 (qemu-kvm core dumped after hotplug the deleted disk with iothread parameter) - Resolves: bz#1673401 (Qemu core dump when start guest with two disks using same drive) - Resolves: bz#1713677 (Detached device when trying to upgrade USB device firmware when in doing USB Passthrough via QEMU) - Resolves: bz#1714933 (Disable VXHS in qemu-kvm) [2.12.0-75.el8] - kvm-s390x-cpumodel-enum-type-S390FeatGroup-now-gets-gene.patch [bz#1660912] - kvm-linux-headers-update-against-Linux-5.2-rc1.patch [bz#1660912] - kvm-s390x-cpumodel-ignore-csske-for-expansion.patch [bz#1660912] - kvm-s390x-cpumodel-Miscellaneous-Instruction-Extensions-.patch [bz#1660912] - kvm-s390x-cpumodel-msa9-facility.patch [bz#1660912] - kvm-s390x-cpumodel-vector-enhancements.patch [bz#1660912] - kvm-s390x-cpumodel-enhanced-sort-facility.patch [bz#1660912] - kvm-s390x-cpumodel-add-Deflate-conversion-facility.patch [bz#1660912] - kvm-s390x-cpumodel-add-gen15-defintions.patch [bz#1660912] - kvm-s390x-cpumodel-wire-up-8561-and-8562-as-gen15-machin.patch [bz#1660912] - kvm-spice-set-device-address-and-device-display-ID-in-QX.patch [bz#1712946] - kvm-hw-pci-Add-missing-include.patch [bz#1712946] - Resolves: bz#1660912 ([IBM 8.1 FEAT] KVM s390x: Add hardware CPU Model - qemu part) - Resolves: bz#1712946 (qemu-kvm build is broken due to spice_qxl_set_max_monitors being deprecated) [2.12.0-74.el8] - kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1696436] - kvm-memory-Fix-the-memory-region-type-assignment-order.patch [bz#1667249] - kvm-target-i386-sev-Do-not-pin-the-ram-device-memory-reg.patch [bz#1667249] - kvm-block-Fix-invalidate_cache-error-path-for-parent-act.patch [bz#1673010] - kvm-target-i386-define-md-clear-bit.patch [bz#1703302 bz#1703308] - Resolves: bz#1667249 (Fail to launch AMD SEV VM with assigned PCI device) - Resolves: bz#1673010 (Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled) - Resolves: bz#1696436 ([Intel 8.0 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm) - Resolves: bz#1703302 (CVE-2018-12130 virt:rhel/qemu-kvm: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [rhel-8]) - Resolves: bz#1703308 (CVE-2018-12127 virt:rhel/qemu-kvm: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [rhel-8]) [2.12.0-73.el8] - kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-mo.patch [bz#1561761] - kvm-i386-Disable-OSPKE-on-CPU-model-definitions.patch [bz#1561761] - Resolves: bz#1561761 ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model) [2.12.0-72.el8] - kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1707706] - kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1707706] - Resolves: bz#1707706 (/builddir/build/BUILD/qemu-2.12.0/target/i386/kvm.c:2031: kvm_put_msrs: Assertion is_power_of_2(align)' failed) [2.12.0-31.el8] - kvm-i386-Disable-TOPOEXT-by-default-on-cpu-host.patch [bz#1619804] - kvm-redhat-enable-opengl-add-build-and-runtime-deps.patch [bz#1618412] - Resolves: bz#1618412 (Enable opengl (for intel vgpu display)) - Resolves: bz#1619804 (kernel panic in init_amd_cacheinfo) [2.12.0-30.el8] - kvm-redhat-Disable-vhost-crypto.patch [bz#1625668] - Resolves: bz#1625668 (Decide if we should disable 'vhost-crypto' or not) [2.12.0-29.el8] - kvm-target-i386-sev-fix-memory-leaks.patch [bz#1615717] - kvm-i386-Fix-arch_query_cpu_model_expansion-leak.patch [bz#1615717] - kvm-redhat-Update-build-configuration.patch [bz#1573156] - Resolves: bz#1573156 (Update build configure for QEMU 2.12.0) - Resolves: bz#1615717 (Memory leaks) [2.12.0-28.el8] - kvm-e1000e-Do-not-auto-clear-ICR-bits-which-aren-t-set-i.patch [bz#1596024] - kvm-e1000e-Prevent-MSI-MSI-X-storms.patch [bz#1596024] - kvm-Drop-build_configure.sh-and-Makefile.local-files.patch [] - kvm-Fix-subject-line-in-.gitpublish.patch [] - Resolves: bz#1596024 (The network link can't be detected on guest when the guest uses e1000e model type) [2.12.0-27.el8] - kvm-Fix-libusb-1.0.22-deprecated-libusb_set_debug-with-l.patch [bz#1622656] - Resolves: bz#1622656 (qemu-kvm fails to build due to libusb_set_debug being deprecated) [2.12.0-26.el8] - kvm-redhat-remove-extra-in-rhel_rhev_conflicts-macro.patch [bz#1618752] - Resolves: bz#1618752 (qemu-kvm can't be installed in RHEL-8 as it Conflicts with itself.) [2.12.0-25.el8] - kvm-Migration-TLS-Fix-crash-due-to-double-cleanup.patch [bz#1594384] - Resolves: bz#1594384 (2.12 migration fixes) [2.12.0-24.el8] - kvm-Add-qemu-keymap-to-qemu-kvm-common.patch [bz#1593117] - Resolves: bz#1593117 (add qemu-keymap utility) [2.12.0-23.el8] - Fixing an issue with some old command in the spec file [2.12.0-22.el8] - Fix an issue with the build_configure script. - Resolves: bz#1425820 (Improve QEMU packaging layout with modularization of the block layer) [2.12.0-20.el8] - kvm-migration-stop-compressing-page-in-migration-thread.patch [bz#1594384] - kvm-migration-stop-compression-to-allocate-and-free-memo.patch [bz#1594384] - kvm-migration-stop-decompression-to-allocate-and-free-me.patch [bz#1594384] - kvm-migration-detect-compression-and-decompression-error.patch [bz#1594384] - kvm-migration-introduce-control_save_page.patch [bz#1594384] - kvm-migration-move-some-code-to-ram_save_host_page.patch [bz#1594384] - kvm-migration-move-calling-control_save_page-to-the-comm.patch [bz#1594384] - kvm-migration-move-calling-save_zero_page-to-the-common-.patch [bz#1594384] - kvm-migration-introduce-save_normal_page.patch [bz#1594384] - kvm-migration-remove-ram_save_compressed_page.patch [bz#1594384] - kvm-migration-block-dirty-bitmap-fix-memory-leak-in-dirt.patch [bz#1594384] - kvm-migration-fix-saving-normal-page-even-if-it-s-been-c.patch [bz#1594384] - kvm-migration-update-index-field-when-delete-or-qsort-RD.patch [bz#1594384] - kvm-migration-introduce-decompress-error-check.patch [bz#1594384] - kvm-migration-Don-t-activate-block-devices-if-using-S.patch [bz#1594384] - kvm-migration-not-wait-RDMA_CM_EVENT_DISCONNECTED-event-.patch [bz#1594384] - kvm-migration-block-dirty-bitmap-fix-dirty_bitmap_load.patch [bz#1594384] - kvm-s390x-add-RHEL-7.6-machine-type-for-ccw.patch [bz#1595718] - kvm-s390x-cpumodel-default-enable-bpb-and-ppa15-for-z196.patch [bz#1595718] - kvm-linux-headers-asm-s390-kvm.h-header-sync.patch [bz#1612938] - kvm-s390x-kvm-add-etoken-facility.patch [bz#1612938] - Resolves: bz#1594384 (2.12 migration fixes) - Resolves: bz#1595718 (Add ppa15/bpb to the default cpu model for z196 and higher in the 7.6 s390-ccw-virtio machine) - Resolves: bz#1612938 (Add etoken support to qemu-kvm for s390x KVM guests) [2.12.0-18.el8] Mass import from RHEL 7.6 qemu-kvm-rhev, including fixes to the following BZs: - kvm-AArch64-Add-virt-rhel7.6-machine-type.patch [bz#1558723] - kvm-cpus-Fix-event-order-on-resume-of-stopped-guest.patch [bz#1566153] - kvm-qemu-img-Check-post-truncation-size.patch [bz#1523065] - kvm-vga-catch-depth-0.patch [bz#1575541] - kvm-Fix-x-hv-max-vps-compat-value-for-7.4-machine-type.patch [bz#1583959] - kvm-ccid-card-passthru-fix-regression-in-realize.patch [bz#1584984] - kvm-Use-4-MB-vram-for-cirrus.patch [bz#1542080] - kvm-spapr_pci-Remove-unhelpful-pagesize-warning.patch [bz#1505664] - kvm-rpm-Add-nvme-VFIO-driver-to-rw-whitelist.patch [bz#1416180] - kvm-qobject-Use-qobject_to-instead-of-type-cast.patch [bz#1557995] - kvm-qobject-Ensure-base-is-at-offset-0.patch [bz#1557995] - kvm-qobject-use-a-QObjectBase_-struct.patch [bz#1557995] - kvm-qobject-Replace-qobject_incref-QINCREF-qobject_decre.patch [bz#1557995] - kvm-qobject-Modify-qobject_ref-to-return-obj.patch [bz#1557995] - kvm-rbd-Drop-deprecated-drive-parameter-filename.patch [bz#1557995] - kvm-iscsi-Drop-deprecated-drive-parameter-filename.patch [bz#1557995] - kvm-block-Add-block-specific-QDict-header.patch [bz#1557995] - kvm-qobject-Move-block-specific-qdict-code-to-block-qdic.patch [bz#1557995] - kvm-block-Fix-blockdev-for-certain-non-string-scalars.patch [bz#1557995] - kvm-block-Fix-drive-for-certain-non-string-scalars.patch [bz#1557995] - kvm-block-Clean-up-a-misuse-of-qobject_to-in-.bdrv_co_cr.patch [bz#1557995] - kvm-block-Factor-out-qobject_input_visitor_new_flat_conf.patch [bz#1557995] - kvm-block-Make-remaining-uses-of-qobject-input-visitor-m.patch [bz#1557995] - kvm-block-qdict-Simplify-qdict_flatten_qdict.patch [bz#1557995] - kvm-block-qdict-Tweak-qdict_flatten_qdict-qdict_flatten_.patch [bz#1557995] - kvm-block-qdict-Clean-up-qdict_crumple-a-bit.patch [bz#1557995] - kvm-block-qdict-Simplify-qdict_is_list-some.patch [bz#1557995] - kvm-check-block-qdict-Rename-qdict_flatten-s-variables-f.patch [bz#1557995] - kvm-check-block-qdict-Cover-flattening-of-empty-lists-an.patch [bz#1557995] - kvm-block-Fix-blockdev-blockdev-add-for-empty-objects-an.patch [bz#1557995] - kvm-rbd-New-parameter-auth-client-required.patch [bz#1557995] - kvm-rbd-New-parameter-key-secret.patch [bz#1557995] - kvm-block-mirror-honor-ratelimit-again.patch [bz#1572856] - kvm-block-mirror-Make-cancel-always-cancel-pre-READY.patch [bz#1572856] - kvm-iotests-Add-test-for-cancelling-a-mirror-job.patch [bz#1572856] - kvm-iotests-Split-214-off-of-122.patch [bz#1518738] - kvm-block-Add-COR-filter-driver.patch [bz#1518738] - kvm-block-BLK_PERM_WRITE-includes-._UNCHANGED.patch [bz#1518738] - kvm-block-Add-BDRV_REQ_WRITE_UNCHANGED-flag.patch [bz#1518738] - kvm-block-Set-BDRV_REQ_WRITE_UNCHANGED-for-COR-writes.patch [bz#1518738] - kvm-block-quorum-Support-BDRV_REQ_WRITE_UNCHANGED.patch [bz#1518738] - kvm-block-Support-BDRV_REQ_WRITE_UNCHANGED-in-filters.patch [bz#1518738] - kvm-iotests-Clean-up-wrap-image-in-197.patch [bz#1518738] - kvm-iotests-Copy-197-for-COR-filter-driver.patch [bz#1518738] - kvm-iotests-Add-test-for-COR-across-nodes.patch [bz#1518738] - kvm-qemu-io-Use-purely-string-blockdev-options.patch [bz#1576598] - kvm-qemu-img-Use-only-string-options-in-img_open_opts.patch [bz#1576598] - kvm-iotests-Add-test-for-U-force-share-conflicts.patch [bz#1576598] - kvm-qemu-io-Drop-command-functions-return-values.patch [bz#1519617] - kvm-qemu-io-Let-command-functions-return-error-code.patch [bz#1519617] - kvm-qemu-io-Exit-with-error-when-a-command-failed.patch [bz#1519617] - kvm-iotests.py-Add-qemu_io_silent.patch [bz#1519617] - kvm-iotests-Let-216-make-use-of-qemu-io-s-exit-code.patch [bz#1519617] - kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch [bz#1527085] - kvm-iotests-Repairing-error-during-snapshot-deletion.patch [bz#1527085] - kvm-block-Make-bdrv_is_writable-public.patch [bz#1588039] - kvm-qcow2-Do-not-mark-inactive-images-corrupt.patch [bz#1588039] - kvm-iotests-Add-case-for-a-corrupted-inactive-image.patch [bz#1588039] - kvm-main-loop-drop-spin_counter.patch [bz#1168213] - kvm-target-ppc-Factor-out-the-parsing-in-kvmppc_get_cpu_.patch [bz#1560847] - kvm-target-ppc-Don-t-require-private-l1d-cache-on-POWER8.patch [bz#1560847] - kvm-ppc-spapr_caps-Don-t-disable-cap_cfpc-on-POWER8-by-d.patch [bz#1560847] - kvm-qxl-fix-local-renderer-crash.patch [bz#1567733] - kvm-qemu-img-Amendment-support-implies-create_opts.patch [bz#1537956] - kvm-block-Add-Error-parameter-to-bdrv_amend_options.patch [bz#1537956] - kvm-qemu-option-Pull-out-Supported-options-print.patch [bz#1537956] - kvm-qemu-img-Add-print_amend_option_help.patch [bz#1537956] - kvm-qemu-img-Recognize-no-creation-support-in-o-help.patch [bz#1537956] - kvm-iotests-Test-help-option-for-unsupporting-formats.patch [bz#1537956] - kvm-iotests-Rework-113.patch [bz#1537956] - kvm-qemu-img-Resolve-relative-backing-paths-in-rebase.patch [bz#1569835] - kvm-iotests-Add-test-for-rebasing-with-relative-paths.patch [bz#1569835] - kvm-qemu-img-Special-post-backing-convert-handling.patch [bz#1527898] - kvm-iotests-Test-post-backing-convert-target-behavior.patch [bz#1527898] - kvm-migration-calculate-expected_downtime-with-ram_bytes.patch [bz#1564576] - kvm-sheepdog-Fix-sd_co_create_opts-memory-leaks.patch [bz#1513543] - kvm-qemu-iotests-reduce-chance-of-races-in-185.patch [bz#1513543] - kvm-blockjob-do-not-cancel-timer-in-resume.patch [bz#1513543] - kvm-nfs-Fix-error-path-in-nfs_options_qdict_to_qapi.patch [bz#1513543] - kvm-nfs-Remove-processed-options-from-QDict.patch [bz#1513543] - kvm-blockjob-drop-block_job_pause-resume_all.patch [bz#1513543] - kvm-blockjob-expose-error-string-via-query.patch [bz#1513543] - kvm-blockjob-Fix-assertion-in-block_job_finalize.patch [bz#1513543] - kvm-blockjob-Wrappers-for-progress-counter-access.patch [bz#1513543] - kvm-blockjob-Move-RateLimit-to-BlockJob.patch [bz#1513543] - kvm-blockjob-Implement-block_job_set_speed-centrally.patch [bz#1513543] - kvm-blockjob-Introduce-block_job_ratelimit_get_delay.patch [bz#1513543] - kvm-blockjob-Add-block_job_driver.patch [bz#1513543] - kvm-blockjob-Update-block-job-pause-resume-documentation.patch [bz#1513543] - kvm-blockjob-Improve-BlockJobInfo.offset-len-documentati.patch [bz#1513543] - kvm-job-Create-Job-JobDriver-and-job_create.patch [bz#1513543] - kvm-job-Rename-BlockJobType-into-JobType.patch [bz#1513543] - kvm-job-Add-JobDriver.job_type.patch [bz#1513543] - kvm-job-Add-job_delete.patch [bz#1513543] - kvm-job-Maintain-a-list-of-all-jobs.patch [bz#1513543] - kvm-job-Move-state-transitions-to-Job.patch [bz#1513543] - kvm-job-Add-reference-counting.patch [bz#1513543] - kvm-job-Move-cancelled-to-Job.patch [bz#1513543] - kvm-job-Add-Job.aio_context.patch [bz#1513543] - kvm-job-Move-defer_to_main_loop-to-Job.patch [bz#1513543] - kvm-job-Move-coroutine-and-related-code-to-Job.patch [bz#1513543] - kvm-job-Add-job_sleep_ns.patch [bz#1513543] - kvm-job-Move-pause-resume-functions-to-Job.patch [bz#1513543] - kvm-job-Replace-BlockJob.completed-with-job_is_completed.patch [bz#1513543] - kvm-job-Move-BlockJobCreateFlags-to-Job.patch [bz#1513543] - kvm-blockjob-Split-block_job_event_pending.patch [bz#1513543] - kvm-job-Add-job_event_.patch [bz#1513543] - kvm-job-Move-single-job-finalisation-to-Job.patch [bz#1513543] - kvm-job-Convert-block_job_cancel_async-to-Job.patch [bz#1513543] - kvm-job-Add-job_drain.patch [bz#1513543] - kvm-job-Move-.complete-callback-to-Job.patch [bz#1513543] - kvm-job-Move-job_finish_sync-to-Job.patch [bz#1513543] - kvm-job-Switch-transactions-to-JobTxn.patch [bz#1513543] - kvm-job-Move-transactions-to-Job.patch [bz#1513543] - kvm-job-Move-completion-and-cancellation-to-Job.patch [bz#1513543] - kvm-block-Cancel-job-in-bdrv_close_all-callers.patch [bz#1513543] - kvm-job-Add-job_yield.patch [bz#1513543] - kvm-job-Add-job_dismiss.patch [bz#1513543] - kvm-job-Add-job_is_ready.patch [bz#1513543] - kvm-job-Add-job_transition_to_ready.patch [bz#1513543] - kvm-job-Move-progress-fields-to-Job.patch [bz#1513543] - kvm-job-Introduce-qapi-job.json.patch [bz#1513543] - kvm-job-Add-JOB_STATUS_CHANGE-QMP-event.patch [bz#1513543] - kvm-job-Add-lifecycle-QMP-commands.patch [bz#1513543] - kvm-job-Add-query-jobs-QMP-command.patch [bz#1513543] - kvm-blockjob-Remove-BlockJob.driver.patch [bz#1513543] - kvm-iotests-Move-qmp_to_opts-to-VM.patch [bz#1513543] - kvm-qemu-iotests-Test-job-with-block-jobs.patch [bz#1513543] - kvm-vdi-Fix-vdi_co_do_create-return-value.patch [bz#1513543] - kvm-vhdx-Fix-vhdx_co_create-return-value.patch [bz#1513543] - kvm-job-Add-error-message-for-failing-jobs.patch [bz#1513543] - kvm-block-create-Make-x-blockdev-create-a-job.patch [bz#1513543] - kvm-qemu-iotests-Add-VM.get_qmp_events_filtered.patch [bz#1513543] - kvm-qemu-iotests-Add-VM.qmp_log.patch [bz#1513543] - kvm-qemu-iotests-Add-iotests.img_info_log.patch [bz#1513543] - kvm-qemu-iotests-Add-VM.run_job.patch [bz#1513543] - kvm-qemu-iotests-iotests.py-helper-for-non-file-protocol.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-206-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-207-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-210-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-211-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-212-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-213-for-blockdev-create-job.patch [bz#1513543] - kvm-block-create-Mark-blockdev-create-stable.patch [bz#1513543] - kvm-jobs-fix-stale-wording.patch [bz#1513543] - kvm-jobs-fix-verb-references-in-docs.patch [bz#1513543] - kvm-iotests-Fix-219-s-timing.patch [bz#1513543] - kvm-iotests-improve-pause_job.patch [bz#1513543] - kvm-rpm-Whitelist-copy-on-read-block-driver.patch [bz#1518738] - kvm-rpm-add-throttle-driver-to-rw-whitelist.patch [bz#1591076] - kvm-usb-host-skip-open-on-pending-postload-bh.patch [bz#1572851] - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1574216] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1574216] - kvm-block-file-posix-Pass-FD-to-locking-helpers.patch [bz#1519144] - kvm-block-file-posix-File-locking-during-creation.patch [bz#1519144] - kvm-iotests-Add-creation-test-to-153.patch [bz#1519144] - kvm-vhost-user-add-Net-prefix-to-internal-state-structur.patch [bz#1526645] - kvm-virtio-support-setting-memory-region-based-host-noti.patch [bz#1526645] - kvm-vhost-user-support-receiving-file-descriptors-in-sla.patch [bz#1526645] - kvm-osdep-add-wait.h-compat-macros.patch [bz#1526645] - kvm-vhost-user-bridge-support-host-notifier.patch [bz#1526645] - kvm-vhost-allow-backends-to-filter-memory-sections.patch [bz#1526645] - kvm-vhost-user-allow-slave-to-send-fds-via-slave-channel.patch [bz#1526645] - kvm-vhost-user-introduce-shared-vhost-user-state.patch [bz#1526645] - kvm-vhost-user-support-registering-external-host-notifie.patch [bz#1526645] - kvm-libvhost-user-support-host-notifier.patch [bz#1526645] - kvm-block-Introduce-API-for-copy-offloading.patch [bz#1482537] - kvm-raw-Check-byte-range-uniformly.patch [bz#1482537] - kvm-raw-Implement-copy-offloading.patch [bz#1482537] - kvm-qcow2-Implement-copy-offloading.patch [bz#1482537] - kvm-file-posix-Implement-bdrv_co_copy_range.patch [bz#1482537] - kvm-iscsi-Query-and-save-device-designator-when-opening.patch [bz#1482537] - kvm-iscsi-Create-and-use-iscsi_co_wait_for_task.patch [bz#1482537] - kvm-iscsi-Implement-copy-offloading.patch [bz#1482537] - kvm-block-backend-Add-blk_co_copy_range.patch [bz#1482537] - kvm-qemu-img-Convert-with-copy-offloading.patch [bz#1482537] - kvm-qcow2-Fix-src_offset-in-copy-offloading.patch [bz#1482537] - kvm-iscsi-Don-t-blindly-use-designator-length-in-respons.patch [bz#1482537] - kvm-file-posix-Fix-EINTR-handling.patch [bz#1482537] - kvm-usb-storage-Add-rerror-werror-properties.patch [bz#1595180] - kvm-numa-clarify-error-message-when-node-index-is-out-of.patch [bz#1578381] - kvm-qemu-iotests-Update-026.out.nocache-reference-output.patch [bz#1528541] - kvm-qcow2-Free-allocated-clusters-on-write-error.patch [bz#1528541] - kvm-qemu-iotests-Test-qcow2-not-leaking-clusters-on-writ.patch [bz#1528541] - kvm-qemu-options-Add-missing-newline-to-accel-help-text.patch [bz#1586313] - kvm-xhci-fix-guest-triggerable-assert.patch [bz#1594135] - kvm-virtio-gpu-tweak-scanout-disable.patch [bz#1589634] - kvm-virtio-gpu-update-old-resource-too.patch [bz#1589634] - kvm-virtio-gpu-disable-scanout-when-backing-resource-is-.patch [bz#1589634] - kvm-block-Don-t-silently-truncate-node-names.patch [bz#1549654] - kvm-pr-helper-fix-socket-path-default-in-help.patch [bz#1533158] - kvm-pr-helper-fix-assertion-failure-on-failed-multipath-.patch [bz#1533158] - kvm-pr-manager-helper-avoid-SIGSEGV-when-writing-to-the-.patch [bz#1533158] - kvm-pr-manager-put-stubs-in-.c-file.patch [bz#1533158] - kvm-pr-manager-add-query-pr-managers-QMP-command.patch [bz#1533158] - kvm-pr-manager-helper-report-event-on-connection-disconn.patch [bz#1533158] - kvm-pr-helper-avoid-error-on-PR-IN-command-with-zero-req.patch [bz#1533158] - kvm-pr-helper-Rework-socket-path-handling.patch [bz#1533158] - kvm-pr-manager-helper-fix-memory-leak-on-event.patch [bz#1533158] - kvm-object-fix-OBJ_PROP_LINK_UNREF_ON_RELEASE-ambivalenc.patch [bz#1556678] - kvm-usb-hcd-xhci-test-add-a-test-for-ccid-hotplug.patch [bz#1556678] - kvm-Revert-usb-release-the-created-buses.patch [bz#1556678] - kvm-file-posix-Fix-creation-locking.patch [bz#1599335] - kvm-file-posix-Unlock-FD-after-creation.patch [bz#1599335] - kvm-ahci-trim-signatures-on-raise-lower.patch [bz#1584914] - kvm-ahci-fix-PxCI-register-race.patch [bz#1584914] - kvm-ahci-don-t-schedule-unnecessary-BH.patch [bz#1584914] - kvm-qcow2-Fix-qcow2_truncate-error-return-value.patch [bz#1595173] - kvm-block-Convert-.bdrv_truncate-callback-to-coroutine_f.patch [bz#1595173] - kvm-qcow2-Remove-coroutine-trampoline-for-preallocate_co.patch [bz#1595173] - kvm-block-Move-bdrv_truncate-implementation-to-io.c.patch [bz#1595173] - kvm-block-Use-tracked-request-for-truncate.patch [bz#1595173] - kvm-file-posix-Make-.bdrv_co_truncate-asynchronous.patch [bz#1595173] - kvm-block-Fix-copy-on-read-crash-with-partial-final-clus.patch [bz#1590640] - kvm-block-fix-QEMU-crash-with-scsi-hd-and-drive_del.patch [bz#1599515] - kvm-virtio-rng-process-pending-requests-on-DRIVER_OK.patch [bz#1576743] - kvm-file-posix-specify-expected-filetypes.patch [bz#1525829] - kvm-iotests-add-test-226-for-file-driver-types.patch [bz#1525829] - kvm-block-dirty-bitmap-add-lock-to-bdrv_enable-disable_d.patch [bz#1207657] - kvm-qapi-add-x-block-dirty-bitmap-enable-disable.patch [bz#1207657] - kvm-qmp-transaction-support-for-x-block-dirty-bitmap-ena.patch [bz#1207657] - kvm-qapi-add-x-block-dirty-bitmap-merge.patch [bz#1207657] - kvm-qapi-add-disabled-parameter-to-block-dirty-bitmap-ad.patch [bz#1207657] - kvm-block-dirty-bitmap-add-bdrv_enable_dirty_bitmap_lock.patch [bz#1207657] - kvm-dirty-bitmap-fix-double-lock-on-bitmap-enabling.patch [bz#1207657] - kvm-block-qcow2-bitmap-fix-free_bitmap_clusters.patch [bz#1207657] - kvm-qcow2-add-overlap-check-for-bitmap-directory.patch [bz#1207657] - kvm-blockdev-enable-non-root-nodes-for-backup-source.patch [bz#1207657] - kvm-iotests-add-222-to-test-basic-fleecing.patch [bz#1207657] - kvm-qcow2-Remove-dead-check-on-ret.patch [bz#1207657] - kvm-block-Move-request-tracking-to-children-in-copy-offl.patch [bz#1207657] - kvm-block-Fix-parameter-checking-in-bdrv_co_copy_range_i.patch [bz#1207657] - kvm-block-Honour-BDRV_REQ_NO_SERIALISING-in-copy-range.patch [bz#1207657] - kvm-backup-Use-copy-offloading.patch [bz#1207657] - kvm-block-backup-disable-copy-offloading-for-backup.patch [bz#1207657] - kvm-iotests-222-Don-t-run-with-luks.patch [bz#1207657] - kvm-block-io-fix-copy_range.patch [bz#1207657] - kvm-block-split-flags-in-copy_range.patch [bz#1207657] - kvm-block-add-BDRV_REQ_SERIALISING-flag.patch [bz#1207657] - kvm-block-backup-fix-fleecing-scheme-use-serialized-writ.patch [bz#1207657] - kvm-nbd-server-Reject-0-length-block-status-request.patch [bz#1207657] - kvm-nbd-server-fix-trace.patch [bz#1207657] - kvm-nbd-server-refactor-NBDExportMetaContexts.patch [bz#1207657] - kvm-nbd-server-add-nbd_meta_empty_or_pattern-helper.patch [bz#1207657] - kvm-nbd-server-implement-dirty-bitmap-export.patch [bz#1207657] - kvm-qapi-new-qmp-command-nbd-server-add-bitmap.patch [bz#1207657] - kvm-docs-interop-add-nbd.txt.patch [bz#1207657] - kvm-nbd-server-introduce-NBD_CMD_CACHE.patch [bz#1207657] - kvm-nbd-server-Silence-gcc-false-positive.patch [bz#1207657] - kvm-nbd-server-Fix-dirty-bitmap-logic-regression.patch [bz#1207657] - kvm-nbd-server-fix-nbd_co_send_block_status.patch [bz#1207657] - kvm-nbd-client-Add-x-dirty-bitmap-to-query-bitmap-from-s.patch [bz#1207657] - kvm-iotests-New-test-223-for-exporting-dirty-bitmap-over.patch [bz#1207657] - kvm-hw-char-serial-Only-retry-if-qemu_chr_fe_write-retur.patch [bz#1592817] - kvm-hw-char-serial-retry-write-if-EAGAIN.patch [bz#1592817] - kvm-throttle-groups-fix-hang-when-group-member-leaves.patch [bz#1535914] - kvm-Disable-aarch64-devices-reappeared-after-2.12-rebase.patch [bz#1586357] - kvm-Disable-split-irq-device.patch [bz#1586357] - kvm-Disable-AT24Cx-i2c-eeprom.patch [bz#1586357] - kvm-Disable-CAN-bus-devices.patch [bz#1586357] - kvm-Disable-new-superio-devices.patch [bz#1586357] - kvm-Disable-new-pvrdma-device.patch [bz#1586357] - kvm-qdev-add-HotplugHandler-post_plug-callback.patch [bz#1607891] - kvm-virtio-scsi-fix-hotplug-reset-vs-event-race.patch [bz#1607891] - kvm-e1000-Fix-tso_props-compat-for-82540em.patch [bz#1608778] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586255] - kvm-s390x-sclp-fix-maxram-calculation.patch [bz#1595740] - kvm-redhat-Make-gitpublish-profile-the-default-one.patch [bz#1425820] - Resolves: bz#1168213 (main-loop: WARNING: I/O thread spun for 1000 iterations while doing stream block device.) - Resolves: bz#1207657 (RFE: QEMU Incremental live backup - push and pull modes) - Resolves: bz#1416180 (QEMU VFIO based block driver for NVMe devices) - Resolves: bz#1425820 (Improve QEMU packaging layout with modularization of the block layer) - Resolves: bz#1482537 ([RFE] qemu-img copy-offloading (convert command)) - Resolves: bz#1505664 ('qemu-kvm: System page size 0x1000000 is not enabled in page_size_mask (0x11000). Performance may be slow' show up while using hugepage as guest's memory) - Resolves: bz#1513543 ([RFE] Add block job to create format on a storage device) - Resolves: bz#1518738 (Add 'copy-on-read' filter driver for use with blockdev-add) - Resolves: bz#1519144 (qemu-img: image locking doesn't cover image creation) - Resolves: bz#1519617 (The exit code should be non-zero when qemu-io reports an error) - Resolves: bz#1523065 ('qemu-img resize' should fail to decrease the size of logical partition/lvm/iSCSI image with raw format) - Resolves: bz#1525829 (can not boot up a scsi-block passthrough disk via -blockdev with error 'cannot get SG_IO version number: Operation not supported. Is this a SCSI device?') - Resolves: bz#1526645 ([Intel 7.6 FEAT] vHost Data Plane Acceleration (vDPA) - vhost user client - qemu-kvm-rhev) - Resolves: bz#1527085 (The copied flag should be updated during '-r leaks') - Resolves: bz#1527898 ([RFE] qemu-img should leave cluster unallocated if it's read as zero throughout the backing chain) - Resolves: bz#1528541 (qemu-img check reports tons of leaked clusters after re-start nfs service to resume writing data in guest) - Resolves: bz#1533158 (QEMU support for libvirtd restarting qemu-pr-helper) - Resolves: bz#1535914 (Disable io throttling for one member disk of a group during io will induce the other one hang with io) - Resolves: bz#1537956 (RFE: qemu-img amend should list the true supported options) - Resolves: bz#1542080 (Qemu core dump at cirrus_invalidate_region) - Resolves: bz#1549654 (Reject node-names which would be truncated by the block layer commands) - Resolves: bz#1556678 (Hot plug usb-ccid for the 2nd time with the same ID as the 1st time failed) - Resolves: bz#1557995 (QAPI schema for RBD storage misses the 'password-secret' option) - Resolves: bz#1558723 (Create RHEL-7.6 QEMU machine type for AArch64) - Resolves: bz#1560847 ([Power8][FW b0320a_1812.861][rhel7.5rc2 3.10.0-861.el7.ppc64le][qemu-kvm-{ma,rhev}-2.10.0-21.el7_5.1.ppc64le] KVM guest does not default to ori type flush even with pseries-rhel7.5.0-sxxm) - Resolves: bz#1564576 (Pegas 1.1 - Require to backport qemu-kvm patch that fixes expected_downtime calculation during migration) - Resolves: bz#1566153 (IOERROR pause code lost after resuming a VM while I/O error is still present) - Resolves: bz#1567733 (qemu abort when migrate during guest reboot) - Resolves: bz#1569835 (qemu-img get wrong backing file path after rebasing image with relative path) - Resolves: bz#1572851 (Core dumped after migration when with usb-host) - Resolves: bz#1572856 ('block-job-cancel' can not cancel a 'drive-mirror' job) - Resolves: bz#1574216 (CVE-2018-3639 qemu-kvm-rhev: hw: cpu: speculative store bypass [rhel-7.6]) - Resolves: bz#1575541 (qemu core dump while installing win10 guest) - Resolves: bz#1576598 (Segfault in qemu-io and qemu-img with -U --image-opts force-share=off) - Resolves: bz#1576743 (virtio-rng hangs when running on recent (2.x) QEMU versions) - Resolves: bz#1578381 (Error message need update when specify numa distance with node index >=128) - Resolves: bz#1583959 (Incorrect vcpu count limit for 7.4 machine types for windows guests) - Resolves: bz#1584914 (SATA emulator lags and hangs) - Resolves: bz#1584984 (Vm starts failed with 'passthrough' smartcard) - Resolves: bz#1586255 (CVE-2018-11806 qemu-kvm-rhev: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6]) - Resolves: bz#1586313 (-smp option is not easily found in the output of qemu help) - Resolves: bz#1586357 (Disable new devices in 2.12) - Resolves: bz#1588039 (Possible assertion failure in qemu when a corrupted image is used during an incoming migration) - Resolves: bz#1589634 (Migration failed when rebooting guest with multiple virtio videos) - Resolves: bz#1590640 (qemu-kvm: block/io.c:1098: bdrv_co_do_copy_on_readv: Assertion mutex->initialized' failed)) - Resolves: bz#1607891 (Hotplug events are sometimes lost with virtio-scsi + iothread) - Resolves: bz#1608778 (qemu/migration: migrate failed from RHEL.7.6 to RHEL.7.5 with e1000-82540em) [2.12.0-17.el8] - kvm-linux-headers-Update-to-include-KVM_CAP_S390_HPAGE_1.patch [bz#1610906] - kvm-s390x-Enable-KVM-huge-page-backing-support.patch [bz#1610906] - kvm-redhat-s390x-add-hpage-1-to-kvm.conf.patch [bz#1610906] - Resolves: bz#1610906 ([IBM 8.0 FEAT] KVM: Huge Pages - libhugetlbfs Enablement - qemu-kvm part) [2.12.0-16.el8] - kvm-spapr-Correct-inverted-test-in-spapr_pc_dimm_node.patch [bz#1601671] - kvm-osdep-powerpc64-align-memory-to-allow-2MB-radix-THP-.patch [bz#1601317] - kvm-RHEL-8.0-Add-pseries-rhel7.6.0-sxxm-machine-type.patch [bz#1595501] - kvm-i386-Helpers-to-encode-cache-information-consistentl.patch [bz#1597739] - kvm-i386-Add-cache-information-in-X86CPUDefinition.patch [bz#1597739] - kvm-i386-Initialize-cache-information-for-EPYC-family-pr.patch [bz#1597739] - kvm-i386-Add-new-property-to-control-cache-info.patch [bz#1597739] - kvm-i386-Clean-up-cache-CPUID-code.patch [bz#1597739] - kvm-i386-Populate-AMD-Processor-Cache-Information-for-cp.patch [bz#1597739] - kvm-i386-Add-support-for-CPUID_8000_001E-for-AMD.patch [bz#1597739] - kvm-i386-Fix-up-the-Node-id-for-CPUID_8000_001E.patch [bz#1597739] - kvm-i386-Enable-TOPOEXT-feature-on-AMD-EPYC-CPU.patch [bz#1597739] - kvm-i386-Remove-generic-SMT-thread-check.patch [bz#1597739] - kvm-i386-Allow-TOPOEXT-to-be-enabled-on-older-kernels.patch [bz#1597739] - Resolves: bz#1595501 (Create pseries-rhel7.6.0-sxxm machine type) - Resolves: bz#1597739 (AMD EPYC/Zen SMT support for KVM / QEMU guest (qemu-kvm)) - Resolves: bz#1601317 (RHEL8.0 - qemu patch to align memory to allow 2MB THP) - Resolves: bz#1601671 (After rebooting guest,all the hot plug memory will be assigned to the 1st numa node.) [2.12.0-15.el8] - kvm-spapr-Add-ibm-max-associativity-domains-property.patch [bz#1599593] - kvm-Revert-spapr-Don-t-allow-memory-hotplug-to-memory-le.patch [bz#1599593] - kvm-simpletrace-Convert-name-from-mapping-record-to-str.patch [bz#1594969] - kvm-tests-fix-TLS-handshake-failure-with-TLS-1.3.patch [bz#1602403] - Resolves: bz#1594969 (simpletrace.py fails when running with Python 3) - Resolves: bz#1599593 (User can't hotplug memory to less memory numa node on rhel8) - Resolves: bz#1602403 (test-crypto-tlssession unit test fails with assertions) [2.12.0-14.el8] - kvm-vfio-pci-Default-display-option-to-off.patch [bz#1590511] - kvm-python-futurize-f-libfuturize.fixes.fix_print_with_i.patch [bz#1571533] - kvm-python-futurize-f-lib2to3.fixes.fix_except.patch [bz#1571533] - kvm-Revert-Defining-a-shebang-for-python-scripts.patch [bz#1571533] - kvm-spec-Fix-ambiguous-python-interpreter-name.patch [bz#1571533] - kvm-qemu-ga-blacklisting-guest-exec-and-guest-exec-statu.patch [bz#1518132] - kvm-redhat-rewrap-build_configure.sh-cmdline-for-the-rh-.patch - kvm-redhat-remove-the-VTD-LIVE_BLOCK_OPS-and-RHV-options.patch - kvm-redhat-fix-the-rh-env-prep-target-s-dependency-on-th.patch - kvm-redhat-remove-dead-code-related-to-s390-not-s390x.patch - kvm-redhat-sync-compiler-flags-from-the-spec-file-to-rh-.patch - kvm-redhat-sync-guest-agent-enablement-and-tcmalloc-usag.patch - kvm-redhat-fix-up-Python-3-dependency-for-building-QEMU.patch - kvm-redhat-fix-up-Python-dependency-for-SRPM-generation.patch - kvm-redhat-disable-glusterfs-dependency-support-temporar.patch - Resolves: bz#1518132 (Ensure file access RPCs are disabled by default) - Resolves: bz#1571533 (Convert qemu-kvm python scripts to python3) - Resolves: bz#1590511 (Fails to start guest with Intel vGPU device) [2.12.0-13.el8] - Resolves: bz#1508137 ([IBM 8.0 FEAT] KVM: Interactive Bootloader (qemu)) - Resolves: bz#1513558 (Remove RHEL6 machine types) - Resolves: bz#1568600 (pc-i440fx-rhel7.6.0 and pc-q35-rhel7.6.0 machine types (x86)) - Resolves: bz#1570029 ([IBM 8.0 FEAT] KVM: 3270 Connectivity - qemu part) - Resolves: bz#1578855 (Enable Native Ceph support on non x86_64 CPUs) - Resolves: bz#1585651 (RHEL 7.6 new pseries machine type (ppc64le)) - Resolves: bz#1592337 ([IBM 8.0 FEAT] KVM: CPU Model z14 ZR1 (qemu-kvm)) [2.12.0-11.el8.1] - Resolves: bz#1576468 (Enable vhost_user in qemu-kvm 2.12) [2.12.0-11.el8] - Resolves: bz#1574406 ([RHEL 8][qemu-kvm] Failed to find romfile 'efi-virtio.rom') - Resolves: bz#1569675 (Backwards compatibility of pc-*-rhel7.5.0 and older machine-types) - Resolves: bz#1576045 (Fix build issue by using python3) - Resolves: bz#1571145 (qemu-kvm segfaults on RHEL 8 when run guestfsd under TCG) [2.12.0-10.el] - Fixing some issues with packaging. - Rebasing to 2.12.0-rc4 [2.11.0-7.el8] - Bumping epoch for RHEL8 and dropping self-obsoleting [2.11.0-6.el8] - Rebuilding [2.11.0-5.el8] - Prepare building on RHEL-8.0 sgabios MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11135 Oracle Linux 6 [1.7.1-10] - fixes arbitrary code execution via .gitmodules Resolves: CVE-2018-17456 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-17456 Oracle Linux 8 go-toolset [1.12.12-1] - Update for golang package fixes [1.12.12-1] - Bump version to 1.12.12 golang [1.12.12-4.0.1] - from upstream https://github.com/golang/go/issues/2775 - move arbitrary value 10% to 15% for GC tests, hits 10.48% on our - infrastructure - Resolves failing post build tests [Orabug: 30241946] [1.12.12-4] - Fix boring/aes_test.go tags [1.12.12-3] - Fix tarball [1.12.12-2] - Fix stub boring.(Sign/Verify)RSAPKCS1v15 functions [1.12.12-1] - Rebase to 1.12.12 - Revert to Sign/Verify operations not expected unhashed inputs - Remove previously added verbose output - Better expose openssl errors [1.12.8-4] - Reduce number of threads when testing on i686 [1.12.8-3] - Relax FIPS requirements to unblock OpenShift testing MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16276 CVE-2019-17596 Oracle Linux 8 [2.02-78.0.3.el8_1.1] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Copy symvers.gz to /boot during kernel install [Orabug: 29773086] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.02-78.el8_1.1] - grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede) Resolves: CVE-2019-14865 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14865 Oracle Linux 8 [4.18.0-147.5.1_1.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-147.5.1_1] - [powerpc] powerpc/shared: Use static key to detect shared processor (Phil Auld) [1781114 1767529] - [powerpc] powerpc/vcpu: Assume dedicated processors as non-preempt (Phil Auld) [1781114 1767529] [4.18.0-147.4.1_1] - [block] blk-mq: apply normal plugging for HDD (Ming Lei) [1782181 1759380] - [block] blk-mq: honor IO scheduler for multiqueue devices (Ming Lei) [1782181 1759380] - [block] blk-mq: simplify blk_mq_make_request() (Ming Lei) [1782181 1759380] - [block] blk-mq: remove blk_mq_put_ctx() (Ming Lei) [1782181 1759380] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1778693 1765979] - [fs] cifs: avoid using MID 0xFFFF (Leif Sahlberg) [1778693 1765979] - [fs] cifs: Fix retry mid list corruption on reconnects (Leif Sahlberg) [1778693 1765979] - [fs] smb3: fix unmount hang in open_shroot (Leif Sahlberg) [1781113 1757670] - [fs] CIFS: fix deadlock in cached root handling (Leif Sahlberg) [1781113 1757670] - [fs] Fix match_server check to allow for auto dialect negotiate (Leif Sahlberg) [1781113 1757670] - [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1781113 1757670] - [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1781113 1757670] - [fs] cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (Leif Sahlberg) [1781113 1757670] - [fs] smb3: fix signing verification of large reads (Dave Wysochanski) [1781110 1753114] - [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1781108 1733217] - [fs] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Bill O'Donnell) [1778692 1739607] - [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778633 1778634] {CVE-2019-17133} - [block] blkcg: perpcu_ref init/exit should be done from blkg_alloc/free() (Ming Lei) [1777766 1741392] - [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx (Alex Gladkov) [1777389 1749763] {CVE-2019-14898} - [netdrv] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Jarod Wilson) [1776618 1775484] {CVE-2019-14814 CVE-2019-14815 CVE-2019-14816} - [netdrv] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Jarod Wilson) [1776209 1776210] {CVE-2019-14895} - [netdrv] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Jarod Wilson) [1776161 1776162] {CVE-2019-14901} - [netdrv] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775222 1775223] {CVE-2019-17666} - [pci] hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed Gamal) [1764635 1737569] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14814 CVE-2019-14816 CVE-2019-14898 CVE-2019-14895 CVE-2019-17666 CVE-2019-19338 CVE-2019-14901 CVE-2019-14815 Oracle Linux 8 buildah [1.11.6-4.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-4] - compile in FIPS mode - Related: RHELPLAN-25138 [1.11.6-3] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.11.6-2] - fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints() - bug reference 1772179 - Related: RHELPLAN-25138 [1.11.6-1] - update to buildah 1.11.6 - Related: RHELPLAN-25138 [1.11.5-1] - update to buildah 1.11.5 - Related: RHELPLAN-25138 [1.11.4-2] - fix %gobuild macro to not to ignore BUILDTAGS [1.11.4-1] - update to 1.11.4 [1.9.0-5] - Use autosetup macro again. [1.9.0-4] - Fix CVE-2019-10214 (#1734653). [1.9.0-3] - Resolves: #1721247 - enable fips mode [1.9.0-2] - Resolves: #1720654 - tests subpackage depends on golang explicitly [1.9.0-1] - Resolves: #1720654 - rebase to v1.9.0 [1.8.3-1] - Resolves: #1720654 - rebase to v1.8.3 [1.8-0.git021d607] - package system tests [1.5-3.gite94b4f9] - re-enable debuginfo [1.5-2.gite94b4f9] - go toolset not in scl anymore [1.5-1.gite94b4f9] - rebase [1.4-3.git608fa84] - fedora-like go compiler macro in buildrequires is enough [1.4-2.git608fa84] - rebase [1.3-3.git4888163] - Resolves: #1615611 - rebuild with gobuild tag 'no_openssl' [1.3-2.git4888163] - Resolves: #1614009 - built with updated scl-ized go-toolset dep - build with %gobuild [1.3-1] - Bump to v1.3 - Vendor in lates containers/image - build-using-dockerfile: let -t include transports again - Block use of /proc/acpi and /proc/keys from inside containers - Fix handling of --registries-conf - Fix becoming a maintainer link - add optional CI test fo darwin - Don't pass a nil error to errors.Wrapf() - image filter test: use kubernetes/pause as a 'since' - Add --cidfile option to from - vendor: update containers/storage - Contributors need to find the CONTRIBUTOR.md file easier - Add a --loglevel option to build-with-dockerfile - Create Development plan - cmd: Code improvement - allow buildah cross compile for a darwin target - Add unused function param lint check - docs: Follow man-pages(7) suggestions for SYNOPSIS - Start using github.com/seccomp/containers-golang - umount: add all option to umount all mounted containers - runConfigureNetwork(): remove an unused parameter - Update github.com/opencontainers/selinux - Fix buildah bud --layers - Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 - main: if unprivileged, reexec in a user namespace - Vendor in latest imagebuilder - Reduce the complexity of the buildah.Run function - mount: output it before replacing lastError - Vendor in latest selinux-go code - Implement basic recognition of the '--isolation' option - Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin - Run(): don't include any default environment variables - build without seccomp - vendor in latest runtime-tools - bind/mount_unsupported.go: remove import errors - Update github.com/opencontainers/runc - Add Capabilities lists to BuilderInfo - Tweaks for commit tests - commit: recognize committing to second storage locations - Fix ARGS parsing for run commands - Add info on registries.conf to from manpage - Switch from using docker to podman for testing in .papr - buildah: set the HTTP User-Agent - ONBUILD tutorial - Add information about the configuration files to the install docs - Makefile: add uninstall - Add tilde info for push to troubleshooting - mount: support multiple inputs - Use the right formatting when adding entries to /etc/hosts - Vendor in latest go-selinux bindings - Allow --userns-uid-map/--userns-gid-map to be global options - bind: factor out UnmountMountpoints - Run(): simplify runCopyStdio() - Run(): handle POLLNVAL results - Run(): tweak terminal mode handling - Run(): rename 'copyStdio' to 'copyPipes' - Run(): don't set a Pdeathsig for the runtime - Run(): add options for adding and removing capabilities - Run(): don't use a callback when a slice will do - setupSeccomp(): refactor - Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers - Escape use of '_' in .md docs - Break out getProcIDMappings() - Break out SetupIntermediateMountNamespace() - Add Multi From Demo - Use the c/image conversion code instead of converting configs manually - Don't throw away the manifest MIME type and guess again - Consolidate loading manifest and config in initConfig - Pass a types.Image to Builder.initConfig - Require an image ID in importBuilderDataFromImage - Use c/image/manifest.GuessMIMEType instead of a custom heuristic - Do not ignore any parsing errors in initConfig - Explicitly handle 'from scratch' images in Builder.initConfig - Fix parsing of OCI images - Simplify dead but dangerous-looking error handling - Don't ignore v2s1 history if docker_version is not set - Add --rm and --force-rm to buildah bud - Add --all,-a flag to buildah images - Separate stdio buffering from writing - Remove tty check from images --format - Add environment variable BUILDAH_RUNTIME - Add --layers and --no-cache to buildah bud - Touch up images man - version.md: fix DESCRIPTION - tests: add containers test - tests: add images test - images: fix usage - fix make clean error - Change 'registries' to 'container registries' in man - add commit test - Add(): learn to record hashes of what we add - Minor update to buildah config documentation for entrypoint - Bump to v1.2-dev - Add registries.conf link to a few man pages [1.2-3] - do not depend on btrfs-progs for rhel8 [1.2-2] - buildah does not require ostree [1.2-1] - Vendor in latest containers/image - build-using-dockerfile: let -t include transports again - Block use of /proc/acpi and /proc/keys from inside containers - Fix handling of --registries-conf - Fix becoming a maintainer link - add optional CI test fo darwin - Don't pass a nil error to errors.Wrapf() - image filter test: use kubernetes/pause as a 'since' - Add --cidfile option to from - vendor: update containers/storage - Contributors need to find the CONTRIBUTOR.md file easier - Add a --loglevel option to build-with-dockerfile - Create Development plan - cmd: Code improvement - allow buildah cross compile for a darwin target - Add unused function param lint check - docs: Follow man-pages(7) suggestions for SYNOPSIS - Start using github.com/seccomp/containers-golang - umount: add all option to umount all mounted containers - runConfigureNetwork(): remove an unused parameter - Update github.com/opencontainers/selinux - Fix buildah bud --layers - Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 - main: if unprivileged, reexec in a user namespace - Vendor in latest imagebuilder - Reduce the complexity of the buildah.Run function - mount: output it before replacing lastError - Vendor in latest selinux-go code - Implement basic recognition of the '--isolation' option - Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin - Run(): don't include any default environment variables - build without seccomp - vendor in latest runtime-tools - bind/mount_unsupported.go: remove import errors - Update github.com/opencontainers/runc - Add Capabilities lists to BuilderInfo - Tweaks for commit tests - commit: recognize committing to second storage locations - Fix ARGS parsing for run commands - Add info on registries.conf to from manpage - Switch from using docker to podman for testing in .papr - buildah: set the HTTP User-Agent - ONBUILD tutorial - Add information about the configuration files to the install docs - Makefile: add uninstall - Add tilde info for push to troubleshooting - mount: support multiple inputs - Use the right formatting when adding entries to /etc/hosts - Vendor in latest go-selinux bindings - Allow --userns-uid-map/--userns-gid-map to be global options - bind: factor out UnmountMountpoints - Run(): simplify runCopyStdio() - Run(): handle POLLNVAL results - Run(): tweak terminal mode handling - Run(): rename 'copyStdio' to 'copyPipes' - Run(): don't set a Pdeathsig for the runtime - Run(): add options for adding and removing capabilities - Run(): don't use a callback when a slice will do - setupSeccomp(): refactor - Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers - Escape use of '_' in .md docs - Break out getProcIDMappings() - Break out SetupIntermediateMountNamespace() - Add Multi From Demo - Use the c/image conversion code instead of converting configs manually - Don't throw away the manifest MIME type and guess again - Consolidate loading manifest and config in initConfig - Pass a types.Image to Builder.initConfig - Require an image ID in importBuilderDataFromImage - Use c/image/manifest.GuessMIMEType instead of a custom heuristic - Do not ignore any parsing errors in initConfig - Explicitly handle 'from scratch' images in Builder.initConfig - Fix parsing of OCI images - Simplify dead but dangerous-looking error handling - Don't ignore v2s1 history if docker_version is not set - Add --rm and --force-rm to buildah bud - Add --all,-a flag to buildah images - Separate stdio buffering from writing - Remove tty check from images --format - Add environment variable BUILDAH_RUNTIME - Add --layers and --no-cache to buildah bud - Touch up images man - version.md: fix DESCRIPTION - tests: add containers test - tests: add images test - images: fix usage - fix make clean error - Change 'registries' to 'container registries' in man - add commit test - Add(): learn to record hashes of what we add - Minor update to buildah config documentation for entrypoint - Add registries.conf link to a few man pages [1.1-1] - Drop capabilities if running container processes as non root - Print Warning message if cmd will not be used based on entrypoint - Update 01-intro.md - Shouldn't add insecure registries to list of search registries - Report errors on bad transports specification when pushing images - Move parsing code out of common for namespaces and into pkg/parse.go - Add disable-content-trust noop flag to bud - Change freenode chan to buildah - runCopyStdio(): don't close stdin unless we saw POLLHUP - Add registry errors for pull - runCollectOutput(): just read until the pipes are closed on us - Run(): provide redirection for stdio - rmi, rm: add test - add mount test - Add parameter judgment for commands that do not require parameters - Add context dir to bud command in baseline test - run.bats: check that we can run with symlinks in the bundle path - Give better messages to users when image can not be found - use absolute path for bundlePath - Add environment variable to buildah --format - rm: add validation to args and all option - Accept json array input for config entrypoint - Run(): process RunOptions.Mounts, and its flags - Run(): only collect error output from stdio pipes if we created some - Add OnBuild support for Dockerfiles - Quick fix on demo readme - run: fix validate flags - buildah bud should require a context directory or URL - Touchup tutorial for run changes - Validate common bud and from flags - images: Error if the specified imagename does not exist - inspect: Increase err judgments to avoid panic - add test to inspect - buildah bud picks up ENV from base image - Extend the amount of time travis_wait should wait - Add a make target for Installing CNI plugins - Add tests for namespace control flags - copy.bats: check ownerships in the container - Fix SELinux test errors when SELinux is enabled - Add example CNI configurations - Run: set supplemental group IDs - Run: use a temporary mount namespace - Use CNI to configure container networks - add/secrets/commit: Use mappings when setting permissions on added content - Add CLI options for specifying namespace and cgroup setup - Always set mappings when using user namespaces - Run(): break out creation of stdio pipe descriptors - Read UID/GID mapping information from containers and images - Additional bud CI tests - Run integration tests under travis_wait in Travis - build-using-dockerfile: add --annotation - Implement --squash for build-using-dockerfile and commit - Vendor in latest container/storage for devicemapper support - add test to inspect - Vendor github.com/onsi/ginkgo and github.com/onsi/gomega - Test with Go 1.10, too - Add console syntax highlighting to troubleshooting page - bud.bats: print '' before checking its contents - Manage 'Run' containers more closely - Break Builder.Run()'s 'run runc' bits out - util.ResolveName(): handle completion for tagged/digested image names - Handle /etc/hosts and /etc/resolv.conf properly in container - Documentation fixes - Make it easier to parse our temporary directory as an image name - Makefile: list new pkg/ subdirectoris as dependencies for buildah - containerImageSource: return more-correct errors - API cleanup: PullPolicy and TerminalPolicy should be types - Make 'run --terminal' and 'run -t' aliases for 'run --tty' - Vendor github.com/containernetworking/cni v0.6.0 - Update github.com/containers/storage - Update github.com/projectatomic/libpod - Add support for buildah bud --label - buildah push/from can push and pull images with no reference - Vendor in latest containers/image - Update gometalinter to fix install.tools error - Update troubleshooting with new run workaround - Added a bud demo and tidied up - Attempt to download file from url, if fails assume Dockerfile - Add buildah bud CI tests for ENV variables - Re-enable rpm .spec version check and new commit test - Update buildah scratch demo to support el7 - Added Docker compatibility demo - Update to F28 and new run format in baseline test - Touchup man page short options across man pages - Added demo dir and a demo. chged distrorlease - builder-inspect: fix format option - Add cpu-shares short flag (-c) and cpu-shares CI tests - Minor fixes to formatting in rpm spec changelog - Fix rpm .spec changelog formatting - CI tests and minor fix for cache related noop flags - buildah-from: add effective value to mount propagation [1.0-1] - Remove buildah run cmd and entrypoint execution - Add Files section with registries.conf to pertinent man pages - Force 'localhost' as a default registry - Add --compress, --rm, --squash flags as a noop for bud - Add FIPS mode secret to buildah run and bud - Add config --comment/--domainname/--history-comment/--hostname - Add support for --iidfile to bud and commit - Add /bin/sh -c to entrypoint in config - buildah images and podman images are listing different sizes - Remove tarball as an option from buildah push --help - Update entrypoint behaviour to match docker - Display imageId after commit - config: add support for StopSignal - Allow referencing stages as index and names - Add multi-stage builds support - Vendor in latest imagebuilder, to get mixed case AS support - Allow umount to have multi-containers - Update buildah push doc - buildah bud walks symlinks - Imagename is required for commit atm, update manpage [0.16-3.git532e267] - Resolves: #1573681 - built commit 532e267 [0.16.0-2.git6f7d05b] - built commit 6f7d05b [0.16-1] - Add support for shell - Vendor in latest containers/image - docker-archive generates docker legacy compatible images - Do not create subdirectories for layers with no configs - Ensure the layer IDs in legacy docker/tarfile metadata are unique - docker-archive: repeated layers are symlinked in the tar file - sysregistries: remove all trailing slashes - Improve docker/* error messages - Fix failure to make auth directory - Create a new slice in Schema1.UpdateLayerInfos - Drop unused storageImageDestination.{image,systemContext} - Load a *storage.Image only once in storageImageSource - Support gzip for docker-archive files - Remove .tar extension from blob and config file names - ostree, src: support copy of compressed layers - ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size - image: fix docker schema v1 -> OCI conversion - Add /etc/containers/certs.d as default certs directory - Change image time to locale, add troubleshooting.md, add logo to other mds - Allow --cmd parameter to have commands as values - Document the mounts.conf file - Fix man pages to format correctly - buildah from now supports pulling images using the following transports: - docker-archive, oci-archive, and dir. - If the user overrides the storage driver, the options should be dropped - Show Config/Manifest as JSON string in inspect when format is not set - Adds feature to pull compressed docker-archive files [0.15-1] - Fix handling of buildah run command options [0.14-1] - If commonOpts do not exist, we should return rather then segfault - Display full error string instead of just status - Implement --volume and --shm-size for bud and from - Fix secrets patch for buildah bud - Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension [0.13-1.git99066e0] - use correct version [0.12-4.git99066e0] - enable debuginfo [0.12-3.git99066e0] - BR: libseccomp-devel [0.12-2.git99066e0] - Resolves: #1548535 - built commit 99066e0 [0.12-1] - Added handing for simpler error message for Unknown Dockerfile instructions. - Change default certs directory to /etc/containers/certs.dir - Vendor in latest containers/image - Vendor in latest containers/storage - build-using-dockerfile: set the 'author' field for MAINTAINER - Return exit code 1 when buildah-rmi fails - Trim the image reference to just its name before calling getImageName - Touch up rmi -f usage statement - Add --format and --filter to buildah containers - Add --prune,-p option to rmi command - Add authfile param to commit - Fix --runtime-flag for buildah run and bud - format should override quiet for images - Allow all auth params to work with bud - Do not overwrite directory permissions on --chown - Unescape HTML characters output into the terminal - Fix: setting the container name to the image - Prompt for un/pwd if not supplied with --creds - Make bud be really quiet - Return a better error message when failed to resolve an image - Update auth tests and fix bud man page [0.11-3.git49095a8] - Resolves: #1542236 - add ostree and bump runc dep [0.11-2.git49095a8] - rebased to 49095a83f8622cf69532352d183337635562e261 [0.11-1] - Add --all to remove containers - Add --all functionality to rmi - Show ctrid when doing rm -all - Ignore sequential duplicate layers when reading v2s1 - Lots of minor bug fixes - Vendor in latest containers/image and containers/storage [0.10-2] - Fix checkin [0.10-1] - Display Config and Manifest as strings - Bump containers/image - Use configured registries to resolve image names - Update to work with newer image library - Add --chown option to add/copy commands [0.9-2.git04ea079] - build for all arches [0.9-1] - Allow push to use the image id - Make sure builtin volumes have the correct label [0.8-1] - Buildah bud was failing on SELinux machines, this fixes this - Block access to certain kernel file systems inside of the container [0.7-1] - Ignore errors when trying to read containers buildah.json for loading SELinux reservations - Use credentials from kpod login for buildah - Adds support for converting manifest types when using the dir transport - Rework how we do UID resolution in images - Bump github.com/vbatts/tar-split - Set option.terminal appropriately in run [0.5-5.gitf7dc659] - revert building for s390x, it is intended for rhel 7.5 [0.5-4] - Add requires for container-selinux [0.5-3.gitf7dc659] - build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234 [0.5-2] - Bump github.com/vbatts/tar-split - Fixes CVE That could allow a container image to cause a DOS [0.5-1] - Add secrets patch to buildah - Add proper SELinux labeling to buildah run - Add tls-verify to bud command - Make filtering by date use the image's date - images: don't list unnamed images twice - Fix timeout issue - Add further tty verbiage to buildah run - Make inspect try an image on failure if type not specified - Add support for - Tons of bug fixes and code cleanup [0.4-2.git01db066] - bump to latest version - set GIT_COMMIT at build-time [0.4-1.git9cbccf88c] - Add default transport to push if not provided - Avoid trying to print a nil ImageReference - Add authentication to commit and push - Add information on buildah from man page on transports - Remove --transport flag - Run: do not complain about missing volume locations - Add credentials to buildah from - Remove export command - Run(): create the right working directory - Improve 'from' behavior with unnamed references - Avoid parsing image metadata for dates and layers - Read the image's creation date from public API - Bump containers/storage and containers/image - Don't panic if an image's ID can't be parsed - Turn on --enable-gc when running gometalinter - rmi: handle truncated image IDs [0.4-1.git9cbccf8] - bump to v0.4 [0.3-4.gitb9b2a8a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.3-3.gitb9b2a8a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.3-2.gitb9b2a8a7e] - Bump for inclusion of OCI 1.0 Runtime and Image Spec [0.2.0-1.gitac2aad6] - buildah run: Add support for -- ending options parsing - buildah Add/Copy support for glob syntax - buildah commit: Add flag to remove containers on commit - buildah push: Improve man page and help information - buildah run: add a way to disable PTY allocation - Buildah docs: clarify --runtime-flag of run command - Update to match newer storage and image-spec APIs - Update containers/storage and containers/image versions - buildah export: add support - buildah images: update commands - buildah images: Add JSON output option - buildah rmi: update commands - buildah containers: Add JSON output option - buildah version: add command - buildah run: Handle run without an explicit command correctly - Ensure volume points get created, and with perms - buildah containers: Add a -a/--all option [0.1.0-2.git597d2ab9] - Release Candidate 1 - All features have now been implemented. [0.0.1-1.git7a0a5333] - First package for Fedora cockpit-podman [11-1] - Fix Alert notification in Image Search Modal - Allow more than a single Error Notification for Container action errors - Various Alert cleanups - Translation updates - Related: RHELPLAN-25138 [10-1] - Support for user containers - Show list of containers that use given image - Show placeholder while loading containers and images - Fix setting memory limit - bug 1732713 - Add container Terminal - bug 1703245 - Related: RHELPLAN-25138 conmon [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25138 [2:2.0.5-1] - update to 2.0.5 - Related: RHELPLAN-25138 [2:2.0.4-1] - update to 2.0.4 bugfix release - Related: RHELPLAN-25138 [2:2.0.3-2.giteb5fa88] - BR: systemd-devel - Related: RHELPLAN-25138 [2:2.0.3-1.giteb5fa88] - update to 2.0.3 [2:2.0.2-0.1.dev.git422ce21] - build latest upstream master [2:2.0.0-2] - remove BR: go-md2man since no manpages yet [2:2.0.0-1] container-selinux [2:2.124.0-1] - update to 2.124.0 - Related: RHELPLAN-25138 [2:2.123.0-2] - implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25138 [2:2.123.0-1] - update to 2.123.0 - Related: RHELPLAN-25138 [2:2.122.0-1] - update to 2.122.0 [2:2.119.0-3.gita233788] - update to master container-selinux - bug 1769469 [2:2.119.0-2] - fix post scriptlet - fail if semodule fails - bug 1729272 [2:2.119.0-1] - update to 2.119.0 [2:2.116-1] - update to 2.116, bug 1748519 [2:2.107-2] - Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700 [2:2.107-1] - Resolves: #1720654 - rebase to v2.107 [2:2.89-1.git2521d0d] - bump to v2.89 [2:2.75-1.git99e2cfd] - bump to v2.75 - built commit 99e2cfd [2:2.74-1] - Resolves: #1641655 - bump to v2.74 - built commit a62c2db [2:2.73-3] - tweak macro for fedora - applies to rhel8 as well [2:2.73-2] - moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory [2.69-3] - Make sure we pull in the latest selinux-policy [2.69-2] - Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t [2.68-1] - Add label for /var/lib/origin - Add customizable_file_t to customizable_types [2.67-1] - Add policy for container_logreader_t [2.66-1] - Allow dnsmasq to dbus chat with spc_t [2.64-1] - Allow containers to create all socket classes [2.62-1] - Label overlay directories under /var/lib/containers/ correctly [2.61-1] - Allow spc_t to load kernel modules from inside of container [2.60-1] - Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. [2.58-2] - Run restorecon /usr/bin/podman in postinstall [2.58-1] - Add labels to allow podman to be run from a systemd unit file [2.57-1] - Set the version of SELinux policy required to the latest to fix build issues. [2.56-1] - Allow container_runtime_t to transition to spc_t over unlabeled files [2.55-1] Allow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files [2.52-1] - Add better support for writing custom selinux policy for customer container domains. [2.51-1] - Allow shell_exec_t as a container_runtime_t entrypoint [2.50-1] - Allow bin_t as a container_runtime_t entrypoint [2.49-1] - Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container [2.48-1] - Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls [2.41-1] - Add support to nnp_transition for container domains - Eliminates need for typebounds. [2.40-1] - Allow container_runtime_t to use user ttys - Fixes bounds check for container_t [2.39-1] - Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. [2.38-1] - Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin [2.37-1] - Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree [2.36-1] - Allow containers to relabelto/from all file types to container_file_t [2.35-1] - Allow container to map chr_files labeled container_file_t [2.34-1] - Dontaudit container processes getattr on kernel file systems [2.33-1] - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. [2.32-1] - Make sure users creating content in /var/lib with right labels [2.31-1] - Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc [2.29-1] - Add support for lxcd - Add support for labeling of tmpfs storage created within a container. [2.28-1] - Allow a container to umount a container_file_t filesystem [2.27-1] - Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t [2.24-1] - Make sure container_runtime_t has all access of container_t [2.23-1] - Allow container runtimes to create sockets in tmp dirs [2.22-1] - Add additonal support for crio labeling. [2.21-3] - Fixup spec file conditionals [2:2.21-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.21-1] - Allow containers to execmod on container_share_t files. [2.20-2] - Relabel runc and crio executables [2.20-1] - Allow container processes to getsession [2:2.19-2.1] - update release tag to isolate from 7.3 [2:2.19-1] - Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets [2:2.15-1.1] - Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40 [2:2.10-2.1] - Make sure we have a late enough version of policycoreutils [2:2.10-1] - Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container [2:2.9-4] - Resolves: #1425574 - built commit 79a6d70 [2:2.9-3] - Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4 [2:2.9-2] - built @origin/RHEL-1.12 commit 33cb78b [2:2.8-2] - [2:2.7-1] - built origin/RHEL-1.12 commit 21dd37b [2:2.4-2] - correct version-release in changelog entries [2:2.4-1] - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc* [2:2.3-1] - Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content [2:2.2-4] - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 [2:2.2-3] - properly disable docker module in %post [2:2.2-2] - depend on selinux-policy-targeted - relabel docker-latest* files as well [2:2.2-1] - bump to v2.2 - additional labeling for ocid [2:2.0-2] - install policy at level 200 - From: Dan Walsh <dwalsh@redhat.com> [2:2.0-1] - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel [2:1.12.4-29] - new package (separated from docker) containernetworking-plugins [0.8.3-4.0.1] - Disable debuginfo [0.8.3-4] - compile with no_openssl - Related: RHELPLAN-25138 [0.8.3-3] - compile in FIPS mode - Related: RHELPLAN-25138 [0.8.3-2] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [0.8.3-1] - update to 0.8.3 - Related: RHELPLAN-25138 [0.8.1-2] - backport https://github.com/coreos/go-iptables/pull/62 from Michael Cambria - Resolves: #1627561 [0.8.1-1] - Resolves: #1720319 - bump to v0.8.1 [0.7.5-1] - Resolves: #1616063 - bump to v0.7.5 [0.7.4-3.git9ebe139] - re-enable debuginfo [0.7.4-2.git9ebe139] - rebase, removed patch that is already upstream [0.7.3-7.git19f2f28] - go tools not in scl anymore [0.7.3-6.git19f2f28] - correct tag specification format in %gobuild macro [0.7.3-5.git19f2f28] - Resolves: #1616062 - patch to revert coreos/go-iptables bump [0.7.3-4.git19f2f28] - Resolves:#1603012 - fix versioning, upstream got it wrong at 7.2 [0.7.2-3.git19f2f28] - disable i686 temporarily for appstream builds - update golang deps and gobuild definition [0.7.2-2.git19f2f28] - rebase [0.7.0-103.gitdd8ff8a] - enable scl with the toolset [0.7.0-102.gitdd8ff8a] - remove devel and unittest subpackages - use new go-toolset deps [0.7.0-101] - rebase - patches already upstream, removed [0.6.0-6] - Imported from Fedora - Renamed CNI -> plugins [0.6.0-4] - Own the libexec cni directory [0.6.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.6.0-2] - skip settling IPv4 addresses [0.6.0-1] - rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9 [0.5.2-7] - do not install to /opt (against Fedora Guidelines) [0.5.2-6] - Enable devel subpackage [0.5.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.5.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.5.2-3] - excludearch: ppc64 as it's not in goarches anymore - re-enable s390x [0.5.2-2] - upstream moved to github.com/containernetworking/plugins - built commit dcf7368 - provides: containernetworking-plugins - use vendored deps because they're a lot less of a PITA - excludearch: s390x for now (rhbz#1466865) [0.5.2-1] - Update to 0.5.2 - Softlink to default /opt/cni/bin directories [0.5.1-1] - Initial package fuse-overlayfs [0.7.2-1] - update to 0.7.2 - Related: RHELPLAN-25138 [0.7-1] - update to 0.7 - apply patch to fix build on RHEL-8 - Related: RHELPLAN-25138 [0.4.1-1] - Resolves: #1720654 - rebase to v0.4.1 [0.3-2] - rebase - Resolves:#1666510 [0.1-7.dev.git50c7a50] - Resolves: #1640232 - built commit 50c7a50 [0.1-6.dev.git1c72a1a] - Resolves: #1614856 - add manpage - built commit 1c72a1a - add BR: go-md2man [0.1-5.dev.gitd40ac75] - built commit d40ac75 - remove fedora bz ids - Exclude ix86 and ppc64 [0.1-4.dev.git79c70fd] - Resolves: #1609598 - initial upload to Fedora - bundled gnulib [0.1-3.dev.git79c70fd] - correct license field [0.1-2.dev.git79c70fd] - fix license [0.1-1.dev.git13575b6] - First package for Fedora podman [1.6.4-2.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-2] - apply fix for bug 1757845 - Related: RHELPLAN-25138 [1.6.4-1] - update to 1.6.4 - Related: RHELPLAN-25138 [1.6.3-6] - remove BR: device-mapper-devel, minor spec file changes - Related: RHELPLAN-25138 [1.6.3-5] - Ensure volumes reacquire locks on state refresh (thanks Matt Heon) - Related: RHELPLAN-25138 [1.6.3-4] - use the file events logger backend if systemd isn't available (thanks to Giuseppe Scrivano) - Related: RHELPLAN-25138 [1.6.3-3] - require slirp4netns >= 0.4.0-1 - Related: RHELPLAN-25138 [1.6.3-2] - apply fix to not to fail gating tests: don't parse the config for cgroup-manager default - don't hang while on podman run --rm - bug 1767663 [1.6.3-1] - update to podman 1.6.3 - addresses CVE-2019-18466 [1.6.2-6] - fix %gobuild macro to not to ignore BUILDTAGS [1.6.2-5] - use btrfs_noversion to really disable BTRFS support - amend/reuse BUILDTAGS - still keep device-mapper-devel BR otherwise build fails despite dm support being disabled (build scripting invokes pkg-config for devmapper which is shipped by the dm-devel package) [1.6.2-4] - disable BTRFS support [1.6.2-3] - split podman and conmon packages - drop BR: device-mapper-devel and update BRs in general [1.6.2-2] - drop oci-systemd-hook requirement - drop upstreamed CVE-2019-10214 patch [1.6.2-1] - update to podman 1.6.2 [1.4.2-6] - fix build with --nocheck (#1721394) - escape commented out macros [1.4.2-5] - Fix CVE-2019-10214 (#1734649). [1.4.2-4] - update to latest conmon (Resolves: #1743685) [1.4.2-3] - update to v1.4.2-stable1 - Resolves: #1741157 [1.4.2-2] - Resolves: #1669197, #1705763, #1737077, #1671622, #1723879, #1730281, - Resolves: #1731117 - built libpod v1.4.2-stable1 [1.4.2-1] - Resolves: #1721638 - bump to v1.4.2 [1.4.1-4] - Resolves: #1720654 - update dep on libvarlink - Resolves: #1721247 - enable fips mode [1.4.1-3] - Resolves: #1720654 - podman requires podman-manpages - update dep on cni plugins >= 0.8.1-1 [1.4.1-2] - Resolves: #1720654 - podman-manpages obsoletes podman < 1.4.1-2 [1.4.1-1] - Resolves: #1720654 - bump to v1.4.1 - bump conmon to v0.3.0 [1.4.0-1] - Resolves: #1720654 - bump to v1.4.0 [1.3.2-2] - Resolves: #1683217 - tests subpackage requires slirp4netns [1.3.2-1] - Resolves: #1707220 - bump to v1.3.2 - built conmon v0.2.0 [1.2.0-1.git3bd528e5] - package system tests, zsh completion. Update CI tests to use new -tests pkg [1.1.0-1.git006206a] - bump to v1.1.0 [1.0.1-1.git2c74edd] - bump to v1.0.1 [1.0.0-2.git921f98f] - rebase [1.0.0-1.git82e8011] - rebase to v1, yay! - rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2 - Resolves:#1623282 - python interface removed, moved to https://github.com/containers/python-podman/ [0.12.1.2-4.git9551f6b] - re-enable debuginfo [0.12.1.2-3.git9551f6b] - python libraries added - resolves: #1657180 [0.12.1.2-2.git9551f6b] - rebase [0.11.1.1-3.git594495d] - go tools not in scl anymore [0.11.1.1-2.git594495d] - fedora-like buildrequires go toolset [0.11.1.1-1.git594495d] - Resolves: #1636230 - build with FIPS enabled golang toolchain - bump to v0.11.1.1 - built commit 594495d [0.11.1-3.gita4adfe5] - podman-docker provides docker - Resolves: #1650355 [0.11.1-2.gita4adfe5] - Require platform-python-setuptools instead of python3-setuptools - Resolves: rhbz#1650144 [0.11.1-1.gita4adfe5] - bump to v0.11.1 - built libpod commit a4adfe5 - built conmon from cri-o commit 464dba6 [0.10.1.3-5.gitdb08685] - Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it - not having device-mapper-devel seems to have brew not recognize %{_unitdir} [0.10.1.3-4.gitdb08685] - Resolves: #1625384 - correctly add buildtags to remove devmapper [0.10.1.3-3.gitdb08685] - Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2 [0.10.1.3-2.gitdb08685] - Resolves: #1625384 - depend on lvm2 [0.10.1.3-1.gitdb08685] - Resolves: #1640298 - update vendored buildah to allow building when there are running containers - bump to v0.10.1.3 - built podman commit db08685 [0.10.1.2-1.git2b4f8d1] - Resolves: #1625378 - bump to v0.10.1.2 - built podman commit 2b4f8d1 [0.10.1.1-1.git4bea3e9] - bump to v0.10.1.1 - built podman commit 4bea3e9 [0.10.1-1.gite4a1553] - bump podman to v0.10.1 - built podman commit e4a1553 - built conmon from cri-o commit a30f93c [0.9.3.1-4.git1cd906d] - rebased cri-o to 1.11.6 [0.9.3.1-3.git1cd906d] - rebase [0.9.2-2.git37a2afe] - rebase to podman 0.9.2 - rebase to cri-o 0.11.4 [0.9.1.1-2.git123de30] - rebase [0.8.4-1.git9f9b8cf] - bump to v0.8.4 - built commit 9f9b8cf - upstream username changed from projectatomic to containers - use containernetworking-plugins >= 0.7.3-5 [0.8.2.1-2.git7a526bb] - Resolves: #1615607 - rebuild with gobuild tag 'no_openssl' [0.8.2.1-1.git7a526bb] - Upstream 0.8.2.1 release - Add support for podman-docker Resolves: rhbz#1615104 [0.8.2-1.dev.git8b2d38e] - Resolves: #1614710 - podman search name includes registry - bump to v0.8.2-dev - built libpod commit 8b2d38e - built conmon from cri-o commit acc0ee7 [0.8.1-2.git6b4ab2a] - Add recommends for slirp4netns and container-selinux [0.8.1-2.git6b4ab2a] - bump to v0.8.1 - use %go{build,generate} instead of go build and go generate - update go deps to use scl-ized builds - No need for Makefile patch for python installs [0.8.1-1.git6b4ab2a] - Bump to v0.8.1 [0.7.4-2.git079121] - podman should not require atomic-registries [0.7.4-1.dev.git9a18681] - bump to v0.7.4-dev - built commit 9a18681 [0.7.3-2.git079121] - Turn on ostree support - Upstream 0.7.3 [0.7.2-2.git4ca4c5f] - Upstream 0.7.2 release [0.7.1-3.git84cfdb2] - rebuilt [0.7.1-2.git84cfdb2] - rebase to 84cfdb2 [0.7.1-1.git802d4f2] - Upstream 0.7.1 release [0.6.4-2.gitd5beb2f] - disable devel and unittest subpackages - include conditionals for rhel-8.0 [0.6.4-1.gitd5beb2f] - do not compress debuginfo with dwz to support delve debugger [0.6.1-3.git3e0ff12] - do not compress debuginfo with dwz to support delve debugger [0.6.1-2.git3e0ff12] - bash completion shouldn't have shebang [0.6.1-1.git3e0ff12] - Resolves: #1584429 - drop capabilities when running a container as non-root - bump to v0.6.1 - built podman commit 3e0ff12 - built conmon from cri-o commit 1c0c3b0 - drop containernetworking-plugins subpackage, it's now split out into a standalone package [0.4.1-4.gitb51d327] - Resolves: #1572538 - build host-device and portmap plugins [0.4.1-3.gitb51d327] - correct dep on containernetworking-plugins [0.4.1-2.gitb51d327] - add containernetworking-plugins v0.7.0 as a subpackage (podman dep) - release tag for the containernetworking-plugins is actually gotten from podman release tag. [0.4.1-1.gitb51d327] - bump to v0.4.1 - built commit b51d327 [0.3.3-1.dev.gitbc358eb] - built podman commit bc358eb - built conmon from cri-o commit 712f3b8 [0.3.2-1.gitf79a39a] - Release 0.3.2-1 [0.3.1-2.git98b95ff] - Correct RPM version [0.3.1-1-gitc187538] - Release 0.3.1-1 [0.2.2-2.git525e3b1] - Build on ARMv7 too (Fedora supports containers on that arch too) [0.2.2-1.git525e3b1] - Release 0.2.2 [0.2.1-1.git3d0100b] - Release 0.2.1 [0.2-3.git3d0100b] - Add dep for atomic-registries [0.2-2.git3d0100b] - Add more 64bit arches - Add containernetworking-cni dependancy - Add iptables dependancy [0-2.1.git3d0100] - Release 0.2 [0-0.3.git367213a] - Resolves: #1541554 - first official build - built commit 367213a [0-0.2.git0387f69] - built commit 0387f69 [0-0.1.gitc1b2278] - First package for Fedora python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25138 [1.2.0-0.1.gitd0a45fe] - Initial package runc [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25138 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options [1.0.0-56.rc5.dev.git2abd837] - change-default-root patch not needed as there's no docker on rhel8 [1.0.0-55.rc5.dev.git2abd837] - Resolves: CVE-2019-5736 [1.0.0-54.rc5.dev.git2abd837] - re-enable debuginfo [1.0.0-53.rc5.dev.git2abd837] - go toolset not in scl anymore [1.0.0-52.rc5.dev.git2abd837] - rebase [2:1.0.0-51.dev.gitfdd8055] - Fix handling of tmpcopyup [2:1.0.0-49.rc5.dev.gitb4e2ecb] - %gobuild uses no_openssl - remove unused devel and unit-test subpackages [2:1.0.0-48.rc5.dev.gitad0f525] - build with %gobuild - exlude i686 temporarily because of go-toolset issues [1.0.0-47.dev.gitb4e2ecb] - Rebuild with fixed binutils [2:1.0.0-46.dev.gitb4e2ecb] - Add patch https://github.com/opencontainers/runc/pull/1807 to allow - runc and podman to work with sd_notify [2:1.0.0-40.rc5.dev.gitad0f525] - Remove sysclt handling, not needed in RHEL8 - Make sure package built with seccomp flags - Remove rectty - Add completions [2:1.0.0-36.rc5.dev.gitad0f525] - Better handling of user namespace [2:1.0.0-31.rc5.git0cbfd83] - Fix issues between SELinux and UserNamespace [1.0.0-27.rc5.dev.git4bb1fe4] - rebuilt, placed missing changelog entry back [2:1.0.0-26.rc5.git4bb1fe4] - release v1.0.0~rc5 [1.0.0-26.rc4.git9f9c962] - Bump to the latest from upstream [1.0.0-25.rc4.gite6516b3] - built commit e6516b3 [1.0.0-24.rc4.dev.gitc6e4a1e.1] - rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f - https://github.com/opencontainers/runc/pull/1651 [1.0.0-23.rc4.git1d3ab6d] - Resolves: #1524654 [1.0.0-22.rc4.git1d3ab6d] - Many Stability fixes - Many fixes for rootless containers - Many fixes for static builds [1.0.0-21.rc4.dev.gitaea4f21] - enable debuginfo and include -buildmode=pie for go build [1.0.0-20.rc4.dev.gitaea4f21] - use Makefile [1.0.0-19.rc4.dev.gitaea4f21] - disable debuginfo temporarily [1.0.0-18.rc4.dev.gitaea4f21] - enable debuginfo [1.0.0-17.rc4.gitaea4f21] - Add container-selinux prerequires to make sure runc is labeled correctly [1.0.0-16.rc4.dev.gitaea4f21] - correct the release tag 'rc4dev' -> 'rc4.dev' cause I'm OCD [1.0.0-15.rc4dev.gitaea4f21] - Use the same checkout as Fedora for lates CRI-O [1.0.0-14.rc4dev.git84a082b] - rebase to 84a082bfef6f932de921437815355186db37aeb1 [1.0.0-13.rc3.gitd40db12] - Resolves: #1479489 - built commit d40db12 [1.0.0-12.1.gitf8ce01d] - disable s390x temporarily because of indefinite wait times on brew [1.0.0-11.1.gitf8ce01d] - correct previous bogus date : [1.0.0-10.1.gitf8ce01d] - Resolves: #1441737 - run sysctl_apply for sysctl knob [1.0.0-9.1.gitf8ce01d] - Resolves: #1447078 - change default root path - add commit e800860 from runc @projectatomic/change-root-path [1.0.0-8.1.gitf8ce01d] - Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts [1.0.0-7.1.gitf8ce01d] - Resolves: #1429675 - built @opencontainers/master commit f8ce01d [1.0.0-4.1.gitee992e5] - built @projectatomic/master commit ee992e5 [1.0.0-3.rc2] - Resolves: #1426674 - built projectatomic/runc_rhel_7 commit 5d93f81 [1.0.0-2.rc2] - Resolves: #1419702 - rebase to latest upstream master - built commit b263a43 [1.0.0-1.rc2] - Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable, runc patch from Michael Crosby <crosbymichael@gmail.com> [0.1.1-6] - Resolves: #1373980 - rebuild for 7.3.0 [0.1.1-5] - build with golang >= 1.6.2 [0.1.1-4] - release tags were inconsistent in the previous build [0.1.1-1] - Resolves: #1341267 - rebase runc to v0.1.1 [0.1.0-3] - add selinux build tag - add BR: libseccomp-devel [0.1.0-2] - Resolves: #1328970 - add seccomp buildtag [0.1.0-1] - Resolves: rhbz#1328616 - rebase to v0.1.0 [0.0.8-1.git4155b68] - Resolves: rhbz#1277245 - bump to 0.0.8 - Resolves: rhbz#1302363 - criu is a runtime dep - Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps - manpages included [1:0.0.5-0.1.git97bc9a7] - Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2 [0.2-0.2.git90e6d37] - First package for Fedora resolves: #1255179 skopeo [0.1.40-8.0.1] - Add oracle registry into the conf file [Orabug: 29845934] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-8] - change the search order of registries and remove quay.io (#1784267) [1:0.1.40-7] - compile in FIPS mode - Related: RHELPLAN-25138 [1:0.1.40-6] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1:0.1.40-5] - fix file list - Related: RHELPLAN-25138 [1:0.1.40-4] - add missing source files to git - Related: RHELPLAN-25138 [1:0.1.40-3] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1:0.1.40-2] - comment out mountopt option in order to fix gating tests see bug 1769769 [1:0.1.40-1] - update to 0.1.40 [1:0.1.37-5] - Fix CVE-2019-10214 (#1734651). [1:0.1.37-4] - fix permissions of rhel/secrets Resolves: #1691543 [1:0.1.37-3] - Resolves: #1719994 - add registry.access.redhat.com to registries.conf [1:0.1.37-2] - Resolves: #1721247 - enable fips mode [1:0.1.37-1] - Resolves: #1720654 - rebase to v0.1.37 [1:0.1.36-1.git6307635] - built upstream tag v0.1.36, including system tests [1:0.1.32-4.git1715c90] - Fixes @openshift/machine-config-operator#669 - install /etc/containers/oci/hooks.d and /etc/containers/certs.d [1:0.1.32-3.git1715c90] - rebase [1:0.1.32-2.git1715c90] - re-enable debuginfo [1:0.1.31-12.gitb0b750d] - go tools not in scl anymore [1:0.1.31-11.gitb0b750d] - Resolves: #1615609 - built upstream tag v0.1.31 [1:0.1.31-10.git0144aa8] - Resolves: #1616069 - correct order of registries [1:0.1.31-9.git0144aa8] - Resolves: #1615609 - rebuild with gobuild tag 'no_openssl' [1:0.1.31-8.git0144aa8] - Resolves: #1614934 - containers-common soft dep on slirp4netns and fuse-overlayfs [1:0.1.31-7.git0144aa8] - build with %gobuild - use scl-ized go-toolset as dep - disable i686 builds temporarily because of go-toolset issues [1:0.1.31-6.git0144aa8] - add statx to seccomp.json to containers-config - add seccomp.json to containers-config [1:0.1.31-4.git0144aa8] - Resolves: #1597629 - handle dependency issue for skopeo-containers - rename skopeo-containers to containers-common as in Fedora [1:0.1.31-3.git0144aa8] - Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs buildtag [1:0.1.31-2.git0144aa8] - correct bz in previous changelog [1:0.1.31-1.git0144aa8] - Resolves: #1580938 - resolve FTBFS - Resolves: #1583762 - remove dependency on btrfs-progs-devel - bump to v0.1.31 (from master) - built commit ca3bff6 - use go-toolset deps for rhel8 [0.1.29-5.git7add6fc] - Fix small typo in registries.conf [0.1.29-4.git] - Add policy.json.5 [0.1.29-3.git] - Add registries.conf [0.1.29-2.git] - Add registries.conf man page [0.1.29-1.git] - bump to 0.1.29-1 - Updated containers/image docker-archive generates docker legacy compatible images Do not create subdirectories for layers with no configs Ensure the layer IDs in legacy docker/tarfile metadata are unique docker-archive: repeated layers are symlinked in the tar file sysregistries: remove all trailing slashes Improve docker/* error messages Fix failure to make auth directory Create a new slice in Schema1.UpdateLayerInfos Drop unused storageImageDestination.{image,systemContext} Load a *storage.Image only once in storageImageSource Support gzip for docker-archive files Remove .tar extension from blob and config file names ostree, src: support copy of compressed layers ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI conversion Add /etc/containers/certs.d as default certs directory [0.1.28-2.git0270e56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.1.28-1.git] - Vendor in fixed libraries in containers/image and containers/storage [0.1.27-1.git] - Fix Conflicts to Obsoletes - Add better docs to man pages. - Use credentials from authfile for skopeo commands - Support storage='' in /etc/containers/storage.conf - Add global --override-arch and --override-os options [0.1.25-2.git2e8377a7] - Add manifest type conversion to skopeo copy - User can select from 3 manifest types: oci, v2s1, or v2s2 - e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory [0.1.25-2.git7fd6f66b] - Force storage.conf to default to overlay [0.1.25-1.git7fd6f66b] - Fix CVE in tar-split - copy: add shared blob directory support for OCI sources/destinations - Aligning Docker version between containers/image and skopeo - Update image-tools, and remove the duplicate Sirupsen/logrus vendor - makefile: use -buildmode=pie [0.1.24-8.git28d4e08a] - Add /usr/share/containers/mounts.conf [0.1.24-7.git28d4e08a] - Bug fixes - Update to release [0.1.24-6.dev.git28d4e08] - skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31 [0.1.24-5.dev.git28d4e08] - Add rhel subscription secrets data to skopeo-containers [0.1.24-4.dev.git28d4e08] - Update container/storage.conf and containers-storage.conf man page - Default override to true so it is consistent with RHEL. [0.1.24-3.dev.git28d4e08] - built commit 28d4e08 [0.1.24-2.dev.git875dd2e] - built commit 875dd2e - Resolves: gh#416 [0.1.24-1.dev.gita41cd0] - bump to 0.1.24-dev - correct a prior bogus date - fix macro in comment warning [0.1.23-6.dev.git1bbd87] - Change name of storage.conf.5 man page to containers-storage.conf.5, since it conflicts with inn package - Also remove default to 'overalay' in the configuration, since we should - allow containers storage to pick the best default for the platform. [0.1.23-5.git1bbd87f] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.1.23-4.git1bbd87f] - Rebuild with binutils fix for ppc64le (#1475636) [0.1.23-3.git1bbd87f] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.1.23-2.dev.git1bbd87] - Fix storage.conf man page to be storage.conf.5.gz so that it works. [0.1.23-1.dev.git1bbd87] - Support for OCI V1.0 Images - Update to image-spec v1.0.0 and revendor - Fixes for authentication [0.1.22-2.dev.git5d24b67] - Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1 [0.1.22-1.dev.git5d24b67] - Give more useful help when explaining usage - Also specify container-storage as a valid transport - Remove docker reference wherever possible - vendor in ostree fixes [0.1.21-1.dev.git0b73154] - Add support for storage.conf and storage-config.5.md from github container storage package - Bump to the latest version of skopeo - vendor.conf: add ostree-go - it is used by containers/image for pulling images to the OSTree storage. - fail early when image os does not match host os - Improve documentation on what to do with containers/image failures in test-skopeo - We now have the docker-archive: transport - Integration tests with built registries also exist - Support /etc/docker/certs.d - update image-spec to v1.0.0-rc6 [0.1.20-1.dev.git0224d8c] - BZ #1380078 - New release [0.1.19-2.dev.git0224d8c] - No golang support for ppc64. Adding exclude arch. BZ #1445490 [0.1.19-1.dev.git0224d8c] - bump to v0.1.19-dev - built commit 0224d8c [0.1.17-3.dev.git2b3af4a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.1.17-2.dev.git2b3af4a] - Rebuild for gpgme 1.18 [0.1.17-1.dev.git2b3af4a] - bump to 0.1.17-dev [0.1.14-6.git550a480] - Fix BZ#1391932 [0.1.14-5.git550a480] - Conflicts with atomic in skopeo-containers [0.1.14-4.git550a480] - built skopeo-containers [0.1.14-3.gitd830391] - built mtrmac/integrate-all-the-things commit d830391 [0.1.14-2.git362bfc5] - built commit 362bfc5 [0.1.14-1.gitffe92ed] - build origin/master commit ffe92ed [0.1.13-6] - https://fedoraproject.org/wiki/Changes/golang1.7 [0.1.13-5] - include go-srpm-macros and compiler(go-compiler) in fedora conditionals - define %gobuild if not already - add patch to build with older version of golang [0.1.13-4] - update to v0.1.12 [0.1.12-3] - fix go build source path [0.1.12-2] - update to v0.1.12 [0.1.11-1] - update to v0.1.11 [0.1.10-1] - update to v0.1.10 - change runcom -> projectatomic [0.1.9-1] - update to v0.1.9 [0.1.8-1] - update to v0.1.8 [0.1.4-2] - https://fedoraproject.org/wiki/Changes/golang1.6 [0.1.4] - First package for Fedora slirp4netns [0.4.2-2.git21fdece] - Fix CVE-2020-7039. - Related: RHELPLAN-25138 [0.4.2-1.git21fdece] - update to latest 0.4.2, fixes bug 1763454 - Related: RHELPLAN-25138 [0.4.0-2] - add new BR: libseccomp-devel [0.4.0-1] - update to v.0.4.0 - sync with fedora spec - drop applied CVE-2019-14378 patch [0.3.0-4] - Fix CVE-2019-14378 (#1755595). [0.3.0-3] - Resolves: #1683217 - BR: glib2-devel [0.3.0-2] - Resolves: #1683217 - bump slirp4netns to v0.3.0 [0.3.0-1.alpha.2.git30883b5] - bump to v0.3.0-alpha.2 [0.1-2.dev.gitc4e1bc5] - changed summary [0.1-1.dev.gitc4e1bc5] - First package for RHEL 8 - import from Fedora rawhide - Exclude ix86 and ppc64 toolbox [0.0.4-1.el8] - Update for rhel8.1 container-tools module [0.0.4-1.rhaos4.2.el8] - Add help switch per RHBZ#1684258 - Spec fixes found by rpmlint [0.0.3-1.rhaos4.1.el8] - Use rhel8/support-tools [0.0.2-1.rhaos4.1.el8] - Add runlabel options and fix default image [0.0.1-1.rhaos4.1.el8] - Initial Specfile for Red Hat CoreOS Toolbox udica [0.2.1-2] - initial import to container-tools 8.2.0 - Related: RHELPLAN-25139 [0.2.1-1] - New rebase https://github.com/containers/udica/releases/tag/v0.2.0 Resolves: rhbz#1757693 [0.2.0-1] - New rebase https://github.com/containers/udica/releases/tag/v0.2.0 Resolves: rhbz#1757693 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 Oracle Linux 7 [1.5.3-167.el7_7.4] - kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333] - Resolves: bz#1755333 ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z]) [1.5.3-167.el7_7.3] - kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960] - kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960] - Resolves: bz#1771960 (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]) [1.5.3-167.el7_7.2] - kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606] - kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606] - kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606] - kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606] - kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606] - kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606] - kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606] - kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606] - kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606] - kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606] - Resolves: bz#1730606 ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11135 CVE-2019-14378 Oracle Linux 7 [3.10.0-1062.12.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.12.1] - [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1780148 1748306] - [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1780148 1748306] - [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1780148 1748306] - [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1776290 1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1776290 1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1776290 1750577] - [scsi] scsi: bnx2fc: remove set but not used variable 'fh' (Nilesh Javali) [1776290 1750577] - [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1767621 1764567] [3.10.0-1062.11.1] - [tty] TTY: serial_core, add ->install (Kenneth Yin) [1780163 1443152] - [net] gro: fix use-after-free read in napi_gro_frags() (Paolo Abeni) [1780033 1750810] - [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1778631 1778632] - [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx (Alex Gladkov) [1777351 1749766] - [fs] gfs2: Use async glocks for rename (Robert S Peterson) [1777297 1677686] - [fs] gfs2: create function gfs2_glock_update_hold_time (Robert S Peterson) [1777297 1677686] - [fs] gfs2: separate holder for rgrps in gfs2_rename (Robert S Peterson) [1777297 1677686] - [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1776615 1776616] - [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1776289 1771849] - [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1776289 1756843] - [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776205 1776206] - [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776156 1776157] {CVE-2019-14901} - [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1775678 1758001] - [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1772812 1769569] - [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1770732 1757943] - [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1770732 1757943] - [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1770732 1757943] - [md] dm rq: fix handling underlying queue busy (Ming Lei) [1770113 1767482] - [pci] hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (Mohammed Gamal) [1766097 1634251] - [pci] hv: Detect and fix Hyper-V PCI domain number collision (Mohammed Gamal) [1766097 1634251] - [pci] hv: Serialize the present and eject work items (Mohammed Gamal) [1766097 1634251] - [netdrv] hv_netvsc: fix network namespace issues with VF support (Mohammed Gamal) [1766093 1741334] - [netdrv] hv_netvsc: move VF to same namespace as netvsc device (Mohammed Gamal) [1766093 1741334] - [netdrv] hv_netvsc: set master device (Mohammed Gamal) [1766093 1741334] - [pci] PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed Gamal) [1766089 1737567] [3.10.0-1062.10.1] - [net] netfilter: masquerade: don't flush all conntracks if only one address deleted on device (Patrick Talbert) [1779564 1771396] - [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1779564 1771396] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17133 CVE-2019-14895 CVE-2019-14901 CVE-2019-14816 CVE-2019-14898 Oracle Linux 7 [4.6.5-11.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.5-11.el7_7.4] - Resolves: #1781153 - After upgrade AD Trust Agents were removed from LDAP - trust upgrade: ensure that host is member of adtrust agents - Resolves: #1777303 - CVE-2019-10195 ipa: batch API logging user passwords to /var/log/httpd/error_log - CVE-2019-10195: Don't log passwords embedded in commands in calls using batch - Resolves: #1773953 - User incorrectly added to negative cache when backend is reconnecting to IPA service / timed out: error code 32 'No such object' - extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT - ipa-extdom-extop: test timed out getgrgid_r - Resolves: #1770728 - Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master - DL0 replica install: fix nsDS5ReplicaBindDN config - Resolves: #1767300 - CVE-2019-14867 ipa: Denial of service in IPA server due to wrong use of ber_scanf() - Make sure to have storage space for tag IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14867 CVE-2019-10195 Oracle Linux 6 [0.26-8.2] - Fix insufficient encoding checks for LZ Resolves: rhbz#1598651 [0.26-8.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-10893 Oracle Linux 8 [1.8.25p1-8.1] - RHEL 8.1.0.Z ERRATUM - CVE-2019-18634 Resolves: rhbz#1798092 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 Oracle Linux 8 [68.5.0-2.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] - Update to 68.5.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6800 CVE-2020-6798 CVE-2020-6796 Oracle Linux 6 [20120801-38] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790542 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 Oracle Linux 7 [68.5.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6796 CVE-2020-6800 Oracle Linux 6 [68.5.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 Oracle Linux 7 [1.8.23-4.0.2.2] - Bump release to avoid conflict with previous Orace Linux errata [1.8.23-4.2] - RHEL 7.7.z - fixed CVE-2019-18634 Resolves: rhbz#1798094 [1.8.23-4.1] - RHEL-7.7.z - fixed CVE-2019-14287 Resolves: rhbz#1760694 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 Oracle Linux 7 [1:1.7.0.251-2.6.21.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.251-2.6.21.0] - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2654 CVE-2020-2593 CVE-2020-2590 CVE-2020-2604 CVE-2020-2659 CVE-2020-2583 CVE-2020-2601 Oracle Linux 7 [2.3.1-3] - Fix CVE-2020-8112 resolves: #1801030 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8112 Oracle Linux 8 [20120801-253.0.1.el8_1] - Disable _AST_no_spawnveg for taskset workaround [Orabug: 26754277] Red Hat Bug: #1295563 [20120801-253] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790546 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 Oracle Linux 7 [20120801-140.0.1] - disable _AST_no_spawnveg for taskset workaround [orabug 26754277] Red Hat Bug: #1295563 [20120801-140] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790543 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 Oracle Linux 8 [2.3.1-3] - Fix CVE-2020-8112 (#1801033) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8112 Oracle Linux 6 [68.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6800 CVE-2020-6795 Oracle Linux 8 [239-18.0.2.el8_1.4] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-18.4] - sd-bus: use 'queue' message references for managing r/w message queues in connection objects (CVE-2020-1712) [239-18.3] - core, job: fix breakage of ordering dependencies by systemctl reload command (#1781712) - syslog: fix segfault in syslog_parse_priority() (#1781712) - journald: fixed assertion failure when system journal rotation fails (#9893) (#1781712) - test: use PBKDF2 instead of Argon2 in cryptsetup... (#1781712) - test: mask several unnecessary services (#1781712) - test: bump the second partition's size to 50M (#1781712) - sd-bus: make rqueue/wqueue sizes of type size_t (#20201712) - sd-bus: reorder bus ref and bus message ref handling (#20201712) - sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (#20201712) - sd-bus: drop two inappropriate empty lines (#20201712) - sd-bus: initialize mutex after we allocated the wqueue (#20201712) - sd-bus: always go through sd_bus_unref() to free messages (#20201712) - bus-message: introduce two kinds of references to bus messages (#20201712) - sd-bus: introduce API for re-enqueuing incoming messages (#20201712) - sd-event: add sd_event_source_disable_unref() helper (#20201712) - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (#20201712) [239-18.2] - ask-password: prevent buffer overrow when reading from keyring (#1777037) [239-18.1] - journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1767716) [239-18] - shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857) - sd-bus: adjust indentation of comments (#1746857) - resolved: do not run loop twice (#1746857) - resolved: allow access to Set*Link and Revert methods through polkit (#1746857) - resolved: query polkit only after parsing the data (#1746857) [239-17] - mount: simplify /proc/self/mountinfo handler (#1696178) - mount: rescan /proc/self/mountinfo before processing waitid() results (#1696178) - swap: scan /proc/swaps before processing waitid() results (#1696178) - analyze-security: fix potential division by zero (#1734400) [239-16] - sd-bus: deal with cookie overruns (#1694999) - journal-remote: do not request Content-Length if Transfer-Encoding is chunked (#1708849) - journal: do not remove multiple spaces after identifier in syslog message (#1691817) - cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. (#1719153) - cryptsetup: call crypt_load() for LUKS only once (#1719153) - cryptsetup: Add LUKS2 token support. (#1719153) - udev/scsi_id: fix incorrect page length when get device identification VPD page (#1713227) - Change job mode of manager triggered restarts to JOB_REPLACE (#11456 - bash-completion: analyze: support 'security' (#1733395) - man: note that journal does not validate syslog fields (#1707175) - rules: skip memory hotplug on ppc64 (#1713159) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1712 Oracle Linux 7 [68.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6795 CVE-2020-6800 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 Oracle Linux 8 [68.5.0-1.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6792 CVE-2020-6793 CVE-2020-6798 CVE-2020-6795 CVE-2020-6794 CVE-2020-6800 Oracle Linux 7 [2.0.0-20gitd1c6db8] - Combined fixes for CVE-2020-5312 and CVE-2019-16865 Resolves: rhbz#1789533 Resolves: rhbz#1774066 [2.0.0-19gitd1c6db8] - Reenabled webp support on little endian archs. [2.0.0-18gitd1c6db8] - Disabled webp support on ppc64le due to #962091 and #1127230. - Updated URL. [2.0.0-17gitd1c6db8] - Wiped out some memory leaks. [2.0.0-15.gitd1c6db8] - Mass rebuild 2014-01-24 [2.0.0-14gitd1c6db8] - Fixed memory corruption. - Resolves: rhbz#1001122 [2.0.0-13.gitd1c6db8] - Mass rebuild 2013-12-27 [2.0.0-12] - Mark doc subpackage arch dependent. Docs are built depending on supported features, which are different across archs. Resolves: rhbz#987839 [2.0.0-11] - Drop lcms support Resolves: rhbz#987839 [2.0.0-10] - Build without webp support on s390* archs Resolves: rhbz#962059 [2.0.0-9.gitd1c6db8] - Conditionaly disable build of python3 parts on RHEL system [2.0.0-8.gitd1c6db8] - Add patch to fix test failure on big-endian [2.0.0-7.gitd1c6db8] - Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isn't appropriate since qt support didn't exist in the previous python-pillow package so there's no reason to drag in python-pillow-qt when updating python-pillow. [2.0.0-6.gitd1c6db8] - Update to latest git - python-pillow_quantization.patch now upstream - python-pillow_endianness.patch now upstream - Add subpackage for ImageQt module, with correct dependencies - Add PyQt4 and numpy BR (for generating docs / running tests) [2.0.0-5.git93a488e] - Reenable tests on bigendian, add patches for #928927 [2.0.0-4.git93a488e] - Update to latest git - disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed [2.0.0-3.gitde210a2] - python-pillow_tempfile.patch now upstream - Add python3-imaging provides (bug #924867) [2.0.0-2.git2e88848] - Update to latest git - Remove python-pillow-disable-test.patch, gcc is now fixed - Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged [2.0.0-1.git2f4207c] - Update to 2.0.0 git snapshot - Enable python3 packages - Add libwebp-devel BR for Pillow 2.0.0 [1.7.8-6.20130305git] - Add ARM support [1.7.8-5.20130305git] - add s390* and ppc* to arch detection [1.7.8-4.20130305git7866759] - Update to latest git snapshot - 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream - Pillow-1.7.8-selftest.patch now upstream [1.7.8-3.20130210gite09ff61] - Really remove -fno-strict-aliasing - Place comment on how to retreive source just above the Source0 line [1.7.8-2.20130210gite09ff61] - Rebuild without -fno-strict-aliasing - Add patch for upstream issue #52 [1.7.8-1.20130210gite09ff61] - Initial RPM package IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-16865 CVE-2020-5312 Oracle Linux 8 nodejs [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2019-16776 CVE-2019-16775 CVE-2019-16777 Oracle Linux 8 [5.1.1-10] - Bump and rebuild for gating to deliver CVE fixes Resolves: rhbz#1789535 [5.1.1-9] - Fix for CVE-2020-5311 - out-of-bounds write in expandrow Resolves: rhbz#1789535 [5.1.1-8] - Combined fixes for CVE-2020-5312 and CVE-2019-16865 Resolves: rhbz#1789533 Resolves: rhbz#1774066 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5312 CVE-2019-16865 CVE-2020-5311 Oracle Linux 8 nodejs [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15606 CVE-2019-15605 CVE-2019-15604 Oracle Linux 7 [2.4.5-34.0.2] - Userland headers should always appear before kernel - [Orabug: 27656836] (philip.copeland@oracle.com) [2.4.5-34] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 Oracle Linux 6 [2.4.5-11] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 Oracle Linux 6 [1:1.7.0.251-2.6.21.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.251-2.6.21.0] - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 CVE-2020-2590 CVE-2020-2593 CVE-2020-2583 Oracle Linux 8 [2.4.7-26] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 Oracle Linux 6 [3.0.1-21] - add security fix for CVE-2018-1311 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-1311 Oracle Linux 7 [2.7.1-8.2] - Do not break ABI with CVE-2019-15605 fix [2.7.1-8.1] - Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request smuggling using malformed Transfer-Encoding header IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15605 Oracle Linux 7 [3.1.1-10] - add security fix for CVE-2018-1311 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-1311 Oracle Linux 8 [2.8.0-5.2] - Do not break ABI with CVE-2019-15605 fix [2.8.0-5.1] - Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request smuggling using malformed Transfer-Encoding header IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15605 Oracle Linux 6 [1.8.6p3-29.0.1.el6_10.3] - Fixes [OraBug: 28747380] sudo does not honor env_keep-='KRB5CCNAME' after 'sudo -k' (isaac.chen@oracle.com) [1.8.6p3-29.3] - RHEL-6.10.z ERRATUM - fixed CVE-2019-18634 Resolves: rhbz#1799018 [1.8.6p3-29.2] - RHEL-6.10.z ERRATUM - fixed CVE-2019-14287 Resolves: rhbz#1760684 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 Oracle Linux 6 [0.12.1.2-2.506.el6_10.6] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734747] - kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749731] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791558] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791558] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791558] - Resolves: bz#1734747 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-6.10.z]) - Resolves: bz#1749731 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-6]) - Resolves: bz#1791558 (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 CVE-2019-14378 CVE-2019-15890 Oracle Linux 6 [2.6.32-754.28.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.28.1] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1795404] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779473] {CVE-2019-17055} - [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778625] {CVE-2019-17133} - [netdrv] bonding: speed/duplex update at NETDEV_UP event (Patrick Talbert) [1772779] - [netdrv] bonding: make speed, duplex setting consistent with link state (Patrick Talbert) [1772779] - [netdrv] bonding: simplify / unify event handling code for 3ad mode (Patrick Talbert) [1772779] - [netdrv] bonding: unify all places where actor-oper key needs to be updated (Patrick Talbert) [1772779] - [netdrv] bonding: simple code refactor (Patrick Talbert) [1772779] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17133 CVE-2019-17055 Oracle Linux 7 [68.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6805 CVE-2020-6811 CVE-2019-20503 CVE-2020-6807 CVE-2020-6812 CVE-2020-6806 CVE-2020-6814 Oracle Linux 6 [68.6.0-1.0.1.el6_10] - fix LD_LIBRARY_PATH - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.6.0-1] - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20503 CVE-2020-6814 CVE-2020-6805 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6806 Oracle Linux 8 [68.6.0-1.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.6.0-1.0.1] - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6812 CVE-2020-6806 CVE-2020-6807 CVE-2019-20503 CVE-2020-6811 CVE-2020-6805 CVE-2020-6814 Oracle Linux 7 [3.10.0-1062.18.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.18.1] - [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1798163 1773762] - [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1798163 1773762] - [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1796431 1784550] - [fs] gfs2: gfs2_create_inode(): don't bother with d_splice_alias() (Andreas Grunbacher) [1796431 1784550] - [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1796431 1784550] - [scsi] scsi: hpsa: remove printing internal cdb on tag collision (Joseph Szczypek) [1793579 1741355] - [scsi] scsi: hpsa: correct scsi command status issue after reset (Joseph Szczypek) [1793579 1741355] - [infiniband] IB/mlx5: Fix MR registration flow to use UMR properly (Alaa Hleihel) [1792371 1741343] - [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1791825 1760746] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1791782 1761978] - [block] block: don't change REQ_NR_BITS (Ming Lei) [1791781 1779712] - [scsi] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Himanshu Madhani) [1791595 1729270] - [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1789744 1780026] - [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1784824 1772966] - [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1781584 1767935] - [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1781159 1749390] - [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1780149 1765975] - [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1780035 1725396] - [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1780035 1725396] - [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1780035 1725396] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779766 1779768] - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1778691 1765123] - [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1778084 1753480] - [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1778084 1753480] - [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775235 1775236] {CVE-2019-17666} - [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1773482 1752061] - [fs] fscache: Don't use a constructor function on the slab allocator (David Howells) [1793086 1739996] - [mm] mm: fix insert_pfn regression (Jeff Moyer) [1793088 1739889] - [mm] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn (Rafael Aquini) [1768386 1730471] - [mm] mm/mlock.c: mlockall error for flag MCL_ONFAULT (Rafael Aquini) [1768386 1730471] - [mm] hugetlb: use same fault hash key for shared and private mappings (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: on restore reserve error path retain subpool reservation (Rafael Aquini) [1768386 1730471] - [mm] mm/memory.c: fix modifying of page protection by insert_pfn() (Rafael Aquini) [1768386 1730471] - [mm] mm, swap: bounds check swap_info array accesses to avoid NULL derefs (Rafael Aquini) [1768386 1730471] - [mm] mm/slub.c: remove an unused addr argument (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: fix races and page leaks during migration (Rafael Aquini) [1768386 1730471] - [mm] mm, oom: fix use-after-free in oom_kill_process (Rafael Aquini) [1768386 1730471] - [mm] percpu: convert spin_lock_irq to spin_lock_irqsave (Rafael Aquini) [1768386 1730471] - [mm] mm/swapfile.c: use kvzalloc for swap_info_struct allocation (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (Rafael Aquini) [1768386 1730471] - [mm] mm: Fix warning in insert_pfn() (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: dirty pages as they are added to pagecache (Rafael Aquini) [1768386 1730471] - [mm] mm/swapfile.c: fix swap_count comment about nonexistent SWAP_HAS_CONT (Rafael Aquini) [1768386 1730471] - [mm] slab: __GFP_ZERO is incompatible with a constructor (Rafael Aquini) [1768386 1730471] - [mm] mm: fix the NULL mapping case in __isolate_lru_page() (Rafael Aquini) [1768386 1730471] - [mm] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (Rafael Aquini) [1768386 1730471] - [fs] block_invalidatepage(): only release page if the full page was invalidated (Rafael Aquini) [1768386 1730471] - [mm] mm/mempolicy.c: avoid use uninitialized preferred_node (Rafael Aquini) [1768386 1730471] - [mm] mm: pin address_space before dereferencing it while isolating an LRU page (Rafael Aquini) [1768386 1730471] - [fs] fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (Rafael Aquini) [1768386 1730471] - [mm] mm: do not rely on preempt_count in print_vma_addr (Rafael Aquini) [1768386 1730471] - [mm] mm, swap: fix race between swap count continuation operations (Rafael Aquini) [1768386 1730471] - [mm] mm: meminit: mark init_reserved_page as __meminit (Rafael Aquini) [1768386 1730471] - [mm] mm/vmstat.c: fix wrong comment (Rafael Aquini) [1768386 1730471] - [mm] mm, hugetlb: do not allocate non-migrateable gigantic pages from movable zones (Rafael Aquini) [1768386 1730471] - [mm] mm: always flush VMA ranges affected by zap_page_range (Rafael Aquini) [1768386 1730471] - [mm] mm/mremap: fail map duplication attempts for private mappings (Rafael Aquini) [1768386 1730471] - [mm] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (Rafael Aquini) [1768386 1730471] - [mm] mm: numa: avoid waiting on freed migrated pages (Rafael Aquini) [1768386 1730471] - [mm] mm/memory-failure.c: use compound_head() flags for huge pages (Rafael Aquini) [1768386 1730471] - [fs] fs/block_dev: always invalidate cleancache in invalidate_bdev() (Rafael Aquini) [1768386 1730471] - [mm] percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (Rafael Aquini) [1768386 1730471] - [mm] percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages (Rafael Aquini) [1768386 1730471] - [mm] mm: do not access page->mapping directly on page_endio (Rafael Aquini) [1768386 1730471] - [mm] mm/page_alloc: fix nodes for reclaim in fast path (Rafael Aquini) [1768386 1730471] - [mm] mm: alloc_contig_range: allow to specify GFP mask (Rafael Aquini) [1768386 1730471] - [mm] mm: vmscan: scan dirty pages even in laptop mode (Rafael Aquini) [1768386 1730471] - [mm] mm/mempolicy.c: do not put mempolicy before using its nodemask (Rafael Aquini) [1768386 1730471] - [mm] mm: fix set pageblock migratetype in deferred struct page init (Rafael Aquini) [1768386 1730471] - [mm] mm: delete unnecessary and unsafe init_tlb_ubc() (Rafael Aquini) [1768386 1730471] - [kernel] mm, mempolicy: task->mempolicy must be NULL before dropping final reference (Rafael Aquini) [1768386 1730471] - [mm] mm: use phys_addr_t for reserve_bootmem_region() arguments (Rafael Aquini) [1768386 1730471] - [mm] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (Rafael Aquini) [1768386 1730471] - [mm] mm: soft-offline: check return value in second __get_any_page() call (Rafael Aquini) [1768386 1730471] - [include] include/linux/memblock.h: fix ordering of 'flags' argument in comments (Rafael Aquini) [1768386 1730471] - [mm] rmap: fix theoretical race between do_wp_page and shrink_active_list (Rafael Aquini) [1768386 1730471] - [mm] mm/mremap.c: clean up goto just return ERR_PTR (Rafael Aquini) [1768386 1730471] - [mm] mremap should return -ENOMEM when __vm_enough_memory fail (Rafael Aquini) [1768386 1730471] - [mm] writeback: fix possible underflow in write bandwidth calculation (Rafael Aquini) [1768386 1730471] - [mm] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() (Rafael Aquini) [1768386 1730471] - [mm] mm/memory.c: actually remap enough memory (Rafael Aquini) [1768386 1730471] - [mm] mm/compaction: fix wrong order check in compact_finished() (Rafael Aquini) [1768386 1730471] - [mm] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (Rafael Aquini) [1768386 1730471] - [mm] mm: fix anon_vma_clone() error treatment (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: fix collapsing of hugepages on madvise (Rafael Aquini) [1768386 1730471] - [mm] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations (Rafael Aquini) [1768386 1730471] - [mm] OOM, PM: OOM killed task shouldn't escape PM suspend (Rafael Aquini) [1768386 1730471] - [mm] mm, compaction: pass gfp mask to compact_control (Rafael Aquini) [1768386 1730471] - [mm] mm: page_alloc: abort fair zone allocation policy when remotes nodes are encountered (Rafael Aquini) [1768386 1730471] - [mm] mm: vmscan: only update per-cpu thresholds for online CPU (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: replace smp_mb after atomic_add by smp_mb__after_atomic (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: move invariant bug check out of loop in __split_huge_page_map (Rafael Aquini) [1768386 1730471] - [mm] thp: consolidate assert checks in __split_huge_page() (Rafael Aquini) [1768386 1730471] - [mm] mm: fix sleeping function warning from __put_anon_vma (Rafael Aquini) [1768386 1730471] - [mm] mm: cleanup add_to_page_cache_locked() (Rafael Aquini) [1768386 1730471] - [mm] mm: mempolicy: turn vma_set_policy() into vma_dup_policy() (Rafael Aquini) [1768386 1730471] - [powerpc] powerpc/pseries: correctly track irq state in default idle (Steve Best) [1767620 1751970] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487} - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487} [3.10.0-1062.17.1] - [kvm] kvm: x86: always expose VIRT_SSBD to guests (Eduardo Habkost) [1797511 1744281] - [kvm] kvm: x86: fix reporting of AMD speculation bug CPUID leaf (Eduardo Habkost) [1797511 1744281] [3.10.0-1062.16.1] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796798 1794812] - [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796261 1771094] [3.10.0-1062.15.1] - [tools] perf top: Fix global-buffer-overflow issue (Michael Petlan) [1793581 1757325] - [tools] perf top: Always sample time to satisfy needs of use of ordered queuing (Michael Petlan) [1793581 1757325] [3.10.0-1062.14.1] - [s390] jump_label: replace stop_machine with smp_call_function (Hendrik Brueckner) [1787559 1720387] - [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1787558 1777876] - [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1783177 1674266] [3.10.0-1062.13.1] - [scsi] libiscsi: fall back to sendmsg for slab pages (Oleksandr Natalenko) [1784826 1720506] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17666 CVE-2019-19338 CVE-2019-11487 Oracle Linux 7 [9.0.3-7] - Bump Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 [9.0.3-6] - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20060 CVE-2019-11324 CVE-2018-18074 CVE-2019-11236 Oracle Linux 7 [15.1.0-4] - Bump Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1643829 [15.1.0-3] - Add three new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1643829 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11236 CVE-2018-18074 CVE-2018-20060 Oracle Linux 7 [5.0.2-34.el7_7.2] - improve printing of error messages introduced by the fix of CVE-2019-20044 [5.0.2-33.el7_7.1] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 Oracle Linux 7 [0:7.0.76-11] - Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1938 Oracle Linux 6 [4.3.11-11] - improve printing of error messages introduced by the fix of CVE-2019-20044 [4.3.11-10] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 Oracle Linux 6 [4.2.1-15] - Apply icu.13634.integer.overflow.patch - Apply icu.20958.segv.mapper.patch - Resolves: rhbz#1809876 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 Oracle Linux 7 [50.2-4] - Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch - Apply ICU-20958-Prevent-SEGV_MAPERR-in-append.patch - Resolves: rhbz#1808235 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 Oracle Linux 6 [1.1.6-20] - Fixes for CVE-2020-5312 and related part of CVE-2019-16865 Resolves: rhbz#1789533 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5312 Oracle Linux 8 [60.3-2] - Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch - Apply ICU-20958-Prevent-SEGV_MAPERR-in-append.patch - Resolves: rhbz#1808238 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 Oracle Linux 8 [5.5.1-6.el8_1.2] - improve printing of error messages introduced by the fix of CVE-2019-20044 [5.5.1-6.el8_1.1] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 Oracle Linux 7 [68.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6805 CVE-2020-6807 CVE-2020-6814 CVE-2020-6811 CVE-2019-20503 CVE-2020-6806 CVE-2020-6812 Oracle Linux 6 [0:6.0.24-114] - Related: rhbz#1806803 Update patch to remove secret attribute renaming [0:6.0.24-113] - Related: rhbz#1806803 Add IIS attributes to filter pattern and update secret logic [0:6.0.24-112] - Resolves: rhbz#1806803 CVE-2020-1938 tomcat6: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1938 Oracle Linux 7 [0.9.9-14] - Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client) (bug #1814339) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15690 Oracle Linux 6 [68.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20503 CVE-2020-6807 CVE-2020-6811 CVE-2020-6806 CVE-2020-6812 CVE-2020-6814 CVE-2020-6805 Oracle Linux 8 [68.6.0-1.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6814 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6805 CVE-2020-6812 CVE-2019-20503 Oracle Linux 8 [0.9.11-9.2] - Enable gating (bug #1681199) [0.9.11-9.1] - Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client) (bug #1814342) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15690 Oracle Linux 8 [1.8.18-12] - Disable -fstrict-aliasing (RPMDiff issue) [1.8.18-11] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 Oracle Linux 7 [0:1.8.18-9] - Disable -fstrict-aliasing (RPMDiff issue) [0:1.8.18-8] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 Oracle Linux 7 [8.24.0-52] RHEL 7.8 ERRATUM - edited patch file ID for imfile to not log useless errors also improved file-id behavior to adress newly found problems resolves: rhbz#1763746 [8.24.0-49] RHEL 7.8 ERRATUM - fixed fsync patch to actually revognize the new option resolves: rhbz#1696686 (failedQA) [8.24.0-48] RHEL 7.8 ERRATUM - added patch resolving crash on wrong MsgProperty resolves: rhbz#1549706 - added patch resolving CVE in pmaixforward module resolves: rhbz#1768320 - added patch resolving CVE in pmcisconames module resolves: rhbz#1768323 - added patch implementing file ID for imfile resolves: rhbz#1763746 - added patch fixing omelasticsearch with ES 6.X resolves: rhbz#1600171 [8.24.0-47] RHEL 7.8 ERRATUM - edited imfile truncation detection patch with reression fix resolves: rhbz#1744856 [8.24.0-46] RHEL 7.8 ERRATUM - Support Intermediate Certificate Chains in rsyslog resolves: rhbz#1627799 - fixed WorAroundJournalBug patch to not cause leaks resolves: rhbz#1744617 - added patch fixing possible segfault in rate-limiter resolves: rhbz#1744682 [8.24.0-45] RHEL 7.8 ERRATUM - fixed fsync patch according to covscan results resolves: rhbz#1696686 [8.24.0-44] RHEL 7.8 ERRATUM - added patch and doc-patch for new caseSensitive imUDP/TCP option resolves: rhbz#1309698 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17041 CVE-2019-17042 Oracle Linux 7 [0.14.0-8] - Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-7] [0.14.0-7] - Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name X-Requested-With [0.14.0-6] - Apply the patch from the previous commit - Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-7] [0.14.0-5] - Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-7] [0.14.0-4] - Resolves: rhbz#1576719 - ECP flow not triggering, instead client access secured resources without ECP authentication [0.14.0-3] - Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when hostname contains a number MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13038 Oracle Linux 7 [2.1.0-11] - add security fix for CVE-2015-2716 MODERATE Copyright 2020 Oracle, Inc. CVE-2015-2716 Oracle Linux 7 [3.10.0-1127.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127] - [fs] flexfiles: Dont tie up all the rpciod threads in resends (Benjamin Coddington) [1778963] [3.10.0-1126] - [scsi] scsi: qla2xxx: Fix unbound NVME response length (Himanshu Madhani) [1788669] [3.10.0-1125] - [fs] mark struct file that had write access grabbed by open() (Miklos Szeredi) [1679829] - [fs] fold __get_file_write_access() into its only caller (Miklos Szeredi) [1679829] - [powerpc] get rid of DEBUG_WRITECOUNT (Miklos Szeredi) [1679829] - [fs] dont bother with {get, put}_write_access() on non-regular files (Miklos Szeredi) [1679829] - [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1784550] - [fs] gfs2: gfs2_create_inode(): dont bother with d_splice_alias() (Andreas Grunbacher) [1784550] - [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1784550] - [fs] libceph: fix PG split vs OSD (re)connect race (Ilya Dryomov) [1785656] - [scsi] Fix driver intialization failure for sli4 non nvme (Dick Kennedy) [1783899] - [netdrv] hv_netvsc: fix race that may miss tx queue wakeup (Mohammed Gamal) [1781322] [3.10.0-1124] - [s390] s390: wire up sys_renameat2 (Miklos Szeredi) [1773504] - [net] ipvs: do not use random local source address for tunnels (Xin Long) [1786676] - [misc] mei: me: add cannon point device ids for 4th device (Jerry Snitselaar) [1745139] - [misc] mei: me: add cannon point device ids (Jerry Snitselaar) [1745139] - [netdrv] bnxt_en: Support all variants of the 5750X chip family (Jonathan Toppins) [1789345] [3.10.0-1123] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705005] {CVE-2019-11487} - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705005] {CVE-2019-11487} - [fs] CIFS: avoid using MID 0xFFFF (Leif Sahlberg) [1771255] - [net] netfilter: xt_TRACE: add explicitly nf_logger_find_get call (Phil Sutter) [1774444] - [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775236] {CVE-2019-17666} [3.10.0-1122] - [drm] drm/amd/powerplay: use hardware fan control if no powerplay fan table (Lyude Paul) [1729286] - [nvme] nvme-fc: fix double-free scenarios on hw queues (Ewan Milne) [1731286] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779768] - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779768] {CVE-2019-19338} - [s390] s390/qeth: ensure linear access to packet headers (Philipp Rudo) [1782927] - [s390] s390/qeth: guard against runt packets (Philipp Rudo) [1782927] - [s390] s390/qeth: consolidate skb allocation (Philipp Rudo) [1782927] - [s390] s390/qeth: clean up page frag creation (Philipp Rudo) [1782927] - [netdrv] i40e: Fix for persistent lldp support (Stefan Assmann) [1782689] [3.10.0-1121] - [platform] thinkpad_acpi: Dont yell on unsupported brightness interfaces (Lyude Paul) [1305619] - [platform] thinkpad-acpi: fix handle locate for video and query of _BCL (Lyude Paul) [1305619] - [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1777876] - [scsi] scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Himanshu Madhani) [1783016] - [scsi] scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Himanshu Madhani) [1783016] - [scsi] scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [1783016] - [powerpc] KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel (Gustavo Duarte) [1777710] - [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1777710] - [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1777710] - [net] openvswitch: fix flow command message size (Paolo Abeni) [1776578] - [block] brd: re-enable __GFP_HIGHMEM in brd_insert_page() (Jeff Moyer) [1781298] - [block] brd: remove dax support (Jeff Moyer) [1781298] - [nvme] nvme: dont access the inlined bio after nvmet request is completed (Ming Lei) [1631120] - [fs] epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() (Miklos Szeredi) [1780128] - [nvme] nvme: fix NULL pointer dereference in nvme_init_subsystem (Ewan Milne) [1781316] - [nvme] nvme-fabrics: allow duplicate connections to the discovery controller (Ewan Milne) [1781316] - [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1772966] [3.10.0-1120] - [md] raid5: need to set STRIPE_HANDLE for batch head (Xiao Ni) [1774330] - [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1780026] - [block] block: dont change REQ_NR_BITS (Ming Lei) [1779712] [3.10.0-1119] - [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1674266] - [vhost] vsock: split packets to send using multiple buffers (Stefano Garzarella) [1777349] - [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1767935] - [x86] perf/x86: Modify error message in virtualized environment (Michael Petlan) [1759758] - [fs] cifs: Fix infinite loop when using hard mount option (Dave Wysochanski) [1770404] - [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776157] {CVE-2019-14901} [3.10.0-1118] - [net] ipv6: support more tunnel interfaces for EUI64 link-local generation (Guillaume Nault) [1770686] - [net] netfilter: masquerade: dont flush all conntracks if only one address deleted on device (Patrick Talbert) [1771396] - [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1771396] - [net] ipvs: fix buffer overflow with sync daemon and service (Davide Caratti) [1725440] - [net] ipvs: fix rtnl_lock lockups caused by start_sync_thread (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to make_receive_sock (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to make_send_sock (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to start_sync_thread (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to ip_vs_genl_new_daemon (Davide Caratti) [1725440] - [net] ipvs: add sync_maxlen parameter for the sync daemon (Davide Caratti) [1725440] - [net] ipvs: call rtnl_lock early (Davide Caratti) [1725440] - [net] netfilter: dont use mutex_lock_interruptible() (Davide Caratti) [1725440] - [net] ipvs: fix memory leak in ip_vs_ctl.c (Davide Caratti) [1725440] - [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776206] - [scsi] Revert 'qla2xxx: Mark NVMe/FC initiator mode usage as technology preview' (Ewan Milne) [1642968] [3.10.0-1117] - [x86] x86/speculation: Remove unneeded STIBP code (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [1766540] {CVE-2019-11135} - [documentation] x86/speculation: Fix incorrect MDS/TAA mitigation status (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766540] {CVE-2019-11135} - [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766540] {CVE-2019-11135} - [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766540] {CVE-2019-11135} - [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1690343] {CVE-2018-12207} - [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1690343] {CVE-2018-12207} - [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1690343] {CVE-2018-12207} - [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1690343] {CVE-2018-12207} - [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1690343] {CVE-2018-12207} [3.10.0-1116] - [netdrv] net/mlx5: Fix auto group size calculation (Alaa Hleihel) [1769309] - [mm] x86/io: add interface to reserve io memtype for a resource range. (v1.1) (Dave Airlie) [1739623] - [sound] alsa: emux: Fix potential Spectre v1 vulnerabilities (Jaroslav Kysela) [1672561] - [s390] s390/smt: Fix s390 SMT reporting (Josh Poimboeuf) [1764184] - [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1725396] - [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1725396] - [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1725396] - [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1765975] [3.10.0-1115] - [scsi] Fix stack tarce when lpfc driver is unloaded (Dick Kennedy) [1774744] - [scsi] qla2xxx: Update driver version (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix partial flash write of MBI (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix device connect issues in P2P configuration (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix double scsi_done for abort path (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix driver unload hang (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix SRB leak on switch command timeout (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix premature timer expiration (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Uninline qla2x00_init_timer() (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Do command completion on abort timeout (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Dual FCP-NVMe target port support (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Use tabs instead of spaces for indentation (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix N2N link up fail (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix N2N link reset (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Reduce the number of forward declarations (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Remove a superfluous forward declaration (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix stuck login session (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (Himanshu Madhani) [1731581] - [media] cx24116: fix a buffer overflow when checking userspace params (Jarod Wilson) [1737279] {CVE-2015-9289} - [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1760746] - [fs] Fix the locking in dcache_readdir() and friends (Ondrej Mosnacek) [1510603] - [fs] much milder d_walk() race (Ondrej Mosnacek) [1510603] - [fs] libfs.c: new helper - next_positive() (Ondrej Mosnacek) [1510603] - [fs] dcache_{readdir, dir_lseek}(): dont bother with nested ->d_lock (Ondrej Mosnacek) [1510603] - [security] selinuxfs: dont open-code d_genocide() (Ondrej Mosnacek) [1510603] - [fs] fs/dcache: Enable automatic reclaim of excess negative dentries (Waiman Long) [1489573] - [fs] fs/dcache: Add sysctl parameter negative-dentry-limit as a soft limit on negative dentries (Waiman Long) [1489573] - [fs] fs/dcache: Move percpu count updates out of dcache_lru_lock (Waiman Long) [1489573] - [fs] fs/dcache: Dont set DCACHE_REFERENCED on dentries when first put into LRU (Waiman Long) [1489573] [3.10.0-1114] - [kernel] sched/numa: Fix a possible divide-by-zero (Vladis Dronov) [1765959] - [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1773762] - [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1773762] - [kernel] seccomp: Fix tracer exit notifications during fatal signals (Vladis Dronov) [1770484] - [x86] x86/ptrace: run seccomp after ptrace (Vladis Dronov) [1770484] - [fs] cifs: Fix retry mid list corruption on reconnects (Dave Wysochanski) [1614201] - [fs] cifs: add a warning if we try to to dequeue a deleted mid (Dave Wysochanski) [1614201] - [fs] cifs: Fix use after free of a mid_q_entry (Dave Wysochanski) [1614201] - [fs] Dont log confusing message on reconnect by default (Dave Wysochanski) [1614201] - [fs] ceph: mark Fw cap dirty after splice write (Zheng Yan) [1710751] - [fs] cifs: Force reval dentry if LOOKUP_REVAL flag is set (Dave Wysochanski) [1771657] - [fs] cifs: Force revalidate inode when dentry is stale (Dave Wysochanski) [1771657] - [fs] cifs: Gracefully handle QueryInfo errors during open (Dave Wysochanski) [1771657] [3.10.0-1113] - [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756816] {CVE-2019-0154} - [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756816] {CVE-2019-0154} - [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756883] {CVE-2019-0155} - [fs] Fix error code in nfs_lookup_verify_inode() (Benjamin Coddington) [1761957] - [scsi] scsi: qla2xxx: Initialized mailbox to prevent driver load failure (Himanshu Madhani) [1770307] - [powerpc] powerpc/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294] - [s390] s390/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294] - [s390] s390/seccomp: fix error return for filtered system calls (Vladis Dronov) [1760294] - [netdrv] bnxt_en: flow_offload: offload tunnel decap rules via indirect callbacks (Davide Caratti) [1717422] - [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1771849] - [x86] kvm: x86: skip populating logical dest map if apic is not sw enabled (Bandan Das) [1738496] - [x86] kvm: x86: remove unnecessary recalculate_apic_map (Bandan Das) [1738496] - [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1750577] - [scsi] scsi: bnx2fc: remove set but not used variable 'fh' (Nilesh Javali) [1750577] - [scsi] scsi: qedi: Remove WARN_ON from clear task context (Nilesh Javali) [1461697] - [scsi] scsi: qedi: Remove WARN_ON for untracked cleanup (Nilesh Javali) [1461697] [3.10.0-1112] - [scsi] scsi: mpt3sas: change allocation option (Tomas Henzl) [1763796] - [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1752061] - [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1760668] - [net] mac80211: Reject malformed SSID elements (Stanislaw Gruszka) [1748266] - [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: change qu with jf devices to use qu configuration (Stanislaw Gruszka) [1748266] - [net] mac80211: fix txq null pointer dereference (Stanislaw Gruszka) [1748266] - [net] nl80211: fix null pointer dereference (Stanislaw Gruszka) [1748266] - [net] cfg80211: initialize on-stack chandefs (Stanislaw Gruszka) [1748266] - [net] cfg80211: validate SSID/MBSSID element ordering assumption (Stanislaw Gruszka) [1748266] - [net] nl80211: validate beacon head (Stanislaw Gruszka) [1748266] - [net] mac80211: keep BHs disabled while calling drv_tx_wake_queue() (Stanislaw Gruszka) [1748266] - [net] cfg80211: Purge frame registrations on iftype change (Stanislaw Gruszka) [1748266] - [wireless] rtw88: pci: Use DMA sync instead of remapping in RX ISR (Stanislaw Gruszka) [1748266] - [wireless] rtw88: pci: Rearrange the memory usage for skb in RX ISR (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 (Stanislaw Gruszka) [1748266] - [net] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (Stanislaw Gruszka) [1748266] - [net] mac80211: Do not send Layer 2 Update frame before authorization (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: assign directly to iwl_trans->cfg in QuZ detection (Stanislaw Gruszka) [1748266] - [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1748266] - [net] mac80211: Correctly set noencrypt for PAE frames (Stanislaw Gruszka) [1748266] - [net] mac80211: Dont memset RXCB prior to PAE intercept (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: handle switching killer Qu B0 NICs to C0 (Stanislaw Gruszka) [1748266] - [net] Revert 'cfg80211: fix processing world regdomain when non modular' (Stanislaw Gruszka) [1748266] - [net] mac80211: fix possible sta leak (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: fix recognition of QuZ devices (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: dont switch FW to qnj when ax201 is detected (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: fix the byte count table format for 22560 devices (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: mvm: Allow multicast data frames only when associated (Stanislaw Gruszka) [1748266] - [netdrv] i40e: initialize ITRN registers with correct values (Stefan Assmann) [1630307] - [net] tuntap: synchronize through tfiles array instead of tun->numqueues (Eugenio Perez) [1713616] - [net] tuntap: fix use after free during release (Eugenio Perez) [1713616] - [net] tun: fix use after free for ptr_array (Eugenio Perez) [1713616] - [net] tun/tap: sanitize TUNSETSNDBUF input (Eugenio Perez) [1713616] - [block] block: Dont merge requests if integrity flags differ (Ming Lei) [1767605] - [block] blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (Ming Lei) [1767605] - [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1769569] - [netdrv] qede: fix NULL pointer deref in __qede_remove() (Manish Chopra) [1766574] - [fs] xfs: only trace buffer items if they exist (Brian Foster) [1768722] - [nvme] nvme: make fabrics command run on a separate request queue (David Milburn) [1769900] - [nvme] nvme: Restart request timers in resetting state (David Milburn) [1769900] - [nvme] nvme-rdma: fix possible use-after-free in connect timeout (David Milburn) [1769900] - [netdrv] i40e: enable X710 support (Stefan Assmann) [1764987] [3.10.0-1111] - [md] md: support for queue flag QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1767472] - [net] ipv4: Return -ENETUNREACH if we cant create route but saddr is valid (Stefano Brivio) [1633140] - [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1753480] - [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1753480] - [net] sock: fix lockdep annotation in release_sock (Paolo Abeni) [1753150] - [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1757943] - [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1757943] - [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1757943] [3.10.0-1110] - [nvme] nvme-pci: Fix controller freeze wait disabling (David Milburn) [1766279] - [net] mac80211: fix kfree() on stack memory in ieee80211_crypto_aes_gmac_decrypt() (Stanislaw Gruszka) [1764510] - [md] dm rq: fix handling underlying queue busy (Ming Lei) [1767482] [3.10.0-1109] - [netdrv] net/mlx5e: Initialize on stack link modes bitmap (Alaa Hleihel) [1764272] - [netdrv] net/mlx5e: Fix ethtool self test: link speed (Alaa Hleihel) [1764272] - [netdrv] net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (Alaa Hleihel) [1764272] - [fs] xfs: end sync buffer I/O properly on shutdown error (Brian Foster) [1750602] - [fs] xfs: kill __xfs_buf_submit_common() (Brian Foster) [1750602] - [fs] xfs: combinesync buffer submission apis (Brian Foster) [1750602] - [fs] xfs: lobotomise xfs_trans_read_buf_map() (Brian Foster) [1750602] - [fs] cifs: Fix use after free of file info structures (Dave Wysochanski) [1757872] - [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1758001] - [mm] mm, compaction: avoid isolating pinned pages (Rafael Aquini) [1344862] - [scsi] scsi: smartpqi: change TMF timeout from 60 to 30 seconds (Don Brace) [1709620] - [scsi] scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (Don Brace) [1709620] - [scsi] scsi: smartpqi: add inquiry timeouts (Don Brace) [1709620] - [scsi] scsi: smartpqi: increase LUN reset timeout (Don Brace) [1709620] - [firmware] x86, efi: never relocate kernel below lowest acceptable address (Kairui Song) [1732737] - [powerpc] powerpc: dump kernel log before carrying out fadump or kdump (Desnes Augusto Nunes do Rosario) [1750250] - [s390] s390/cpumsf: Check for CPU Measurement sampling (Philipp Rudo) [1765124] - [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1765123] - [mm] s390/mm: Fix swiotlb for protected virtualization (Philipp Rudo) [1765122] [3.10.0-1108] - [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1748306] - [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1748306] - [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1748306] - [scsi] hpsa: update driver version (Joseph Szczypek) [1761978] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1761978] - [tty] TTY: serial_core, add ->install (Kenneth Yin) [1443152] - [scsi] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (Ewan Milne) [1734685] - [fs] scsi: sysfs: Introduce sysfs_{un, }break_active_protection() (Ewan Milne) [1734685] [3.10.0-1107] - [x86] x86/kdump: Reserve extra memory when SME or SEV is active (Kairui Song) [1724887] - [block] block: fix blk_recount_segments (Ming Lei) [1762459] - [nvme] nvme-pci: Fix a race in controller removal (Gopal Tiwari) [1761998] - [char] hpet: Fix output of hpet_mmap kernel parameter (Prarit Bhargava) [1764790] - [tools] perf tools: Apply new CPU topology sysfs attributes (Jiri Olsa) [1640900] - [tools] perf header: Rename 'sibling cores' to 'sibling sockets' (Jiri Olsa) [1640900] - [tools] perf stat: Support per-die aggregation (Jiri Olsa) [1640900] - [tools] perf stat: Support 'percore' event qualifier (Jiri Olsa) [1640900] - [tools] perf stat: Factor out aggregate counts printing (Jiri Olsa) [1640900] - [tools] perf tools: Add a 'percore' event qualifier (Jiri Olsa) [1640900] - [tools] perf header: Add die information in CPU topology (Jiri Olsa) [1640900] - [tools] perf cpumap: Retrieve die id information (Jiri Olsa) [1640900] - [tools] perf tools: Use sysfs__mountpoint() when reading cpu topology (Jiri Olsa) [1640900] - [tools] perf tools: Add numa_topology object (Jiri Olsa) [1640900] - [tools] perf header: Fix wrong node write in NUMA_TOPOLOGY feature (Jiri Olsa) [1640900] - [tools] perf tools: Add cpu_topology object (Jiri Olsa) [1640900] - [tools] perf header: Remove unused 'cpu_nr' field from 'struct cpu_topo' (Jiri Olsa) [1640900] - [acpi] ACPICA: Increase total number of possible Owner IDs (Frank Ramsay) [1756339] - [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1764567] - [netdrv] mark the intel igc driver as tech preview (David Arcari) [1721615] - [netdrv] igc: Clean up unused shadow_vfta pointer (David Arcari) [1721615] - [netdrv] igc: Add Rx checksum support (David Arcari) [1721615] - [netdrv] igc: Add set_rx_mode support (David Arcari) [1721615] - [netdrv] igc: Add SCTP CRC checksumming functionality (David Arcari) [1721615] - [netdrv] igc: Add tx_csum offload functionality (David Arcari) [1721615] - [netdrv] igc: Remove unneeded PCI bus defines (David Arcari) [1721615] - [netdrv] igc: Add NVM checksum validation (David Arcari) [1721615] - [netdrv] igc: Remove useless forward declaration (David Arcari) [1721615] - [netdrv] ethernet: Delete unnecessary checks before the macro call 'dev_kfree_skb' (David Arcari) [1721615] - [netdrv] igc: Add more SKUs for i225 device (David Arcari) [1721615] - [netdrv] igc: Update the MAC reset flow (David Arcari) [1721615] - [netdrv] igc: Remove the unused field from a device specification structure (David Arcari) [1721615] - [netdrv] igc: Remove the polarity field from a PHY information structure (David Arcari) [1721615] - [netdrv] igc: Prefer pcie_capability_read_word() (David Arcari) [1721615] - [netdrv] igc: Cleanup the redundant code (David Arcari) [1721615] - [netdrv] igc: Add flow control support (David Arcari) [1721615] - [netdrv] igc: Remove the obsolete workaround (David Arcari) [1721615] - [netdrv] igc: Clean up unused pointers (David Arcari) [1721615] - [netdrv] igc: Fix double definitions (David Arcari) [1721615] - [netdrv] igb/igc: warn when fatal read failure happens (David Arcari) [1721615] - [netdrv] Revert 'mark the intel igc driver as tech preview' (David Arcari) [1721615] - [md] dm: Use kzalloc for all structs with embedded biosets/mempools (Mike Snitzer) [1766389] [3.10.0-1106] - [net] sysfs: Fix mem leak in netdev_register_kobject (Stefano Brivio) [1752690] {CVE-2019-15916} - [fs] revert [fs] cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (Dave Wysochanski) [1757872] - [fs] revert [fs] cifs: add spinlock for the openFileList to cifsInodeInfo (Dave Wysochanski) [1757872] - [fs] revert [fs] cifs: add more spinlocks to pretect against races (Dave Wysochanski) [1757872] - [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1749390] - [mm] percpu: remove spurious lock dependency between percpu and sched (Vladis Dronov) [1744633] - [mm] percpu: stop printing kernel addresses (Vladis Dronov) [1744633] - [mm] percpu: use chunk scan_hint to skip some scanning (Vladis Dronov) [1744633] - [mm] percpu: convert chunk hints to be based on pcpu_block_md (Vladis Dronov) [1744633] - [mm] percpu: make pcpu_block_md generic (Vladis Dronov) [1744633] - [mm] percpu: use block scan_hint to only scan forward (Vladis Dronov) [1744633] - [mm] percpu: remember largest area skipped during allocation (Vladis Dronov) [1744633] - [mm] percpu: add block level scan_hint (Vladis Dronov) [1744633] - [mm] percpu: set PCPU_BITMAP_BLOCK_SIZE to PAGE_SIZE (Vladis Dronov) [1744633] - [mm] percpu: relegate chunks unusable when failing small allocations (Vladis Dronov) [1744633] - [mm] percpu: manage chunks based on contig_bits instead of free_bytes (Vladis Dronov) [1744633] - [mm] percpu: introduce helper to determine if two regions overlap (Vladis Dronov) [1744633] - [mm] percpu: do not search past bitmap when allocating an area (Vladis Dronov) [1744633] - [mm] percpu: update free path with correct new free region (Vladis Dronov) [1744633] - [mm] mm/percpu: add checks for the return value of memblock_alloc*() (Vladis Dronov) [1744633] - [mm] percpu: km: no need to consider pcpu_group_offsets (Vladis Dronov) [1744633] - [mm] percpu: use nr_groups as check condition (Vladis Dronov) [1744633] - [mm] percpu: stop leaking bitmap metadata blocks (Vladis Dronov) [1744633] - [fs] /proc/meminfo: add percpu populated pages count (Vladis Dronov) [1744633] - [mm] mm: Allow to kill tasks doing pcpu_alloc() and waiting for pcpu_balance_workfn() (Vladis Dronov) [1744633] - [mm] percpu: include linux/sched.h for cond_resched() (Vladis Dronov) [1744633] - [mm] percpu: add a schedule point in pcpu_balance_workfn() (Vladis Dronov) [1744633] - [mm] percpu: fix iteration to prevent skipping over block (Vladis Dronov) [1744633] - [mm] percpu: fix starting offset for chunk statistics traversal (Vladis Dronov) [1744633] - [mm] percpu: update header to contain bitmap allocator explanation (Vladis Dronov) [1744633] - [mm] percpu: update pcpu_find_block_fit to use an iterator (Vladis Dronov) [1744633] - [mm] percpu: use metadata blocks to update the chunk contig hint (Vladis Dronov) [1744633] - [mm] percpu: update free path to take advantage of contig hints (Vladis Dronov) [1744633] - [mm] percpu: update alloc path to only scan if contig hints are broken (Vladis Dronov) [1744633] - [mm] percpu: keep track of the best offset for contig hints (Vladis Dronov) [1744633] - [mm] percpu: skip chunks if the alloc does not fit in the contig hint (Vladis Dronov) [1744633] - [mm] percpu: add first_bit to keep track of the first free in the bitmap (Vladis Dronov) [1744633] - [mm] percpu: introduce bitmap metadata blocks (Vladis Dronov) [1744633] - [mm] percpu: replace area map allocator with bitmap (Vladis Dronov) [1744633] - [mm] percpu: generalize bitmap (un)populated iterators (Vladis Dronov) [1744633] - [mm] percpu: increase minimum percpu allocation size and align first regions (Vladis Dronov) [1744633] - [mm] percpu: introduce nr_empty_pop_pages to help empty page accounting (Vladis Dronov) [1744633] - [mm] percpu: change the number of pages marked in the first_chunk pop bitmap (Vladis Dronov) [1744633] - [mm] percpu: combine percpu address checks (Vladis Dronov) [1744633] - [mm] percpu: modify base_addr to be region specific (Vladis Dronov) [1744633] - [mm] percpu: setup_first_chunk rename schunk/dchunk to chunk (Vladis Dronov) [1744633] - [mm] percpu: end chunk area maps page aligned for the populated bitmap (Vladis Dronov) [1744633] - [mm] percpu: unify allocation of schunk and dchunk (Vladis Dronov) [1744633] - [mm] percpu: setup_first_chunk remove dyn_size and consolidate logic (Vladis Dronov) [1744633] - [mm] percpu: remove has_reserved from pcpu_chunk (Vladis Dronov) [1744633] - [mm] percpu: introduce start_offset to pcpu_chunk (Vladis Dronov) [1744633] - [mm] percpu: setup_first_chunk enforce dynamic region must exist (Vladis Dronov) [1744633] - [mm] percpu: update the header comment and pcpu_build_alloc_info comments (Vladis Dronov) [1744633] - [mm] percpu: expose pcpu_nr_empty_pop_pages in pcpu_stats (Vladis Dronov) [1744633] - [mm] percpu: change the format for percpu_stats output (Vladis Dronov) [1744633] - [mm] percpu: pcpu-stats change void buffer to int buffer (Vladis Dronov) [1744633] - [mm] percpu: fix static checker warnings in pcpu_destroy_chunk (Vladis Dronov) [1744633] - [mm] percpu: fix early calls for spinlock in pcpu_stats (Vladis Dronov) [1744633] - [mm] percpu: resolve err may not be initialized in pcpu_alloc (Vladis Dronov) [1744633] - [mm] percpu: add tracepoint support for percpu memory (Vladis Dronov) [1744633] - [mm] percpu: expose statistics about percpu memory via debugfs (Vladis Dronov) [1744633] - [mm] percpu: migrate percpu data structures to internal header (Vladis Dronov) [1744633] - [mm] percpu: add missing lockdep_assert_held to func pcpu_free_area (Vladis Dronov) [1744633] - [mm] percpu: ensure the requested alignment is power of two (Vladis Dronov) [1744633] - [mm] tree wide: use kvfree() than conditional kfree()/vfree() (Vladis Dronov) [1744633] - [mm] mm/percpu: use offset_in_page macro (Vladis Dronov) [1744633] - [mm] percpu: clean up of schunk->mapassignment in pcpu_setup_first_chunk (Vladis Dronov) [1744633] - [mm] mm/percpu.c: fix panic triggered by BUG_ON() falsely (Vladis Dronov) [1744633] - [mm] mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk() (Vladis Dronov) [1744633] - [mm] mm/percpu.c: correct max_distance calculation for pcpu_embed_first_chunk() (Vladis Dronov) [1744633] - [mm] mm: percpu: use pr_fmt to prefix output (Vladis Dronov) [1744633] (Vladis Dronov) [1744633] - [mm] mm: coalesce split strings (Vladis Dronov) [1744633] - [mm] mm: convert pr_warning to pr_warn (Vladis Dronov) [1744633] - [mm] percpu: use *pbto print bitmaps including cpumasks and nodemasks (Vladis Dronov) [1744633] - [mm] percpu: off by one in BUG_ON() (Vladis Dronov) [1744633] - [mm] mm/percpu.c: use memblock apis for early memory allocations (Vladis Dronov) [1744633] - [mm] percpu: use VMALLOC_TOTAL instead of VMALLOC_END - VMALLOC_START (Vladis Dronov) [1744633] - [mm] percpu: fix bootmem error handling in pcpu_page_first_chunk() (Vladis Dronov) [1744633] [3.10.0-1105] - [nvme] nvme: Treat discovery subsystems as unique subsystems (Ewan Milne) [1731579] - [scsi] scsi: core: Log SCSI command age with errors (Ewan Milne) [1751716] - [security] selinux: fix context string corruption in convert_context() (Ondrej Mosnacek) [1759803] - [usb] xhci: Prevent deadlock when xhci adapter breaks during init (Torez Smith) [1710090] - [scsi] scsi: core: add new RDAC LENOVO/DE_Series device (Ewan Milne) [1699439] - [wireless] Correct strange error in Makefiles for building modules in separate directories (Neil Horman) [1753927] - [md] dm snapshot: rework COW throttling to fix deadlock (Mike Snitzer) [1758603] - [md] dm snapshot: introduce account_start_copy() and account_end_copy() (Mike Snitzer) [1758603] - [drm] i915: Stop reconfiguring our shmemfs mountpoint (Vladis Dronov) [1759980] - [kernel] perf/core: Fix perf_event_open() vs. execve() race (Jiri Olsa) [1701620] {CVE-2019-3901} [3.10.0-1104] - [md] raid5: dont set STRIPE_HANDLE to stripe which is in batch list (Nigel Croxon) [1631765 1750287] - [kernel] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Vladis Dronov) [1760639] - [kernel] alarmtimer: Remove unused but set variable (Vladis Dronov) [1760639] - [x86] efi/x86: do not clean dummy variable in kexec path (Bhupesh Sharma) [1707669] - [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1756843] - [x86] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (David Arcari) [1730884] - [infiniband] RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (Selvin Xavier) [1629037] - [infiniband] RDMA/bnxt_re: Increase depth of control path command queue (Selvin Xavier) [1629037] - [x86] x86/efi/pti: In __load_cr3(), EFI PGD has no shadow (Lenny Szubowicz) [1750767] - [char] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (Prarit Bhargava) [1660800] MODERATE Copyright 2020 Oracle, Inc. CVE-2018-19985 CVE-2019-9503 CVE-2019-10638 CVE-2019-13648 CVE-2019-10639 CVE-2019-18660 CVE-2019-15916 CVE-2019-12382 CVE-2017-17807 CVE-2018-7191 CVE-2015-9289 CVE-2019-10207 CVE-2019-11190 CVE-2019-13233 CVE-2018-20169 CVE-2019-3901 CVE-2019-11884 CVE-2019-14283 CVE-2019-16746 Oracle Linux 7 [7.29.0-57.0.1] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) [7.29.0-57] - allow curl to POST from a char device (#1769307) [7.29.0-56] - fix auth failure with duplicated WWW-Authenticate header (#1754736) [7.29.0-55] - fix TFTP receive buffer overflow (CVE-2019-5436) LOW Copyright 2020 Oracle, Inc. CVE-2019-5436 Oracle Linux 7 accountsservice [0.6.50-7] - version bump to prevent future update path introduced by RHBA-2019:45836 Resolves: #1721562 colord [1.3.4-2] - Downgrade a trivial warning to a debug statement - Resolves: #1421231 control-center [3.28.1-6] - Calculate better extents for the configured displays arrangement Resolves: #1591643 [3.28.1-5] - Fix crash in thunderbolt panel Resolves: #1672289 gdm [3.28.2-22] - Fix PostSession on reboot too - Fix spew in log on shutdown Related: #1547158 [3.28.2-18] - Include gdm-disable-wayland binary Resolves: #1749325 [3.28.2-17] - Fix PostSession Resolves: #1547158 gnome-online-accounts [3.28.2-1] - Update to 3.28.2 Resolves: #1674534 gnome-settings-daemon [3.28.1-8] - Add display mapping check specific for the Dell Canvas Resolves: #1548320 [3.28.1-7] - Fallback scale properly without org.gnome.Mutter.DisplayConfig Resolves: #1556776 [3.28.1-6] - Handle rfkill device disappearing Resolves: #1691197 gnome-shell [3.28.3-24] - Fix orphaned animation actors Related: #1753799 [3.28.3-23] - Fix 'Not Listed?' entry to shows characters instead of bullets Resolves: #1772896 [3.28.3-22] - Fix partial lock screen bypass Resolves: #1669393 [3.28.3-21] - Add missing comma neglected in last build Related: #1766501 [3.28.3-20] - Performance backports Resolves: #1766501 [3.28.3-19] - Fix crash when window removed Resolves: #1752547 [3.28.3-18] - Change method for handling rapid mouse input better Resolves: #1657887 [3.28.3-17] - Handle rapid mouse input better Resolves: #1657887 [3.28.3-16] - Support horizontal workspace layouts Related: #1720286 [3.28.3-15] - Backport window management crash fix Resolves: #1743913 gnome-shell-extensions [3.28.1-11] - A couple of fixes to the classic backports Resolves: #1778270 [3.28.1-10] - Fix unwanted appearance of workspace switcher menu Resolves: #1752357 [3.28.1-9] - Make classic mode more classic Resolves: #1720286 [3.28.1-8] - Add extra-osk-keys extension Resolves: #1702417 gnome-tweak-tool [3.28.1-7] - Resolves: #1789491 (Extensions panel is empty) [3.28.1-6] - Resolves: #1460768 (Cannot hide desktop icons in classic mode) - Resolves: #1607839 (Invisible panel is made visible on click between Setting and Toggle button) [3.28.1-5] - Reflect extension status in the UI - Resolves: #1474852 [3.28.1-4] - Fix keyboard panel crashes - Resolves: #1667421 [3.28.1-3] - Fixes to port to python2 - Resolves: #1610335 gsettings-desktop-schemas [3.28.0-3] - add setting to display Show Password menu Related: #1506370 gtk3 [3.22.30-5] - Handle lack of SVG loader gracefully - Resolves: #1660642 [3.22.30-4] - Clamp X11 window size both when creating and resizing - Resolves: #1687745 libcanberra [0.30-9] - Quiet theme sounds when not available (rebuild for 7.8) - Resolves: rhbz#1556800 [0.30-8] - Quiet theme sounds when not available (rebuild) - Resolves: rhbz#1556800 [0.30-7] - Quiet theme sounds when not available - Resolves: rhbz#1556800 [0.30-6] - Add quiet option - Resolves: rhbz#1556800 libgweather [3.28.2-3] - Fix multilib conflict in subpackage (#1623538) LibRaw [0.19.4-1] - Update to 0.19.4 - Resolves: #1741274 mutter [3.28.3-20] - Free close dialog before unmanaging parent Related: #1753799 [3.28.3-19] - Fix invalid read in idle monitor Resolves: #1752378 [3.28.3-18] - More performance backports Resolves: #1766501 [3.28.3-17] - Dont freeze if input happens after many days of inactivity Resolves: #1728761 [3.28.3-16] - Dont loose pointer button grabs Resolves: #1657887 [3.28.3-15] - Expose workspace layout as properties Related: #1720286 nautilus [3.26.1-7] - Remove brasero-nautilus requirement from s390x and ppc64 arches (rhbz#1723283) osinfo-db [20190805-2.0.1] - Add Oracle os info files [20190805-2] - Resolves: rhbz#1750807 - Fedora/RHEL/CentOS JeOS kickstart files for unattended installation are broken [20190805-1] - Resolves: rhbz#1737367 - Update to latest upstream release - Resolves: rhbz#1737369 - Add 7.8 to the osinfo-db which will be used on 7.8 shared-mime-info [1.8-5] - support new toplevel font types Resolves: #1678448 tracker [1.10.5-8] - Avoid dconf warnings in tracker-extract Resolves: #1474305 Resolves: #1508660 [1.10.5-7] - Fix potential crash on files ending with invalid UTF-8 Resolves: #1646345 xchat [1:2.8.8-25] - Fix a typo in the patch to restore the status icon after resuming Resolves: #1544840 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3820 Oracle Linux 7 [5.11-36] - fix out-of-bounds read via a crafted ELF file (CVE-2018-10360) LOW Copyright 2020 Oracle, Inc. CVE-2018-10360 Oracle Linux 7 [1:1.8.5-4] - Resolves: #1483569, incorrect processing of code blocks - Resolves: #1724173 - CVE-2016-10245, cross-site scripting LOW Copyright 2020 Oracle, Inc. CVE-2016-10245 Oracle Linux 7 [2:2012-45.20130427_r30134] - Related: #1650521, buffer overflow in t1_check_unusual_charstring function [2:2012-44.20130427_r30134] - Resolves: #1650521, buffer overflow in t1_check_unusual_charstring function MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17407 Oracle Linux 7 [1.15-22] - Resolves: #1686115, integer overflow in png_compress [1.15-21] - Resolves: #1711051, CVE-2019-8383 denial of service - Resolves: #1710910, CVE-2019-8379 null pointer dereference [1.15-20] - Mass rebuild 2014-01-24 [1.15-19] - Mass rebuild 2013-12-27 [1.15-18] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [1.15-17] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.15-16] - Add disttag, modernise spec file [1.15-15] - Rebuilt for c++ ABI breakage [1.15-14] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.15-13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.15-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.15-11] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.15-10] - Autorebuild for GCC 4.3 [1.15-9] - Rebuild for new BuildID feature. [1.15-8] - Update License field. - Remove dist tag, since the package will seldom change. [1.15-7] - Switch to using DESTDIR install method. [1.15-6] - Switch to use downloads.sf.net source URL. - Tweak defattr. [1.15-5] - FC6 rebuild, remove gcc-c++ build requirement (its a default). [1.15-4] - FC5 rebuild. [1.15-3] - Rebuild for new gcc/glibc. [1.15-2] - Rebuild for FC5. [1.15-1] - Update to 1.15, includes 64bit fixes. [1.14-5] - Update 64bit patch to a cleaner approach as Ralf suggested. [1.14-4] - fix build on 64bit arches [1.14-3] - rebuild on all arches [1.14-2] - rebuilt [1.14-1] - Update to 1.14. [1.13-1] - Update to 1.13. [1.12-1] - Update to 1.12. [1.11-1] - Update to 1.11. [1.10-1] - Update to 1.10. [1.7-2] - Rebuild for Fedora Core 1. - Added missing build dependencies, thanks to mach. * Tue Aug 26 2003 Matthias Saou <http://freshrpms.net/> - Update to 1.7. * Thu May 22 2003 Matthias Saou <http://freshrpms.net/> - Initial RPM release. MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9210 Oracle Linux 7 [4.4.8-12] - Resolves: #1611641 - CVE-2018-10916 lftp: particular remote file names may lead to current working directory erased MODERATE Copyright 2020 Oracle, Inc. CVE-2018-10916 Oracle Linux 7 [1.10.14-24.0.1] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.10.14-24] - Related: #1613034 - Typo in the previous patch discovered by covscan [1.10.14-23] - Related: #1613034 - Fixing an infinite loop created by previous update [1.10.14-22] - Related: #1633330 - fixing a couple of covscan issues [1.10.14-21] - Related: #1254543 - removing endian shift in packetlogger because it failed to recognize bluetooth hci packet [1.10.14-20] - Resolves: #1254543 - valgrind reports errors on pcap file from an older cve [1.10.14-19] - Related: #1633330 - A few more checks in the packet dissector [1.10.14-18] - Resolves: #1176967 - wireshark crashes opening large packet captures [1.10.14-17] - Resolves: #1557212 - CVE-2018-7418 SIGCOMP dissector crash in packet-sigcomp.c - Resolves: #1588208 - CVE-2018-11362 Out-of-bounds Read in packet-ldss.c - Resolves: #1612146 - CVE-2018-14340 Multiple dissectors could crash - Resolves: #1613032 - CVE-2018-14341 DICOM dissector infinite loop - Resolves: #1613034 - CVE-2018-14368 Bazaar dissector infinite loop - Resolves: #1633330 - CVE-2018-16057 Radiotap dissector crash - Resolves: #1660148 - CVE-2018-19622 Infinite loop in the MMSE dissector MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14340 CVE-2018-14341 CVE-2018-19622 CVE-2018-11362 CVE-2018-14368 CVE-2018-16057 CVE-2018-7418 Oracle Linux 7 [1:1.6.3-43] - 1687571 - cupsd doesnt clean tmp files if client conn is terminated abnormally [1:1.6.3-42] - 1651575 - CVE-2018-4700 cups [1:1.6.3-41] - 1608764 - CVE-2018-4180 cups - 1607291 - CVE-2018-4181 cups MODERATE Copyright 2020 Oracle, Inc. CVE-2018-4180 CVE-2018-4181 CVE-2018-4700 Oracle Linux 7 [1.1.0-5] - Resolves: rhbz#1740212 - New defect found in libosinfo-1.1.0-4.el7 [1.1.0-4] - Resolves: rhbz#1727842 - CVE-2019-13313 libosinfo: osinfo-install-script option leaks password via command line argument LOW Copyright 2020 Oracle, Inc. CVE-2019-13313 Oracle Linux 7 [3:2.1.15-30] - Resolves: #1599692 - Sanitize input on listinfo page (CVE-2018-0618) [3:2.1.15-29] - Resolves: #1611689 - Trim long text in 'no such list' messages [3:2.1.15-28] - Resolves: #1718180 - Try to decode member name first [3:2.1.15-27] - Related : #1545973 - Bump release to override rhel-7.4.z version MODERATE Copyright 2020 Oracle, Inc. CVE-2018-0618 CVE-2018-13796 Oracle Linux 7 [32:9.11.4-16.P2] - Finish dig query when name is too long (#1743572) [32:9.11.4-15.P2] - Stop listening on IPv6 by default (#1753259) [32:9.11.4-14.P2] - Limit number of queries per TCP connection (CVE-2019-6477) [32:9.11.4-13.P2] - Revert not searching names with dot (#1743572) [32:9.11.4-12.P2] - Fix mkeys test validating CVE-2018-5745 fix [32:9.11.4-11.P2] - Use monotonic time in export library (#1093803) [32:9.11.4-10.P2] - Fix CVE-2018-5745 - Fix CVE-2019-6465 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-6465 CVE-2018-5745 CVE-2019-6477 Oracle Linux 7 [1:2.2.36-6] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes (#1741787) [1:2.2.36-5] - fix CVE-2019-3814: improper certificate validation (#1674369) - fix CVE-2019-7524: buffer overflow in indexer-worker process resulting in privilege escalation (#1700398) [1:2.2.36-4] - use portreserve to avoid port conflicts(#1270283) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-7524 CVE-2019-3814 Oracle Linux 7 [7:3.5.20-15] - Resolves: #1690551 - Squid cache_peer DNS lookup failed when not all lower case - Resolves: #1680022 - squid cant display download/upload packet size for HTTPS sites - Resolves: #1717430 - Excessive memory usage when running out of descriptors - Resolves: #1676420 - Cache siblings return wrongly cached gateway timeouts - Resolves: #1729435 - CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi - Resolves: #1582301 - CVE-2018-1000024 CVE-2018-1000027 squid: various flaws [7:3.5.20-13] - Resolves: #1620546 - migration of upstream squid MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1000027 CVE-2019-13345 CVE-2018-1000024 Oracle Linux 7 evince [3.28.2-9] - Handle failure from TIFFReadRGBAImageOriented - Resolves: #1717352 poppler [0.26.5-42] - Fix potential integer overflow and check length for negative values - Resolves: #1757283 [0.26.5-41] - Ignore dict Length if it is broken - Resolves: #1733026 [0.26.5-40] - Fail gracefully if not all components of JPEG2000Stream - have the same size - Resolves: #1723504 [0.26.5-39] - Check whether input is RGB in PSOutputDev::checkPageSlice() - Resolves: #1697575 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9959 CVE-2018-21009 CVE-2019-12293 CVE-2019-11459 CVE-2019-10871 Oracle Linux 7 atk [2.28.1-2] - Remove patch to fix invalid unref at atk_gobject_accessible_object_gone_cb() - Resolves: #1753123 evolution [3.28.5-8] - Update patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) [3.28.5-7] - Add patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) [3.28.5-6] - Add patch for RH bug #1753122 (GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child()) evolution-data-server [3.28.5-4] - Add patch related to evolution-ews CVE-2019-3890 (RH bug #1696762) evolution-ews [3.28.5-5] - Remove patch for RH bug #1764669 (Send meeting change notifications only if being the organizer) [3.28.5-4] - Add patch for RH bug #1392567 (Sync CategoryList with mail Labels) - Add patch for RH bug #1764669 (Send meeting change notifications only if being the organizer) [3.28.5-3] - Add patch for RH bug #1696760 (CVE-2019-3890 - SSL Certificates are not validated) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3890 CVE-2018-15587 Oracle Linux 7 [1:5.7.2-47] - revert calculation of free space (#1779609) [1:5.7.2-46] - fix sha224 and sha384 declaration check (#1774693) [1:5.7.2-45] - fix memory leak introduced by fix of snmp v3 traps forwarding (#1751195) [1:5.7.2-44] - add support for glusterfs (#1316386) - change services to start after network-online.target (#1388118) - fix interface fadeout configuration (#1547355) - fix scanf pattern for ICMP stats (#1693547) - change buffer size in pass_common.c file (#1695363 and #1731357) - remove initial whitespace reading from scanf pattern of /sys/dev/block/../stat file (#1700494) - fix for CVE-2018-18066 (#1638911) - add Counter64 support for UCD-SNMP-MIB (#1703752) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-18066 Oracle Linux 7 [4.10.4-10] - resolves: #1786324 - fix security level check for DsRGetForestTrustInformation [4.10.4-9] - resolves: #1764468 - Fix CVE-2019-10218 [4.10.4-8] - resolves: #1656541 - Fix join using netbios name [4.10.4-7] - resolves: #1657428 - Fix spnego downgrade - resolves: #1663064 - Fix net ads join in hardened environments [4.10.4-6] - resolves: #1753254 - Fix trusted domain enumeration in windind caused a Active Directory update [4.10.4-5] - resolves: #1751335 - Fix username/passwd auth with smbspool [4.10.4-4] - resolves: #1740986 - Fix issues creating BUILTIN\Guests [4.10.4-3] - resolves: #1746240 - Security fix for CVE-2019-10197 [4.10.4-2] - resolves: #1740000 - Fix 'net ads join createcomputer=<accountou>' [4.10.4-1] - resolves: #1497809 - Add --resolve-uids for 'smbstatus -L' - resolves: #1714947 - Fix idmap_tdb2 scripts [4.10.4-0] - resolves: #1724991 - Update to version 4.10.4 - resolves: #1595277 - Update manpage for 'net ads lookup' MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10218 CVE-2019-10197 Oracle Linux 7 [12.1.0-6] - Fix CVE-2019-12387 (HTTP Header Injection) Resolves: rhbz#1721518 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12387 Oracle Linux 7 [1:5.5.65-1] - Rebase to 5.5.65 Also fixes: CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 Resolves: #1741357 - Revert upstream changes that make the mysql_install_db relocatable because it broke mysql_install_db when run without --rpm arg Resolves: #1731062 - Add openssl BR that was missing for the tests MODERATE Copyright 2020 Oracle, Inc. CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 Oracle Linux 7 [5.44-6] - fixing CVE-2018-10910. Resolves: #1609340 LOW Copyright 2020 Oracle, Inc. CVE-2018-10910 Oracle Linux 7 [5.4.16-48] - fix underflow in env_path_info in fpm_main.c CVE-2019-11043 [5.4.16-47] - fix stack-buffer-overflow while parsing HTTP response CVE-2018-7584 - fix out-of-bounds read in base64_decode_xmlrpc CVE-2019-9024 - fix reflected XSS in phar 404 page CVE-2018-5712 - fix reflected XSS in phar 403 and 404 error pages CVE-2018-10547 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-5712 CVE-2019-9024 CVE-2018-10547 CVE-2018-7584 Oracle Linux 7 [4.2.46-34] - BASH_CMD should not be writable in restricted shell Resolves: #1693181 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9924 Oracle Linux 7 [1.5.3-173.el7] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791560] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560] - Resolves: bz#1791560 (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8]) [1.5.3-172.el7] - kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961] - kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961] - Resolves: bz#1771961 (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8]) [1.5.3-171.el7] - kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471] - kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471] - kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471] - kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607] - Resolves: bz#1638471 ([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model) - Resolves: bz#1760607 (Corrupted EAX values due to missing brackets at CPUID[0x800000008] code) [1.5.3-170.el7] - kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735] - kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971] - kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971] - kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971] - kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971] - kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971] - kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971] - kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971] - kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971] - kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971] - kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971] - kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791] - Resolves: bz#1709971 ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm) - Resolves: bz#1714791 ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm) - Resolves: bz#1749735 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7]) [1.5.3-169.el7] - kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871] - kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871] - kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658] - Resolves: bz#1626871 ([RFE] request for using TscInvariant feature with qemu-kvm.) - Resolves: bz#1706658 ([Intel 7.8 Bug] qemu-kvm fail with 'err:kvm_init_vcpu() invalidate argumant' on ICX platform) [1.5.3-168.el7] - kvm-qxl-check-release-info-object.patch [bz#1712703] - kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166] - kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749] - Resolves: bz#1270166 (UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.) - Resolves: bz#1712703 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7]) - Resolves: bz#1734749 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 Oracle Linux 7 [2.4.6-93.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-93] - Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time [2.4.6-92] - htpasswd: add SHA-2 crypt() support (#1486889) [2.4.6-91] - Resolves: #1630886 - scriptlet can fail if hostname is not installed - Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values - Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request - Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch directive - Resolves: #1633152 - mod_session missing apr-util-openssl - Resolves: #1649470 - httpd response contains garbage in Content-Type header - Resolves: #1724034 - Unexpected OCSP in proxy SSL connection MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1301 CVE-2017-15710 CVE-2018-17199 Oracle Linux 7 [5:1.5.21-29] - Fix IMAP header caching path traversal vulnerability - Resolves: #1608011 - Resolves: CVE-2018-14355 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14355 Oracle Linux 7 [2.7.5-88.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-88] - Security fix for CVE-2019-16056 Resolves: rhbz#1750773 [2.7.5-87] - Fix CVE-2018-20852 Resolves: rhbz#1741551 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16056 CVE-2018-20852 Oracle Linux 7 [3.6.8-13.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-13] - Security fix for CVE-2019-16056 Resolves: rhbz#1750774 [3.6.8-12] - Add support for OpenSSL FIPS mode - Fix faulthandler stack size Resolves: rhbz#1732908 [3.6.8-11] - Security fix for CVE-2018-20852 Resolves: rhbz#1741552 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20852 CVE-2019-16056 Oracle Linux 7 [0.112-26.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.112-26] - Refined upstream fix of CVE-2018-1116 to avoid ABI changes - Related: rhbz#1601411 [0.112-25] - fix of CVE-2018-1116 - Resolves: rhbz#1601411 [0.112-24] - pkttyagent: resetting terminal erases rest of input line - Resolves: rhbz#1753037 [0.112-23] - pkttyagent: process stopped by SIGTTOU if run in background job - Resolves: rhbz#1724444 LOW Copyright 2020 Oracle, Inc. CVE-2018-1116 Oracle Linux 7 [0.19.8.1-3] - fix CVE-2018-18751: double-free in xgettext (rhbz#1648433) LOW Copyright 2020 Oracle, Inc. CVE-2018-18751 Oracle Linux 7 [1:5.3.6.1-24.0.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-24] - Resolves: rhbz#1728763 bg of blocks is black [1:5.3.6.1-23] - Resolves: rhbz#1601372 libreoffice fails to build with --nocheck [1:5.3.6.1-22] - Resolves: rhbz#1743962 CVE-2019-9848 - Resolves: rhbz#1743954 CVE-2019-9849 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9851 CVE-2019-9850 CVE-2019-9849 CVE-2019-9848 CVE-2019-9852 CVE-2019-9854 CVE-2019-9853 Oracle Linux 7 [1.8.0-3] - Fix for CVE-2019-14850 denial of service due to premature opening of back-end connection resolves: rhbz#1757261 [1.8.0-2] - Explicitly disable nbdkit-ext2-plugin in configure resolves: rhbz#1724242 LOW Copyright 2020 Oracle, Inc. CVE-2019-14850 Oracle Linux 7 [1:4.8.7-8] - Fix QImage allocation failure in qgifhandler Resolves: bz#1667863 - Fix QTgaFile CPU exhaustion Resolves: bz#1667879 - Fix QBmpHandler segmentation fault on malformed BMP file Resolves: bz#1667862 [1:4.8.7-7] - Fix crash when parsing malformed url reference in svg Resolves: bz#1667882 [1:4.8.7-6] - Fix crash in qppmhandler for certain malformed image files Resolves: bz#1702031 [1:4.8.7-5] - Fix possible heap corruption in QXmlStream Resolves: bz#1667861 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-19870 CVE-2018-19871 CVE-2018-19873 CVE-2018-19872 CVE-2018-15518 CVE-2018-19869 Oracle Linux 7 [4.10.5-8] - Fix path traversal issue when extracting an .okular file Resolves: bz#1634726 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1000801 Oracle Linux 7 [1.8-8.20130218git] - Fixed OOB read when loading invalid ogg flac file Resolves: bz#1585260 LOW Copyright 2020 Oracle, Inc. CVE-2018-11439 Oracle Linux 7 [0.6.31-20] - multicast DNS no longer responds to unicast queries outside of local network (#1663410) LOW Copyright 2020 Oracle, Inc. CVE-2017-6519 Oracle Linux 7 [0.13.62-12] - Fix a directory traversal bug - unzip-mem should now strip all '../' prefixes from the archived files - Resolves: CVE-2018-17828 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17828 Oracle Linux 7 autotrace [0.31.1-38] - Resolves: #1765205 rebuild against new IM emacs [1:24.3-23] - Resolves: #1765208 rebuild against new IM ImageMagick [6.9.10.68-3] - Fixing freeze when svg file contains class='' [6.9.10.68-2] - Fixed ghostscript fonts, fixed multilib conflicts [6.9.10.68-1] - Rebase to 6.9.10.68 inkscape [0.92.2-3] - Resolves: #1765211 rebuild against new IM MODERATE Copyright 2020 Oracle, Inc. CVE-2017-18271 CVE-2018-10805 CVE-2018-15607 CVE-2019-11598 CVE-2019-12978 CVE-2019-13304 CVE-2019-13306 CVE-2019-13311 CVE-2019-14981 CVE-2019-16708 CVE-2019-16711 CVE-2019-19949 CVE-2017-11166 CVE-2018-14434 CVE-2019-13297 CVE-2019-11597 CVE-2019-13134 CVE-2019-13305 CVE-2019-13307 CVE-2018-10804 CVE-2019-7175 CVE-2019-15141 CVE-2019-16713 CVE-2018-13153 CVE-2019-7397 CVE-2019-12975 CVE-2019-13301 CVE-2017-1000476 CVE-2018-16750 CVE-2019-17540 CVE-2017-12805 CVE-2018-18544 CVE-2019-10131 CVE-2019-13300 CVE-2018-12600 CVE-2018-16328 CVE-2018-20467 CVE-2019-13133 CVE-2019-13135 CVE-2019-13310 CVE-2019-15139 CVE-2019-17541 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-14437 CVE-2018-16749 CVE-2019-9956 CVE-2019-11470 CVE-2019-11472 CVE-2019-12979 CVE-2019-15140 CVE-2019-16709 CVE-2019-16710 CVE-2017-18273 CVE-2018-8804 CVE-2018-9133 CVE-2019-13309 CVE-2017-12806 CVE-2018-10177 CVE-2018-11656 CVE-2018-12599 CVE-2019-12974 CVE-2019-13454 CVE-2019-19948 CVE-2018-14435 CVE-2019-7398 CVE-2019-13295 CVE-2019-10650 CVE-2019-12976 CVE-2019-16712 CVE-2019-14980 CVE-2018-14436 Oracle Linux 7 [6.0-21] - Fix CVE-2019-13232 - Resolves: CVE-2019-13232 LOW Copyright 2020 Oracle, Inc. CVE-2019-13232 Oracle Linux 7 [1.0.25-11] - fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598577) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-13139 Oracle Linux 7 [1.0.1-9] Also add O_EXCL to log_blackbox.c when creating files Resolves: rhbz#1714853 [1.0.1-8] Improve socket security Resolves: rhbz#1714853 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12779 Oracle Linux 7 [2.9.1-6.0.1.4] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-6.4] - Fix CVE-2015-8035 (#1595697) - Fix CVE-2018-14404 (#1602817) - Fix CVE-2017-15412 (#1729857) - Fix CVE-2016-5131 (#1714050) - Fix CVE-2017-18258 (#1579211) - Fix CVE-2018-1456 (#1622715) MODERATE Copyright 2020 Oracle, Inc. CVE-2015-8035 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2016-5131 CVE-2018-14567 Oracle Linux 7 [1.5.3-173.el7_8.1] - kvm-util-add-slirp_fmt-helpers.patch [bz#1798970] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798970] - Resolves: bz#1798970 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.8.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 Oracle Linux 8 [1.8.15-6.1] - - Fix hapack zero byte input causing overwrite (CVE-2020-11100, #1819518) [1.8.15-6] - Add gating tests (#1682106) CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-11100 Oracle Linux 8 nodejs [1:12.16.1-2] - Fix CVE-2020-10531 [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 [1:12.14.1-1] - Rebase to 12.14.1 [1:12.13.1-1] - Resolves: RHBZ# 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds [1:12.4.0-2] - Resolves:RHBZ#1685191 - Add condition to libs [1:12.4.0-1] - Update to v12.x - Add v8-devel and libs subpackages from fedora [1:10.14.1-2] - move nodejs-packaging BR out of conditional [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 Oracle Linux 8 nodejs [1:10.19.0-2] - Resolves: RHBZ#1811498 [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 Oracle Linux 8 [1:0.17-73.1] - Resolves: #1814473 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 Oracle Linux 6 [1.8.15-3] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 Oracle Linux 7 [1:0.17-65] - Resolves: #1814475 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 Oracle Linux 6 [1:0.17-49] - Resolves: #1814775 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 Oracle Linux 7 [68.6.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.6.1-1] - Update to 68.6.1 ESR CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 Oracle Linux 6 [68.6.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 Oracle Linux 8 [68.6.1-1.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.6.1-1] - Update to 68.6.1 ESR CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 Oracle Linux 6 [1.0.1-10] - Apply previous patch - Resolves: #1814774 [1.0.1-9] - Fix CVE-2020-10188 (netclear()/nextitem() buffer overrun) - Resolves: #1814774 [1.0.1-8] - bump release number to sort newer than the recent 6.2 update IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 Oracle Linux 8 qemu-kvm [2.12.0-88.0.1.el8_1_0.3] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-88.el8_1_0.3] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791565] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791565] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791565] - kvm-iscsi-Avoid-potential-for-get_status-overflow.patch [bz#1794500] - kvm-iscsi-Cap-block-count-from-GET-LBA-STATUS-CVE-2020-1.patch [bz#1794500] - Resolves: bz#1791565 (CVE-2020-7039 virt:rhel/qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-8.1.0.z]) - Resolves: bz#1794500 (CVE-2020-1711 qemu-kvm: QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server [rhel-8.1.0.z]) libvirt [4.5.0-35.3.0.1] - added librbd1 as dependency (Keshav Sharma) [4.5.0-35.3.el8] - qemu: Translate features in virQEMUCapsGetCPUFeatures (rhbz#1809510) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 CVE-2020-1711 Oracle Linux 8 [4.18.0-147.8.1_1.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-147.8.1_1] - rebuild, due infrastructure issues last kernel build wasn't signed properly [1807231 1807216] [4.18.0-147.7.1_1] - [hid] hiddev: do cleanup in failure of opening a device (Benjamin Tissoires) [1803458 1803460] {CVE-2019-19527} - [hid] hiddev: avoid opening a disconnected device (Benjamin Tissoires) [1803458 1803460] {CVE-2019-19527} - [nvme] nvmet: fix discover log page when offsets are used (Gopal Tiwari) [1801216 1745836] - [netdrv] ibmvnic: Serialize device queries (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Bound waits for device queries (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Terminate waiting device threads after loss of service (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Fix completion structure initialization (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (Steve Best) [1794060 1778037] - [tools] selftests/powerpc: Fix compile error on tlbie_test due to newer gcc (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [tools] selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [powerpc] powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [powerpc] powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [powerpc] powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions (Desnes Augusto Nunes do Rosario) [1794058 1755707] [4.18.0-147.6.1_1] - [crypto] crypto: chelsio - count incomplete block in IV (Jonathan Toppins) [1798527 1725813] - [crypto] crypto: chelsio - Fix softlockup with heavy I/O (Jonathan Toppins) [1798527 1725813] - [crypto] crypto: chelsio - Fix NULL pointer dereference (Jonathan Toppins) [1798527 1725813] - [nvme] nvme: Treat discovery subsystems as unique subsystems (Ewan Milne) [1798381 1757525] - [mm] mm/page-writeback.c: don't break integrity writeback on ->writepage() error (Christoph von Recklinghausen) [1797962 1782117] - [lib] crc-t10dif: crc_t10dif_mutex can be static (Vladis Dronov) [1797961 1769462] - [lib] crc-t10dif: Allow current transform to be inspected in sysfs (Vladis Dronov) [1797961 1769462] - [lib] crc-t10dif: Pick better transform if one becomes available (Vladis Dronov) [1797961 1769462] - [crypto] api - Introduce notifier for new crypto algorithms (Vladis Dronov) [1797961 1769462] - [block] blk-mq: make sure that line break can be printed (Ming Lei) [1797960 1741462] - [block] blk-mq: avoid sysfs buffer overflow with too many CPU cores (Ming Lei) [1797960 1741462] - [scsi] hpsa: update driver version (Joseph Szczypek) [1797519 1761968] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1797519 1761968] - [arm64] arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space (Mark Salter) [1797518 1757828] - [arm64] arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419 (Mark Salter) [1797518 1757828] - [arm64] arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 (Mark Salter) [1797518 1757828] - [arm64] arm64: Handle erratum 1418040 as a superset of erratum 1188873 (Mark Salter) [1797518 1757828] - [arm64] arm64: errata: Add workaround for Cortex-A76 erratum #1463225 (Mark Salter) [1797518 1757828] - [arm64] arm64: Kconfig: Tidy up errata workaround help text (Mark Salter) [1797518 1757828] - [arm64] arm64: Apply ARM64_ERRATUM_1188873 to Neoverse-N1 (Mark Salter) [1797518 1757828] - [arm64] arm64: Add part number for Neoverse N1 (Mark Salter) [1797518 1757828] - [arm64] arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (Mark Salter) [1797518 1757828] - [arm64] arm64: Restrict ARM64_ERRATUM_1188873 mitigation to AArch32 (Mark Salter) [1797518 1757828] - [arm64] arm64: arch_timer: avoid unused function warning (Mark Salter) [1797518 1757828] - [arm64] arm64: Add workaround for Cortex-A76 erratum 1286807 (Mark Salter) [1797518 1757828] - [md] dm snapshot: rework COW throttling to fix deadlock (Mike Snitzer) [1796490 1758605] - [md] dm snapshot: introduce account_start_copy() and account_end_copy() (Mike Snitzer) [1796490 1758605] - [block] fix memleak of bio integrity data (Ming Lei) [1795338 1779898] - [powerpc] xive: Prevent page fault issues in the machine crash handler (Diego Domingos) [1795337 1756116] - [scsi] scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (Tomas Henzl) [1795335 1726251] - [powerpc] powerpc/perf: Disable trace_imc pmu (Steve Best) [1794061 1785573] - [s390] s390/qeth: ensure linear access to packet headers (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: guard against runt packets (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: handle skb allocation error gracefully (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: drop unwanted packets earlier in RX path (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: support per-frame invalidation (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: gather more detailed RX dropped/error statistics (Philipp Rudo) [1794059 1781085] - [s390] s390/net: Mark expected switch fall-throughs (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: consolidate skb RX processing in L3 driver (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: remove RX seqno in skb->cb (Philipp Rudo) [1794059 1781085] - [powerpc] kvm: ppc: book3s hv: Flush link stack on guest exit to host kernel (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] 64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] fsl: Update Spectre v2 reporting (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] 64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] 64: Disable the speculation barrier from the command line (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [firmware] efi/memreserve: Register reservations as 'reserved' in /proc/iomem (Bhupesh Sharma) [1792200 1772730] - [firmware] efi/memreserve: deal with memreserve entries in unmapped memory (Bhupesh Sharma) [1792200 1772730] - [s390] s390/cpum_sf: save TOD clock base in SDBs for time conversion (Philipp Rudo) [1792198 1743504] - [s390] s390/sclp: Fix bit checked for has_sipl (Philipp Rudo) [1791408 1748347] - [scsi] qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Himanshu Madhani) [1790350 1782598] - [scsi] qla2xxx: Added support for MPI and PEP regions for ISP28XX (Himanshu Madhani) [1790350 1782598] - [scsi] qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [1790350 1782598] - [powerpc] powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction (Gustavo Duarte) [1788862 1750653] {CVE-2019-15030} - [powerpc] powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts (Gustavo Duarte) [1791630 1750653] {CVE-2019-15031} - [scsi] scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Himanshu Madhani) [1788206 1753031] - [scsi] qla2xxx: call dma_free_coherent with correct size in all cases in qla24xx_sp_unmap (Himanshu Madhani) [1788206 1753031] - [fs] devpts_pty_kill(): don't bother with d_delete() (Eric Sandeen) [1783959 1772718] - [fs] devpts: always delete dcache dentry-s in dput() (Eric Sandeen) [1783959 1772718] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18660 CVE-2019-15030 CVE-2019-15031 CVE-2019-19527 Oracle Linux 8 buildah [1.11.6-6.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-6] - fix COPY command takes long time with buildah - Resolves: #1806119 [1.11.6-5] - fix Podman support for FIPS Mode requires a bind mount inside the container - Resolves: #1804188 cockpit-podman [11-1] - Fix Alert notification in Image Search Modal - Allow more than a single Error Notification for Container action errors - Various Alert cleanups - Translation updates - Related: RHELPLAN-25138 [10-1] - Support for user containers - Show list of containers that use given image - Show placeholder while loading containers and images - Fix setting memory limit - bug 1732713 - Add container Terminal - bug 1703245 - Related: RHELPLAN-25138 conmon [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25138 [2:2.0.5-1] - update to 2.0.5 - Related: RHELPLAN-25138 [2:2.0.4-1] - update to 2.0.4 bugfix release - Related: RHELPLAN-25138 [2:2.0.3-2.giteb5fa88] - BR: systemd-devel - Related: RHELPLAN-25138 [2:2.0.3-1.giteb5fa88] - update to 2.0.3 [2:2.0.2-0.1.dev.git422ce21] - build latest upstream master [2:2.0.0-2] - remove BR: go-md2man since no manpages yet container-selinux [2:2.124.0-1] - update to 2.124.0 - Related: RHELPLAN-25138 fuse-overlayfs [0.7.2-5] - be sure to work properly also with older rhel8 kernels, thanks to Giuseppe Scrivano - Resolves: #1803495 [0.7.2-4] - latest iteration of segfault fix patch, thanks to Giuseppe Scrivano - Resolves: #1803495 [0.7.2-3] - fix fuse-overlayfs segfault - Resolves: #1805016 [0.7.2-2] - fix useradd and groupadd fail under rootless Buildah and podman - Resolves: #1803495 podman [1.6.4-4.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-4] - fix podman (1.6.4) rhel 8.1 no route to host from inside container - Resolves: #1806900 [1.6.4-3] - fix Podman support for FIPS Mode requires a bind mount inside the container - Resolves: #1804194 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25138 runc [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25138 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options skopeo [0.1.40-8.0.1] - Add oracle registry into the conf file [Orabug: 29845934] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-8] - change the search order of registries and remove quay.io (#1784267) slirp4netns [0.4.2-3.git21fdece] - Fix CVE-2020-8608 - Related: RHELPLAN-25138 toolbox [0.0.4-1.el8] - Update for rhel8.1 container-tools module udica [0.2.1-2] - initial import to container-tools 8.2.0 - Related: RHELPLAN-25139 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 Oracle Linux 6 [0.12.1.2-2.506.el6_10.7] - kvm-slirp-disable-tcp_emu.patch [bz#1791680] - kvm-slirp-add-slirp_fmt-helpers.patch [bz#1798966] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798966] - Resolves: bz#1791680 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6]) - Resolves: bz#1798966 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 Oracle Linux 8 [68.7.0-2.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6822 CVE-2020-6825 CVE-2020-6821 Oracle Linux 7 [68.7.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.7.0-2] - Update to 68.7.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6825 CVE-2020-6822 Oracle Linux 6 [68.7.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6820 CVE-2020-6821 CVE-2020-6825 CVE-2020-6822 CVE-2020-6819 Oracle Linux 7 [68.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.7.0-1] - Update to 68.7.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6825 CVE-2020-6821 CVE-2020-6822 CVE-2020-6819 CVE-2020-6820 Oracle Linux 8 [68.7.0-1.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.7.0-1] - Update to 68.7.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6822 CVE-2020-6820 CVE-2020-6825 CVE-2020-6819 Oracle Linux 8 [1.9.0-14] - Bump build version Resolves: bz#1819877 Resolves: bz#1819879 Resolves: bz#1819882 Resolves: bz#1819886 Resolves: bz#1819884 [1.9.0-13] - Fix stack buffer overflow in CMsgReader::readSetCursor Resolves: bz#1819877 - Fix heap buffer overflow in DecodeManager::decodeRect Resolves: bz#1819879 - Fix heap buffer overflow in TightDecoder::FilterGradient Resolves: bz#1819882 - Fix heap-based buffer overflow triggered from CopyRectDecoder Resolves: bz#1819886 - Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder Resolves: bz#1819884 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15693 CVE-2019-15691 CVE-2019-15692 CVE-2019-15695 CVE-2019-15694 Oracle Linux 6 [1:1.8.0.252.b09-2] - Add release notes. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u242-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Resolves: rhbz#1810557 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2803 CVE-2020-2830 CVE-2020-2773 CVE-2020-2754 CVE-2020-2805 CVE-2020-2755 CVE-2020-2800 CVE-2020-2781 CVE-2020-2756 CVE-2020-2757 Oracle Linux 7 [1:1.7.0.261-2.6.22.2.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.261-2.6.22.2] - Modify NEWS installation to avoid subpackage naming. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.1] - Add release notes from IcedTea. - Mark license files with appropriate macro. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.0] - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2803 CVE-2020-2781 CVE-2020-2800 CVE-2020-2805 CVE-2020-2773 CVE-2020-2830 CVE-2020-2756 CVE-2020-2757 Oracle Linux 6 [1:1.7.0.261-2.6.22.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.261-2.6.22.1] - Add release notes from IcedTea. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.0] - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2756 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2757 CVE-2020-2773 CVE-2020-2805 CVE-2020-2830 Oracle Linux 7 [1:11.0.7.10-4.0.1] - link atomic for ix86 build [1:11.0.7.10-4] - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz#1810557 [1:11.0.7.10-3] - Amend release notes, removing issue actually fixed in 11.0.6. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Add release notes. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. - Resolves: rhbz#1810557 [1:11.0.7.10-0] - Update to shenandoah-jdk-11.0.7+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:11.0.7.9-0.0.ea] - Update to shenandoah-jdk-11.0.7+9 (EA) - Resolves: rhbz#1810557 [1:11.0.7.8-0.0.ea] - Update to shenandoah-jdk-11.0.7+8 (EA) - Resolves: rhbz#1810557 [1:11.0.7.7-0.0.ea] - Update to shenandoah-jdk-11.0.7+7 (EA) - Resolves: rhbz#1810557 [1:11.0.7.6-0.0.ea] - Update to shenandoah-jdk-11.0.7+6 (EA) - Resolves: rhbz#1810557 [1:11.0.7.5-0.0.ea] - Update to shenandoah-jdk-11.0.7+5 (EA) - Resolves: rhbz#1810557 [1:11.0.7.4-0.0.ea] - Update to shenandoah-jdk-11.0.7+4 (EA) - Resolves: rhbz#1810557 [1:11.0.7.3-0.0.ea] - Update to shenandoah-jdk-11.0.7+3 (EA) - Resolves: rhbz#1810557 [1:11.0.7.2-0.0.ea] - Update to shenandoah-jdk-11.0.7+2 (EA) - Resolves: rhbz#1810557 [1:11.0.7.1-0.0.ea] - Update to shenandoah-jdk-11.0.7+1 (EA) - Switch to EA mode for 11.0.7 pre-release builds. - Drop JDK-8236039 backport now applied upstream. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2773 CVE-2020-2778 CVE-2020-2805 CVE-2020-2800 CVE-2020-2803 CVE-2020-2830 CVE-2020-2781 CVE-2020-2754 CVE-2020-2816 CVE-2020-2767 CVE-2020-2755 CVE-2020-2757 CVE-2020-2756 Oracle Linux 7 [1.8.3.1-22 ] - Crafted URL containing new lines can cause credential leak - Resolves: CVE-2020-5260 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5260 Oracle Linux 7 [1:1.8.0.252.b09-2] - Add release notes. - Mark license files with appropriate macro. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u242-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.1.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Remove local copies of JDK-8231991 & JDK-8234107 as replaced by upstream versions. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2800 CVE-2020-2754 CVE-2020-2755 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-2757 CVE-2020-2773 CVE-2020-2756 CVE-2020-2781 Oracle Linux 8 [2.18.2-2] - Crafted URL containing new lines can cause credential leak - Resolves: CVE-2020-5260 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5260 Oracle Linux 8 [1:11.0.7.10-1] - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Amend release notes, removing issue actually fixed in 11.0.6. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Re-apply --with-extra-asflags as crash was not due to this. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Add release notes. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Revert asflags changes as build remains broken. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Build still failing with just assembler build notes option, trying with just optimisation flags. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Passing optimisation flags to assembler causes build to crash. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. - Resolves: rhbz#1810557 [1:11.0.7.10-0] - Update to shenandoah-jdk-11.0.7+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:11.0.7.9-0.0.ea] - Update to shenandoah-jdk-11.0.7+9 (EA) - Resolves: rhbz#1810557 [1:11.0.7.8-0.0.ea] - Update to shenandoah-jdk-11.0.7+8 (EA) - Resolves: rhbz#1810557 [1:11.0.7.7-0.0.ea] - Update to shenandoah-jdk-11.0.7+7 (EA) - Resolves: rhbz#1810557 [1:11.0.7.6-0.0.ea] - Update to shenandoah-jdk-11.0.7+6 (EA) - Resolves: rhbz#1810557 [1:11.0.7.5-0.0.ea] - Update to shenandoah-jdk-11.0.7+5 (EA) - Resolves: rhbz#1810557 [1:11.0.7.4-0.0.ea] - Update to shenandoah-jdk-11.0.7+4 (EA) - Resolves: rhbz#1810557 [1:11.0.7.3-0.0.ea] - Update to shenandoah-jdk-11.0.7+3 (EA) - Resolves: rhbz#1810557 [1:11.0.7.2-0.0.ea] - Update to shenandoah-jdk-11.0.7+2 (EA) - Resolves: rhbz#1810557 [1:11.0.7.1-0.0.ea] - Update to shenandoah-jdk-11.0.7+1 (EA) - Switch to EA mode for 11.0.7 pre-release builds. - Drop JDK-8236039 backport now applied upstream. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2767 CVE-2020-2800 CVE-2020-2756 CVE-2020-2755 CVE-2020-2781 CVE-2020-2754 CVE-2020-2757 CVE-2020-2778 CVE-2020-2816 CVE-2020-2830 CVE-2020-2803 CVE-2020-2805 CVE-2020-2773 Oracle Linux 8 [1:1.8.0.252.b09-2] - Add release notes. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u252-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2830 CVE-2020-2800 CVE-2020-2755 CVE-2020-2781 CVE-2020-2773 CVE-2020-2803 CVE-2020-2754 CVE-2020-2805 CVE-2020-2756 CVE-2020-2757 Oracle Linux 6 [2.6.32-754.29.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.29.1] - [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666} - [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759] - [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759] - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759] - [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-1000371 CVE-2019-17666 Oracle Linux 7 [12.1.0-7] - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling vulnderabilities Resolves: rhbz#1813439 rhbz#1813447 - Remove useless macros definitions IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10108 CVE-2020-10109 Oracle Linux 8 [0:1.5.9-3] - fix null-pointer dereference in 'lru mode' and 'lru temp_ttl' (#1709408) - CVE-2019-11596 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11596 Oracle Linux 8 exiv2 [0.27.2-5] - Fix failing test Resolves: bz#1800472 [0.27.2-4] - Drop test for the previous CVE as we test it manually and we dont have POC available Resolves: bz#1800472 [0.27.2-3] - Fix infinite loop and hang in Jp2Image::readMetadata() Resolves: bz#1800472 [0.27.2-2] Rebuild Resolves: bz#1651917 [0.27.2-1] - Update to 0.27.2 Resolves: bz#1651917 gegl [0.2.0-39] - Build without exiv2 Resolves: bz#1767748 gnome-color-manager [3.28.0-3] - Rebuild again to correctly trigger side-tag gating (exiv2) Resolves: bz#1757445 [3.28.0-2] - Rebuild (exiv2) Resolves: bz#1757445 libgexiv2 [0.10.8-4] - Rebuild again to correctly trigger side-tag gating (exiv2) Resolves: bz#1757444 [0.10.8-3] - Rebuild (exiv2) Resolves: bz#1757444 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-4868 CVE-2018-9304 CVE-2018-9303 CVE-2019-13113 CVE-2019-20421 CVE-2018-18915 CVE-2019-13109 CVE-2019-13114 CVE-2018-9305 CVE-2018-17230 CVE-2019-9143 CVE-2019-13111 CVE-2018-17282 CVE-2018-19535 CVE-2017-18005 CVE-2018-10772 CVE-2018-17229 CVE-2018-19107 CVE-2018-19607 CVE-2018-20096 CVE-2018-20098 CVE-2018-20099 CVE-2019-13112 CVE-2018-19108 CVE-2018-9306 CVE-2018-11037 CVE-2018-14338 CVE-2018-17581 CVE-2018-20097 Oracle Linux 8 [5.1.0-15] - fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151) - CVE-2018-19841 [5.1.0-14] - fix uninitialized variable in ParseCaffHeaderConfig (#1741251) - CVE-2019-1010317 [5.1.0-13] - fortify parsing of .dff files (#1707428, #1733627) - CVE-2019-1010315 - CVE-2019-11498 [5.1.0-12] - fix possible infinite loop in WavpackPackInit function (#1663154) - CVE-2018-19840 [5.1.0-11] - Fix issues with gating [5.1.0-10] - fix uninitialized variable in ParseWave64HeaderConfig (#1741200) - CVE-2019-1010319 LOW Copyright 2020 Oracle, Inc. CVE-2018-19840 CVE-2019-1010315 CVE-2019-1010319 CVE-2018-19841 CVE-2019-1010317 CVE-2019-11498 Oracle Linux 8 [6.0.6.1-20.0.1.el8] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:6.0.6.1-20] - Resolves: rhbz#1743958 CVE-2019-9849, etc. - Resolves: rhbz#1648281 Junk character gets added when some emojis are inserted MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9849 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 CVE-2019-9850 CVE-2019-9851 Oracle Linux 8 evolution [3.28.5-12] - Add patch for RH bug #1778799 (New Mail account wizard ignores email address change) [3.28.5-11] - Update patch for RH bug #1764563 (CVE-2018-15587: Reposition signature bar) [3.28.5-10] - Add patch for RH bug #1764563 (CVE-2018-15587: Reposition signature bar) - Add patch for RH bug #1753220 (GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child()) evolution-data-server [3.28.5-13] - Resolves: #1791547 (test-cal-meta-backend cannot run without installed Evolution) [3.28.5-12] - Add patch for RH bug #1788478 (EDBusServer: Delay new module load) evolution-ews [3.28.5-9] - Remove patch for RH bug #1765005 (Reject creating meetings organized by other users) [3.28.5-8] - Remove patch for RH bug #1765005 (Send meeting change notifications only if being the organizer) [3.28.5-7] - Add patch for RH bug #1764818 (Sync CategoryList with mail Labels) - Add patch for RH bug #1765005 (Send meeting change notifications only if being the organizer) [3.28.5-6] - Add patch for RH bug #1741091 (Birthday date of Contact depends on system timezone) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-15587 Oracle Linux 8 [14:4.9.2-6] - Resolves: #1715423 - tcpdump pre creates user and groups unconditionally - Resolves: #1655622 - CVE-2018-19519 Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap LOW Copyright 2020 Oracle, Inc. CVE-2018-19519 Oracle Linux 8 [1.1.1-3] - Fixed use after free when sending SASL login to server Resolves: CVE-2019-13045 LOW Copyright 2020 Oracle, Inc. CVE-2019-13045 Oracle Linux 8 gstreamer1 [1.16.1-2] - Update to 1.16.2 for correctly pick up for side gating - Resolves: rhbz#1756299 [1.16.1-1] - Update to 1.16.1 - Enable libcap for the ptp helper permissions - Resolves: rhbz#1756299 gstreamer1-plugins-bad-free [1.16.1-1] - Update to 1.16.1 - Remove upstreamed patches - Remove dependency on removed package - Add sctp and closedcaption plugins - The vcdsrc plugin was removed - Resolves: rhbz#1756299 gstreamer1-plugins-base [1.16.1-1] - Update to 1.16.1 - Resolves: rhbz#1756299 gstreamer1-plugins-good [1.16.1-1] - Update to 1.16.1 - enable cairo plugins - Resolves: rhbz#1756299 gstreamer1-plugins-ugly-free [1.16.1-1] - Update to 1.16.1 - Only enable mpeg2dec on Fedora - Resolves: rhbz#1756299 [1.16.0-3] - Conflicts: gstreamer1-plugins-ugly < 1.16.0-2 [1.16.0-2] - Enable mpeg2dec plugin (#1709470) libmad [0.15.1b-25] - Add patches to avoid various buffer overruns - Fixes CVE-2018-7263 - Resolves: rhbz#1547507 orc [0.4.28-3] - x86: add endbr32 and endbr64 instructions - Resolves: rhbz#1693292 SDL [1.2.15-37] - Rebuild - Resolves: rhbz#1756279 SDL2 [2.0.10-2] - Fix CVE-2019-13616 SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c - Resolves: rhbz#1756279 [2.0.10-1] - Update to 2.0.10 - Resolves: rhbz#1751780 [2.0.9-3] - use khrplatform defines, not ptrdiff_t LOW Copyright 2020 Oracle, Inc. CVE-2018-7263 Oracle Linux 8 [8.2-11.0.1] - Import Implement s390x arch13 support (Andreas Krebbel, RH BZ 1768593). [8.2-8.0.2] - Forward-port patches from ol8-u1: gdb-ctf-forward-type.patch gdb-ctf-func-args.patch gdb-ctf-optout-var.patch - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [8.2-8.0.1] - Forward-port patches from ol8-u1: gdb-ctf.patch gdb-ctf-upstream1.patch gdb-ctf-prfunc.patch - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [8.2-8.el8] - Fix buffer overflow reading sections with invalid sizes (Keith Seitz, RH BZ 1742099) [8.2-7.el8] - Fix segfault that happens on parse_macro_definition because debugedit corrupts the .debug_macro section (Sergio Durigan Junior, RH BZ 1708192). MODERATE Copyright 2020 Oracle, Inc. CVE-2019-1010180 Oracle Linux 8 [1.0.28-10] - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function i2alaw_array in alaw (#1673085) [1.0.28-9] - fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598482) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-13139 CVE-2018-19662 Oracle Linux 8 [0.13.68-8] - Fix CVE-2018-17828 in the 'single z' binaries - Resolves: #1772447 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17828 Oracle Linux 8 [6.3.6-1] - add weak depenency on grafana-pcp - add patch to mute shellcheck SC1090 for grafana-cli - update to 6.3.6 upstream community sources, see CHANGELOG [6.3.5-1] - drop uaparser patch now its upstream - add xerrors patch, see https://github.com/golang/go/issues/32246 - use vendor sources on rawhide until modules are fully supported - update to latest upstream community sources, see CHANGELOG [6.3.4-1] - include fix for CVE-2019-15043 - add patch for uaparser on 32bit systems - update to latest upstream community sources, see CHANGELOG [6.2.5-1] - update to latest upstream community sources, see CHANGELOG MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15043 Oracle Linux 8 [0.14.0-11] - Resolves: rhbz#1731053 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-8] [0.14.0-10] - Resolves: rhbz#1761774 - mod_auth_mellon fix for AJAX header name X-Requested-With MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13038 Oracle Linux 8 python-qt5 [5.13.1-1] - 5.13.1 Resolves: bz#1775603 qgnomeplatform [0.4-3] - Rebuild (qt5) Resolves: bz#1774418 qt5 [5.12.5-3] - Re-add srpm macros, just leave them empty Resolves: bz#1733133 [5.12.5-2] - Drop srpm macros as we dont ship qtwebengine Resolves: bz#1733133 [5.12.5-1] - 5.12.5 + sync with Fedora Resolves: bz#1733133 qt5-qt3d [5.12.5-2] - Fix multilib issue Resolves: bz#1765637 [5.12.5-1] - 5.12.5 Resolves: bz#1733159 qt5-qtbase [5.12-5-4] - Fix build on RHEL 7 kernel Resolves: bz#1733135 [5.12-5-2] - Remove Android specific test to avoid unnecessary dependencies Resolves: bz#1733135 [5.12-5-1] - 5.12.5 + sync with Fedora Resolves: bz#1733135 qt5-qtcanvas3d [5.12.5-1] - 5.12.5 Resolves: bz#1733136 qt5-qtconnectivity [5.12.5-1] - 5.12.5 Resolves: bz#1733137 qt5-qtdeclarative [5.12-5-1] - 5.12.5 Resolves: bz#1733139 qt5-qtdoc [5.12.5-1] - 5.12.5 Resolves: bz#1733140 qt5-qtgraphicaleffects [5.12.5-1] - 5.12.5 Resolves: bz#1733141 qt5-qtimageformats [5.12.5-1] - 5.12.5 Resolves: bz#1733142 qt5-qtlocation [5.12.5-1] - 5.12.5 Resolves: bz#1733143 qt5-qtmultimedia [5.12.5-1] - 5.12.5 Resolves: bz#1733144 qt5-qtquickcontrols2 [5.12.5-1] - 5.12.5 Resolves: bz#1733146 qt5-qtquickcontrols [5.12.5-1] - 5.12.5 Resolves: bz#1733145 qt5-qtscript [5.12.5-1] - 5.12.5 Resolves: bz#1733147 qt5-qtsensors [5.12.5-1] - 5.12.5 Resolves: bz#1733148 qt5-qtserialbus [5.12.5-1] - 5.12.5 Resolves: bz#1733149 qt5-qtserialport [5.12.5-1] - 5.12.5 Resolves: bz#1733150 qt5-qtsvg [5.12.5-1] - 5.12.5 Resolves: bz#1733151 qt5-qttools [5.12.5-1] - 5.12.5 Resolves: bz#1733152 qt5-qttranslations [5.12.5-1] - 5.12.5 Resolves: bz#1733153 qt5-qtwayland [5.12.5-1] - 5.12.5 Resolves: bz#1733154 qt5-qtwebchannel [5.12.5-1] - 5.12.5 Resolves: bz#1733155 qt5-qtwebsockets [5.12.5-1] - 5.12.5 Resolves: bz#1733156 qt5-qtx11extras [5.12.5-1] - 5.12.5 Resolves: bz#1733158 qt5-qtxmlpatterns [5.12.5-1] - 5.12.5 Resolves: bz#1733157 sip [4.19.19-1] - 4.19.19 Resolves: bz#1775604 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-19871 CVE-2018-19872 CVE-2018-19869 Oracle Linux 8 [0.7-0.2.alpha.4] - Fix for CVE-2019-1010305 - Remove 'fix' for CVE-2018-14680 as this fix is included in base tar ball. resolves: rhbz#1736745, rhbz#1736743 [0.7-0.2.alpha.3] - Add gating tests resolves: rhbz#1682770 LOW Copyright 2020 Oracle, Inc. CVE-2019-1010305 Oracle Linux 8 [4.0.9-17] - Add upstream test suite and enable it in gating [4.0.9-16] - Fix CVE-2019-14973 (#1755705) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14973 Oracle Linux 8 [8.1911.0-3] RHEL 8.2.0 ERRATUM - added patch reverting rejecting expired certs by default resolves: rhbz#1782353 - added patch silencing false errors on config.enabled statement resolves: rhbz#1659383 [8.1911.0-2] RHEL 8.2.0 ERRATUM - cleaned old patches, fixed patch names resolves: rhbz#1740683 [8.1911.0-1] RHEL 8.2.0 ERRATUM - rebased to 8.1911.0 upstream version, removed, previously upstreamed patches resolves: rhbz#1740683 resolves: rhbz#1659383 resolves: rhbz#1746876 resolves: rhbz#1676559 resolves: rhbz#1692072 resolves: rhbz#1692073 resolves: rhbz#1692074 resolves: rhbz#1699242 resolves: rhbz#1738213 resolves: rhbz#1744691 resolves: rhbz#1755218 resolves: rhbz#1768321 resolves: rhbz#1768324 - added patch fixing imfile stefiles naming resolves: rhbz#1763757 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17041 CVE-2019-17042 Oracle Linux 8 [2.6.2-21] - A further Coverity fix (#1602585) [2.6.2-20] - Fix buffer overruns found by Coverity (#1602585) [2.6.2-19] - Fix two issues found by Coverity (#1602585) [2.6.2-18] - Apply patch for CVE-2018-12085 (#1589942) [2.6.2-17] - Fix CVE-2018-11577 (#1585906) - Fix CVE-2018-11684 (#1588632) - Fix CVE-2018-11685 (#1588637) - Fix CVE-2018-12085 (#1589942) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-11685 CVE-2018-11684 CVE-2018-11577 CVE-2018-12085 Oracle Linux 8 [20190829git37eef91017ad-9.el8] - edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch [bz#1806359] - Resolves: bz#1806359 (bochs-display cannot show graphic wihout driver attach) [20190829git37eef91017ad-8.el8] - edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch [bz#1801274] - edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch [bz#1801274] - Resolves: bz#1801274 (CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8]) [20190829git37eef91017ad-7.el8] - edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch [bz#1751993] - Resolves: bz#1751993 (DxeImageVerificationLib handles 'DENY execute on security violation' like 'DEFER execute on security violation' [rhel8]) [20190829git37eef91017ad-6.el8] - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch [bz#1789335] - Resolves: bz#1789335 (VM with edk2 cant boot when setting memory with '-m 2001') [20190829git37eef91017ad-5.el8] - edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch [bz#1789797] - edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch [bz#1789797] - Resolves: bz#1789797 (Backport upstream patch series: 'UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads' to improve HTTP(S) Boot experience with large (4GiB+) files) [20190829git37eef91017ad-4.el8] - edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301] - edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301] - Resolves: bz#1778301 (re-enable Secure Boot (varstore template) verification in %check) [20190829git37eef91017ad-3.el8] - Update used openssl version [bz#1616029] - Resolves: bz#1616029 (rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1) [20190829git37eef91017ad-2.el8] - edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624] - edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624] - edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624] - edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624] - edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624] - edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624] - edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624] - edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624] - edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624] - Resolves: bz#1536624 (HTTPS enablement in OVMF) [20190829git37eef91017ad-1.el8] - Rebase to edk2-stable201908 [bz#1748180] - Resolves: bz#1748180 ((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14563 Oracle Linux 8 [2.79-11] - Support multiple static leases for single mac on IPv6 (#1779187) [2.79-10] - Fix memory leak in helper.c (#1795370) [2.79-9] - Fix replies to non-recursive queries (#1700916) [2.79-8] - Fix dhcp_lease_time (#1746411) [2.79-7] - Fix TCP queries after interface recreation (#1728698) LOW Copyright 2020 Oracle, Inc. CVE-2019-14834 Oracle Linux 8 [1.7.3-10] - Secure ipsec mode (#1772061) - CVE-2019-18934 [1.7.3-9] - Use pthread_mutex_t locks when dealing with I/O operations (#1775708) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18934 Oracle Linux 8 [1.8.23-3] - Fix hapack zero byte input causing overwrite (CVE-2020-11100, #1819519) [1.8.23-2] - Consider exist status 143 as success (#1778844) [1.8.23-1] - Update to 1.8.23 (#1774745) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18277 CVE-2019-19330 Oracle Linux 8 [19.11-4] - Remove MLX{4,5} glue libraries since RHEL 8 ships the correct libibverbs library. (#1805140) [19.11-3] - Remove /usr/share/dpdk/mk/exec-env/{bsd,linux}app symlinks (#1773889) [19.11-2] - Add pretrans to handle /usr/share/dpdk/mk/exec-env/{bsd,linux}app (#1773889) [19.11-1] - Rebase to 19.11 (#1773889) - Remove dpdk-pdump (#1779229) [18.11.2-4] - Pass the correct LDFLAGS to host apps (dpdk-pmdinfogen) too (#1755538) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14818 Oracle Linux 8 [3.6.8-23.0.1.el8] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-23] - Modify the test suite to better handle disabled SSL/TLS versions and FIPS mode - Use OpenSSLs DRBG and disable os.getrandom() function in FIPS mode Resolves: rhbz#1754028, rhbz#1754027, rhbz#1754026, rhbz#1774471 [3.6.8-22] - Changed Requires into Recommends for python3-pip to allow a lower RHEL8 footprint for containers and other minimal environments Resolves: rhbz#1756217 [3.6.8-21] - Patch 329 (FIPS) modified: Added workaround for mod_ssl: Skip error checking in _Py_hashlib_fips_error Resolves: rhbz#1760106 [3.6.8-20] - Security fix for CVE-2019-16056 Resolves: rhbz#1750776 [3.6.8-19] - Skip windows specific test_get_exe_bytes test case and enable test_distutils Resolves: rhbz#1754040 [3.6.8-18] - Reduce the number of tests running during the profile guided optimizations build - Enable profile guided optimizations for all the supported architectures Resolves: rhbz#1749576 [3.6.8-17] - Security fix for CVE-2018-20852 Resolves: rhbz#1741553 [3.6.8-16] - Properly pass the -Og optimization flag to the debug build Resolves: rhbz#1712977 and rhbz#1714733 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20852 CVE-2019-16056 Oracle Linux 8 [1:2.2.6-33] - fix more memory leaks found by coverity in 1775668 [1:2.2.6-32] - fix covscan issues raised by 1775668 [1:2.2.6-31] - 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created [1:2.2.6-30] - 1774462 - CVE-2019-8675 - buffer overflow in SNMP and IPP, memory disclosure and DoS in scheduler - 1774463 - CVE-2019-8696 [1:2.2.6-29] - 1700663 - Stop advertising the HTTP methods that are supported LOW Copyright 2020 Oracle, Inc. CVE-2019-8696 CVE-2019-8675 Oracle Linux 8 accountsservice [0.6.50-8] - Dont set HasNoUsers=true if realmd has providers Related: #1750516 appstream-data [8-20191129] - Regenerate the RHEL metadata to include the latest evince changes - Resolves: #1768461 clutter [1.26.2-8] - rebuild to get the new in 8.2.0 - plus address #1785233 evince [3.28.4-4] - Remove metainfo for plugins since they are not real addons - Resolves: #1760363 gdm [3.28.3-29] - Make GNOME work slightly better in the multiple logins case. Related: #1710882 [3.28.3-28] - Correct wayland session detection logic when deciding whether or not to run Xsession script Resolves: #1728330 [3.28.3-27] - Dont run initial-setup for machines enrolled in IPA setup. Resolves: #1750516 [3.28.3-26] - Forward port RHEL 7 patch to allow multiple logins for the same user with XDMCP connections. Resolves: #1710882 [3.28.3-25] - Reenable wayland on hybrid setups (except virt pass through) Resolves: #1749960 - Reenable wayland on qxl Resolves: #1744452 [3.28.3-24] - Reenable wayland on cirrus Resolves: #1744527 [3.28.3-23] - Correct timedlogin based screenlock bypass Resolves: #1672829 gjs [1.56.2-4] - Rebuild for mozjs60 s390x fixes - Related: #1803824 gnome-boxes [3.28.5-8] - Present undetected OSes - Related: #1793413 gnome-control-center [3.28.2-19] - Backport tool serial/ID detection fixes - Resolves: #1782517 [3.28.2-18] - Pick 'Generic Pen' correctly on unknown tool IDs - Resolves: #1782517 [3.28.2-17] - Restore remote desktop password on wayland - Resolves: #1763207 [3.28.2-16] - Add patch to support more than 5 enroll steps - Resolves: #1789474 [3.28.2-15] - Fix another crash changing panel with Ethernet dialog opened - Resolves: #1692299 [3.28.2-14] - Restore placeholder label after removing last VPN connection - Resolves: #1782425 [3.28.2-13] - Make IPv4/v6 configuration pages scroll to focus - Resolves: #1671709 [3.28.2-12] - Fix spacing in 'new VPN' dialog - Resolves: #1656988 [3.28.2-11] - Fix crash when changing panel with Ethernet dialog opened - Resolves: #1692299 [3.28.2-10] - Fix Wacom tablet removal on wayland session - Resolves: #1658001 [3.28.2-9] - Fix possible crash when closing the wifi panel - Resolves: #1778668 [3.28.2-8] - Need rebuild in correct build target - Resolves: #1749372 [3.28.2-7] - Fix warning when disabling sharing - Resolves: #1749372 [3.28.2-6] - Add subscription manager integration - Resolves: #1720251 gnome-menus [3.13.3-11] - swallow up redhat-menus Resolves: #1715890 gnome-online-accounts [3.28.2-1] - Update to 3.28.2 Resolves: #1674535 gnome-remote-desktop [0.1.6-8] - Update patch to handle older libvncserver at build time Resolves: #1684729 [0.1.6-7] - Handle auth settings changes Resolves: #1684729 [0.1.6-6] - Fix initial black content issue Resolves: #1765448 gnome-session [3.28.1-8] - rebuild and version bump to avoid future conflict with z-stream version Resolves: #1745147 gnome-shell [3.32.2-14] - Do not set Wacom LEDs through gnome-settings-daemon, rely on kernel driver Resolves: #1687979 [3.32.2-13] - Update pad OSD on mode switching Resolves: #1716774 [3.32.2-12] - Fix window dragging with tablets in the overview Resolves: #1716767 - Fix high-contrast/symbolic race Resolves: #1730612 - Make perf-tool usable on wayland Resolves: #1652178 [3.32.2-11] - Warn when logging in as root Resolves: #1746327 [3.32.2-10] - Fix leaks in app picker Related: #1719819 gnome-software [3.30.6-3] - Fix issues with installing Cockpit - Resolves: #1759913 gnome-terminal [3.28.3-1] - Update to 3.28.3 - Resolves: #1642427 gnome-tweaks [3.28.1-7] - extensions: Incorrectly shows enabled extensions as disabled after enable-all - Resolves: #1804123 gsettings-desktop-schemas [3.32-0-4] - Backport setting for overlay scrolling Resolves: #1723464 gtk3 [3.22.30-5] - Add setting for turning off overlay scrollbars (rhbz#1736742) LibRaw [0.19.5-1] - 0.19.5 Resolves: #1671744 libvncserver [0.9.11-14] - Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client) (bug #1814343) [0.9.11-13] - Manually apply new patch Resolves: #1684729 [0.9.11-12] - Add API needed by gnome-remote-desktop to handle settings changes Resolves: #1684729 [0.9.11-11] - Enable gating through gnome-remote-desktop for now Resolves: #1765448 [0.9.11-10] - Update TLS security type enablement patches Resolves: #1765448 libxslt [1.1.32-4.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-4] - Fix multilib issues with devel subpackage (#1765632) mozjs52 [52.9.0-2.0.1.el8] - Use bugzilla.oracle.com as bug reporting URL. [52.9.0-2] - Rebuild for CET notes - Resolves: #1657318 mozjs60 [.9.0-4.0.1.el8] - Remove upstream reference [Orabug: 30212498] [60.9.0-4] - Update enddianness.patch with more s390x fixes - Enable tests on s390x again - Resolves: #1803824 [60.9.0-3] - Fix multilib conflicts in js-config.h [60.9.0-2] - Backport patches for s390x support - Resolves: #1746889 [60.9.0-1] - Update to 60.9.0 [60.7.0-2] - Enable gating [60.7.0-1] - Update to 60.7.0 [60.6.1-2] - Backport two Firefox 61 patches and allow compiler optimizations on aarch64 [60.6.1-1] - Update to 60.6.1 [60.4.0-5] - Re-enable null pointer gcc optimization [60.4.0-4] - Rebuild for readline 8.0 [60.4.0-3] - Build aarch64 with -O0 because of rhbz#1676292 [60.4.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [60.4.0-1] - Update to 60.4.0 mutter [3.32.2-34] - gnome-shell core dump after connection to docking station Resolves: #1809079 [3.32.2-33] - Respect xrandr --panning Resolves: #1690170 [3.32.2-32] - Revert stored-config behavior for VMs Resolves: #1365717 [3.32.2-31] - Fixup detection of multiple mode switch buttons Resolves: #1687979 [3.32.2-30] - Avoid toggling wacom touchpads on tap-to-click/drag setting updates Resolves: #1716754 [3.32.2-29] - Fixup Wacom pad OSD so it appears on the right monitor Resolves: #1777556 [3.32.2-28] - Fixup automatic enabling of wacom touchpad tapping Resolves: #1716754 [3.32.2-27] - Fixup handling of multiple mode switch buttons in pads Resolves: #1687979 [3.32.2-26] - Let pad OSD update on mode switching Resolves: #1716774 [3.32.2-25] - Fix Wacom OSDs so they appear on the right monitor Resolves: #1777556 [3.32.2-24] - Handle multiple mode switch buttons in Cintiq 27QHD Resolves: #1687979 [3.32.2-23] - Enable tapping features by default on standalone Wacom tablets Resolves: #1716754 [3.32.2-22] - Fix detection of Wacom tablet features on X11 Resolves: #1759619 [3.32.2-21] - Fix mode switch pad buttons without LEDs Resolves: #1666070 [3.32.2-20] - Need rebuild in correct build target Resolves: #1730891 [3.32.2-19] - Fix pop ups with stylus input Resolves: #1730891 [3.32.2-18] - Revert memory leak fix Resolves: #1777911 [3.32.2-17] - Fix some memory leaks Resolves: #1719819 [3.32.2-16] - Fix build due to egl.pc provider change Related: #1776530 [3.32.2-15] - Handle lack of RANDR Resolves: #1776530 [3.32.2-14] - Backports shadow FB improvements on llvmpipe Resolves: #1737553 [3.32.2-13] - Fix invalid read in idle monitor Resolves: #1766695 nautilus [3.28.1-12] - Do not lose filename results due to stop words (rhbz#1646352) [3.28.1-11] - Fix criticals when moving file to trash (rhbz#1721133) - Fix criticals when closing properties window (rhbz#1721124) vala [0.40.19-1] - Update to 0.40.19 - Resolves: #1753520 [0.40.18-1] - Update to 0.40.18 - Resolves: #1753520 [0.40.17-1] - Update to 0.40.17 - Resolves: #1753520 vinagre [3.22.0-21] - Allow the launch of multiple application instances - Related: #1788531 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12448 CVE-2019-12449 CVE-2019-12447 CVE-2018-20337 CVE-2019-3825 Oracle Linux 8 [4.18.0-193.el8.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.el8] - [kvm] KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot in HPT page fault handler (Sam Bobroff) [1815491] - [net] tcp: also NULL skb->dev when copy was needed (Florian Westphal) [1775961 ] - [net] tcp: ensure skb->dev is NULL before leaving TCP stack (Florian Westphal) [1775961] [4.18.0-192.el8] - [drm] drm/bochs: downgrade pci_request_region failure from error to warning (D ave Airlie) [1804735] - [drm] drm/bochs: deinit bugfix (Dave Airlie) [1804735] - [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1811787] - [net] esp: remove the skb from the chain when its enqueued in cryptd_wq (Xin Long) [1807909] - [powerpc] powerpc/nvdimm: set target_node properly (Diego Domingos) [1815038] [4.18.0-191.el8] - [netdrv] net/mlx5e: Dont clear the whole vf config when switching modes (moha mad meib) [1814350] - [fs] fuse: fix stack use after return (Miklos Szeredi) [1814666] [4.18.0-190.el8] - [powerpc] powerpc/pseries: Avoid NULL pointer dereference when drmem is unavai lable (David Hildenbrand) [1812874] - [x86] kvm/svm: PKU not currently supported (Wei Huang) [1789159] - [x86] Remove the unsupported check for Cooper Lake (David Arcari) [1813921] [4.18.0-189.el8] - [netdrv] net/mlx5e: Show/set Rx network flow classification rules on ul rep (A laa Hleihel) [1795156 1794280] - [netdrv] net/mlx5e: Init ethtool steering for representors (Alaa Hleihel) [179 5156 1794280] - [netdrv] net/mlx5e: Show/set Rx flow indir table and RSS hash key on ul rep (A laa Hleihel) [1795156 1794280] - [netdrv] net/mlx5e: Introduce root ft concept for representors netdevs (Alaa H leihel) [1795156 1794280] - [netdrv] net/mlx5: E-Switch, Use vport metadata matching only when mandatory ( Alaa Hleihel) [1795156] - [nvme] nvme: log additional message for controller status (David Milburn) [175 2952] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15221 CVE-2019-17055 CVE-2019-15099 CVE-2020-1749 CVE-2019-8980 CVE-2019-15090 CVE-2019-19768 CVE-2018-16871 CVE-2019-10639 CVE-2019-17053 CVE-2019-18805 CVE-2019-19534 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19922 Oracle Linux 8 [6.0-43] - Update the man page with the new exit code introduced in 6.0-42 - Related: CVE-2019-13232 [6.0-42] - Fix CVE-2019-13232 - Resolves: CVE-2019-13232 LOW Copyright 2020 Oracle, Inc. CVE-2019-13232 Oracle Linux 8 [7.61.1-12] - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) - fix TFTP receive buffer overflow (CVE-2019-5436) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5436 CVE-2019-5482 CVE-2019-5481 Oracle Linux 8 [239-29.0.1.el8] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-29] - cryptsetup: Treat key file errors as a failed password attempt (#1763155) [239-28] - pid1: fix DefaultTasksMax initialization (#1809037) - cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940) - test: introduce TEST-36-NUMAPOLICY (#1808940) - test: replace tail -f with journal cursor which should be more reliable (#1808940) - test: support MPOL_LOCAL matching in unpatched strace versions (#1808940) - test: make sure the strace process is indeed dead (#1808940) - test: skip the test on systems without NUMA support (#1808940) - test: give strace some time to initialize (#1808940) - test: add a simple sanity check for systems without NUMA support (#1808940) - test: drop the missed || exit 1 expression (#1808940) - test: replace cursor file with a plain cursor (#1808940) [239-27] - cgroup: introduce support for cgroup v2 CPUSET controller (#1724617) [239-26] - seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files (#1687512) - test: add test case for restrict_suid_sgid() (#1687512) - core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= (#1687512) - analyze: check for RestrictSUIDSGID= in 'systemd-analyze security' (#1687512) - man: document the new RestrictSUIDSGID= setting (#1687512) - units: turn on RestrictSUIDSGID= in most of our long-running daemons (#1687512) - core: imply NNP and SUID/SGID restriction for DynamicUser=yes service (#1687512) [239-25] - sd-bus: use 'queue' message references for managing r/w message queues in connection objects (CVE-2020-1712) - pid1: make sure to restore correct default values for some rlimits (#1789930) - main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE (#1789930) [239-24] - rules: reintroduce 60-alias-kmsg.rules (#1739353) - sd-bus: make rqueue/wqueue sizes of type size_t (CVE-2020-1712) - sd-bus: reorder bus ref and bus message ref handling (CVE-2020-1712) - sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (CVE-2020-1712) - sd-bus: drop two inappropriate empty lines (CVE-2020-1712) - sd-bus: initialize mutex after we allocated the wqueue (CVE-2020-1712) - sd-bus: always go through sd_bus_unref() to free messages (CVE-2020-1712) - bus-message: introduce two kinds of references to bus messages (CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages (CVE-2020-1712) - sd-event: add sd_event_source_disable_unref() helper (CVE-2020-1712) - polkit: when authorizing via PK lets re-resolve callback/userdata instead of caching it (CVE-2020-1712) - sysctl: lets by default increase the numeric PID range from 2^16 to 2^22 (#1744214) - journal: do not trigger assertion when journal_file_close() get NULL (#1788085) - journal: use cleanup attribute at one more place (#1788085) [239-23] - catalog: fix name of variable (#1677768) - cryptsetup: add keyfile-timeout to allow a keydev timeout and allow to fallback to a password if it fails. (#1763155) - cryptsetup: add documentation for keyfile-timeout (#1763155) - cryptsetup: use unabbrieviated variable names (#1763155) - cryptsetup: dont assert on variable which is optional (#1763155) - cryptsetup-generator: guess whether the keyfile argument is two items or one (#1763155) - crypt-util: Translate libcryptsetup log level instead of using log_debug() (#1776408) - cryptsetup: add some commenting about EAGAIN generation (#1776408) - cryptsetup: downgrade a log message we ignore (#1776408) - cryptsetup: rework how we log about activation failures (#1776408) [239-22] - spec: dont ship /var/log/README - spec: provide systemd-rpm-macros [239-21] - test-cpu-set-util: fix comparison for allocation size (#1734787) - test-cpu-set-util: fix allocation size check on i386 (#1734787) [239-20] - journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1764560) - basic/user-util: allow dots in user names (#1717603) - sd-bus: bump message queue size again (#1770189) - tests: put fuzz_journald_processing_function in a .c file (#1764560) - tests: add a fuzzer for dev_kmsg_record (#1764560) - basic: remove an assertion from cunescape_one (#1764560) - journal: fix an off-by-one error in dev_kmsg_record (#1764560) - tests: add a reproducer for a memory leak fixed in 30eddcd51b8a472e05d3b8d1 in August (#1764560) - tests: add a reproducer for a heap-buffer-overflow fixed in 937b1171378bc1000a (#1764560) - test: initialize syslog_fd in fuzz-journald-kmsg too (#1764560) - tests: add a fuzzer for process_audit_string (#1764560) - journald: check whether sscanf has changed the value corresponding to %n (#1764560) - tests: introduce dummy_server_init and use it in all journald fuzzers (#1764560) - tests: add a fuzzer for journald streams (#1764560) - tests: add a fuzzer for server_process_native_file (#1764560) - fuzz-journal-stream: avoid assertion failure on samples which dont fit in pipe (#1764560) - journald: take leading spaces into account in syslog_parse_identifier (#1764560) - Add a warning about the difference in permissions between existing directories and unit settings. (#1778384) - execute: remove one redundant comparison check (#1778384) - core: change ownership/mode of the execution directories also for static users (#1778384) - core/dbus-execute: remove unnecessary initialization (#1734787) - shared/cpu-set-util: move the part to print cpu-set into a separate function (#1734787) - shared/cpu-set-util: remove now-unused CPU_SIZE_TO_NUM() (#1734787) - Rework cpu affinity parsing (#1734787) - Move cpus_in_affinity_mask() to cpu-set-util.[ch] (#1734787) - test-cpu-set-util: add simple test for cpus_in_affinity_mask() (#1734787) - test-cpu-set-util: add a smoke test for test_parse_cpu_set_extend() (#1734787) - pid1: parse CPUAffinity= in incremental fashion (#1734787) - pid1: dont reset setting from /proc/cmdline upon restart (#1734787) - pid1: when reloading configuration, forget old settings (#1734787) - test-execute: use CPUSet too (#1734787) - shared/cpu-set-util: drop now-unused cleanup function (#1734787) - shared/cpu-set-util: make transfer of cpu_set_t over bus endian safe (#1734787) - test-cpu-set-util: add test for dbus conversions (#1734787) - shared/cpu-set-util: introduce cpu_set_to_range() (#1734787) - systemctl: present CPUAffinity mask as a list of CPU index ranges (#1734787) - shared/cpu-set-util: only force range printing one time (#1734787) - execute: dump CPUAffinity as a range string instead of a list of CPUs (#1734787) - cpu-set-util: use %d-%d format in cpu_set_to_range_string() only for actual ranges (#1734787) - core: introduce NUMAPolicy and NUMAMask options (#1734787) - core: disable CPUAccounting by default (#1734787) - set kptr_restrict=1 (#1689346) - cryptsetup: reduce the chance that we will be OOM killed (#1696602) - core, job: fix breakage of ordering dependencies by systemctl reload command (#1766417) - debug-generator: enable custom systemd.debug_shell tty (#1723722) [239-19] - core: never propagate reload failure to service result (#1735787) - man: document systemd-analyze security (#1750343) - man: reorder and add examples to systemd-analyze(1) (#1750343) - travis: move to CentOS 8 docker images (#1761519) - travis: drop SCL remains (#1761519) - syslog: fix segfault in syslog_parse_priority() (#1761519) - sd-bus: make strict asan shut up (#1761519) - travis: dont run slow tests under ASan/UBSan (#1761519) - kernel-install: do not require non-empty kernel cmdline (#1701454) - ask-password: prevent buffer overrow when reading from keyring (#1752050) - core: try to reopen /dev/kmsg again right after mounting /dev (#1749212) - buildsys: dont garbage collect sections while linking (#1748258) - udev: introduce CONST key name (#1762679) - Call getgroups() to know size of supplementary groups array to allocate (#1743230256 KB - Consider smb3 as remote filesystem (#1757257) - process-util: introduce pid_is_my_child() helper (#1744972) - core: reduce the number of stalled PIDs from the watched processes list when possible (#1744972) - core: only watch processes when its really necessary (#1744972) - core: implement per unit journal rate limiting (#1719577) - path: stop watching path specs once we triggered the target unit (#1763161) - journald: fixed assertion failure when system journal rotation fails (#9893) (#1763619) - test: use PBKDF2 instead of Argon2 in cryptsetup... (#1761519) - test: mask several unnecessary services (#1761519) - test: bump the second partitions size to 50M (#1761519) - shared/sleep-config: exclude zram devices from hibernation candidates (#1763617) - selinux: dont log SELINUX_INFO and SELINUX_WARNING messages to audit (#1763612) - sd-device: introduce log_device_*() macros (#1753369) - udev: Add id program and rule for FIDO security tokens (#1753369) - shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857) - sd-bus: adjust indentation of comments (#1746857) - resolved: do not run loop twice (#1746857) - resolved: allow access to Set*Link and Revert methods through polkit (#1746857) - resolved: query polkit only after parsing the data (#1746857) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3844 CVE-2019-3843 Oracle Linux 8 [2.30-73.0.1] - Forward-port of Oracle patches from 2.30-68.0.2. - Reviewed-by: Elena Zannoni <elena.zannoni@oracle.com> [2.30-68.0.2] - Backport the non-cycle-detecting-capable deduplicating CTF linker - Backport a fix for an upstream hashtab crash (no upstream bug number), triggered by the above. - Fix deduplication of ambiguously-named types in CTF. - CTF types without names are not ambiguously-named. - Stop the CTF_LINK_EMPTY_CU_MAPPINGS flag crashing. - Only emit ambiguous types as hidden if they are named and there is already a type with that name. - Make sure completely empty dicts get their header written out properly - Do not fail if adding anonymous struct/union members to structs/unions that already contain other anonymous members at a different offset - Correctly look up pointers to non-root-visible structures - Emit error messages in dumping into the dump stream - Do not abort early on dump-time errors - Elide likely duplicates (same name, same kind) within a single TU (cross- TU duplicate/ambiguous-type detection works as before). - Fix linking of the CTF variable section - Fix spurious conflicts of variables (also affects the nondeduplicating linker) - Defend against CUs without names - When linking only a single input file, set the output CTF CU name to the name of the input - Support cv-qualified bitfields - Fix off-by-one error in SHA-1 sizing [2.30-73] - Remove bogus assertion. (#1801879) [2.30-72] - Allow the BFD library to handle the copying of files containing secondary reloc sections. (#1801879) [2.30-68.0.1] - Ensure 8-byte alignment for AArch64 stubs. - Add CTF support to OL8: CTF machinery, including libctf.so and libctf-nonbfd.so. The linker does not yet deduplicate the CTF type section. - Backport of fix for upstream bug 23919, required by above - [Orabug: 30102938] [Orabug: 30102941] [2.30-71] - Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1779245) - Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information. [2.30-70] - Re-enable strip merging build notes. (#1777760) [2.30-69] - Fix linker testsuite failures triggered by annobin update. [2.30-68] - Backport H.J.Lus patch to add a workaround for the JCC Errata to the assembler. (#1777002) [2.30-67] - Fix a buffer overrun in the note merging code. (#1774507) [2.30-66] - Fix a seg-fault in gold when linking corrupt input files. (#1739254) [2.30-65] - NVR bump to allow rebuild with reverted version of glibc in the buildroot. [2.30-64] - Stop note merging with no effect from creating null filled note sections. [2.30-63] - Stop objcopy from generating a exit failure status when merging corrupt notes. [2.30-62] - Fix binutils testsuite failure introduced by -60 patch. (#1767711) [2.30-61] - Enable threading in the GOLD linker. (#1729225) - Add check to readelf in order to prevent an integer overflow. [2.30-60] - Add support for SVE Vector PCS on AArch64. (#1726637) - Add fixes for coverity test failures. - Improve objcopys ability to merge GNU build attribute notes. [2.30-59] - Stop the linker from merging groups with different settings of the SHF_EXCLUDE flag. (#1730906) LOW Copyright 2020 Oracle, Inc. CVE-2019-1010204 CVE-2019-17451 Oracle Linux 8 [1.8.29-5] - RHEL 8.2 ERRATUM - CVE-2019-18634 Resolves: rhbz#1798093 [1.8.29-4] - RHEL 8.2 ERRATUM - CVE-2019-19232 Resolves: rhbz#1786987 Resolves: rhbz#1796518 [1.8.29-2] - RHEL 8.2 ERRATUM - rebase to 1.8.29 Resolves: rhbz#1733961 Resolves: rhbz#1651662 [1.8.28p1-1] - RHEL 8.2 ERRATUM - rebase to 1.8.28p1 Resolves: rhbz#1733961 - fixed man page for always_set_home Resolves: rhbz#1576880 - sudo does not work with notbefore/after Resolves: rhbz#1679508 - NOTBEFORE showing value of sudoNotAfter Ldap attribute Resolves: rhbz#1715516 - CVE-2019-14287 sudo - Privilege escalation via 'Runas' specification with 'ALL' keyword Resolves: rhbz#1760697 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19232 Oracle Linux 8 [3.26.0-6] - Fixed issues found by covscan [3.26.0-5] - Fixed CVE-2019-13752 (#1786529) - Fixed CVE-2019-13753 (#1786535) - Fixed CVE-2019-13734 (#1786509) - Fixed CVE-2019-19924 (#1789776) - Fixed CVE-2019-19923 (#1789812) - Fixed CVE-2019-19925 (#1789808) - Fixed CVE-2019-19959 (#1789823) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19924 CVE-2019-19925 CVE-2019-8457 CVE-2019-13753 CVE-2019-13752 CVE-2019-19959 CVE-2019-19923 Oracle Linux 8 [2.9.7-7.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-7] - Fix CVE-2018-14404 (#1595989) [2.9.7-6] - Fix CVE-2018-9251 (#1565322) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14404 CVE-2018-9251 Oracle Linux 8 [2.28-101.0.1] - add Ampere emag to tunable cpu list (Patrick McGehearty) - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile - Both should test - if (stream->_flags & _IO_USER_LOCK) == 0) - _IO_lock_lock (*stream->_lock); - OraBug: 28481550. Reviewed-by: Qing Zhao <qing.zhao@oracle.com> [2.28-101] - ld.so: Reset GL (dl_initfirst) pointer on dlopen failure (#1410154) [2.28-100] - Roll back dynamic linker state on dlopen failure (#1410154) [2.28-99] - s390x: Fix z15 strstr for patterns crossing pages (#1777241) [2.28-98] - Rebuild with new rpm (#1654901) [2.28-97] - Avoid invalid __has_include in <sys/stat.h> (#1775294) [2.28-96] - x86-64: Ignore LD_PREFER_MAP_32BIT_EXEC in SUID binaries (#1774021) [2.28-95] - Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP (#1764214) [2.28-94] - Refuse to dlopen PIE objects (#1764223) [2.28-93] - Fix C.UTF-8 locale source ellipsis expressions (#1361965) [2.28-92] - Fix hangs during malloc tracing (#1764235) [2.28-91] - Support moving versioned symbols between sonames (#1764231) [2.28-90] - Avoid creating stale utmp entries for repeated pututxline (#1749439) [2.28-89] - Backport more precise tokenizer for installed headers test (#1769304) [2.28-88] - math: Enable some math builtins for clang in LLVM Toolset (#1764242) [2.28-87] - Support Fortran vectorized math functions with GCC Toolset 9 (#1764238) [2.28-86] - aarch64: Support STO_AARCH64_VARIANT_PCS, DT_AARCH64_VARIANT_PCS (#1726638) [2.28-85] - Add more test-in-container support (#1747502) [2.28-84] - Fix calling getpwent after endpwent (#1747502) [2.28-83] - nptl: Avoid fork handler lock for async-signal-safe fork (#1746928) [2.28-82] - Call _dl_open_check after relocation (#1682954) [2.28-81] - Add malloc fastbin tunable (#1764218) [2.28-80] - Fix race condition in tst-clone3 and add a new ldconfig test, tst-ldconfig-bad-aux-cache (#1764226) [2.28-79] - Remove unwanted whitespace from size lines and account for top chunk in malloc_info output (#1735747) [2.28-78] - Enhance malloc tcache (#1746933) [2.28-77] - Dont define initgroups in nsswitch.conf (#1747505) [2.28-76] - libio: Remove codecvt vtable. (#1764241) [2.28-75] - Implement --preload option for the dynamic linker.(#1747453) [2.28-74] - Make nsswitch.conf more distribution friendly. Improve nscd.conf comments. (#1747505) [2.28-73] - Update system call names list to Linux 5.3 (#1764234) LOW Copyright 2020 Oracle, Inc. CVE-2019-19126 Oracle Linux 8 [1.1.1c-15] - add selftest of the RAND_DRBG implementation [1.1.1c-14] - fix incorrect error return value from FIPS_selftest_dsa - S390x: properly restore SIGILL signal handler [1.1.1c-12] - additional fix for the edk2 build [1.1.1c-9] - disallow use of SHA-1 signatures in TLS in FIPS mode [1.1.1c-8] - fix CVE-2019-1547 - side-channel weak encryption vulnerability - fix CVE-2019-1563 - padding oracle in CMS API - fix CVE-2019-1549 - ensure fork safety of the DRBG - fix handling of non-FIPS allowed EC curves in FIPS mode - fix TLS compliance issues [1.1.1c-7] - backported ARM performance fixes from master [1.1.1c-6] - backport of S390x ECC CPACF enhancements from master - FIPS mode: properly disable 1024 bit DSA key generation - FIPS mode: skip ED25519 and ED448 algorithms in openssl speed - FIPS mode: allow AES-CCM ciphersuites [1.1.1c-5] - make the code suitable for edk2 build [1.1.1c-4] - backport of SSKDF from master [1.1.1c-3] - backport of KBKDF and KRB5KDF from master MODERATE Copyright 2020 Oracle, Inc. CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 Oracle Linux 8 [32:9.11.13-3] - Fix rwlock to be thread-safe (#1740511) [32:9.11.13-2] - Release GeoIP data on reload (#1790879) [32:9.11.13-1] - Update to 9.11.13 [32:9.11.12-5] - Report failures on systemctl reload (#1739428) [32:9.11.12-4] - dhcp: Use monotonic time for detecting time jumps if available (#1729211) [32:9.11.12-3] - Backported serve-stale feature (#1664863) [32:9.11.12-2] - Add GeoLite2 support (#1564443) - Add GeoIP to bind-chroot (#1497646) - Fix wrong default GeoIP directory (#1768258) [32:9.11.12-1] - Update to 9.11.12 (#1557762) [32:9.11.11-1] - Update to 9.11.11 [32:9.11.10-1] - Update to 9.11.10 - Share pkcs11-utils and dnssec-utils manuals instead of recommend [32:9.11.7-1] - Update to 9.11.7 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-6477 Oracle Linux 8 [2.7.6-11] - Related: #1733565, apply the patch correctly [2.7.6-10] - CVE-2019-13636 , Dont follow symlinks unless --follow-symlinks is given - Resolves: #1665928, patch has a huge error output and segfaults when the file to be patched does not exist MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13636 Oracle Linux 8 [8.3.1-5.0.3] - Fix Orabug 29838827 - provide an option to adjust the maximum depth of nested #include This is the same bug as gcc upstream PR90581 from Gcc9: gcc9-pr90581.patch - Fix Orabug 29541051 - confusing error message when there is a problem with ASAN_OPTIONS 'ERROR: expected '='' This is the same bug as gcc upstream PR89832 from Gcc9: gcc9-pr89832.patch [8.3.1-5.0.2] - Update support for CTF - Fix Orabug 30833294 GCC generates incorrect CTF for single element arrays - Fix Orabug 30808764 CTF generation fails when __attribute__ ((mode (XX))) is used [8.3.1-5.0.1] - Forward-port Oracle patches from ol8-u1. - Apply ares/neoverse support patches only ifarch aarch64. (Qing Zhao <qing.zhao@oracle.com> 8.3.1-4.5.0.6) - Add 5 patches from gcc9 to support Arm Ares and Neoverse-N1 for Aarch64 gcc9-add-mtune-support-for-arm-ares.patch gcc9-add-vec-reverse.patch gcc9-multiple-changes-align.patch gcc9-initial-mcpu-ares-tuning.patch gcc9-add-support-for-neoverse-n1.patch (Indu Bhagat <indu.bhagat@oracle.com> 8.3.1-4.5.0.5) - Update support for CTF - Fix Orabug 30778534 gcc should generate CTF for functions at file-scope only - Fix Orabug 30779193 CTF generation fails for some flavors of vla - Fix Orabug 30784275 Fix issues wtih CTF generation for typedef constructs ctf-3-generation-and-emission-for-a-single-compilation.patch ctf-4-update-ctf-testsuite.patch (Indu Bhagat <indu.bhagat@oracle.com> 8.3.1-4.5.0.4) - Add support for CTF in GCC - Fix Orabug 30102948 gcc: Add CTF generation to compiler - Fix Orabug 30102949 gcc: Add CTF generation to compiler (aarch64) ctf-1-new-function-lang_GNU_GIMPLE.patch ctf-2-command-line-options-gtLEVEL.patch ctf-3-generation-and-emission-for-a-single-compilation.patch ctf-4-update-ctf-testsuite.patch ctf-5-handle-ctf-sections-when-lto-enabled.patch (Qing Zhao <qing.zhao@oracle.com> 8.3.1-4.5.0.3) - CVE-2018-12207 / Intel SKX102 OL8 gcc: Intel Mitigation for CVE: CVE-2018-12207 - Allow -flto -Wa,-mbranches-within-32B-boundaries to pass -mbranches-within-32B-boundaries to GNU assembler. Without -lfto, -Wa,-mbranches-within-32B-boundaries to pass -mbranches-within-32B-boundaries to GNU assembler using existing GCC binaries. - Mitigation patch: gcc8-Fix-Wa-with-flto.patch (Qing Zhao <qing.zhao@oracle.com> 8.3.1-4.5.0.2) - Fix Orabug 29968294 - Heap corruption with fprofile-dir=%p prevents profiling parallel processes, needed for RDBMS: Add patch to fix PR86057 from Gcc9: gcc9-pr86057.patch - Fix Orabug 30044244 - Profile directory concatenated with object file path This is the same bug as gcc upstream PR91971: gcc9-pr85759.patch gcc10-pr91971.patch (Indu Bhagat <indu.bhagat@oracle.com> 8.3.1-4.5.0.1) - Fix Orabug 29599147 - Need -fprofile-dir=%q{VAR} backported to gcc8 This is the similar GCC PR47618, add the fix from GCC9: gcc9-pr47618.patch - Fix Orabug 29272977 - DB SUPPORT: Need way to dump inlining report from GCC Add -fopt-info-inline support from GCC9: gcc9-opt-info-inline.patch - Fix Orabug 29273006 - DB SUPPORT: need way to turn off inlining of global functions Add -flive-patching support from GCC9: gcc9-fipa-reference-addressable.patch gcc9-fipa-stack-alignment.patch gcc9-add-fomit-frame-pointer-to-test.patch gcc9-extend-live-patching-option-handling.patch gcc9-ipa-stack-alignment-386-test.patch - Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. - Backport 17 ampere patches from https://git.theobroma-systems.com/ampere-computing/gcc.git/log/?h=gcc-8_2_0-amp3-branch e18301133ea622f6d6796ded1d15466e70475cf8: Retpoline (Spectre-V2 mitigation) for aarch64. d735f3ae4712f66362326d179b4d7e9332c79677: Revert 2017-10-24 Richard Biener 271e2811e59c0c77fc022fa86a7030f20b4cac8e: Correct the maximum shift amount for shifted 0512749950d927de3dd695f2f2aacdfd30cf32fd: Add CPU support for Ampere Computings eMAG. c8b87078f9e0714cb9cab602e12a18ceb12df05a: eMAG/Xgene: Procedural cost-model for X-Gene 74610471b3577c5d465c3fd095a65b796b1e074c: Updating cost table for xgene1. ddba1553ac412be5596e6e2962c148032c4cf231: [AArch64] Add Xgene1 prefetch tunings. b7ebb0a10a8900324074070188a0936ed81b28a4: [AArch64] Fix in xgene1_addrcost_table 393dc5c50d55d069f91627bf0be5bab812978850: X-Gene: Adapt tuning struct for GCC 8. b9136d58824af2118c4969c3edb42cad3318b08f: tree-ssa-list-find-pipeline: Add pipelining loads for list finds. 095496dd8a9491a17a9caec173281ad02e559df5: uncse: Added pass to undo common subexpression elimination. a7c8dc238e3656e9d2f9256ee76f933c8d7956fb: loop-prefetcher: Adapt defaults for X-Gene cores. 256307f293f1750851576e14c8a42b696eced2da: tree-ssa-cpp: Dont crash on SSA names without definition stmts. 6e32f53be4f6733f6bfe267ad2337aecaf4047f6: Introduce new option -funroll-more. 1ac2485a2fced091a5cce6343fe6a6337f850e73: New option to bypass aliasing-checks. 66d7d833bece61e58998ad53a609cd32e3ee4fad: cfgloopmanip: Allow forced creation of loop preheaders. c4f89d50e200538b1ac8889801705300e0b27ef2: Add new pass to optimise loops. - Reviewed by: Elena Zannoni <elena.zannoni@oracle.com> [8.3.1-5] - update from Fedora gcc-8.3.1-5 (#1747157) - use unspec_volatile for darn (PR target/91481, #1760205, CVE-2019-15847) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15847 Oracle Linux 8 openchange [2.3-24.0.1] - Add patch to build against samba 4.11 [2.3-24] - Rebuild for newer samba and libldb samba [4.11.2-13] - resolves: #1802182 - Fix join using netbios name [4.11.2-12] - related: #1781232 - Improve debug output of smbclient - resolves: #1794461 - Do not return bogus inode numbers in cli_qpathinfo2()/cli_qpathinfo3() for SMB1 - resolves: #1794442 - Fix segfault in smbd_do_qfilepathinfo() [4.11.2-11] - resolves: #1778130 - Remove usage of DES encryption types in krb5 [4.11.2-10] - resolves: #1790353 - Fix access check in DsRGetForestTrustInformation - resolves: #1791209 - Fix CVE-2019-14907 [4.11.2-9] - resolves: #1785134 - Fix libwbclient manual alternative settings [4.11.2-8] - resolves: #1781232 - Fix smbclient debug message [4.11.2-7] - related: #1637861 - Fix trust creation if weak crypto is disallowed [4.11.2-6] - resolves: #1637861 - Use GnuTLS for crypto [4.11.2-4] - related: #1754409 - Add patch to avoid overlinking with libnsl and libsocket - related: #1754409 - Fix permissions for pidl - related: #1754409 - Fix logrotate script - related: #1754409 - Add missing README files [4.11.2-3] - related: #1754409 - Fix pidl packaging [4.11.2-1] - resolves: #1754409 - Rebase to Samba version 4.11.2 - resolves: #1776312 - Winbind is not restarted on upgrade - resolves: #1764469 - Fix CVE-2019-10218 - resolves: #1746241 - Fix CVE-2019-10197 - resolves: #1710980 - Add support for KCM ccache in pam_winbind MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10197 CVE-2019-14907 CVE-2019-10218 Oracle Linux 8 [2.56.4-8] - Backport patches for GDBus auth Resolves: #1777213 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14822 Oracle Linux 8 [5.50-3] + bluez-5.50-3 - Bump the version [5.50-2] + bluez-5.50-2 - Fixing CVE-2018-10910 (#1606373) LOW Copyright 2020 Oracle, Inc. CVE-2018-10910 Oracle Linux 8 [1.45.4-3] - Fix clang warning introduced in previous release (#1783777) [1.45.4-2] - Fix ABI breakage introduced in previous release (#1783777) [1.45.4-1] - Rebase to the release 1.45.4 (#1783777) - provide rhel6/7 compatible fs_type in mke2fs.conf (#1780279) - fix crafted ext4 partition leads to out-of-bounds write (#1768709) - include note about supported rhel8 features and options (#1788573) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5094 Oracle Linux 8 [9.0.3-16] - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11324 CVE-2018-20060 CVE-2019-11236 CVE-2018-18074 Oracle Linux 8 [20170731-14] - Resolves:rh#1790974 - CVE-2020-5395:out-of-bounds write in sfd.c MODERATE Copyright 2020 Oracle, Inc. CVE-2020-5395 Oracle Linux 8 buildah [1.5-4.0.1.gite94b4f9] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.5-4.gite94b4f9] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1819431 container-selinux [2:2.124.0-1.gitf958d0c] - update to 2.124.0 - Resolves: #1816541 [2:2.94-2.git1e99f1d] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Resolves: #1766316, #1766215 slirp4netns [0.1-5.dev.gitc4e1bc5] - backport fix for CVE-2020-7039 - Resolves: #1791578 [0.1-4.dev.gitc4e1bc5] - actually add CVE-2019-14378 patch to dist-git - Related: RHELPLAN-25139 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10696 Oracle Linux 8 buildah [1.11.6-7.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-7] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1819393 conmon [2:2.0.6-1.0.1] - Remove upstream references [Orabug: 30871880] [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25139 podman [1.6.4-11.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-11] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1819391 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25139 skopeo [0.1.40-9.0.1] - Add oracle registry into the conf file [Orabug: 29845934 31306708] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-9] - add docker.io into the default registry list - Related: #1810053 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10696 Oracle Linux 8 buildah [1.11.6-8.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-8] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1817742 [1.11.6-7] - fix 'COPY command takes long time with buildah' - Resolves: #1806120 cockpit-podman [12-1] - Configure CPU share for system containers - Translation updates conmon [2:2.0.6-1.0.1] - Remove upstream references [Orabug: 30871880] [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25139 containernetworking-plugins [0.8.3-5.0.1] - Disable debuginfo [0.8.3-5] - compile with no_openssl - Related: RHELPLAN-25139 podman [1.6.4-11.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-11] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1817747 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25139 runc [1.0.0-65.rc10] - address CVE-2019-19921 by updating to rc10 - Resolves: #1801887 skopeo [0.1.40-11.0.1] - Add oracle registry into the conf file [Orabug: 29845934 31306708] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-11] - add docker.io into the default registry list - Related: #1810053 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10696 Oracle Linux 8 [2.1.51-4] - Increase the release version [2.1.51-3] - targetclid.sock allows unprivileged user to execute commands [2.1.51-2] - Create the target/pr directory when installing the package IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10699 Oracle Linux 6 [8.2.0-7] - Fix CVE-2020-10108 HTTP request smuggling when presented with two Content-Length headers Resolves: rhbz#1813439 - Remove useless macros definitions IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10108 Oracle Linux 8 [2.18.4-2] - Update to release 2.18.4 - Resolves: CVE-2020-11008 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11008 Oracle Linux 8 [3.6.8-10] - Fix CVE-2020-11501 (#1826176) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11501 Oracle Linux 8 [68.8.0-1.0.1.el8_2] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12387 CVE-2020-12395 CVE-2020-6831 CVE-2020-12392 Oracle Linux 6 [68.8.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12387 CVE-2020-12395 CVE-2020-12392 CVE-2020-6831 Oracle Linux 7 [68.8.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12392 CVE-2020-6831 CVE-2020-12387 CVE-2020-12395 Oracle Linux 7 [7:3.5.20-15.1] - Resolves: #1828359 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828360 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: #1829772 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-12519 CVE-2019-12525 CVE-2020-11945 Oracle Linux 8 squid [7:4.4-8.1] - Resolves: #1828368 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: #1828367 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1829402 - CVE-2019-12525 squid:4/squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-12519 CVE-2020-11945 CVE-2019-12525 Oracle Linux 8 [68.8.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12387 CVE-2020-12397 CVE-2020-12395 CVE-2020-12392 Oracle Linux 6 [68.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12397 CVE-2020-12395 CVE-2020-12387 CVE-2020-12392 Oracle Linux 7 [68.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 Oracle Linux 7 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11324 CVE-2019-11236 CVE-2018-18074 CVE-2018-20060 Oracle Linux 8 [3.29-7.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [3.29-7] - Resolves: rhbz#1814935 CVE-2020-1763 doS attack via malicious IKEv1 informational exchange message [rhel-8.2.0.z] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1763 Oracle Linux 7 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20060 CVE-2019-11236 CVE-2018-18074 Oracle Linux 7 [3.10.0-1127.8.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127.8.2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827239 1827240] {CVE-2020-10711} [3.10.0-1127.8.1] - [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1827274 1808129] [3.10.0-1127.7.1] - [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1824548 1785141] - [netdrv] r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO (Corinna Vinschen) [1822548 1787263] - [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1821262 1781323] - [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1817499 1790840] - [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1817497 1715986] - [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1815596 1798042] - [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1815596 1798042] - [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1813249 1807077] - [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1812937 1806400] - [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1812937 1806400] - [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1812937 1806400] - [md] dm rq: fix checking of dm_dispatch_clone_request's return value (Ming Lei) [1814537 1805401] [3.10.0-1127.6.1] - [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1817502 1811511] [3.10.0-1127.5.1] - [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1817935 1806488] - [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1817935 1806488] [3.10.0-1127.4.1] - [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1814003 1801852] - [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1814003 1801852] - [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1814003 1801852] [3.10.0-1127.3.1] - [md] md/raid6: Set R5_ReadError when there is read failure on parity disk (Xiao Ni) [1810062 1804569] - [kernel] blktrace: fix dereference after null check (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1806367 1798318] {CVE-2019-19768} [3.10.0-1127.2.1] - [kernel] tick-sched: Update nohz load even if tick already stopped (Scott Wood) [1808030 1694877] [3.10.0-1127.1.1] - [net] openvswitch: support asymmetric conntrack (Aaron Conole) [1806447 1757759] - [kernel] audit: CONFIG_CHANGE don't log internal bookkeeping as an event (Richard Guy Briggs) [1806430 1777239] - [kernel] tracing: Fix possible double free on failure of allocating trace buffer (Jerome Marchand) [1803010 1803011] {CVE-2017-18595} - [kernel] tracing: Fix crash when it fails to alloc ring buffer (Jerome Marchand) [1803010 1803011] {CVE-2017-18595} - [base] of: to support binding numa node to specified device in devicetree (Jeff Moyer) [1801699 1791883] - [ptp] ptp: free ptp device pin descriptors properly (Vladis Dronov) [1798396 1774657] - [ptp] ptp: fix the race between the release of ptp_clock and cdev (Vladis Dronov) [1798396 1774657] - [ptp] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (Vladis Dronov) [1798396 1774657] - [ptp] ptp: create 'pins' together with the rest of attributes (Vladis Dronov) [1798396 1774657] - [ptp] ptp: use is_visible method to hide unused attributes (Vladis Dronov) [1798396 1774657] - [ptp] ptp: use kcalloc when allocating arrays (Vladis Dronov) [1798396 1774657] - [ptp] ptp: do not explicitly set drvdata in ptp_clock_register() (Vladis Dronov) [1798396 1774657] - [ptp] drivers/ptp: Fix kernel memory disclosure (Vladis Dronov) [1798396 1774657] - [ptp] ptp: Fix resource leak in case of error (Vladis Dronov) [1798396 1774657] - [netdrv] ptp: drivers: set the number of programmable pins (Vladis Dronov) [1798396 1774657] - [ptp] ptp: expose the programmable pins via sysfs (Vladis Dronov) [1798396 1774657] - [documentation] ptp: add the pin GET/SETFUNC ioctls to the testptp program (Vladis Dronov) [1798396 1774657] - [documentation] ptp: Allow selecting trigger/event index in testptp (Vladis Dronov) [1798396 1774657] - [documentation] ptp: add the PTP_SYS_OFFSET ioctl to the testptp program (Vladis Dronov) [1798396 1774657] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796799 1794812] - [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796262 1771094] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10711 CVE-2017-18595 CVE-2019-19768 Oracle Linux 8 [4.18.0-193.1.2_2.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.1.2_2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827249 1827251] {CVE-2020-10711} - [mm] s390/mm: fix page table upgrade vs 2ndary address mode accesses (Vladis Dronov) [1828153 1828154] {CVE-2020-11884} [4.18.0-193.1.1_2] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: nvmx: Don't emulate instructions in guest mode (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [sound] ALSA: usb-audio: set the interface format after resume on Dell WD19 (Perry Yuan) [1821376 1807965] - [kernel] sched: Avoid scale real weight down to zero (Phil Auld) [1819909 1808562] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1817945 1805950] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1817945 1805950] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1817945 1805950] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1817945 1805950] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 CVE-2020-11884 CVE-2020-10711 Oracle Linux 6 [2.6.32-754.29.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.29.2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10711 Oracle Linux 8 [2.1.514-2] - Update to new tarball for the release - Resolves: RHBZ#1830065 [2.1.514-1] - Update to .NET Core SDK 2.1.514 and Runtime 2.1.18 - Resolves: RHBZ#1830065 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 Oracle Linux 8 [3.1.104-2.0.2] - Update patch to support 8.2 (alexander.burmashev@oracle.com) [3.1.104-2.0.1] - support OL release scheme (alexander.burmashev@oracle.com) [3.1.104-2] - Update to new release - Resolves: RHBZ#1833091 [3.1.104-1] - Update to .NET Core Runtime 3.1.4 and SDK 3.1.104 - Resolves: RHBZ#1833091 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 CVE-2020-1161 Oracle Linux 7 [2.0.0-4.rc4] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837621) - CVE-2020-11523: Fix integer overflow in region.c (#1837622) - CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837623) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11524 CVE-2020-11521 CVE-2020-11523 Oracle Linux 8 [2:2.0.0-46.rc4.1] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837632) - CVE-2020-11523: Fix integer overflow in region.c (#1837633) - CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837631) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11521 CVE-2020-11523 CVE-2020-11524 Oracle Linux 7 [1.8.3.1-23] - Prevent crafted URL containing new lines, empty host or lacks a scheme to cause credential leak. Resolves: CVE-2020-11008 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11008 Oracle Linux 8 [32:9.11.13-5] - Limit number of queries triggered by a request (CVE-2020-8616) [32:9.11.13-4] - Fix invalid tsig request (CVE-2020-8617) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8617 CVE-2020-8616 Oracle Linux 7 [32:9.11.4-16.P2.6] - Fix EDNS512 loops on broken servers [32:9.11.4-16.P2.5] - Add CVE tests to codebase [32:9.11.4-16.P2.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) [32:9.11.4-16.P2.3] - Disable atomic operations on ppc64, ppc64le, aarch64, ppc (#1779589) [32:9.11.4-16.P2.2] - Disable unit test timer_test on ppc64le because of its instability [32:9.11.4-16.P2.1] - Prevent deadlock on reload (#1805685) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8616 CVE-2020-8617 Oracle Linux 6 [68.9.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12410 CVE-2020-12406 CVE-2020-12405 Oracle Linux 8 [68.9.0-1.0.1.el8_2] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Oracle Linux 7 [68.9.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12410 CVE-2020-12405 CVE-2020-12406 Oracle Linux 6 [32:9.8.2-0.68.rc1.7] - Correct tests covering CVE-2020-8617 [32:9.8.2-0.68.rc1.6] - Add additional fix to limit recursions [32:9.8.2-0.68.rc1.5] - Add CVE tests to codebase [32:9.8.2-0.68.rc1.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8616 CVE-2020-8617 Oracle Linux 7 [2.0.0-4.rc4.1] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841974) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 Oracle Linux 6 [1.0.2-7] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841980) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 Oracle Linux 8 [2:2.0.0-46.rc4.2] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841978) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 Oracle Linux 7 [1.6.6-4] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839172 (CVE-2020-12662), rhbz#1840258 (CVE-2020-12663) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12663 CVE-2020-12662 Oracle Linux 8 [1.7.3-11] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839177 (CVE-2020-12662), rhbz#1840262 (CVE-2020-12663) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12662 CVE-2020-12663 Oracle Linux 8 [4.18.0-193.6.3_2.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.6.3_2] - rebuild to enable xt_u32 module (Jiri Benc) [1840800 1840799 1834769 1838190] [4.18.0-193.6.2_2] - [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} [4.18.0-193.6.1_2] - [char] tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (Steve Best) [1827632 1808048] - [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1838477 1819408] - [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1838477 1819408] - [kernel] sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression (Phil Auld) [1834517 1745111] - [block] block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Ming Lei) [1835531 1835532] {CVE-2020-12657} - [kvm] KVM: x86: use raw clock values consistently (Marcelo Tosatti) [1822498 1768622] - [kvm] KVM: x86: reorganize pvclock_gtod_data members (Marcelo Tosatti) [1822498 1768622] - [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1822498 1768622] [4.18.0-193.5.1_2] - [fs] nfs: fix NULL deference in nfs4_get_valid_delegation ('J. Bruce Fields') [1837969 1831553] [4.18.0-193.4.1_2] - [bluetooth] Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (Gopal Tiwari) [1827620 1811534] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827249 1827251] {CVE-2020-10711} - [mm] s390/mm: fix page table upgrade vs 2ndary address mode accesses (Vladis Dronov) [1828153 1828154] {CVE-2020-11884} [4.18.0-193.3.1_2] - [kernel] sched/isolation: Allow 'isolcpus=' to skip unknown sub-parameters (Peter Xu) [1832367 1799014] - [firmware] efi: fix a mistype in comments mentioning efivar_entry_iter_begin() (Vladis Dronov) [1829527 1804417] - [firmware] efi: add a sanity check to efivar_store_raw() (Vladis Dronov) [1829527 1804417] - [firmware] efi: fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [1829527 1804417] - [net] net/smc: keep vlan_id for SMC-R in smc_listen_work() (Philipp Rudo) [1827631 1796890] [4.18.0-193.2.1_2] - [net] vti[6]: fix packet tx through bpf_redirect() in XinY cases (Sabrina Dubroca) [1821375 1795145] - [net] xfrm interface: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145] - [net] vti[6]: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145] - [scripts] redhat: fix modpost.c prerequisites (Frantisek Hrbata) [1828229 1818499] - [infiniband] IB/core: Avoid deadlock during netlink message handling (Kamal Heib) [1821381 1818986] - [infiniband] RDMA/core: Support netlink commands in non init_net net namespaces (Kamal Heib) [1821381 1818986] - [misc] mei: me: add comet point (lake) H device ids (Ken Cox) [1825262 1815355] - [misc] mei: me: add comet point (lake) LP device ids (Ken Cox) [1825262 1815355] - [misc] mei: define dma ring buffer sizes for PCH12 HW and newer (Ken Cox) [1825262 1815355] - [misc] mei: hbm: define dma ring setup protocol (Ken Cox) [1825262 1815355] - [net] SUNRPC: fix krb5p mount to provide large enough buffer in rq_rcvsize (Steve Dickson) [1826219 1825388] - [mm] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: fix flags for pmd migration when split (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: relocate flush_cache_range() in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: fix mmu_notifier in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition (Rafael Aquini) [1827619 1763878] - [md] Revert 'dm: always call blk_queue_split() in dm_process_bio()' (Mike Snitzer) [1821382 1820705] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12657 Oracle Linux 6 [2.6.32-754.30.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.30.2] - x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543} [2.6.32-754.30.1] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711} - [netdrv] bonding: don't set slave->link in bond_update_speed_duplex() (Patrick Talbert) [1828604] - [security] KEYS: prevent KEYCTL_READ on negative key (Patrick Talbert) [1498368] {CVE-2017-12192} MODERATE Copyright 2020 Oracle, Inc. CVE-2017-12192 Oracle Linux 8 [4:20191115-4.20200602.2] - Avoid temporary file creation, used for here-documents in check_caveats. [4:20191115-4.20200602.1] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827183): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. - Change the URL to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. [4:20191115-4.20191115.6] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models. [4:20191115-4.20191115.5] - Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 Oracle Linux 7 [2:2.1-61.6.0.1] - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736] - do not late load prior to 3.10.0 - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4.17-* - enable early loading for 06-4f-01 [2:2.1-61.6] - Avoid temporary file creation, used for here-documents in check_caveats. [2:2.1-61.5] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827189): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. - Change the URL in the intel-microcode2ucode.8 to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. [2:2.1-61.4] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models. [2:2.1-61.3] - Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. [2:2.1-61.2] - Avoid find being SIGPIPE'd on early 'grep -q' exit in the dracut script. [2:2.1-61.1] - Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 Oracle Linux 6 [3:1.17-33.26.0.1] - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [2:1.17-33.26] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186): - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. [2:1.17-33.25] - Update Intel CPU microcode to microcode-20200520 release (#1839193): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78. [2:1.17-33.24] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models (#1835555). [2:1.17-33.23] - Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default (#1774635). [2:1.17-33.22] - Update Intel CPU microcode to microcode-20191115 release: - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca; - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca; - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca; - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca; - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca; - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. [2:1.17-33.21] - Update Intel CPU microcode to microcode-20191113 release: - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6. - Drop 0001-releasenote-changes-summary-fixes.patch. [2:1.17-33.20] - Package the publicy available microcode-20191112 release (#1755021): - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c; - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16; - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151; - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065; - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c; - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32; - Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release. - Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch). - Update README.caveats with the link to the new Knowledge Base article. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 Oracle Linux 8 [3.1.105-2.0.1.el8_2] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.105-2] - Remove incorrectly installed files - Resolves: RHBZ#1844515 [3.1.105-1] - Update to .NET Core Runtime 3.1.5 and SDK 3.1.105 - Resolves: RHBZ#1844515 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 Oracle Linux 8 [2.1.515-1] - Update to .NET Core SDK 2.1.515 and Runtime 2.1.19 - Resolves: RHBZ#1843680 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 Oracle Linux 6 [0.6.21-6] - Add patch for CVE-2020-13112 - Resolves: #1840948 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 Oracle Linux 6 [0:6.0.24-115] - Resolves: CVE-2020-9484 tomcat6: tomcat: Apache Tomcat Remote Code Execution via session persistence IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9484 Oracle Linux 7 [0:7.0.76-12] - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9484 Oracle Linux 7 [0.6.21-7] - Add patch for CVE-2020-13112 - Resolves: #1840949 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 Oracle Linux 8 [0.6.21-17] - Add patch for CVE-2020-13112 - Resolves: #1840952 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 Oracle Linux 6 [68.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Oracle Linux 8 [68.9.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12398 CVE-2020-12405 CVE-2020-12410 CVE-2020-12406 Oracle Linux 7 [68.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12406 CVE-2020-12398 CVE-2020-12405 CVE-2020-12410 Oracle Linux 8 [3.6.8-11] - Fix CVE-2020-13777 (#1844147) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13777 Oracle Linux 6 [1.4.20-29.1] - Fix segfault in unbound-1.4.20-amplifying-an-incoming-query.patch - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-28.1] - Fix unbound-1.4.20-amplifying-an-incoming-query.patch patch so it won't produce compiler warnings - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-27.1] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-26.1] - Resolves: #1655929 - Unbound crashed when running 'unbound-control log_reopen' IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12662 CVE-2020-12663 Oracle Linux 8 [6.3.6-2] - fix CVE-2020-13379 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13379 Oracle Linux 7 [1.6.6-5] - Fix incomplete amplifying-an-incoming-query patch - Resolves: rhbz#1846424 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10772 Oracle Linux 7 [4.2.6p5-29.0.1] - Bump release to avoid ULN conflict with Oracle modified errata. [4.2.6p5-29.el7_8.2] - don't update transmission time on invalid response (CVE-2020-11868) - randomize transmit timestamp in client requests (CVE-?, #1813787) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11868 CVE-2020-13817 Oracle Linux 7 [3.10.0-1127.13.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127.13.1] - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827187 1827188] {CVE-2020-0543} header (Waiman Long) [1827187 1827188] {CVE-2020-0543} [3.10.0-1127.12.1] - [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1841121 1836322] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837297 1820632] {CVE-2020-12888} [3.10.0-1127.11.1] - [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1839757 1829662] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12888 Oracle Linux 8 [1.33.0-3.el8_2.1] - prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080) [1.33.0-3] - rebuild to trigger gating (#1681044) [1.33.0-2] - backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and CVE-2019-9513) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11080 Oracle Linux 8 qemu-kvm [2.12.0-99.0.1.el8_2.2] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-99.el8_2.2] - kvm-vnc-add-magic-cookie-to-VncState.patch [bz#1816763] - kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1816763] - Resolves: bz#1816763 (CVE-2019-20382 virt:rhel/qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-8]) [2.12.0-99.el8.1] - kvm-util-add-slirp_fmt-helpers.patch [bz#1834477] - kvm-dhcpv6-use-slirp_fmt.patch [bz#1834477] - kvm-misc-use-slirp_fmt0.patch [bz#1834477] - kvm-tftp-use-slirp_fmt0.patch [bz#1834477] - kvm-tcp_ctl-use-slirp_fmt.patch [bz#1834477] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1834477] - Resolves: bz#1834477 (CVE-2020-8608 virt:rhel/qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-8.2.0.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20382 CVE-2020-8608 Oracle Linux 6 [68.10.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12421 CVE-2020-12419 CVE-2020-12418 Oracle Linux 7 [68.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Fri Jun 26 2020 Jan Horak <jhorak@redhat.com> - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12421 Oracle Linux 8 [68.10.0-1.0.1.el8_2] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12419 CVE-2020-12421 CVE-2020-12420 CVE-2020-12417 CVE-2020-12418 Oracle Linux 8 nodejs [1:10.21.0-3] - Resolves: RHBZ#1845306 - Remove brotli-devel requires from nodejs-devel [1:10.21.0-2] - Resolves: RHBZ#1845306 - Turn off debug builds [1:10.21.0-1] - Security update to 10.21.0 - Resolves: RHBZ#1845306 - Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531 - Bundle brotli, because --shared-brotli configure option is missing - Add i18n subpackage nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8174 CVE-2020-11080 CVE-2020-7598 Oracle Linux 8 nodejs [12.18.2-1] - Rebase to 12.18.2 [1:12.18.1-1] - Rebase - Spec clean up - Provide i18n package, bundle icu - Resolves: RHBZ#1845310, RHBZ#1845691 [1:12.18.0-1] - Security update to 12.18.0 - Resolves: RHBZ#1845310, RHBZ#1845691 [1:12.16.1-2] - Fix CVE-2020-10531 [1:12.16.1-1] - Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381 - Rebase to 12.16.1 [1:12.14.1-1] - Rebase to 12.14.1 [1:12.13.1-1] - Resolves: RHBZ# 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds [1:12.4.0-2] - Resolves:RHBZ#1685191 - Add condition to libs [1:12.4.0-1] - Update to v12.x - Add v8-devel and libs subpackages from fedora [1:10.14.1-2] - move nodejs-packaging BR out of conditional [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8174 CVE-2020-8172 CVE-2020-11080 CVE-2020-7598 Oracle Linux 7 [1:1.10.24-14.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.10.24-14] - Fix CVE-2020-12049 (#1851991) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12049 Oracle Linux 8 [0.14-4] - Add explicit package version requirement on jbig2dec-libs to jbig2dec related: #1851057 [0.14-3] - Fix CVE-2020-12268 resolves: #1851057 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12268 Oracle Linux 8 [1:2.3.8-2.1] - fix CVE-2020-10957: malformed NOOP commands leads to DoS (#1840353) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10957 Oracle Linux 8 [1.0.27-19.1] - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2_img - 1852668, 1852667, 1852666, 1852665 - disable autodiscovery for epsonds backend IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12861 CVE-2020-12865 Oracle Linux 7 [68.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12417 CVE-2020-12418 CVE-2020-12421 CVE-2020-12419 CVE-2020-12420 Oracle Linux 6 [2.6.32-754.31.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.31.1] - [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543} - [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819] - [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653] - [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810] - [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810] - [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810] - [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810] - [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810] - [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810] - [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810] - [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18660 Oracle Linux 8 [2.1.516-1] - Update to .NET Core SDK 2.1.516 and Runtime 2.1.20 - Resolves: RHBZ#1851983 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-1147 Oracle Linux 8 [3.1.106-1.0.1] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.106-1] - Update to .NET Core Runtime 3.1.6 and SDK 3.1.106 - Resolves: RHBZ#1854137 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-1147 Oracle Linux 6 [68.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12419 CVE-2020-12418 CVE-2020-12421 CVE-2020-12420 Oracle Linux 7 [1:1.8.0.262.b10-0] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.1.ea] - Sync SystemTap & desktop files with upstream IcedTea release 3.15.0, removing previous workarounds - Sync stapinstall handling with RHEL 8 implementation - Need to support noarch for creating source RPMs for non-scratch builds. - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Introduce jfr_arches for architectures which support JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR - Adjust RH1648644 following context changes due to introduction of JFR packages - Add recently added binaries to alternatives set (clhsdb, hsdb, jfr) - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14583 CVE-2020-14593 CVE-2020-14556 CVE-2020-14578 CVE-2020-14579 CVE-2020-14577 CVE-2020-14621 Oracle Linux 7 [1:11.0.8.10-0.0.1] - link atomic for ix86 build [1:11.0.8.10-0] - Update to shenandoah-jdk-11.0.8+10 (GA) - Switch to GA mode for final release. - Update release notes with last minute fix (JDK-8248505). - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.9-0.0.ea] - Update to shenandoah-jdk-11.0.8+9 (EA) - Update release notes for 11.0.8 release. - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.8-0.0.ea] - Update to shenandoah-jdk-11.0.8+8 (EA) - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there... - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - Create a copy of java as alt-java with alternatives and man pages - Resolves: rhbz#1838811 [1:11.0.8.7-0.0.ea] - Update to shenandoah-jdk-11.0.8+7 (EA) - Resolves: rhbz#1838811 [1:11.0.8.6-0.0.ea] - Update to shenandoah-jdk-11.0.8+6 (EA) - Resolves: rhbz#1838811 [1:11.0.8.5-0.0.ea] - Update to shenandoah-jdk-11.0.8+5 (EA) - Resolves: rhbz#1838811 [1:11.0.8.4-0.0.ea] - Update to shenandoah-jdk-11.0.8+4 (EA) - Require tzdata 2020a due to resource changes in JDK-8243541 - Resolves: rhbz#1838811 [1:11.0.8.3-0.0.ea] - Update to shenandoah-jdk-11.0.8+3 (EA) - Resolves: rhbz#1838811 [1:11.0.8.2-0.0.ea] - Update to shenandoah-jdk-11.0.8+2 (EA) - Resolves: rhbz#1838811 [1:11.0.8.1-0.0.ea] - Update to shenandoah-jdk-11.0.8+1 (EA) - Switch to EA mode for 11.0.8 pre-release builds. - Drop JDK-8237396 & JDK-8228407 backports now applied upstream. - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14573 CVE-2020-14621 CVE-2020-14562 CVE-2020-14593 CVE-2020-14577 CVE-2020-14583 CVE-2020-14556 Oracle Linux 8 [1:11.0.8.10-0] - Update to shenandoah-jdk-11.0.8+10 (GA) - Switch to GA mode for final release. - Update release notes with last minute fix (JDK-8248505). - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.9-0.0.ea] - Update to shenandoah-jdk-11.0.8+9 (EA) - Update release notes for 11.0.8 release. - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.8-0.0.ea] - Update to shenandoah-jdk-11.0.8+8 (EA) - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there... - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - Create a copy of java as alt-java with alternatives and man pages - Resolves: rhbz#1838811 [1:11.0.8.7-0.0.ea] - Update to shenandoah-jdk-11.0.8+7 (EA) - Resolves: rhbz#1838811 [1:11.0.8.6-0.0.ea] - Update to shenandoah-jdk-11.0.8+6 (EA) - Resolves: rhbz#1838811 [1:11.0.8.5-0.1.ea] - Disable stripping of debug symbols for static libraries part of the -static-libs sub-package. - Resolves: rhbz#1848701 [1:11.0.8.5-0.0.ea] - Update to shenandoah-jdk-11.0.8+5 (EA) - Resolves: rhbz#1838811 [1:11.0.8.4-0.0.ea] - Update to shenandoah-jdk-11.0.8+4 (EA) - Require tzdata 2020a due to resource changes in JDK-8243541 - Resolves: rhbz#1838811 [1:11.0.8.3-0.0.ea] - Update to shenandoah-jdk-11.0.8+3 (EA) - Resolves: rhbz#1838811 [1:11.0.8.2-0.1.ea] - Build static-libs-image and add resulting files via -static-libs sub-package. - Resolves: rhbz#1848701 [1:11.0.8.2-0.0.ea] - Update to shenandoah-jdk-11.0.8+2 (EA) - Resolves: rhbz#1838811 [1:11.0.8.1-0.0.ea] - Update to shenandoah-jdk-11.0.8+1 (EA) - Switch to EA mode for 11.0.8 pre-release builds. - Drop JDK-8237396 & JDK-8228407 backports now applied upstream. - Resolves: rhbz#1838811 [1:11.0.7.10-2] - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Amend release notes, removing issue actually fixed in 11.0.6. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Add release notes. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Update to shenandoah-jdk-11.0.7+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:11.0.7.9-0.1.ea] - Update to shenandoah-jdk-11.0.7+9 (EA) - Resolves: rhbz#1810557 [1:11.0.7.8-0.1.ea] - Update to shenandoah-jdk-11.0.7+8 (EA) - Resolves: rhbz#1810557 [1:11.0.7.7-0.1.ea] - Update to shenandoah-jdk-11.0.7+7 (EA) - Resolves: rhbz#1810557 [1:11.0.7.6-0.1.ea] - Update to shenandoah-jdk-11.0.7+6 (EA) - Resolves: rhbz#1810557 [1:11.0.7.5-0.1.ea] - Update to shenandoah-jdk-11.0.7+5 (EA) - Resolves: rhbz#1810557 [1:11.0.7.4-0.1.ea] - Update to shenandoah-jdk-11.0.7+4 (EA) - Resolves: rhbz#1810557 [1:11.0.7.3-0.1.ea] - Update to shenandoah-jdk-11.0.7+3 (EA) - Resolves: rhbz#1810557 [1:11.0.7.2-0.1.ea] - Update to shenandoah-jdk-11.0.7+2 (EA) - Resolves: rhbz#1810557 [1:11.0.7.1-0.1.ea] - Update to shenandoah-jdk-11.0.7+1 (EA) - Switch to EA mode for 11.0.7 pre-release builds. - Drop JDK-8236039 backport now applied upstream. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14583 CVE-2020-14573 CVE-2020-14577 CVE-2020-14593 CVE-2020-14556 CVE-2020-14562 CVE-2020-14621 Oracle Linux 8 [1:1.8.0.262.b10-0.1] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file. - Introduce jfr_arches for architectures which support JFR. - Use sa_arches for libsaproc.so inclusion. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR - Adjust RH1648644 following context changes due to introduction of JFR packages - Add jfr binary to devel package and alternatives set - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14556 CVE-2020-14577 CVE-2020-14593 CVE-2020-14621 Oracle Linux 6 [1:1.8.0.262.b10-0] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Introduce jfr_arches for architectures which support JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Add recently added binaries to alternatives set (clhsdb, hsdb, jfr) - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14593 CVE-2020-14583 CVE-2020-14577 CVE-2020-14578 CVE-2020-14621 CVE-2020-14556 CVE-2020-14579 Oracle Linux 8 [4.18.0-193.13.2_2.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.13.2_2] - Rebuild to get kernel image properly signed (Bruno Meneguele) [4.18.0-193.13.1_2] - [x86] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (Lenny Szubowicz) [1846180 1824005] [4.18.0-193.12.1_2] - [net] openvswitch: simplify the ovs_dp_cmd_new (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: fix possible memleak on destroy flow-table (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: add likely in flow_lookup (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: simplify the flow_hash (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: optimize flow-mask looking up (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: optimize flow mask cache hash collision (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: shrink the mask array if necessary (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: convert mask list in mask array (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: add flow-mask cache for performance (Eelco Chaudron) [1851235 1819202] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: use .release_ops and remove list of extension (Phil Sutter) [1845164 1757933] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [pci] PCI: pciehp: Fix MSI interrupt race (Myron Stowe) [1852045 1779610] - [kernel] smp: Allow smp_call_function_single_async() to insert locked csd (Peter Xu) [1851406 1830014] - [x86] kvm: Clean up host's steal time structure (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [x86] kvm: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [virt] x86/kvm: Cache gfn to pfn translation (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [virt] x86/kvm: Introduce kvm_(un)map_gfn() (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Jon Maloy) [1795128 1813987] {CVE-2019-3016} [4.18.0-193.11.1_2] - [net] netfilter: conntrack: fix infinite loop on rmmod (Florian Westphal) [1851005 1832381] - [net] netfilter: conntrack: allow insertion of clashing entries (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: split resolve_clash function (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: place confirm-bit setting in a helper (Florian Westphal) [1851003 1821404] - [net] netfilter: never get/set skb->tstamp (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: remove two args from resolve_clash (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: tell compiler to not inline nf_ct_resolve_clash (Florian Westphal) [1851003 1821404] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843440 1843441] {CVE-2020-10757} - [x86] x86/vector: Remove warning on managed interrupt migration (Peter Xu) [1848545 1812331] - [s390] s390/cio: fix virtio-ccw DMA without PV (Philipp Rudo) [1842620 1814787] [4.18.0-193.10.1_2] - [misc] dma-mapping: zero memory returned from dma_alloc_* (Philipp Rudo) [1847453 1788928] - [nvme] nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (Gopal Tiwari) [1846405 1781927] - [net] netfilter: nf_tables: fix infinite loop when expr is not available (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: autoload modules from the abort path (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: store transaction list locally while requesting module (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: use-after-free in failing rule with bound set (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_meta: skip EAGAIN if nft_meta_bridge is not a module (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: force module load in case select_ops() returns -EAGAIN (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add nft_expr_type_request_module() (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: bogus EBUSY in helper removal from transaction (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: fix set double-free in abort path (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: don't use refcount_inc on newly allocated entry (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: unbind set in rule from commit path (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: destroy function must not have side effects (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: make lists per netns (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: use refcnt_t type for nft_xt reference count (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace() (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: asynchronous release (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: split set destruction in deactivate and destroy phase (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: flow event notifier must use transaction mutex (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: use dedicated mutex to guard transactions (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: avoid global info storage (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: take module reference when starting a batch (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: make valid_genid callback mandatory (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add and use helper for module autoload (Phil Sutter) [1845164 1757933] - [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847128 1794714] - [x86] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (Waiman Long) [1847395 1847396] {CVE-2020-10768} - [x86] x86/speculation: Prevent rogue cross-process SSBD shutdown (Waiman Long) [1847357 1847358] {CVE-2020-10766} - [x86] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [x86] x86/speculation: Add support for STIBP always-on preferred mode (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [x86] x86/speculation: Change misspelled STIPB to STIBP (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [powerpc] powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (Steve Best) [1842406 1817596] [4.18.0-193.9.1_2] - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844073 1844031] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844049 1844039] {CVE-2020-12653} - [netdrv] net/mlx5: FPGA, support network cards with standalone FPGA (Alaa Hleihel) [1843544 1789380] - [mm] hugetlbfs: don't retry when pool page allocations start to fail (Rafael Aquini) [1835789 1727288] - [mm] mm, compaction: raise compaction priority after it withdrawns (Rafael Aquini) [1835789 1727288] - [mm] mm, reclaim: cleanup should_continue_reclaim() (Rafael Aquini) [1835789 1727288] - [mm] mm, reclaim: make should_continue_reclaim perform dryrun detection (Rafael Aquini) [1835789 1727288] - [kernel] exit: panic before exit_mm() on global init exit (Oleg Nesterov) [1821378 1808944] - [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} [4.18.0-193.8.1_2] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837309 1837310] {CVE-2020-12888} [4.18.0-193.7.1_2] - [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1821714 1798468] {CVE-2019-19807} - [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1836229 1813223] - [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1836302 1834184] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19807 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2019-3016 CVE-2020-12654 CVE-2020-12653 CVE-2020-12888 Oracle Linux 8 [1:1.22.8-5] - dhcp: fix handling IO error in nettools DHCPv4 client (rh #1843357) - ifcfg-rh: handle '802-1x.{,phase2-}ca-path' (rh #1843360, CVE-2020-10754) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10754 Oracle Linux 8 [1.12.8-10.0.1.el8_2] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.12.8-10] - Fix CVE-2020-12049 (#1851996) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12049 Oracle Linux 8 cjose [0.6.1-2] - fix concatkdf big endian architecture problem. Upstream issue #77. [0.6.1-1] - upgrade to latest upstream 0.6.1 [0.5.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.1-1] - Initial packaging mod_auth_openidc [2.3.7-4.3] - Actually apply the previous patch, sigh - Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-8.2.0.z] - Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-8.2.0.z] [2.3.7-4.2] - Fix the previous backport - Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-8.2.0.z] - Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-8.2.0.z] [2.3.7-4.1] - Resolves: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-8.2.0.z] - Resolves: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-8.2.0.z] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14857 CVE-2019-20479 Oracle Linux 8 [68.10.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12417 CVE-2020-12419 CVE-2020-12421 CVE-2020-12418 Oracle Linux 8 buildah [1.14.9-1.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.14.9-1] - update to https://github.com/containers/buildah/releases/tag/v1.14.9 - Related: RHELPLAN-39206 [1.14.8-2] - make container-selinux a soft dependency - Related: #1806044 [1.14.8-1] - update to https://github.com/containers/buildah/releases/tag/v1.14.8 - Related: RHELPLAN-39206 [1.14.7-1] - initial rhel8-8.2.1 build - update to https://github.com/containers/buildah/releases/tag/v1.14.7 - Related: RHELPLAN-39206 cockpit-podman [17-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/17 - Related: RHELPLAN-39206 [16-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/v16 - Related: RHELPLAN-39206 [15-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/15 - Related: RHELPLAN-39206 [12-1] - Configure CPU share for system containers - Translation updates conmon [2:2.0.17-1.0.1] - Remove upstream references [Orabug: 30871880] [2:2.0.17-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.17 - Related: RHELPLAN-39206 [2:2.0.16-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.16 - Related: RHELPLAN-39206 [2:2.0.15-1] - update to 2.0.15 - Related: #1821204 containernetworking-plugins [0.8.6-1] - update to https://github.com/containernetworking/plugins/releases/tag/v0.8.6 - Related: RHELPLAN-39206 [0.8.5-1] - update to https://github.com/containernetworking/plugins/archive/v0.8.5.tar.gz - Related: RHELPLAN-39206 container-selinux [2:2.135.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: RHELPLAN-39206 [2:2.134.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: RHELPLAN-39206 [2:2.132.0-2] - sync with Fedora and install selinux contexts file into /usr/share/containers/selinux/contexts (thanks to Dan Walsh) - do not print error in RPM transaction log when customizable_types file is missing - Related: RHELPLAN-39206 [2:2.132.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.132.0 - Related: RHELPLAN-39206 [2:2.131.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.131.0 - Related: RHELPLAN-39206 [2:2.130.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - dont use macros in changelog - Related: #1821204 criu [3.14-2] - fix 'Need to fix bugs found by coverity.' - Resolves: #1838991 [3.14-1] - update to https://github.com/checkpoint-restore/criu/releases/tag/v3.14 - Related: RHELPLAN-39206 [3.13-1] - update to 3.13 - Related: RHELPLAN-39206 fuse-overlayfs [1.0.0-2] - remove bogus Provides from spec - Related: RHELPLAN-39206 [1.0.0-1] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.0.0 - Related: RHELPLAN-39206 libslirp [4.3.0-3] - fix static analysis issues merged upstream (https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41) - Related: #1823657 [4.3.0-2] - initial libslirp build for container-tools 8.2.1 module - Resolves: #1823657 [4.3.0-1] - New v4.3.0 release podman [1.9.3-2.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.9.3-2] - fix 'Signature verification incorrectly uses mirrors references' - Resolves: #1829061 [1.9.3-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.3 - Related: RHELPLAN-39206 [1.9.2-3] - fix 'Podman support for FIPS Mode requires a bind mount inside the container' - version the oci-systemd-hook obsolete - Related: #1784950 - Related: #1836180 [1.9.2-2] - obsolete oci-systemd-hook package - Resolves: #1836180 [1.9.2-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.2 - Related: RHELPLAN-39206 [1.9.1-2] - make container-selinux a soft dependency - Related: #1806044 [1.9.1-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.1 - Related: RHELPLAN-39206 [1.9.0-2] - remove containers-mounts.conf man page, this is shipped by skopeo: containers-common subpackage - Related: RHELPLAN-39206 [1.9.0-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.0 - Related: RHELPLAN-39206 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25139 [1.2.0-0.1.gitd0a45fe] - Initial package runc [1.0.0-66.rc10] - drop container-selinux runtime dependency - Related: #1806044 [1.0.0-65.rc10] - address CVE-2019-19921 by updating to rc10 - Resolves: #1801887 [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25139 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25139 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Resolves: #1766331, #1766303 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 - Resolves: #1759651 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options [1.0.0-56.rc5.dev.git2abd837] - change-default-root patch not needed as theres no docker on rhel8 [1.0.0-55.rc5.dev.git2abd837] - Resolves: CVE-2019-5736 [1.0.0-54.rc5.dev.git2abd837] - re-enable debuginfo [1.0.0-53.rc5.dev.git2abd837] - go toolset not in scl anymore [1.0.0-52.rc5.dev.git2abd837] - rebase skopeo [1:1.0.0-1.0.1] - Add oracle registry into the conf file [Orabug: 29845934 31306708] - Fix oracle registry login issues [Orabug: 29937192] [1:1.0.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.0.0 - Related: RHELPLAN-39206 [1:0.2.0-5] - follow Dans suggestion to deliver seccomp.json and storage.conf from Fedora and not directly from upstream yet - Related: RHELPLAN-39206 [1:0.2.0-4] - re-include ppc64 arch, golang doesnt seem broken there any more - synchronize man pages and config files with upstream - Related: RHELPLAN-39206 [1:0.2.0-3] - include and ship containers.conf - Resolves: #1826486 [1:0.2.0-2] - add docker.io into the default registry list - Related: RHELPLAN-39206 [1:0.2.0-1] - update to https://github.com/containers/skopeo/releases/tag/v0.2.0 - initial rhel8-8.2.1 build - Related: RHELPLAN-39206 slirp4netns [1.0.1-1] - update to https://github.com/rootless-containers/slirp4netns/archive/v1.0.1.tar.gz - Related: RHELPLAN-39206 [0.4.3-1] - update to https://github.com/rootless-containers/slirp4netns/archive/v0.4.3.tar.gz - Related: RHELPLAN-39206 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1983 Oracle Linux 8 [42.2.3-3] - fixed XXE vulnerability unit test [42.2.3-2] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 Oracle Linux 8 [5.1.1-12] - Fix for CVE-2020-5313 Resolves: rhbz#1789532 [5.1.1-11] - Fix for CVE-2020-11538 Resolves: rhbz#1852814 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5313 CVE-2020-11538 Oracle Linux 8 [4.18.0-193.14.3_2.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-193.14.3_2] - Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713} [4.18.0-193.14.2_2] - [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713} - [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713} - [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780} - [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908} [4.18.0-193.14.1_2] - [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975] - [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975] - [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975] - [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975] - [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975] - [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975] - [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975] - [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975] - [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975] - [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975] - [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975] - [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975] - [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775] - [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20908 CVE-2020-15780 Oracle Linux 7 [3.10.0-1127.18.2.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1127.18.2] - [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837429 1837430] {CVE-2020-10713} - [kernel] Move to dual-signing to split signing keys up better (pjones) [1837429 1837430] {CVE-2020-10713} [3.10.0-1127.18.1] - [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1838602 1830606] - [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1838602 1830606] [3.10.0-1127.17.1] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1852245 1820632] - [fs] aio: fix inconsistent ring state (Jeff Moyer) [1850055 1845326] - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844069 1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844025 1844026] {CVE-2020-12653} - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tables()'s move_huge_pmd() corner case (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} [3.10.0-1127.16.1] - [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1850500 1752067] - [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1842994 1818001] - [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1842994 1818001] [3.10.0-1127.15.1] - [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1847343 1663720] - [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1847343 1663720] - [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1847343 1663720] - [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1847343 1663720] - [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1847343 1663720] - [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1847343 1663720] - [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847333 1834278] - [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1841825 1837127] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1830889 1810643] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1830889 1810643] - [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1803448 1814257] {CVE-2019-19527} - [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1803448 1814257] {CVE-2019-19527} [3.10.0-1127.14.1] - [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1845520 1813803] - [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Don't hold the inode lock across fsync() (Benjamin Coddington) [1845520 1813803] - [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1845520 1813803] - [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1845520 1813803] - [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (Jonathan Toppins) [1834190 1823679] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10757 CVE-2019-19527 CVE-2020-12653 CVE-2020-12654 Oracle Linux 6 [68.11.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Thu Jul 23 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-6463 CVE-2020-15652 CVE-2020-15659 Oracle Linux 8 [68.11.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-15652 CVE-2020-6463 CVE-2020-15659 Oracle Linux 7 [68.11.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Thu Jul 23 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 Oracle Linux 8 nspr [4.25.0-2] - Rebuild [4.25.0-1] - Update to NSPR 4.25 nss [3.53.1-11] - Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8) [3.53.1-10] - Disable dh timing test because it's unreliable on s390 [3.53.1-9] - Explicitly enable upgradedb/sharedb test cycles [3.53.1-8] - Disable Delegated Credentials for TLS [3.53.1-7] - Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked. [3.53.1-6] - Update nss-rsa-pkcs1-sigalgs.patch to the upstream version [3.53.1-5] - Include required checks for dh and ecdh key generation in FIPS mode. [3.53.1-4] - Add better checks for dh derive operations in FIPS mode. [3.53.1-3] - Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938) - Adjust for update-crypto-policies packaging change (#1848649) - Fix compilation with -Werror=strict-prototypes (#1843417) [3.53.1-2] - Fix regression in MD5 disablement (#1849938) - Include rsa_pkcs1_* in signature_algorithms extension (#1847945) [3.53.1-1] - Update to NSS 3.53.1 [3.53.0-1] - Update to NSS 3.53 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17006 CVE-2020-12402 CVE-2019-17023 CVE-2019-11756 Oracle Linux 7 [0.9.9-14.1] - Fix CVE-2017-18922 Resolves: #1852509 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-18922 Oracle Linux 6 [8.4.704-4] - require explicitly jdk-1.6 due to ABI bytecode compatibility [8.4.704-3] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 Oracle Linux 7 [9.2.1002-8] - require explicitly jdk-1.7 due to ABI bytecode compatibility [9.2.1002-7] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 Oracle Linux 8 [68.11.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Oracle Linux 7 [68.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 Oracle Linux 6 [68.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-15659 CVE-2020-6463 CVE-2020-15652 Oracle Linux 8 [0.9.11-15.1] - Fix NVR Related: #1852356 [0.9.11-15] - Fix CVE-2017-18922 Resolves: #1852356 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-18922 Oracle Linux 8 [3.1.107-1.0.1] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.107-1] - Update to .NET Core Runtime 3.1.7 and SDK 3.1.107 - Resolves: RHBZ#1862593 - Resolves: RHBZ#1861113 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1597 Oracle Linux 6 [2.6.32-754.33.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.33.1] - [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1824907] [2.6.32-754.32.1] - [wireless] libertas: make lbs_ibss_join_existing() return error code on rates overflow (Jarod Wilson) [1776569] - [wireless] libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held (Jarod Wilson) [1776569] - [wireless] libertas: Fix two buffer overflows at parsing bss descriptor (Jarod Wilson) [1776569] - [security] keys: Protect request_key() against a type with no match function (Patrick Talbert) [1433220] {CVE-2017-2647} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14896 CVE-2017-2647 Oracle Linux 7 [68.12.0-1.0.3] - Build with rust-toolset 1.43 [68.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Improve bindgen configuration wrt clang (bmo#1526857) - Lift MOZ_SMP_FLAGS limit [68.12.0] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15669 CVE-2020-15664 Oracle Linux 8 [78.2.0-2.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.2.0-2] - Update to 78.2.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-12422 CVE-2020-15653 CVE-2020-15656 CVE-2020-15654 CVE-2020-12425 CVE-2020-12424 CVE-2020-15658 CVE-2020-15648 CVE-2020-15669 Oracle Linux 6 [68.12.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Thu Aug 20 2020 Jan Horak <jhorak@redhat.com> - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 Oracle Linux 7 [1:2.2.36-6.1] - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1871841) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1871843) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1871842) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12673 CVE-2020-12100 CVE-2020-12674 Oracle Linux 8 libecap squid [7:4.4-8.2] - Resolves: #1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: #1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling could result in cache poisoning [7:4.4-8.1] - Resolves: #1828368 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: #1828367 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1829402 - CVE-2019-12525 squid:4/squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15811 CVE-2020-15810 Oracle Linux 7 [68.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Build with rust-toolset 1.43 [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 Oracle Linux 8 [68.12.0-1.0.1] * Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 Oracle Linux 6 [68.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 Oracle Linux 8 [0.6.12-4.1] - Fix CVE-2020-12825 Resolves: #1866484 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12825 Oracle Linux 8 [1.11.0-3] - Validate paths read from repomd.xml (RhBug:1866498) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14352 Oracle Linux 8 php [7.3.20-1] - update to 7.3.20 #1856655 php-pear [1:1.10.9-1] - update PEAR to 1.10.9 - update Archive_Tar to 1.4.7 - update Console_Getopt to 1.4.2 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11040 CVE-2019-11041 CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-19246 CVE-2020-7060 CVE-2019-11042 CVE-2019-19203 CVE-2019-19204 CVE-2019-20454 CVE-2020-7066 CVE-2020-7062 CVE-2020-7064 CVE-2019-13225 CVE-2020-7059 CVE-2019-16163 CVE-2019-11039 CVE-2020-7065 CVE-2020-7063 CVE-2019-11050 CVE-2019-13224 Oracle Linux 8 golang [1.13.15-1] - Rebase to 1.13.15 - Related: rhbz#1865875 - Related: rhbz#1865873 go-toolset [1.13.15-1] - Rebase to 1.13.15 - Related: rhbz#1865875 - Related: rhbz#1865873 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-15586 CVE-2020-14040 CVE-2020-16845 Oracle Linux 8 [10.14-1] - Rebase to upstream release 10.14 Fixes RHBZ#1727803 Fixes RHBZ#1741489 Fixes RHBZ#1709196 [10.13-1] - Rebase to upstream release 10.13 Fixes RHBZ#1727803 Fixes RHBZ#1741489 Fixes RHBZ#1709196 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10164 CVE-2019-10208 CVE-2020-14350 CVE-2019-10130 CVE-2020-14349 CVE-2020-1720 Oracle Linux 8 [3.1.108-2.0.1.el8_2] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.108-2] - Rebuild to fix tests - Resolves: RHBZ#1874512 [3.1.108-1] - Update to .NET Core Runtime 3.1.8 and SDK 3.1.108 - Resolves: RHBZ#1874512 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1045 Oracle Linux 8 [1:2.3.8-2.2] - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866755) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866760) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1866767) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12674 CVE-2020-12100 CVE-2020-12673 Oracle Linux 8 mod_http2 [1.11.3-3.1] - Resolves: #1869072 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9490 Oracle Linux 8 mysql [8.0.21-1] - Rebase to 8.0.21 - Use bundled libzstd and libevent for RHSCL and RHEL-8.0.0 - Check that we have correct versions in bundled(*) Provides - Remove re2 bundled dependency [8.0.20-1] - Rebase to 8.0.20 [8.0.19-2] - Specify all perl dependencies [8.0.19-1] - Rebase to 8.0.19 [8.0.18-1] - Rebase to 8.0.18 - Add libzstd-devel dependencies - Include patch to build against protobuf 3.11 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-3004 CVE-2019-3009 CVE-2020-2893 CVE-2020-2925 CVE-2020-14619 CVE-2020-2577 CVE-2020-2589 CVE-2020-2627 CVE-2020-2780 CVE-2020-14547 CVE-2020-14568 CVE-2019-2938 CVE-2019-2957 CVE-2019-2966 CVE-2019-3011 CVE-2020-2570 CVE-2020-2574 CVE-2020-2579 CVE-2020-2580 CVE-2020-2588 CVE-2020-2752 CVE-2020-2762 CVE-2020-2892 CVE-2020-2896 CVE-2020-2903 CVE-2020-2930 CVE-2020-14539 CVE-2020-14575 CVE-2020-14586 CVE-2019-2911 CVE-2019-2963 CVE-2019-2967 CVE-2019-2997 CVE-2020-2573 CVE-2020-2686 CVE-2020-2779 CVE-2020-2804 CVE-2020-2897 CVE-2020-2922 CVE-2020-2928 CVE-2020-14567 CVE-2019-2974 CVE-2019-3018 CVE-2020-2763 CVE-2020-2924 CVE-2020-14576 CVE-2019-2968 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2998 CVE-2020-2679 CVE-2020-2812 CVE-2020-2814 CVE-2020-2921 CVE-2020-14553 CVE-2020-2584 CVE-2020-2774 CVE-2020-14550 CVE-2020-14680 CVE-2020-2760 CVE-2020-14631 CVE-2020-2898 CVE-2020-14540 CVE-2020-14559 CVE-2020-14614 CVE-2019-2914 CVE-2019-2946 CVE-2020-2761 CVE-2020-2765 CVE-2020-2901 CVE-2020-2904 CVE-2020-14597 CVE-2020-14633 CVE-2020-14641 CVE-2020-14702 CVE-2020-2853 CVE-2020-2895 CVE-2020-14632 CVE-2020-14634 CVE-2020-14643 CVE-2020-14651 CVE-2020-14697 CVE-2020-14725 CVE-2020-2660 CVE-2020-2694 CVE-2019-2960 CVE-2020-2759 CVE-2020-2770 CVE-2020-2923 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14654 CVE-2020-14656 CVE-2020-2926 CVE-2020-14663 CVE-2020-14678 Oracle Linux 8 [78.3.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.3.0-1] - Update to 78.3.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15676 CVE-2020-15678 CVE-2020-15677 CVE-2020-15673 Oracle Linux 6 [78.3.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri Sep 18 2020 Jan Horak <jhorak@redhat.com> - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 * Fri Jul 24 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 * Fri Jun 26 2020 Jan Horak <jhorak@redhat.com> - Update to 68.10.0 build1 * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15677 CVE-2020-15673 CVE-2020-15676 CVE-2020-15678 Oracle Linux 7 [0.5-0.8.alpha] - Fix for CVE-2019-1010305 resolves: rhbz#1736744 LOW Copyright 2020 Oracle, Inc. CVE-2019-1010305 Oracle Linux 7 [2.17-317.0.1] - Merge RH el7 u8 patches with Oracle patches Review-exception: Simple merge - Adding Mike Fabians C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) Orabug 29784239. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if ((stream->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*stream->_lock); OraBug 28481550. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Modify glibc-ora28849085.patch so it works with RHCK kernels. Orabug 28849085. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs. - Orabug 28849085 - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984. - Orabug 25558067. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae - OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. - OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Include-linux-falloc.h-in-bits-fcntl-linux.h - Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE - OraBug 28483336 - Add MAP_SHARED_VALIDATE and MAP_SYNC flags to - sysdeps/unix/sysv/linux/x86/bits/mman.h - OraBug 28389572 - Update bits/siginfo.h with Linux hwpoison SIGBUS changes. - Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9). - It also adds si_trapno field for alpha. - New values: BUS_MCEERR_AR, BUS_MCEERR_AO - OraBug 28124569 [2.17-317] - Do not clobber errno in nss_compat (#1834816) LOW Copyright 2020 Oracle, Inc. CVE-2019-19126 Oracle Linux 7 [1:1.6.3-51] - 1823758 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist [rhel-7] [1:1.6.3-50] - 1813413 - [RHEL 7.7] segfault in cupsdSaveJob() caused by no space in /var [1:1.6.3-49] - more covscan issues raised from the fix 1672212 [1:1.6.3-48] - fixing covscan issue from 1672212 [1:1.6.3-47] - 1672212 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created [1:1.6.3-46] - 1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue [1:1.6.3-45] - fixing covscan issue from 1774460 [1:1.6.3-44] - 1774460 - CVE-2019-8696 cups: stack-buffer-overflow in libcupss asn1_get_packed function [rhel-7] - 1774461 - CVE-2019-8675 cups: stack-buffer-overflow in libcupss asn1_get_type function [rhel-7] - 1753809 - Settings in ~/.cups/client.conf arent used MODERATE Copyright 2020 Oracle, Inc. CVE-2017-18190 CVE-2019-8675 CVE-2019-8696 Oracle Linux 7 [1.2.15-17] - Fix Some CVEs: CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638 - Resolves: rhbz#1716201, rhbz#1716202, rhbz#1716206, - Resolves: rhbz#1716207, rhbz#1716208 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-7572 CVE-2019-7575 CVE-2019-7635 CVE-2019-7573 CVE-2019-7577 CVE-2019-7637 CVE-2019-7636 CVE-2019-7574 CVE-2019-7578 CVE-2019-7638 CVE-2019-7576 Oracle Linux 7 [4.3.2-12] - Fix pcp-atop dynamic memory initialization issues (BZ 1818710) [4.3.2-8] - Fix rpm %post privilege escalation CVEs (BZs 1815249, 1815528) - Resolve an selinux policy issue with pmlogger (BZ 1792859) LOW Copyright 2020 Oracle, Inc. CVE-2019-3696 CVE-2019-3695 Oracle Linux 7 [1.4.4-11.20101004cvs] - Fix global buffer overflow Resolves: bz#1301202 - Fix improper handling of CSRC count and extension header length in RTP header Resolves: bz#1323705 - Fix buffer overflow in application of crypto profiles Resolves: bz#1141897 MODERATE Copyright 2020 Oracle, Inc. CVE-2015-6360 CVE-2013-2139 Oracle Linux 7 [1.8.0-21] - Add upstream patch needed because of previous security fixes Resolves: bz#1826822 [1.8.0-20] - Fix stack buffer overflow in CMsgReader::readSetCursor Resolves: bz#1791773 - Fix heap buffer overflow in DecodeManager::decodeRect Resolves: bz#1791768 - Fix heap buffer overflow in TightDecoder::FilterGradient Resolves: bz#1791763 - Fix heap-based buffer overflow triggered from CopyRectDecoder Resolves: bz#1791747 - Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder Resolves: bz#1791759 - Add option to fallback to empty port when the specified one is taken Resolves: bz#1791996 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15695 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 Oracle Linux 7 [1.3.0-8] - Fix for CVE-2020-0034 - Resolves: rhbz#1823909 [1.3.0-7] - Fix for CVE-2019-9232 and CVE-2019-9433 - Resolves: rhbz#1796085, rhbz#1796099 [1.3.0-6] - Fix for CVE-2017-0393 - Resolves: rhbz#1779498 [1.3.0-4] - fix Illegal Instruction abort [1.3.0-3] - update library symbol list for 1.3.0 from Debian [1.3.0-2] - armv7hl specific target [1.3.0-1] - update to 1.3.0 [1.2.0-1] - update to 1.2.0 [1.1.0-1] - update to 1.1.0 [1.0.0-3] - fix vpx.pc file to include -lm (bz825754) [1.0.0-2] - use included vpx.pc file (drop local libvpx.pc) - apply upstream fix to vpx.pc file (bz 814177) [1.0.0-1] - update to 1.0.0 [0.9.7.1-3] - use macro instead of hard-coded version [0.9.7.1-2] - fix build on generic targets [0.9.7.1-1] - libvpx 0.9.7-p1 [0.9.7-1] - libvpx 0.9.7 [0.9.6-2] - add 2 symbols to the shared library for generic targets [0.9.6-1] - update to 0.9.6 [0.9.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.9.5-2] - apply patch from upstream git (Change I6266aba7), should resolve CVE-2010-4203 [0.9.5-1] - update to 0.9.5 [0.9.1-3] - only package html docs to avoid multilib conflict (bz 613185) [0.9.1-2] - build shared library the old way for generic arches [0.9.1-1] - update to 0.9.1 [0.9.0-7] - update to git revision 8389f1967c5f8b3819cca80705b1b4ba04132b93 - upstream fix for bz 599147 - proper shared library support [0.9.0-6] - add hackish fix for bz 599147 (upstream will hopefully fix properly in future release) [0.9.0-5] - fix noexecstack flag [0.9.0-4] - BuildRequires: yasm (were optimized again) [0.9.0-3] - add pkg-config file - move headers into include/vpx/ - enable optimization [0.9.0-2] - fix permissions on binaries - rename generic binaries to v8_* - link shared library to -lm, -lpthread to resolve missing weak symbols [0.9.0-1] - Initial package for Fedora MODERATE Copyright 2020 Oracle, Inc. CVE-2017-0393 CVE-2020-0034 CVE-2019-9232 CVE-2019-9433 Oracle Linux 7 [1:0.3.6-9] - Apply security patches. CVE-2018-17095, CVE-2018-13440 - Resolves: rhbz#1600369, rhbz#1601014, rhbz#1637128 [1:0.3.6-8] - Escape macros in %changelog [1:0.3.6-7] - Merge upstream pull requests #42,#43,#44 from Agostino Sarubbo to fix security issues. CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 [1:0.3.6-6] - patch to compile with GCC 6 [1:0.3.6-5] - Merge fix from upstream pull request #25 for CVE-2015-7747. Test conversion from e.g. 16-bit LE stereo to 8-bit LE mono no longer causes corruption. MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17095 CVE-2018-13440 Oracle Linux 7 [2.76-16] - Fix strict-mode retries on REFUSED (#1755610) [2.76-15] - Forward non-recursive queries to upstream, but serve local names (#1755610) [2.76-14] - Stop treating SERVFAIL as successful response (#1815080) [2.76-13] - Do not ignore DHCPv6 relay messages (#1757247) [2.76-12] - Fix memory leak in create_helper (#1795369) [2.76-11] - Send dhcp_release even for addresses not on local network (#1752569) LOW Copyright 2020 Oracle, Inc. CVE-2019-14834 Oracle Linux 7 [2.0.0-21gitd1c6db8] - Fix for CVE-2020-5313 Resolves: rhbz#1789532 [2.0.0-20gitd1c6db8] - Combined fixes for CVE-2020-5312 and CVE-2019-16865 Resolves: rhbz#1789533 Resolves: rhbz#1774066 [2.0.0-19gitd1c6db8] - Reenabled webp support on little endian archs. [2.0.0-18gitd1c6db8] - Disabled webp support on ppc64le due to #962091 and #1127230. - Updated URL. [2.0.0-17gitd1c6db8] - Wiped out some memory leaks. [2.0.0-15.gitd1c6db8] - Mass rebuild 2014-01-24 [2.0.0-14gitd1c6db8] - Fixed memory corruption. - Resolves: rhbz#1001122 [2.0.0-13.gitd1c6db8] - Mass rebuild 2013-12-27 [2.0.0-12] - Mark doc subpackage arch dependent. Docs are built depending on supported features, which are different across archs. Resolves: rhbz#987839 [2.0.0-11] - Drop lcms support Resolves: rhbz#987839 [2.0.0-10] - Build without webp support on s390* archs Resolves: rhbz#962059 [2.0.0-9.gitd1c6db8] - Conditionaly disable build of python3 parts on RHEL system [2.0.0-8.gitd1c6db8] - Add patch to fix test failure on big-endian [2.0.0-7.gitd1c6db8] - Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isnt appropriate since qt support didnt exist in the previous python-pillow package so theres no reason to drag in python-pillow-qt when updating python-pillow. [2.0.0-6.gitd1c6db8] - Update to latest git - python-pillow_quantization.patch now upstream - python-pillow_endianness.patch now upstream - Add subpackage for ImageQt module, with correct dependencies - Add PyQt4 and numpy BR (for generating docs / running tests) [2.0.0-5.git93a488e] - Reenable tests on bigendian, add patches for #928927 [2.0.0-4.git93a488e] - Update to latest git - disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed [2.0.0-3.gitde210a2] - python-pillow_tempfile.patch now upstream - Add python3-imaging provides (bug #924867) [2.0.0-2.git2e88848] - Update to latest git - Remove python-pillow-disable-test.patch, gcc is now fixed - Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged [2.0.0-1.git2f4207c] - Update to 2.0.0 git snapshot - Enable python3 packages - Add libwebp-devel BR for Pillow 2.0.0 [1.7.8-6.20130305git] - Add ARM support [1.7.8-5.20130305git] - add s390* and ppc* to arch detection [1.7.8-4.20130305git7866759] - Update to latest git snapshot - 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream - Pillow-1.7.8-selftest.patch now upstream [1.7.8-3.20130210gite09ff61] - Really remove -fno-strict-aliasing - Place comment on how to retreive source just above the Source0 line [1.7.8-2.20130210gite09ff61] - Rebuild without -fno-strict-aliasing - Add patch for upstream issue #52 [1.7.8-1.20130210gite09ff61] - Initial RPM package MODERATE Copyright 2020 Oracle, Inc. CVE-2020-5313 Oracle Linux 7 [3.6.8-17.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-17] - Overhaul pythons FIPS mode support Resolves: rhbz#1788459 [3.6.8-16] - Security fix for CVE-2020-8492 Resolves: rhbz#1810616 [3.6.8-15] - Security fix for CVE-2019-16935 Resolves: rhbz#1797999 [3.6.8-14] - Provide and obsolete the python36-tools subpackage for EPEL compatibility Resolves: rhbz#1763730 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16935 CVE-2020-8492 Oracle Linux 7 [19.4-7.0.3] - Add conditional restart of NetworkManager for cloud-final. [Orabug: 31965645] - Correct postinstall upgrade cloud-init.service mismerge order. [19.4-7.0.1] - Add Oracle Linux variant to known distros - Add cloud-init hotplug event handling support [Orabug: 30485135] - Oracle data source should configure secondary VNICs [Orabug: 30487563] - Add support for netfailover detection [Orabug: 30487591] - Avoid hotplug handling when configure_secondary_nics is disabled [Orabug: 31086905] - Set per-platform default NM_CONTROLLED=no for OCI [Orabug: 31086905] - Remove secondary VNIC config from cache for hot unplug [Orabug: 31086905] - Fix OL distro specific issues and dependency compatibility [Orabug: 30435672] - Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349] - Make Oracle datasource detect dracut based config files [Orabug: 29956753] [19.4-7.el7] - ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1821999] - Resolves: bz#1821999 ([RHEL7.9] Do not log IMDSv2 token values into cloud-init.log) [19.4-6.el7] - ci-Use-reload-or-try-restart-instead-of-try-reload-or-r.patch [bz#1748015] - ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1821999] - Resolves: bz#1748015 ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok)) - Resolves: bz#1821999 ([RHEL7.9] Do not log IMDSv2 token values into cloud-init.log) [19.4-5.el7] - ci-Remove-race-condition-between-cloud-init-and-Network-v2.patch [bz#1748015] - ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1772505] - Resolves: bz#1748015 ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok)) - Resolves: bz#1772505 ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-4.el7] - ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1772505] - Resolves: bz#1772505 ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-3.el7] - ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1772505] - Resolves: bz#1772505 ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-2.el7] - ci-Removing-cloud-user-from-wheel.patch [bz#1549638] - ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1748015] - ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812170] - ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812173] - ci-Enable-ssh_deletekeys-by-default.patch [bz#1574338] - Resolves: bz#1549638 ([RHEL7]cloud-user added to wheel group and sudoers.d causes 'sudo -v' prompts for passphrase) - Resolves: bz#1574338 (CVE-2018-10896 cloud-init: SSH host keys are not regenerated for the new instances [rhel-7]) - Resolves: bz#1748015 ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok)) - Resolves: bz#1812170 (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-7]) - Resolves: bz#1812173 (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-7]) [19.4-1.el7] - Rebase to 19.4 [bz#1803094] - Resolves: bz#1803094 ([RHEL-7.9] cloud-init rebase to 19.4) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8631 CVE-2020-8632 CVE-2018-10896 Oracle Linux 7 [2:1.5.13-8] - Fix CVE-2017-12652 - Resolves: #1744870 LOW Copyright 2020 Oracle, Inc. CVE-2017-12652 Oracle Linux 7 [4.0.3-35] - Fix two resource leaks Related: #1771371 [4.0.3-34] - Fix CVE-2019-17546 Resolves: #1771371 [4.0.3-33] - Fix CVE-2019-14973 Resolves: #1755704 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14973 CVE-2019-17546 Oracle Linux 7 [1.5.3-175.el7] - kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408] - Resolves: bz#1810408 (CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7]) [1.5.3-174.el7] - kvm-util-add-slirp_fmt-helpers2.patch [bz#1800515] - kvm-tcp_emu-fix-unsafe-snprintf-usages2.patch [bz#1800515] - kvm-slirp-disable-tcp_emu.patch [bz#1791679] - kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1802215] - kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1802215] - kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503] - Resolves: bz#1618503 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7]) - Resolves: bz#1791679 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-7]) - Resolves: bz#1800515 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.9]) - Resolves: bz#1802215 (Add support for newer glusterfs) LOW Copyright 2020 Oracle, Inc. CVE-2018-15746 CVE-2019-20382 Oracle Linux 7 [2.11-28] - Improper input validation when writing tar header fields (#1766222) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14866 Oracle Linux 7 [2.7.5-89.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-89] - Security fix for CVE-2019-16935 Resolves: rhbz#1797998 [2.7.5-88] - Security fix for CVE-2019-16056 Resolves: rhbz#1750773 [2.7.5-87] - Fix CVE-2018-20852 Resolves: rhbz#1741551 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16935 Oracle Linux 7 [1.8.0-4] - fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498) [1.8.0-3] - sanitize public header file (detected by rpmdiff) [1.8.0-2] - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) - fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) - fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) [1.8.0-1] - rebase to 1.8.0 (#1592784) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17498 Oracle Linux 7 [7.29.0-59.0.1] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) - Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch [7.29.0-59] - http: free protocol-specific struct in setup_connection callback (#1836773) [7.29.0-58] - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5482 Oracle Linux 7 [1.0.25-12] - fix CVE-2018-19662 - buffer over-read in the function i2alaw_array (#1673086) LOW Copyright 2020 Oracle, Inc. CVE-2018-19662 Oracle Linux 7 [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7] - Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp - ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset [4.6.8-4.el7] - Resolves: #1842950 ipa-adtrust-install fails when replica is offline - ipa-adtrust-install: avoid failure when replica is offline - Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method - WebUI: Apply jQuery patch to fix htmlPrefilter issue [4.6.8-3.el7] - Resolves: #1834385 Man page syntax issue detected by rpminspect - Man pages: fix syntax issues - Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case - Make check_required_principal() case-insensitive - Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3 - ipa-advise: fallback to /usr/libexec/platform-python if python3 not found - Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1 - Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in objects prototype leading to denial of service or remote code execution or property injection - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1 [4.6.8-2.el7] - Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service - Add interactive prompt for the LDAP bind password to ipa-getkeytab - CVE-2020-1722: prevent use of too long passwords [4.6.8-1.el7] - Resolves: #1819725 - Rebase IPA to latest 4.6.x version - Resolves: #1817927 - host-add --password logs cleartext userpassword to Apache error log - Resolves: #1817923 - IPA upgrade is failing with error 'Failed to get request: bus, object_path and dbus_interface must not be None.' - Resolves: #1817922 - covscan memory leaks report - Resolves: #1817919 - Enable compat tree to provide information about AD users and groups on trust agents - Resolves: #1817918 - Secure tomcat AJP connector - Resolves: #1817886 - ipa group-add-member: prevent adding IPA objects as external members - Resolves: #1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd [4.6.6-12.el7] - Resolves: #1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6 - Resolves: #1404770 - ID Views: do not allow custom Views for the masters - idviews: prevent applying to a master - Resolves: #1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems - install/updates: move external members past schema compat update - Resolves: #1795890 - ipa-pkinit-manage enable fails on replica if it doesnt host the CA - pkinit setup: fix regression on master install - pkinit enable: use local dogtag only if host has CA - Resolves: #1788907 - Renewed certs are not picked up by IPA CAs - Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit - Resolves: #1780548 - Man page ipa-cacert-manage does not display correctly on RHEL - ipa-cacert-manage man page: fix indentation - Resolves: #1782587 - add 'systemctl restart sssd' to warning message when adding trust agents to replicas - adtrust.py: mention restarting sssd when adding trust agents - Resolves: #1771356 - Default client configuration breaks ssh in FIPS mode - Use default ssh host key algorithms - Resolves: #1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client - smartcard: make the ipa-advise script compatible with authselect/authconfig - Resolves: #1758406 - KRA authentication fails when IPA CA has custom Subject DN - upgrade: fix ipakra people entry 'description' attribute - krainstance: set correct issuer DN in uid=ipakra entry - Resolves: #1756568 - ipa-server-certinstall man page does not match built-in help - ipa-server-certinstall manpage: add missing options - Resolves: #1206690 - UPG not being enforced properly - ipa user_add: do not check group if UPG is disabled - Resolves: #1811982 - CVE-2018-14042 ipa: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. - Resolves: #1811978 - CVE-2018-14040 ipa: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute - Resolves: #1811972 - CVE-2016-10735 ipa: bootstrap: XSS in the data-target attribute - Resolves: #1811969 -CVE-2018-20676 ipa: bootstrap: XSS in the tooltip data-viewport attribute - Resolves: #1811966 - CVE-2018-20677 ipa: bootstrap: XSS in the affix configuration target property - Resolves: #1811962 - CVE-2019-8331 ipa: bootstrap: XSS in the tooltip or popover data-template attribute - Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1 - Resolves: #1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements - WebUI: Fix notification area layout - Resolves: #1545755 - ipa-replica-prepare should not update pki admin password - Fix indentation levels - ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN - ipa-pwd-extop: dont check password policy for non-Kerberos account set by DM or a passsync manager - Dont save password history on non-Kerberos accounts MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11358 CVE-2015-9251 CVE-2020-11022 CVE-2018-20677 CVE-2018-14042 CVE-2018-20676 CVE-2018-14040 CVE-2019-8331 CVE-2020-1722 CVE-2016-10735 Oracle Linux 7 [2.6.3-7.git4391e5c] - Fix CVE-2019-3833 Resolves: #1677691 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3833 Oracle Linux 7 [0.2.8.4-44] - Resolves: rhbz#1840569 adapt to new urw-fonts [0.2.8.4-43] - Resolves: rhbz#1679005 CVE-2019-6978 [0.2.8.4-42] - Related: rhbz#1239162 fix patch context LOW Copyright 2020 Oracle, Inc. CVE-2019-6978 Oracle Linux 7 [0.6-8] - Resolves: rhbz#1803831 CVE-2019-17400 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17400 Oracle Linux 7 [0.8.0-3] - Resolves: #1809991, CVE-2019-18609 - integer overflow MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18609 Oracle Linux 7 [2.1.0-12] - add security fixes for CVE-2018-20843, CVE-2019-15903 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20843 CVE-2019-15903 Oracle Linux 7 [2.4.6-95.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-95] - Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [2.4.6-94] - Resolves: #1565491 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name - Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect - Resolves: #1724879 - httpd terminates all SSL connections using an abortive shutdown - Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive - Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service - Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1303 CVE-2017-15715 CVE-2020-1934 CVE-2018-1283 CVE-2020-1927 CVE-2019-10098 Oracle Linux 7 [20120731b-13] - Resolves:rh#1790973 - CVE-2020-5395:out-of-bounds write in sfd.c MODERATE Copyright 2020 Oracle, Inc. CVE-2020-5395 Oracle Linux 7 [1.8.8-7] - Fix a regression in the previous patches - Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-7] [1.8.8-6] - Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-7] - Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-7] LOW Copyright 2020 Oracle, Inc. CVE-2019-14857 CVE-2019-20479 Oracle Linux 7 [1.3.2-16] - Resolves: rhbz#1775556 CVE-2019-16707 LOW Copyright 2020 Oracle, Inc. CVE-2019-16707 Oracle Linux 7 [1.7.14-16] - add security fix for CVE-2018-11782 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-11782 Oracle Linux 7 [3.4.0-6] - Fix CVE-2019-12420 - Resolves: rhbz#1812976 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12420 Oracle Linux 7 evince [3.28.2-10] - Do not try to use icon_view widget when in tree view mode - Resolves: #1610436 poppler [0.26.5-43] - Fix crash on broken file in tilingPatternFill() - Resolves: #1801340 LOW Copyright 2020 Oracle, Inc. CVE-2019-14494 Oracle Linux 7 glib2 [2.56.1-7] - Backport patch to limit access to files when copying (CVE-2019-12450) Resolves: #1722099 [2.56.1-6] - Backport patches for GDBus auth Resolves: #1777221 ibus [1.5.17-11] - Resolves: #1750835 - Fix CVE-2019-14822 missing authorization allows MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14822 CVE-2019-12450 Oracle Linux 7 [4.10-16-5] - related: #1785121 - Add missing RPM Requires [4.10.16-2] - resolves: #1828354 - add additioanl hostnames to the keytab - resolves: #1836427 - add dnshostname option net-ads-join [4.10.16-1] - related: #1785121 - Rebase to version 4.10.16 [4.10.15-5] - resolves: #1831986 - Fix gencache for normal users [4.10.15-4] - resolves: #1813017 - Fix smbclient log to file [4.10.15-3] - Removed patch for #1634057 [4.10.15-2] - resolves: #1825505 - Compilation of samba sources fails on RHEL [4.10.15-1] - related: #1785121 - Rebase to version 4.10.15 - resolves: #1828924 - Fix typo in pam_winbind documentation about require_membership_of - resolves: #1801496 - Add missing ctdb directories [4.10.13-2] - resolves: #1810511 - Fix net-ads-keytab-create to include UPN [4.10.13-1] - resolves: #1785121 - Rebase to vesion 4.10.13 - resolves: #1791208 - Fix CVE-2019-14907 - resolves: #1737888 - Fix manual libwbclient alternative settings - resolves: #1634057 - Return correct stat for SMB1 with POSIX extensions MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14907 Oracle Linux 7 [3.0.13-15] - Fixes EAP-PWD: DoS issues due to multithreaded BN_CTX access Resolves: bz#1818808 [3.0.13-14 - Fixes receiving of multiple RADIUS packets under load Resolves: bz#1630684 [3.0.13-13] - Fixes logging of cleartext pap password Resolves: bz#1677435 [3.0.13-12] - Fixes paircompare with attribute references and expansions Resolves: bz#1592741 [3.0.13-11] - Fixes logrotate, EAP-PWD vulnerability Resolves: bz#1719368 privilege escalation due to insecure logrotate configuration Resolves: bz#1751796 eap-pwd: Information leak due to aborting when needing more than 10 iterations MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13456 CVE-2019-10143 CVE-2019-17185 Oracle Linux 7 [2.9.1-6.0.1.5] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-6.5] - Fix CVE-2019-19956 (#1793000) - Fix CVE-2019-20388 (#1810057) - Fix CVE-2020-7595 (#1810073) - Fix xsd:any schema validation (#1812145) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19956 CVE-2020-7595 CVE-2019-20388 Oracle Linux 7 [4.5.0-36] - virDevMapperGetTargetsImpl: Be tolerant to kernels without DM support (rhbz#1823976) - virDevMapperGetTargetsImpl: quit early if device is not a devmapper target (rhbz#1823976) [4.5.0-35] - qemu: dont take agent and monitor job for shutdown (CVE-2019-20485) - qemu: dont hold a monitor and agent job for reboot (CVE-2019-20485) - qemu: dont hold monitor and agent job when setting time (CVE-2019-20485) - qemu: remove use of qemuDomainObjBeginJobWithAgent() (CVE-2019-20485) - qemu: remove qemuDomainObjBegin/EndJobWithAgent() (CVE-2019-20485) - storage: Fix daemon crash on lookup storagepool by targetpath (CVE-2020-10703) [4.5.0-34] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1815269) - vmx: make 'fileName' optional for CD-ROMs (rhbz#1815269) - RHEL: Fix migration on AMD hosts with old QEMU (rhbz#1815572) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10703 CVE-2019-20485 Oracle Linux 7 [5.44-7] - fixing CVE-2020-0556 . MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0556 Oracle Linux 7 [1:1.18.8-1] - Update to 1.18.8 relase - ifcfg-rh: handle '802-1x.{,phase2-}ca-path' (rh #1841397, CVE-2020-10754) - ifcfg-rh: handle 802-1x.pin properties. [1:1.18.6-4] - ip-tunnel: set cloned-mac-address only for layer2 tunnel devices (rh #1832170) [1:1.18.6-3] - Update translations (rh #1796852) [1:1.18.6-2] - vpn: gracefully handle invalid routes from VPN plugins - workaround g_strtoll() failing with EAGAIN (rh #1797915) [1:1.18.6-1] - Update to 1.18.6 release - cli: unset 'ipv[46].never-default' when setting 'ipv[46].gateway' (rh #1785039) - core: keep MTU of MACsec and MAC-VLAN interfaces in sync with parent (rh #1723690) - core: forbid autoactivation of parent when it is blocked by user request (rh #1765566) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10754 Oracle Linux 7 [0:7.0.76-15] - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [0:7.0.76-14] - Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence [0:7.0.76-13] - Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17563 CVE-2020-13935 Oracle Linux 7 [1.1.28-6.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.28-6] - Fix CVE-2019-18197 (#1775516) - Fix CVE-2019-11068 (#1715731) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18197 CVE-2019-11068 Oracle Linux 7 [219-78.0.1] - Backport upstream patches related to private-tmp (Sushmita Bhattacharya) [Orabug: 31561883] - backport upstream pstore tmpfiles patch (Eric DeVolder) [Orabug: 31414539] - udev rules: fix memory hot add and remove [Orabug: 31309730] - enable and start the pstore service [Orabug: 30950903] - fix to generate the systemd-pstore.service file [Orabug: 30235241] - Backport upstream patches for the new systemd-pstore tool [Orabug: 30235241] - do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896] - OL7 udev rule for virtio net standby interface [Orabug: 28826743] - fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com) - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] [219-78] - avoid double free (#1832816) [219-77] - core: coldplug possible nop_job (#1829754) - core: make sure to restore the control command id, too (#1828953) [219-76] - core: enforce a ratelimiter when stopping units due to StopWhenUnneeded=1 (#1775291) - core: rework StopWhenUnneeded= logic (#1775291) [219-75] - journal: break recursion (#1778744) [219-74] - sd-bus: bump message queue size again (#1770158) - unit: fix potential use of cgroup_path after free() when freeing unit (#1760149) - add test for ExecStopPost (#1733998) - core: when restarting services, dont close fds (#1757704) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1757704) - tests: add basic journal test (#1757704) - tests: add regression test for 'systemctl restart systemd-journald' (#1757704) - tests: add test that journald keeps fds over termination by signal (#1757704) - nss-util: silence warning about deprecated RES_USE_INET6 (#1799002) - journal: do not trigger assertion when journal_file_close() get NULL (#1786046) - mount: dont propagate errors from mount_setup_unit() further up (#1804757) - mount: when allocating a Mount object based on /proc/self/mountinfo mark it so (#1804757) - fix the fix for #1691511 (#1804757) - v3: Properly parsing SCSI Hyperv devices (#8509) (#1809053) - Consider smb3 as remote filesystem (#1811700) - mount: dont add Requires for tmp.mount (#1813270) - sd-bus: when attached to an sd-event loop, disconnect on processing errors (#1769928) - sd-journal: close journal files that were deleted by journald before weve setup inotify watch (#1812889) - sd-journal: remove the dead code and actually fix #14695 (#1812889) - swap: adjust swap.c in a similar way to what we just did to mount.c (#1749621) - swap: finish the secondary swap units jobs if deactivation of the primary swap unit fails (#1749621) - core: add a new unit file setting CollectMode= for tweaking the GC logic (#1817576) - run: add '-G' as shortcut for '--property=CollectMode=inactive-or-failed' (#1817576) - core: clarify that the CollectMode bus property is constant (#1817576) - udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1814028) - logind: check PolicyKit before allowing VT switch (#1797672) - timer: dont use persietent file timestamps from the future (#6823) (#1769923) - core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766477) - bus_open leak sd_event_source when udevadm trigger (#1798503) - journal-remote: split-mode=host, remove port from journal filename (#1244691) - core: downgrade log message about inability to propagate cgroup release message (#1679934) - units: move Before deps for quota services to remote-fs.target (#5627) (#1693374) - set kptr_restrict=1 (#1689344) [219-73.3] - journal: do not trigger assertion when journal_file_close() get NULL (#1807798) [219-73.2] - core: when restarting services, dont close fds (#1803802) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1803802) - tests: add basic journal test (#1803802) - tests: add regression test for 'systemctl restart systemd-journald' (#1803802) - tests: add test that journald keeps fds over termination by signal (#1803802) [219-73.1] - unit: fix potential use of cgroup_path after free() when freeing unit (#1760149) LOW Copyright 2020 Oracle, Inc. CVE-2019-20386 Oracle Linux 7 [1.45.6-19] - fix issues with meta_bg when resizing file system (#1849718) [1.42.9-18] - fix out-of-bounds write on corrupted fs (#1797731) - fix out-of-bounds write on corrupted fs (#1768710) - fix e2fsprogs creating corrupted meta image (#1711880) - fix typo in ext4 man page (#1720130) - provide easy metod for creating compatible rhel6 fs (#1780277) - better handling of trivial dir link count problem (#1820048) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5094 CVE-2019-5188 Oracle Linux 7 [4.10.5-9] - Document::processAction: If the url points to a binary, dont run it Resolves: bz#1821451 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-9359 Oracle Linux 7 [5.9.7-4] - Fix: Files placed by attacker can influence the working directory and lead to malicious code execution Resolves: bz#1814740 Resolves: bz#1814685 [5.9.7-3] - Fix multilib issue with qtcore-config.h header file Resolves: bz#1534528 - Move libQt5EglFSDeviceIntegration lib into correct subpackage Resolves: bz#1792680 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0570 CVE-2020-0569 Oracle Linux 7 [1:5.5.68-1] - Rebase to 5.5.68 This is the last upstream release. This major version reached upstream EOL - Related to: rhbz#1834835 [1:5.5.67-2] - Resolves: rhbz#1689827 [1:5.5.67-1] - Rebase to 5.5.67 - Related to: rhbz#1834835 - CVEs fixed: rhbz#1821939 CVE-2020-2574 [1:5.5.66-1] - Rebase to 5.5.66 - Related to: rhbz#1834835 - CVEs fixed: rhbz#1769276 rhbz#1830110 CVE-2019-2974 CVE-2020-2780 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-2752 CVE-2020-2574 CVE-2020-2812 CVE-2020-2780 CVE-2019-2974 Oracle Linux 7 [0.27.0-3] - Validate relationship of the total size to the offset to avoid crash Resolves: bz#1775695 LOW Copyright 2020 Oracle, Inc. CVE-2019-17402 Oracle Linux 7 [2.1.1-2] - Update to 2.1.1 (#1834286) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11042 CVE-2020-11087 CVE-2020-11018 CVE-2020-11045 CVE-2020-11048 CVE-2020-11088 CVE-2020-11040 CVE-2020-11047 CVE-2020-11039 CVE-2020-11044 CVE-2020-11038 CVE-2020-11041 CVE-2020-11085 CVE-2020-11526 CVE-2020-13397 CVE-2020-11086 CVE-2020-11049 CVE-2020-11089 CVE-2020-11019 CVE-2020-11043 CVE-2020-11046 CVE-2020-11522 CVE-2020-13396 CVE-2020-11525 CVE-2020-11058 Oracle Linux 7 [1:1.10.24-15.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.10.24-15] - Fix CVE-2020-12049 (#1851992) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12749 Oracle Linux 7 [2.28.2-2] - Resolves: rhbz#1817144 Rebuild to support ppc and s390 [2.28.2-1] - Resolves: rhbz#1817144 Rebase to 2.28.2 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-8563 CVE-2019-8678 CVE-2019-8821 CVE-2019-8607 CVE-2019-8625 CVE-2019-8658 CVE-2019-8666 CVE-2019-8683 CVE-2019-8686 CVE-2019-8719 CVE-2019-8811 CVE-2019-8819 CVE-2020-3901 CVE-2020-3902 CVE-2019-8506 CVE-2019-8544 CVE-2019-8597 CVE-2019-8615 CVE-2019-8622 CVE-2019-8649 CVE-2019-8766 CVE-2019-8812 CVE-2019-8823 CVE-2020-10018 CVE-2019-8535 CVE-2019-8583 CVE-2019-8608 CVE-2019-8672 CVE-2019-8684 CVE-2019-8584 CVE-2019-8524 CVE-2019-8551 CVE-2019-8571 CVE-2019-8596 CVE-2019-8623 CVE-2020-3885 CVE-2019-8536 CVE-2019-8558 CVE-2019-8782 CVE-2019-8783 CVE-2019-8820 CVE-2020-3899 CVE-2019-8559 CVE-2019-8671 CVE-2019-8673 CVE-2019-8720 CVE-2019-8676 CVE-2020-3864 CVE-2020-3897 CVE-2019-8595 CVE-2019-8601 CVE-2019-8609 CVE-2019-8611 CVE-2019-8669 CVE-2019-8677 CVE-2019-8610 CVE-2019-8690 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8815 CVE-2019-8816 CVE-2019-6251 CVE-2019-8674 CVE-2019-6237 CVE-2019-8586 CVE-2019-8594 CVE-2019-8619 CVE-2019-8764 CVE-2019-11070 CVE-2020-3865 CVE-2020-3894 CVE-2019-8587 CVE-2019-8644 CVE-2019-8688 CVE-2019-8814 CVE-2019-8689 CVE-2019-8822 CVE-2020-11793 CVE-2019-8808 CVE-2020-3900 CVE-2020-3867 CVE-2019-8687 CVE-2019-8707 CVE-2019-8835 CVE-2019-8680 CVE-2019-8681 CVE-2020-3868 CVE-2019-8844 CVE-2019-8735 CVE-2019-8743 CVE-2020-3862 CVE-2020-3895 CVE-2019-8679 CVE-2019-8763 CVE-2019-8765 CVE-2019-8846 CVE-2019-8726 CVE-2019-8813 CVE-2019-8710 CVE-2019-8733 Oracle Linux 7 [1.7.1-8] - fix CVE-2020-11764 (#1833552) - fix CVE-2020-11763 (#1833566) - fix CVE-2020-11761 (#1834461) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11763 CVE-2020-11764 CVE-2020-11761 Oracle Linux 7 [0.6.22-1] - Upgrade to 0.6.22 - Resolves: #1841316 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0093 CVE-2020-0182 CVE-2020-13113 CVE-2019-9278 CVE-2020-12767 CVE-2020-13114 Oracle Linux 7 [2.4.44-22] - Fix CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters (#1838405) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12243 Oracle Linux 6 [0.12.1.2-2.506.el6_10.8] - kvm-qemu-kvm-QEMU-usb-check-RNDIS-message-length.patch [bz#1869684] - kvm-qemu-kvm-QEMU-usb-fix-setup_len-init-CVE-2020-14364.patch [bz#1869684] - Resolves: bz#1869684 (CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 Oracle Linux 8 qemu-kvm [2.12.0-99.0.1.el8_2.4] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-99.el8_2.4] - kvm-usb-fix-setup_len-init-CVE-2020-14364.patch [bz#1869708] - Resolves: bz#1869708 (CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-8.2.0.z]) [2.12.0-99.el8_2.3] - kvm-Drop-bogus-IPv6-messages.patch [bz#1838092 bz#1867075 bz#1870421] - Resolves: bz#1838092 (CVE-2020-10756 virt:8.2/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-av-8]) - Resolves: bz#1867075 (CVE-2020-10756 virt:8.3/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-av-8]) - Resolves: bz#1870421 (CVE-2020-10756 virt:rhel/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-8.2.0.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 CVE-2020-10756 Oracle Linux 7 [3.10.0-1160.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160] - [kernel] modsign: Add nomokvarconfig kernel parameter (Lenny Szubowicz) [1867857] - [firmware] modsign: Add support for loading certs from the EFI MOK config table (Lenny Szubowicz) [1867857] - [kernel] modsign: Move import of MokListRT certs to separate routine (Lenny Szubowicz) [1867857] - [kernel] modsign: Avoid spurious error message after last MokListRTn (Lenny Szubowicz) [1867857] [3.10.0-1159] - [kernel] modsign: Import certificates from optional MokListRT (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1862840] [3.10.0-1158] - [redhat] switch secureboot kernel image signing to release keys (Jan Stancek) [] [3.10.0-1157] - [fs] signal: Dont send signals to tasks that dont exist (Vladis Dronov) [1856166] [3.10.0-1156] - [fs] gfs2: Fix regression due to unwanted gfs2_qa_put (Robert S Peterson) [1798713] - [include] signal: Unfairly acquire tasklist_lock in send_sigio() if irq disabled (Waiman Long) [1838799] - [fs] signal: Dont take tasklist_lock if PID type is PIDTYPE_PID (Waiman Long) [1838799] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1820632] {CVE-2020-12888} [3.10.0-1155] - [x86] Revert 'x86: respect memory size limiting via mem= parameter' (Joel Savitz) [1851576] - [mm] Revert 'mm/memory_hotplug.c: only respect mem= parameter during boot stage' (Joel Savitz) [1851576] - [fs] nfsd: only WARN once on unmapped errors ('J. Bruce Fields') [1850430] - [powerpc] pci/of: Fix OF flags parsing for 64bit BARs (Greg Kurz) [1840114] - [fs] cifs: fix NULL dereference in match_prepath (Leif Sahlberg) [1759852] [3.10.0-1154] - [fs] gfs2: move privileged user check to gfs2_quota_lock_check (Robert S Peterson) [1798713] - [fs] gfs2: Fix problems regarding gfs2_qa_get and _put (Robert S Peterson) [1798713] - [fs] gfs2: dont call quota_unhold if quotas are not locked (Robert S Peterson) [1798713] - [fs] gfs2: Remove unnecessary gfs2_qa_{get, put} pairs (Robert S Peterson) [1798713] - [fs] gfs2: Split gfs2_rsqa_delete into gfs2_rs_delete and gfs2_qa_put (Robert S Peterson) [1798713] - [fs] gfs2: Change inode qa_data to allow multiple users (Robert S Peterson) [1798713] - [fs] gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc (Robert S Peterson) [1798713] - [fs] gfs2: Switch to list_{first,last}_entry (Robert S Peterson) [1798713] - [fs] gfs2: Clean up inode initialization and teardown (Robert S Peterson) [1798713] - [fs] gfs2: Minor gfs2_alloc_inode cleanup (Robert S Peterson) [1798713] - [fs] gfs2: Fix busy-on-umount in gfs2_atomic_open() (Andrew Price) [1812558] [3.10.0-1153] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tables()s move_huge_pmd() corner case (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843437] {CVE-2020-10757} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844026] {CVE-2020-12653} - [net] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Florian Westphal) [1845428] [3.10.0-1152] - [nvmem] nvmem: properly handle returned value nvmem_reg_read (Vladis Dronov) [1844409] - [mailbox] PCC: fix dereference of ERR_PTR (Vladis Dronov) [1844409] - [kernel] futex: Unlock hb->lock in futex_wait_requeue_pi() error path (Vladis Dronov) [1844409] - [fs] aio: fix inconsistent ring state (Jeff Moyer) [1845326] - [vfio] vfio/mdev: make create attribute static (Vladis Dronov) [1837549] - [vfio] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Synchronize device create/remove with parent removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid creating sysfs remove file on stale device removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Improve the create/remove sequence (Vladis Dronov) [1837549] - [vfio] treewide: Add SPDX license identifier - Makefile/Kconfig (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid inline get and put parent helpers (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Fix aborting mdev child device removal if one fails (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Follow correct remove sequence (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid masking error code to EBUSY (Vladis Dronov) [1837549] - [include] vfio/mdev: Drop redundant extern for exported symbols (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Removed unused kref (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid release parent reference during error path (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Add iommu related member in mdev_device (Vladis Dronov) [1837549] - [vfio] vfio/mdev: add static modifier to add_mdev_supported_type (Vladis Dronov) [1837549] - [vfio] vfio: mdev: make a couple of functions and structure vfio_mdev_driver static (Vladis Dronov) [1837549] - [char] tpm/tpm_tis: Free IRQ if probing fails (David Arcari) [1774698] - [kernel] audit: fix a memleak caused by auditing load module (Richard Guy Briggs) [1843370] - [kernel] audit: fix potential null dereference 'context->module.name' (Richard Guy Briggs) [1843370] - [nvme] nvme: limit number of IO queues on Dell/Samsung config (David Milburn) [1837617] [3.10.0-1151] - [netdrv] qede: Fix multicast mac configuration (Michal Schmidt) [1740064] - [scsi] sd_dif: avoid incorrect ref_tag errors on 4K devices larger than 2TB (Ewan Milne) [1833528] - [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1814257] {CVE-2019-19527} - [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1814257] {CVE-2019-19527} - [x86] x86: make mul_u64_u64_div_u64() 'static inline' (Oleg Nesterov) [1845864] - [mm] mm: page_isolation: fix potential warning from user (Rafael Aquini) [1845620] - [s390] s390/mm: correct return value of pmd_pfn (Claudio Imbrenda) [1841106] - [fs] fs/proc/vmcore.c:mmap_vmcore: skip non-ram pages reported by hypervisors (Lianbo Jiang) [1790799] - [kernel] kernel/sysctl.c: ignore out-of-range taint bits introduced via kernel.tainted (Rafael Aquini) [1845356] - [documentation] kernel: add panic_on_taint (Rafael Aquini) [1845356] - [fs] ext4: Remove unwanted ext4_bread() from ext4_quota_write() (Lukas Czerner) [1845379] - [scsi] scsi: sg: add sg_remove_request in sg_write ('Ewan D. Milne') [1840699] {CVE-2020-12770} - [fs] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Donghai Qiao) [1832062] {CVE-2020-10732} [3.10.0-1150] - [netdrv] net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (Alaa Hleihel) [1845020] - [mm] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (Waiman Long) [1842715] - [mm] memcg: only free spare array when readers are done (Waiman Long) [1842715] - [powerpc] powerpc/crashkernel: Take 'mem=' option into account (Pingfan Liu) [1751555] - [infiniband] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (Kamal Heib) [1597952] - [security] selinux: properly handle multiple messages in selinux_netlink_send() (Ondrej Mosnacek) [1839650] {CVE-2020-10751} - [netdrv] net: ena: Add PCI shutdown handler to allow safe kexec (Bhupesh Sharma) [1841578] - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827188] {CVE-2020-0543} - [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827188] {CVE-2020-0543} header (Waiman Long) [1827188] {CVE-2020-0543} [3.10.0-1149] - [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Joel Savitz) [1838795] - [netdrv] qed: Reduce the severity of ptp debug message (Manish Chopra) [1703770] - [kernel] pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (Jay Shin) [1836620] - [fs] gfs2: remove BUG_ON() from gfs2_log_alloc_bio() (Abhijith Das) [1828454] - [fs] gfs2: Even more gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] quota: fix return value in dqget() (Eric Sandeen) [1842761] - [fs] proc_sysctl.c: fix potential page fault while unregistering sysctl table (Carlos Maiolino) [1843368] - [fs] ext4: fix error handling in ext4_ext_shift_extents (Lukas Czerner) [1843366] - [vhost] vhost: Check docket sk_family instead of call getname (Vladis Dronov) [1823302] {CVE-2020-10942} - [input] hyperv-keyboard - add module description (Mohammed Gamal) [1842689] - [hv] hv: Add a module description line to the hv_vmbus driver (Mohammed Gamal) [1842689] - [hid] hyperv: Add a module description line (Mohammed Gamal) [1842689] - [x86] sched/cputime: Improve cputime_adjust() (Oleg Nesterov) [1511040] - [acpi] ACPI: APEI: call into AER handling regardless of severity (Al Stone) [1737246] - [acpi] ACPI: APEI: handle PCIe AER errors in separate function (Al Stone) [1737246] - [acpi] ras: acpi/apei: cper: add support for generic data v3 structure (Al Stone) [1737246] - [acpi] ACPICA: ACPI 6.1: Updates for the HEST ACPI table (Al Stone) [1737246] - [acpi] ACPI / APEI: Switch to use new generic UUID API (Al Stone) [1737246] - [x86] x86/efi-bgrt: Quirk for BGRT when memory encryption active (Lenny Szubowicz) [1723477] - [scsi] scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: TM command refire leads to controller firmware crash (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Limit device queue depth to controller queue depth (Tomas Henzl) [1840550] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1820632] {CVE-2020-12888} - [fs] signal: Extend exec_id to 64bits (Chris von Recklinghausen) [1834650] {CVE-2020-12826} [3.10.0-1148] - [x86] hyper-v: Report crash data in die() when panic_on_oops is set (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Report crash register data when sysctl_record_panic_msg is not set (Mohammed Gamal) [1828450] - [x86] hyper-v: Report crash register data or kmsg before running crash kernel (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Trigger crash enlightenment only once during system crash (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Free hv_panic_page when fail to register kmsg dump (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Unload vmbus channel in hv panic callback (Mohammed Gamal) [1828450] - [hv] vmbus: Fix the issue with freeing up hv_ctl_table_hdr (Mohammed Gamal) [1828450] - [hv] vmus: Fix the check for return value from kmsg get dump buffer (Mohammed Gamal) [1828450] - [hv] Send one page worth of kmsg dump over Hyper-V during panic (Mohammed Gamal) [1828450] - [x86] kvm: x86: Allow suppressing prints on RDMSR/WRMSR of unhandled MSRs (Vitaly Kuznetsov) [1837412] - [fs] ext4: Fix race when checking i_size on direct i/o read (Lukas Czerner) [1506437] - [fs] copy_file_range should return ENOSYS not EOPNOTSUPP ('J. Bruce Fields') [1783554] - [fs] NFSv4.1 fix incorrect return value in copy_file_range ('J. Bruce Fields') [1783554] - [x86] Remove the unsupported check for Intel IceLake (Steve Best) [1841237] - [md] md/raid1: release pending accounting for an I/O only after write-behind is also finished (Nigel Croxon) [1792520] - [net] gre: fix uninit-value in __iptunnel_pull_header (Guillaume Nault) [1840321] - [net] inet: protect against too small mtu values. (Guillaume Nault) [1840321] - [net] Fix one possible memleak in ip_setup_cork (Guillaume Nault) [1840321] - [net] fix a potential recursive NETDEV_FEAT_CHANGE (Guillaume Nault) [1839130] - [net] fix null de-reference of device refcount (Guillaume Nault) [1839130] - [net] sch_choke: avoid potential panic in choke_reset() (Davide Caratti) [1839118] - [net] net_sched: fix datalen for ematch (Davide Caratti) [1839118] - [net] netem: fix error path for corrupted GSO frames (Davide Caratti) [1839118] - [net] avoid potential infinite loop in tc_ctl_action() (Davide Caratti) [1839118] - [net] net_sched: let qdisc_put() accept NULL pointer (Davide Caratti) [1839118] - [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1832332] - [net] ipv4: avoid mixed n_redirects and rate_tokens usage (Paolo Abeni) [1832332] - [net] ipv4: use a dedicated counter for icmp_v4 redirect packets (Paolo Abeni) [1832332] - [net] ipset: Update byte and packet counters regardless of whether they match (Phil Sutter) [1801366] - [net] xfrm: skip rt6i_idev update in xfrm6_dst_ifdown if loopback_idev is gone (Sabrina Dubroca) [1390049] [3.10.0-1147] - [nvme] nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (Gopal Tiwari) [1839991] - [fs] pipe: actually allow root to exceed the pipe buffer limits (Jan Stancek) [1839629] - [scsi] Revert 'scsi: mpt3sas: Dont change the DMA coherent mask after allocations' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Rename function name is_MSB_are_same' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Separate out RDPQ allocation to new function' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region' (Tomas Henzl) [1839128] - [netdrv] net/mlx5e: Avoid duplicating rule destinations (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend encap entry with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix free peer_flow when refcount is 0 (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend tc flow struct with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Dont make internal use of errno to denote missing neigh (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix freeing flow with kfree() and not kvfree() (Alaa Hleihel) [1727593] - [drm] drm/nouveau/gr/gp107, gp108: implement workaround for HW hanging during init (Karol Herbst) [1834360 1834356 1833485] - [drm] drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges (Karol Herbst) [1834360 1834356 1833485] [3.10.0-1146] - [net] revert 'rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()' (Jiri Benc) [1839608] - [net] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (Davide Caratti) [1838936] - [net] ipv6: Handle missing host route in __ipv6_ifa_notify (Davide Caratti) [1838936] - [net] ipv6: drop incoming packets having a v4mapped source address (Davide Caratti) [1838936] - [net] l2tp: fix infoleak in l2tp_ip6_recvmsg() (Andrea Claudi) [1837546] - [net] vti6: Fix memory leak of skb if input policy check fails (Patrick Talbert) [1836160] - [net] tcp: prevent bogus FRTO undos with non-SACK flows (Guillaume Nault) [1694860] - [scsi] scsi: smartpqi: fix controller lockup observed during force reboot (Don Brace) [1775369] - [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1663720] - [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1663720] - [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1663720] - [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1663720] - [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4, jbd2: ensure panic when aborting with zero errno (Lukas Czerner) [1834783] - [fs] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (Lukas Czerner) [1834783] - [fs] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (Lukas Czerner) [1834783] - [fs] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (Lukas Czerner) [1834783] - [fs] ext4: fix missing return values checks in ext4_cross_rename (Lukas Czerner) [1836819] - [fs] ext4: Fix POSIX ACL leak in ext4_xattr_set_acl (Lukas Czerner) [1543020] - [vfio] vfio-pci: Mask cap zero (Alex Williamson) [1838717] - [x86] Mark Intel Cooper Lake (CPX) supported (Steve Best) [1773681] - [fs] fs/bio-integrity: dont enable integrity for data-less bio (Ming Lei) [1835943] - [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1837127] - [kernel] wait/ptrace: assume __WALL if the child is traced (Oleg Nesterov) [1497808] - [mm] mm, hugetlb, soft_offline: save compound page order before page migration (Artem Savkov) [1751589] - [fs] fs/hugetlbfs/inode.c: fix hwpoison reserve accounting (Artem Savkov) [1751589] - [fs] mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (Artem Savkov) [1751589] - [mm] mm: soft-offline: dissolve free hugepage if soft-offlined (Artem Savkov) [1751589] - [mm] mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (Artem Savkov) [1751589] - [mm] mm: hwpoison: change PageHWPoison behavior on hugetlb pages (Artem Savkov) [1751589] - [mm] mm: hugetlb: prevent reuse of hwpoisoned free hugepages (Artem Savkov) [1751589] - [netdrv] net/mlx5: Tidy up and fix reverse christmas ordring (Alaa Hleihel) [1831134] - [netdrv] net/mlx5: Expose port speed when possible (Alaa Hleihel) [1831134] - [include] net/mlx5: Expose link speed directly (Alaa Hleihel) [1831134] - [usb] USB: core: Fix races in character device registration and deregistraion (Torez Smith) [1785065] {CVE-2019-19537} - [usb] usb: cdc-acm: make sure a refcount is taken early enough (Torez Smith) [1802548] {CVE-2019-19530} - [usb] USB: adutux: fix use-after-free on disconnect (Torez Smith) [1798822] {CVE-2019-19523} - [media] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Torez Smith) [1795597] {CVE-2019-15217} [3.10.0-1145] - [scsi] scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan Milne) [1837543] - [mm] mm: dmapool: add/remove sysfs file outside of the pool lock lock (Waiman Long) [1836837] - [mm] Fix unbalanced mutex in dma_pool_create() (Waiman Long) [1836837] - [mm] mm/dmapool.c: remove redundant NULL check for dev in dma_pool_create() (Waiman Long) [1836837] - [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1836322] - [netdrv] can, slip: Protect tty->disc_data in write_wakeup and close with RCU (John Linville) [1805590] - [netdrv] slcan: Port write_wakeup deadlock fix from slip (John Linville) [1805590] - [fs] ext4: fix support for inode sizes > 1024 bytes (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: add more paranoia checking in ext4_expand_extra_isize handling (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: forbid i_extra_isize not divisible by 4 (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: validate the debug_want_extra_isize mount option at parse time (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1829662] - [fs] jbd2: Fix possible overflow in jbd2_log_space_left() (Lukas Czerner) [1626092] - [media] media: v4l: event: Add subscription to list before calling 'add' operation (Jarod Wilson) [1828802] {CVE-2019-9458} - [media] media: v4l: event: Prevent freeing event subscriptions while accessed (Jarod Wilson) [1828802] {CVE-2019-9458} - [fs] block: Prevent hung_check firing during long sync IO (Ming Lei) [1724345] [3.10.0-1144] - [crypto] crypto: user - fix memory leak in crypto_report (Vladis Dronov) [1825132] {CVE-2019-18808 CVE-2019-19062} - [crypto] crypto: ccp - Release all allocated memory if sha type is invalid (Vladis Dronov) [1825132] {CVE-2019-18808} - [net] xfrm: policy: Fix doulbe free in xfrm_policy_timer (Xin Long) [1836813] - [net] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire (Xin Long) [1836813] - [net] xfrm: fix uctx len check in verify_sec_ctx_len (Xin Long) [1836813] - [net] rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (Jiri Benc) [1835352] - [net] rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (Jiri Benc) [1835352] - [net] netlink: fix uninit-value in netlink_sendmsg (Jiri Benc) [1835352] - [net] netlink: make sure nladdr has correct size in netlink_connect() (Jiri Benc) [1835352] - [net] rtnetlink: fix info leak in RTM_GETSTATS call (Jiri Benc) [1835352] - [net] rtnetlink: release net refcnt on error in do_setlink() (Jiri Benc) [1835352] - [net] bridge: deny dev_set_mac_address() when unregistering (Hangbin Liu) [1834203] - [net] bridge/mdb: remove wrong use of NLM_F_MULTI (Hangbin Liu) [1834203] - [net] udp: disable inner UDP checksum offloads in IPsec case (Sabrina Dubroca) [1826244] - [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1833869] - [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1833869] - [net] sctp: fix possibly using a bad saddr with a given dst (Xin Long) [1833869] - [net] sctp: fix refcount bug in sctp_wfree (Xin Long) [1833869] - [net] sctp: move the format error check out of __sctp_sf_do_9_1_abort (Xin Long) [1833869] - [net] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (Xin Long) [1833869] - [net] sctp: fully initialize v4 addr in some functions (Xin Long) [1833869] - [net] sctp: simplify addr copy (Xin Long) [1833869] - [net] sctp: cache netns in sctp_ep_common (Xin Long) [1833869] - [net] sctp: destroy bucket if failed to bind addr (Xin Long) [1833869] - [net] sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (Xin Long) [1833869] - [net] netfilter: nat: never update the UDP checksum when its 0 (Guillaume Nault) [1834278] - [net] esp4: add length check for UDP encapsulation (Sabrina Dubroca) [1825155] - [net] sit: fix memory leak in sit_init_net() (Andrea Claudi) [1830011] {CVE-2019-16994} - [net] sched: cbs: fix NULL dereference in case cbs_init() fails (Davide Caratti) [1830245] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1819087] - [net] tcp: tcp_v4_err() should be more careful (Marcelo Leitner) [1749964] - [net] tcp: remove BUG_ON from tcp_v4_err (Marcelo Leitner) [1749964] - [net] tcp: clear icsk_backoff in tcp_write_queue_purge() (Marcelo Leitner) [1749964] - [net] psample: fix skb_over_panic (Sabrina Dubroca) [1823251] - [net] sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (Patrick Talbert) [1823691] - [netdrv] fjes: Handle workqueue allocation failure (Masayoshi Mizuma) [1830563] {CVE-2019-16231} [3.10.0-1143] - [mm] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (Rafael Aquini) [1834434] {CVE-2020-11565} - [fs] fs: avoid softlockups in s_inodes iterators (Jay Shin) [1760145] - [scsi] scsi: core: Add DID_ALLOC_FAILURE and DID_MEDIUM_ERROR to hostbyte_table (Maurizio Lombardi) [1832019] - [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1830606] - [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1830606] - [fs] revert '[fs] xfs: catch bad stripe alignment configurations' (Carlos Maiolino) [1836292] - [scsi] scsi: scsi_debug: num_tgts must be >= 0 (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded (Ewan Milne) [1834998] - [scsi] scsi_debug: check for bigger value first (Ewan Milne) [1834998] - [scsi] scsi_debug: vfree is null safe so drop the check (Ewan Milne) [1834998] - [scsi] scsi_debug: error message should say scsi_host_alloc not scsi_register (Ewan Milne) [1834998] - [fs] xfs: Fix tail rounding in xfs_alloc_file_space() (Bill ODonnell) [1833223] - [fs] ceph: dont drop message if it contains more data than expected (Jeff Layton) [1828340] - [fs] ceph: dont error out on larger-than-expected session messages (Jeff Layton) [1828340] - [acpi] ACPI: disable BERT by default, add parameter to enable it (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix possible out-of-bounds access to BERT region (Aristeu Rozanski) [1525298] - [acpi] ACPI / sysfs: Extend ACPI sysfs to provide access to boot error region (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix BERT resources conflict with ACPI NVS area (Aristeu Rozanski) [1525298] - [acpi] ACPI / APEI: Add Boot Error Record Table (BERT) support (Aristeu Rozanski) [1525298] - [acpi] ACPICA: Restore error table definitions to reduce code differences between Linux and ACPICA upstream (Aristeu Rozanski) [1525298] [3.10.0-1142] - [fs] gfs2: Another gfs2_walk_metadata fix (Andreas Grunbacher) [1822230] - [fs] ext4: prevent ext4_quota_write() from failing due to ENOSPC (Lukas Czerner) [1068952] - [fs] ext4: do not zeroout extents beyond i_disksize (Lukas Czerner) [1834320] - [fs] pnfs: Ensure we layoutcommit before revalidating attributes (Benjamin Coddington) [1827647] - [fs] nfs: flush data when locking a file to ensure cache coherence for mmap (Scott Mayhew) [1813811] - [fs] call fsnotify_sb_delete after evict_inodes (Jay Shin) [1760145] - [fs] inode: dont softlockup when evicting inodes (Jay Shin) [1760145] - [fs] drop_caches.c: avoid softlockups in drop_pagecache_sb() (Jay Shin) [1760145] - [fs] gfs2: More gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] gfs2: Another gfs2_find_jhead fix (Abhijith Das) [1828454] - [fs] nfs: fix mount/umount race in nlmclnt (Jay Shin) [1771205] - [fs] nlm_shutdown_hosts_net() cleanup (Jay Shin) [1771205] - [scsi] scsi: megaraid: Use true, false for bool variables (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make two symbols static in megaraid_sas_base.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fp.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: silence a warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix indentation issue (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make poll_aen_lock static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Fix a compilation warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make a bunch of functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make some functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: remove unused variables 'debugBlk', 'fusion' (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Unique names for MSI-X vectors (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix panic on loading firmware crashdump (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Tomas Henzl) [1827037] - [scsi] scsi: mpt3sas: Disable DIF when prot_mask set to zero (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Separate out RDPQ allocation to new function (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Rename function name is_MSB_are_same (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Dont change the DMA coherent mask after allocations (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix double free in attach error handling (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Use Component img header to get Package ver (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix module parameter max_msix_vectors (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Tomas Henzl) [1832868] - [netdrv] hv_netvsc: Fix error handling in netvsc_set_features() (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Sync offloading features to VF NIC (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix IP header checksum for coalesced packets (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix rndis_per_packet_info internal field initialization (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handler for LRO setting change (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add support for LRO/RSC in the vSwitch (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handlers for ethtool get/set msg level (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (Mohammed Gamal) [1821814] - [fs] fix mntput/mntput race (Miklos Szeredi) [1828320] - [wireless] rtlwifi: prevent memory leak in rtl_usb_probe (Jarod Wilson) [1829847] {CVE-2019-19063} - [wireless] iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Jarod Wilson) [1829375] {CVE-2019-19058} - [net] nl80211: fix memory leak in nl80211_get_ftm_responder_stats (Jarod Wilson) [1829289] {CVE-2019-19055} - [wireless] iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (Jarod Wilson) [1829393] {CVE-2019-19059} [3.10.0-1141] - [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1752067] - [edac] EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [1832683] - [s390] s390/qdio: consider ERROR buffers for inbound-full condition (Philipp Rudo) [1831791] - [s390] s390/ftrace: fix potential crashes when switching tracers (Philipp Rudo) [1813124] - [netdrv] ibmvnic: Skip fatal error reset after passive init (Steve Best) [1830992] - [scsi] smartpqi: bump driver version (Don Brace) [1822762] - [scsi] scsi: smartpqi: add bay identifier (Don Brace) [1822762] - [scsi] scsi: smartpqi: add module param to hide vsep (Don Brace) [1822762] - [scsi] scsi: bnx2fc: Update the driver version to 2.12.13 (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: fix boolreturn.cocci warnings (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Fix SCSI command completion after cleanup is posted (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Process the RQE with CQE in interrupt context (Nilesh Javali) [1709542] - [scsi] scsi: qla2xxx: Fix a recently introduced kernel warning (Nilesh Javali) [1828875] - [scsi] Fix abort timeouts in CQ Full conditions (Dick Kennedy) [1802654] - [input] Input: add safety guards to input_set_keycode() (Chris von Recklinghausen) [1828222] {CVE-2019-20636} - [scsi] scsi: libsas: delete sas port if expander discover failed (Tomas Henzl) [1829965] {CVE-2019-15807} - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827240] {CVE-2020-10711} [3.10.0-1140] - [netdrv] mlx5: Remove unsupported tag for ConnectX-6 Dx device (Alaa Hleihel) [1829777] - [fs] xfs: clear PF_MEMALLOC before exiting xfsaild thread (Brian Foster) [1827910] - [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1812558] - [fs] nfs: Correct an nfs page array calculation error (Jay Shin) [1824270] - [infiniband] RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (Jonathan Toppins) [1828475 1824438] - [netdrv] bnxt_en: Fix allocation of zero statistics block size regression (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Allocate the larger per-ring statistics block for 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Expand bnxt_tpa_info struct to support 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor TPA logic (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Add TPA structure definitions for BCM57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.89 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface to 1.10.0.69 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.47 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor ethtool ring statistics logic (Jonathan Toppins) [1824438] - [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1825431] - [scsi] scsi: fnic: do not queue commands during fwreset (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix invalid stack access (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix use after free (Govindarajulu Varadarajan) [1794150] - [netdrv] enic: prevent waking up stopped tx queues over watchdog reset (Govindarajulu Varadarajan) [1794148] - [fs] ceph: use ceph_evict_inode to cleanup inodes resource (Jeff Layton) [1784016] - [fs] ceph: fix use-after-free in __ceph_remove_cap() (Jeff Layton) [1784016] - [fs] ceph: hold i_ceph_lock when removing caps for freeing inode (Jeff Layton) [1784016] - [input] Input: ff-memless - kill timer in destroy() (Chris von Recklinghausen) [1815021] {CVE-2019-19524} - [scsi] scsi: qla2xxx: fix a potential NULL pointer dereference ('Ewan D. Milne') [1829246] {CVE-2019-16233} [3.10.0-1139] - [fs] nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback() ('J. Bruce Fields') [1448750] - [fs] nfsd: minor 4.1 callback cleanup ('J. Bruce Fields') [1448750] - [fs] nfsd: Dont release the callback slot unless it was actually held (Benjamin Coddington) [1448750] - [lib] kobject: dont use WARN for registration failures (Ewan Milne) [1756495] - [lib] lib/kobject: Join string literals back (Ewan Milne) [1756495] - [scsi] scsi: ibmvfc: Dont send implicit logouts prior to NPIV login (Steve Best) [1828726] - [fs] nfs: Serialize O_DIRECT reads and writes (Benjamin Coddington) [1826571] - [mm] mm/page_owner: convert page_owner_inited to static key (Rafael Aquini) [1781726] - [mm] mm/page_owner: set correct gfp_mask on page_owner (Rafael Aquini) [1781726] - [mm] mm/page_owner: fix possible access violation (Rafael Aquini) [1781726] - [mm] mm/page_owner: use late_initcall to hook in enabling (Rafael Aquini) [1781726] - [mm] mm/page_owner: remove unnecessary stack_trace field (Rafael Aquini) [1781726] - [mm] mm/page_owner: correct owner information for early allocated pages (Rafael Aquini) [1781726] - [mm] mm/page_owner: keep track of page owners (Rafael Aquini) [1781726] - [documentation] Documentation: add new page_owner document (Rafael Aquini) [1781726] - [kernel] stacktrace: introduce snprint_stack_trace for buffer output (Rafael Aquini) [1781726] [3.10.0-1138] - [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcoms Gen P5 series (Jonathan Toppins) [1823679] - [scsi] scsi: qla2xxx: Silence fwdump template message (Ewan Milne) [1783191] - [scsi] scsi: hpsa: Update driver version (Joseph Szczypek) [1808403] - [scsi] scsi: hpsa: correct race condition in offload enabled (Joseph Szczypek) [1808403] - [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1712235] - [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1712235] - [netdrv] bonding: fix potential NULL deref in bond_update_slave_arr (Jarod Wilson) [1712235] - [netdrv] bonding: Force slave speed check after link state recovery for 802.3ad (Jarod Wilson) [1712235] - [i2c] i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Vladis Dronov) [1822641] {CVE-2017-18551} - [acpi] ACPI / EC: Ensure lock is acquired before accessing ec struct (Al Stone) [1811132] - [x86] x86/mce: Do not log spurious corrected mce errors (Prarit Bhargava) [1797205] - [wireless] mwifiex: Fix mem leak in mwifiex_tm_cmd (Jarod Wilson) [1804971] {CVE-2019-20095} - [kernel] kernel/module.c: wakeup processes in module_wq on module unload (Prarit Bhargava) [1771939] - [acpi] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Prarit Bhargava) [1790782] [3.10.0-1137] - [tty] tty/hvc: Use IRQF_SHARED for OPAL hvc consoles (Gustavo Duarte) [1600213] - [mm] mm/swap_slots.c: fix race conditions in swap_slots cache init (Rafael Aquini) - [block] loop: set PF_MEMALLOC_NOIO for the worker thread (Ming Lei) [1825950] - [tty] serial: 8250: drop the printk from serial8250_interrupt() (Prarit Bhargava) [1825049] - [net] net: linkwatch: add check for netdevice being present to linkwatch_do_dev (Alaa Hleihel) [1595302] [3.10.0-1136] - [fs] sunrpc: expiry_time should be seconds not timeval (Benjamin Coddington) [1794055] - [nvdimm] Revert 'driver boilerplate changes to properly manage device_rh' (Christoph von Recklinghausen) [1823750] - [base] call device_rh_free in device_release before driver/class/type release is called (Christoph von Recklinghausen) [1822888] - [md] md:md-faulty kernel panic is caused by QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1822462] - [firmware] efi: cper: print AER info of PCIe fatal error (Vladis Dronov) [1820646] - [scsi] qla2xxx: Update driver version to 10.01.00.22.07.9-k (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix message indicating vectors used by driver (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Move free of fcport out of interrupt context (Nilesh Javali) [1808129] - [scsi] qla2xxx: delete all sessions before unregister local nvme port (Nilesh Javali) [1808129] - [scsi] qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix mtcp dump collection failure (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix RIDA Format-2 (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix stuck login session using prli_pend_timer (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Use common routine to free fcport struct (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix update_fcport for current_topology (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix fabric scan hang (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Change discovery state before PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Initialize free_work before flushing it (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a dma_pool_free() call (Nilesh Javali) [1808129] - [security] selinux: ensure we cleanup the internal AVC counters on error in avc_insert() (Artem Savkov) [1808675] - [acpi] ACPICA: Mark acpi_ut_create_internal_object_dbg() memory allocations as non-leaks (Artem Savkov) [1808675] - [x86] x86/microcode/AMD: Free unneeded patch before exit from update_cache() (Artem Savkov) [1808675] - [mm] memcg: ensure mem_cgroup_idr is updated in a coordinated manner (Aaron Tomlin) [1822405] - [mm] mm/page_alloc: increase default min_free_kbytes bound (Joel Savitz) [1704326] - [scsi] scsi: lpfc: Fix unexpected error messages during RSCN handling (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix discovery failures when target device connectivity bounces (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1743667] - [video] vgacon: Fix a UAF in vgacon_invert_region (Vladis Dronov) [1818730] {CVE-2020-8647 CVE-2020-8649} - [x86] uprobes/x86: Fix detection of 32-bit user mode (Oleg Nesterov) [1804959] - [powerpc] module: Handle R_PPC64_ENTRY relocations (Yauheni Kaliuta) [1657540] - [scripts] recordmcount.pl: support data in text section on powerpc (Yauheni Kaliuta) [1657540] - [powerpc] boot: Request no dynamic linker for boot wrapper (Yauheni Kaliuta) [1657540] [3.10.0-1135] - [fs] fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Dave Wysochanski) [1683490] - [fs] fscache: Pass the correct cancelled indications to fscache_op_complete() (Dave Wysochanski) [1683490] - [char] tpm: ibmvtpm: Wait for buffer to be set before proceeding (Jerry Snitselaar) [1815536] - [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1813803] - [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1813803] - [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1813803] - [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1813803] - [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1813803] - [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1813803] - [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Dont hold the inode lock across fsync() (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1813803] - [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1813803] - [fs] filesystem-dax: Fix dax_layout_busy_page() livelock (Carlos Maiolino) [1817866] - [block] blk-mq: fix hang caused by freeze/unfreeze sequence (Ming Lei) [1821718] - [fs] ceph: dont NULL terminate virtual xattrs (Jeff Layton) [1717454] - [fs] ceph: return -ERANGE if virtual xattr value didnt fit in buffer (Jeff Layton) [1717454] - [fs] ceph: make getxattr_cb return ssize_t (Jeff Layton) [1717454] - [fs] ceph: use bit flags to define vxattr attributes (Jeff Layton) [1717454] - [tty] tty: Prevent ldisc drivers from re-using stale tty fields (Vladis Dronov) [1820031] - [powerpc] powerpc64/kexec: Hard disable ftrace before switching to the new kernel (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Delay enabling ftrace on secondary cpus (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add helpers to hard disable ftrace (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (Jerome Marchand) [1731578] - [powerpc] powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (Jerome Marchand) [1731578] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779474] {CVE-2019-17055} - [virtio] virtio-balloon: fix managed page counts when migrating pages between zones (David Hildenbrand) [1780330] [3.10.0-1134] - [net] netfilter: nf_log: fix uninit read in nf_log_proc_dostring (Phil Sutter) [1770232] - [net] netfilter: nf_log: fix error on write NONE to logger choice sysctl (Phil Sutter) [1770232] - [net] ethtool: convert large order kmalloc allocations to vzalloc (Davide Caratti) [1786448] - [net] l2tp: Allow duplicate session creation with UDP (Guillaume Nault) [1808928] - [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1785141] - [net] ipv6: remove printk (Hangbin Liu) [1779533] - [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1766816] - [net] raw: do not report ICMP redirects to user space (Hangbin Liu) [1758386] [3.10.0-1133] - [powerpc] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (Steve Best) [1806629] {CVE-2019-12614} - [s390] s390/pci: Recover handle in clp_set_pci_fn() (Philipp Rudo) [1816662] - [fs] xfs: fix attr leaf header freemap.size underflow (Bill ODonnell) [1808671] - [block] floppy: check FDC index for errors before assigning it (Ming Lei) [1815403] {CVE-2020-9383} - [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1818001] - [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1818001] - [s390] dasd: fix endless loop after read unit address configuration (Philipp Rudo) [1816661] - [fs] CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (Leif Sahlberg) [1504193] - [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1504193] - [char] ipmi: Fix memory leak in __ipmi_bmc_register (Tony Camuso) [1812836] {CVE-2019-19046} - [net] ipvs: Remove noisy debug print from ip_vs_del_service (Alexey Klimov) [1769816] [3.10.0-1132] - [tools] tools/power turbostat: Support Ice Lake server (Steve Best) [1776508] - [nvme] nvme-fc: ensure association_id is cleared regardless of a Disconnect LS (Ewan Milne) [1816752] - [nvme] nvme-fc: clarify error messages (Ewan Milne) [1816752] - [nvme] nvme-fc: fix module unloads while lports still pending (Ewan Milne) [1816752] - [scsi] scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (Ewan Milne) [1816307] - [scsi] scsi: core: Fix a compiler warning triggered by the SCSI logging code (Ewan Milne) [1816307] - [scsi] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (Ewan Milne) [1816307] - [scsi] scsi: core: scsi_trace: Use get_unaligned_be*() (Ewan Milne) [1816307] - [scsi] scsi: core: try to get module before removing device (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (Ewan Milne) [1816307] - [scsi] scsi: device_handler: remove VLAs (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh: Document alua_rtpg_queue() arguments (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_emc: return success in clariion_std_inquiry() (Ewan Milne) [1816307] - [target] scsi: target: iscsi: rename some variables to avoid confusion (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: tie the challenge length to the hash digest size (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256 (Maurizio Lombardi) [1806966] - [target] scsi: target: compare full CHAP_A Algorithm strings (Maurizio Lombardi) [1806966] - [base] device_release() can call device_rh_free() too (Christoph von Recklinghausen) [1793248] - [nvdimm] driver boilerplate changes to properly manage device_rh (Christoph von Recklinghausen) [1793248] - [base] Add an interface for certain drivers who manage their own struct devices to disassociate their device_rhs (Christoph von Recklinghausen) [1793248] - [base] kfree(dev->device_rh) in device_create_release() (Christoph von Recklinghausen) [1793248] - [base] kfree and zero device_rh in device_release() (Christoph von Recklinghausen) [1793248] - [input] Revert 'Fix device_rh memory leak' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix device_rh leak in scsi_alloc_target()' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix memory leaks in scsi_alloc_sdev()' (Christoph von Recklinghausen) [1793248] - [nvdimm] libnvdimm/security: Consolidate 'security' operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Introduce a 'frozen' attribute (Jeff Moyer) [1735364] - [acpi] libnvdimm/security, acpi/nfit: unify zero-key for all security commands (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: provide fix for secure-erase to use zero-key (Jeff Moyer) [1735364] - [block] block: fix checking return value of blk_mq_init_queue (Maxim Levitsky) [1795777] - [bluetooth] Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (Aristeu Rozanski) [1808803] {CVE-2019-15917} [3.10.0-1131] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Dont emulate instructions in guest mode (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: x86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect (Nitesh Narayan Lal) [1772082] - [virt] kvm: x86: remove set but not used variable 'called' (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Zero the IOAPIC scan request dest vCPUs bitmap (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: deliver KVM IOAPIC scan request to target vCPUs (Nitesh Narayan Lal) [1772082] - [kernel] kvm: remember position in kvm->vcpus array (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Nitesh Narayan Lal) [1772082] - [virt] kvm: introduce kvm_make_vcpus_request_mask() API (Nitesh Narayan Lal) [1772082] - [virt] kvm: avoid unused variable warning for UP builds (Nitesh Narayan Lal) [1772082] - [kernel] smp, cpumask: Use non-atomic cpumask_{set, clear}_cpu() (Nitesh Narayan Lal) [1772082] - [fs] nfs: change sign of nfs_fh length ('J. Bruce Fields') [1813326] - [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1813903] - [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1811511] - [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1790840] - [net] ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: add net argument to ip6_dst_lookup_flow (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] macvlan: return correct error value (Matteo Croce) [1654878] - [net] ieee802154: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779494] {CVE-2019-17053} - [net] ipv4: fix fnhe usage by non-cached routes (Hangbin Liu) [1788435] - [net] route: do not cache fib route info on local routes with oif (Hangbin Liu) [1788435] - [net] ip6_tunnel: fix potential NULL pointer dereference (Hangbin Liu) [1767045] - [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1781323] - [netdrv] net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) [1780646] [3.10.0-1130] - [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1798042] - [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1798042] - [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1715986] - [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1806488] - [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1806488] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1810643] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1810643] - [s390] s390/vdso: add vdso support for coarse clocks (Philipp Rudo) [1791822] - [s390] s390/vdso: remove NULL pointer check from clock_gettime (Philipp Rudo) [1791822] - [s390] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (Philipp Rudo) [1804807] [3.10.0-1129] - [tools] perf header: Use last modification time for timestamp (Michael Petlan) [1789947] - [tools] perf header: Fix up argument to ctime() (Michael Petlan) [1789947] - [hid] HID: multitouch: Add pointstick support for ALPS Touchpad (Benjamin Tissoires) [1672425] - [kernel] blktrace: fix dereference after null check (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] tracing: Handle NULL formats in hold_module_trace_bprintk_format() (Oleksandr Natalenko) [1811565] - [kernel] tracing: Fix trace_printk() to print when not using bprintk() (Oleksandr Natalenko) [1811565] - [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1798457] {CVE-2019-19807} - [x86] kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) (Philippe Mathieu-Daud) [1783455] {CVE-2019-19332} - [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1801852] - [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1801852] - [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1801852] [3.10.0-1128] - [fs] ceph: only use d_name directly when parent is locked (Jeff Layton) [1699402] - [fs] ext4: work around deleting a file with i_nlink == 0 safely (Carlos Maiolino) [1801046] - [fs] xfs: attach dquots and reserve quota blocks during unwritten conversion (Carlos Maiolino) [1786005] - [fs] Revert 'xfs: attach dquots and reserve quota blocks during unwritten conversion' (Carlos Maiolino) [1786005] - [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1806400] - [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1806400] - [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1806400] - [target] target: call init_timer_on_stack() to initialize login_timer (Maurizio Lombardi) [1810037] - [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1807077] - [tools] selftests/livepatch: Test interaction with ftrace_enabled (Yannick Cote) [1806653] - [tools] selftests/livepatch: Make dynamic debug setup and restore generic (Yannick Cote) [1806653] - [kernel] ftrace: Introduce PERMANENT ftrace_ops flag (Yannick Cote) [1806653] - [tools] selftests/livepatch: push and pop dynamic debug config (Yannick Cote) [1806653] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19524 CVE-2020-10942 CVE-2019-15217 CVE-2019-19046 CVE-2019-19062 CVE-2019-19534 CVE-2019-19537 CVE-2019-19807 CVE-2019-20095 CVE-2019-9454 CVE-2019-12614 CVE-2019-19059 CVE-2020-1749 CVE-2019-15917 CVE-2020-2732 CVE-2020-10751 CVE-2019-15807 CVE-2019-16994 CVE-2020-8647 CVE-2019-16233 CVE-2019-19058 CVE-2020-9383 CVE-2020-10742 CVE-2018-20836 CVE-2019-19523 CVE-2020-10732 CVE-2017-18551 CVE-2019-9458 CVE-2019-19447 CVE-2019-18808 CVE-2019-19332 CVE-2020-8649 CVE-2020-12770 CVE-2019-17055 CVE-2019-19063 CVE-2019-19767 CVE-2019-20054 CVE-2019-20636 CVE-2019-19055 CVE-2020-10690 CVE-2019-16231 CVE-2019-17053 CVE-2020-11565 CVE-2020-12826 CVE-2019-19530 CVE-2020-14305 Oracle Linux 7 [0.6.12-6] - Rebuild with 7.9-z target Related: #1835951 [0.6.12-5] - Fix CVE-2020-12825 Resolves: #1835951 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12825 Oracle Linux 7 nspr [4.25.0-2] - Rebuild to fix wrong dist tag [4.25.0-1] - Rebase to NSPR 4.25 nss [3.53.1-3] - Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles [3.53.1-2] - Disable TLS 1.3 by default [3.53.1-1] - Rebase to NSS 3.53.1 [3.44.0-8] - Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system. nss-softokn [3.53.1-6.0.1] - Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337] - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug: 26617814], [Orabug: 26617879], [Orabug: 26617849] [3.53.1-6] - turn of ALTIVEC instruction for powerpc because they require power8 and we need to support power7 on RHEL7 still. - Fix typo in measure. - Make sure only 2048 and greater primes are used in FIPS mode for dh. [3.53.1-5] - Fix the patch application in the previous change [3.53.1-4] - Fix glibc regression in the rebase; run RNG self-tests only if NSPR is linked [3.53.1-3] - include patches for CVE-2020-6829, CVE-2020-12400, and CVE-2020-12401 from upstream (ECC constant time issues). - include patches for CVE-2020-12403 from upstream (CHACHA issues). - include self-tests for kdfs and cmac. [3.53.1-2] - Install cmac.h required by blapi.h (#1764513) [3.53.1-1] - Rebase to NSS 3.53.1 nss-util [3.53.1-1] - Rebase to NSS 3.53.1 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17006 CVE-2020-6829 CVE-2020-12402 CVE-2019-17023 CVE-2019-11727 CVE-2020-12401 CVE-2020-12403 CVE-2019-11719 CVE-2019-11756 CVE-2020-12400 Oracle Linux 7 [1.5.3-175.el7_9.1] - Fixing release number for z-stream IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 CVE-2020-1983 Oracle Linux 7 [78.3.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.3.0] - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12422 CVE-2020-15673 CVE-2020-15676 CVE-2020-15654 CVE-2020-15678 CVE-2020-12424 CVE-2020-15656 CVE-2020-12425 CVE-2020-15653 CVE-2020-15677 CVE-2020-15658 CVE-2020-15648 Oracle Linux 7 [7:3.5.20-17.4] - Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning [7:3.5.20-17.2] - Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing - Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache - Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway [7:3.5.20-17] - Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow [rhel [7:3.5.20-16] - Resolves: #1738582 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2019-12528 CVE-2020-24606 CVE-2020-8450 CVE-2020-8449 Oracle Linux 8 [78.3.1-1.0.1] - Update to 68.12.0 build1 [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15677 CVE-2020-15673 CVE-2020-15676 CVE-2020-15678 Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Oracle Linux 7 [78.3.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15673 CVE-2020-15678 CVE-2020-15677 CVE-2020-15676 Oracle Linux 6 [2.6.32-754.35.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.35.1] - [ata] libata: fix NULL sdev dereference race in atapi_qc_complete() (Kenneth Yin) [1876296] [2.6.32-754.34.1] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705003] - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705003] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11487 Oracle Linux 6 [32:9.8.2-0.68.rc1.8] - Fix tsig-request verify (CVE-2020-8622) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8622 Oracle Linux 8 spice [0.14.2-1.1] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 spice-gtk [0.37-1.2] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14355 Oracle Linux 7 spice [0.14.0-9.0.2.el7_9.1] - Add ARM support [0.14.0-9.1] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 spice-gtk [0.35-5.1] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14355 Oracle Linux 8 nodejs [1:12.18.4-2] - Resolves: RHBZ#1883966 - nodejs-devel not installable due to missing brotli - Some spec fixes [12.18.4-1] - Rebase to 12.18.4 nodejs-nodemon nodejs-packaging MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8252 CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 Oracle Linux 7 [3.10.0-1160.2.2.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160.2.2] - [net] bluetooth: l2cap: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888253] {CVE-2020-12351} - [net] bluetooth: a2mp: Fix not initializing all members (Gopal Tiwari) [1888797] {CVE-2020-12352} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12352 CVE-2020-12351 Oracle Linux 8 [4.18.0-193.28.1_2.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-193.28.1_2] - [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888256 1888258] {CVE-2020-12351} - [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888906 1888807] {CVE-2020-12352} [4.18.0-193.27.1_2] - [powerpc] powerpc/pseries: Do not initiate shutdown when system is running on UPS (Diego Domingos) [1882243 1870477] - [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859471 1859472] {CVE-2020-14331} [4.18.0-193.26.1_2] - [firmware] efi: don't reserve MOK config table memory region (Kairui Song) [1879988 1878584] - [security] integrity: Load certs from the EFI MOK config table (Lenny Szubowicz) [1877528 1868306] - [security] integrity: Move import of MokListRT certs to a separate routine (Lenny Szubowicz) [1877528 1868306] - [firmware] efi: Support for MOK variable config table (Lenny Szubowicz) [1877528 1868306] - [security] efi: Only print errors about failing to get certs if EFI vars are found (Lenny Szubowicz) [1877528 1804969] - [fs] ceph: fix inode number handling on arches with 32-bit ino_t (Jeff Layton) [1875787 1866018] - [fs] ceph: handle zero-length feature mask in session messages (Jeff Layton) [1875787 1866018] - [fs] ceph: fix endianness bug when handling MDS session feature bits (Jeff Layton) [1875787 1866018] - [netdrv] net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup (Alaa Hleihel) [1857777 1856660] [4.18.0-193.25.1_2] - [net] netfilter: conntrack: proc: rename stat column (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: add clash resolution stat counter (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: remove ignore stats (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: do not increment two error counters at same time (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: do not auto-delete clash entries on reply (Florian Westphal) [1882095 1875681] - [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1881085 1875316] {CVE-2020-14385} - [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint (Alexey Klimov) [1880081 1877380] - [net] atomics/treewide: Rename __atomic_add_unless() => atomic_fetch_add_unless() (Yauheni Kaliuta) [1880081 1813370] - [kernel] timers: Lower base clock forwarding threshold (Phil Auld) [1877417 1833096] [4.18.0-193.24.1_2] - [kernel] timers: Remove must_forward_clk (Phil Auld) [1877417 1833096] - [kernel] timers: Spare timer softirq until next expiry (Phil Auld) [1877417 1833096] - [kernel] timers: Expand clk forward logic beyond nohz (Phil Auld) [1877417 1833096] - [kernel] timers: Reuse next expiry cache after nohz exit (Phil Auld) [1877417 1833096] - [kernel] timers: Always keep track of next expiry (Phil Auld) [1877417 1833096] - [kernel] timers: Optimize _next_timer_interrupt() level iteration (Phil Auld) [1877417 1833096] - [kernel] timers: Add comments about calc_index() ceiling work (Phil Auld) [1877417 1833096] - [kernel] timers: Move trigger_dyntick_cpu() to enqueue_timer() (Phil Auld) [1877417 1833096] - [kernel] timers: Use only bucket expiry for base->next_expiry value (Phil Auld) [1877417 1833096] - [kernel] timers: Preserve higher bits of expiration on index calculation (Phil Auld) [1877417 1833096] - [kernel] timer: Fix wheel index calculation on last level (Phil Auld) [1877417 1833096] - [kernel] timer: Prevent base->clk from moving backward (Phil Auld) [1877417 1833096] - [kernel] timer: Read jiffies once when forwarding base clk (Phil Auld) [1877417 1833096] - [infiniband] RDMA/umem: Fix ib_umem_find_best_pgsz() (Kamal Heib) [1872424 1856158] - [net] net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus (Nitesh Narayan Lal) [1870181 1868433] - [net] net: Restrict receive packets queuing to housekeeping CPUs (Nitesh Narayan Lal) [1867174 1844520] - [pci] PCI: Restrict probe functions to housekeeping CPUs (Nitesh Narayan Lal) [1867174 1844520] - [lib] lib: Restrict cpumask_local_spread to houskeeping CPUs (Nitesh Narayan Lal) [1867174 1844520] - [s390] s390/pci: Fix unexpected write combine on resource (Philipp Rudo) [1869276 1827311] [4.18.0-193.23.1_2] - [net] packet: fix overflow in tpacket_rcv (Hangbin Liu) [1876223 1876224] {CVE-2020-14386} - [net] packet: make tp_drops atomic (Hangbin Liu) [1876223 1876224] {CVE-2020-14386} [4.18.0-193.22.1_2] - [crypto] pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1877530 1862072] - [crypto] Revert 'pefile: Tolerate other pefile signatures after first' (Bruno Meneguele) - [infiniband] IB/hfi1: Fix another case where pq is left on waitlist (Kamal Heib) [1872766 1859209] - [infiniband] IB/hfi1: Ensure pq is not left on waitlist (Kamal Heib) [1872766 1859209] [4.18.0-193.21.1_2] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1866371 1810653] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1866371 1810653] [4.18.0-193.20.1_2] - [infiniband] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (Kamal Heib) [1872771 1850314] - [block] blk-mq: Rerun dispatching in the case of budget contention (Ming Lei) [1869779 1824037] - [block] blk-mq: Add blk_mq_delay_run_hw_queues() API call (Ming Lei) [1869779 1824037] - [block] blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (Ming Lei) [1869779 1824037] - [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1869779 1824037] - [md] dm mpath: use double checked locking in fast path (Mike Snitzer) [1869386 1848651] - [md] dm mpath: rename current_pgpath to pgpath in multipath_prepare_ioctl (Mike Snitzer) [1869386 1848651] - [md] dm mpath: rework __map_bio() (Mike Snitzer) [1869386 1848651] - [md] dm mpath: factor out multipath_queue_bio (Mike Snitzer) [1869386 1848651] - [md] dm mpath: push locking down to must_push_back_rq() (Mike Snitzer) [1869386 1848651] - [md] dm mpath: take m->lock spinlock when testing QUEUE_IF_NO_PATH (Mike Snitzer) [1869386 1848651] - [md] dm mpath: changes from initial m->flags locking audit (Mike Snitzer) [1869386 1848651] - [md] dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Mike Snitzer) [1869386 1848651] - [md] dm: do not use waitqueue for request-based DM (Mike Snitzer) [1869386 1848651] - [block] blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (Mike Snitzer) [1869386 1848651] - [kernel] sched/deadline: Initialize ->dl_boosted (Phil Auld) [1867612 1854179] - [kernel] sched/core: Fix PI boosting between RT and DEADLINE tasks (Phil Auld) [1867612 1854179] - [net] net/smc: tolerate future SMCD versions (Philipp Rudo) [1866390 1854992] - [net] openvswitch: fixes potential deadlock in dp cleanup code (Eelco Chaudron) [1859216 1845662] - [net] openvswitch: reorder masks array based on usage (Eelco Chaudron) [1859216 1845662] - [net] openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (Lorenzo Bianconi) [1860169 1851888] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14331 CVE-2020-14385 CVE-2020-12351 CVE-2020-14386 CVE-2020-12352 Oracle Linux 8 [1:11.0.9.11-0] - Update to jdk-11.0.9+11 - Update release notes for 11.0.9 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Update to jdk-11.0.9+10 (EA) - With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334 - Remove JDK-8252258/RH1868406 now applied upstream. - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Moved vendor_version_string to a better place - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Update static-libs packaging to new layout - Resolves: rhbz#1876665 [1:11.0.9.1-0.1.ea] - Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah. - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - Update to shenandoah-jdk-11.0.9+1 (EA) - Switch to EA mode for 11.0.9 pre-release builds. - JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard. - Resolves: rhbz#1876665 [1:11.0.8.10-2] - Add JDK-8252258 to return default vendor to the original value of 'Oracle Corporation' - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Resolves: rhbz#1873390 [1:11.0.8.10-1] - Added scriplet to handle dir->symlink change when updating el7->el8 - Symlink hunk moved behind the main copy logic, to be more user-friendly with multiple installs - Resolves: rhbz#1871709 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14803 CVE-2020-14782 CVE-2020-14779 CVE-2020-14797 CVE-2020-14792 CVE-2020-14781 CVE-2020-14796 Oracle Linux 7 [1:11.0.9.11-0.0.1] - link atomic for ix86 build [1:11.0.9.11-0] - Delay tzdata 2020b dependency until tzdata update has shipped. - Resolves: rhbz#1876665 [1:11.0.9.11-0] - Update to jdk-11.0.9+11 - Update release notes for 11.0.9 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:11.0.9.10-0.1.ea] - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:11.0.9.10-0.1.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Moved vendor_version_string to a better place - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Update to jdk-11.0.9+10 (EA) - Resolves: rhbz#1876665 [1:11.0.9.9-0.0.ea] - Update to jdk-11.0.9+9 (EA) - Resolves: rhbz#1876665 [1:11.0.9.8-0.0.ea] - Update to jdk-11.0.9+8 (EA) - Remove JDK-8252258/RH1868406 now applied upstream. - Resolves: rhbz#1876665 [1:11.0.9.7-0.0.ea] - Update to jdk-11.0.9+7 (EA) - Resolves: rhbz#1876665 [1:11.0.9.6-0.1.ea] - Update static-libs packaging to new layout - Resolves: rhbz#1876665 [1:11.0.9.6-0.0.ea] - Update to jdk-11.0.9+6 (EA) - Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334 - Resolves: rhbz#1876665 [1:11.0.9.5-0.0.ea] - Update to jdk-11.0.9+5 (EA) - Resolves: rhbz#1876665 [1:11.0.9.4-0.0.ea] - Update to jdk-11.0.9+4 (EA) - Resolves: rhbz#1876665 [1:11.0.9.3-0.0.ea] - Update to jdk-11.0.9+3 (EA) - Resolves: rhbz#1876665 [1:11.0.9.2-0.1.ea] - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Resolves: rhbz#1876665 [1:11.0.9.2-0.0.ea] - Update to jdk-11.0.9+2 (EA) - With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard. - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah. - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - Update to shenandoah-jdk-11.0.9+1 (EA) - Switch to EA mode for 11.0.9 pre-release builds. - Drop JDK-8227269, JDK-8241750 & JDK-8245714 backports now applied upstream. - Resolves: rhbz#1876665 [1:11.0.8.10-2] - Add JDK-8252258 to return default vendor to the original value of 'Oracle Corporation' - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14797 CVE-2020-14779 CVE-2020-14781 CVE-2020-14803 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 Oracle Linux 7 [78.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.4.0-1] - Update to 78.4.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15969 CVE-2020-15683 Oracle Linux 8 [78.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.4.0-1] - Update to 78.4.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15969 CVE-2020-15683 Oracle Linux 8 [1:1.8.0.272.b10-1] - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Remove JDK-8154313 backport now applied upstream. - Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Remove JDK-8165996/PR3506/RH1760437 as now applied upstream. - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14803 CVE-2020-14782 CVE-2020-14796 CVE-2020-14779 CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 Oracle Linux 6 [1:1.8.0.272.b10-0] - Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14779 CVE-2020-14796 CVE-2020-14782 CVE-2020-14792 CVE-2020-14797 CVE-2020-14803 CVE-2020-14781 Oracle Linux 7 [1:1.8.0.272.b10-1] - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Resolves: rhbz#1876665 [1:1.8.0.272.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b08 (EA). - Resolves: rhbz#1876665 [1:1.8.0.272.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b07. - Resolves: rhbz#1876665 [1:1.8.0.272.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b06. - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Resolves: rhbz#1876665 [1:1.8.0.272.b05-0.2.ea] - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Resolves: rhbz#1876665 [1:1.8.0.272.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Resolves: rhbz#1876665 [1:1.8.0.272.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b05. - Fix context in JDK-8186464/RH1433262 patch, following JDK-8078334 @randomness tag addition. - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Resolves: rhbz#1876665 [1:1.8.0.272.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b04. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Resolves: rhbz#1876665 [1:1.8.0.272.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b03. - Resolves: rhbz#1876665 [1:1.8.0.272.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b02. - Remove JDK-8154313 backport now applied upstream. - Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. - Resolves: rhbz#1876665 [1:1.8.0.272.b01-0.1.ea] - Update to aarch64-shenandoah-jdk8u272-b01. - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Remove ZipConstants change from JDK-8186464 backport, now provided upstream by JDK-8075774 - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14797 CVE-2020-14803 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 Oracle Linux 8 [9.0.3-18] - Patch for pip install <url> allow directory traversal, leading to arbitrary file write Resolves: rhbz#1868016 [9.0.3-17] - Remove unused CA bundle from the bundled requests library Resolves: rhbz#1775200 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20916 Oracle Linux 8 [3.6.8-31.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-31] - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: rhbz#1856481 - Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422) Resolves: rhbz#1854926 [3.6.8-30] - Remove downstream 00178-dont-duplicate-flags-in-sysconfig.patch which introduced a bug on distutils.sysconfig.get_config_var('LIBPL') (rhbz#1851090). [3.6.8-29] - Fix python3-config --configdir (rhbz#1772992). [3.6.8-28] - Security fix for CVE-2020-8492 Resolves: rhbz#1810618 [3.6.8-27] - Add a sentinel value on the Hmac_members table of the fips compliant hmac module Resolves: rhbz#1800512 [3.6.8-26] - Skip test_startup_imports from test_site if we have a .pth file in sys.path Resolves: rhbz#1814392 [3.6.8-25] - Security fix for CVE-2019-16935 Resolves: rhbz#1798001 [3.6.8-24] - Build Python with -fno-semantic-interposition for better performance - https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup - Also fix test_gdb failures with Link Time Optimizations Resolves: rhbz#1724996 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14422 CVE-2019-16935 CVE-2020-8492 CVE-2019-20907 Oracle Linux 8 appstream-data [8-20200724] - Regenerate the RHEL metadata to include the EPEL apps too - Resolves: #1844488 [8-20200630] - Regenerate the RHEL metadata - Resolves: #1844488 fwupd [1.4.2-4.0.1] - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir [Orabug: 29881368] - Use new signing certificate (Alex Burmashev) [1.4.2-4] - Add signing with redhatsecureboot503 cert Related: CVE-2020-10713 [1.4.2-3] - Obsolete the now-dead fwupdate package to prevent file conflicts - Resolves: #1859202 [1.4.2-2] - Security fix for CVE-2020-10759 - Resolves: #1844324 [1.4.2-1] - New upstream release - Backport a patch to fix the synaptics fingerprint reader update. - Resolves: #1775277 [1.4.1-1] - New upstream release - Resolves: #1775277 gnome-software [3.36.1-4] - Fix 'Show Details' to correctly work for rpm-installed firefox - Resolves: #1845714 [3.36.1-3] - Upload correct 3.36.1 tarball - Fix hardcoded desktop and appdata names to match whats in RHEL 8.3 - Add back shell extensions support - Resolves: #1839774 [3.36.1-2] - Add support for basic auth and webflow auth in flatpak plugin - Resolves: #1815502 [3.36.1-1] - Update to 3.36.1 - Resolves: #1797932 libxmlb [0.1.15-1] - Initial release for RHEL LOW Copyright 2020 Oracle, Inc. CVE-2020-10759 Oracle Linux 8 [3.26.0-11] - Fixed bug in CVE-2019-20218 (#1791592) [3.26.0-10] - Fixed CVE-2020-13632 (#1845572) - Fixed CVE-2020-13631 (#1845474) - Fixed CVE-2020-13630 (#1845153) [3.26.0-9] - Fixed CVE-2019-5018 (#1721509) [3.26.0-8] - Fixed CVE-2019-16168 (#1826897) [3.26.0-7] - Fixed CVE-2019-20218 (#1791592) - Fixed CVE-2020-6405 (#1804823) - Fixed CVE-2020-0327 (#1816572) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5018 CVE-2020-6405 CVE-2020-9327 CVE-2020-13631 CVE-2019-16168 CVE-2019-20218 CVE-2020-13630 CVE-2020-13632 Oracle Linux 8 [3.3.2-9] - Fix out-of-bounds read (CVE-2019-19221) (#1803967) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19221 Oracle Linux 8 [2.28-127.0.1] - add Ampere emag to tunable cpu list (Patrick McGehearty) - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile - Both should test - if (stream->_flags & _IO_USER_LOCK) == 0) - _IO_lock_lock (*stream->_lock); - OraBug: 28481550. Reviewed-by: Qing Zhao <qing.zhao@oracle.com> [2.28-127] - Improve performance of library strstr() function (#1821531) [2.28-126] - Do not clobber errno in nss_compat (#1836867) [2.28-125] - Support building rpm under newer versions of Coverity Scan (#1835999) [2.28-124] - Enhance memory protection key support on ppc64le (#1642150) [2.28-123] - Reduce IFUNC resolver usage in libpthread and librt (#1748197) [2.28-122] - Math library optimizations for IBM Z (#1780204) - Additional patch for s_nearbyint.c [2.28-121] - elf: Assign TLS modid later during dlopen (#1774115) [2.28-120] - x86-64: Automatically install nss_db.i686 for 32-bit environments (#1807824) [2.28-119] - ppc64le: Enable protection key support (#1642150) [2.28-118] - ppc64le: floating-point status and exception optimizations (#1783303) [2.28-117] - Update to Linux 5.6 syscall-names.list. (#1810224) [2.28-116] - CVE-2020-1751: Fix an array overflow in backtrace on PowerPC. (#1813399) [2.28-115] - CVE:2020-1752: Fix a use after free in glob when expanding ~user. (#1813398) [2.28-114] - CVE-2020-10029: Prevent stack corruption from crafted input in cosl, sinl, sincosl, and tanl function. (#1811796) [2.28-113] - Improve elf/ and nptl/ testsuites (#1810223) [2.28-112] - Fix resource leak in getaddrinfo (#1810146) [2.28-111] - Protect locale archive against corruption (#1784525) [2.28-110] - Properly handle signed vs. unsigned values in mallopt (#1784520) [2.28-109] - Update and harmonize locale names with CLDR (#1757354) [2.28-108] - Fix filter and auxiliary filter implementation (#1812756) [2.28-107] - Handle .dynstr located in separate segment (#1774114) [2.28-106] - Disable vtable validation for pre-2.1 interposed handles (#1775819) [2.28-105] - Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang. (#1784519) [2.28-104] - Math library optimizations for IBM Z (#1780204) [2.28-103] - Filter 'ignore' autofs mount entries in getmntent (#1743445) [2.28-102] - Fix /etc/resolv.conf reloading defects (#1810142) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1752 CVE-2020-1751 CVE-2020-10029 Oracle Linux 8 [0.9.0-2] - Resolves: #1809992, CVE-2019-18609 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18609 Oracle Linux 8 dleyna-renderer [0.6.0-3] - Add a manual Resolves: #1612579 frei0r-plugins [1.6.1-7] - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz#1703994 gdm [3.28.3-34] - Fix file descriptor leak Resolves: #1877853 [3.28.3-33] - Fix problem with Xorg fallback Resolves: #1868260 [3.28.3-32] - Add dconf db to file manifest Related: #1833158 [3.28.3-31] - add back gdm system db to dconf profile Resolves: #1833158 [3.28.3-30] - Make sure login screen is killed during login Resolves: #1618481 gnome-control-center [3.28.2-22] - Categorize Infiniband devices correctly Resolves: #1826379 [3.28.2-21] - Honor sound theme changes when changing from the default theme - Resolves: #1706008 [3.28.2-20] - Fix 90min automatic sleep option to not last 80min - Resolves: #1706076 gnome-photos [3.28.1-3] - Disable Python 2 during the build - itstool doesnt need it anymore Resolves: #1597806 [3.28.1-2] - rebuild gnome-remote-desktop [0.1.8-3] - Backport cursor only frame fixes Related: #1837406 [0.1.8-2] - Dont crash on metadata only buffers Resolves: #1847062 [0.1.8-1] - Rebase to 0.1.8 Resolves: #1837406 gnome-session [3.28.1-10.0.1] - Update kiosk-session subpackage with Oracle references [Orabug: 32095108] [3.28.1-10] - Show cursor explicitly from session selector Resolves: #1624430 [3.28.1-9] - Add kiosk-session subpackage to help users set up RHEL for kiosk/point-of-sale use. Resolves: #1739556 gnome-settings-daemon [3.32.0-11] - Remove subman plugin for now Resolves: #1872457 [3.32.0-10] - Disable subman plugin on CentOS Resolves: #1827030 gnome-shell [3.32.2-20] - Fix popupMenu keynav when NumLock is active Resolves: #1840080 [3.32.2-19] - Fix last backport Resolves: #1847051 [3.32.2-18] - Fix more spurious allocation warnings Resolves: #1715845 [3.32.2-17] - Really allow using perf-tool on wayland Resolves: #1652178 - Fix timed login without user list Resolves: #1668895 - Fix HighContrast/symbolic icon mixup Resolves: #1794045 - Backport introspect API changes Resolves: #1837413 [3.32.2-16] - Drop bad upstream patch Resolves: #1820760 [3.32.2-15] - Improve performance under load Resolves: #1820760 gnome-shell-extensions [3.32.1-11] - Adjust dash-to-dock for classic backports Resolves: #1805929 - Fix inconsistent state in window-list prefs dialog Resolves: #1824362 gnome-terminal [3.28.3-2] - Add a manual - Resolves: #1612688 gsettings-desktop-schemas [3.32.0-5] - Recommend DejaVu Sans Mono font as the default monospace font Resolves: #1656262 gtk3 [3.22.30-6] - Fix reuse of list box header widgets (#rhbz1843486) gtk-doc [1.28-2] - Backport a patch to fix x86_64/i686 differences in generated documentation - Resolves: #1634770 gvfs [1.36.2-10] - Fix libusb(x) requirements (rhbz#1866332) [1.36.2-9] - Improve enumeration performance of smb backend (rhbz#1569868) LibRaw [0.19.5-2] - Backport fix for CVE-2020-15503 from Fedora Resolves: #1853529 libsoup [2.62.3-2] - Some WebSocket fixes to unbreak cockpit-desktop (rhbz#1872270) mutter [3.32.2-48] - Fix GLX stereo buffer rebase error Resolves: #1880339 [3.32.2-47] - Fix screen sharing on wayland Resolves: #1873963 [3.32.2-46] - Handle cursor only screen cast frames better Related: #1837381 [3.32.2-45] - Handle GPU unplug gracefully Resolves: #1846191 [3.32.2-44] - Dont show widow actor until explictly shown Resolves: #1719937 [3.32.2-43] - Only treat WM_PROTOCOLS messages as WM_PROTOCOL messages Resolves: #1847203 [3.32.2-42] - Dont pass DMA buffers if they cant be mmap():ed Related: #1847062 [3.32.2-41] - Backport is_rendering_hardware_acclerated() API Related: #1837381 [3.32.2-40] - Fix DMA buffer memory leak Related: #1837381 [3.32.2-39] - Fix incorrect pipewire dependency version Related: #1837381 [3.32.2-38] - Backport screen cast and remote desktop improvements Resolves: #1837381 [3.32.2-37] - Fix corrupted background after suspend Resolves: #1828162 nautilus [3.28.1-14] - Fix broken tracker query under certain locales (rhbz#1847061) [3.28.1-13] - Clear selection if any files dont match the pattern (rhbz#1207179) - Fix endless content size calculations (rhbz#1566027) - Honor umask when creating new files (rhbz#1778579) - Close 'There is no application...' dialog after response (rhbz#1816070) PackageKit [1.1.12-6.0.1] - removed rhel-Vendor.conf.patch [1.1.12-6] - Fix documentation links in Vendor.conf - Resolves: #1837648 [1.1.12-5] - Do not shutdown the daemon on idle - Resolves: #1814820 pipewire0.2 [0.2.7-6] - Fix Conflicts: line - Remove Recommends: line, its wrong - Resolves: rhbz#1832347 [0.2.7-5] - Fix Conflicts: line - Resolves: rhbz#1832347 [0.2.7-4] - Add gating file - Resolves: rhbz#1832347 [0.2.7-3] - Change source URL - Resolves: rhbz#1832347 [0.2.7-2] - Add compat -devel package [0.2.7-1] - First version - Fix bluez5 plugins build pipewire [0.3.6-1] - Update to 0.3.6 - Resolves: rhbz#1832347 [0.3.5-3] - Rebuild - Resolves: rhbz#1832347 [0.3.5-2] - Disable vulkan - Resolves: rhbz#1832347 [0.3.5-1] - Update to 0.3.5 - Disable pulse and jack - Add patch to work with meson 0.49 - Add patch to fix neon compilation - Resolves: rhbz#1832347 potrace [1.15-3] - Fixing build for flatpak (rhbz#1840788) pygobject3 [3.28.3-2] - Add lock to avoid two type object wrappers getting generated at the same time in multi-threaded programs. Resolves: #1844578 tracker [2.1.5-2] - Rebuild to include tracker-devel in CRB - Resolves: #1758891 vte291 [0.52.4-2] - Avoid overriding -fno-exceptions Resolves: #1804719 [0.52.4-1] - Update to 0.52.4 Resolves: #1804719 webkit2gtk3 [2.28.4-1] - Update to 2.28.4 - Related: #1817143 [2.28.2-2] - Related: rhbz#1817143 Properly remove webkit2gtk3-plugin-process-gtk2 package [2.28.2-1] - Resolves: rhbz#1817143 Update to 2.28.2 webrtc-audio-processing [0.3-9] - Rebuild to address Annobin coverage issues Resolves: #1704148 xdg-desktop-portal [1.6.0-2] - Require pipewire0.2-libs for legacy application support. Resolves: #1854734 [1.6.0-1] - Rebase to 1.6.0 (#1775345) - Backport PipeWire 0.3 support (#1775345) - Backport fixes (#1775345) xdg-desktop-portal-gtk [1.6.0-1] - Rebase to 1.6.0 (#1837413) - Bump supported Mutter screen cast API version (#1837413) - Backport bugfix (#1837413) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-8720 CVE-2019-8766 CVE-2019-8625 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8808 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8811 CVE-2019-8812 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2020-3864 CVE-2020-3865 CVE-2020-3885 CVE-2020-3894 CVE-2020-3897 CVE-2020-3899 CVE-2020-3901 CVE-2020-3902 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-3862 CVE-2020-3867 CVE-2020-3868 CVE-2020-3895 CVE-2020-3900 CVE-2020-11793 CVE-2020-10018 CVE-2020-9806 CVE-2020-9807 CVE-2020-9850 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-14391 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9843 CVE-2020-9862 CVE-2020-9893 CVE-2020-9925 CVE-2020-15503 Oracle Linux 8 [2:8.0.1763-15.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.0.1763-15] - 1842755 - CVE-2019-20807 [2:8.0.1763-14] - 1745476 - manpage of vim is garbled in Japanese locale MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20807 Oracle Linux 8 [1.1.32-5.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-5] - Fix CVE-2019-18197 (#1775517) - Fix CVE-2019-11068 (#1715732) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11068 CVE-2019-18197 Oracle Linux 8 [2.30-79.0.1] - Forward-port Oracle patches from 2.30-75.0.1 - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.30-79] - Fix x86 assemblers handling of non-8-bit displacements. (#1869401) [2.30-77] - Add tests missing from PT_GNU_SEGMENT patch. (#1870039) [2.30-75.0.1] - Forward-port Oracle patches to OL8.3 beta. [2.30-76] - Have the s.390 assembler include alignment hints with vector instructions. (#1850490) [2.30-75] - Prevent the s/390 linker from rewriting the GOT access for certain symbol types. (#1846972) LOW Copyright 2020 Oracle, Inc. CVE-2019-17450 Oracle Linux 8 [1:2.2.6-38] - 1775590 - rastertoepson filter crashes with paper size A6 [1:2.2.6-37] - forgot to enable optimization - 1833516 [1:2.2.6-36] - 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied) - 1689207 - Add failover backend - 1833516 - DirtyCleanInterval ignored if there are open client connections [1:2.2.6-35] - 1825254 - CVE-2020-3898 cups: heap based buffer overflow in libcupss ppdFindOption() in ppd-mark.c [1:2.2.6-34] - 1809002 - scriptlet issue, /usr/bin/rm: cannot remove '/var/cache/cups/*.data' [1:2.2.6-34] - 1784884 - cups.service doesnt execute automatically on request [1:2.2.6-34] - 1822135 - _ppdOpen() leaks 'string' variable LOW Copyright 2020 Oracle, Inc. CVE-2020-3898 Oracle Linux 8 [2.9.7-8.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-8] - Fix CVE-2019-19956 (#1793001) - Fix CVE-2020-7595 (#1799786) - Fix CVE-2019-20388 (#1810058) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-7595 CVE-2019-20388 CVE-2019-19956 Oracle Linux 8 [5.50-4] + bluez-5.50-4 - Fixing CVE-2020-0556 [5.50-3] + bluez-5.50-3 - Bump the version [5.50-2] + bluez-5.50-2 - Fixing CVE-2018-10910 (#1606373) [5.50-1] + bluez-5.50-1 - Update to 5.50 (#1504689) [5.49-6] + bluez-5.49-6 - Disabling Mesh Networking for crypto issue while code reviewing. [5.49-5] + bluez-5.49-5 - Fix accessing NULL adv_manager (#1602779) [5.49-3] + bluez-5.49-3 - Fix crash on non-LE adapters (#1567622) [5.49-2] - Rebuilt for libjson-c.so.4 (json-c v0.13.1) on fc28 [5.49-1] - Update to 5.49 [5.48-5] - Rebuilt for libjson-c.so.4 (json-c v0.13.1) [5.48-4] - Fix PulseAudio interaction on resume (#1534857) [5.48-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.48-2] - Switch to %ldconfig_scriptlets [5.48-1] - Update to 5.48 [5.47-7] - Rebuilt for libjson-c.so.3 [5.47-6] - Rebuild for libical 3.x [5.47-5] - Enable unit tests (Marek Kasik) - Resolves: #1502677 [5.47-4] + bluez-5.47-4 - Fix invalid paths in service file (#1499518) [5.47-3] + bluez-5.47-3 - Fix adapter name not picking up PrettyHostname [5.47-2] + bluez-5.47-2 - Lockdown Bluetooth systemd service [5.47-1] - New upstream 5.47 bugfix release - Initial support for Bluetooth LE mesh - Blueooth 5 fixes and improvements [5.46-6] - sdpd heap fixes Resolves: rhbz#1490911 [5.46-5] - Add scripts to automatically btattach serial-port / uart connected Broadcom HCIs found on some Atom based x86 hardware [5.46-4] + bluez-5.46-4 - Patches cleanup - Add DualShock4 cable pairing support - BIND_NOW support for RELRO - iCade autopairing support [5.46-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.46-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [4.46-1] - Update to 5.46 [5.45-1] - Update to 5.45 - Minor spec cleanups - Include api docs in devel package [5.44-1] - Update to 5.44 - Enable deprecated option to keep all usual tools - Ship btattach tool - Minor spec cleanups [5.43-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.43-3] - Configure systemctl settings for bluez-obexd correctly - Resolves rhbz#1259827 [5.43-2] - Rebuild for readline 7.x [5.43-1] - Update to 5.43 [5.42-2] - Fix OBEX connections [5.42-1] - Update to 5.42 [5.41-1] - Update to 5.41 [5.40-2] - obexd fixes to prevent crashes - add /etc/bluetooth/main.conf config file - set 'AutoEnable=true' in /etc/bluetooth/main.conf file [5.40-1] - Update to 5.40 bugfix relesae [5.39-2] - rebuild for ICU 57.1 [5.39-1] - Update to 5.39 bugfix relesae [5.38-1] - Update to 5.38 [5.37-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [5.37-2] - rebuild for libical 2.0.0 [5.37-1] - Update to 5.37 [5.36-1] - Update to 5.36 [5.35-2] - Split obexd out into a sub package [5.35-1] - Update to 5.35 [5.34-1] - Update to 5.34 [5.33-1] - Update to 5.33 [5.32-1] - Update to 5.32 [5.31-1] - Update to 5.31 [5.30-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [5.30-2] - Fix NAP connections (rh #1230461) [5.30-1] - Update to 5.30 - Use %license [5.29-2] - fix header file [5.29-1] - Update to 5.29 [5.28-1] - Update to 5.28 [5.25-1] - Update to 5.25 [5.23-2] - Install gatttool and mpris-proxy [5.23-1] - Update to 5.23 [5.18-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [5.18-1] - Update to 5.18 [5.17-1] - Update to 5.17 [5.16-1] - Update to 5.16 [5.14-1] - Update to 5.14 [5.13-1] - Update to 5.13 - Enable sixaxis plugin by default [5.12-2] - This update fixes Sixaxis PS3 joypad detection [5.12-1] - Update to 5.12 - Sixaxis PS3 joypad support is now upstream [5.11-2] - Add crasher fixes (rhbz #1027365) [5.11-1] - Update to 5.11 [5.10-4] - Default to the XDG cache dir for receiving files [5.10-3] - Remove a few obsolete BRs and deps, thanks to Marcel Holtmann [5.10-2] - Add non-upstreamable patch to make bluetooth-sendto work again [5.10-1] - Update to 5.10 [5.9-4] - Obsolete blueman-nautilus as well [5.9-3] - Obsolete blueman and obex-data-server [5.9-2] - Fix problem unsetting discoverable [5.9-1] - Update to 5.9 [5.8-2] - Don't pull in -libs for the other subpackages - Remove a stray .la file [5.8-1] - Update to 5.8 - Hardened build - Use systemd rpm macros [5.5-1] - Update to 5.5, based on earlier work from https://bugzilla.redhat.com/show_bug.cgi?id=974145 [4.101-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [4.101-9] - Fix trust setting in Sixaxis devices [4.101-8] - Another pass at fixing A2DP support (#964031) [4.101-7] - Remove socket interface enablement for A2DP (#964031) [4.101-6] - Add -vif to autoreconf to fix build issues [4.101-5] - Use git to manage distro patches - Add numerous upstream and downstream patches (#892929) [4.101-4] - Clean up requires and build requires - Use CUPS macro (#772236) - Enable audio socket so a2dp works in PulseAudio again (#874015) - Fix hid2hci not working with recent kernels (#877998) [4.101-3] - Enable pairing Wiimote support (#847481) [4.101-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [4.100-2] - Add PS3 BD Remote patches (power saving) [4.100-1] - Update to 4.100 [4.99-2] - Add patch for udev change to fix FTBFS on rawhide - Drop sbc patch as fixed in gcc 4.7 final [4.99-1] - Update to 4.99 [4.98-3] - Make headers compilable with g++ 4.7 (bug #791292) [4.98-2] - Add mmx patch to fix build of sbc component - clean up spec, drop ancient obsoletes [4.98-1] - Update to 4.98 [4.97-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [4.97-1] - Update to 4.97 [4.96-3] - Put hid2hci into its own (optional) subpackage, so that people who just want to use their HID proxying HCI with the keyboard and mouse it came with, will have things working out of the box. - Put udev rules in /lib/udev, where package installed udev rules belong [4.96-2] - hid2hci was recently removed from udev and added to bluez in 4.93, udev in Fedora-16 no longer has hid2hci -> enable it in our bluez builds. This fixes bluetooth not working on machines where the bluetooth hci initially shows up as a hid device, such as with many Dell laptops. [4.96-1] - Update to 4.96 [4.95-1] - Update to 4.95 [4.94-4] - Enable bluetoothd on all upgrades from 4.87-6 and older, in order to fix up broken F15 installations [4.94-3] - Update patches to apply correctly - First compilable version with hostnamed support [4.94-2] - Enable bluetoothd by default - Follow-up on https://bugzilla.redhat.com/show_bug.cgi?id=694519 also fixing upgrades [4.94-1] - Update to 4.94 [4.93-1] - Update to 4.93 [4.90-2] - Update systemd patch to make it possible to disable bluez [4.90-1] - Update to 4.90 [4.89-1] - Update to 4.89 [4.88-1] - Update to 4.88 [4.87-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [4.87-1] - Update to 4.87 [4.86-1] - Update to 4.86 [4.85-1] - Update to 4.85 [4.82-1] - Update to 4.82 [4.81-1] - Update to 4.81 [4.80-1] - Update to 4.80 [4.79-1] - Update to 4.79 [4.78-1] - Update to 4.78 [4.77-1] - Update to 4.77 [4.76-1] - Update to 4.76 [4.74-1] - Update to 4.74 [4.73-1] - Update to 4.73 * Wed Sep 29 2010 jkeating - 4.72-2 - Rebuilt for gcc bug 634757 [4.72-1] - Update to 4.72 [4.71-4] - sync release number (but not package) with F-14 [4.71-3] - systemd hookup and cleanups from Lennart [4.71-1] - Update to 4.71 [4.70-1] - Update to 4.70 [4.69-4] - Re-add Requires: dbus-bluez-pin-helper, since blueman is now in [4.69-3] - Comment out Requires: dbus-bluez-pin-helper for bootstrapping. Otherwise it drags in the old blueman, built against python-2.6 [4.69-2] - Don't allow installing bluez-compat on its own [4.69-1] - Update to 4.69 [4.66-3] - don't require the pin helper on s390(x) now, we can disable the whole bluetooth stack in the future [4.66-2] - Move hidd, pand and dund man pages to the -compat sub-package (#593578) [4.66-1] - Update to 4.66 [4.65-1] - Update to 4.65 [4.64-1] - Update to 4.64 [4.63-3] - And actually apply the aforementioned patch [4.63-2] - Fix pairing and using mice, due to recent BtIO changes [4.63-1] - Update to 4.63 [4.62-1] - Update to 4.62 [4.61-1] - Update to 4.61 - Remove Wacom tablet enabler, now in the kernel - Fix linking with new DSO rules (#564799) [4.60-2] - Fix typo in init script (#558993) [4.60-1] - Update to 4.60 [4.59-1] - Update to 4.59 [4.58-1] - Update to 4.58 [4.57-2] - Move the rfcomm.conf to the compat package, otherwise the comments at the top of it are confusing [4.57-1] - Update to 4.57 [4.56-1] - Update to 4.56 [4.55-2] - Update cable pairing plugin to use libudev [4.55-1] - Update to 4.55 - Add libcap-ng support to drop capabilities (#517660) [4.54-1] - Update to 4.54 [4.53-2] - Update cable plugin for gudev changes [4.53-1] - Update to 4.53 [4.52-1] - Update to 4.52 [4.51-1] - Update to 4.51 [4.50-2] - Remove obsoleted patches - Add another CUPS backend patch - Update cable pairing patch for new build system [4.50-1] - Update to 4.50 [4.47-6] - don't buildrequire libusb1 on s390* [4.47-5] - More upstream CUPS fixes [4.47-4] - Fix cups discovery the first time we discover a device [4.47-3] - Use bzipped upstream tarball. [4.47-2] - Remove hid2hci calls, they're in udev now - Work-around udev bug, bluetoothd wasn't getting enabled on coldplug [4.47-1] - Update to 4.47 [4.46-3] - Add rfkill plugin to restore the state of the adapters after coming back from a blocked adapter [4.46-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [4.46-1] - Update to 4.46 [4.45-1] - Update to 4.45 [4.44-1] - Update to 4.44 [4.43-2] - Up the required udev requires so bluetoothd gets started on boot when an adapter is present [4.43-1] - Update to 4.43 [4.42-2] - Update to 4.42 [4.41-2] - Switch to on-demand start/stop using udev [4.41-1] - Update to 4.41 [4.40-2] - Add patch to allow Sixaxis pairing [4.40-1] - Update to 4.40 [4.39-1] - Update to 4.39 [4.38-3] - Start/stop the bluetooth service via udev (#484345) [4.38-2] - Add patch to activate the Socket Mobile CF kit (#498756) [4.38-1] - Update to 4.38 [4.37-2] - Split off dund, pand, hidd, and rfcomm helper into a compat package (#477890, #473892) [4.37-1] - Update to 4.37 [4.36-1] - Update to 4.36 [4.35-1] - Update to 4.35 [4.34-3] - Avoid disconnecting audio devices straight after they're connected [4.34-2] - Don't crash when audio devices are registered and the adapter is removed [4.34-1] - Update to 4.34 [4.33-11] - Fix a possible crasher [4.33-1] - Update to 4.33 [4.32-10] - Fix a couple of warnings in the CUPS/BlueZ 4.x patch [4.32-9] - Switch Wacom Bluetooth tablet to mode 2 [4.32-8] - Port CUPS backend to BlueZ 4.x [4.32-7] - A (slightly) different fix for parsing to XML when it contains a NULL [4.32-6] - Fix sdp_copy_record(), so records are properly exported through D-Bus [4.32-5] - Fix SDP parsing to XML when it contains NULLs [4.32-4] - Work-around broken devices that export their names in ISO-8859-1 (#450081) [4.32-3] - Fix permissions on the udev rules (#479348) [4.32-2] - Own /usr/lib*/bluetooth and children (#474632) [4.32-1] - Update to 4.32 [4.31-1] - Update to 4.31 [4.30-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [4.30-2] - Fix the cups backend being a libtool stub [4.30-1] - Update to 4.30 [4.29-3] - disable 0001-Add-icon-for-other-audio-device.patch, already upstream [4.29-2] - bluez builds fine on s390(x) and the packages are required to build other packages, drop ExcludeArch [4.29-1] - Update to 4.29 [4.28-1] - Update to 4.28 [4.27-1] - Update to 4.27 [4.26-1] - Update to 4.26 [4.25-1] - Update to 4.25 [4.22-2] - Fix D-Bus configuration for latest D-Bus (#475069) [4.22-1] - Update to 4.22 [4.21-1] - Update to 4.21 [4.19-1] - Update to 4.19 [4.18-1] - Update to 4.18 [4.17-2] - Own /var/lib/bluetooth (#468717) [4.17-1] - Update to 4.17 [4.16-1] - Update to 4.16 [4.15-1] - Update to 4.15 [4.14-2] - Add script to autoload uinput on startup, so the PS3 remote works out-of-the-box [4.14-1] - Update to 4.14 [4.13-3] - Update udev rules (#246840) [4.13-2] - Fix PS3 BD remote input event generation [4.13-1] - Update to 4.13 [4.12-1] - Update to 4.12 [4.11-1] - Update to 4.11 [4.10-1] - Update to 4.10 [4.9-1] - Update to 4.9 [4.8-1] - Update to 4.8 [4.7-1] - Update to 4.7 [4.6-4] - Fix patch application [4.6-3] - Add fuzz [4.6-2] - Fix possible crasher on resume from suspend [4.6-1] - Update to 4.6 [4.5-4] - SDP browse fixes [4.5-3] - Bluez-alsa needs to provide/obsolete bluez-utils-alsa - Use versioned Obsoletes: [4.5-2] - Change main utils package name to 'bluez'; likewise its subpackages - Remove references to obsolete initscripts (hidd,pand,dund) [4.5-1] - Update to 4.5 - Fix initscript to actually start bluetoothd by hand - Add chkconfig information to the initscript [4.4-2] - Fix rpmlint problems - Fix input device handling [4.4-1] - Update to 4.4 - Update source address, and remove unneeded deps (thanks Marcel) [4.1-1] - Initial build MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0556 Oracle Linux 8 [1.8.5-4] - add PBKDF2 selftest for FIPS POST [1.8.5-3] - new upstream version 1.8.5 - AES performance improvements backported from master branch - FIPS module is implicit with kernel FIPS flag - always run the FIPS selftests if FIPS module is installed MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13627 Oracle Linux 8 [0.20.0-2] - Unbreak different CardOS 5 configurations supporting raw RSA (#1830856) [0.20.0-1] - Rebase to current upstream release (#1810660) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15946 CVE-2019-19481 CVE-2019-15945 CVE-2019-19479 CVE-2019-20792 Oracle Linux 8 [2.2.5-4] - add security fixes for CVE-2018-20843, CVE-2019-15903 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20843 CVE-2019-15903 Oracle Linux 8 [2.2.20-2] - fixes for issues found in Coverity scan [2.2.20-1] - upgrade to 2.2.20 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13050 Oracle Linux 8 [2.1.27-5] - Reduce excessive GSSAPI plugin logging - Resolves: rhbz#1274734 [2.1.27-4] - Add support for setting maxssf=0 in GSS-SPNEGO - Resolves: rhbz#1822133 [2.1.27-3] - Backport GSSAPI Channel Bindings support - Resolves: rhbz#1817054 [2.1.27-2] - Backport fix for CVE-2019-19906 - Resolves: rhbz#1804036 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19906 Oracle Linux 8 [32:9.11.20-5] - Fix tsig-request verify (CVE-2020-8622) - Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623) - Correct update-policy type subdomain to match documentation (CVE-2020-8624) - Include available test [32:9.11.20-4] - Prevent crash on dstlib initialization failure (#1859454) [32:9.11.20-3] - Add remaining require to bind package (#1633169) [32:9.11.20-2] - Add manual page for dnssec-importkey-pkcs11 (#1666785) - Add versioned depends to all library subpackages [32:9.11.20-1] - Update to 9.11.20 [32:9.11.19-2] - Remove old KSK 19036 from remaining trusted-key.key [32:9.11.19-1] - Update to 9.11.19 (CVE-2020-8616, CVE-2020-8617) [32:9.11.18-1] - Update to 9.11.18 [32:9.11.17-1] - Update to 9.11.17 [32:9.11.14-1] - Update to 9.11.14 - Remove libmaxminddb-devel from devel package dependencies MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8622 CVE-2020-8619 CVE-2020-8623 CVE-2020-8624 Oracle Linux 8 [0.7.11-1] - Update to 0.7.11 - selected bug fixes: * support arch<->noarch package changes when creating patch conflicts from the updateinfo data * also support other rpm database types * fixed solv_zchunk decoding error if large chunks are used * treat retracted pathes as irrelevant * made add_update_target work with multiversion installs - new features * support for SOLVER_BLACKLIST jobs that block the installation of matched packages unless they are directly selected by an SOLVER_INSTALL job * libsolv now also parses the patch status in the updateinfo parser * new solvable_matchessolvable() function * support conda constrains dependencies * new rpm_stat_database() function * new rpm_hash_database_state() function MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20387 Oracle Linux 8 [1.1.1g-11] - Further changes for SP 800-56A rev3 requirements [1.1.1g-9] - Rewire FIPS_drbg API to use the RAND_DRBG - Use the well known DH groups in TLS even for 2048 and 1024 bit parameters [1.1.1g-7] - Disallow dropping Extended Master Secret extension on renegotiation - Return alert from s_server if ALPN protocol does not match - SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration [1.1.1g-6] - Add FIPS selftest for PBKDF2 and KBKDF [1.1.1g-5] - Allow only well known DH groups in the FIPS mode [1.1.1g-1] - update to the 1.1.1g release - FIPS module installed state definition is modified LOW Copyright 2020 Oracle, Inc. CVE-2019-1551 Oracle Linux 8 [10.32-2] - Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT) (bug #1734468) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20454 Oracle Linux 8 [2.3.3-2] - patch: Fix possible memory corruption in LUKS2 validation code in 32bit library. - Resolves: #1872294 [2.3.3-1] - Update to cryptsetup 2.3.3 - Resolves: #1796826 #1743891 #1785748 [2.3.1-1] - Update to cryptsetup 2.3.1 - Resolves: #1796826 #1743891 #1785748 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14382 Oracle Linux 8 [0.9.4-2] - Do not return error when server properly closed the channel (#1849071) - Add a test for CVE-2019-14889 - Do not parse configuration file in torture_knownhosts test [0.9.4-1] - Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ - Fixed CVE-2019-14889 (#1781782) - Fixed CVE-2020-1730 (#1802422) - Create missing directories in the path provided for known_hosts files (#1733914) - Removed inclusion of OpenSSH server configuration file from libssh_server.config (#1821339) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1730 CVE-2019-14889 Oracle Linux 8 [14:1.9.1-4] - Related: #1806422 - Building libpcap to side-tag for tcpdump [14:1.9.1-3] - Related: #1743650 - reverting rdma changes due to unresolved dependency loop [14:1.9.1-2] - Related: #1806422 - Building libpcap to side-tag for tcpdump [14:1.9.1-1] - Resolves: #1806422 - rebase libpcap to version 1.9.1 - Resolves: #1743650 - [RFE] enable inbox support for sniffing offloaded (RDMA) traffic with tcpdump - Resolves: #1785330 - Invalid IPv4 addresses are accepted without reporting even a warning - Resolves: #1792208 - Resource exhaustion while PHB header length validation LOW Copyright 2020 Oracle, Inc. CVE-2019-15165 Oracle Linux 8 [239-40.0.1] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-40] - units: add generic boot-complete.target (#1872243) - man: document new 'boot-complete.target' unit (#1872243) - core: make sure to restore the control command id, too (#1829867) [239-39] - device: make sure we emit PropertiesChanged signal once we set sysfs (#1793533) - device: dont emit PropetiesChanged needlessly (#1793533) [239-38] - spec: fix rpm verification (#1702300) [239-37] - spec: dont package /etc/systemd/system/dbus-org.freedesktop.resolve1.service (#1844465) [239-36] - core: dont consider SERVICE_SKIP_CONDITION for abnormal or failure restarts (#1737283) - selinux: do preprocessor check only in selinux-access.c (#1830861) - basic/cgroup-util: introduce cg_get_keyed_attribute_full() (#1830861) - shared: add generic logic for waiting for a unit to enter some state (#1830861) - shared: fix assert call (#1830861) - shared: Dont try calling NULL callback in bus_wait_for_units_clear (#1830861) - shared: add NULL callback check in one more place (#1830861) - core: introduce support for cgroup freezer (#1830861) - core/cgroup: fix return value of unit_cgorup_freezer_action() (#1830861) - core: fix the return value in order to make sure we dont dipatch method return too early (#1830861) - test: add test for cgroup v2 freezer support (#1830861) - fix mis-merge (#1848421) - tests: sleep a bit and give kernel time to perform the action after manual freeze/thaw (#1848421) [239-35] - spec: fix rpm verification (#1702300) [239-34] - spec: fix rpm verification (#1702300) [239-33] - tmpfiles: fix crash with NULL in arg_root and other fixes and tests (#1836024) - sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set (#1625929) - resolvconf: fixes for the compatibility interface (#1835594) - mount: dont add Requires for tmp.mount (#1748840) - core: coldplug possible nop_job (#1829798) - core: add IODeviceLatencyTargetSec (#1831519) - time-util: Introduce parse_sec_def_infinity (#1770379) - cgroup: use structured initialization (#1770379) - core: add CPUQuotaPeriodSec= (#1770379) - core: downgrade CPUQuotaPeriodSec= clamping logs to debug (#1770379) - sd-bus: avoid magic number in SASL length calculation (#1838081) - sd-bus: fix SASL reply to empty AUTH (#1838081) - sd-bus: skip sending formatted UIDs via SASL (#1838081) - core: add MemoryMin (#1763435) - core: introduce cgroup_add_device_allow() (#1763435) - test: remove support for suffix in get_testdata_dir() (#1763435) - cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow (#1763435) - cgroup: Create UNIT_DEFINE_ANCESTOR_MEMORY_LOOKUP (#1763435) - unit: Add DefaultMemoryMin (#1763435) - cgroup: Polish hierarchically aware protection docs a bit (#1763435) - cgroup: Readd some plumbing for DefaultMemoryMin (#1763435) - cgroup: Support 0-value for memory protection directives (#1763435) - cgroup: Test that its possible to set memory protection to 0 again (#1763435) - cgroup: Check ancestor memory min for unified memory config (#1763435) - cgroup: Respect DefaultMemoryMin when setting memory.min (#1763435) - cgroup: Mark memory protections as explicitly set in transient units (#1763435) - meson: allow setting the version string during configuration (#1804252) [239-32] - pid1: fix DefaultTasksMax initialization (#1809037) - cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940) - test: introduce TEST-36-NUMAPOLICY (#1808940) - test: replace 'tail -f' with journal cursor which should be... (#1808940) - test: support MPOL_LOCAL matching in unpatched strace versions (#1808940) - test: make sure the strace process is indeed dead (#1808940) - test: skip the test on systems without NUMA support (#1808940) - test: give strace some time to initialize (#1808940) - test: add a simple sanity check for systems without NUMA support (#1808940) - test: drop the missed || exit 1 expression (#1808940) - test: replace cursor file with a plain cursor (#1808940) - cryptsetup: Treat key file errors as a failed password attempt (#1763155) - swap: finish the secondary swap units jobs if deactivation of the primary swap unit fails (#1749622) - resolved: Recover missing PrivateTmp=yes and ProtectSystem=strict (#1810869) - bus_open leak sd_event_source when udevadm trigger (#1798504) - core: rework StopWhenUnneeded= logic (#1798046) - pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= (#1818054) - core: fix re-realization of cgroup siblings (#1818054) - basic: use comma as separator in cpuset cgroup cpu ranges (#1818054) - core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766479) - sd-journal: close journal files that were deleted by journald before weve setup inotify watch (#1796128) - sd-journal: remove the dead code and actually fix #14695 (#1796128) - udev: downgrade message when we fail to set inotify watch up (#1808051) - logind: check PolicyKit before allowing VT switch (#1797679) - test: do not use global variable to pass error (#1823767) - test: install libraries required by tests (#1823767) - test: introduce install_zoneinfo() (#1823767) - test: replace duplicated Makefile by symbolic link (#1823767) - test: add paths of keymaps in install_keymaps() (#1823767) - test: make install_keymaps() optionally install more keymaps (#1823767) - test-fs-util: skip some tests when running in unprivileged container (#1823767) - test-process-util: skip several verifications when running in unprivileged container (#1823767) - test-execute: also check python3 is installed or not (#1823767) - test-execute: skip several tests when running in container (#1823767) - test: introduce test_is_running_from_builddir() (#1823767) - test: make test-catalog relocatable (#1823767) - test: parallelize tasks in TEST-24-UNIT-TESTS (#1823767) - test: try to determine QEMU_SMP dynamically (#1823767) - test: store coredumps in journal (#1823767) - pid1: add new kernel cmdline arg systemd.cpu_affinity= (#1812894) - udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1820112) - man: be clearer that .timer time expressions need to be reset to override them (#1816908) - Add support for opening files for appending (#1809175) - nspawn: move payload to sub-cgroup first, then sync cgroup trees (#1837094) - core: move unit_status_emit_starting_stopping_reloading() and related calls to job.c (#1737283) - job: when a job was skipped due to a failed condition, log about it (#1737283) - core: split out all logic that updates a Job on a units unit_notify() invocation (#1737283) - core: make log messages about units entering a 'failed' state recognizable (#1737283) - core: log a recognizable message when a unit succeeds, too (#1737283) - tests: always use the right vtable wrapper calls (#1737283) - test-execute: allow filtering test cases by pattern (#1737283) - test-execute: provide custom failure message (#1737283) - core: ExecCondition= for services (#1737283) - Drop support for lz4 < 1.3.0 (#1843871) - test-compress: add test for short decompress_startswith calls (#1843871) - journal: adapt for new improved LZ4_decompress_safe_partial() (#1843871) - fuzz-compress: add fuzzer for compression and decompression (#1843871) - seccomp: fix __NR__sysctl usage (#1843871) LOW Copyright 2020 Oracle, Inc. CVE-2019-20386 Oracle Linux 8 [2.1.3-2] - Resolves: rhbz#1849615 - Fix CVE-2020-10730 use-after-free [2.1.3-1] - Resolves: rhbz#1817567 - Rebase libldb to 2.1.3 for samba MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10730 Oracle Linux 8 [7.61.1-14] - avoid overwriting a local file with -J (CVE-2020-8177) [7.61.1-13] - load built-in openssl engines (#1854369) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8177 Oracle Linux 8 [7.0-10] - Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881 [7.0-9] - Resolves: #1852476 - default permission issue eases information leaks [7.0-8] - Resolves: #1819319 - frr fails to start start if the initscripts package is missing [7.0-7] - Resolves: #1758544 - IGMPv3 queries may lead to DoS [7.0-6] - Resolves: #1776342 - frr has missing dependency on iproute MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12831 Oracle Linux 8 [3.4.2-10] - Fixed CVE-2018-11805 - Resolves: rhbz#1787514 - Fixed CVE-2020-1930 - Resolves: rhbz#1820649 - Fixed CVE-2020-1931 - Resolves: rhbz#1820650 [3.4.2-9] - Fix CVE-2019-12420 - Resolves: rhbz#1812977 [3.4.2-8] - Removed the obsolete SOUGHT channel for rule updates - Resolves: rhbz#1630362 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12420 CVE-2020-1930 CVE-2018-11805 CVE-2020-1931 Oracle Linux 8 [1.2.15-38] - fix CVEs - Resolves: rhbz#1716209, rhbz#1716210, rhbz#1716211, rhbz#1716212, rhbz#1716213, rhbz#1716214, rhbz#1716215, rhbz#1716216, rhbz#1716217, rhbz#1716218, rhbz#1716219 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-7636 CVE-2019-7576 CVE-2019-7572 CVE-2019-7638 CVE-2019-7635 CVE-2019-7637 CVE-2019-7577 CVE-2019-7578 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 Oracle Linux 8 libcmis [0.5.2-1] - Related: rhbz#1796893 update to 0.5.2 liborcus [0.14.1-1] - Related: rhbz#1796893 update to 0.14.1 libreoffice [6.3.6.2-3.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.3.6.2-3] - Obsoletes any libreoffice-gtk2-debuginfo along with libreoffice-gtk2 [1:6.3.6.2-2] - Resolves: rhbz#1841907 always produce utf-8 from gettext [1:6.3.6.2-1] - rhbz#1796893 latest stable release [1:6.3.5.2-7] - rhbz#1796893 dont show error dialog on G_IO_ERROR_FAILED_HANDLED [1:6.3.5.2-6] - rhbz#1819798 Start Center crash after pressing Help button before using any topevel module [1:6.3.5.2-5] - rhbz#1796893 spreadsheetml2ooo.xsl was not well formed xml - rhbz#1796893 fix impress print dialog range [1:6.3.5.2-4] - rhbz#1796893 fix help->licence info->license [1:6.3.5.2-3] - rhbz#1796893 disable tip of the day by default [1:6.3.5.2-2] - rhbz#1796893 improve langpack requires [1:6.3.5.2-1] - rhbz#1796893 latest stable release LOW Copyright 2020 Oracle, Inc. CVE-2020-12802 CVE-2020-12803 Oracle Linux 8 [1.7.0-8] - Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454 - Enable webm-io explicitly [1.7.0-7] - Fix for CVE-2019-9232, CVE-2019-9433, CVE-2019-9371, CVE-2019-2126 - Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454 - Remove php-cli BR MODERATE Copyright 2020 Oracle, Inc. CVE-2019-2126 CVE-2019-9371 CVE-2019-9232 CVE-2019-9433 Oracle Linux 8 [4.0.9-18] - Fix CVE-2019-17546 (#1771372) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17546 Oracle Linux 8 [11.7.3-5] - Rebuild [11.7.3-4] - Package onboarded to gating [11.7.3-3] - Fix memory corruption bug due to integer overflow (#1790608) LOW Copyright 2020 Oracle, Inc. CVE-2019-16167 Oracle Linux 8 [0.66.0-27] - Fix crash on broken file in tilingPatternFill() - Resolves: #1801341 LOW Copyright 2020 Oracle, Inc. CVE-2019-14494 Oracle Linux 8 freerdp [2:2.1.1-1] - Update to 2.1.1 (rhbz#1834287). [2:2.0.0-47.rc4] - Fix SCARD_INSUFFICIENT_BUFFER error (rhbz#1803054) - Do not advertise /usb in help output (rhbz#1761144) vinagre [3.22.0-23] - Remove unused variable (CovScan) - Related: #1839744 [3.22.0-22] - Rebuild due to new version of FreeRDP - Fix an issue when RDP connection shows just black screen - Resolves: #1839744 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11085 CVE-2020-11087 CVE-2020-11525 CVE-2020-11039 CVE-2020-11044 CVE-2020-11522 CVE-2020-11043 CVE-2020-11038 CVE-2020-13396 CVE-2020-11019 CVE-2020-11042 CVE-2020-11041 CVE-2020-13397 CVE-2020-11088 CVE-2020-11040 CVE-2020-11058 CVE-2020-11018 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11049 CVE-2020-11089 CVE-2020-11526 CVE-2020-11086 CVE-2020-11047 Oracle Linux 8 bogofilter [1.2.5-2] - Bump version to have OSCI/gating tests rerun with updated tests [1.2.5-1] - Resolves: #1836279 (Update to 1.2.5) evolution [3.28.5-14] - Related: #1817143 (Add a small patch to behave better with WebKitGTK 2.28) [3.28.5-13] - Resolves: #1836165 (Cannot type the date of a meeting) evolution-data-server [3.28.5-14] - Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3) evolution-mapi [3.28.3-3] - Rebuild for samba 4.12 rebase openchange [2.3-26.0.1] - Use ldconfig_scriptlets [2.3-26] - Add patch to build against samba 4.12 [2.3-25] - Add patch to build against samba 4.11.2 LOW Copyright 2020 Oracle, Inc. CVE-2020-14928 Oracle Linux 8 [19.4-11.0.1] - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] - Update OCI Datasource to support IMDSv2 - limit permissions [Orabug: 31352433] - Changes to ignore all enslaved interfaces [Orabug: 30092148] - Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349] - Make Oracle datasource detect dracut based config files [Orabug: 29956753] - add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla) - added OL to list of known distros [19.4-11.el8] - ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664] - Resolves: bz#1794664 ([RHEL8] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-10.el8] - ci-Changing-notation-of-subp-call.patch [bz#1839662] - Resolves: bz#1839662 ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform) [19.4-9.el8] - ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1794664] - ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1794664] - ci-Detect-kernel-version-before-swap-file-creation-428.patch [bz#1794664] - Resolves: bz#1794664 ([RHEL8] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-8.el8] - ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch [bz#1839662] - ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch [bz#1833874] - Resolves: bz#1833874 ([rhel-8.3]using root user error should cause a non-zero exit code) - Resolves: bz#1839662 ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform) [19.4-7.el8] - Fixing cloud-init-generator permissions [bz#1834173] - Resolves: bz#1834173 ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) [19.4-6.el8] - ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1822343] - Resolves: bz#1822343 ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log) [19.4-5.el8] - ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1822343] - ci-Render-the-generator-from-template-instead-of-cp.patch [bz#1834173] - ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch [bz#1834173] - ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch [bz#1834173] - Resolves: bz#1822343 ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log) - Resolves: bz#1834173 ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) [19.4-4.el8] - ci-changing-ds-identify-patch-from-usr-lib-to-usr-libex.patch [bz#1834173] - Resolves: bz#1834173 ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) [19.4-3.el8] - ci-Make-cloud-init.service-execute-after-network-is-up.patch [bz#1803928] - Resolves: bz#1803928 ([RHEL8.3] Race condition of starting cloud-init and NetworkManager) [19.4-2.el8] - ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812171] - ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812174] - ci-Enable-ssh_deletekeys-by-default.patch [bz#1814152] - ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1840648] - Resolves: bz#1812171 (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8]) - Resolves: bz#1812174 (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8]) - Resolves: bz#1814152 (CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8]) - Resolves: bz#1840648 ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok)) [19.4-1.el8] - Rebase to cloud-init 19.4 [bz#1803095] - Resolves: bz#1803095 ([RHEL-8.3.0] cloud-init rebase to 19.4) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8631 CVE-2020-8632 Oracle Linux 8 [3.0.7-19] - change ownership of pki files (#1710722) [3.0.7-18] - Move old changelog into separate file (#1671239) [3.0.7-17] - Add fix for CVE-2019-19783 - Add fix for CVE-2019-18928 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19783 CVE-2019-18928 Oracle Linux 8 * Fri Mar 27 2020 fjanus@redhat.com - 2.2.5-7 - Fix CVE-2018-14553 - Potential Null pointer dereference in gdImageClone Resolves: RHBZ#1811788 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() Resolves: RHBZ#1678104 (CVE-2019-6977) - Fixed potential double-free in gdImage*Ptr() Resolves: RHBZ#1679002 (CVE-2019-6978) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-6978 CVE-2018-14553 CVE-2019-6977 Oracle Linux 8 [3:2.1.29-10] - Fix match patter to reduce false allocation [3:2.1.29-9] - Fix for CVE-2020-12137 [3:2.1.29-8] - Drop unversioned python from comments. [3:2.1.29-7] - Change attr of /etc/mailman [3:2.1.29-6] - Update run directory references (#1805954) - fix #1188043 - set 2775 permission for /etc/mailman MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12137 Oracle Linux 8 [6.7.4-3] - apply patch for CVE-2020-13430 also to sources, not only to compiled webpack [6.7.4-2] - security fix for CVE-2020-13430 [6.7.4-1] - update to 6.7.4 tagged upstream community sources, see CHANGELOG - security fix for CVE-2020-13379 [6.7.3-1] - update to 6.7.3 tagged upstream community sources, see CHANGELOG - add scripts to list Go dependencies and bundled npmjs dependencies - set Grafana version in Grafana UI and grafana-cli --version - declare README.md as documentation of datasource plugins - create grafana.db on first installation (fixes RH BZ #1805472) - change permissions of /var/lib/grafana to 750 (CVE-2020-12458) - change permissions of /var/lib/grafana/grafana.db to 640 and user/group grafana:grafana (CVE-2020-12458) - change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459) [6.6.2-1] - added patch0 to set the version string correctly - removed patch 004-xerrors.patch, its now upstream - added several patches for golang vendored vrs build dep differences - added patch to move grafana-cli binary to libexec dir - update to 6.6.2 tagged upstream community sources, see CHANGELOG MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12458 CVE-2020-12245 CVE-2019-19499 CVE-2020-13430 CVE-2018-18624 CVE-2020-11110 CVE-2020-12052 CVE-2020-12459 Oracle Linux 8 [4.18.0-240.1.1_3.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-240.1.1_3] - [net] Bluetooth: fix kernel oops in store_pending_adv_report (Gopal Tiwari) [1888454 1888455] {CVE-2020-24490} - [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888257 1888258] {CVE-2020-12351} - [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888806 1888807] {CVE-2020-12352} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25661 CVE-2020-24490 CVE-2020-25662 Oracle Linux 8 [0.34.5-3] - Support HOME_MODE from /etc/login.defs Resolves: rhbz#1886362 [0.34.5-2] - Add gating tests using idm:DL1 module stream and upstream tests Resolves: rhbz#1682457 [0.34.5-1] - Upstream release 0.34.5 - Resolves: rhbz#1833289 - Rebase oddjob to 0.34.5 - Resolves: rhbz#1833052 - CVE-2020-10737 oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10737 Oracle Linux 8 [2.6.5-7] - Fix CVE-2019-3833 Resolves: #1687865 [2.6.5-6] - Fix name of Patch6 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3833 Oracle Linux 8 qt5-qtbase [5.12.5-6] - OpenSSL: handle SSL_shutdowns errors properly Resolves: bz#1851538 [5.12.5-5] - Fix: Files placed by attacker can influence the working directory and lead to malicious code execution Resolves: bz#1814739 Resolves: bz#1814683 - Fix: XML entity expansion vulnerability Resolves: bz#1822193 qt5-qttools [5.12.5-2] - Rebuild (LLVM-10) Resolves: bz#1832857 qt5-qtwebsockets [5.12.5-2] - Add a public api to set max frame and message size Resolves: bz#1815187 MODERATE Copyright 2020 Oracle, Inc. CVE-2015-9541 CVE-2018-21035 CVE-2020-13962 CVE-2020-0569 CVE-2020-0570 Oracle Linux 8 [2.1.53-1] - Update to new upstream version [2.1.52-1] - Update to new upstream version MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13867 Oracle Linux 8 [2.42.7-4] - Resolves: rhbz#1804519 Add patch for CVE-2019-20446 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20446 Oracle Linux 8 httpd [2.4.37-13.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-30] - Resolves: #1209162 - support logging to journald from CustomLog [2.4.37-29] - Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [2.4.37-28] - Related: #1771847 - BalancerMember ping parameter for mod_proxy_http doesnt work [2.4.37-27] - Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations vulnerable to open redirect - Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential open redirect - Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site scripting in mod_proxy error page - Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference in mod_remoteip - Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http doesnt work - Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive mod_http2 [1.15.7-2] - Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header [1.15.7-1] - new version 1.15.7 - Resolves: #1814236 - RFE: mod_http2 rebase - Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown - Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade - Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare - Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies mod_md [1:2.0.8-8] - Resolves: #1832844 - mod_md does not work with ACME server that does not provide keyChange or revokeCert resources MODERATE Copyright 2020 Oracle, Inc. CVE-2019-0196 CVE-2018-17189 CVE-2019-0197 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2020-1927 CVE-2019-10098 CVE-2020-1934 Oracle Linux 8 varnish [6.0.6-2] - new version 6.0.6 - Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS - Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two client requests leads to information disclosure - Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service handling certain crafted HTTP/1 requests varnish-modules [0.15.0-5] - Related: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20637 CVE-2019-15892 CVE-2020-11653 Oracle Linux 8 [14:4.9.3-1] - Resolves: #1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14468 CVE-2018-10105 CVE-2018-14461 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-10103 CVE-2018-14462 CVE-2018-14466 CVE-2018-14879 CVE-2018-16227 CVE-2018-14467 CVE-2018-14469 CVE-2018-14470 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 Oracle Linux 8 [1:2.3.8-4] - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768) [1:2.3.8-3] - fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354) - fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines leads to use-after-free (#1840357) - fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart leads to DoS (#1840356) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10958 CVE-2020-10967 Oracle Linux 8 [0.6.22-4] - Add patch for CVE-2020-0181/CVE-2020-0198 - Resolves: #1847753 - Resolves: #1847761 [0.6.22-3] - Also remove timezone from the .mo files - Related: #1841320 [0.6.22-2] - Remove timestamps from the .mo files to avoid multilib conflicts - Related: #1841320 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12767 CVE-2020-0182 CVE-2020-0198 CVE-2019-9278 CVE-2020-0181 CVE-2020-13113 CVE-2020-13114 CVE-2020-0093 Oracle Linux 8 [3.0.20-3] - Require make for proper bootstrap execution, removes post script Resolves: bz#1672285 [3.0.20-2] - Fix breakage caused by OpenSSL FIPS regression Related: bz#1855822 Related: bz#1810911 Resolves: bz#1672285 [3.0.20-1] - Update to FreeRADIUS server version 3.0.20 - Introduce Python 3 support; resolves: bz#1623069 - DoS issues due to multithreaded BN_CTX access; resolves: bz#1818809 - Create tmp files in /run; resolves: bz#1805975 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17185 Oracle Linux 8 [20200602gitca407c7246bf-3.el8] - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch [bz#1861718] - Resolves: bz#1861718 (Very slow boot when overcommitting CPU) [20200602gitca407c7246bf-2.el8] - edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch [bz#1844682] - edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch [bz#1844682] - edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch [bz#1844682] - Resolves: bz#1844682 (silent build of edk2-aarch64 logs DEBUG_ERROR messages that dont actually report serious errors) [20200602gitca407c7246bf-1.el8] - Rebase to edk2-stable202005 [bz#1817035] - Resolves: bz#1817035 ((edk2-rebase-rhel-8.3) - rebase edk2 to upstream tag edk2-stable202005 for RHEL-8.3) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14559 Oracle Linux 8 [19.11.3-1] - Rebase DPDK to 19.11.3 (#1868708) [19.11.2-1] - Rebase DPDK to 19.11.2 (#1836830, #1837024, #1837030, #1837022) [19.11.1-1] - Rebase DPDK to 19.11.1 (#1824905) - Remove dpdk-pmdinfo.py (#1801361) - Add Requires: rdma-core-devel libmnl-devel on x86_64 for dpdk-devel (#1813252) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10722 CVE-2020-10725 CVE-2020-10723 CVE-2020-10726 Oracle Linux 8 [0.12.0-6] - Fix CVE-2017-18640 by using updated snakeyaml. MODERATE Copyright 2020 Oracle, Inc. CVE-2017-18640 Oracle Linux 8 [3.28.1-3] - Fix CVE-2020-11736 (#1827395) - Fix CVE-2019-16680 (#1767594) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11736 CVE-2019-16680 Oracle Linux 8 [6.8.2-2] - Fix CVE-2019-13225 Resolves: #1771052 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13225 Oracle Linux 7 [2.8-14.el7_9.1] - Test bitmap size earlier for PNGs - Fix memory leak in pngshim.c - Resolves: #1891635 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15999 Oracle Linux 7 [1.6.7-3] - Fix CVE-2020-14363 (#1873922) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14363 Oracle Linux 7 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 Oracle Linux 7 [1.20.4-12] - CVE fixes for: CVE-2020-14345 (#1872389), CVE-2020-14346 (#1872393), CVE-2020-14361 (#1872400), CVE-2020-14362 (#1872407) - Temporarily revert fixes from 1.20.4-11 build for delivery of CVE fixes [1.20.4-11] - Fix a crash when moving an animated cursor between screens - Be case-insentive when matching extension names to enable or disable IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14362 CVE-2020-14345 CVE-2020-14361 CVE-2020-14346 Oracle Linux 8 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry [78.3.1-1] - Update to 78.3.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 Oracle Linux 6 [1.6.4-4] - Fix CVE-2020-14363 (#1873920) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14363 Oracle Linux 6 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 Oracle Linux 8 [2.9.1-4.el8_3.1] - Test bitmap size earlier for PNGs - Fix memory leak in pngshim.c - Resolves: #1891905 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15999 Oracle Linux 6 [1.17.4-18.0.1] - Fix regression from the patch for Orabug 27204421 which crashes Xvfb [Orabug: 28485058] - Fix X consumes 100% CPU if messagebus restarted [Orabug: 27204421] - Fix X server failure in FIPS mode [Orabug: 22866111] [1.17.4-18] - CVE fixes for: CVE-2020-14345 (#1872388), CVE-2020-14346 (#1872392), CVE-2020-14361 (#1872399), CVE-2020-14362 (#1872406) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14345 CVE-2020-14346 CVE-2020-14361 CVE-2020-14362 Oracle Linux 7 [7.29.0-59.0.1.1] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) - Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch [7.29.0-59.el7_9.1] - avoid overwriting a local file with -J (CVE-2020-8177) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8177 Oracle Linux 7 [4.2.1-41.2] - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz#1850114 [4.2.1-41.1] - fence_lpar: fix issue with long username, hostname, etc not working when the command run by the agent exceeds 80 characters - fence_evacuate: enable evacuation of instances using private flavors Resolves: rhbz#1860545 Resolves: rhbz#1862024 LOW Copyright 2020 Oracle, Inc. CVE-2020-11078 Oracle Linux 7 [2.7.5-90.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-90] - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: rhbz#1856481 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20907 Oracle Linux 7 [3.6.8-18.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-18] - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: rhbz#1856481 - Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422) Resolves: rhbz#1854926 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20907 CVE-2020-14422 Oracle Linux 7 [32:9.11.4-26.P2.2] - Fix unsupported algorithms validation (#rh1769876) [32:9.11.4-26.P2.1] - Fix tsig-request verify (CVE-2020-8622) - Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623) - Correct update-policy type subdomain to match documentation (CVE-2020-8624) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 Oracle Linux 7 [1.8.1-8] - Validate paths read from repomd.xml (RhBug: 1866500) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14352 Oracle Linux 7 [0:7.0.76-16] - Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling LOW Copyright 2020 Oracle, Inc. CVE-2020-1935 Oracle Linux 7 qt [1:4.8.7-9] - Fix buffer overflow in XBM parser Resolves: bz#1870297 qt5-qtbase [5.9.7-5] - Fix buffer overflow in XBM parser Resolves: bz#1870365 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-17507 Oracle Linux 7 [3.10.0-1160.6.1.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160.6.1] - [net] netfilter: nf_queue: place bridge physports into queue_entry struct (Florian Westphal) [1885682] - [net] netfilter: nf_queue: do not release refcouts until nf_reinject is done (Florian Westphal) [1885682] - [net] netfilter: nf_queue: make nf_queue_entry_release_refs static (Florian Westphal) [1885682] - [net] bluetooth: l2cap: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888253] {CVE-2020-12351} - [net] bluetooth: a2mp: Fix not initializing all members (Gopal Tiwari) [1888797] {CVE-2020-12352} [3.10.0-1160.5.1] - [x86] x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (Myron Stowe) [1849223] - [kernel] uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression (Oleg Nesterov) [1861396] - [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859468] {CVE-2020-14331} - [pci] hv: Retry PCI bus D0 entry on invalid device state (Mohammed Gamal) [1846667] - [pci] hv: Fix the PCI HyperV probe failure path to release resource properly (Mohammed Gamal) [1846667] - [x86] xen: Add call of speculative_store_bypass_ht_init() to PV paths (Vladis Dronov) [1882468] - [powerpc] powerpc/smp: Use nid as fallback for package_id (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Add Power9 scheduler topology (Desnes Augusto Nunes do Rosario) [1826306] - [kernel] sched: Add a new SD_SHARE_POWERDOMAIN for sched_domain (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] sched, powerpc: Create a dedicated topology table (Desnes Augusto Nunes do Rosario) [1826306] - [s390] sched, s390: Create a dedicated topology table (Desnes Augusto Nunes do Rosario) [1826306] - [s390] s390/topology: Remove call to update_cpu_masks() (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Add cpu_l2_cache_map (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Rework CPU topology construction (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Use cpu_to_chip_id() to find core siblings (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc, hotplug: Avoid to touch non-existent cpumasks (Desnes Augusto Nunes do Rosario) [1826306] [3.10.0-1160.4.1] - [block] virtio-blk: handle block_device_operations callbacks after hot unplug (Stefan Hajnoczi) [1811893] - [scsi] Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Nilesh Javali) [1826127] - [scsi] scsi: qla2xxx: Fix stale mem access on driver unload (Nilesh Javali) [1826127] - [scsi] scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Keep track of num of pending flogi (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Fix race betwen fipvlan request and response path (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Decrease the LL2 MTU size to 2500 (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Check for module unloading bit before processing link update AEN (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Initiator fails to re-login to switch after link down (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Fix crash during sg_reset (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Stop sending fipvlan request on unload (Nilesh Javali) [1836443] - [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1829803] - [scsi] scsi: megaraid_sas: Clear affinity hint (Tomas Henzl) [1828312] [3.10.0-1160.3.1] - [net] net-sysfs: Call dev_hold always in rx_queue_add_kobject (Hangbin Liu) [1846454] {CVE-2019-20811} - [net] net-sysfs: Call dev_hold always in netdev_queue_add_kobject (Hangbin Liu) [1846454] {CVE-2019-20811} - [net] net-sysfs: call dev_hold if kobject_init_and_add success (Hangbin Liu) [1846454] {CVE-2019-20811} - [netdrv] macvlan: Change status when lower device goes down (Hangbin Liu) [1848950] - [netdrv] macvlan: make operstate and carrier more accurate (Hangbin Liu) [1848950] - [infiniband] RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (Kamal Heib) [1858707] - [infiniband] RDMA/ipoib: Return void from ipoib_ib_dev_stop() (Kamal Heib) [1858707] - [net] tcp: limit sk_write_qlen based on sndbuf size (Florian Westphal) [1847765] - [netdrv] net/mlx5e: Modify uplink state on interface up/down (Alaa Hleihel) [1733181] - [netdrv] net/mlx5: E-Switch, Disable esw manager vport correctly (Alaa Hleihel) [1733181] - [netdrv] net/mlx5: E-Switch, Properly refer to host PF vport as other vport (Alaa Hleihel) [1733181] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20811 CVE-2020-14331 Oracle Linux 7 [4.5.0-36.el7_9.3] - rpc: gendispatch: handle empty flags (CVE-2020-25637) - rpc: add support for filtering @acls by uint params (CVE-2020-25637) - rpc: require write acl for guest agent in virDomainInterfaceAddresses (CVE-2020-25637) - qemu: agent: set ifname to NULL after freeing (CVE-2020-25637) - conf: properly clear out autogenerated macvtap names when formatting/parsing (rhbz#1868549) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-25637 Oracle Linux 7 [2:2.1-73.2.0.1] - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736] - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4.17-* - enable early loading for 06-4f-01 caveat - remove 06-55-04 caveat [2:2.1-73.2] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893261, #1893249, #1893229): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. [2:2.1-73.1] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 Oracle Linux 6 [3:1.17-33.31.0.1] - recognize the 'force-intel' file path available on EL7+ [orabug 31655792] - disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792] - merge Oracle changes for early load via dracut - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - remove other caveat support to be compatible with early load logic - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [2:1.17-33.31] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893243, #1893238): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode (in microcode.dat) at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode (in microcode.dat) at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in microcode-06-4e-03.dat) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in microcode-06-55-04.dat) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in microcode-06-5e-03.dat) from revision 0xdc up to 0xe2; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode (in microcode.dat) from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode (in microcode.dat) from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode (in microcode.dat) from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode (in microcode.dat) from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode (in microcode.dat) from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0x78 up to 0xa0; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in microcode.dat) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xca up to 0xe0. [2:1.17-33.30] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8696 CVE-2020-8698 Oracle Linux 8 [4:20200609-2.20201027.1.0.1] - add support for UEK6 kernels - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 [4:20200609-2.20201027.1] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893265, #1893253, #1893233): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. [4:20200609-2.20200609.3] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 Oracle Linux 7 [78.4.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Tue Nov 10 2020 erack@redhat.com - 78.4.1-1 - Update to 78.4.1 - Filtering nss/nspr libs [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 Oracle Linux 8 [78.4.1-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Tue Nov 10 2020 erack@redhat.com - 78.4.1-1 - Update to 78.4.1 [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading [78.4.0-1] - Update to 78.4.0 build2 * Fri Sep 18 2020 Jan Horak <jhorak@redhat.com> - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 * Fri Jul 24 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 * Fri Jun 26 2020 Jan Horak <jhorak@redhat.com> - Update to 68.10.0 build1 * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 Oracle Linux 6 [78.4.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Tue Nov 10 2020 erack@redhat.com - 78.4.1-1 - Update to 78.4.1 - Filtering nss/nspr libs [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading [78.4.0-1] - Update to 78.4.0 build2 * Fri Sep 18 2020 Jan Horak <jhorak@redhat.com> - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 Oracle Linux 6 [1:5.5-60.0.1] - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373] [1:5.5-60.el6.2] - fix CVE-2020-15862 (#1875960) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 Oracle Linux 8 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 Oracle Linux 7 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 Oracle Linux 6 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 Oracle Linux 7 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26951 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-26960 CVE-2020-26965 Oracle Linux 8 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26951 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-26960 CVE-2020-26965 Oracle Linux 8 [78.5.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26951 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-26960 CVE-2020-26965 Oracle Linux 6 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26951 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-26960 CVE-2020-26965 Oracle Linux 7 [78.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26951 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-26960 CVE-2020-26965 Oracle Linux 6 [78.5.0-1.0.1] - Fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26951 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-26960 CVE-2020-26965 Oracle Linux 7 [1:5.7.2-49.1] - fix CVE-2020-15862 (#1875496) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 Oracle Linux 8 [0.6.22-5] - Fix CVE-2020-0452 - Resolves: #1902593 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0452 Oracle Linux 8 [78.5.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.1-1] - Update to 78.5.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26970 Oracle Linux 7 [78.5.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.1-1] - Update to 78.5.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26970 Oracle Linux 8 [12.5-1] - Rebase to upstream release 12.5 Resolves: rhbz#1898228 Resolves: rhbz#1901558 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25694 CVE-2020-25696 Oracle Linux 7 [0.6.22-2] - Fix CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452 - Resolves: #1902589 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0452 Oracle Linux 7 [1.20.4-15] - CVE fix for: CVE-2020-25712 (#1904937), CVE-2020-14360 (#1904934) [1.20.4-14] - CVE fix for: CVE-2020-14347 (#1862319) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14360 CVE-2020-25712 CVE-2020-14347 Oracle Linux 7 [2.1.53-1.0.1] - added Requires: python-gobject-base [Orabug: 30252308] [2.1.53-1] - Rebase the targetcli package to fix some security issues MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13867 Oracle Linux 7 [2.1.74-1.0.1] - Add patch 0005-allow-mixed-case-in-oracle-iqns to fix [Orabug: 27613482] - Add patch 0004-allow-underscore-in-oracle-iqns to fix [Orabug: 27582660] - Add patch 0014-reenable-vhost to fix [Orabug: 27707403] <alan.adamson@oracle.com> [2.1.74-1] - Rebase to the latest upstream version MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14019 Oracle Linux 7 [3.10.0-1160.11.1.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160.11.1] - [netdrv] hdlc_ppp: add range checks in ppp_cp_parse_cr() (Guillaume Nault) [1882078] {CVE-2020-25643} - [fs] ext4: fix potential negative array index in do_split() (Pavel Reichl) [1846164] {CVE-2020-14314} - [fs] nfsd: apply umask on fs without ACL support ('J. Bruce Fields') [1870215] {CVE-2020-24394} - [kernel] watchdog/core: Remove the park_in_progress obfuscation (Waiman Long) [1860661] - [mm] swap_slots: recheck cache->slots_ret under spin_lock_irq() protection (Rafael Aquini) [1862915] - [netdrv] ethernet: i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Stefan Assmann) [1845677] - [infiniband] mlx5: Fix use-after-free in dereg_mr() (Alaa Hleihel) [1880184] [3.10.0-1160.10.1] - [md] dm-mirror: provide the merge method (Mikulas Patocka) [1890059] - [nvme] nvme-rdma: cancel async events before freeing event struct (David Milburn) [1857397] - [s390] dasd: Use struct_size() helper (Sterling Alexander) [1886477] - [s390] dasd: fix inability to use DASD with DIAG driver (Sterling Alexander) [1886477] - [hv] hv_utils: drain the timesync packets on onchannelcallback (Vitaly Kuznetsov) [1884735] - [hv] hv_utils: return error if host timesysnc update is stale (Vitaly Kuznetsov) [1884735] - [x86] cpu: Re-apply forced caps every time CPU caps are re-read (Herbert Xu) [1886792] - [x86] cpu: Factor out application of forced CPU caps (Herbert Xu) [1886792] [3.10.0-1160.9.1] - [hv] hv: vmbus: Only notify Hyper-V for die events that are oops (Vitaly Kuznetsov) [1868130] - [uapi] include: do not export changes made to struct ip_ct_sctp (Florian Westphal) [1887975] - [net] openvswitch: free vport unless register_netdevice() succeeds (Timothy Redaelli) [1869190] - [net] openvswitch: do not free vport if register_netdevice() is failed (Timothy Redaelli) [1869190] - [kernel] signals: avoid random wakeups in sigsuspend() (Oleg Nesterov) [1704650] - [fs] nfs: Fix getxattr kernel panic and memory overflow (Benjamin Coddington) [1880893] {CVE-2020-25212} [3.10.0-1160.8.1] - [kernel] sched/fair: Fix RCU stall upon -ENOMEM in sched_create_group() (Kenneth Yin) [1878000] - [security] selinux: do not report error on connect(AF_UNSPEC) (Paolo Abeni) [1886305] - [kernel] timer: Fix lockup in __run_timers() caused by large jiffies/timer_jiffies delta (Waiman Long) [1849716] - [mm] revert 'mm/page_alloc: fix memmap_init_zone pageblock alignment' (Artem Savkov) [1878732] - [mm] page_alloc: Make paranoid check in move_freepages a VM_BUG_ON (Artem Savkov) [1878732] - [nvme] rdma: Avoid double freeing of async event data (Gopal Tiwari) [1878950] - [pci] hv: Fix a timing issue which causes kdump to fail occasionally (Mohammed Gamal) [1846667] [3.10.0-1160.7.1] - [fs] xfs: fix off-by-one in inode alloc block reservation calculation (Brian Foster) [1857203] - [fs] xfs: fix inode allocation block res calculation precedence (Brian Foster) [1857203] - [powerpc] powernv/dump: Handle multiple writes to ack attribute (Gustavo Duarte) [1873189] - [powerpc] powernv/dump: Fix race while processing OPAL dump (Gustavo Duarte) [1873189] - [powerpc] powernv: opal-dump: Use IRQ_HANDLED instead of numbers in interrupt handler (Gustavo Duarte) [1873189] - [powerpc] opal_elog: Handle multiple writes to ack attribute (Gustavo Duarte) [1873189] - [powerpc] powernv/elog: Fix race while processing OPAL error log event (Gustavo Duarte) [1873189] - [powerpc] powernv Adapt opal-elog and opal-dump to new sysfs_remove_file_self (Gustavo Duarte) [1873189] - [powerpc] powernv: Fix opal-elog interrupt handler (Gustavo Duarte) [1873189] - [net] flow_dissector: switch to siphash (Davide Caratti) [1835614] {CVE-2019-18282} - [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1875317] {CVE-2020-14385} - [fs] cifs: make 'nodfs' mount opt a superblock flag (Leif Sahlberg) [1873033] - [crypto] crypto: authenc - fix parsing key with misaligned rta_len (Herbert Xu) [1846355] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18282 CVE-2020-24394 CVE-2020-10769 CVE-2020-14385 CVE-2020-25643 CVE-2020-14314 CVE-2020-25212 Oracle Linux 7 [4.10.17-9] - related: #1853272 - Add back missing patch hunks [4.10.16-8] - resolves: #1878205 - Fix restarting winbind on package upgrade - resolves: #1892632 - Fix CVE-2020-14318 - resolves: #1891687 - Fix CVE-2020-14323 - resolves: #1879834 - Fix CVE-2020-1472 - resolves: #1892313 - Fix memory leak in winbindd (wbinfo -u) - resolves: #1868917 - Fix %U substitution for 'valid users' option - resolves: #1853272 - Fix 'require_membership_of' documentation in pam_winbind{.conf} manpage MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1472 CVE-2020-14318 CVE-2020-14323 Oracle Linux 7 [2.0.35-27] - Fix CVE-2016-5766 - Resolves: #1356813 - Upstream patch: https://github.com/libgd/libgd/commit/aba3db8 MODERATE Copyright 2020 Oracle, Inc. CVE-2016-5766 Oracle Linux 8 [4.18.0-240.8.1_3.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-240.8.1_3] - [s390] s390/dasd: Fix zero write for FBA devices (Ming Lei) [1896787 1881760] - [s390] mm/gup: fix gup_fast with dynamic page table folding (Philipp Rudo) [1896351 1883266] - [netdrv] ibmveth: Identify ingress large send packets (Gustavo Duarte) [1896299 1887038] - [netdrv] ibmveth: Switch order of ibmveth_helper calls (Gustavo Duarte) [1896299 1887038] [4.18.0-240.7.1_3] - [fs] writeback: Drop I_DIRTY_TIME_EXPIRE (Waiman Long) [1901547 1860031] - [fs] writeback: Fix sync livelock due to b_dirty_time processing (Waiman Long) [1901547 1860031] - [fs] writeback: Avoid skipping inode writeback (Waiman Long) [1901547 1860031] - [fs] writeback: Protect inode->i_io_list with inode->i_lock (Waiman Long) [1901547 1860031] - [fs] fs: Introduce DCACHE_DONTCACHE (Waiman Long) [1901547 1860031] - [fs] fs: Lift XFS_IDONTCACHE to the VFS layer (Waiman Long) [1901547 1860031] - [fs] dcache: sort the freeing-without-RCU-delay mess for good (Waiman Long) [1901547 1860031] - [net] ip_tunnel_core: Fix build for archs without _HAVE_ARCH_IPV6_CSUM (Aaron Conole) [1885766 1849736] - [tools] selftests: pmtu.sh: Add tests for UDP tunnels handled by Open vSwitch (Aaron Conole) [1885766 1849736] - [tools] selftests: pmtu.sh: Add tests for bridged UDP tunnels (Aaron Conole) [1885766 1849736] - [net] geneve: Support for PMTU discovery on directly bridged links (Aaron Conole) [1885766 1849736] - [net] vxlan: Support for PMTU discovery on directly bridged links (Aaron Conole) [1885766 1849736] - [net] tunnels: PMTU discovery support for directly bridged IP packets (Aaron Conole) [1885766 1849736] - [net] ipv4: route: Ignore output interface in FIB lookup for PMTU route (Aaron Conole) [1885766 1849736] - [netdrv] geneve: add transport ports in route lookup for geneve (Mark Gray) [1891818 1884481] {CVE-2020-25645} - [kernel] PM: hibernate: Batch hibernate and resume IO requests (Lenny Szubowicz) [1894629 1868096] - [md] dm: fix comment in __dm_suspend() (Mike Snitzer) [1890233 1881531] - [md] dm: fold dm_process_bio() into dm_make_request() (Mike Snitzer) [1890233 1881531] - [md] dm: fix missing imposition of queue_limits from dm_wq_work() thread (Mike Snitzer) [1890233 1881531] - [md] dm: optimize max_io_len() by inlining max_io_len_target_boundary() (Mike Snitzer) [1890233 1881531] - [md] dm: push md->immutable_target optimization down to __process_bio() (Mike Snitzer) [1890233 1881531] - [md] dm: change max_io_len() to use blk_max_size_offset() (Mike Snitzer) [1890233 1881531] - [md] dm table: stack 'chunk_sectors' limit to account for target-specific splitting (Mike Snitzer) [1890233 1881531] - [block] block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [1890233 1881531] - [block] block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [1890233 1881531] - [md] dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [1890233 1881531] [4.18.0-240.6.1_3] - [arm64] paravirt: Initialize steal time when cpu is online (Andrew Jones) [1898758 1879137] - [kvm] Revert 'x86/kvm: Move context tracking where it belongs' (Nitesh Narayan Lal) [1897716 1890284] - [pci] hv: Fix hibernation in case interrupts are not re-created (Mohammed Gamal) [1896435 1846838] - [hv] hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (Mohammed Gamal) [1896434 1876519] - [netdrv] hv_netvsc: Cache the current data path to avoid duplicate call and message (Mohammed Gamal) [1896433 1876527] - [netdrv] hv_netvsc: Switch the data path at the right time during hibernation (Mohammed Gamal) [1896433 1876527] - [netdrv] hv_netvsc: Fix hibernation for mlx5 VF driver (Mohammed Gamal) [1896433 1876527] - [tools] selftests/powerpc: Make alignment handler test P9N DD2.1 vector CI load workaround (Gustavo Duarte) [1897278 1887442] - [powerpc] powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (Gustavo Duarte) [1897278 1887442] [4.18.0-240.5.1_3] - [crypto] crypto: testmgr - mark cts(cbc(aes)) as FIPS allowed (Vladis Dronov) [1886189 1855161] [4.18.0-240.4.1_3] - [kernel] sched/features: Fix !CONFIG_JUMP_LABEL case (Daniel Bristot de Oliveira) [1894073 1885850] [4.18.0-240.3.1_3] - [iommu] iommu/amd: Fix the overwritten field in IVMD header (Baoquan He) [1888113 1869148] - [fs] xfs: trim IO to found COW extent limit (Eric Sandeen) [1886895 1882549] - [char] random32: update the net random state on interrupt and activity (Donghai Qiao) [1888233 1867569] {CVE-2020-16166} - [net] openvswitch: fixes crash if nf_conncount_init() fails (Eelco Chaudron) [1879935 1876445] [4.18.0-240.2.1_3] - [tools] selftests: rtnetlink: Test bridge enslavement with different parent IDs (Jonathan Toppins) [1886017 1860479] - [tools] selftests: rtnetlink: correct the final return value for the test (Jonathan Toppins) [1886017 1860479] - [net] Fix bridge enslavement failure (Jonathan Toppins) [1886017 1860479] - [net] netfilter: conntrack: proc: rename stat column (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: add clash resolution stat counter (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: remove ignore stats (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: do not increment two error counters at same time (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: do not auto-delete clash entries on reply (Florian Westphal) [1882094 1875681] - [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint (Alexey Klimov) [1880080 1877380] MODERATE Copyright 2020 Oracle, Inc. CVE-2020-16166 Oracle Linux 8 [1.1.1g-12] - Fix CVE-2020-1971 ediparty null pointer dereference [1.1.1g-11.1] - Implemented new FIPS requirements in regards to KDF and DH selftests - Disallow certificates with explicit EC parameters IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1971 Oracle Linux 8 [1:5.8-18.1] - revert permission of config files to 600 (#1902662) [1:5.8-18] - fix CVE-2020-15862 (#1886100) - fix bulk responses for invalid PID (#1896760) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 Oracle Linux 8 [3.6.14-7] - Increase DH key bits to >= 2048 in self-tests (#1879506) - Implement self-tests for KDF and CMAC (#1890870) - Fix CVE-2020-24659: heap buffer-overflow when 'no_renegotiation' alert is received (#1873959) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-24659 Oracle Linux 8 [2.0.4-6.1] - Prevent users from bypassing ACLs by using IPC directly (CVE-2020-25654) - Resolves: rhbz1891528 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-25654 Oracle Linux 8 delve [1.4.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.4.1-1] - Rebase to 1.4.1 - Resolves: rhbz#1821281 - Related: rhbz#1820596 [1.4.0-2] - Change i686 to a better macro - Related: rhbz#1820596 [1.4.0-1] - Rebase to 1.4.0 - Remove Patch1781 - Related: rhbz#1820596 [1.3.2-3] - Resolves: rhbz#1758612 - Resolves: rhbz#1780554 - Add patch: 1781-pkg-terminal-Fix-exit-status.patch [1.3.2-2] - Added tests - Related: rhbz#1758612 [1.3.2-1] - First package for RHEL - Related: rhbz#1758612 golang [1.14.12-1] - Rebase to 1.14.12 - Resolves: rhbz#1898829 - Resolves: rhbz#1898832 - Resolves: rhbz#1898834 [1.14.10-1] - Rebase to 1.14.10 - Remove patch to fix missing deferreturn on linux/ppc64le rhbz#1854836 - Resolves: rhbz#1897181 - Resolves: rhbz#1897182 - Resolves: rhbz#1897185 go-toolset [1.14.12-1] - Rebase to 1.14.12 - Resolves: rhbz#1898829 - Resolves: rhbz#1898832 - Resolves: rhbz#1898834 [1.14.10-1] - Rebase to 1.14.10 - Resolves: rhbz#1897181 - Resolves: rhbz#1897182 - Resolves: rhbz#1897185 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-28362 CVE-2020-24553 CVE-2020-28366 CVE-2020-28367 Oracle Linux 8 [1:1.16.1-1.0.1.1] - Remove Red Hat references [Orabug: 29498217] [1:1.16.1-1.1] - Resolves: #1898952 - CVE 2019-20372 nginx:1.16/nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c [1:1.16.1-1] - update to 1.16.1 - Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745690 - CVE-2019-9513 nginx:1.16/nginx: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption - Resolves: #1745645 - CVE-2019-9516 nginx:1.16/nginx: HTTP/2: 0-length headers leads to denial of service [1:1.16.0-2] - Resolves: #1718929 - ssl_protocols config option has faulty behavior in nginx:1.16 [1:1.16.0-1] - new version 1.16.0 - enable ngx_stream_ssl_preread module - main package does NOT require all-modules package [1:1.14.1-8] - enable TLS 1.3 by default (#1643647) - TLSv1.0 and TLSv1.1 can be enabled now (#1644746) [1:1.14.1-3] - fix unexpanded paths in nginx(8) (#1643069) [1:1.14.1-2] - Resolves: #1655530 - Hardening tests fail for nginx [1:1.14.1-1] - new version 1.14.1 - Resolves: #1647257 - CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 module - Resolves: #1647262 - CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2 implementation - Resolves: #1647263 - CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation [1:1.14.0-3] - fix PKCS#11 support (Anderson Sasaki, #1545526) [1:1.14.0-2] - add dependency on perl(constant) [1:1.14.0-1] - Resolves: #1558420 - directory permissions are now correct after processing USR1 signal - Resolves: #1601414 - nginx: drop GeoIP support [1:1.12.1-12] - add build conditional for geoip support [1:1.14.0-1] - new version 1.14.0 [1:1.12.1-9] - changed directory permissions (#1558420) [1:1.12.1-8] - disable gperftools (#1496868) [1:1.12.1-7] - update branding (#1512565) [1:1.12.1-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1:1.12.1-5] - Add patch to apply glibc bugfix if really needed only - Disable strict symbol checks in the link editor [1:1.12.1-4] - Rebuilt for switch to libxcrypt [1:1.12.1-3] - rebuild [1:1.12.1-2] - own system drop-in directories #1493036 [1:1.12.1-1] - update to 1.12.1 (#1469924) - enable http_auth_request_module (Tim Niemueller, #1471106) [1:1.12.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:1.12.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:1.12.0-2] - Perl 5.26 rebuild [1:1.12.0-1] - new version 1.12.0 [1:1.10.3-1] - update to upstream release 1.10.3 [1:1.10.2-1] - update to upstream release 1.10.2 [1:1.10.1-1] - update to upstream release 1.10.1 [1:1.10.0-4] - Perl 5.24 rebuild [1:1.10.0-3] - Enable AIO on aarch64 (rhbz 1258414) [1:1.10.0-2] - only Require nginx-all-modules for EPEL and current Fedora releases [1:1.10.0-1] - update to upstream release 1.10.0 - split dynamic modules into subpackages - spec file cleanup [1:1.8.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1:1.8.1-1] - update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver [1:1.8.0-14] - consistently use '%global with_foo' style of logic - remove PID file before starting nginx (#1268621) [1:1.8.0-13] - Use nginx-mimetypes from mailcap (#1248736) - Mark LICENSE as %license [1:1.8.0-12] - also build with gperftools on aarch64 (#1258412) [1:1.8.0-11] - nginx.conf: added commented-out SSL configuration directives (#1179232) [1:1.8.0-10] - switch back to /bin/kill in logrotate script due to SELinux denials [1:1.8.0-9] - fix path to png in error pages (#1232277) - optimize png images with optipng [1:1.8.0-8] - replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543) - remove After=syslog.target in nginx.service (#1231543) - replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543) [1:1.8.0-7] - Perl 5.22 rebuild [1:1.8.0-6] - revert previous change [1:1.8.0-5] - move default server to default.conf (#1220094) [1:1.8.0-4] - add TimeoutStopSec=5 and KillMode=mixed to nginx.service - set worker_processes to auto - add some common options to the http block in nginx.conf - run nginx-upgrade on package update - remove some redundant scriptlet commands - listen on ipv6 for default server (#1217081) [1:1.8.0-3] - improve nginx-upgrade script [1:1.8.0-2] - add --with-pcre-jit [1:1.8.0-1] - update to upstream release 1.8.0 [1:1.7.12-1] - update to upstream release 1.7.12 [1:1.7.10-1] - update to upstream release 1.7.10 - remove systemd conditionals [1:1.6.2-4] - fix package ownership of directories [1:1.6.2-3] - add vim files (#1142849) [1:1.6.2-2] - create nginx-filesystem subpackage (patch from Remi Collet) - create /etc/nginx/default.d as a drop-in directory for configuration files for the default server block - clean up nginx.conf [1:1.6.2-1] - update to upstream release 1.6.2 - CVE-2014-3616 nginx: virtual host confusion (#1142573) [1:1.6.1-4] - Perl 5.20 rebuild [1:1.6.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1:1.6.1-2] - add logic for EPEL 7 [1:1.6.1-1] - update to upstream release 1.6.1 - (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw [1:1.6.0-3] - Fix FTBFS on aarch64 (#1115559) [1:1.6.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1:1.6.0-1] - update to upstream release 1.6.0 [1:1.4.7-1] - update to upstream release 1.4.7 [1:1.4.6-1] - update to upstream release 1.4.6 [1:1.4.5-2] - avoid multiple index directives (#1065488) [1:1.4.5-1] - update to upstream release 1.4.5 [1:1.4.4-1] - Update to upstream release 1.4.4 - Security fix BZ 1032267 [1:1.4.3-1] - update to upstream release 1.4.3 [1:1.4.2-3] - Add in conditionals to build for non-systemd targets [1:1.4.2-2] - Perl 5.18 rebuild [1:1.4.2-1] - update to upstream release 1.4.2 [1:1.4.1-3] - Perl 5.18 rebuild [1:1.4.1-2] - rebuild for new GD 2.1.0 [1:1.4.1-1] - update to upstream release 1.4.1 (#960605, #960606): CVE-2013-2028 stack-based buffer overflow when handling certain chunked transfer encoding requests [1:1.4.0-2] - gperftools exist only on selected arches [1:1.4.0-1] - update to upstream release 1.4.0 - enable SPDY module (new in this version) - enable http gunzip module (new in this version) - enable google perftools module and add gperftools-devel to BR - enable debugging (#956845) - trim changelog [1:1.2.8-1] - update to upstream release 1.2.8 [1:1.2.7-2] - make sure nginx directories are not world readable (#913724, #913735) [1:1.2.7-1] - update to upstream release 1.2.7 - add .asc file [1:1.2.6-6] - use 'kill' instead of 'systemctl' when rotating log files to workaround SELinux issue (#889151) [1:1.2.6-5] - uncomment 'include /etc/nginx/conf.d/*.conf by default but leave the conf.d directory empty (#903065) [1:1.2.6-4] - add comment in nginx.conf regarding 'include /etc/nginf/conf.d/*.conf' (#903065) [1:1.2.6-3] - use correct file ownership when rotating log files [1:1.2.6-2] - send correct kill signal and use correct file permissions when rotating log files (#888225) - send correct kill signal in nginx-upgrade [1:1.2.6-1] - update to upstream release 1.2.6 [1:1.2.5-1] - update to upstream release 1.2.5 [1:1.2.4-1] - update to upstream release 1.2.4 - introduce new systemd-rpm macros (#850228) - link to official documentation not the community wiki (#870733) - do not run systemctl try-restart after package upgrade to allow the administrator to run nginx-upgrade and avoid downtime - add nginx man page (#870738) - add nginx-upgrade man page and remove README.fedora - remove chkconfig from Requires(post/preun) - remove initscripts from Requires(preun/postun) - remove separate configuration files in '/etc/nginx/conf.d' directory and revert to upstream default of a centralized nginx.conf file (#803635) (#842738) [1:1.2.3-1] - update to upstream release 1.2.3 [1:1.2.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1:1.2.1-2] - Perl 5.16 rebuild [1:1.2.1-1] - update to upstream release 1.2.1 [1:1.2.0-2] - Perl 5.16 rebuild [1:1.2.0-1] - update to upstream release 1.2.0 [1:1.0.15-4] - add nginx-upgrade to replace functionality from the nginx initscript that was lost after migration to systemd - add README.fedora to describe usage of nginx-upgrade - nginx.logrotate: use built-in systemd kill command in postrotate script - nginx.service: start after syslog.target and network.target - nginx.service: remove unnecessary references to config file location - nginx.service: use /bin/kill instead of '/usr/sbin/nginx -s' following advice from nginx-devel - nginx.service: use private /tmp [1:1.0.15-3] - fix incorrect postrotate script in nginx.logrotate [1:1.0.15-2] - renable auto-cc-gcc patch due to warnings on rawhide [1:1.0.15-1] - update to upstream release 1.0.15 - no need to apply auto-cc-gcc patch - add %global _hardened_build 1 [1:1.0.14-1] - update to upstream release 1.0.14 - amend some %changelog formatting [1:1.0.13-1] - update to upstream release 1.0.13 - amend --pid-path and --log-path [1:1.0.12-5] - change pid path in nginx.conf to match systemd service file [1:1.0.12-3] - fix %pre scriptlet [1:1.0.12-2] - update upstream URL - replace %define with %global - remove obsolete BuildRoot tag, %clean section and %defattr - remove various unnecessary commands - add systemd service file and update scriptlets - add Epoch to accommodate %triggerun as part of systemd migration [1.0.12-1] - Update to 1.0.12 [1.0.10-1] - Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. - Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4. - Bugfix: the module ngx_http_mp4_module sent incorrect 'Content-Length' response header line if the 'start' argument was used. Thanks to Piotr Sikora. [1.0.8-1] - Update to new 1.0.8 stable release [1.0.5-1] - Update nginx to Latest Stable Release [1.0.0-3] - Perl mass rebuild [1.0.0-2] - Perl 5.14 mass rebuild [1.0.0-1] - Update to 1.0.0 [0.8.53-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.8.53.5] - Extract out default config into its own file (bug #635776) [0.8.53-4] - Revert ownership of log dir [0.8.53-3] - Change ownership of /var/log/nginx to be 0700 nginx:nginx - update init script to use killproc -p - add reopen_logs command to init script - update init script to use nginx -q option [0.8.53-2] - Fix linking of perl module [0.8.53-1] - Update to new stable 0.8.53 [0.7.67-2] - add Provides: webserver (bug #619693) [0.7.67-1] - Update to new stable 0.7.67 - fix bugzilla #591543 [0.7.65-2] - Mass rebuild with perl-5.12.0 [0.7.65-1] - Update to new stable 0.7.65 - change ownership of logdir to root:root - add support for ipv6 (bug #561248) - add random_index_module - add secure_link_module [0.7.64-1] - Update to new stable 0.7.64 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20372 Oracle Linux 8 nodejs [1:12.19.1-1] - Resolves: RHBZ#1901044, #1901045, #1901046, #1901047 - c-ares, ajv and y18n CVEs and yarn installability issues [1:12.18.4-2] - Fix RHBZ#1856776 - nodejs-devel not installable due to missing brotli - Some spec fixes [12.18.4-1] - Rebase to 12.18.4 [12.18.2-1] - Rebase to 12.18.2 [1:12.18.1-1] - Rebase - Spec clean up - Provide i18n package, bundle icu - Resolves: RHBZ#1845311, RHBZ#1845692 [1:12.18.0-1] - Security update to 12.18.0 - Resolves: RHBZ#1845311, RHBZ#1845692 [1:12.16.1-2] - Fix CVE-2020-10531 [1:12.16.1-1] - Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381 - Rebase to 12.16.1 [1:12.14.1-1] - Rebase to 12.14.1 [1:12.13.1-1] - Resolves: RHBZ# 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds [1:12.4.0-2] - Resolves:RHBZ#1685191 - Add condition to libs [1:12.4.0-1] - Update to v12.x - Add v8-devel and libs subpackages from fedora [1:10.14.1-2] - move nodejs-packaging BR out of conditional [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon [1.18.3-1] - Resolves: #1615413 - Updated - bundled [1.11.0-2] - rh-nodejs8 rebuild [1.11.0-1] - Updated with script [1.8.1-6] - rebuilt [1.8.1-5] - Enable scl macros [1.8.1-2] - Fix dependencies [1.8.1-1] - Initial package nodejs-packaging * Tue Mar 12 2019 zsvetlik@redhat.com - 17-3 - Change Requires to Recommends on nodejs dependency, so it is usable for building nodejs [17-2] - Switch hardcoded python3 shebangs into the %{__python3} macro [17-1] - Fix version comparators with a space after the operator [16-1] - Rewrite nodejs.req to better match npm versioning rules - Add tests for nodejs.req and nodejs.prov [15-1] - Fix caret dependency ranges [14-1] - Only match top level modules for requires and provides generation [13-1] - Add %nodejs_setversion macro [12-1] - Port to python 3 [11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [11-1] - nodesjs.req: use boolean with for range dependencies [10-1] - Release v10 - Automatically generate Provides for bundled npm dependencies [9-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [9-3] - switch source URL to pagure [9-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [9-1] - nodejs-fixdep: stop --move erroring on missing dependency types [8-1] - nodejs-fixdep: add --move option - nodejs-symlink-deps: add --optional option - req: generate suggests for optional dependencies [7-5] - nodejs-symlink-deps: handle caret in versions [7-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [7-3] - Install macros in %{_rpmconfidir}/macros.d where available (#1074279) [7-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [7-1] - nodejs-symlink-deps: fix regression preventing multiply versioned modules from being symlinked correctly [6-1] - nodejs-fixdep: use real option parsing - nodejs-fixdep: support modifying optionalDependencies and devDependencies - req: support the caret operator - nodejs-symlink-deps: add --force option - nodejs-symlink-deps: add --build alias for --check - nodejs-fixdep: support converting to caret dependencies - nodejs-fixdep: support non-dictionary dependency properties - multiver_modules: add nan [4-1] - handle cases where the symlink target exists gracefully [3-1] - dependencies and engines can be lists or strings too - handle unversioned dependencies on multiply versioned modules correctly (RHBZ#982798) - restrict to compatible arches [2-1] - move multiple version list to /usr/share/node - bump nodejs Requires to 0.10.12 - add Requires: redhat-rpm-config [1-1] - initial package MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8277 CVE-2020-7774 CVE-2020-15366 Oracle Linux 8 asio [1.10.8-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.10.8-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.8-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.8-4] - Rebuilt for Boost 1.64 [1.10.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.10.8-2] - Rebuilt for Boost 1.63 [1.10.8-1] - Update to 1.10.8 [1.10.7-1] - Update to 1.10.7 [1.10.6-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.10.6-6] - Rebuilt for Boost 1.60 [1.10.6-5] - Remove useless pieces of the spec - Conform to more recent SPEC style - Fix date in changelog that was giving warnings [1.10.6-4] - Move from define to global [1.10.6-3] - Rebuilt for Boost 1.59 [1.10.6-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159 [-1.10.6-1] - Update to 1.10.6 version [1.10.4-5] - rebuild for Boost 1.58 [1.10.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.10.4-3] - Rebuild for boost 1.57.0 [1.10.4-2] - Forgot to update the commit id [1.10.4-1] - Update to 1.10.4 version [1.10.3-1] - Update to 1.10.3 version [1.4.8-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.4.8-8] - Rebuild for boost 1.55.0 [1.4.8-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.4.8-6] - Rebuild for boost 1.54.0 [1.4.8-5] - Rebuild for Boost-1.53.0 [1.4.8-4] - Rebuild for Boost-1.53.0 [1.4.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.4.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.4.8-1] - Update to 1.4.8 bugfix release [1.4.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.4.1-3] - fix FTBFS #538893 and #599857 (patch by Petr Machata) [1.4.1-2] - The tarball is now a gzip archive [1.4.1-1] - New upstream release [1.2.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.0-1] - New upstream release galera [25.3.31-1] - Rebase to 25.3.31 Resolves: #1731289, #1856812 Judy mariadb [3:10.3.27-3] - Remove mariadb_rpl.h from includedir This file is shipped in mariadb-connector-c package - Require matching version of mariadb-connector-c package [3:10.3.27-2] - Disable building of the ed25519 client plugin. From now on it will be shipped by 'mariadb-connector-c' package [3:10.3.27-1] - Rebase to 10.3.27 - mariadb-debug_build.patch is no more needed, upstream did the changes: https://github.com/MariaDB/server/commit/31eaa2029f3c2a4f8e5609ce8b87682286238d9a#diff-32766783af7cac683980224d63c59929 https://github.com/MariaDB/server/commit/23c6fb3e6231b8939331e2d9f157092f24ed8f4f#diff-78f3162f137407db5240950beb2bcd7c [3:10.3.23-1] - Rebase to 10.3.23 - Make conflicts between corresponding mariadb and mysql packages explicit - Get rid of the Conflicts macro, it was intended to mark conflicts with *upstream* packages Resolves: #1853159 [3:10.3.22-1] - Rebase to 10.3.22 [3:10.3.21-1] - Rebase to 10.3.21 [3:10.3.20-2] - Change path of groonga's packaged files - Fix bz#1763287 [3:10.3.20-1] - Rebase to 10.3.20 - NOTE: 10.3.19 was deleted by upstream [3:10.3.18-1] - Rebase to 10.3.18 [3:10.3.17-2] - Fix the debug build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 CVE-2020-2812 CVE-2020-2814 CVE-2020-14765 CVE-2020-14776 CVE-2020-14812 CVE-2020-13249 CVE-2020-14789 CVE-2020-15180 Oracle Linux 8 [3.1.11-2] - Require specific minimal version of the 'mariadb' package, if it is installed [3.1.11-1] - Rebase to 3.1.11 [3.1.9-1] - Rebase to 3.1.9 - Overlinking issues fixed by upstream in 3.1.3 release - Add explicit confict between mariadb-connector-c-devel and mysql-devel packages [3.1.2-1] - Rebase to 3.1.2 - Introducing ED25519 plugin - Plugindir issues (from 3.0.9 release) fixed by upstream Resolves: #1691176 [3.0.10-1] - Rebase to 3.0.10 - Use macro for tarball name - Use macro to set build flags - Use macros for make commands - Remove the scriptlets non relevant for RHEL-8 - Add info for the testsuite execution - Remove glob from library version - Remove info about the upstream issues [3.0.8-2] - Add 'zlib-devel' requirement in '-devel' subpackage. MariaDB requires linking with '-lz', which will fail without the zlib library - Resolves: #1710471 [3.0.8-1] - Rebase to 3.0.8 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-13249 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.35.1] - ixgbe: protect TX timestamping from API misuse (Manjunath Patil) [Orabug: 30275491] - block: init flush rq ref count to 1 (Josef Bacik) [Orabug: 30360559] - block: fix null pointer dereference in blk_mq_rq_timed_out() (Yufen Yu) [Orabug: 30360559] - blk-mq: Remove generation seqeunce (Keith Busch) [Orabug: 30360559] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580687] {CVE-2019-15807} - scsi: qla2xxx: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 30618784] {CVE-2019-16233} - printk: Default console logging level should be set to 4 (Boris Ostrovsky) [Orabug: 30657070] [4.1.12-124.34.2] - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (James Smart) [Orabug: 30569875] - scsi: lpfc: Make PBDE optimizations configurable (James Smart) [Orabug: 30569875] - scsi: lpfc: Update driver version to 11.4.0.8 and Copyright updates (Ketan Mukadam) [Orabug: 30569875] - scsi: lpfc: Fix ELS abort on SLI-3 adapters (James Smart) [Orabug: 30569875] - scsi: lpfc: Correct race with abort on completion path (James Smart) [Orabug: 30569875] - scsi: lpfc: update manufacturer attribute to reflect Broadcom (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Correct topology type reporting on G7 adapters (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (James Smart) [Orabug: 30569875] - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (James Smart) [Orabug: 30569875] - scsi: lpfc: Enhance log messages when reporting CQE errors (James Smart) [Orabug: 30569875] - scsi: lpfc: Fix frequency of Release WQE CQEs (James Smart) [Orabug: 30569875] - scsi: lpfc: Code cleanup for 128byte wqe data type (James Smart) [Orabug: 30569875] - scsi: lpfc: use __raw_writeX on DPP copies (James Smart) [Orabug: 30569875] - scsi: lpfc: Add embedded data pointers for enhanced performance (James Smart) [Orabug: 30569875] - scsi: lpfc: Enable fw download on if_type=6 devices (James Smart) [Orabug: 30569875] - scsi: lpfc: Add if_type=6 support for cycling valid bits (James Smart) [Orabug: 30569875] - scsi: lpfc: Add 64G link speed support (James Smart) [Orabug: 30569875] - scsi: lpfc: Add PCI Ids for if_type=6 hardware (James Smart) [Orabug: 30569875] - scsi: lpfc: Add push-to-adapter support to sli4 (James Smart) [Orabug: 30569875] - scsi: lpfc: Add SLI-4 if_type=6 support to the code base (James Smart) [Orabug: 30569875] - scsi: lpfc: Rework sli4 doorbell infrastructure (James Smart) [Orabug: 30569875] - scsi: lpfc: Rework lpfc to allow different sli4 cq and eq handlers (James Smart) [Orabug: 30569875] - x86/bugs: use check_bugs instead of microcode_late_select_mitigation (Mihai Carabas) [Orabug: 30332499] - x86/bugs: spec_ctrl_mutex taken in stop_machine context (Mihai Carabas) [Orabug: 30332499] - x86/microcode: moved cpu feature late eval to stop_machine (Mihai Carabas) [Orabug: 30332499] - x86/cpu: Re-apply forced caps every time CPU caps are re-read (Andy Lutomirski) [Orabug: 30332499] - x86/microcode/intel: Check microcode revision before updating sibling threads (Ashok Raj) [Orabug: 30332499] - tracing: Fix possible double free on failure of allocating trace buffer (Steven Rostedt (VMware)) [Orabug: 30633873] {CVE-2017-18595} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 CVE-2019-16233 CVE-2017-18595 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.42.1] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580688] {CVE-2019-15807} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.318.1] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379640] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580689] {CVE-2019-15807} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 Oracle Linux 7 [4.14.35-1902.10.4.el7uek] - kvm: Don't reference vcpu->arch.st in arch-independent code (Boris Ostrovsky) [Orabug: 30489861] - kvm: fix compile on s390 part 2 (Christian Borntraeger) [Orabug: 30489861] - kvm: fix compilation on s390 (Paolo Bonzini) [Orabug: 30489861] - kvm: fix compilation on aarch64 (Paolo Bonzini) [Orabug: 30489861] [4.14.35-1902.10.3.el7uek] - x86/KVM: Clean up host's steal time structure (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/kvm: Cache gfn to pfn translation (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/kvm: Introduce kvm_(un)map_gfn() (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - KVM: Properly check if page is valid in kvm_vcpu_unmap (KarimAllah Ahmed) [Orabug: 30489861] - KVM: Introduce a new guest mapping API (KarimAllah Ahmed) [Orabug: 30489861] - KVM: x86: svm: make sure NMI is injected after nmi_singlestep (Vitaly Kuznetsov) [Orabug: 30714532] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15917 CVE-2019-3016 Oracle Linux 7 [4.14.35-1902.10.4.1.el7uek] - IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil) [Orabug: 30815818] - IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30815811] - RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30815802] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30815773] {CVE-2019-19332} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19332 CVE-2019-15917 CVE-2019-3016 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.319.1] - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350265] {CVE-2019-15916} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15916 Oracle Linux 7 [4.14.35-1902.10.7] - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807747] {CVE-2019-17666} - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770961] {CVE-2016-5244} - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658694] {CVE-2019-19332} [4.14.35-1902.10.6] - IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil) - RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30809126] - IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30805810] - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c (Peter Oskolkov) [Orabug: 30787503] - net: IP6 defrag: use rbtrees for IPv6 defrag (Peter Oskolkov) [Orabug: 30787503] - ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module (Florian Westphal) [Orabug: 30787503] - net: IP defrag: encapsulate rbtree defrag code into callable functions (Peter Oskolkov) [Orabug: 30787503] - ipv6: frags: fix a lockdep false positive (Eric Dumazet) [Orabug: 30787503] [4.14.35-1902.10.5] - drm/i915/cmdparser: Fix jump whitelist clearing (Ben Hutchings) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gen8+: Add RC6 CTX corruption WA (Imre Deak) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Lower RM timeout to avoid DSI hard hangs (Uma Shankar) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Ignore Length operands during command matching (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Add support for backward jumps (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Use explicit goto for error paths (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Add gen9 BCS cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Allow parsing of unsized batches (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Add support for mandatory cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Remove Master tables from cmdparser (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Disable Secure Batches for gen6+ (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Rename gen7 cmdparser tables (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Move engine->needs_cmd_parser to engine->flags (Tvrtko Ursulin) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Dont use GPU relocations prior to cmdparser stalls (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Silence smatch for cmdparser (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Do not check past the cmd length. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Check reg_table_count before derefencing. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Prevent writing into a read-only object via a GGTT mmap (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Disable read-only support under GVT (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Read-only pages for insert_entries on bdw+ (Vivi, Rodrigo) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Add read only pages to gen8_pte_encode (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (Anchal Agarwal) [Orabug: 30681025] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557081] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557081] - x86/bugs: missed initconst cpu_vuln_whitelist used at late loading (Mihai Carabas) [Orabug: 30659681] - mwifiex: Fix mem leak in mwifiex_tm_cmd (YueHaibing) [Orabug: 30732918] {CVE-2019-20095} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732937] {CVE-2019-20054} - fjes: Handle workqueue allocation failure (Will Deacon) [Orabug: 30771875] {CVE-2019-16231} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-16231 CVE-2019-20054 CVE-2019-17666 CVE-2016-5244 CVE-2019-20095 CVE-2019-3016 CVE-2019-0154 CVE-2019-15917 CVE-2019-19332 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.1] - iscsi-target: graceful disconnect on invalid mapping to iovec (Imran Haider) [Orabug: 30459537] - x86/microcode: Issue update message only once (Borislav Petkov) [Orabug: 30528904] - x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30528904] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658695] {CVE-2019-19332} - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807748] {CVE-2019-17666} [4.1.12-124.35.5] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557086] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557086] - mlx5: lock mlx5_core to prevent module unload (Brian Maly) [Orabug: 30566775] - rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30576433] - x86: bugs: replace static_ with boot_ for CPU bugs mitigations (Mihai Carabas) [Orabug: 30649400] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17666 CVE-2019-19332 Oracle Linux 7 [4.14.35-1902.10.8] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30847136] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30847136] {CVE-2020-2732} - KVM: nVMX: Dont emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30847136] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.3] - Fix KABI error by keeping the struct field being removed by the below patch (Ritika Srivastava) [Orabug: 30902926] - Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Ritika Srivastava) [Orabug: 30902926] [4.1.12-124.36.2] - rds: Use bitmap to designate dropped connections (Hakon Bugge) [Orabug: 30868399] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 29797476] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30399972] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819439] {CVE-2019-14901} - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864533] {CVE-2019-15291} - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865080] - KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30867886] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30867886] - slub: do not sanity check if SLAB_DEBUG_FREE is not set (Dongli Zhang) [Orabug: 30903145] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903145] - Fix kmalloc slab creation sequence (Christoph Lameter) [Orabug: 30903145] - slab: correct size_index table before replacing the bootstrap kmem_cache_node (Daniel Sanders) [Orabug: 30903145] - mm/slab_common: support the slub_debug boot option on specific object size (Gavin Guo) [Orabug: 30903145] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 CVE-2019-14901 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.1.1] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30847137] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30847137] {CVE-2020-2732} - KVM: nVMX: Dont emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30847137] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.4] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30944739] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30944739] {CVE-2020-2732} - KVM: nVMX: Don't emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30944739] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.43.1] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864534] {CVE-2019-15291} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.320.1] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30650888] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864535] {CVE-2019-15291} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 Oracle Linux 7 [78.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.6.0-1] - Update to 78.6.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26971 CVE-2020-26973 CVE-2020-35111 CVE-2020-16042 CVE-2020-26974 CVE-2020-26978 CVE-2020-35113 Oracle Linux 6 [7.19.7-54.0.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] 462 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-5482 Oracle Linux 8 [78.6.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.6.0-1] - Update to 78.6.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26971 CVE-2020-26973 CVE-2020-35111 CVE-2020-16042 CVE-2020-26974 CVE-2020-26978 CVE-2020-35113 Oracle Linux 7 [7.29.0-54.0.5.el7_7.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-5482 Oracle Linux 7 [1.0.2k-21] - remove ASN1_F_ASN1_ITEM_EMBED_D2I from openssl-1.0.2k-cve-2020-1971.patch [1.0.2k-20] - fix CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1971 Oracle Linux 8 [10.15-1] - Rebase to upstream release 10.15 Resolves: rhbz#1898213 Resolves: rhbz#1898341 Resolves: rhbz#1901567 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25694 CVE-2020-25696 CVE-2020-25695 Oracle Linux 7 [4.14.35-1902.11.3] - xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 31013775] [4.14.35-1902.11.2] - ib/core: Cancel fmr delayed_worker when in shutdown phase of reboot system (Hans Westgaard Ry) [Orabug: 30967501] - Revert 'printk: Default console logging level should be set to 4' (Cesar Roque) [Orabug: 30833249] - cgroup: psi: fix memory leak when freeing a cgroup work function (Tom Hromatka) [Orabug: 30903264] [4.14.35-1902.11.1] - xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30657780] - xfs: increase the default parallelism levels of pwork clients (Darrick J. Wong) [Orabug: 30657780] - xfs: decide if inode needs inactivation (Darrick J. Wong) [Orabug: 30657780] - xfs: refactor the predicate part of xfs_free_eofblocks (Darrick J. Wong) [Orabug: 30657780] - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() (Brian Norris) [Orabug: 30781858] {CVE-2019-14895} - mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781858] {CVE-2019-14895} {CVE-2019-14895} - ipmi_ssif: avoid registering duplicate ssif interface (Kamlakant Patel) [Orabug: 30916684] - ipmi: Fix NULL pointer dereference in ssif_probe (Gustavo A. R. Silva) [Orabug: 30916684] - uio: Fix an Oops on load (Dan Carpenter) [Orabug: 30897832] - drm/i915: Fix use-after-free when destroying GEM context (Tyler Hicks) [Orabug: 30860457] {CVE-2020-7053} - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Darrick J. Wong) [Orabug: 30788113] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903135] - RAS/CEC: Fix binary search function (Borislav Petkov) [Orabug: 30897849] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30809456] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30681066] [4.14.35-1902.11.0] - rds: Avoid qp overflow when posting invalidate/register mr with frwr (Hans Westgaard Ry) [Orabug: 30888677] - rds: Use bitmap to designate dropped connections (Hakon Bugge) [Orabug: 30852643] - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865079] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864532] {CVE-2019-15291} - KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30846856] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30846856] - xen/ovmapi: whitelist more caches (Boris Ostrovsky) [Orabug: 30837856] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819438] {CVE-2019-14901} - drm/i915/gen9: Clear residual context state on context switch (Akeem G Abodunrin) [Orabug: 30773852] {CVE-2019-14615} {CVE-2019-14615} - rds: unlock rs_snd_lock before calling rhashtable_insert_fast (aru kolappan) [Orabug: 30734590] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14895 CVE-2019-14615 CVE-2019-14901 CVE-2019-15291 CVE-2020-7053 Oracle Linux 7 [15:3.1.0-7.el7] - qemu-img: Add --target-is-zero to convert (David Edmondson) [15:3.1.0-6.el7] - qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 30858754] - target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 30652327] - iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 30807256] {CVE-2020-1711} - scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) (Paolo Bonzini) [Orabug: 30351703] {CVE-2019-12068} - lsi: use enum type for s->waiting (Sven Schnelle) {CVE-2019-12068} - json: Fix % handling when not interpolating (Christophe Fergeau) [Orabug: 30640103] - qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 30640103] - Fix heap overflow in ip_reass on big packet input (Samuel Thibault) [Orabug: 30229916] {CVE-2019-14378} - Make poll_control_msr default 1 (Mark Kanda) - Remove redundant check for host support of halt polling (Mark Kanda) [Orabug: 30240121] - Enable '-Werror' compiler flag (Mark Kanda) [Orabug: 30213025] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30729551] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1711 CVE-2019-14378 CVE-2019-12068 Oracle Linux 7 [78.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.6.0-1] - Update to 78.6.0 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26971 CVE-2020-26973 CVE-2020-35111 CVE-2020-16042 CVE-2020-26974 CVE-2020-26978 CVE-2020-35113 Oracle Linux 8 [9.6.20-1] - Rebase to upstream release 9.6.20 Resolves: rhbz#1901563 Resolves: rhbz#1898218 Resolves: rhbz#1898334 [9.6.19-1] - Rebase to 9.6.19 Also fixes: CVE-2019-10208, CVE-2020-14350, CVE-2019-10130 Resolves: #1741490 Resolves: #1867111 Resolves: #1845074 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-10130 CVE-2019-10208 CVE-2020-1720 CVE-2020-14350 CVE-2020-25694 CVE-2020-25696 CVE-2020-25695 Oracle Linux 8 postgresql [12.5-1] - Rebase to upstream release 12.5 Resolves: rhbz#1901555 Resolves: rhbz#1898223 Resolves: rhbz#1898329 [12.1-3] - Release bump for 8.2.0 BZ#1776805 [12.1-2] - Release bump for rebuild against libpq-12.1-3 [12.1-1] - Rebase to upstream release 12.1 [12.0-1] - Rebase to upstream release 12.0 [12.0-0.3] - Rebase to upstream beta release 12beta4 - postgresql-server-devel requires krb5-devel [12.0-0.2] - Rebase to upstream beta release 12beta3 [12.0-0.1] - Rebase to upstream beta release 12beta2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14349 CVE-2020-1720 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Oracle Linux 8 [78.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.6.0-1] - Update to 78.6.0 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26971 CVE-2020-26973 CVE-2020-35111 CVE-2020-16042 CVE-2020-26974 CVE-2020-26978 CVE-2020-35113 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.38.1] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31031928] - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31078882] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085993] {CVE-2020-10942} - Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098797] [4.1.12-124.37.3] - kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31047871] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055327] {CVE-2019-18806} - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085017] {CVE-2018-5953} - KVM: x86: Expose more Intel AVX512 feature to guest (Luwei Kang) [Orabug: 31085086] - x86/cpufeature: Enable new AVX-512 features (Fenghua Yu) [Orabug: 31085086] [4.1.12-124.37.2] - xenbus: req->err should be updated before req->state (Dongli Zhang) [Orabug: 30705030] - xenbus: req->body should be updated before req->state (Dongli Zhang) [Orabug: 30705030] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 CVE-2020-10942 CVE-2018-5953 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.44.1] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055328] {CVE-2019-18806} - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085018] {CVE-2018-5953} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 CVE-2018-5953 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.321.1] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055329] {CVE-2019-18806} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 Oracle Linux 7 [4.14.35-1902.301.1] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085991] {CVE-2020-10942} - uek-rpm: config-mips64-embedded misc pruning (Eric Saint-Etienne) [Orabug: 31079017] - ubifs: Check for name being NULL while mounting (Richard Weinberger) [Orabug: 29410897] - team: avoid complex list operations in team_nl_cmd_options_set() (Cong Wang) [Orabug: 30886420] - Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098796] - Revert 'oled: Limit panic routine change x86 only' (Wengang Wang) [Orabug: 31098796] - net/mlx5: Add pci AtomicOps request (Michael Guralnik) [Orabug: 30750027] - PCI: Add pci_enable_atomic_ops_to_root() (Jay Cornwall) [Orabug: 30750027] - locking/rwsem: Prevent decrement of reader count before increment (Waiman Long) [Orabug: 31087349] - net: core: another layer of lists, around PF_MEMALLOC skb handling (Sasha Levin) [Orabug: 31087349] - locking/rwsem: Fix (possible) missed wakeup (Xie Yongji) [Orabug: 31087349] - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085014] {CVE-2018-5953} - nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31015775] - NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31015775] - ppp: remove the PPPIOCDETACH ioctl (Eric Biggers) [Orabug: 31061772] - batman-adv: Avoid WARN on net_device without parent in netns (Sven Eckelmann) [Orabug: 30857690] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055325] {CVE-2019-18806} - net_sched: fix datalen for ematch (Cong Wang) [Orabug: 30877993] - net/xfrm: fix out-of-bounds packet access (Alexei Starovoitov) [Orabug: 30885434] - RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 30729404] - RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 30729404] - RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 30729404] - IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 30729404] - RDMA/mlx5: Use odp instead of mr->umem in pagefault_mr (Jason Gunthorpe) [Orabug: 30729404] - RDMA/mlx5: Use ib_umem_start instead of umem.address (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Use kvcalloc for the dma_list and page_list (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Check for overflow when computing the umem_odp end (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Provide ib_umem_odp_release() to undo the allocs (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Split creating a umem_odp from ib_umem_get (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Make the three ways to create a umem_odp clear (Jason Gunthorpe) [Orabug: 30729404] - RMDA/odp: Consolidate umem_odp initialization (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Make it clearer when a umem is an implicit ODP umem (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Iterate over the whole rbtree directly (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Use the common interval tree library instead of generic (Jason Gunthorpe) [Orabug: 30729404] - RDMA/mlx5: Fix MR npages calculation for IB_ACCESS_HUGETLB (Jason Gunthorpe) [Orabug: 30729404] - IB/mlx5: Fix implicit MR release flow (Yishai Hadas) [Orabug: 30729404] - RDMA/netlink: Implement counter dumpit calback (Mark Zhang) [Orabug: 30729404] - RDMA/nldev: Allow counter auto mode configration through RDMA netlink (Mark Zhang) [Orabug: 30729404] - RDMA/odp: Fix missed unlock in non-blocking invalidate_start (Jason Gunthorpe) [Orabug: 30729404] - RDMA: Report available cdevs through RDMA_NLDEV_CMD_GET_CHARDEV (Jason Gunthorpe) [Orabug: 30729404] - RDMA: Add NLDEV_GET_CHARDEV to allow char dev discovery and autoload (Jason Gunthorpe) [Orabug: 30729404] - RDMA: Convert put_page() to put_user_page*() (John Hubbard) [Orabug: 30729404] - RDMA/umem: Move page_shift from ib_umem to ib_odp_umem (Jason Gunthorpe) [Orabug: 30729404] - mm: introduce put_user_page*(), placeholder versions (John Hubbard) [Orabug: 30729404] - RDMA/umem: Remove hugetlb flag (Shiraz Saleem) [Orabug: 30729404] - RDMA/bnxt_re: Use core helpers to get aligned DMA address (Shiraz Saleem) [Orabug: 30729404] - RDMA/i40iw: Use core helpers to get aligned DMA address within a supported page size (Shiraz Saleem) [Orabug: 30729404] - RDMA/verbs: Add a DMA iterator to return aligned contiguous memory blocks (Shiraz Saleem) [Orabug: 30729404] - RDMA/umem: Add API to find best driver supported page size in an MR (Shiraz Saleem) [Orabug: 30729404] - RDMA/umem: Handle page combining avoidance correctly in ib_umem_add_sg_table() (Shiraz Saleem) [Orabug: 30729404] - RDMA/core: Add a netlink command to change net namespace of rdma device (Parav Pandit) [Orabug: 30729404] - RDMA/umem: Use correct value for SG entries in sg_copy_to_buffer() (Shiraz Saleem) [Orabug: 30729404] - RDMA/nldev: Return device protocol (Leon Romanovsky) [Orabug: 30729404] - RDMA/umem: Combine contiguous PAGE_SIZE regions in SGEs (Shiraz Saleem) [Orabug: 30729404] - RDMA/core: Add interface to read device namespace sharing mode (Parav Pandit) [Orabug: 30729404] - IB/mlx5: Reset access mask when looping inside page fault handler (Moni Shoua) [Orabug: 30729404] - IB/core: Ensure an invalidate_range callback on ODP MR (Ira Weiny) [Orabug: 30729404] - RDMA/umem: Revert broken 'off by one' fix (John Hubbard) [Orabug: 30729404] - RDMA/umem: minor bug fix in error handling path (John Hubbard) [Orabug: 30729404] - RDMA/nldev: Provide parent IDs for PD, MR and QP objects (Leon Romanovsky) [Orabug: 30729404] - RDMA/nldev: Share with user-space object IDs (Leon Romanovsky) [Orabug: 30729404] - IB/uverbs: Add ib_ucontext to uverbs_attr_bundle sent from ioctl and cmd flows (Shamir Rabinovitch) [Orabug: 30729404] - RDMA/rdmavt: Adapt to handle non-uniform sizes on umem SGEs (Shiraz, Saleem) [Orabug: 30729404] - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/ocrdma: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/qedr: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/cxgb3: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/cxgb4: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/i40iw: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/mthca: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/bnxt_re: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - lib/scatterlist: Provide a DMA page iterator (Jason Gunthorpe) [Orabug: 30729404] - RDMA/nldev: Dynamically generate restrack dumpit callbacks (Leon Romanovsky) [Orabug: 30729404] - IB/{core,hw}: Have ib_umem_get extract the ib_ucontext from ib_udata (Jason Gunthorpe) [Orabug: 30729404] - RDMA/uverbs: Use uverbs_attr_bundle to pass udata for ioctl() (Jason Gunthorpe) [Orabug: 30729404] - RDMA/uverbs: Use uverbs_attr_bundle to pass udata for write_ex (Jason Gunthorpe) [Orabug: 30729404] - RDMA/uverbs: Replace ib_uverbs_file with uverbs_attr_bundle for write (Jason Gunthorpe) [Orabug: 30729404] - RDMA/core: Refactor ib_register_device() function (Parav Pandit) [Orabug: 30729404] - RDMA/core: Fix unwinding flow in case of error to register device (Parav Pandit) [Orabug: 30729404] - RDMA/nldev: Allow IB device rename through RDMA netlink (Leon Romanovsky) [Orabug: 30729404] - RDMA: Fully setup the device name in ib_register_device (Jason Gunthorpe) [Orabug: 30729404] - mm: Introduce kvcalloc() (Kees Cook) [Orabug: 30729404] - RDMA/uapi: Fix uapi breakage (Doug Ledford) [Orabug: 30729404] - RDMA/nldev: helper functions to add driver attributes (Steve Wise) [Orabug: 30729404] - RDMA/nldev: add driver-specific resource tracking (Steve Wise) [Orabug: 30729404] - RDMA/nldev: Add explicit pad attribute (Steve Wise) [Orabug: 30729404] - RDMA/bnxt_re: Add support for MRs with Huge pages (Somnath Kotur) [Orabug: 30729404] - IB/{rdmavt, hfi1, qib}: Self determine driver name (Michael J. Ruhl) [Orabug: 30729404] - RDMA/vmw_pvrdma: Do not re-calculate npages (Yuval Shaia) [Orabug: 30729404] - iw_cxgb4: allocate wait object for each memory object (Steve Wise) [Orabug: 30729404] - IB/uverbs: clean up INIT_UDATA() macro usage (Arnd Bergmann) [Orabug: 30729404] - x86/init: Fix kasan gcc8+ type miss match error. (John Donnelly) [Orabug: 31076337] [4.14.35-1902.301.0] - kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31049316] - media: usb: fix memory leak in af9005_identify_state (Navid Emamdoost) [Orabug: 31029908] {CVE-2019-18809} - nvme: fix possible deadlock when nvme_update_formats fails (Sagi Grimberg) [Orabug: 31002557] - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Thadeu Lima de Souza Cascardo) [Orabug: 30995760] - uek-rpm: Make sure perf builds against libnuma and add run-time dependency (Dave Kleikamp) [Orabug: 30896468] - perf/x86/intel: Add Icelake support (Thomas Tai) [Orabug: 30872256] - x86/CPU: Add Icelake model number (Rajneesh Bhardwaj) [Orabug: 30872256] - perf/x86/intel/ds: Handle PEBS overflow for fixed counters (Kan Liang) [Orabug: 30872256] - perf/x86/intel: Introduce PMU flag for Extended PEBS (Kan Liang) [Orabug: 30872256] - tty: Don't hold ldisc lock in tty_reopen() if ldisc present (Dmitry Safonov) [Orabug: 30591419] - tty: Simplify tty->count math in tty_reopen() (Dmitry Safonov) [Orabug: 30591419] - tty: Hold tty_ldisc_lock() during tty_reopen() (Dmitry Safonov) [Orabug: 30591419] - tty/ldsem: Wake up readers after timed out down_write() (Dmitry Safonov) [Orabug: 30591419] - tty: Drop tty->count on tty_reopen() failure (Dmitry Safonov) [Orabug: 30591419] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 30328633] - net: erspan: fix use-after-free (William Tu) [Orabug: 29784424] - batman-adv: Force mac header to start of data on xmit (Sven Eckelmann) [Orabug: 29784399] - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (Cong Wang) [Orabug: 30886600] - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (Cong Wang) [Orabug: 30884437] - add extra symbols from UEK5R3 to the kABI whitelist (Dan Duval) [Orabug: 30295161] - iommu: Force iommu shutdown on panic (John Donnelly) [Orabug: 31043947] - iommu/amd: Only free resources once on init error (Kevin Mitchell) [Orabug: 31043947] - iommu/amd: Move gart fallback to amd_iommu_init (Kevin Mitchell) [Orabug: 31043947] - iommu/amd: Make iommu_disable safer (Kevin Mitchell) [Orabug: 31043947] - iommu/vt-d: Turn off translations at shutdown (Deepa Dinamani) [Orabug: 31043947] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18809 CVE-2018-5953 CVE-2019-18806 CVE-2020-10942 Oracle Linux 7 olcne [1.0.3-1] - updated the default Kubernetes version to 1.14.9 kubernetes [1.14.9-1.0.3] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.14.9-1.0.2] - Use bounded crio version [1.14.9-1.0.1] - Added Oracle specific build files for Kubernetes cri-o [1.14.7-1.0.5] - Enhance versioning detection [1.14.7-1.0.4] - Golang CVE-2019-16276 [1.14.7-1.0.3] - added THIRD_PARTY_LICENSES.txt file [1.14.7-1.0.2] - moved to semantic versioning for Release [1.14.7-1] - Added Oracle Specifile Files for cri-o cri-tools [1.14.0-1.0.5] - Enhance versioning to support rpm Provides [1.14.0-1.0.4] - Golang CVE-2019-16276 [1.14.0-1.0.3] - added THIRD_PARTY_LICENSES.txt file [1.14.0-1.0.2] - moved to semantic versioning for Release and added Url [1.14.0-1] - Added Oracle Specific Build Files for cri-tools IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11254 Oracle Linux 7 kubernetes [1.12.10-1.0.11] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.12.10-1.0.10] - [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS [1.12.10-1.0.9] - Define rolling update for flannel [1.12.10-1.0.8] - Modify flannel/dashboard image tags to use images that have the cve fix [1.12.10-1.0.7] - [CVE-2019-11253] Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack [1.12.10-1.0.6] - [CVE-2019-16276] bump golang to 1.12.10 [1.12.10-1.0.5] - added THIRD_PARTY_LICENSES.txt file [1.12.10-1.0.4] - fix for CVE-2019-11251 [1.12.10-1.0.3] - replacing references to kubernetes-dashboard-amd64 with kubernetes-dashboard [1.12.10-1.0.2] - Added Oracle specific build files for Kubernetes kubeadm-ha-setup [0.0.2-1.0.69] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [0.0.2-1.0.68] - Pull image prior to update and fix image repo for addons [0.0.2-1.0.67] - Bump golang build version [0.0.2-1.0.66] - [CVE-2019-16276] Support patching flannel/dashboard on upgrade [0.0.2-1.0.65] - [CVE 2019-16276] Support deploygin 1.12 and 1.13 with CVE patched [0.0.2-1.0.64] - [CVE-2019-16276] Support patching etcd on upgrade [0.0.2-1.0.63] - [CVE-2019-16276] while upgrading a cluster patch the coredns image [0.0.2-1.0.62] - CVE-2019-16276 : Update flannel , etcd coredns and dashboard images. [0.0.2-1.0.61] - Added Support for 1.13.11 and removed support for 1.13.10 [0.0.2-1.0.59] - Remove Support for 1.14.6 [0.0.2-1.0.58] - Replacing reference to kubernetes-dashboard-amd64 with kubernetes-dashboard [0.0.2-1.0.57] - Support 1.12.10 [0.0.2-1.0.56] - Support 1.14.6 [0.0.2-1.0.55] - Support 1.13.10 [0.0.2-1.0.54] - Support 1.13.9 [0.0.2-1.0.53] - Mark 1.14 as a developer build [0.0.2-1.0.52] - Restore fails when trying to restore after a failed update [0.0.2-1.0.51] - Minor version update doesn't update kubeadm on all master nodes [0.0.2-1.0.50] - Make k8s 1.14 specific changes [0.0.2-1.0.49] - Remove 1.10 and 1.11 version since they are incompatable [0.0.2-1.0.48] - Support deploying 5 master nodes [0.0.2-1.0.47] - Only update/upgrade the controlplane images if they changed in the Release object [0.0.2-1.0.46] - Fix version comparison function during upgrade [0.0.2-1.0.45] - Fix rpm version compare - Allow kubernetes updates for patch version [0.0.2-1.0.44] - Allow assume yes to deploy a single master without the prompt [0.0.2-1.0.43] - Post cluster creation should check only for master nodes [0.0.2-1.0.42] - Update keepalived check api server to ensure we are grepping the correct IP [0.0.2-1.0.41] - Make ha.yaml an optional argument in the cli for single master cluster [0.0.2-1.0.40] - Add pod cidr default and refactor ha.yaml example [0.0.2-1.0.39] - Remove features: feature1_13=true from config [0.0.2-1.0.38] - Default kubernetes version to latest production version [0.0.2-1.0.37] - Fix keepalived issue when firewalld is disable [0.0.2-1.0.36] - Default kubernetes version to latest production version [0.0.2-1.0.35] - Add addons template and config files [0.0.2-1.0.34] - Enhance tests [0.0.2-1.0.33] - fix regression of previous firewall fix [0.0.2-1.0.32] - Fix firewall issues during restore [0.0.2-1.0.31] - Fix firewall issues [0.0.2-1.0.30] - Enhance output while validating the system [0.0.2-1.0.29] - Fix DR in 1.13 [0.0.2-1.0.28] - Fix apiserver_cert_extra_sans for 1.13 clusters [0.0.2-1.0.27] - Fix update/upgrade output message [0.0.2-1.0.26] - Fix major upgrade [0.0.2-1.0.25] - Add registry migration [0.0.2-1.0.24] - Return stdout and stderr from Run function to allow the caller decided what to display [0.0.2-1.0.23] - Proxy variable is inherited in remote master [0.0.2-1.0.22] - The Trim function doesn't work for replacing strings - Upgrade should use the pause container instead of pause-amd64 [0.0.2-1.0.21] - Include 1.12.7 image and update 1.13 and metric servers info [0.0.2-1.0.20] - Support new registries and allow for password to have a colon [0.0.2-1.0.19] - --force flag for full restore [0.0.2-1.0.18] - Change update help message [0.0.2-1.0.17] - Change update message, add ha install command and ask for confirmation [0.0.2-1.0.16] - Change upgrade command name to update [0.0.2-1.0.15] - Fix upgrade for point release [0.0.2-1.0.14] - Move file.go to config.go [0.0.2-1.0.13] - Feature Flag 1.13 code [0.0.2-1.0.12] - Add support of upgrading HA master nodes [0.0.2-1.0.11] - Support deploying Kubernetes version 1.13.2 [0.0.2-1.0.10] - CVE-2018-16875 [0.0.2-1.0.9] - Add timeout to Run() (gitlab issues #3) - Rename path to linux-git.us.oracle.com/Kubernetes [0.0.2-1.0.8] - Remove releases.json dependency [0.0.2-1.0.7] - Pin dependent kubernetes packages [0.0.2-1.0.6] - Update deps for kube 1.13 [0.0.2-1.0.5] - Add test runner in makefile and execute it in CI/CD [0.0.2-1.0.4] - Fix backup path issue again found by Tom Cocozzello [0.0.2-1.0.3] - [Orabug 29152516] Backup and restore /var/lib/kubelet/kubeadm-flags.env too - Cleanup kube-ipvs0 interface too - More code cleanup - Use map for checking kernel module - Fix client joining errors - Addressing Tom Cocozzello's review - Enabling IPVS in HA [0.0.2-1.0.2] - Update dashboard image (CVE-2018-18264) [0.0.2-1.0.1] - Allow Oracle certified addons to be installed via cli [0.0.1-2.0.9] - Use 'dep ensure' to clean up symlinks in the vendor directory [0.0.1-2.0.5] - Clean up un-used build scripts [0.0.1-2.0.4] - Add Makefile for building and testing code [0.0.1-2.0.3] - Fix file restore issue when it contains './' [0.0.1-2.0.2] - Resolve the full filepath when '.' is passed in - Addressing review by Muminul Islam [0.0.1-2.0.1] - Remove 'firewall-cmd --reload' as it can hangs OCI - Fix some errors reported by Shubham - Error out if options is not currently supported in HandleEtcdOps - Fix down issue - Dump log output to /var/log/kubeadm-ha-setup [0.0.1-1.0.37] - Fix kubernetes version - Include log printing when error occurs - Fix client.go regression due to new down function [0.0.1-1.0.36] - Remove Godeps, using dep for now - Check if image is not set before referencing - Rename getEtcdConfigV2 to getEtcdConfig - Adding down functionality - Update ha.yaml file [0.0.1-1.0.35] - Removing etcd.go - Addressing Tom Cocozzello review - [Orabug 28977571] [0.0.1-1.0.34] - Enabling full restore on HA master and single master - Cleanup - Enable single master backup - Double the context request timeout - Implement retryable AddMember [0.0.1-1.0.33] - Modified DR for One node case to use new etcd API - Enhanced the helper scripts such that it will error out - HealthCheck re-implementation [0.0.1-1.0.32] - Update dashboard image [0.0.1-1.0.31] - Needs to be run as a privileged user - Enable CoreDNS as default [0.0.1-1.0.30] - Enable single master setup [0.0.1-1.0.29] - Redesigned for setting up v1.12 HA clusters [0.0.1-1.0.28] - Fixes for v1.11 - Addressing Laszlo Peter review - Addressing Daniel Krasinski review [0.0.1-1.0.27] - Fix build failure - Add UPL LICENSE - Fix the usage of defer - Re-try when docker pull image gets a timeout - Refactor SetupCreds() - Remove --force flag for restore - When something fail, we should lenghten the timeout time [0.0.1-1.0.26] - When context timed out catch it and print stdout, stderr [0.0.1-1.0.25] - Check output from docker client and probe for error [0.0.1-1.0.24] - Properly parse if repo has a special ':' character [0.0.1-1.0.23] - Checking the total nodes would be better implementation - Fixup etcd add member errors [0.0.1-1.0.22] - Pod count could be >= 20 - Remove port 30000-32767/tcp check for client node - Querying k8s cluster health instead of etcd for backup - Cosmestic fix - Etcd one node restore problems [0.0.1-1.0.21] - Check whether repo needs auth even in one node restore case - Fixup the restore script - docker pull image change in behavior in 18.03 - Include client side image repo checking too - Provide a full repo path for comparison - Make kubernetes_developer as the sample repo - Use strings.Contains to compare strings - Fix README - Initial README - Include changes in kube.go [0.0.1-1.0.20] - In OCI LB can takes time to setup properly - Fix random string - [Orabug 28445064] - Replace RunCmdExec() with just Run() - Sanity check for # of master - Make kubeadm token default to be random [0.0.1-1.0.19] - Check if docker exec etcd returns Error - Check env first before trying to pull image - [Orabug 28461826] [0.0.1-1.0.18] - Fixing LB, kubelet, kubectl-proxy - Add a DEBUG flag for more verbose output [0.0.1-1.0.17] - Don't loop forever in client, make Run() more consistent in master - Fixup LB for OCI - Add apiserver-bind-port capability [0.0.1-1.0.17] - Include apiserver_cert_extra_sans and service_cidr [0.0.1-1.0.16] - Include restoring keepalived for one and full restore - For Full Restore we need to first clean up before anything else - Clean up DR, make backup check etcd health first - Properly clean-up flannel.1 and cni0 [0.0.1-1.0.15] - DR code cleanup - Changed permission on the created dir to 0755 - Fix filename not found error [0.0.1-1.0.14] - Don't panic() - In One node restore case verify the ca.crt MD5SUM - Full DR feature - Redesign of the DR - Include file and its line number for logging - Put the binary full path - Re-arrange varibles for ssh.go - Separate etcd cli to another file (etcd.go) - Addition to kubectl cli - Check if MyIP for local node is missing/empty [0.0.1-1.0.13] - Replace binary names - Include the ability to re-try master setup [0.0.1-1.0.12] - Renamed the whole REPO to kubeadm-ha-setup - Don't print out more logs as necessary [0.0.1-1.0.12] - Enhance ssh/sftp code [0.0.1-1.0.11] - Change the storePath - Include keepalived backup and change backup.sh/restore.sh [0.0.1-1.0.10] - Continuing on the restore part - Make the script to query all KUBEDIR directory from a single file - Consolidate KUBEDIR - Make systemd related file 0644 [0.0.1-1.0.9] - Fixup the hardcoded directory as such we are reading from only limited source - Include the Docker API for restore - Initial implementation of DR [0.0.1-1.0.8] - Fixup kubeadm-setup join - systemctl enable kubelet [0.0.1-1.0.7] - Fix LoadBalancer to take care of extra steps [0.0.1-1.0.6] - Cleanup some stdout - Add token field in ha.yaml for ease of automated setup [0.0.1-1.0.5] - If Loadbalancer is preferred/used [0.0.1-1.0.4] - Remove goroutine sleep - unnecessary - Provides structure to store required files and cert files - Fix merge errors [0.0.1-1.0.3] - Create /run/kubeadm w-w/o --skip [0.0.1-1.0.2] - NoHA and LoadBalancer [0.0.1-1.0.1] - Initial build kubeadm-upgrade [0.0.1-1.0.28] -- [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [0.0.1-1.0.27] -- [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS [0.0.1-1.0.26] -- Create log folder before any log write or error exit [ orabug: 29806186 ] [0.0.1-1.0.25] -- Enforce exit on errors [0.0.1-1.0.24] -- Dashboard yaml location was moved in Kubernetes 1.12.7 [0.0.1-1.0.23] -- Detect latest kubernetes version from yum [0.0.1-1.0.22] -- Bump up 1.12.7 version for coredns fix [0.0.1-1.0.21] -- CVE-2019-9946 [0.0.1-1.0.20] -- CVE-2019-1002101 [0.0.1-1.0.19] -- Bump up 1.12.6 version [0.0.1-1.0.18] -- Upgrade from 1.9 to 1.12 fails [0.0.1-1.0.17] -- Update the Kubernetes version to include the conntrack fix [0.0.1-1.0.16] -- CVE-2019-1002100 [0.0.1-1.0.15] -- CVE-2018-1002105 [0.0.1-1.0.14] -- Fix kube version for 1.10.5 [0.0.1-1.0.13] -- Updating 1.10 and 1.11 version for CVE fixes -- Include flannel and dashboard upgrade [0.0.1-1.0.12] -- Upgrade to 1.12.5-2.1.1 [0.0.1-1.0.11] -- Upgrade to 1.12.5 [0.0.1-1.0.10] -- Add license info to the script [0.0.1-1.0.9] -- Add license file [0.0.1-1.0.8] -- Fix the bug on number of CPU checking [0.0.1-1.0.7] -- Use install instead of update for a specifc 1.12 version [0.0.1-1.0.6] -- Upgrade cluster to 1.12.3-* version only [0.0.1-1.0.5] -- Add exit handler to gather logs on failure [0.0.1-1.0.4] -- Enhance logging and check return code after kubeadm apply. Checking CPU and Memory of the system [0.0.1-1.0.3] -- Change REPO_PREFIX to use a single repo, increased timeout during cluster health check [0.0.1-1.0.2] -- Added comments and fix rpm name [0.0.1-1.0.1] - Upgrade to 1.12.3 IMPORTANT Copyright 2020 Oracle, Inc. Oracle Linux 7 [4.9.2-4.0.1.el7_7.1] - Fix [CVE-2018-14468] [Orabug: 30480183] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-14468 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.1.2] - ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036] [5.4.17-2011.1.1] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136750] {CVE-2020-11494} - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123573] {CVE-2019-19768} - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118688] - perf/x86/amd: Add support for Large Increment per Cycle Events (Kim Phillips) [Orabug: 31104924] - perf/x86/amd: Constrain Large Increment per Cycle events (Kim Phillips) [Orabug: 31104924] - kvm/svm: PKU not currently supported (John Allen) [Orabug: 31104924] - KVM: SVM: Override default MMIO mask if memory encryption is enabled (Tom Lendacky) [Orabug: 31104924] - EDAC/amd64: Drop some family checks for newer systems (Yazen Ghannam) [Orabug: 31104924] - x86/amd_nb: Add Family 19h PCI IDs (Yazen Ghannam) [Orabug: 31104924] - EDAC/mce_amd: Always load on SMCA systems (Yazen Ghannam) [Orabug: 31104924] - x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Check for memory before fully initializing an instance (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Use cached data when checking for ECC (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Save max number of controllers to family type (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Gather hardware information early (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Make struct amd64_family_type global (Yazen Ghannam) [Orabug: 31104924] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067510] {CVE-2020-9383} - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (Tom Lendacky) [Orabug: 31012269] - KVM: SVM: Serialize access to the SEV ASID bitmap (Tom Lendacky) [Orabug: 31012269] - iommu/vt-d: Allow devices with RMRRs to use identity domain (Lu Baolu) [Orabug: 31127400] [5.4.17-2011.1.0] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085989] {CVE-2020-10942} - selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc (Alan Maguire) [Orabug: 31078892] - kernel: cpu.c: fix print typo about SMT status (Mihai Carabas) [Orabug: 31053334] - nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31044292] - NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31044292] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31032126] - efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 31020408] - net: Support GRO/GSO fraglist chaining. (Steffen Klassert) [Orabug: 30670829] - net: Add fraglist GRO/GSO feature flags (Steffen Klassert) [Orabug: 30670829] - udp: Support UDP fraglist GRO/GSO. (Steffen Klassert) [Orabug: 30670829] - net: remove the check argument from __skb_gro_checksum_convert (Li RongQing) [Orabug: 30670829] - Revert 'nvme_fc: add module to ops template to allow module references' (John Donnelly) [Orabug: 31119387] - ext4: add cond_resched() to ext4_protect_reserved_inode (Shijie Luo) [Orabug: 31067112] {CVE-2020-8992} - dsa: disable module unloading for ARM64 (Allen Pais) [Orabug: 30456791] - bpf: Undo incorrect __reg_bound_offset32 handling (Daniel Borkmann) [Orabug: 31127385] {CVE-2020-8835} - bpf: Fix tnum constraints for 32-bit comparisons (Jann Horn) [Orabug: 31127385] {CVE-2020-8835} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19768 CVE-2020-10942 CVE-2020-11494 CVE-2020-8992 CVE-2020-9383 CVE-2020-8835 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.1] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503} - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056} - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346} [4.1.12-124.38.5] - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: prevent service task from running while we're suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: don't clear suspended state until we finish resuming (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: use newer generic PM support instead of legacy PM callbacks (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: use separate state bit for miscellaneous IRQ setup (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix for flow director counters not wrapping as expected (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: relax warning message in case of version mismatch (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: simplify member variable accesses (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Fix link down message when interface is brought up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Fix unqualified module message while bringing link up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} [4.1.12-124.38.4] - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208622] {CVE-2019-19532} - qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Fix mtcp dump collection failure (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Add Serdes support for ISP27XX (Joe Carnuccio) [Orabug: 30890687] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143947] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8649} {CVE-2020-8647} - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527} - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31233769] {CVE-2019-19523} [4.1.12-124.38.3] - ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address (Paolo Abeni) [Orabug: 30292825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} - vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} - vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} {CVE-2020-8648} - xfs: stop searching for free slots in an inode chunk when there are none (Carlos Maiolino) [Orabug: 31030659] - xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [Orabug: 31032831] - xfs: validate sb_logsunit is a multiple of the fs blocksize (Darrick J. Wong) [Orabug: 31034071] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104481] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} [4.1.12-124.38.2] - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770962] {CVE-2016-5244} - xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 30944736] - xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30944736] - xfs: increase the default parallelism levels of pwork clients (Junxiao Bi) [Orabug: 30944736] - xfs: decide if inode needs inactivation (Junxiao Bi) [Orabug: 30944736] - xfs: refactor the predicate part of xfs_free_eofblocks (Junxiao Bi) [Orabug: 30944736] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067516] {CVE-2020-9383} - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118691] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136753] {CVE-2020-11494} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-0144 CVE-2019-19527 CVE-2016-5244 CVE-2020-8647 CVE-2019-0140 CVE-2019-14815 CVE-2017-7346 CVE-2020-11494 CVE-2020-8649 CVE-2020-9383 CVE-2019-0139 CVE-2020-8648 CVE-2019-19056 CVE-2019-19532 CVE-2019-9503 CVE-2019-14814 CVE-2019-14816 CVE-2019-19523 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.45.1] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208623] {CVE-2019-19532} - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 31224360] {CVE-2017-7261} - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 31234676] {CVE-2019-9503} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-7261 CVE-2019-19527 CVE-2019-19532 CVE-2019-9503 Oracle Linux 7 [5.7.0-13.el7] - domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304] - qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman) - build: Fix qemu-submodule-init syntax-check issue (Wim ten Have) - libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337] - qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485} - domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757] - node_device_conf: Don't leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20485 Oracle Linux 7 [4.14.35-1902.302.2] - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] {CVE-2013-1798} - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213449] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527} - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 31198851] - net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130197] - net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong Poon) [Orabug: 31130197] - rds: Fix use-after-free in rds_ib_free_caches (Hans Westgaard Ry) [Orabug: 31200770] - include/linux/relay.h: fix percpu annotation in struct rchan (Luc Van Oostenryck) [Orabug: 31183399] {CVE-2019-19462} - uek-rpm: fix dts rpmbuild when using cross-compiler (Tom Saeger) [Orabug: 30896439] - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 30622561] {CVE-2019-19532} - net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 31191751] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143946] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8649} - crypto: ecdh - fix big endian bug in ECC library (Ard Biesheuvel) [Orabug: 31203429] - KVM: x86: fix nested guest live migration with PML (Paolo Bonzini) [Orabug: 31202733] - KVM: x86: assign two bits to track SPTE kinds (Paolo Bonzini) [Orabug: 31202733] - x86/kvm/mmu: introduce guest_mmu (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: add kvm_mmu parameter to kvm_mmu_free_roots() (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: set get_pdptr hook in kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/nVMX: allow bare VMXON state migration (Vitaly Kuznetsov) [Orabug: 31202164] - sched/fair: Prevent a division by 0 in scale_rt_capacity() (John Sobecki) [Orabug: 31124463] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123575] {CVE-2019-19768} - blktrace: fix unlocked access to init/start-stop/teardown (Jens Axboe) [Orabug: 31123575] {CVE-2019-19768} [4.14.35-1902.302.1] - xfs: revert commit c6314bc8055a (Darrick J. Wong) [Orabug: 31180825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} - vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} - vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} {CVE-2020-8648} - net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 31181100] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 31178433] - efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 30990726] - genhd: Fix use after free in __blkdev_get() (Jan Kara) [Orabug: 31161462] - blockdev: Fix livelocks on loop device (Jan Kara) [Orabug: 31161462] - net: validate untrusted gso packets without csum offload (Willem de Bruijn) [Orabug: 31161828] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136752] {CVE-2020-11494} - crypto: user - fix leaking uninitialized memory to userspace (Eric Biggers) [Orabug: 31081816] {CVE-2018-19854} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770911] {CVE-2019-19965} - dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30755059] {CVE-2019-20096} - ovl: relax WARN_ON() on rename to self (Amir Goldstein) [Orabug: 30451796] - bnx2x: Fix VF's VLAN reconfiguration in reload. (Manish Chopra) - bnx2x: Remove configured vlans as part of unload sequence. (Sudarsana Reddy Kalluru) - sch_dsmark: fix potential NULL deref in dsmark_init() (Eric Dumazet) [Orabug: 30453287] [4.14.35-1902.302.0] - mips64:uek-rpm/ol7/config-mips: Enable IP_SET configs (Vijay Kumar) [Orabug: 31123145] - IB/ipoib: Avoid race from waking up the transmission queue (Praveen Kumar Kannoju) [Orabug: 31118993] - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118690] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104480] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} - arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 31097950] - Add in-kernel X.509 certificate on mips64 (Eric Saint-Etienne) [Orabug: 31090468] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067513] {CVE-2020-9383} - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31004914] - rds: Add debugfs for inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415] - rds: Add inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415] - rds: Control the CPU (de)allocating fragments (Hans Westgaard Ry) [Orabug: 30827415] - rds: Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 30827415] - rds: Add lockfree stack routines (Hans Westgaard Ry) [Orabug: 30827415] [4.14.35-1902.301.2] - xfs: ratelimit inode flush on buffered write ENOSPC (Darrick J. Wong) [Orabug: 31056429] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14814 CVE-2019-14816 CVE-2020-8648 CVE-2020-9383 CVE-2019-14815 CVE-2013-1798 CVE-2019-19532 CVE-2020-11494 CVE-2020-8647 CVE-2019-19462 CVE-2018-19854 CVE-2019-19527 CVE-2019-19768 CVE-2020-8649 CVE-2019-20096 CVE-2019-19965 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.2.2uek] - scsi: qla2xxx: Move free of fcport out of interrupt context (Joe Carnuccio) [Orabug: 31225231] - xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31132665] - arm64: Kconfig: Enable NODES_SPAN_OTHER_NODES config for NUMA (Hoan Tran) [Orabug: 31049202] - scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Laurence Oberman) [Orabug: 31207643] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264694] [5.4.17-2011.2.1uek] - x86/mce: Restart the system when LMCE UE error occurs (Thomas Tai) [Orabug: 31218859] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11609 CVE-2020-11608 CVE-2020-11668 CVE-2020-9391 CVE-2020-8647 CVE-2020-8649 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.46.1] - ipv6: only static routes qualify for equal cost multipathing (Hannes Frederic Sowa) [Orabug: 30977687] {CVE-2013-4125} - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240296] {CVE-2019-19523} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317668] {CVE-2019-19537} - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351063] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351063] {CVE-2019-19528} - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352012] {CVE-2018-18281} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2013-4125 CVE-2018-18281 CVE-2019-19523 CVE-2019-19528 CVE-2019-19537 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.5] - Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213691] {CVE-2019-19524} - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351307] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897} - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook) [Orabug: 31352068] {CVE-2017-1000370} {CVE-2017-1000371} {CVE-2017-1000370} - NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357212] - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357212] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387466] [4.1.12-124.39.4] - acpi: disable erst (Wengang Wang) [Orabug: 31194253] - mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222292] {CVE-2019-12819} - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302708] - vxlan: dont migrate permanent fdb entries during learn (Roopa Prabhu) [Orabug: 31325318] - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351061] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351061] {CVE-2019-19528} - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352011] {CVE-2018-18281} [4.1.12-124.39.3] - Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200558] {CVE-2019-20636} - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200579] {CVE-2020-11609} - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213758] {CVE-2020-11608} - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213767] {CVE-2020-11668} - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263147] {CVE-2019-19057} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317667] {CVE-2019-19537} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11609 CVE-2017-1000370 CVE-2019-12819 CVE-2019-14897 CVE-2019-19528 CVE-2019-19537 CVE-2019-19057 CVE-2018-18281 CVE-2019-19524 CVE-2020-11668 CVE-2019-20636 CVE-2020-11608 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.322.1] - ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19532 CVE-2019-19527 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.323.1] - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240297] {CVE-2019-19523} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317669] {CVE-2019-19537} - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351064] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351064] {CVE-2019-19528} [2.6.39-400.322.1] - ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19523 CVE-2019-19528 CVE-2019-19537 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.3.2.1uek] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2 (Tony W Wang-oc) [Orabug: 31352779] {CVE-2020-0543} [5.4.17-2011.3.2uek] - USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350962] {CVE-2020-12464} - mt76: fix array overflow on receiving too many fragments for a packet (Felix Fietkau) [Orabug: 31350952] {CVE-2020-12465} - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350929] {CVE-2020-12653} - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang Liu) [Orabug: 31350910] {CVE-2020-12657} - xsk: Add missing check on user supplied headroom size (Magnus Karlsson) [Orabug: 31350732] {CVE-2020-12659} - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Qing Xu) [Orabug: 31350513] {CVE-2020-12654} - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387411] - KVM: x86: Fixes posted interrupt check for IRQs delivery modes (Suravee Suthikulpanit) [Orabug: 31316437] - Revert 'Revert 'nvme_fc: add module to ops template to allow module references'' (James Smart) [Orabug: 31377552] - uek-rpm: Move grub boot menu update to posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358097] - KVM: SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 31350455] {CVE-2020-12768} [5.4.17-2011.3.1uek] - intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Export acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Clean up acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Introduce acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Export function to claim _CST control (Rafael J. Wysocki) [Orabug: 31332120] - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302704] - KVM: x86: Revert 'KVM: X86: Fix fpu state crash in kvm guest' (Sean Christopherson) [Orabug: 31333676] - KVM: x86: Ensure guests FPU state is loaded when accessing for emulation (Sean Christopherson) [Orabug: 31333676] - KVM: x86: Handle TIF_NEED_FPU_LOAD in kvm_{load,put}_guest_fpu() (Sean Christopherson) [Orabug: 31333676] - net: dsa: Do not leave DSA master with NULL netdev_ops (Florian Fainelli) [Orabug: 30456791] - Revert 'dsa: disable module unloading for ARM64' (Allen Pais) [Orabug: 30456791] [5.4.17-2011.3.0uek] - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (Robert Milkowski) [Orabug: 31304406] - NFSv4: try lease recovery on NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 31304406] - btrfs: Dont submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265336] {CVE-2019-19377} {CVE-2019-19377} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12653 CVE-2020-12768 CVE-2020-12657 CVE-2020-12659 CVE-2020-12654 CVE-2020-12464 CVE-2019-19377 CVE-2020-0543 CVE-2020-12465 Oracle Linux 7 [4.14.35-1902.303.4.1] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} [4.14.35-1902.303.4] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147] [4.14.35-1902.303.3] - scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Maurizio Lombardi) [Orabug: 31374726] - scsi: target: remove boilerplate code (Maurizio Lombardi) [Orabug: 31374726] - KSPLICE: mips: clear the stack before going in the freezer. (Quentin Casasnovas) [Orabug: 31352999] - KSPLICE: mips: signals the freezer when were coming from the entry code. (Quentin Casasnovas) [Orabug: 31352999] - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351306] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897} - KVM: SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 31350457] {CVE-2020-12768} - Fix up usage of cfg_enable_fc4_TYPE for backport to UEK5 (Dick Kennedy) [Orabug: 31344936] - scsi: lpfc: Fix unexpected error messages during RSCN handling (James Smart) [Orabug: 31344936] - scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (James Smart) [Orabug: 31344936] - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (James Smart) [Orabug: 31344936] - scsi: lpfc: Fix discovery failures when target device connectivity bounces (James Smart) [Orabug: 31344936] - NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357279] - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357279] - slcan: not call free_netdev before rtnl_unlock in slcan_open (Oliver Hartkopp) [Orabug: 31314977] - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31314977] - can: slcan: Fix use-after-free Read in slcan_open (Jouni Hogander) [Orabug: 31314977] - slcan: Fix memory leak in error path (Jouni Hogander) [Orabug: 31314977] - uek-rpm: aarch64 make olddefconfig after inline spinlocks (Tom Saeger) [Orabug: 31314977] - config-aarch64: enable CONFIG_MPLS_IPTUNNEL and CONFIG_BPF_JIT_ALWAYS_ON (Thomas Tai) [Orabug: 31314977] - config-aarch64: enable ISCSI_IBFT (Thomas Tai) [Orabug: 31314977] - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND (Thomas Tai) [Orabug: 31314977] - config-aarch64: change CONFIG_HZ and CONFIG_FRAME_WARN (Thomas Tai) [Orabug: 31314977] - iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Prevent any devices access to memory without registration (Zhen Lei) [Orabug: 31314977] - iommu/arm-smmu-v3: Disable default event queue logging (Rick Farrington) [Orabug: 31314977] - iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons (Geetha sowjanya) [Orabug: 31314977] - iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU (Linu Cherian) [Orabug: 31314977] - iommu/arm-smmu-v3: Use burst-polling for sync completion (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Consolidate identical timeouts (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Split arm_smmu_cmdq_issue_sync in half (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Use CMD_SYNC completion MSI (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Forget about cmdq-sync interrupt (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Specialise CMD_SYNC handling (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Correct COHACC override message (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Avoid ILLEGAL setting of STE.S1STALLD and CD.S (Yisheng Xie) [Orabug: 31314977] - iommu/arm-smmu-v3: Ensure we sync STE when only changing config field (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu: Remove ACPICA workarounds (Robin Murphy) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Disable default event queue logging' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Prevent any devices access to memory without registration' (Eric Snowberg) [Orabug: 31314977] - lib/list_sort: optimize number of calls to comparison function (George Spelvin) [Orabug: 31314977] - lib/list_sort: simplify and remove MAX_LIST_LENGTH_BITS (George Spelvin) [Orabug: 31314977] - lib/sort: avoid indirect calls to built-in swap (George Spelvin) [Orabug: 31314977] - lib/sort: use more efficient bottom-up heapsort variant (George Spelvin) [Orabug: 31314977] - lib/sort: make swap functions more generic (George Spelvin) [Orabug: 31314977] - KVM: arm/arm64: Only skip MMIO insn once (Andrew Jones) [Orabug: 31314977] - arm64: topology: divorce MC scheduling domain from core_siblings (Jeremy Linton) [Orabug: 31314977] - ACPI: Add PPTT to injectable table list (Jeremy Linton) [Orabug: 31314977] - arm64: topology: enable ACPI/PPTT based CPU topology (Jeremy Linton) [Orabug: 31314977] - arm64: topology: rename cluster_id (Jeremy Linton) [Orabug: 31314977] - drivers: base cacheinfo: Add support for ACPI based firmware tables (Jeremy Linton) [Orabug: 31314977] - ACPI: Enable PPTT support on ARM64 (Jeremy Linton) [Orabug: 31314977] - ACPI/PPTT: Add Processor Properties Topology Table parsing (Jeremy Linton) [Orabug: 31314977] - arm64/acpi: Create arch specific cpu to acpi id helper (Jeremy Linton) [Orabug: 31314977] - cacheinfo: rename of_node to fw_token (Jeremy Linton) [Orabug: 31314977] - drivers: base: cacheinfo: setup DT cache properties early (Jeremy Linton) [Orabug: 31314977] - drivers: base: cacheinfo: move cache_setup_of_node() (Jeremy Linton) [Orabug: 31314977] - ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA (Suman Tripathi) [Orabug: 31314977] - arm64: locking: Replace ticket lock implementation with qspinlock (Will Deacon) [Orabug: 31314977] - arm64: kconfig: Ensure spinlock fastpaths are inlined if !PREEMPT (Will Deacon) [Orabug: 31314977] - arm64: barrier: Implement smp_cond_load_relaxed (Will Deacon) [Orabug: 31314977] - PM / core: fix deferred probe breaking suspend resume order (Feng Kan) [Orabug: 31314977] - netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 31351445] - RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31127373] - uek-rpm: Move grub boot menu update to posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358100] [4.14.35-1902.303.2] - KVM: x86: degrade WARN to pr_warn_ratelimited (Paolo Bonzini) [Orabug: 31333678] - kvm: x86/vmx: Use kzalloc for cached_vmcs12 (Tom Roeder) [Orabug: 31333678] - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (Liran Alon) [Orabug: 31333678] - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (Navid Emamdoost) [Orabug: 31301340] {CVE-2019-19045} - mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222291] {CVE-2019-12819} - scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 31331073] - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Himanshu Madhani) [Orabug: 31331073] - nvme: Fix device removal of qla2xxx.ko causing sysfs_warn_dup() warning. (John Donnelly) [Orabug: 31322530] - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317666] {CVE-2019-19537} - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302707] - ocfs2: fix panic due to ocfs2_wq is null (Yi Li) [Orabug: 31117439] - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (Yang Shi) [Orabug: 30969300] - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (Robert Milkowski) [Orabug: 30594625] - NFSv4: try lease recovery on NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 30594625] - KVM: x86: clear SMM flags before loading state while leaving SMM (Sean Christopherson) [Orabug: 31317296] - KVM: x86: Open code kvm_set_hflags (Sean Christopherson) [Orabug: 31317296] - KVM: x86: Load SMRAM in a single shot when leaving SMM (Sean Christopherson) [Orabug: 31317296] - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: unregister ports after GPN_FT failure (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: dont use zero for FC4_PRIORITY_NVME (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: initialize fc4_type_priority (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: Fix a dma_pool_free() call (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove an include directive (Bart Van Assche) [Orabug: 30846292] - qla2xxx: Update driver version to 10.01.00.21.76.2-k (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix device connect issues in P2P configuration (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix SRB leak on switch command timeout (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Improve logging for scan thread (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Set remove flag for all VP (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Dual FCP-NVMe target port support (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: remove redundant assignment to pointer host (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: fix NPIV tear down process (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: Fix partial flash write of MBI (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (Daniel Wagner) [Orabug: 30846292] - scsi: qla2xxx: Fix Nport ID display value (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix N2N link up fail (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix N2N link reset (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Optimize NPIV tear down process (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix stale mem access on driver unload (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Silence fwdump template message (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix stale session (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix stuck login session (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix driver reload for ISP82xx (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix flash read for Qlogic ISPs (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: Fix a recently introduced kernel warning (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: cleanup trace buffer initialization (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: Fix a NULL pointer dereference (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove two superfluous if-tests (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Report invalid mailbox status codes (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove superfluous sts_entry_* casts (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make sure that aborted commands are freed (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Check secondary image if reading the primary image fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if a soft reset fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Check the PCI info string output buffer size (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if waiting for pending commands times out (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify a debug statement (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove dead code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if parsing the version string fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if a mailbox command times out (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use strlcpy() instead of strncpy() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove two superfluous tests (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a superfluous pointer check (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qlt_lport_dump() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Reduce the number of casts in GID list code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Verify locking assumptions at runtime (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change data_dsd into an array (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a superfluous forward declaration (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove an include directive from qla_mr.c (Bart Van Assche) [Orabug: 30846292] header file from qla_dsd.h (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use tabs instead of spaces for indentation (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Improve Linux kernel coding style conformance (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix hang in fcport delete path (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (Andrew Vasquez) [Orabug: 30846292] - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Correct error handling during initialization failures (Andrew Vasquez) [Orabug: 30846292] - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix premature timer expiration (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Skip FW dump on LOOP initialization error (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Use Correct index for Q-Pair array (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (Chuhong Yuan) [Orabug: 30846292] - scsi: qla2xxx: Remove unnecessary null check (YueHaibing) [Orabug: 30846292] - qla2xxx: remove SGI SN2 support (Christoph Hellwig) [Orabug: 30846292] - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (Bill Kuzeja) [Orabug: 30846292] - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: on session delete, return nvme cmd (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (Enzo Matsumiya) [Orabug: 30846292] - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Add cleanup for PCI EEH recovery (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix hardirq-unsafe locking (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain loudly about reference count underflow (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Check the size of firmware data structures at compile time (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Pass little-endian values to the firmware (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 30846292] - qla2xxx: Fix DMA Buffer free for DIF Bundling (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove unnecessary locking from the target code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove qla_tgt_cmd.released (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: target: Fix offline port handling and host reset handling (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Log the status code if a firmware command fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Uninline qla2x00_init_timer() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a set-but-not-used variable (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Update two source code comments (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Silence Successful ELS IOCB message (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix device staying in blocked state (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove two superfluous casts (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (Bart Van Assche) [Orabug: 30846292] include directive (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move the port_state_str[] definition from a .h to a .c file (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Insert spaces where required (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix formatting of pointer types (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Leave a blank line after declarations (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use tabs to indent code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix FC-AL connection target discovery (Quinn Tran) [Orabug: 30846292] - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (Hannes Reinecke) [Orabug: 30846292] - scsi: tcm_qla2xxx: Minimize #include directives (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use get/put_unaligned where appropriate (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Reduce the number of forward declarations (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare local symbols static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: Remove useless set memory to zero use memset() (YueHaibing) [Orabug: 30846292] - scsi: qla2xxx: Set remote port devloss timeout to 0 (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (Anil Gurumurthy) [Orabug: 30846292] - scsi: qla2xxx: Cleanup fcport memory to prevent leak (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix fw dump corruption (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Further limit FLASH region write access from SysFS (Andrew Vasquez) [Orabug: 30846292] - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Set the SCSI command result before calling the command done (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Simplify conditional check again (Nathan Chancellor) [Orabug: 30846292] - scsi: qla2xxx: Fix a small typo in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] - qla2xxx: Add 64GBIT Portspeed for Gen7 adapter (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Secure flash update support for ISP28XX (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Correction and improvement to fwdt processing (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Update flash read/write routine (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add support for multiple fwdump templates/segments (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Correctly report max/min supported speeds (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add Serdes support for ISP28XX (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add Device ID for ISP28XX (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Remove FW default template (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add fw_attr and port_no SysFS node (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: check for kstrtol() failure (Dan Carpenter) [Orabug: 30846292] - scsi: qla2xxx: avoid printf format warning (Arnd Bergmann) [Orabug: 30846292] - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Bill Kuzeja) [Orabug: 30846292] - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Add new FW dump template entry types (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Move marker request behind QPair (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Prevent SysFS access when chip is down (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Add support for setting port speed (Anil Gurumurthy) [Orabug: 30846292] - scsi: qla2xxx: Prevent multiple ADISC commands per session (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Check for FW started flag before aborting (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix unload when NVMe devices are configured (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (Darren Trapp) [Orabug: 30846292] - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: remove redundant null check on pointer sess (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: Move debug messages before sending srb preventing panic (Bill Kuzeja) [Orabug: 30846292] - scsi: qla2xxx: Add mode control for each physical port (Quinn Tran) [Orabug: 30846292] [4.14.35-1902.303.1] - uek-rpm/ol7/config-mips64: Enable EDAC configs (Vijay Kumar) [Orabug: 31255403] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263146] {CVE-2019-19057} - loop: set PF_MEMALLOC_NOIO for the worker thread (Mikulas Patocka) [Orabug: 31292386] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246301] {CVE-2019-19056} - MIPS: Add configs for audit (Vijay Kumar) [Orabug: 31245225] - MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 31245225] - media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224553] {CVE-2019-15505} - Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213690] {CVE-2019-19524} - Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200557] {CVE-2019-20636} - fm10k: update driver version to match out-of-tree (Jacob Keller) [Orabug: 31268827] - fm10k: add support for ndo_get_vf_stats operation (Jacob Keller) [Orabug: 31268827] - fm10k: add missing field initializers to TLV attributes) (Jacob Keller) [Orabug: 31268827] - fm10k: use a local variable for the frag pointer (Jacob Keller) [Orabug: 31268827] - fm10k: no need to check return value of debugfs_create functions (Greg Kroah-Hartman) [Orabug: 31268827] - fm10k: fix fm10k_get_fault_pf to read correct address (Jacob Keller) [Orabug: 31268827] - fm10k: convert NON_Q_VECTORS(hw) into NON_Q_VECTORS (Jacob Keller) [Orabug: 31268827] - fm10k: mark unused parameters with __always_unused (Jacob Keller) [Orabug: 31268827] - fm10k: cast page_addr to u8 * when incrementing it (Jacob Keller) [Orabug: 31268827] - fm10k: explicitly return 0 on success path in function (Jacob Keller) [Orabug: 31268827] - fm10k: remove needless initialization of size local variable (Jacob Keller) [Orabug: 31268827] - fm10k: remove needless assignment of err local variable (Jacob Keller) [Orabug: 31268827] - fm10k: remove unnecessary variable initializer (Jacob Keller) [Orabug: 31268827] - fm10k: reduce scope of the ring variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the result local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the local msg variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the local i variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the err variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the tx_buffer variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the q_idx local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of local err variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of qv local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce scope of *p local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce scope of the err variable (Jacob Keller) [Orabug: 31268827] - fm10k: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 31268827] - fm10k: use struct_size() in kzalloc() (Gustavo A. R. Silva) [Orabug: 31268827] - fm10k: TRIVIAL cleanup of extra spacing in function comment (Jacob Keller) [Orabug: 31268827] - fm10k: bump driver version to match out-of-tree release (Jacob Keller) [Orabug: 31268827] - fm10k: add missing device IDs to the upstream driver (Jacob Keller) [Orabug: 31268827] - fm10k: fix SM mailbox full condition (Ngai-Mint Kwan) [Orabug: 31268827] - Documentation: fm10k: Add kernel documentation (Jeff Kirsher) [Orabug: 31268827] - fm10k: remove ndo_poll_controller (Eric Dumazet) [Orabug: 31268827] - fm10k: dont protect fm10k_queue_mac_request by fm10k_host_mbx_ready (Jacob Keller) [Orabug: 31268827] - fm10k: warn if the stat size is unknown (Jacob Keller) [Orabug: 31268827] - fm10k: use macro to avoid passing the array and size separately (Jacob Keller) [Orabug: 31268827] - fm10k: use variadic arguments to fm10k_add_stat_strings (Jacob Keller) [Orabug: 31268827] - fm10k: reduce duplicate fm10k_stat macro code (Jacob Keller) [Orabug: 31268827] - fm10k: setup VLANs for l2 accelerated macvlan interfaces (Jacob Keller) [Orabug: 31268827] - fm10k: Report PCIe link properties with pcie_print_link_status() (Bjorn Helgaas) [Orabug: 31268827] - fm10k: bump version number (Jacob Keller) [Orabug: 31268827] - fm10k: fix incorrect warning for function prototype (Jacob Keller) [Orabug: 31268827] - fm10k: fix function doxygen comments (Jacob Keller) [Orabug: 31268827] - fm10k: clarify action when updating the VLAN table (Ngai-Mint Kwan) [Orabug: 31268827] - fm10k: correct typo in fm10k_pf.c (Ngai-Mint Kwan) [Orabug: 31268827] - fm10k: dont assume VLAN 1 is enabled (Jacob Keller) [Orabug: 31268827] - fm10k: stop adding VLAN 0 to the VLAN table (Jacob Keller) [Orabug: 31268827] - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (Jacob Keller) [Orabug: 31268827] - fm10k: Fix configuration for macvlan offload (Alexander Duyck) [Orabug: 31268827] - fm10k: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 31268827] - fm10k: prefer %s and __func__ for diagnostic prints (Jacob Keller) [Orabug: 31268827] - fm10k: Fix misuse of net_ratelimit() (Joe Perches) [Orabug: 31268827] - fm10k: bump version number (Jacob Keller) [Orabug: 31268827] - fm10k: use the MAC/VLAN queue for VF<->PF MAC/VLAN requests (Jacob Keller) [Orabug: 31268827] - fm10k: introduce a message queue for MAC/VLAN messages (Jacob Keller) [Orabug: 31268827] - fm10k: use generic PM hooks instead of legacy PCIe power hooks (Jacob Keller) [Orabug: 31268827] - fm10k: use spinlock to implement mailbox lock (Jacob Keller) [Orabug: 31268827] - fm10k: prepare_for_reset() when we lose PCIe Link (Jacob Keller) [Orabug: 31268827] - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (Jacob Keller) [Orabug: 31268827] - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (Jacob Keller) [Orabug: 31268827] - fm10k: avoid divide by zero in rare cases when device is resetting (Jacob Keller) [Orabug: 31268827] - fm10k: dont loop while resetting VFs due to VFLR event (Jacob Keller) [Orabug: 31268827] - fm10k: simplify reading PFVFLRE register (Jacob Keller) [Orabug: 31268827] - fm10k: avoid needless delay when loading driver (Jacob Keller) [Orabug: 31268827] - fm10k: add missing fall through comment (Jacob Keller) [Orabug: 31268827] - fm10k: avoid possible truncation of q_vector->name (Jacob Keller) [Orabug: 31268827] - fm10k: fix typos on fall through comments (Jacob Keller) [Orabug: 31268827] - fm10k: stop spurious link down messages when Tx FIFO is full (Jacob Keller) [Orabug: 31268827] - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (Markus Elfring) [Orabug: 31268827] - fm10k: reschedule service event if we stall the PF<->SM mailbox (Jacob Keller) [Orabug: 31268827] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264701] [4.14.35-1902.303.0] - uek-rpm/ol7/config-mips64-embedded: Firewalld reports error and warnings for missing config (Vijay Kumar) [Orabug: 31239302] - brcmfmac: add subtype check for event handling in data path (Arend van Spriel) [Orabug: 31234675] {CVE-2019-9503} - mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 31233810] - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Navid Emamdoost) [Orabug: 31233656] {CVE-2019-19058} - SUNRPC: Allow soft RPC calls to time out when waiting for the XPRT_LOCK (Trond Myklebust) [Orabug: 31226553] - SUNRPC: Turn off throttling of RPC slots for TCP sockets (Trond Myklebust) [Orabug: 31226553] - NFSv4.1: Avoid false retries when RPC calls are interrupted (Trond Myklebust) [Orabug: 31226553] - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (Andrea Arcangeli) [Orabug: 31222107] {CVE-2019-11599} - ext4: add more paranoia checking in ext4_expand_extra_isize handling (Theodore Tso) [Orabug: 31218807] {CVE-2019-19767} - ext4: fix use-after-free race with debug_want_extra_isize (Barret Rhoden) [Orabug: 31218807] {CVE-2019-19767} - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213766] {CVE-2020-11668} - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213757] {CVE-2020-11608} - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200578] {CVE-2020-11609} - net/flow_dissector: switch to siphash (Eric Dumazet) [Orabug: 30872863] {CVE-2019-18282} - brcmfmac: assure SSID length from firmware is limited (Arend van Spriel) [Orabug: 30872843] {CVE-2019-9500} - xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31056429] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18282 CVE-2019-9503 CVE-2020-0543 CVE-2019-19057 CVE-2020-11609 CVE-2020-11668 CVE-2019-9500 CVE-2019-12819 CVE-2019-14897 CVE-2019-19045 CVE-2019-14896 CVE-2019-19056 CVE-2019-19524 CVE-2019-19537 CVE-2019-19767 CVE-2019-20636 CVE-2020-12768 CVE-2019-11599 CVE-2019-15505 CVE-2019-19058 Oracle Linux 7 [5.7.0-15.el7] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el7] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12430 Oracle Linux 7 [5.7.0-15.el7] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el7] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12430 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.5.1] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352782] {CVE-2020-054 3} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352782] {CVE- 2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31352782] {CVE-2020-0543} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 Oracle Linux 8 [0.10.4-6.0.1.el8_2.1] - Replace HAM-logo.png with a generic one [0.10.4-6.el8_2.1] - Fixed running pcs status on remote nodes - Fixed ruby daemon closing connection after 30s - Fixed inability to create colocation constraint in webUI - Updated bundled rubygem-json - Resolves: rhbz#1832914 rhbz#1838084 rhbz#1840154 rhbz#1840158 [0.10.4-6] - Fixed communication between python and ruby daemons - Resolves: rhbz#1783106 [0.10.4-5] - Fixed link to sbd man page from doc - Fixed safe-disabling clones, groups, bundles - Fixed sinatra wrapper performance issue - Fixed detecting fence history support - Fixed cookie options - Updated hint for 'resource create ... master' - Updated gating tests execution, smoke tests run from upstream sources - Resolves: rhbz#1750427 rhbz#1781303 rhbz#1783106 rhbz#1793574 [0.10.4-4] - Fix testsuite for pacemaker-2.0.3-4 - Resolves: rhbz#1792946 [0.10.4-3] - Added basic resource views in new webUI IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10663 Oracle Linux 7 kubernetes [1.12.10-1.0.12] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubeadm-ha-setup [0.0.2-1.0.70] - Enhance image tag read to depend on kubeadm-registry.sh for CVE release CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubernetes-cni [0.7.1-1.0.1] - Added Oracle specific build files for Kubernetes CNI kubernetes-cni-plugins [0.8.6-1.0.1] - Added Oracle specific build files for Kubernetes CNI Plugins IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8555 CVE-2020-10749 Oracle Linux 7 grafana [%{}-1.0.1] - Added Oracle Specific Build Files for grafana kubernetes-cni [0.7.1-1.0.1] - Added Oracle specific build files for Kubernetes CNI kubernetes-cni-plugins [0.8.6-1.0.1] - Added Oracle specific build files for Kubernetes CNI Plugins kubernetes [1.14.9-1.0.4] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager [1.14.9-1.0.3] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.14.9-1.0.2] - Use bounded crio version [1.14.9-1.0.1] - Added Oracle specific build files for Kubernetes kubernetes [1.17.6-1.0.2.el7] - Update to kubernetes-cni for CVE-2020-10749 [1.17.6-1.0.2.el7] - Added Oracle specific build files for Kubernetes olcne [1.1.1-1] - Update Istio to use Grafana 6.7.4 to address CVE-2020-13379 - Kubernetes update due to CVE-2020-10749 and CVE-2020-8555 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13379 CVE-2020-8555 CVE-2020-10749 Oracle Linux 7 kubernetes-cni-plugins [0.8.6-1.0.1] - Added Oracle specific build files for Kubernetes CNI Plugins kubernetes-cni [0.7.1-1.0.1] - Added Oracle specific build files for Kubernetes CNI kubernetes [1.14.9-1.0.4] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager [1.14.9-1.0.3] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.14.9-1.0.2] - Use bounded crio version [1.14.9-1.0.1] - Added Oracle specific build files for Kubernetes olcne [1.0.4-1] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8555 CVE-2020-10749 Oracle Linux 7 docker-engine [19.03.11-1.0.0] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] docker-cli [19.03.11-1.0.0] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13401 Oracle Linux 7 [4.14.35-1902.303.5.3] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202] - Revert rds: Do not cancel RDMAs that have been posted to the HCA (Gerd Rausch) [Orabug: 31475329] - Revert rds: Introduce rds_conn_to_path helper (Gerd Rausch) [Orabug: 31475329] - Revert rds: Three cancel fixes (Gerd Rausch) [Orabug: 31475318] [4.14.35-1902.303.5.2] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] [4.14.35-1902.303.5.1] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} [4.14.35-1902.303.5] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 Oracle Linux 7 docker-cli [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch docker-engine [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13401 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.40.6] - ipv4: ipv4_default_advmss() should use route mtu (Eric Dumazet) [Orabug: 31563095] - net: ipv4: Refine the ipv4_default_advmss (Gao Feng) [Orabug: 31563095] [4.1.12-124.40.5] - Revert 'bnxt_en: Remove busy poll logic in the driver.' (Brian Maly) [Orabug: 28151475] - md: batch flush requests. (NeilBrown) [Orabug: 31332821] - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351891] {CVE-2019-15214} - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538} - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538} - atomic_open(): fix the handling of create_error (Al Viro) [Orabug: 31493395] [4.1.12-124.40.4] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351119] {CVE-2019-19533} - NFS: Fix a performance regression in readdir (Trond Myklebust) [Orabug: 31409061] [4.1.12-124.40.3] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31475612] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612] {CVE-2020-0543} [4.1.12-124.40.2] - MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong Duan) [Orabug: 30000521] - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351141] {CVE-2019-19534} - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351250] {CVE-2019-19536} - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876] [4.1.12-124.40.1] - iscsi_target: fix mismatch spinlock unlock (Junxiao Bi) [Orabug: 31202372] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19533 CVE-2019-19536 CVE-2017-16538 CVE-2019-15214 CVE-2019-19534 CVE-2020-0543 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.47.1] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351121] {CVE-2019-19533} - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351143] {CVE-2019-19534} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351893] {CVE-2019-15214} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19534 CVE-2019-19533 CVE-2019-15214 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.324.1] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351122] {CVE-2019-19533} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351895] {CVE-2019-15214} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19533 CVE-2019-15214 Oracle Linux 7 [4.14.35-1902.304.6] - bpf: fix sanitation rewrite in case of non-pointers (Daniel Borkmann) [Orabug: 31552243] [4.14.35-1902.304.5] - acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493187] - selftests/bpf: do not run test_kmod.sh for UEK5 (Alan Maguire) [Orabug: 31540213] - bpf: do not allow root to mangle valid pointers (Alexei Starovoitov) [Orabug: 31540213] - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515075] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515075] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515075] - p54usb: Fix race between disconnect and firmware loading (Alan Stern) [Orabug: 31351863] {CVE-2019-15220} - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351671] {CVE-2019-19054} - mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452398] {CVE-2020-10757} {CVE-2020-10757} - tcp: implement coalescing on backlog queue (Eric Dumazet) [Orabug: 31517079] - tcp: drop dst in tcp_add_backlog() (Eric Dumazet) [Orabug: 31517079] - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (Daniel Borkmann) [Orabug: 31517079] [4.14.35-1902.304.4] - rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504054] - cpu/hotplug: Fix 'SMT disabled by BIOS' detection for KVM (Josh Poimboeuf) [Orabug: 31421904] - RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483289] - RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483289] - net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 31501438] - scsi: mpt3sas: Introduce module parameter to override queue depth (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Fix memset() in non-RDPQ mode (Suganath Prabu S) [Orabug: 31486216] - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (Suganath Prabu S) [Orabug: 31486216] (Samuel Zou) [Orabug: 31486216] - scsi: mpt3sas: Fix double free warnings (Suganath Prabu S) [Orabug: 31486216] - scsi: mpt3sas: Disable DIF when prot_mask set to zero (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Capture IOC data for debugging purposes (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (Jason Yan) [Orabug: 31486216] - scsi: mpt3sas: Remove NULL check before freeing function (Jason Yan) [Orabug: 31486216] - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Separate out RDPQ allocation to new function (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Rename function name is_MSB_are_same (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Don't change the DMA coherent mask after allocations (Christoph Hellwig) [Orabug: 31486216] - scsi: mpt3sas: use true,false for bool variables (Jason Yan) [Orabug: 31486216] - scsi: mpt3sas: Update drive version to 33.100.00.00 (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Remove usage of device_busy counter (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Print function name in which cmd timed out (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Optimize mpt3sas driver logging (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: print in which path firmware fault occurred (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Handle CoreDump state from watchdog thread (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Add support IOCs new state named COREDUMP (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: renamed _base_after_reset_handler function (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Add support for NVMe shutdown (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Update MPI Headers to v02.00.57 (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Fix double free in attach error handling (Dan Carpenter) [Orabug: 31486216] - scsi: mpt3sas: change allocation option (Tomas Henzl) [Orabug: 31486216] - KVM: VMX: check descriptor table exits on instruction emulation (Oliver Upton) [Orabug: 31397358] [4.14.35-1902.304.3] - rebuild bumping release [4.14.35-1902.304.2] - bpf: fix sanitation of alu op with pointer / scalar type from different paths (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: prevent out of bounds speculation on pointer arithmetic (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: restrict unknown scalars of mixed signed bounds for unprivileged (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: move {prev_,}insn_idx into verifier env (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: reduce verifier memory consumption (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308} - bpf: Prevent memory disambiguation attack (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308} - Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31476562] - Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31476562] - Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31476551] - scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Chandrakanth Patil) [Orabug: 31481643] - scsi: megaraid_sas: TM command refire leads to controller firmware crash (Sumit Saxena) [Orabug: 31481643] - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Shivasharan S) [Orabug: 31481643] - scsi: megaraid_sas: Remove IO buffer hole detection logic (Sumit Saxena) [Orabug: 31481643] - scsi: megaraid_sas: Limit device queue depth to controller queue depth (Kashyap Desai) [Orabug: 31481643] - scsi: megaraid: make two symbols static in megaraid_sas_base.c (Jason Yan) [Orabug: 31481643] - scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Jason Yan) [Orabug: 31481643] - scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31481643] - scsi: megaraid_sas: silence a warning (Tomas Henzl) [Orabug: 31481643] - scsi: megaraid_sas: fix indentation issue (Colin Ian King) [Orabug: 31481643] - scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Hannes Reinecke) [Orabug: 31481643] - scsi: megaraid_sas: Update driver version to 07.713.01.00-rc1 (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Set no_write_same only for Virtual Disk (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Make poll_aen_lock static (YueHaibing) [Orabug: 31481643] - scsi: megaraid_sas: remove unused variables 'debugBlk','fusion' (zhengbin) [Orabug: 31481643] - scsi: megaraid_sas: Unique names for MSI-X vectors (Chandrakanth Patil) [Orabug: 31481643] - scsi: megaraid_sas: Make some functions static (YueHaibing) [Orabug: 31481643] - scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Colin Ian King) [Orabug: 31481643] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351117] {CVE-2019-19533} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214} - ALSA: info: Fix racy addition/deletion of nodes (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214} - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31441472] - uek-rpm: disable CONFIG_IP_PNP (Anjali Kulkarni) [Orabug: 31454846] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 31439190] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351139] {CVE-2019-19534} - uek-rpm: use expand macro with kernel_reqprovconf (Dave Kleikamp) [Orabug: 31454052] - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351248] {CVE-2019-19536} - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31410596] - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31245660] - netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350492] {CVE-2020-10711} - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Qing Xu) [Orabug: 31350516] {CVE-2020-12654} - scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350698] {CVE-2020-12770} - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang Liu) [Orabug: 31350912] {CVE-2020-12657} - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350931] {CVE-2020-12653} - USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350965] {CVE-2020-12464} [4.14.35-1902.304.1] - xfs: add agf freeblocks verify in xfs_agf_verify (Zheng Bin) [Orabug: 31350922] {CVE-2020-12655} - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31396425] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31396425] - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846} - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846} {CVE-2019-3846} - bnxt_en: Fix accumulation of bp->net_stats_prev. (Vijayendra Suman) [Orabug: 31390689] - nfs: initiate returning delegation when reclaiming one that's been recalled (Jeff Layton) [Orabug: 31378792] - NFS: More excessive attribute revalidation in nfs_execute_ok() (Trond Myklebust) [Orabug: 31378792] - uek-rpm: Add support for building a kdump kernel on MIPS64 (Dave Kleikamp) [Orabug: 31373682] - uek-rpm: Add config-mips64-embedded-kdump (Henry Willard) [Orabug: 31373682] - uek-rpm: Don't build kernel-uek-tools or perf packages for mips64 (Dave Kleikamp) [Orabug: 31373682] - scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350940] {CVE-2020-12652} - ptp: fix the race between the release of ptp_clock and cdev (Vladis Dronov) [Orabug: 31350706] {CVE-2020-10690} - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31359419] [4.14.35-1902.304.0] - mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 31388199] - uek-rpm/ol7/config-mips64: Disable IRQSOFF_TRACER (Henry Willard) [Orabug: 31386710] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31249146] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19534 CVE-2019-19533 CVE-2020-10690 CVE-2020-10711 CVE-2019-3846 CVE-2019-19536 CVE-2019-7308 CVE-2019-15214 CVE-2019-15220 CVE-2019-19054 CVE-2020-0543 CVE-2020-12464 CVE-2020-12652 CVE-2020-12655 CVE-2020-10757 CVE-2020-12653 CVE-2020-12654 CVE-2020-12657 CVE-2020-12770 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.4.4uek] - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (Sean Christopherson) [Orabug: 31536904] [5.4.17-2011.4.3uek] - NFS: replace cross device check in copy_file_range (Olga Kornievskaia) [Orabug: 31507615] - rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504052] - perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Jean-Philippe Brucker) [Orabug: 31422283] - perf/smmuv3: use devm_platform_ioremap_resource() to simplify code (YueHaibing) [Orabug: 31422283] - ACPI/IORT: Fix PMCG node single ID mapping handling (Tuan Phan) [Orabug: 31422283] - uek-rpm: Increase CONFIG_NODES_SHIFT from 2 to 3 (Dave Kleikamp) [Orabug: 31422283] - perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 31422283] - uek-rpm: update aarch64 configs for Ampere eMAG2 (Dave Kleikamp) [Orabug: 31422283] - perf: arm_dmc620: Update ACPI ID. (Tuan Phan) [Orabug: 31422283] - perf: arm_dsu: Support ACPI mode. (Tuan Phan) [Orabug: 31422283] - perf: arm_dsu: Allow IRQ to be shared among devices. (Tuan Phan) [Orabug: 31422283] - perf: arm_cmn: improve and make it work on 2P. (Tuan Phan) [Orabug: 31422283] - Perf: arm-cmn: Allow irq to be shared. (Tuan Phan) [Orabug: 31422283] - BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 31422283] - BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 31422283] - BACKPORT: mm/memory-failure: Add memory_failure_queue_kick() (James Morse) [Orabug: 31422283] - perf: Add ARM DMC-620 PMU driver. (Tuan Phan) [Orabug: 31422283] - BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Robin Murphy) [Orabug: 31422283] - BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 31422283] - BACKPORT: perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 31422283] - net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 30984983] - mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452396] {CVE-2020-10757} {CVE-2020-10757} [5.4.17-2011.4.2uek] - UEK6 compiler warning for /net/rds/ib.c (Sharath Srinivasan) [Orabug: 31489529] - UEK6 compiler warning for /net/rds/send.c (Sharath Srinivasan) [Orabug: 31489529] - Fix up two build warnings in the UEK6 GA tree (Jack Vogel) [Orabug: 31489333] - drivers/scsi/scsi_scan.c Fix the compiler warning. (Sudhakar Panneerselvam) [Orabug: 31489322] - x86/retpoline: Fix retpoline unwind (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Change {JMP,CALL}_NOSPEC argument (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Simplify retpoline declaration (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/speculation: Change STUFF_RSB to work with objtool (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/unwind: Introduce UNWIND_HINT_EMPTY_ASM (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Add support for intra-function calls (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove INSN_STACK (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Make handle_insn_ops() unconditional (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Rework allocating stack_ops on decode (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: UNWIND_HINT_RET_OFFSET should not check registers (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: is_fentry_call() crashes if call has no destination (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Uniquely identify alternative instruction groups (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove check preventing branches within alternative (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] - objtool: Introduce HINT_RET_OFFSET (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Support multiple stack_op per instruction (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] } IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 CVE-2020-10757 CVE-2020-10711 CVE-2020-12655 CVE-2020-12770 CVE-2019-19769 Oracle Linux 7 kernel-uek-container [4.14.35-1902.303.5.3.el7] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202] - Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318] [4.14.35-1902.303.5.2.el7] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] [4.14.35-1902.303.5.1.el7] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} [4.14.35-1902.303.5.el7] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379] [4.14.35-1902.303.4.el7] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] kata-image [1.7.3-1.0.5.1] - Address Kata CVE 2023 kata-runtime [1.7.3-1.0.5] - Address Kata CVE-2020-2023 - Address Kata CVE-2020-2024 - Address Kata CVE-2020-2025 - Address Kata CVE-2020-2026 kata [1.7.3-1.0.7] - Address CVE-2020-2023 - Address CVE-2020-2024 - Address CVE-2020-2025 - Address CVE-2020-2026 kubernetes [1.14.9-1.0.6] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts [1.14.9-1.0.5] - Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026 kubernetes [1.17.9-1.0.1.el7] - Added Oracle specific build files for Kubernetes istio [1.4.10-1.0.1] - CVE-2020-15104: Incorrect validation of wildcard DNS Subject Alternative Names [1.4.10-1.0.0] - Added Oracle Specific Build Files for istio/istio olcne [1.1.2-6] - Include kata-runtime in the default template [1.1.2-5] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts [1.1.2-4] - Update arguments added for istio module. [1.1.2-3] - Ensure Istio sidecar injector uses valid executable [1.1.2-2] - Update Kubernetes to use Kata 1.7.3-1.0.7 to address CVE-2020-2023 thru CVE-2020-2026 [1.1.2-1] - Added istio-1.4.10 charts and updated istio.yaml to use istio-1.4.10 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1764 CVE-2020-15104 CVE-2020-10739 CVE-2020-2024 CVE-2020-8557 CVE-2020-2025 CVE-2020-2026 CVE-2020-11080 CVE-2020-8559 Oracle Linux 7 kernel-uek-container [4.14.35-1902.303.5.3.el7] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202] - Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318] [4.14.35-1902.303.5.2.el7] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] [4.14.35-1902.303.5.1.el7] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} [4.14.35-1902.303.5.el7] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379] [4.14.35-1902.303.4.el7] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147] kata-image [1.7.3-1.0.5.1] - Address Kata CVE 2023 kata-runtime [1.7.3-1.0.5] - Address Kata CVE-2020-2023 - Address Kata CVE-2020-2024 - Address Kata CVE-2020-2025 - Address Kata CVE-2020-2026 kata [1.7.3-1.0.7] - Address CVE-2020-2023 - Address CVE-2020-2024 - Address CVE-2020-2025 - Address CVE-2020-2026 kubernetes [1.14.9-1.0.6] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts [1.14.9-1.0.5] - Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026 olcne [1.0.5-3] - update registry image mirroring script [1.0.5-2] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts - Update bootstrap scripts [1.0.5-1] - Update Kata Containers to address CVEs 2020-2023 thru 2020-2026 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8557 CVE-2020-2024 CVE-2020-2026 CVE-2020-2025 CVE-2020-8559 Oracle Linux 7 [1.12.10-1.0.13] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8559 CVE-2020-8557 Oracle Linux 7 [2.9.4-1.0.7.el7] - \n- bump release number to 2.9.4-1.0.7 (Lans Hung) \n- fix missing Patch1, Patch2, Patch3 declaration in spec file after using %setup -q /usr/bin/cat /usr/src/redhat/SOURCES/fuse-0001-fix-int64_t-conflict-on-aarch64.patch | /usr/bin/patch -p1 -s /usr/bin/cat /usr/src/redhat/SOURCES/fuse-0002-fusermount-refuse-unknown-options.patch | /usr/bin/patch -p1 -s /usr/bin/cat /usr/src/redhat/SOURCES/fuse-0003-fusermount-don-t-feed-escaped-commas-into-mount-opti.patch | /usr/bin/patch -p1 -s [2.9.4-1.0.6.el7] - Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com> (Lans Hung) - add signed-off-by (Lans Hung) - Security Update based on ELSA-2018-3324 fuse: bypass of the 'user_allow_other' restriction when SELinux is active. [OraBugzilla: 43547][CVE-2018-10906] (Lans Hung) [2.9.4-1.0.5.el7] - update to 2.9.4-1.0.5.el7 (lans.hung@oracle.com) - update changelog in .spec file (lans.hung@oracle.com) - move patch to buildrpm/ to fix build failure (lans.hung@oracle.com) - Fix int64_t & uint64_t conflict issue on aarch64. This issue doesn't happen in x86_64 because its bits/sigcontext.h does not include asm/sigcontext.h, which it does on arm64, causing the __s64 definition conflict. This fix uses linux/types.h over manually defined int*_t and uint*_t in fuse_kernel.h. (Lans Hung) [Orabug: 27889694] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-10906 Oracle Linux 7 [2.02-81.0.3] - Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072] - Update signing certificate for efi binaries IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14311 CVE-2020-14310 CVE-2020-14309 CVE-2020-10713 CVE-2020-14308 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 Oracle Linux 8 [2.02-82.0.2.el8_2.1] - Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072] - Update signing certificate for efi binaries IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15707 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 Oracle Linux 7 [2.02-81.0.4] - Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072] - Update signing certificate for efi binaries [2.02-0.81.0.2] - Enable common subpackage build for aarch64 - Disable RHEL patch 0183-efinet-retransmit-if-our-device-is-busy.patch to comply with UEFI spec - increase timeout to 10ms in efinet.c, [Orabug: 27982684] [2.02-0.81.0.1] - Update upstream references [Orabug: 30138841] - build with the updated Oracle certificate - Restore symlink to grub environment file, that was removed during grub2-efi update if grub2 package is also installed on UEFI machines [Orabug: 27345750] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Pack files in efidir with disabled rpm verification [Orabug: 27166026] - Fix comparison in patch for [Orabug: 18504756] - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev) - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] - changed efidir with 0700 access rights, redhat chose another approach in rhbz#1496952, [Orabug: 28622344] - revert orabug [Orabug: 27166026] changes IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14308 CVE-2020-14310 CVE-2020-14309 CVE-2020-10713 CVE-2020-15705 CVE-2020-15706 CVE-2020-14311 CVE-2020-15707 Oracle Linux 7 [4.14.35-1902.304.6.3] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358100] [4.14.35-1902.304.6.2] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31668611] - efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31662729] {CVE-2019-20908} [4.14.35-1902.304.6.1] - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31652801] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20908 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.4.6.el8uek] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358097] [5.4.17-2011.4.5.el8uek] - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631527] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555595] - acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31642981] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15780 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.41.4] - uek-rpm: Add OL6 shim conflict for new signing key (Eric Snowberg) [Orabug: 31688239] - Revert 'certs: Add Oracle's new X509 cert into the kernel keyring' (Eric Snowberg) [Orabug: 31688223] - blk-mq: don't overwrite rq->mq_ctx (Jens Axboe) [Orabug: 31457304] - blk-mq: mark ctx as pending at batch in flush plug path (Ming Lei) [Orabug: 31457304] [4.1.12-124.41.3] - scsi: qla2xxx: Fix stuck session in GNL (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: Serialize session free in qlt_free_session_done (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: v2: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 26932683] - scsi: qla2xxx: v2: Move ABTS code behind qpair (Quinn Tran) [Orabug: 31517449] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31027042] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31027042] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31027042] - block_dev: don't test bdev->bd_contains when it is not stable (NeilBrown) [Orabug: 31554143] - KVM: x86: Remove spurious semicolon (Joao Martins) [Orabug: 31584727] [4.1.12-124.41.2] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351672] {CVE-2019-19054} - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} {CVE-2020-12888} - vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439671] {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - mm: bring in additional flag for fixup_user_fault to signal unlock (Dominik Dingel) [Orabug: 31439671] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439671] {CVE-2020-12888} - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31514993] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31514993] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31514993] - Revert 'x86/efi: Request desired alignment via the PE/COFF headers' (Matt Fleming) [Orabug: 31602576] [4.1.12-124.41.1] - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31516085] {CVE-2020-14416} - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() (himanshu.madhani@cavium.com) [Orabug: 31530589] - scsi: qla2xxx: Fix NULL pointer access for fcport structure (Quinn Tran) [Orabug: 31530589] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12888 CVE-2020-14416 CVE-2019-19054 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.48.1] - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351641] {CVE-2019-19062} - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351673] {CVE-2019-19054} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19062 CVE-2019-19054 Oracle Linux 7 [4.14.35-1902.305.4] - ptp: free ptp device pin descriptors properly (Vladis Dronov) [Orabug: 31710994] [4.14.35-1902.305.3] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350638] {CVE-2020-10732} - PCI: vmd: Filter resource type bits from shadow register (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Add device id for VMD device 8086:9A0B (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Fix shadow offsets to reflect spec changes (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Fix config addressing when using bus offsets (Jon Derrick) [Orabug: 31674879] - PCI/VMD: Configure MPS settings before adding devices (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Add an additional VMD device id to driver device id table (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Add offset to bus numbers if necessary (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Assign membar addresses from shadow registers (Jon Derrick) [Orabug: 31674879] - PCI: Add Intel VMD devices to pci ids (Jon Derrick) [Orabug: 31674879] - misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677099] - kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694369] [4.14.35-1902.305.2] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31445419] {CVE-2019-20811} - vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663632] {CVE-2020-12888} {CVE-2020-12888} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351639] {CVE-2019-19062} - iwlwifi: pcie: fix rb_allocator workqueue allocation (Johannes Berg) [Orabug: 31351807] {CVE-2019-16234} - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666974] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358100] - net: dsa: Do not leave DSA master with NULL netdev_ops (Allen Pais) [Orabug: 31038233] - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30358057] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555628] - CIFS: dump IPC tcon in debug proc file (Aurelien Aptel) [Orabug: 31500374] - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (Aurelien Aptel) [Orabug: 31500374] - CIFS: make IPC a regular tcon (Aurelien Aptel) [Orabug: 31500374] - CIFS: dont log STATUS_NOT_FOUND errors for DFS (Aurelien Aptel) [Orabug: 31500374] - efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31643409] {CVE-2019-20908} - uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 30646928] - ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265319] {CVE-2019-19037} {CVE-2019-19037} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631531] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480605] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480605] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480605] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480605] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480605] [4.14.35-1902.305.1] - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601132] - libertas: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 31351822] {CVE-2019-16232} - ext4: work around deleting a file with i_nlink == 0 safely (Theodore Tso) [Orabug: 31351013] {CVE-2019-19447} [4.14.35-1902.305.0] - thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706] - thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706] - x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557902] {CVE-2020-10768} - psi: Fix double free (Tom Hromatka) [Orabug: 31535640] - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} {CVE-2020-12888} - vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Jiang Yi) [Orabug: 31439670] {CVE-2020-12888} - vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439670] {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439670] {CVE-2020-12888} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351701] {CVE-2019-19049} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19049 CVE-2019-16234 CVE-2019-19447 CVE-2020-10732 CVE-2019-16232 CVE-2019-19037 CVE-2019-19062 CVE-2019-20908 CVE-2020-10768 CVE-2020-12888 CVE-2019-20811 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.5.3uek] - misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677096] - misc: pvpanic: move bit definition to uapi header file (zhenwei pi) [Orabug: 31677096] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666971] - bnxt_en: Fix statistics counters issue during ifdown with older firmware. (Michael Chan) [Orabug: 31660919] - bnxt_en: Do not enable legacy TX push on older firmware. (Michael Chan) [Orabug: 31660919] - bnxt_en: Store the running firmware version code. (Michael Chan) [Orabug: 31660919] - uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31645596] - PCI: pciehp: Fix indefinite wait on sysfs requests (Lukas Wunner) [Orabug: 31580249] - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557802] {CVE-2020-10767} - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350635] {CVE-2020-10732} - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 31648239] - uek-rpm: disable CONFIG_CRYPTO_DEV_CAVIUM_ZIP (Dave Kleikamp) [Orabug: 31667368] - vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663628] {CVE-2020-12888} {CVE-2020-12888} - uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 31636283] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31689621] - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31689703] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31689566] [5.4.17-2011.5.2uek] - drm/i915/gt: Correct mistake in cherry-pick (Jack Vogel) [Orabug: 31211659] - efi/x86: Add TPM related EFI tables to unencrypted mapping checks (Tom Lendacky) [Orabug: 31627285] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480603] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480603] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480603] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480603] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480603] - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (Dan Carpenter) [Orabug: 31610239] - scsi: qla2xxx: Keep initiator ports after RSCN (Roman Bolshakov) [Orabug: 31610239] - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (Daniel Wagner) [Orabug: 31610239] - scsi: qla2xxx: Remove return value from qla_nvme_ls() (Daniel Wagner) [Orabug: 31610239] - scsi: qla2xxx: Remove an unused function (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix endianness annotations in source files (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix endianness annotations in header files (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Use make_handle() instead of open-coding it (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix the code that reads from mailbox registers (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Use register names instead of register offsets (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Simplify the functions for dumping firmware (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix spelling of a variable name (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Make qlafx00_process_aen() return void (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Use true, false for ha->fw_dumped (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Use true, false for need_mpi_reset (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Make qla_set_ini_mode() return void (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (Viacheslav Dubeyko) [Orabug: 31610239] - scsi: qla2xxx: make 1-bit bit-fields unsigned int (Colin Ian King) [Orabug: 31610239] - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (Arun Easi) [Orabug: 31610239] - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Split qla2x00_configure_local_loop() (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix regression warnings (Nilesh Javali) [Orabug: 31610239] - scsi: qla2xxx: Remove non functional code (Daniel Wagner) [Orabug: 31610239] - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (Arun Easi) [Orabug: 31610239] - scsi: qla2xxx: add ring buffer for tracing debug logs (Rajan Shanmugavelu) [Orabug: 31610239] - scsi: qla2xxx: Update driver version to 10.01.00.25-k (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Set Nport ID for N2N (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Handle NVME status iocb correctly (Arun Easi) [Orabug: 31610239] - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Serialize fc_port alloc in N2N (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Fix NPIV instantiation after FW dump (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Fix RDP respond data format (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Force semaphore on flash validation failure (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: add more FW debug information (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Update BPM enablement semantics. (Andrew Vasquez) [Orabug: 31610239] - scsi: qla2xxx: fix FW resource count values (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (Andrew Vasquez) [Orabug: 31610239] - scsi: qla2xxx: Return appropriate failure through BSG Interface (Michael Hernandez) [Orabug: 31610239] - scsi: qla2xxx: Improved secure flash support messages (Michael Hernandez) [Orabug: 31610239] - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (Giridhar Malavali) [Orabug: 31610239] - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options. (Giridhar Malavali) [Orabug: 31610239] - scsi: qla2xxx: Add 16.0GT for PCI String (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Simplify the code for aborting SCSI commands (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Update driver version to 10.01.00.24-k (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Add fixes for mailbox command (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Fix control flags for login/logout IOCB (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Save rscn_gen for new fcport (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Use correct ISP28xx active FW region (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Correction to selection of loopback/echo test (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Fix RDP response size (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Handle cases for limiting RDP response payload length (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Show correct port speed capabilities for RDP command (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Display message for FCE enabled (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Add vendor extended FDMI commands (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add vendor extended RDP additions and amendments (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add endianizer macro calls to fc host stats (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add beacon LED config sysfs interface (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix warning after FC target reset (Viacheslav Dubeyko) [Orabug: 31610239] - scsi: qla2xxx: Fix issue with adapters stopping state (Viacheslav Dubeyko) [Orabug: 31610239] - scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan D. Milne) [Orabug: 31610239] - scsi: qla2xxx: Delete all sessions before unregister local nvme port (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: check UNLOADING before posting async work (Martin Wilck) [Orabug: 31610239] - scsi: qla2xxx: set UNLOADING before waiting for session deletion (Martin Wilck) [Orabug: 31610239] - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601130] - uek-rpm: aarch64: Streamline building 4K pages size kernel (Dave Kleikamp) [Orabug: 31500678] - kernel/relay.c: handle alloc_percpu returning NULL in relay_open (Daniel Axtens) [Orabug: 31183397] {CVE-2019-19462} [5.4.17-2011.5.1uek] - x86/microcode: do not modify sibling mask during late update (Mihai Carabas) [Orabug: 31605044] - x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557900] {CVE-2020-10768} - x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 31553477] - x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 31553477] - USB: pci-quirks: Add Raspberry Pi 4 quirk (Nicolas Saenz Julienne) [Orabug: 31527659] - PCI: brcmstb: Wait for Raspberry Pis firmware when present (Nicolas Saenz Julienne) [Orabug: 31527659] - firmware: raspberrypi: Introduce vl805 init routine (Nicolas Saenz Julienne) [Orabug: 31527659] - soc: bcm2835: Add notify xHCI reset property (Nicolas Saenz Julienne) [Orabug: 31527659] - PCI: brcmstb: Disable L0s component of ASPM if requested (Jim Quinlan) [Orabug: 31527659] - PCI: brcmstb: Fix window register offset from 4 to 8 (Jim Quinlan) [Orabug: 31527659] - PCI: brcmstb: Dont clk_put() a managed clock (Jim Quinlan) [Orabug: 31527659] - PCI: brcmstb: Assert fundamental reset on initialization (Nicolas Saenz Julienne) [Orabug: 31527659] - i2c: brcmstb: Fix handling of optional interrupt (Dave Stevenson) [Orabug: 31527659] - ARM: dts: bcm283x: Disable dsi0 node (Nicolas Saenz Julienne) [Orabug: 31527659] - pwm: bcm2835: Dynamically allocate base (Florian Fainelli) [Orabug: 31527659] - ARM: bcm2835_defconfig: Enable fixed-regulator (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm2711: Add vmmc regulator in emmc2 (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm2711: Update expgpios GPIO labels (Nicolas Saenz Julienne) [Orabug: 31527659] - i2c: drivers: Use generic definitions for bus frequencies (Andy Shevchenko) [Orabug: 31527659] - i2c: core: Provide generic definitions for bus frequencies (Andy Shevchenko) [Orabug: 31527659] - mmc: sdhci: iproc: Add custom set_power() callback for bcm2711 (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: am654: Use sdhci_set_power_and_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: at91: Use sdhci_set_power_and_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: arasan: Use sdhci_set_power_and_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: Introduce sdhci_set_power_and_bus_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (Lukas Wunner) [Orabug: 31527659] - usb: xhci: Enable LPM for VIA LABS VL805 (Nicolas Saenz Julienne) [Orabug: 31527659] - arm64: bcm2835: Drop select of nonexistent HAVE_ARM_ARCH_TIMER (Geert Uytterhoeven) [Orabug: 31527659] - ARM: dts: bcm2711: Move emmc2 into its own bus (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm2711-rpi-4-b: Add SoC GPIO labels (Stefan Wahren) [Orabug: 31527659] - ARM: bcm2835_defconfig: add support for Raspberry Pi4 (Marek Szyprowski) [Orabug: 31527659] - ARM: bcm2835_defconfig: Explicitly restore CONFIG_DEBUG_FS (Stefan Wahren) [Orabug: 31527659] - ARM: dts: bcm2711: Add pcie0 alias (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm283x: Add missing properties to the PWR LED (Stefan Wahren) [Orabug: 31527659] - PCI: brcmstb: Fix build on 32bit ARM platforms with older compilers (Marek Szyprowski) [Orabug: 31527659] - net: bcmgenet: Clear ID_MODE_DIS in EXT_RGMII_OOB_CTRL when not needed (Nicolas Saenz Julienne) [Orabug: 31527659] - net: bcmgenet: reduce severity of missing clock warnings (Jeremy Linton) [Orabug: 31527659] - pinctrl: bcm2835: Add support for all GPIOs on BCM2711 (Stefan Wahren) [Orabug: 31527659] - pinctrl: bcm2835: Refactor platform data (Stefan Wahren) [Orabug: 31527659] - pinctrl: bcm2835: Drop unused define (Stefan Wahren) [Orabug: 31527659] - dma-contiguous: CMA: give precedence to cmdline (Nicolas Saenz Julienne) [Orabug: 31527659] - dt-bindings: brcm,avs-ro-thermal: Fix binding check issues (Stefan Wahren) [Orabug: 31527659] - dt-bindings: Add Broadcom AVS RO thermal (Stefan Wahren) [Orabug: 31527659] - serial: 8250_bcm2835aux: Document struct bcm2835aux_data (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Use generic remapping code (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Allocate uart_8250_port on stack (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Suppress register_port error on -EPROBE_DEFER (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Suppress clk_get error on -EPROBE_DEFER (Phil Elwell) [Orabug: 31527659] - spi: bcm2835: Raise maximum number of slaves to 4 (Lukas Wunner) [Orabug: 31527659] - Bluetooth: hci_bcm: Drive RTS only for BCM43438 (Stefan Wahren) [Orabug: 31527659] - Bluetooth: hci_bcm: Add device-tree compatible for BCM4329 (Dmitry Osipenko) [Orabug: 31527659] - iommu/dma: Rationalise types for DMA masks (Robin Murphy) [Orabug: 31527659] - hwrng: iproc-rng200 - Add support for BCM2711 (Stefan Wahren) [Orabug: 31527659] - dt-bindings: rng: add BCM2711 RNG compatible (Stefan Wahren) [Orabug: 31527659] - Bluetooth: hci_bcm: Support pcm params in dts (Abhishek Pandit-Subedi) [Orabug: 31527659] - Bluetooth: btbcm: Support pcm configuration (Abhishek Pandit-Subedi) [Orabug: 31527659] - Bluetooth: hci_bcm: Disallow set_baudrate for BCM4354 (Abhishek Pandit-Subedi) [Orabug: 31527659] - Bluetooth: btbcm: Add entry for BCM4335A0 UART bluetooth (Mohammad Rasim) [Orabug: 31527659] - Bluetooth: hci_bcm: Add compatible string for BCM43540 (Abhishek Pandit-Subedi) [Orabug: 31527659] - iommu/dma-iommu: Use the dev->coherent_dma_mask (Tom Murphy) [Orabug: 31527659] - KEYS: Increase system_extra_certificate size to 8192 bytes (Stephen Brennan) [Orabug: 31512725] - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439668] {CVE-2020-12888} - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31595670] [5.4.17-2011.5.0uek] - ctf: support ld --ctf-variables, if available (Nick Alcock) [Orabug: 31535069] - ctf: adjust to upcoming binutils ctf_link_add_ctf API change (Nick Alcock) [Orabug: 31535069] - bpf: Fix up bpf_skb_adjust_room helpers skb csum setting (Daniel Borkmann) [Orabug: 31519461] - aarch64: Enable thermal config for RPi4 (Vijay Kumar) [Orabug: 31518062] - thermal: Add BCM2711 thermal driver (Stefan Wahren) [Orabug: 31518062] - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515046] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515046] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515046] - acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493185] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351669] {CVE-2019-19054} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19054 CVE-2019-19462 CVE-2020-10768 CVE-2020-10767 CVE-2020-10732 CVE-2020-12888 Oracle Linux 7 docker-cli [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch docker-engine [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 Oracle Linux 7 kubernetes [1.12.10-1.0.15] - Address CVE-2020-16845 kubeadm-ha-setup [0.0.2-1.0.73] - Fix update to coredns image tag [0.0.2-1.0.72] - Address CVE-2020-16845 kubernetes-cni [0.7.1-1.0.3] - Pin min version of cni-plugins kubernetes-cni-plugins [0.8.6-1.0.3] - Address CVE-2020-16845 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 Oracle Linux 7 olcne [1.1.5-2] - kubernetes pod subnet flag not honored in flannel configuration [1.1.5-1] - Address CVE-2020-16845 conmon [2.0.10-3] - Address CVE-2020-16845 coredns [1.6.5-1.0.3] - Address CVE-2020-16845 cri-o [1.17.0-1.0.5] - Address CVE-2020-16845 cri-tools [1.17.0-1.0.2] - Address CVE-2020-16845 [1.17.0-1.0.1] - Added Oracle Specific Build Files for cri-tools etcd [3.4.3-1.0.2] - Address CVE-2020-16845 flannel [0.10.0-2.1.12] - Address CVE-2020-16845 [0.10.0-2.1.11] - Resize flannel image [0.10.0-2.1.10] - Fix image location grafana [6.7.4-1.0.2] - Address CVE-2020-16845 helm [3.1.1-1.0.2] - Address CVE-2020-16845 istio [1.4.10-1.0.2] - CVE-2020-16845 encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs kata [1.7.3-1.0.9] - Address CVE-2020-16845 kata-agent [1.7.3-1.0.6] - Address CVE-2020-16845 kata-image [1.7.3-1.0.6.1] - Address CVE-2020-16845 kata-ksm-throttler [1.7.3-1.0.5] - Address CVE-2020-16845 kata-proxy [1.7.3-1.0.5] - Address CVE-2020-16845 kata-runtime [1.7.3-1.0.6] - Address CVE-2020-16845 kata-shim [1.7.3-1.0.5] - Address CVE-2020-16845 kubernetes [1.17.9-1.0.5] - Pin min version of components [1.17.9-1.0.4] - Address CVE-2020-16845 kubernetes-cni [0.7.1-1.0.3] - Pin min version of cni-plugins [0.7.1-1.0.2] - Address CVE-2020-16845 kubernetes-cni-plugins [0.8.6-1.0.3] - Address CVE-2020-16845 kubernetes-dashboard [2.0.0-1.0.2] - Address CVE-2020-16845 prometheus [2.13.1-1.0.3] - Address CVE-2020-16845 yq [2.4.0-1.0.5] - Address CVE-2020-16845 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 Oracle Linux 7 coredns [1.3.1-1.0.6] - Address CVE-2020-16845 [1.3.1-1.0.5] - Fix image location cri-o [1.14.7-1.0.8] - Address CVE-2020-16845 cri-tools [1.14.0-1.0.6] - Address CVE-2020-16845 etcd [3.3.10-1.0.5] - Address CVE-2020-16845 [3.3.10-1.0.4] - Fix image location flannel [0.10.0-2.1.12] - Address CVE-2020-16845 [0.10.0-2.1.11] - Resize flannel image [0.10.0-2.1.10] - Fix image location kata [1.7.3-1.0.9] - Address CVE-2020-16845 kata-agent [1.7.3-1.0.6] - Address CVE-2020-16845 kata-image [1.7.3-1.0.6.1] - Address CVE-2020-16845 kata-ksm-throttler [1.7.3-1.0.5] - Address CVE-2020-16845 kata-proxy [1.7.3-1.0.5] - Address CVE-2020-16845 kata-runtime [1.7.3-1.0.6] - Address CVE-2020-16845 kata-shim [1.7.3-1.0.5] - Address CVE-2020-16845 kubernetes [1.14.9-1.0.9] - Pin components min version [1.14.9-1.0.8] - Address CVE-2020-16845 kubernetes-cni [0.7.1-1.0.3] - Pin min version of cni-plugins [0.7.1-1.0.2] - Address CVE-2020-16845 kubernetes-cni-plugins [0.8.6-1.0.3] - Address CVE-2020-16845 kubernetes-dashboard [1.10.1-1.1.8] - Address CVE-2020-16845 [1.8.3-2.0.1] - Update to v1.8.3 olcne [1.0.7-2] - kubernetes pod subnet flag not honored in flannel configuration [1.0.7-1] - Address CVE-2020-16845 yq [2.4.0-1.0.5] - Address CVE-2020-16845 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.42.3] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10732 CVE-2019-19049 CVE-2019-19062 CVE-2019-20811 CVE-2017-16644 CVE-2019-10639 CVE-2019-19535 CVE-2019-10638 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.49.1] - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351996] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351996] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439108] {CVE-2019-20812} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705122] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783152] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20812 CVE-2018-16884 CVE-2020-14331 Oracle Linux 7 [4.14.35-2025.400.9] - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31867382] {CVE-2019-18885} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31867387] {CVE-2019-3874} - Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31867403] {CVE-2020-10781} - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31867441] {CVE-2020-10767} - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31867436] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31867436] - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31867433] {CVE-2020-16166} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31867431] {CVE-2020-14331} {CVE-2020-14331} - Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31867423] - net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31867421] - net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31867418] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31867417] {CVE-2020-24394} - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31867413] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31867411] [4.14.35-2025.400.8] - rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) [Orabug: 31737041] - net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31777364] - RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784658] - RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784891] - tcp: add sanity tests in tcp_add_backlog() (Eric Dumazet) [Orabug: 31780103] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10767 CVE-2019-18885 CVE-2020-24394 CVE-2020-10781 CVE-2020-14331 CVE-2020-16166 CVE-2019-3874 Oracle Linux 7 [4.14.35-1902.306.2] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783150] - sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Dave Chiluk) [Orabug: 31350999] {CVE-2019-19922} - sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [Orabug: 31350999] {CVE-2019-19922} - sched/fair: Fix bandwidth timer clock drift condition (Xunlei Pang) [Orabug: 31350999] {CVE-2019-19922} - btrfs: tree-checker: Verify block_group_item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-check: reduce stack consumption in check_dir_item (David Sterba) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: use %zu format string for size_t (Arnd Bergmann) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: Add checker for dir item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: Fix false panic for sanity test (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: Enhance btrfs_check_node output (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Move leaf and node validation checker to tree-checker.c (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Add checker for EXTENT_CSUM (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Check if item pointer overlaps with the item itself (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Refactor check_leaf function for later expansion (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784659] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779888] {CVE-2020-24394} - Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741325] - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351959] {CVE-2019-3874} - vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} {CVE-2019-3900} - vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} - vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} - vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351949] {CVE-2019-3900} - vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang() [Orabug: 31351949] {CVE-2019-3900} - repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351940] {CVE-2019-11487} - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351940] {CVE-2019-11487} - mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487} - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487} - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487} - tracing: Fix buffer_ref pipe ops (Jann Horn) [Orabug: 31351940] {CVE-2019-11487} - RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784892] - net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31794612] - uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31793663] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19535 CVE-2019-17133 CVE-2020-12771 CVE-2019-15218 CVE-2019-19052 CVE-2019-19063 CVE-2019-19078 CVE-2020-10767 CVE-2019-10639 CVE-2020-10781 CVE-2019-10638 CVE-2019-19066 CVE-2019-3874 CVE-2019-5108 CVE-2020-16166 CVE-2019-20812 CVE-2019-3900 CVE-2019-11487 CVE-2019-19074 CVE-2020-14331 CVE-2019-16746 CVE-2018-14613 CVE-2020-12114 CVE-2019-14898 CVE-2019-19922 CVE-2020-24394 CVE-2020-10751 CVE-2019-19073 CVE-2020-10769 CVE-2018-16884 CVE-2019-17075 CVE-2019-18885 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.6.2] - Revert 'aarch64/BM: config failed, hub doesnt have any ports' (Thomas Tai) [Orabug: 31838351] [Orabug: 31844671] - kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] [Orabug: 31844556] [5.4.17-2011.6.1] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779884] {CVE-2020-24394} - arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces (Kees Cook) [Orabug: 31776626] - arm32/64/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626] - arm32/64/elf: Add tables to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626] - x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit (Kees Cook) [Orabug: 31776626] - x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626] - x86/elf: Add table to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626] - x86/mm: use max memory block size on bare metal (Daniel Jordan) [Orabug: 31771277] - drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup (Scott Cheloha) [Orabug: 31771277] - net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755752] - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688620] - arm64/dts: Serial console fix for RPi4 (Vijay Kumar) [Orabug: 31562971] - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682033] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682033] [5.4.17-2011.6.0] - RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31358080] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648138] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648138] - RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483278] - RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483278] - bnxt_en: allow firmware to disable VLAN offloads (Michael Chan) - bnxt_en: clean up VLAN feature bit handling (Michael Chan) [Orabug: 31663185] - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Implement ethtool -X to set indirection table. (Michael Chan) [Orabug: 31663185] - bnxt_en: Return correct RSS indirection table entries to ethtool -x. (Michael Chan) [Orabug: 31663185] - bnxt_en: Fill HW RSS table from the RSS logical indirection table. (Michael Chan) [Orabug: 31663185] - bnxt_en: Add helper function to return the number of RSS contexts. (Michael Chan) [Orabug: 31663185] - bnxt_en: Add logical RSS indirection table structure. (Michael Chan) [Orabug: 31663185] - bnxt_en: Fix up bnxt_get_rxfh_indir_size(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Set up the chip specific RSS table size. (Michael Chan) [Orabug: 31663185] - bnxt_en: fix firmware message length endianness (Michael Chan) [Orabug: 31663185] - net: bnxt: Remove Comparison to bool in bnxt_ethtool.c (Jason Yan) [Orabug: 31663185] - bnxt_en: show only relevant ethtool stats for a TX or RX ring (Rajesh Ravi) [Orabug: 31663185] - bnxt_en: Split HW ring statistics strings into RX and TX parts. (Michael Chan) [Orabug: 31663185] - bnxt_en: Refactor the software ring counters. (Michael Chan) [Orabug: 31663185] - bnxt_en: Do not include ETH_FCS_LEN in the max packet length sent to fw. (Vasundhara Volam) [Orabug: 31663185] - bnxt_en: Improve TQM ring context memory sizing formulas. (Michael Chan) [Orabug: 31663185] - bnxt_en: Allocate TQM ring context memory according to fw specification. (Michael Chan) [Orabug: 31663185] - bnxt_en: Update firmware spec. to 1.10.1.33. (Michael Chan) [Orabug: 31663185] - bnxt_en: Return error when allocating zero size context memory. (Michael Chan) [Orabug: 31663185] - bnxt_en: Reset rings if ring reservation fails during open() (Vasundhara Volam) [Orabug: 31663185] - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails. (Michael Chan) [Orabug: 31663185] - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S. (Michael Chan) [Orabug: 31663185] - bnxt_en: Process the NQ under NAPI continuous polling. (Michael Chan) [Orabug: 31663185] - bnxt_en: Simplify __bnxt_poll_cqs_done(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Handle all NQ notifications in bnxt_poll_p5(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Disable workaround for lost interrupts on 575XX B0 and newer chips. (Michael Chan) [Orabug: 31663185] - bnxt_en: Periodically check and remove aged-out ntuple filters (Michael Chan) [Orabug: 31663185] - bnxt_en: Do not accept fragments for aRFS flow steering. (Michael Chan) [Orabug: 31663185] - bnxt_en: Remove the setting of dev_port. (Michael Chan) [Orabug: 31663185] - bnxt_en: Improve link up detection. (Michael Chan) [Orabug: 31663185] - RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 31079901] - RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 31079901] - RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 31079901] - IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 31079901] - x86/reboot: Move up iommu_shutdown() before stop_other_cpus() (Saeed Mirzamohammadi) [Orabug: 31542630] - bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) [Orabug: 31350643] {CVE-2020-12771} - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439365] {CVE-2020-10751} - Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31510722] {CVE-2020-10781} - Enable config option CONFIG_NFSD_V4_2_INTER_SSC (Dai Ngo) [Orabug: 31535947] - NFSD: Fix NFS server build errors (Chuck Lever) [Orabug: 31535947] - nfsd4: fix double free in nfsd4_do_async_copy() (Dan Carpenter) [Orabug: 31535947] - NFSD fixing possible null pointer derefering in copy offload (Olga Kornievskaia) [Orabug: 31535947] - NFSD fix nfserro errno mismatch (Olga Kornievskaia) [Orabug: 31535947] - NFSD: fix seqid in copy stateid (Olga Kornievskaia) [Orabug: 31535947] - NFSv4.2 fix memory leak in nfs42_ssc_open (Olga Kornievskaia) [Orabug: 31535947] - NFSv4: Make _nfs42_proc_copy_notify() static (YueHaibing) [Orabug: 31535947] - nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list (Trond Myklebust) [Orabug: 31535947] - NFSD: allow inter server COPY to have a STALE source server fh (Olga Kornievskaia) [Orabug: 31535947] - NFSD add nfs4 inter ssc to nfsd4_copy (Olga Kornievskaia) [Orabug: 31535947] - NFSD check stateids against copy stateids (Olga Kornievskaia) [Orabug: 31535947] - NFSD fix mismatching type in nfsd4_set_netaddr (Olga Kornievskaia) [Orabug: 31535947] - NFSD fill-in netloc4 structure (Olga Kornievskaia) [Orabug: 31535947] - NFSD add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947] to COPY (Olga Kornievskaia) [Orabug: 31535947] - NFSD COPY_NOTIFY xdr (Olga Kornievskaia) [Orabug: 31535947] - NFSv4.2 fix kfree in __nfs42_copy_file_range (Olga Kornievskaia) [Orabug: 31535947] - NFS based on file size issue sync copy or fallback to generic copy offload (Olga Kornievskaia) [Orabug: 31535947] - NFS: handle source server reboot (Olga Kornievskaia) [Orabug: 31535947] - NFS: skip recovery of copy open on dest server (Olga Kornievskaia) [Orabug: 31535947] - NFS: inter ssc open (Olga Kornievskaia) [Orabug: 31535947] to COPY (Olga Kornievskaia) [Orabug: 31535947] - NFS: add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947] - NFS NFSD: defining nl4_servers structure needed by both (Olga Kornievskaia) [Orabug: 31535947] - kvm: svm: Introduce GA Log tracepoint for AVIC (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: SVM: Inhibit APIC virtualization for X2APIC guest (Oliver Upton) [Orabug: 31631367] - KVM: SVM: allocate AVIC data structures based on kvm_amd module parameter (Paolo Bonzini) [Orabug: 31631367] - kvm: x86: svm: Fix NULL pointer dereference when AVIC not enabled (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: SVM: allow AVIC without split irqchip (Paolo Bonzini) [Orabug: 31631367] - kvm: ioapic: Lazy update IOAPIC EOI (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: ioapic: Refactor kvm_ioapic_update_eoi() (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: i8254: Deactivate APICv when using in-kernel PIT re-injection mode. (Suravee Suthikulpanit) [Orabug: 31631367] - svm: Temporarily deactivate AVIC during ExtINT handling (Suravee Suthikulpanit) [Orabug: 31631367] - svm: Deactivate AVIC when launching guest with nested SVM support (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: hyperv: Use APICv update request interface (Suravee Suthikulpanit) [Orabug: 31631367] - svm: Add support for dynamic APICv (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Introduce x86 ops hook for pre-update APICv (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Introduce APICv x86 ops for checking APIC inhibit reasons (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: svm: avic: Add support for dynamic setup/teardown of virtual APIC backing page (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: svm: Add support to (de)activate posted interrupts (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Add APICv (de)activate request trace points (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Add support for dynamic APICv activation (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: x86: remove get_enable_apicv from kvm_x86_ops (Paolo Bonzini) [Orabug: 31631367] - kvm: x86: Introduce APICv inhibit reason bits (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: lapic: Introduce APICv update helper function (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: X86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Peter Xu) [Orabug: 31631367] - KVM: SVM: Remove check if APICv enabled in SVM update_cr8_intercept() handler (Liran Alon) [Orabug: 31631367] - kvm: x86: Modify kvm_x86_ops.get_enable_apicv() to use struct kvm parameter (Suthikulpanit, Suravee) [Orabug: 31631367] - kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694365] - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698078] {CVE-2020-16166} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705117] {CVE-2020-14331} {CVE-2020-14331} - net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718014] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16166 CVE-2020-24394 CVE-2020-10751 CVE-2020-12771 CVE-2020-14331 CVE-2020-10781 Oracle Linux 7 olcne [1.1.6-1] - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx [1.17.7-2] - Changed nginx home dir to /var/lib/nginx for consistency [1.17.7-1] - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-7529 CVE-2019-9511 CVE-2018-16845 Oracle Linux 7 [1:1.3.2-1.el7] - Updates for OVMF/AAVMF Version 1.3.2 including: * Fri Jul 31 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.2 release for OL7 * Fri May 01 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.1 release for OL7 * Wed Feb 05 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3 release for OL7 which includes the following fixed CVEs: {CVE-2018-12182} {CVE-2019-13224} {CVE-2019-13225} {CVE-2019-14553} * Fri May 17 2019 Aaron Young <aaron.young@oracle.com> - Create new 1.2 release for OL7 which includes the following fixed CVEs: {CVE-2017-5715} {CVE-2017-5731} {CVE-2017-5732} {CVE-2017-5733} {CVE-2017-5734} {CVE-2017-5735} {CVE-2017-5753} {CVE-2018-12178} {CVE-2018-12180} {CVE-2018-12181} {CVE-2018-3630} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-13224 CVE-2019-13225 CVE-2019-14553 CVE-2018-12182 Oracle Linux 7 olcne [1.0.8-2] - Added nginx-image resource in module definitions to ensure nginx image upgrading [1.0.8-1] - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx [1.17.7-2] - Changed nginx home dir to /var/lib/nginx for consistency [1.17.7-1] - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-9511 CVE-2017-7529 CVE-2018-16845 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.43.4] - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn) [Orabug: 29434845] {CVE-2019-6974} - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier) [Orabug: 29434898] {CVE-2019-7221} - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini) [Orabug: 29434924] {CVE-2019-7222} - net: arc_emac: fix koops caused by sk_buff free (Alexander Kochetkov) [Orabug: 30254239] {CVE-2016-10906} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - x86/apic/msi: update address_hi on set msi affinity (Joe Jin) [Orabug: 31477035] - x86/apic/msi: check and sync apic IRR on msi_set_affinity (Joe Jin) [Orabug: 31477035] - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [Orabug: 31872821] {CVE-2020-1749} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872910] {CVE-2020-25212} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884169] {CVE-2020-25284} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884239] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895331] {CVE-2020-14314} [4.1.12-124.43.3] - ARM: amba: Fix race condition with driver_override (Geert Uytterhoeven) [Orabug: 29671212] {CVE-2018-9415} - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (xiao jin) [Orabug: 30120513] {CVE-2018-20856} - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484761] {CVE-2017-8925} - nl80211: validate beacon head (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add helper to find an IE that matches a byte-array (Luca Coelho) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: allow finding vendor with OUI without specifying the OUI type (Emmanuel Grumbach) [Orabug: 30556264] {CVE-2019-16746} - dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30732821] {CVE-2019-20096} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770913] {CVE-2019-19965} - kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350720] {CVE-2019-14898} - sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350720] {CVE-2019-14898} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351572] {CVE-2019-19073} - can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351682] {CVE-2019-19052} - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (Takashi Iwai) [Orabug: 31351837] {CVE-2019-15927} - media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351875] {CVE-2019-15218} - crypto: vmac - separate tfm and request context (Eric Biggers) [Orabug: 31584410] - SUNRPC: Fix a race with XPRT_CONNECTING (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Reduce latency when send queue is congested (Trond Myklebust) [Orabug: 31796770] - SUNRPC: RPC transport queue must be low latency (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix a potential race in xprt_connect() (Trond Myklebust) [Orabug: 31796770] - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (NeilBrown) [Orabug: 31796770] - SUNRPC: Fix races between socket connection and destroy code (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Prevent SYN+SYNACK+RST storms (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Report TCP errors to the caller (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Ensure we release the TCP socket once it has been closed (Trond Myklebust) [Orabug: 31796770] - net-gro: fix use-after-free read in napi_gro_frags() (Eric Dumazet) [Orabug: 31856195] {CVE-2020-10720} - PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867577] [4.1.12-124.43.2] - ALSA: seq: Cancel pending autoload work at unbinding device (Takashi Iwai) [Orabug: 31352045] {CVE-2017-16528} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352084] {CVE-2017-8924} - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543032] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543032] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543032] - tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543032] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543032] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543032] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543032] - tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543032] [4.1.12-124.43.1] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123576] {CVE-2019-19768} - media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224554] {CVE-2019-15505} - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351746] {CVE-2019-18885} - RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351783] {CVE-2019-17075} - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} {CVE-2019-3846} - repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351941] {CVE-2019-11487} - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351941] {CVE-2019-11487} - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351960] {CVE-2019-3874} - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439107] {CVE-2019-20812} - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439369] {CVE-2020-10751} - selinux: Print 'sclass' as string when unrecognized netlink message occurs (Marek Milkovic) [Orabug: 31439369] {CVE-2020-10751} - mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473652] {CVE-2019-5108} - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473652] {CVE-2019-5108} - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535529] {CVE-2020-10769} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705121] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783151] [4.1.12-124.42.4] - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30634865] - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31683116] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31683116] [4.1.12-124.42.3] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2016-10905 CVE-2019-16746 CVE-2019-19768 CVE-2019-20812 CVE-2020-10751 CVE-2017-8924 CVE-2019-20096 CVE-2019-3874 CVE-2019-7221 CVE-2016-10906 CVE-2019-17075 CVE-2019-18885 CVE-2019-7222 CVE-2020-14331 CVE-2020-25212 CVE-2020-25285 CVE-2020-10769 CVE-2019-6974 CVE-2017-16528 CVE-2017-8925 CVE-2018-20856 CVE-2018-9415 CVE-2019-20054 CVE-2019-5108 CVE-2020-10720 CVE-2020-25284 CVE-2018-16884 CVE-2019-19965 CVE-2020-14314 CVE-2019-3846 CVE-2020-1749 CVE-2019-14898 CVE-2019-15218 CVE-2019-15505 CVE-2019-15927 CVE-2019-19052 CVE-2019-19073 CVE-2019-11487 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.325.1] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351676] {CVE-2019-19054} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705125] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783153] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19054 CVE-2020-14331 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.50.1] - USB: serial: omninet: fix reference leaks at open (Mark Nicholson) [Orabug: 30484762] {CVE-2017-8925} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254252] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254252] {CVE-2016-10905} - GFS2: Use range based functions for rgrp sync/invalidation (Steven Whitehouse) [Orabug: 30254252] {CVE-2016-10905} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732940] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732940] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770914] {CVE-2019-19965} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351573] {CVE-2019-19073} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352085] {CVE-2017-8924} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884241] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895332] {CVE-2020-14314} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19965 CVE-2019-20054 CVE-2019-19073 CVE-2020-25285 CVE-2016-10905 CVE-2017-8924 CVE-2017-8925 CVE-2020-14314 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.326.1] - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351574] {CVE-2019-19073} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352086] {CVE-2017-8924} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884244] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895333] {CVE-2020-14314} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14314 CVE-2020-25285 CVE-2017-8924 CVE-2019-19073 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.7.4] - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931369] - iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931369] - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931369] [5.4.17-2011.7.3] - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895365] {CVE-2020-14385} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895327] {CVE-2020-14314} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884234] {CVE-2020-25285} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884154] {CVE-2020-25284} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872895] {CVE-2020-25212} - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu) [Orabug: 31861296] - libnvdimm/security: the 'security' attr never (Jane Chu) [Orabug: 31861296] - libnvdimm/security: fix a typo (Jane Chu) [Orabug: 31861296] - mmc: sdhci: Silence MMC warnings (Maxime Ripard) [Orabug: 31746382] - bcm2835-dma: Add support for per-channel flags (Phil Elwell) [Orabug: 31746382] - mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell) [Orabug: 31746382] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722763] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722763] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722763] [5.4.17-2011.7.2] - net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866487] {CVE-2020-14386} {CVE-2020-14386} - block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850341] - block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850341] - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849530] - uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas) [Orabug: 31848696] [5.4.17-2011.7.1] - IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621895] - net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621895] - cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang) [Orabug: 31779795] {CVE-2020-14356} - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779795] {CVE-2020-14356} - Revert 'aarch64/BM: config failed, hub doesn't have any ports' (Thomas Tai) [Orabug: 31838351] - kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] - iavf: use generic power management (Vaibhav Gupta) [Orabug: 31700015] - iavf: Fix updating statistics (Tony Nguyen) [Orabug: 31700015] - iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun) [Orabug: 31700015] - iavf: increase reset complete wait time (Paul Greenwalt) [Orabug: 31700015] - iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley) [Orabug: 31700015] - iavf: use appropriate enum for comparison (Aleksandr Loktionov) [Orabug: 31700015] - iavf: Enable support for up to 16 queues (Mitch Williams) [Orabug: 31700015] - iavf: fix speed reporting over virtchnl (Brett Creeley) [Orabug: 31700015] - iavf: remove current MAC address filter on VF reset (Stefan Assmann) [Orabug: 31700015] - i40e: Fix crash during removing i40e driver (Grzegorz Szczurek) [Orabug: 31700015] - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski) [Orabug: 31700015] - i40e: introduce new dump desc XDP command (Ciara Loftus) [Orabug: 31700015] - i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus) [Orabug: 31700015] - i40e: add XDP ring statistics to VSI stats (Ciara Loftus) [Orabug: 31700015] - i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson) [Orabug: 31700015] - i40e: eliminate division in napi_poll data path (Magnus Karlsson) [Orabug: 31700015] - i40e: optimize AF_XDP Tx completion path (Magnus Karlsson) [Orabug: 31700015] - i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski) [Orabug: 31700015] - i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov) [Orabug: 31700015] - i40e: Add support for 5Gbps cards (Aleksandr Loktionov) [Orabug: 31700015] - i40e: Add a check to see if MFS is set (Todd Fujinaka) [Orabug: 31700015] - i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski) [Orabug: 31700015] - i40e: make PF wait reset loop reliable (Piotr Kwapulinski) [Orabug: 31700015] - i40e: remove unused defines (Jesse Brandeburg) [Orabug: 31700015] - i40e: Move client header location (Shiraz Saleem) [Orabug: 31700015] - i40e: fix crash when Rx descriptor count is changed (Bjorn Topel) [Orabug: 31700015] - i40e: Make i40e_shutdown_adminq() return void (Jason Yan) [Orabug: 31700015] - i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31700015] - i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Bjorn Topel) [Orabug: 31700015] - i40e: Refactor rx_bi accesses (Bjorn Topel) [Orabug: 31700015] - i40e: Remove unneeded conversion to bool (Jason Yan) [Orabug: 31700015] - i40e: fix spelling mistake 'to' -> 'too' (Colin Ian King) [Orabug: 31700015] - i40e: Set PHY Access flag on X722 (Adam Ludkiewicz) [Orabug: 31700015] - i40e: implement VF stats NDO (Jesse Brandeburg) [Orabug: 31700015] - i40e: enable X710 support (Alice Michael) [Orabug: 31700015] - i40e: Add UDP segmentation offload support (Josh Hunt) [Orabug: 31700015] - i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov) [Orabug: 31700015] - i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek) [Orabug: 31700015] - i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski) [Orabug: 31700015] - i40e: Extend PHY access with page change flag (Piotr Azarewicz) [Orabug: 31700015] - i40e: Extract detection of HW flags into a function (Piotr Azarewicz) [Orabug: 31700015] - i40e: Fix for persistent lldp support (Sylwia Wnuczko) [Orabug: 31700015] - i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus) [Orabug: 31700015] - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley) [Orabug: 31700015] - i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski) [Orabug: 31700015] - i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley) [Orabug: 31700015] [5.4.17-2011.7.0] - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543029] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543029] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543029] - tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi) [Orabug: 31543029] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543029] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543029] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543029] - RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784656] - RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784889] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783146] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25284 CVE-2020-14314 CVE-2020-14385 CVE-2020-14386 CVE-2020-14356 CVE-2020-25212 CVE-2020-25285 Oracle Linux 7 [4.14.35-2025.401.4] - KVM: x86: always expose VIRT_SSBD to guests (Paolo Bonzini) [Orabug: 31957046] [4.14.35-2025.401.3] - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931371] - oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31901948] - net: Correct warning: label 'drop' defined but not used. (John Donnelly) [Orabug: 31916130] - KVM: Corrects build warnings for emulator_get_fpu/emulator_put_fpu (John Donnelly) [Orabug: 31907286] - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895330] {CVE-2020-14314} - net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880143] - bpf: Fix bpf_event_output re-entry issue (Allan Zhang) [Orabug: 31865842] - bpf: fix nested bpf tracepoints with per-cpu data (Matt Mullins) [Orabug: 31865842] - uek-rpm: Turn on module signing for embedded2 kernel (Dave Kleikamp) [Orabug: 31895264] - uek-rpm: Clean up config-aarch64-embedded2 (Dave Kleikamp) [Orabug: 31895264] [4.14.35-2025.401.2] - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884238] {CVE-2020-25285} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884165] {CVE-2020-25284} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872904] {CVE-2020-25212} - IB/mlx5: Fix MR registration flow to use UMR properly (Guy Levi) [Orabug: 31631231] - IB/mlx5: Prevent concurrent MR updates during invalidation (Moni Shoua) [Orabug: 31631231] - IB/mlx5: Replace kfree with kvfree (Chuhong Yuan) [Orabug: 31631231] - RDMA/odp: Do not leak dma maps when working with huge pages (Jason Gunthorpe) [Orabug: 31631231] - IB/mlx5: Respect new UMR capabilities (Majd Dibbiny) [Orabug: 31631231] - RDMA/mlx5: Unify error flows in rereg MR failure paths (Leon Romanovsky) [Orabug: 31631231] - IB/mlx5: Maintain a single emergency page (Ilya Lesokhin) [Orabug: 31631231] - genirq/irqdomain: Make sure all irq domain flags are distinct (Zenghui Yu) [Orabug: 31885236] - irq/msi: Direct update affinity if irq is for msix or, maskable (Joe Jin) [Orabug: 31885236] - x86/apic/msi: Plug non-maskable MSI affinity race (Joe Jin) [Orabug: 31885236] - mm: memcg: Optimize cgroup traversal in memory.stat read (Tom Hromatka) [Orabug: 31849182] - SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796863] - SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796863] - dmaengine: ioatdma: Add Snow Ridge ioatdma device id (Dave Jiang) [Orabug: 31669166] [4.14.35-2025.401.1] - PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867576] - net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866489] {CVE-2020-14386} {CVE-2020-14386} - scsi: qla2xxx: Fix login timeout (Quinn Tran) [Orabug: 31860034] - block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850343] - block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850343] - block: print offending values when cloned rq limits are exceeded (John Pittman) [Orabug: 31850343] - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849532] [4.14.35-2025.401.0] - Pensando: kernel config changes for kdump (Rob Gardner) [Orabug: 31821490] - Pensando: Enable iScsi in kernel config (Rob Gardner) [Orabug: 31821490] - sample-trace-array: Fix timer definition in samples/ftrace/sample-trace-array.c (Aruna Ramakrishna) [Orabug: 31845460] - IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621816] - net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621816] - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (Christophe Leroy) [Orabug: 29623005] {CVE-2018-20669} - x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() (Will Deacon) [Orabug: 29623005] {CVE-2018-20669} - arch/openrisc: Fix issues with access_ok() (Stafford Horne) [Orabug: 29623005] {CVE-2018-20669} - Fix 'acccess_ok()' on alpha and SH (Linus Torvalds) [Orabug: 29623005] {CVE-2018-20669} - make 'user_access_begin()' do 'access_ok()' (Linus Torvalds) [Orabug: 29623005] {CVE-2018-20669} - kabi fix for reparent slab memory on cgroup removal patchset (Tom Hromatka) [Orabug: 31746022] - mm/memcontrol.c: add missed css_put() (Muchun Song) [Orabug: 31746022] - mm: memcg/slab: reparent memcg kmem_caches on cgroup removal (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: rework non-root kmem_cache lifecycle management (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: don't check the dying flag on kmem_cache creation (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: unify SLAB and SLUB page accounting (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: introduce __memcg_kmem_uncharge_memcg() (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: generalize postponed non-root kmem_cache deactivation (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: rename slab delayed deactivation functions and fields (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: postpone kmem_cache memcg pointer initialization to memcg_link_cache() (Roman Gushchin) [Orabug: 31746022] - mm: introduce mem_cgroup_put() helper (Roman Gushchin) [Orabug: 31746022] - mm/memcontrol.c: export mem_cgroup_is_root() (Kirill Tkhai) [Orabug: 31746022] - memcg: localize memcg_kmem_enabled() check (Shakeel Butt) [Orabug: 31746022] - mm: fix race between kmem_cache destroy, create and deactivate (Shakeel Butt) [Orabug: 31746022] - uek-rpm: Sync up aarch64 config files with latest Marvell patches (Dave Kleikamp) [Orabug: 31838205] - drivers: marvell: otx2-sdei-ghes: correct issues with crashdump kernel (Rick Farrington) [Orabug: 31838205] - drivers: mtd: spi-nor: Add MX66L2G45GXRI00 macronix flash (Selvam Venkatachalam) [Orabug: 31838205] - irqchip/gic-v3: Add workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 31838205] - octeontx2-af: fix Extended DSA and eDSA parsing (Satha Rao) [Orabug: 31838205] - drivers: gicv3: Adds workaround for Marvell erratum 38545 (Bhaskara Budiredla) [Orabug: 31838205] - octeontx2-af: reset HWS group mask during FLR (Michal Mazur) [Orabug: 31838205] - drivers: marvell: otx2: sdei-ghes: add BERT support for RAS errors (Rick Farrington) [Orabug: 31838205] - ACPI: APEI: BERT: support BERT in non-ACPI systems (Rick Farrington) [Orabug: 31838205] - Documentation: dt: edac: update sdei-ghes/bed-bert settings (Rick Farrington) [Orabug: 31838205] - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351744] {CVE-2019-18885} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351958] {CVE-2019-3874} - Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31510723] {CVE-2020-10781} - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543030] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543030] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543030] - tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543030] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543030] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543030] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543030] - tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543030] - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557803] {CVE-2020-10767} - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682037] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682037] - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698082] {CVE-2020-16166} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705119] {CVE-2020-14331} {CVE-2020-14331} - KVM: x86: take as_id into account when checking PGD (Vitaly Kuznetsov) [Orabug: 31722725] - KVM: X86: Fix MSR range of APIC registers in X2APIC mode (Xiaoyao Li) [Orabug: 31722725] - KVM: nVMX: Report NMIs as allowed when in L2 and Exit-on-NMI is set (Sean Christopherson) [Orabug: 31722725] - KVM: nVMX: Remove non-functional 'support' for CR3 target values (Sean Christopherson) [Orabug: 31722725] - KVM: x86/mmu: Avoid an extra memslot lookup in try_async_pf() for L2 (Paolo Bonzini) [Orabug: 31722725] - KVM: x86: Adjust counter sample period after a wrmsr (Eric Hankland) [Orabug: 31722725] - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit (Oliver Upton) [Orabug: 31722725] - KVM: x86: Fix perfctr WRMSR for running counters (Eric Hankland) [Orabug: 31722725] - KVM: nVMX: Check GUEST_DR7 on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725] - perf/core: Provide a kernel-internal interface to recalibrate event period (Like Xu) [Orabug: 31722725] - KVM: VMX: Consume pending LAPIC INIT event when exit on INIT_SIGNAL (Liran Alon) [Orabug: 31722725] - KVM: nVMX: cleanup and fix host 64-bit mode checks (Paolo Bonzini) [Orabug: 31722725] - KVM: nVMX: Check Host Address Space Size on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725] - KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o lapic_in_kernel (Wanpeng Li) [Orabug: 31722725] - KVM: x86: Fix INIT signal handling in various CPU states (Liran Alon) [Orabug: 31722725] - KVM: VMX: Introduce exit reason for receiving INIT signal on guest-mode (Liran Alon) [Orabug: 31722725] - KVM: nVMX: add tracepoint for failed nested VM-Enter (Sean Christopherson) [Orabug: 31722725] - KVM: nVMX: Ignore segment base for VMX memory operand when segment not FS or GS (Liran Alon) [Orabug: 31722725] - kvm: LAPIC: write down valid APIC registers (Paolo Bonzini) [Orabug: 31722725] - KVM: LAPIC: ARBPRI is a reserved register for x2APIC (Paolo Bonzini) [Orabug: 31722725] - KVM nVMX: Check Host Segment Registers and Descriptor Tables on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725] - KVM/nVMX: Use kvm_vcpu_map for accessing the shadow VMCS (KarimAllah Ahmed) [Orabug: 31722725] - KVM/nVMX: Use kvm_vcpu_map when mapping the virtual APIC page (KarimAllah Ahmed) [Orabug: 31722725] - KVM: nVMX: Return -EINVAL when signaling failure in VM-Entry helpers (Sean Christopherson) [Orabug: 31722725] - KVM: nVMX: Move guest non-reg state checks to VM-Exit path (Sean Christopherson) [Orabug: 31722725] - kvm: nVMX: Check 'load IA32_PAT' VM-entry control on vmentry (Krish Sadhukhan) [Orabug: 31722725] - kvm: nVMX: Check 'load IA32_PAT' VM-exit control on vmentry (Krish Sadhukhan) [Orabug: 31722725] - KVM: x86: optimize check for valid PAT value (Paolo Bonzini) [Orabug: 31722725] - KVM: nVMX: allow tests to use bad virtual-APIC page address (Paolo Bonzini) [Orabug: 31722725] - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (Vitaly Kuznetsov) [Orabug: 31722725] - kvm: nVMX: Add a vmentry check for HOST_SYSENTER_ESP and HOST_SYSENTER_EIP fields (Krish Sadhukhan) [Orabug: 31722725] - KVM: nVMX: Apply addr size mask to effective address for VMX instructions (Sean Christopherson) [Orabug: 31722725] - Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741323] - net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31753101] - net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755754] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779886] {CVE-2020-24394} - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688621] - uek-rpm: aarch64: build embedded kernel for Pensando (Dave Kleikamp) [Orabug: 31627078] - Make low-speed APB bus accesses single threaded (Dave Kleikamp) [Orabug: 31627078] - Add /dev/capmem driver for Pensando (David Clear) [Orabug: 31627078] - Kconfig option to disable outer-cache-allocate for Pensando (David Clear) [Orabug: 31627078] - Provide for precise control of pgprot for Pensando (David Clear) [Orabug: 31627078] - Add Pensando Capri board .dts files and default configs (David Clear) [Orabug: 31627078] - Add /proc/xmaps (David Clear) [Orabug: 31627078] - mtd/spi-nor/cadence-quadspi.c: Speed up reads. (David Clear) [Orabug: 31627078] - Add mnic nodes to the Pensando devicetree (David Clear) [Orabug: 31627078] - Pensando Boot State Machine (BSM) integration. (David Clear) [Orabug: 31627078] - Pensando crash dump driver (David Clear) [Orabug: 31627078] - Pensando/Capri PCIE panic handler. (David Clear) [Orabug: 31627078] - Add uio support for Capri PCIE and Link interrupts (David Clear) [Orabug: 31627078] - Interrupt domain controllers for Capri ASIC. (David Clear) [Orabug: 31627078] - Capri SPI driver (David Clear) [Orabug: 31627078] - Add Capri EMMC phy and instantiate the driver in the dts (David Clear) [Orabug: 31627078] - Initial Pensando Capri SoC declaration (David Clear) [Orabug: 31627078] - New quirk for Pensando QSPI controller (David Clear) [Orabug: 31627078] - Add pensando,cpld device tree compat entry (David Clear) [Orabug: 31627078] - add support for NXP PCF85363/PCF85263 real-time clock (David Clear) [Orabug: 31627078] - Support the reset pulse width from the device-tree. (David Clear) [Orabug: 31627078] - Attempt to recover from a stuck SDA line (David Clear) [Orabug: 31627078] - Add driver for the TI TPS53659 (David Clear) [Orabug: 31627078] - support spi-rx-bus-width property on subnodes (David Clear) [Orabug: 31627078] - Support for SPI_NOR_DUAL_READ on Micron (David Clear) [Orabug: 31627078] - mtd: spi-nor: cadence-quadspi: fix spelling mistake: 'Couldnt't' -> 'Couldn't' (Colin Ian King) [Orabug: 31627078] - mtd: spi-nor: cadence-quadspi: Add support for Octal SPI controller (Vignesh R) [Orabug: 31627078] - mtd: spi-nor: Add Micron MT25QU02 support (Thor Thayer) [Orabug: 31627078] - arm64: tlb: Ensure we execute an ISB following walk cache invalidation (Will Deacon) [Orabug: 31627078] - arm64: mm: Add ISB instruction to set_pgd() (Will Deacon) [Orabug: 31627078] - mtd: spi-nor: Allow Cadence QSPI support for ARM64 (Thor Thayer) [Orabug: 31627078] - irqchip/gic-v3: Add workaround for Synquacer pre-ITS (Ard Biesheuvel) [Orabug: 31627078] - irqchip/gic: Make quirks matching conditional on init return value (Ard Biesheuvel) [Orabug: 31627078] - irqchip/gic-v3: Probe device ID space before quirks handling (Ard Biesheuvel) [Orabug: 31627078] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783149] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-24394 CVE-2018-20669 CVE-2019-18885 CVE-2019-3874 CVE-2020-14331 CVE-2020-16166 CVE-2020-10767 CVE-2020-10781 CVE-2020-14386 CVE-2020-25212 CVE-2020-14314 CVE-2020-25285 CVE-2020-25284 Oracle Linux 7 docker-engine [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] docker-cli [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15157 Oracle Linux 7 [1.2.14-1.0.1] - BUILDINFO: commit=259ae80da592d4f6b5e3cdc87202d36bc86a3579 - Addresses CVE-2020-15157 [1.2.14-1.0.0] - Added Oracle specific build files IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15157 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.44.4] - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (himanshu.madhani@cavium.com) [Orabug: 32020790] [4.1.12-124.44.3] - qed: Reduce verbosity of unimplemented MFW messages (Mintz, Yuval) [Orabug: 31959299] - kexec: validate pe files against the system_blacklist_keyring (Eric Snowberg) [Orabug: 31961119] {CVE-2020-26541} [4.1.12-124.44.2] - usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351088] {CVE-2019-19530} - net/rds: migration of a delayed initialized port present in down state (Praveen Kumar Kannoju) [Orabug: 31729995] - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31835223] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31835223] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aruna Ramakrishna) [Orabug: 31835223] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aruna Ramakrishna) [Orabug: 31835223] - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk (Mel Gorman) [Orabug: 31835223] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872865] {CVE-2020-25211} - net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880144] - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974559] [4.1.12-124.44.1] - oracleasm: Retrieve d_bdev before dropping inode (Stephen Brennan) [Orabug: 31832592] - KVM: VMX: fixes for vmentry_l1d_flush module parameter (Paolo Bonzini) [Orabug: 31962487] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2016-7917 CVE-2019-19530 CVE-2020-25643 CVE-2016-7913 CVE-2020-26541 CVE-2020-25211 Oracle Linux 7 [4.14.35-2025.402.2.1] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] [4.14.35-2025.402.1] - configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] - xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] - nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] - rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541} - Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} {CVE-2019-19377} {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] - ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] - ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] - blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336] [4.14.35-2025.402.0] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] - rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] - Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25643 CVE-2019-16089 CVE-2019-19377 CVE-2019-19448 CVE-2020-14390 CVE-2020-8694 CVE-2020-8695 CVE-2020-25211 CVE-2020-26541 CVE-2020-25645 CVE-2020-14356 CVE-2020-14385 CVE-2020-25641 CVE-2019-12380 Oracle Linux 7 Oracle Linux 8 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8694 CVE-2020-8695 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.44.4.1] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040806] {CVE-2020-8694} {CVE-2020-8695} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 Oracle Linux 7 [4.14.35-2025.402.2.1.el7] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2.el7] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] [4.14.35-2025.402.1.el7] - configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] - xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] - nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] - rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541} - Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] - ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] - ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] - blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336] [4.14.35-2025.402.0.el7] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] - rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] - Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8694 CVE-2020-8695 Oracle Linux 7 [4.14.35-2025.402.2.1.el7] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2.el7] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] [4.14.35-2025.402.1.el7] - configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] - xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] - nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] - rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541} - Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] - ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] - ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] - blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336] [4.14.35-2025.402.0.el7] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] - rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] - Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.45.2] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32137965] {CVE-2020-8694} {CVE-2020-8695} [4.1.12-124.45.1] - Revert 'x86/efi: Initialize and display UEFI secure boot state a bit later during init' (Eric Snowberg) [Orabug: 31887248] - xfs: fix xfs_inode use after free (Wengang Wang) [Orabug: 31932452] - SUNRPC: ECONNREFUSED should cause a rebind. (NeilBrown) [Orabug: 32070175] - netfilter: nfnetlink: correctly validate length of batch messages (Phil Turnbull) [Orabug: 30658635] {CVE-2016-7917} - xc2028: Fix use-after-free bug properly (Takashi Iwai) [Orabug: 30658659] {CVE-2016-7913} - [media] xc2028: avoid use after free (Mauro Carvalho Chehab) [Orabug: 30658659] {CVE-2016-7913} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 30821411] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989190] {CVE-2020-25643} - tracing: Reverse the order of trace_types_lock and event_mutex (Alan Maguire) [Orabug: 32002706] - ocfs2/dlm: move lock to the tail of grant queue while doing in-place convert (xuejiufei) [Orabug: 32071234] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8694 CVE-2020-8695 Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2014-4508 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.327.1] - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484765] {CVE-2017-8925} - x86_32, entry: Store badsys error code in %eax (Sven Wegener) [Orabug: 30783266] {CVE-2014-4508} {CVE-2014-4508} - x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) (Andy Lutomirski) [Orabug: 30783266] {CVE-2014-4508} {CVE-2014-4508} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2014-4508 CVE-2017-8925 Oracle Linux 8 [4.1.1-68] - azure-lb: fix redirect issue Resolves: rhbz#1850778 [4.1.1-67] - gcp-vpc-move-vip: add support for multiple alias IPs Resolves: rhbz#1846733 [4.1.1-65] - azure-events: handle exceptions in urlopen Resolves: rhbz#1845574 [4.1.1-64] - nfsserver: fix NFSv4-only support - azure-events: new resource agent for Azure Resolves: rhbz#1818997 Resolves: rhbz#1819965 [4.1.1-60] - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz#1850990 [4.1.1-59] - pgsql: support Pacemaker v2.03+ output Resolves: rhbz#1836186 [4.1.1-56] - Filesystem: set 'fast_stop' default to 'no' for GFS2 filesystems Resolves: rhbz#1814896 [4.1.1-55] - nfsserver: dont log error message when /etc/sysconfig/nfs does not exist - exportfs: describe clientspec format in metadata Resolves: rhbz#1845581 Resolves: rhbz#1845583 [4.1.1-54] - exportfs: add symlink support - aliyun-vpc-move-ip: log output when failing Resolves: rhbz#1820523 Resolves: rhbz#1843999 [4.1.1-53] - podman: force remove container if remove fails Resolves: rhbz#1839721 [4.1.1-52] - gcp-pd-move: new resource agent for Google Cloud Resolves: rhbz#1633251 [4.1.1-51] - NovaEvacuate: suppress expected initial error message - db2 (HADR): promote standby node when master node disappears Resolves: rhbz#1830716 Resolves: rhbz#1836945 [4.1.1-50] - rabbitmq-cluster: increase rabbitmqctl wait timeout during start Resolves: rhbz#1832321 [4.1.1-49] - aws-vpc-route53: new resource agent for AWS - pgsql: improve checks to prevent incorrect status, and set initial score for primary and hot standby Resolves: rhbz#1759115 Resolves: rhbz#1744190 [4.1.1-47] - aws-vpc-move-ip: delete remaining route entries Resolves: rhbz#1819021 [4.1.1-46] - use safe temp file location - ocf-shellfuncs: ocf_is_clone(): fix to return true when clone-max is set to 0 Resolves: rhbz#1817432 Resolves: rhbz#1817598 [4.1.1-45] - azure-lb: support using socat instead of nc - aws-vpc-move-ip: add 'routing_table_role' parameter - redis: fix validate-all action and run it during start Resolves: rhbz#1804658 Resolves: rhbz#1810466 Resolves: rhbz#1792237 [4.1.1-44] - lvmlockd: automatically remove locking_type from lvm.conf for LVM v2.03+ Resolves: rhbz#1808468 [4.1.1-43] - rabbitmq-cluster: delete nodename when stop fails Resolves: rhbz#1792196 [4.1.1-42] - IPsrcaddr: add destination and table parameters Resolves: rhbz#1744224 [4.1.1-40] - podman: improve image exist check - IPaddr2: add CLUSTERIP not supported info to metadata/manpage - Filesystem: refresh UUID if block device doesnt exist Resolves: rhbz#1788889 Resolves: rhbz#1767916 Resolves: rhbz#1777381 [4.1.1-38] - IPaddr2: add noprefixroute parameter Resolves: rhbz#1741042 [4.1.1-36] - exportfs: allow multiple exports with same fsid - mysql/galera: fix incorrect rc Resolves: rhbz#1764888 Resolves: rhbz#1765128 [4.1.1-35] - Route: dont fence when parameters not set - LVM-activate: add partial-activation support Resolves: rhbz#1750261 Resolves: rhbz#1741843 [4.1.1-34] - LVM/clvm: remove manpages for excluded agents - LVM-activate: return NOT_RUNNING when node rejoins cluster - LVM-activate: detect systemid volume without reboot - Filesystem: add symlink support - Filesystem: avoid corrupt mount-list and dont kill incorrect processes for bind-mounts - IPsrcaddr: make proto optional to fix regression when used without NetworkManager - docker: fix stop issues - rabbitmq-cluster: also restore users in single node mode - IPaddr2: sanitize compressed IPv6 IPs - nfsserver: systemd performance improvements - NovaEvacuate: add 'evacuate_delay' parameter Resolves: rhbz#1694392 Resolves: rhbz#1695039 Resolves: rhbz#1738428 Resolves: rhbz#1744103 Resolves: rhbz#1744140 Resolves: rhbz#1757837 Resolves: rhbz#1748768 Resolves: rhbz#1750352 Resolves: rhbz#1751700 Resolves: rhbz#1751962 Resolves: rhbz#1755760 [4.1.1-33] - rabbitmq-cluster: fail monitor when node is in minority partition, fix stop regression, retry start when cluster join fails, ensure node attributes are removed Resolves: rhbz#1745713 [4.1.1-32] - mysql/galera: use runuser/su to avoid using DAC_OVERRIDE Resolves: rhbz#1692960 [4.1.1-31] - podman: add drop-in dependency support Resolves: rhbz#1736746 [4.1.1-30] - iSCSITarget/iSCSILogicalUnit: only create iqn/acls when it doesnt exist Resolves: rhbz#1692413 [4.1.1-29] - CTDB: add support for v4.9+ Resolves: rhbz#1732867 [4.1.1-28] - podman: fixes to avoid bundle resources restarting when probing takes too long - LVM-activate: fix monitor to avoid hang caused by validate-all call Resolves: rhbz#1718219 Resolves: rhbz#1730455 [4.1.1-27] - ocf_log: do not log debug messages when HA_debug unset - Filesystem: remove notify-action from metadata - dhcpd keep SELinux context in chroot Resolves: rhbz#1707969 Resolves: rhbz#1717759 Resolves: rhbz#1719684 [4.1.1-26] - sap/sap-hana: split subpackages into separate packages Resolves: rhbz#1705767 [4.1.1-24] - Squid: fix PID file issue Resolves: rhbz#1689184 [4.1.1-23] - Route: make family parameter optional - redis: mute password warning Resolves: rhbz#1669140 Resolves: rhbz#1683548 [4.1.1-22] - aws-vpc-move-ip: add multi route-table support and fix issue w/multiple NICs Resolves: rhbz#1697559 [4.1.1-21] - gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue Resolves: rhbz#1695656 [4.1.1-20] - aws-vpc-move-ip: use '--query' to avoid a possible race condition - gcloud-ra: fix Python 3 issue and remove Python 2 detection Resolves: rhbz#1693662 Resolves: rhbz#1691456 [4.1.1-19] - Add CI gating tests - LVM-activate: support LVs from same VG - tomcat: use systemd when catalina.sh is unavailable - Fixed python-devel/perl build dependencies Resolves: rhbz#1682136 Resolves: rhbz#1667414 Resolves: rhbz#1666691 Resolves: rhbz#1595854 [4.1.1-18] - aliyun-vpc-move-ip: exclude from main package - aliyuncli-ra: upgrade bundled python-aliyun-sdk-core and fix Python 3 issues - ocf.py: byte compile Resolves: rhbz#1677204 Resolves: rhbz#1677981 Resolves: rhbz#1678874 [4.1.1-17] - LVM-activate: dont require locking_type Resolves: rhbz#1658664 [4.1.1-16] - vdo-vol: fix monitor-action - LVM-activate: dont fail initial probe Resolves: rhbz#1662466 Resolves: rhbz#1643307 [4.1.1-15] - nfsserver: fix start-issues when nfs_shared_infodir parameter is changed Resolves: rhbz#1642027 [4.1.1-14] - redis: use basename in pidof to avoid issues in containers Resolves: rhbz#1635785 [4.1.1-11] - Remove grpc from bundle Resolves: rhbz#1630627 [4.1.1-10] - systemd-tmpfiles: change path to /run/resource-agents Resolves: rhbz#1631291 [4.1.1-9] - podman: new resource agent Resolves: rhbz#1607607 [4.1.1-8] - LVM: fix missing dash in activate_options - LVM-activate: warn about incorrect vg_access_mode - lvmlockd: add cmirrord support [4.1.1-7] - findif: only match lines containing netmasks [4.1.1-6] - Rebuild with fixed binutils [4.1.1-5] - vdo-vol: new resource agent Resolves: rhbz#1552330 [4.1.1-4] - VirtualDomain: add stateless support - Exclude unsupported agents [4.1.1-3] - Added SAPHana and OpenStack agents [4.1.1-2] - Remove unsupported clvm and LVM agents [4.1.1-1] - Rebase to resource-agents 4.1.1 upstream release. [4.1.0-2] - Add gcc to BuildRequires [4.1.0-1.1] - Escape macros in %changelog [4.1.0-1] - Rebase to resource-agents 4.1.0 upstream release. [4.0.1-1.3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [4.0.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [4.0.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [4.0.1-1] - Rebase to resource-agents 4.0.1 upstream release. [4.0.0-2] - galera: remove 'long SST monitoring' support due to corner-case issues [4.0.0-1] - Rebase to resource-agents 4.0.0 upstream release. [3.9.7-6] - Add netstat dependency [3.9.7-4] - Rebase to resource-agents 3.9.7 upstream release. [3.9.6-2.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.9.6-2.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [3.9.6-2] - Rebase to latest upstream code in order to pull in rabbitmq-cluster agent [3.9.6-1] - Rebase to resource-agents 3.9.6 upstream release. [3.9.5-12.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.9.5-12.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.9.5-12] - Sync with latest upstream. [3.9.5-11] - Sync with latest upstream. [3.9.5-10] - Fix build system for rawhide. [3.9.5-9] - Remove rgmanager agents from build. [3.9.5-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [3.9.5-7] - Perl 5.18 rebuild [3.9.5-6] - Restores rsctmp directory to upstream default. [3.9.5-5] - Merges redhat provider into heartbeat provider. Remove rgmanager's redhat provider. Resolves: rhbz#917681 Resolves: rhbz#928890 Resolves: rhbz#952716 Resolves: rhbz#960555 [3.9.5-3] - Fixes build system error with conditional logic involving IPv6addr and updates spec file to build against rhel 7 as well as fedora 19. [3.9.5-2] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11078 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.51.2] - Revert 'kexec: Validate pe files against the system_lacklist_keyring' (John Donnelly) [Orabug: 32171714] {CVE-2020-26541} {CVE-2020-26541} [3.8.13-118.51.1] - usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351090] {CVE-2019-19530} - kexec: Validate pe files against the system_lacklist_keyring (Eric Snowberg) [Orabug: 31961121] {CVE-2020-26541} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974695] dtrace-modules-3.8.13-118.51.2.el6uek [0.4.5-3] - Synchronize versions with OL7 [0.4.5-2] - Validate d_path() argument pointer to avoid crash. [Orabug: 21304207] [0.4.5-1] - Support USDT for 32-bit applications on 64-bit hosts. [Orabug: 21219315] - Convert from sdt_instr_t to asm_instr_t. [Orabug: 21219374] - Restructuring to support DTrace on multiple architectures. [Orabug: 21273259] - Fix dtrace_helptrace_buffer memory leak. [Orabug: 20514336] - Add .gitignore file. [Orabug: 20266608] [0.4.4-1] - Rename dtrace-modules-headers to dtrace-modules-shared-headers. [Orabug: 20508087] [0.4.3-4] - Updated NEWS file: test stress/buffering/tst.resize1.d is XFAIL for now. - Align with kernel header file change: FOLL_NOFAULT -> FOLL_IMMED. [Orabug: 18653713] [0.4.3-3] - Rebuild with cleaned up source tree. [0.4.3-2] - Various fixes to handle multi-threaded processes. [Orabug: 18412802] [0.4.3-1] - Implmentation of profile-* probes in the profile provider. [Orabug: 18323513] [0.4.2-3] - Obsolete the old provider headers package. [Orabug: 18061595] [0.4.2-2] - Change name of provider headers package, to avoid conflicts on yum update. [Orabug: 18061595] [0.4.2-1] - Fix 'vtimestamp' implementation. [Orabug: 17741477] - Support SDT probes points in kernel modules. [Orabug: 17851716] [0.4.1-3] - Fix 'errno' implementation. [Orabug: 17704568] [0.4.1-2] - Fix lock ordering issues. [Orabug: 17624236] [0.4.1-1] - Align with new cyclic implementation in UEK3 kernel. [Orabug: 17553446] - Bugfix for module reference counting. - Fix memory leak. - Fix race condition in speculative tracing buffer cleaning. [Orabug: 17591351] - Ensure safe access to userspace stack memory location. [Orabug: 17591351] [0.4.0-2] - Bugfix for ustack() to avoid using vma data. [0.4.0-1] - Bugfix for module unloading. - Support meta-providers, USDT, and fasttrap (for USDT only). - Export DTrace kernel headers to userspace. - Improved ustack() robustness. [Orabug: 17591351] - Reimplemented ustack(). (Nick Alcock) [Orabug: 17591351] - Bugfixes. [0.3.2] - Release for new kernel and CTF section layout [0.3.1] - Skipped version number [0.3.0-2] - Remove development-only providers because they should not be built/released. [0.3.0] - Release of the DTrace kernel modules for UEK2 2.6.39-201.0.1 (DTrace kernel). [0.2.5-2] - Fix typo causing unconditional depmod at postinstall time [0.2.5] - New kernel, new userspace: no module changes. [0.2.4] - Ban unloading of in-use dtrace modules while dtrace is running. [0.2.3] - There is one new DTrace option now, used internally by the testsuite. [0.2.2] - Switch MUTEX_HELD() from using mutex_is_locked() to new mutex_owned(). [0.2.1] - Ensure that allocation attempts are done in atomic fashion so that a failing allocation attempt won't interfere with other allocations. - Surpress OOM warnings. [0.2.0] - Release of the DTrace kernel modules for UEK2 2.6.39-101.0.1 (DTrace kernel). [0.1.0-1.el6] - Disable stub-based syscalls in the release pending merging in fixes. [0.1] - Initial release. IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19530 Oracle Linux 7 [5.7.0-21.el7] - exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856] - Revert 'qemu: dont take agent and monitor job for shutdown' (Menno Lageman) [Orabug: 32080283] - Revert 'qemu: dont hold a monitor and agent job for reboot' (Menno Lageman) [Orabug: 32080283] - Revert 'qemu: dont hold monitor and agent job when setting time' (Menno Lageman) [Orabug: 32080283] - Revert 'qemu: remove use of qemuDomainObjBeginJobWithAgent()' (Menno Lageman) [Orabug: 32080283] - qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111] - qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking. (Wim ten Have) - qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203] - qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696] - domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162] - domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162] [5.7.0-20.el7] - qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: dont hold monitor and agent job when setting time (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: dont hold a monitor and agent job for reboot (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: dont take agent and monitor job for shutdown (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - qemu: blockcopy: Fix conditions when virStorageSource should be initialized (Peter Krempa) [Orabug: 31517934] - qemu: blockcopy: Report error on image format detection failure (Peter Krempa) [Orabug: 31517934] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25637 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.45.6] - qla2xxx: disable target reset during link reset and update version (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix early srb free on abort (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (Masanari Iida) [Orabug: 32095664] - scsi: qla2xxx: Enable Async TMF processing (himanshu.madhani@cavium.com) [Orabug: 32095664] - qla2xxx: tweak debug message for task management path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Arun Easi) [Orabug: 32095664] - scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix race between switch cmd completion and timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx:v2: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2 Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: v2 Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 32095664] [4.1.12-124.45.5] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31512608] [4.1.12-124.45.4] - block: Move part of bdi_destory() to del_gendisk() as bdi_unregister(). (Jan Kara) [Orabug: 32124131] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138039] [4.1.12-124.45.3] - drm/vmwgfx: Make sure backup_handle is always valid (Sinclair Yeh) [Orabug: 31352076] {CVE-2017-9605} - random32: move the pseudo-random 32-bit definitions to prandom.h (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166} - random32: remove net_rand_state from the latent entropy gcc plugin (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166} - random: fix circular include dependency on arm64 after addition of percpu.h (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166} - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166} - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021856] - kvm: x86: do not leak guest xcr0 into host interrupt handlers (David Matlack) [Orabug: 32021856] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16166 CVE-2017-9605 Oracle Linux 7 [1.3.9-2] - BUILDINFO: commit=4737bd3784f16c18474a60d8678371108f995d7c - Addresses CVE-2020-15257 [1.3.9-1] - Added Oracle specific build files IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15257 Oracle Linux 7 docker-cli [19.03.11-7] - Fix for CVE-2020-15257 [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch docker-engine [19.03.11-7] - Fix for CVE-2020-15257 [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15257 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.52.1] - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535530] {CVE-2020-10769} - crypto: authenc - Export key parsing helper function (Mathias Krause) [Orabug: 31535530] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10769 Oracle Linux 6 [2.6.39-400.328.1] - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535531] {CVE-2020-10769} - crypto: authenc - Export key parsing helper function (Mathias Krause) [Orabug: 31535531] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10769 Oracle Linux 7 [4.14.35-2025.403.3] - RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117] - lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117] - lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117] - lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117] - lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117] - uek-rpm: Don't build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889] - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974} - page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999] - xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548] [4.14.35-2025.403.2] - tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668} - vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} {CVE-2020-25656} - vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131175] {CVE-2020-25704} - perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704} - IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898] - xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244] [4.14.35-2025.403.1] - lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561] - Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 32136519] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016] - Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152249] - hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144] - hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144] [4.14.35-2025.403.0] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695} - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726] - btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726] - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816} - x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320] - hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413] - net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843] - perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035] - rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095] - rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081] - dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352] - dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352] - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352] - bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352] - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352] - bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352] - md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352] - dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352] - dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352] - md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352] - dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352] - dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352] - dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352] - md: don't flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352] - x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658] - x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658] - x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658] - x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658] - x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658] - jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658] - rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352} - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855] - arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061] - hwrng: cavium: Corrects warning: unused variable 'dev_id' (John Donnelly) [Orabug: 32040066] - Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] - lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127] - Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] - debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127] - debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127] - debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127] - lockdown: Add __kernel_is_confidentiality_mode to figure out whether .. (Konrad Rzeszutek Wilk) [Orabug: 32053127] - dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127] - bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127] - security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127] - net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618] - scsi: Corrects warning: passing argument 1 of 'wwn_to_u64' mismatch (John Donnelly) [Orabug: 32059622] - ipvlan: Corrects warning: label 'unregister_netdev' defined but not used (John Donnelly) [Orabug: 32059740] - mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218] - mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218] - mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218] - KVM: Drop 'const' attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898] - octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651] - octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651] - octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651] - octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651] - octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651] - octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651] - octeontx2-af: Ratelimit prints from AF error interrupt handlers (Naveen Mamindlapalli) [Orabug: 32095651] - octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 32095651] - octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 32095651] - octeontx2-af: make tx nibble fixup is always apply (Stanislaw Kardach) [Orabug: 32095651] - octeontx2-af: Stop kpu parsing at layer3 for ipv6 fragmented packets. (Abhijit Ayarekar) [Orabug: 32095651] - octeontx2-pf: Call mbox_reset before incrementing ack (Hariprasad Kelam) [Orabug: 32095651] - octeontx2-af: Simplify otx2_mbox_reset call (Hariprasad Kelam) [Orabug: 32095651] - A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095768] - net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095962] - rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113532] [4.14.35-2025.402.2] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] - ipv6: fix possible use-after-free in ip6_xmit() (Eric Dumazet) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12352 CVE-2020-8694 CVE-2020-8695 CVE-2020-25656 CVE-2020-27673 CVE-2020-25668 CVE-2020-25704 CVE-2020-28974 CVE-2019-19816 Oracle Linux 7 Oracle Linux 8 [5.4.17-2036.101.2uek] - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974} - page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915} - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915} - ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053] - net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896] - hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973] - hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973] - RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752] - lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752] - arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521] - Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521] - uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237] - NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992] - NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992] - xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543] [5.4.17-2036.101.1uek] - uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425] - platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425] - platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425] - platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425] - IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895] - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131172] {CVE-2020-25704} - vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} {CVE-2020-25656} - vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} - tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668} - NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682] [5.4.17-2036.101.0uek] - hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142] - hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142] - x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850] - x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850] - mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850] - x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850] - x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850] - perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850] - x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850] - x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996] - cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750] - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750] - rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472] - net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959] - uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923] - rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247] - rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245] - rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971] - x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971] - x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971] - x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971] - x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971] - ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517] - net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845] - Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352} - ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040] - ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040] - ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040] - ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040] - ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040] - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148] - net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840] - A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12352 CVE-2020-8694 CVE-2020-8695 CVE-2020-25656 CVE-2020-27673 CVE-2020-25668 CVE-2020-25704 CVE-2020-28915 CVE-2020-28974