Release notes for the update from 190114 to 190202 Summary: Added Packages: 0 Removed Packages: 0 Modified Packages: 924 Updated Packages names: 389-ds-base 1.3.7.5-18.el7 1.3.7.5-28.el7_5 389-ds-base-devel 1.3.7.5-18.el7 1.3.7.5-28.el7_5 389-ds-base-libs 1.3.7.5-18.el7 1.3.7.5-28.el7_5 389-ds-base-snmp 1.3.7.5-18.el7 1.3.7.5-28.el7_5 adwaita-gtk2-theme 3.22.2-1.el7 3.22.2-2.el7_5 adwaita-gtk2-theme 3.22.2-1.el7 3.22.2-2.el7_5 audispd-plugins 2.8.1-3.el7 2.8.1-3.el7_5.1 audit 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs-devel 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs-devel 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs-python 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs-static 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs-static 2.8.1-3.el7 2.8.1-3.el7_5.1 augeas 1.4.0-5.el7 1.4.0-5.el7_5.1 augeas-devel 1.4.0-5.el7 1.4.0-5.el7_5.1 augeas-devel 1.4.0-5.el7 1.4.0-5.el7_5.1 augeas-libs 1.4.0-5.el7 1.4.0-5.el7_5.1 augeas-libs 1.4.0-5.el7 1.4.0-5.el7_5.1 awscli 1.14.28-5.el7 1.14.28-5.el7_5.1 bind 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-chroot 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-devel 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-devel 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-libs 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-libs 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-libs-lite 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-libs-lite 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-license 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-lite-devel 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-lite-devel 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-pkcs11 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-pkcs11-devel 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-pkcs11-devel 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-pkcs11-libs 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-pkcs11-libs 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-pkcs11-utils 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-sdb 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-sdb-chroot 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-utils 9.9.4-61.el7 9.9.4-61.el7_5.1 binutils 2.27-27.base.el7 2.27-28.base.el7_5.2 binutils-devel 2.27-27.base.el7 2.27-28.base.el7_5.1 binutils-devel 2.27-27.base.el7 2.27-28.base.el7_5.2 ca-certificates 2017.2.20-71.el7 2018.2.22-70.0.el7_5 certmonger 0.78.4-3.el7 0.78.4-3.el7_5.1 cloud-init 0.7.9-24.el7.centos 0.7.9-24.el7.centos.1 control-center 3.26.2-8.el7 3.26.2-9.el7_5 control-center 3.26.2-8.el7 3.26.2-9.el7_5 control-center-filesystem 3.26.2-8.el7 3.26.2-9.el7_5 coolkey 1.1.0-37.el7 1.1.0-37.51.el7_5 coolkey 1.1.0-37.el7 1.1.0-37.51.el7_5 coolkey-devel 1.1.0-37.el7 1.1.0-37.51.el7_5 coolkey-devel 1.1.0-37.el7 1.1.0-37.51.el7_5 copy-jdk-configs 3.3-2.el7 3.3-10.el7_5 cpp 4.8.5-28.el7 4.8.5-28.el7_5.1 ctdb 4.7.1-6.el7 4.7.1-9.el7_5 ctdb-tests 4.7.1-6.el7 4.7.1-9.el7_5 dconf 0.26.0-2.el7 0.26.0-3.el7_5.1 dconf 0.26.0-2.el7 0.26.0-3.el7_5.1 dconf-devel 0.26.0-2.el7 0.26.0-3.el7_5.1 dconf-devel 0.26.0-2.el7 0.26.0-3.el7_5.1 debugmode 9.49.41-1.el7 9.49.41-1.el7_5.2 device-mapper-multipath 0.4.9-119.el7 0.4.9-119.el7_5.1 device-mapper-multipath-devel 0.4.9-119.el7 0.4.9-119.el7_5.1 device-mapper-multipath-devel 0.4.9-119.el7 0.4.9-119.el7_5.1 device-mapper-multipath-libs 0.4.9-119.el7 0.4.9-119.el7_5.1 device-mapper-multipath-libs 0.4.9-119.el7 0.4.9-119.el7_5.1 device-mapper-multipath-sysvinit 0.4.9-119.el7 0.4.9-119.el7_5.1 dhclient 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-common 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-devel 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-devel 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-libs 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-libs 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dracut 033-535.el7 033-535.el7_5.1 dracut-caps 033-535.el7 033-535.el7_5.1 dracut-config-generic 033-535.el7 033-535.el7_5.1 dracut-config-rescue 033-535.el7 033-535.el7_5.1 dracut-fips 033-535.el7 033-535.el7_5.1 dracut-fips-aesni 033-535.el7 033-535.el7_5.1 dracut-network 033-535.el7 033-535.el7_5.1 dracut-tools 033-535.el7 033-535.el7_5.1 e2fsprogs 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-devel 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-devel 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-libs 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-libs 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-static 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-static 1.42.9-11.el7 1.42.9-12.el7_5 emacs-git 1.8.3.1-13.el7 1.8.3.1-14.el7_5 emacs-git-el 1.8.3.1-13.el7 1.8.3.1-14.el7_5 fence-agents-all 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-amt-ws 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-apc 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-apc-snmp 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-aws 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-azure-arm 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-bladecenter 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-brocade 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-cisco-mds 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-cisco-ucs 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-common 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-compute 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-drac5 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-eaton-snmp 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-emerson 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-eps 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-heuristics-ping 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-hpblade 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ibmblade 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ifmib 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ilo2 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ilo-moonshot 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ilo-mp 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ilo-ssh 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-intelmodular 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ipdu 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-ipmilan 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-kdump 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-mpath 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-rhevm 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-rsa 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-rsb 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-sbd 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-scsi 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-virsh 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-vmware-rest 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-vmware-soap 4.0.11-86.el7 4.0.11-86.el7_5.3 fence-agents-wti 4.0.11-86.el7 4.0.11-86.el7_5.3 firefox 52.7.0-1.el7.bclinux 60.3.0-1.el7_5.bclinux firewall-applet 0.4.4.4-14.el7 0.4.4.4-15.el7_5 firewall-config 0.4.4.4-14.el7 0.4.4.4-15.el7_5 firewalld 0.4.4.4-14.el7 0.4.4.4-15.el7_5 firewalld-filesystem 0.4.4.4-14.el7 0.4.4.4-15.el7_5 flatpak 0.8.8-3.el7 0.8.8-4.el7_5 flatpak-builder 0.8.8-3.el7 0.8.8-4.el7_5 flatpak-devel 0.8.8-3.el7 0.8.8-4.el7_5 flatpak-libs 0.8.8-3.el7 0.8.8-4.el7_5 freeradius 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-devel 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-devel 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-doc 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-krb5 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-ldap 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-mysql 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-perl 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-postgresql 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-python 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-sqlite 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-unixODBC 3.0.13-8.el7_4 3.0.13-9.el7_5 freeradius-utils 3.0.13-8.el7_4 3.0.13-9.el7_5 fwupdate 9-8.el7 9-8.el7.centos fwupdate-devel 9-8.el7 9-8.el7.centos fwupdate-efi 9-8.el7 9-8.el7.centos fwupdate-libs 9-8.el7 9-8.el7.centos gcc 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-c++ 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-gfortran 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-gnat 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-go 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-objc 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-objc++ 4.8.5-28.el7 4.8.5-28.el7_5.1 gcc-plugin-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 ghostscript 9.07-28.el7_4.2 9.07-29.el7_5.2 ghostscript 9.07-28.el7_4.2 9.07-29.el7_5.2 ghostscript-cups 9.07-28.el7_4.2 9.07-29.el7_5.2 ghostscript-devel 9.07-28.el7_4.2 9.07-29.el7_5.2 ghostscript-devel 9.07-28.el7_4.2 9.07-29.el7_5.2 ghostscript-doc 9.07-28.el7_4.2 9.07-29.el7_5.2 ghostscript-gtk 9.07-28.el7_4.2 9.07-29.el7_5.2 git 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-all 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-bzr 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-cvs 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-daemon 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-email 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-gui 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-hg 1.8.3.1-13.el7 1.8.3.1-14.el7_5 gitk 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-p4 1.8.3.1-13.el7 1.8.3.1-14.el7_5 git-svn 1.8.3.1-13.el7 1.8.3.1-14.el7_5 gitweb 1.8.3.1-13.el7 1.8.3.1-14.el7_5 glusterfs 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-api 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-api-devel 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-cli 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-client-xlators 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-devel 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-fuse 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-libs 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos glusterfs-rdma 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos gnome-themes-standard 3.22.2-1.el7 3.22.2-2.el7_5 gnome-tweak-tool 3.22.0-1.el7 3.22.0-2.el7_5 gnupg2 2.0.22-4.el7 2.0.22-5.el7_5 gnupg2-smime 2.0.22-4.el7 2.0.22-5.el7_5 gsettings-desktop-schemas 3.24.1-1.el7 3.24.1-2.el7_5 gsettings-desktop-schemas 3.24.1-1.el7 3.24.1-2.el7_5 gsettings-desktop-schemas-devel 3.24.1-1.el7 3.24.1-2.el7_5 gsettings-desktop-schemas-devel 3.24.1-1.el7 3.24.1-2.el7_5 gtk3 3.22.26-3.el7 3.22.26-4.el7_5 gtk3 3.22.26-3.el7 3.22.26-4.el7_5 gtk3-devel 3.22.26-3.el7 3.22.26-4.el7_5 gtk3-devel 3.22.26-3.el7 3.22.26-4.el7_5 gtk3-devel-docs 3.22.26-3.el7 3.22.26-4.el7_5 gtk3-immodules 3.22.26-3.el7 3.22.26-4.el7_5 gtk3-immodule-xim 3.22.26-3.el7 3.22.26-4.el7_5 gtk3-tests 3.22.26-3.el7 3.22.26-4.el7_5 gtk-update-icon-cache 3.22.26-3.el7 3.22.26-4.el7_5 httpd 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 httpd-devel 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 httpd-manual 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 httpd-tools 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 ibacm 15-6.el7 15-7.el7_5 initscripts 9.49.41-1.el7 9.49.41-1.el7_5.2 ipa-client 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-client-common 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-common 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-python-compat 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-server 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-server-common 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-server-dns 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 ipa-server-trust-ad 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 iptables 1.4.21-24.el7 1.4.21-24.1.el7_5 iptables 1.4.21-24.el7 1.4.21-24.1.el7_5 iptables-devel 1.4.21-24.el7 1.4.21-24.1.el7_5 iptables-devel 1.4.21-24.el7 1.4.21-24.1.el7_5 iptables-services 1.4.21-24.el7 1.4.21-24.1.el7_5 iptables-utils 1.4.21-24.el7 1.4.21-24.1.el7_5 iwl1000-firmware 39.31.5.1-62.el7 39.31.5.1-62.2.el7_5 iwl100-firmware 39.31.5.1-62.el7 39.31.5.1-62.2.el7_5 iwl105-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl135-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl2000-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl2030-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl3160-firmware 22.0.7.0-62.el7 22.0.7.0-62.2.el7_5 iwl3945-firmware 15.32.2.9-62.el7 15.32.2.9-62.2.el7_5 iwl4965-firmware 228.61.2.24-62.el7 228.61.2.24-62.2.el7_5 iwl5000-firmware 8.83.5.1_1-62.el7 8.83.5.1_1-62.2.el7_5 iwl5150-firmware 8.24.2.2-62.el7 8.24.2.2-62.2.el7_5 iwl6000-firmware 9.221.4.1-62.el7 9.221.4.1-62.2.el7_5 iwl6000g2a-firmware 17.168.5.3-62.el7 17.168.5.3-62.2.el7_5 iwl6000g2b-firmware 17.168.5.2-62.el7 17.168.5.2-62.2.el7_5 iwl6050-firmware 41.28.5.1-62.el7 41.28.5.1-62.2.el7_5 iwl7260-firmware 22.0.7.0-62.el7 22.0.7.0-62.2.el7_5 iwl7265-firmware 22.0.7.0-62.el7 22.0.7.0-62.2.el7_5 iwpmd 15-6.el7 15-7.el7_5 java-1.7.0-openjdk 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.7.0-openjdk-accessibility 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.7.0-openjdk-demo 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.7.0-openjdk-devel 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.7.0-openjdk-headless 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.7.0-openjdk-javadoc 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.7.0-openjdk-src 1.7.0.171-2.6.13.2.el7 1.7.0.191-2.6.15.4.el7_5 java-1.8.0-openjdk 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-accessibility 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-accessibility 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-accessibility-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-accessibility-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-demo 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-demo 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-demo-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-demo-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-devel 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-devel 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-devel-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-devel-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-headless 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-headless 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-headless-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-headless-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-javadoc 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-javadoc-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-javadoc-zip 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-javadoc-zip-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-src 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-src 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-src-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 java-1.8.0-openjdk-src-debug 1.8.0.161-2.b14.el7 1.8.0.191.b12-0.el7_5 jss 4.4.0-11.el7 4.4.0-13.el7_5 jss-javadoc 4.4.0-11.el7 4.4.0-13.el7_5 kernel 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-abi-whitelists 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-debug 3.10.0-862.el7 3.10.0-862.14.4.el7 kernel-debug-devel 3.10.0-862.el7 3.10.0-862.14.4.el7 kernel-devel 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-doc 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-headers 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-tools 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-tools-libs 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-tools-libs-devel 3.10.0-862.el7 3.10.0-862.27.1.el7 kexec-tools 2.0.15-13.el7 2.0.15-13.el7_5.2 kexec-tools-anaconda-addon 2.0.15-13.el7 2.0.15-13.el7_5.2 kexec-tools-eppic 2.0.15-13.el7 2.0.15-13.el7_5.2 kmod-kvdo 6.1.0.153-15.el7 6.1.0.181-17.el7_5 kpartx 0.4.9-119.el7 0.4.9-119.el7_5.1 krb5-devel 1.15.1-18.el7 1.15.1-19.el7 krb5-devel 1.15.1-18.el7 1.15.1-19.el7 krb5-libs 1.15.1-18.el7 1.15.1-19.el7 krb5-libs 1.15.1-18.el7 1.15.1-19.el7 krb5-pkinit 1.15.1-18.el7 1.15.1-19.el7 krb5-server 1.15.1-18.el7 1.15.1-19.el7 krb5-server-ldap 1.15.1-18.el7 1.15.1-19.el7 krb5-workstation 1.15.1-18.el7 1.15.1-19.el7 libasan 4.8.5-28.el7 4.8.5-28.el7_5.1 libasan 4.8.5-28.el7 4.8.5-28.el7_5.1 libasan-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libasan-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libatomic 4.8.5-28.el7 4.8.5-28.el7_5.1 libatomic 4.8.5-28.el7 4.8.5-28.el7_5.1 libatomic-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libatomic-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libblkid 2.23.2-52.el7 2.23.2-52.el7_5.1 libblkid 2.23.2-52.el7 2.23.2-52.el7_5.1 libblkid-devel 2.23.2-52.el7 2.23.2-52.el7_5.1 libblkid-devel 2.23.2-52.el7 2.23.2-52.el7_5.1 libcilkrts 7.2.1-1.1.1.el7 7.2.1-1.2.1.el7_5 libcilkrts 7.2.1-1.1.1.el7 7.2.1-1.2.1.el7_5 libcom_err 1.42.9-11.el7 1.42.9-12.el7_5 libcom_err 1.42.9-11.el7 1.42.9-12.el7_5 libcom_err-devel 1.42.9-11.el7 1.42.9-12.el7_5 libcom_err-devel 1.42.9-11.el7 1.42.9-12.el7_5 libdmmp 0.4.9-119.el7 0.4.9-119.el7_5.1 libdmmp 0.4.9-119.el7 0.4.9-119.el7_5.1 libdmmp-devel 0.4.9-119.el7 0.4.9-119.el7_5.1 libdmmp-devel 0.4.9-119.el7 0.4.9-119.el7_5.1 libepoxy 1.3.1-1.el7 1.3.1-2.el7_5 libepoxy 1.3.1-1.el7 1.3.1-2.el7_5 libepoxy-devel 1.3.1-1.el7 1.3.1-2.el7_5 libepoxy-devel 1.3.1-1.el7 1.3.1-2.el7_5 libgcc 4.8.5-28.el7 4.8.5-28.el7_5.1 libgcc 4.8.5-28.el7 4.8.5-28.el7_5.1 libgfortran4 7.2.1-1.1.1.el7 8.2.1-1.3.1.el7_5 libgfortran4 7.2.1-1.1.1.el7 8.2.1-1.3.1.el7_5 libgfortran 4.8.5-28.el7 4.8.5-28.el7_5.1 libgfortran 4.8.5-28.el7 4.8.5-28.el7_5.1 libgfortran-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libgfortran-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libgnat 4.8.5-28.el7 4.8.5-28.el7_5.1 libgnat 4.8.5-28.el7 4.8.5-28.el7_5.1 libgnat-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libgnat-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libgnat-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libgnat-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libgo 4.8.5-28.el7 4.8.5-28.el7_5.1 libgo 4.8.5-28.el7 4.8.5-28.el7_5.1 libgo-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libgo-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libgomp 4.8.5-28.el7 4.8.5-28.el7_5.1 libgomp 4.8.5-28.el7 4.8.5-28.el7_5.1 libgo-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libgo-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libgudev1 219-57.el7 219-57.el7_5.3 libgudev1 219-57.el7 219-57.el7_5.5 libgudev1-devel 219-57.el7 219-57.el7_5.3 libgudev1-devel 219-57.el7 219-57.el7_5.5 libguestfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-bash-completion 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-benchmarking 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-devel 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-gfs2 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-gobject 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-gobject-devel 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-gobject-doc 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-inspect-icons 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-java 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-java-devel 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-javadoc 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-man-pages-ja 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-man-pages-uk 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-rescue 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-rsync 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-tools 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-tools-c 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libguestfs-xfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 libibcm 15-6.el7 15-7.el7_5 libibcm 15-6.el7 15-7.el7_5 libibumad 15-6.el7 15-7.el7_5 libibumad 15-6.el7 15-7.el7_5 libibverbs 15-6.el7 15-7.el7_5 libibverbs 15-6.el7 15-7.el7_5 libibverbs-utils 15-6.el7 15-7.el7_5 libipa_hbac 1.16.0-19.el7 1.16.0-19.el7_5.8 libipa_hbac 1.16.0-19.el7 1.16.0-19.el7_5.8 libipa_hbac-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libipa_hbac-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libitm 4.8.5-28.el7 4.8.5-28.el7_5.1 libitm 4.8.5-28.el7 4.8.5-28.el7_5.1 libitm-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libitm-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libitm-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libitm-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libkadm5 1.15.1-18.el7 1.15.1-19.el7 libkadm5 1.15.1-18.el7 1.15.1-19.el7 libmount 2.23.2-52.el7 2.23.2-52.el7_5.1 libmount 2.23.2-52.el7 2.23.2-52.el7_5.1 libmount-devel 2.23.2-52.el7 2.23.2-52.el7_5.1 libmount-devel 2.23.2-52.el7 2.23.2-52.el7_5.1 libmudflap 4.8.5-28.el7 4.8.5-28.el7_5.1 libmudflap 4.8.5-28.el7 4.8.5-28.el7_5.1 libmudflap-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libmudflap-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libmudflap-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libmudflap-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libobjc 4.8.5-28.el7 4.8.5-28.el7_5.1 libobjc 4.8.5-28.el7 4.8.5-28.el7_5.1 libquadmath 4.8.5-28.el7 4.8.5-28.el7_5.1 libquadmath 4.8.5-28.el7 4.8.5-28.el7_5.1 libquadmath-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libquadmath-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libquadmath-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libquadmath-static 4.8.5-28.el7 4.8.5-28.el7_5.1 librdmacm 15-6.el7 15-7.el7_5 librdmacm 15-6.el7 15-7.el7_5 librdmacm-utils 15-6.el7 15-7.el7_5 librelp 1.2.12-1.el7 1.2.12-1.el7_5.1 librelp 1.2.12-1.el7 1.2.12-1.el7_5.1 librelp-devel 1.2.12-1.el7 1.2.12-1.el7_5.1 librelp-devel 1.2.12-1.el7 1.2.12-1.el7_5.1 libreswan 3.23-3.el7 3.23-5.el7_5 libsmbclient 4.7.1-6.el7 4.7.1-9.el7_5 libsmbclient 4.7.1-6.el7 4.7.1-9.el7_5 libsmbclient-devel 4.7.1-6.el7 4.7.1-9.el7_5 libsmbclient-devel 4.7.1-6.el7 4.7.1-9.el7_5 libss 1.42.9-11.el7 1.42.9-12.el7_5 libss 1.42.9-11.el7 1.42.9-12.el7_5 libss-devel 1.42.9-11.el7 1.42.9-12.el7_5 libss-devel 1.42.9-11.el7 1.42.9-12.el7_5 libsss_autofs 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_certmap 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_certmap 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_certmap-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_certmap-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_idmap 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_idmap 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_idmap-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_idmap-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_nss_idmap 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_nss_idmap 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_nss_idmap-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_nss_idmap-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_simpleifp 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_simpleifp 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_simpleifp-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_simpleifp-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 libsss_sudo 1.16.0-19.el7 1.16.0-19.el7_5.8 libstdc++ 4.8.5-28.el7 4.8.5-28.el7_5.1 libstdc++ 4.8.5-28.el7 4.8.5-28.el7_5.1 libstdc++-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libstdc++-devel 4.8.5-28.el7 4.8.5-28.el7_5.1 libstdc++-docs 4.8.5-28.el7 4.8.5-28.el7_5.1 libstdc++-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libstdc++-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libtsan 4.8.5-28.el7 4.8.5-28.el7_5.1 libtsan-static 4.8.5-28.el7 4.8.5-28.el7_5.1 libuuid 2.23.2-52.el7 2.23.2-52.el7_5.1 libuuid 2.23.2-52.el7 2.23.2-52.el7_5.1 libuuid-devel 2.23.2-52.el7 2.23.2-52.el7_5.1 libuuid-devel 2.23.2-52.el7 2.23.2-52.el7_5.1 libvirt 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-admin 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-client 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-client 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-config-network 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-config-nwfilter 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-interface 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-lxc 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-network 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-nodedev 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-nwfilter 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-qemu 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-secret 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-core 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-disk 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-gluster 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-iscsi 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-logical 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-mpath 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-rbd 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-driver-storage-scsi 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-kvm 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-daemon-lxc 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-devel 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-devel 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-docs 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-libs 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-libs 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-lock-sanlock 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-login-shell 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-nss 3.9.0-14.el7 3.9.0-14.el7_5.8 libvirt-nss 3.9.0-14.el7 3.9.0-14.el7_5.8 libvncserver 0.9.9-11.el7 0.9.9-12.el7_5 libvncserver 0.9.9-11.el7 0.9.9-12.el7_5 libvncserver-devel 0.9.9-11.el7 0.9.9-12.el7_5 libvncserver-devel 0.9.9-11.el7 0.9.9-12.el7_5 libvorbis 1.3.3-8.el7 1.3.3-8.el7.1 libvorbis 1.3.3-8.el7 1.3.3-8.el7.1 libvorbis-devel 1.3.3-8.el7 1.3.3-8.el7.1 libvorbis-devel 1.3.3-8.el7 1.3.3-8.el7.1 libvorbis-devel-docs 1.3.3-8.el7 1.3.3-8.el7.1 libwacom 0.24-3.el7 0.24-4.el7 libwacom 0.24-3.el7 0.24-4.el7 libwacom-data 0.24-3.el7 0.24-4.el7 libwacom-devel 0.24-3.el7 0.24-4.el7 libwacom-devel 0.24-3.el7 0.24-4.el7 libwbclient 4.7.1-6.el7 4.7.1-9.el7_5 libwbclient 4.7.1-6.el7 4.7.1-9.el7_5 libwbclient-devel 4.7.1-6.el7 4.7.1-9.el7_5 libwbclient-devel 4.7.1-6.el7 4.7.1-9.el7_5 linux-firmware 20180220-62.git6d51311.el7 20180220-62.2.git6d51311.el7_5 logwatch 7.4.0-34.20130522svn140.el7 7.4.0-35.20130522svn140.el7_5 lua-guestfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 mariadb 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-bench 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-devel 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-devel 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-embedded 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-embedded 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-embedded-devel 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-embedded-devel 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-libs 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-libs 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-server 5.5.56-2.el7 5.5.60-1.el7_5 mariadb-test 5.5.56-2.el7 5.5.60-1.el7_5 microcode_ctl 2.1-29.el7 2.1-29.16.el7_5 mod_auth_mellon 0.13.1-1.el7 0.13.1-3.el7_5 mod_ldap 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 mod_proxy_html 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 mod_session 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 mod_ssl 2.4.6-80.el7.centos 2.4.6-80.el7.centos.1 mod_wsgi 3.4-12.el7_0 3.4-13.el7_5.1 mokutil 12-1.el7.bclinux 12-2.el7_5.bclinux motif 2.3.4-12.el7 2.3.4-14.el7_5 motif 2.3.4-12.el7 2.3.4-14.el7_5 motif-devel 2.3.4-12.el7 2.3.4-14.el7_5 motif-devel 2.3.4-12.el7 2.3.4-14.el7_5 motif-static 2.3.4-12.el7 2.3.4-14.el7_5 motif-static 2.3.4-12.el7 2.3.4-14.el7_5 mutt 1.5.21-27.el7 1.5.21-28.el7_5 mutter 3.26.2-13.el7 3.26.2-17.el7_5 mutter 3.26.2-13.el7 3.26.2-17.el7_5 mutter-devel 3.26.2-13.el7 3.26.2-17.el7_5 mutter-devel 3.26.2-13.el7 3.26.2-17.el7_5 net-snmp 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-agent-libs 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-agent-libs 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-devel 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-devel 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-gui 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-libs 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-libs 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-perl 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-python 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-sysvinit 5.7.2-32.el7 5.7.2-33.el7_5.2 net-snmp-utils 5.7.2-32.el7 5.7.2-33.el7_5.2 NetworkManager 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-adsl 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-bluetooth 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-config-server 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-dispatcher-routing-rules 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-glib 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-glib 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-glib-devel 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-glib-devel 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-libnm 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-libnm 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-libnm-devel 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-libnm-devel 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-ovs 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-ppp 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-team 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-tui 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-wifi 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-wwan 1.10.2-13.el7 1.10.2-16.el7_5 nspr 4.17.0-1.el7 4.19.0-1.el7_5 nspr 4.17.0-1.el7 4.19.0-1.el7_5 nspr-devel 4.17.0-1.el7 4.19.0-1.el7_5 nspr-devel 4.17.0-1.el7 4.19.0-1.el7_5 nss 3.34.0-4.el7 3.36.0-7.el7_5 nss 3.34.0-4.el7 3.36.0-7.el7_5 nss-devel 3.34.0-4.el7 3.36.0-7.el7_5 nss-devel 3.34.0-4.el7 3.36.0-7.el7_5 nss-pkcs11-devel 3.34.0-4.el7 3.36.0-7.el7_5 nss-pkcs11-devel 3.34.0-4.el7 3.36.0-7.el7_5 nss-softokn 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-devel 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-devel 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-freebl 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-freebl 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-freebl-devel 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-freebl-devel 3.34.0-2.el7 3.36.0-5.el7_5 nss-sysinit 3.34.0-4.el7 3.36.0-7.el7_5 nss-tools 3.34.0-4.el7 3.36.0-7.el7_5 nss-util 3.34.0-2.el7 3.36.0-1.el7_5 nss-util 3.34.0-2.el7 3.36.0-1.el7_5 nss-util-devel 3.34.0-2.el7 3.36.0-1.el7_5 nss-util-devel 3.34.0-2.el7 3.36.0-1.el7_5 ocaml-libguestfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 ocaml-libguestfs-devel 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 openldap 2.4.44-13.el7 2.4.44-15.el7_5 openldap 2.4.44-13.el7 2.4.44-15.el7_5 openldap-clients 2.4.44-13.el7 2.4.44-15.el7_5 openldap-devel 2.4.44-13.el7 2.4.44-15.el7_5 openldap-devel 2.4.44-13.el7 2.4.44-15.el7_5 openldap-servers 2.4.44-13.el7 2.4.44-15.el7_5 openldap-servers-sql 2.4.44-13.el7 2.4.44-15.el7_5 openscap 1.2.16-6.el7 1.2.16-8.el7_5 openscap 1.2.16-6.el7 1.2.16-8.el7_5 openscap-containers 1.2.16-6.el7 1.2.16-8.el7_5 openscap-devel 1.2.16-6.el7 1.2.16-8.el7_5 openscap-devel 1.2.16-6.el7 1.2.16-8.el7_5 openscap-engine-sce 1.2.16-6.el7 1.2.16-8.el7_5 openscap-engine-sce 1.2.16-6.el7 1.2.16-8.el7_5 openscap-engine-sce-devel 1.2.16-6.el7 1.2.16-8.el7_5 openscap-engine-sce-devel 1.2.16-6.el7 1.2.16-8.el7_5 openscap-extra-probes 1.2.16-6.el7 1.2.16-8.el7_5 openscap-python 1.2.16-6.el7 1.2.16-8.el7_5 openscap-scanner 1.2.16-6.el7 1.2.16-8.el7_5 openscap-utils 1.2.16-6.el7 1.2.16-8.el7_5 openslp 2.0.0-6.el7 2.0.0-7.el7_5 openslp 2.0.0-6.el7 2.0.0-7.el7_5 openslp-devel 2.0.0-6.el7 2.0.0-7.el7_5 openslp-devel 2.0.0-6.el7 2.0.0-7.el7_5 openslp-server 2.0.0-6.el7 2.0.0-7.el7_5 open-vm-tools 10.1.10-3.el7 10.1.10-3.el7_5.1 open-vm-tools-desktop 10.1.10-3.el7 10.1.10-3.el7_5.1 open-vm-tools-devel 10.1.10-3.el7 10.1.10-3.el7_5.1 oprofile 0.9.9-25.el7 0.9.9-25.el7_5.1 oprofile-devel 0.9.9-25.el7 0.9.9-25.el7_5.1 oprofile-devel 0.9.9-25.el7 0.9.9-25.el7_5.1 oprofile-gui 0.9.9-25.el7 0.9.9-25.el7_5.1 oprofile-jit 0.9.9-25.el7 0.9.9-25.el7_5.1 oprofile-jit 0.9.9-25.el7 0.9.9-25.el7_5.1 osinfo-db 20170813-6.el7.bclinux 20170813-7.el7.bclinux PackageKit 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-command-not-found 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-cron 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-glib 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-glib 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-glib-devel 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-glib-devel 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-gstreamer-plugin 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-gtk3-module 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-gtk3-module 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-yum 1.1.5-1.el7.centos 1.1.5-2.el7.centos PackageKit-yum-plugin 1.1.5-1.el7.centos 1.1.5-2.el7.centos patch 2.7.1-8.el7 2.7.1-10.el7_5 perf 3.10.0-862.el7 3.10.0-862.27.1.el7 perl-Git 1.8.3.1-13.el7 1.8.3.1-14.el7_5 perl-Git-SVN 1.8.3.1-13.el7 1.8.3.1-14.el7_5 perl-Sys-Guestfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 pki-base 10.5.1-9.el7 10.5.1-15.el7_5 pki-base-java 10.5.1-9.el7 10.5.1-15.el7_5 pki-ca 10.5.1-9.el7 10.5.1-15.el7_5 pki-javadoc 10.5.1-9.el7 10.5.1-15.el7_5 pki-kra 10.5.1-9.el7 10.5.1-15.el7_5 pki-server 10.5.1-9.el7 10.5.1-15.el7_5 pki-symkey 10.5.1-9.el7 10.5.1-15.el7_5 pki-tools 10.5.1-9.el7 10.5.1-15.el7_5 plexus-archiver 2.4.2-4.el7 2.4.2-5.el7_5 plexus-archiver-javadoc 2.4.2-4.el7 2.4.2-5.el7_5 postgresql 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-contrib 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-devel 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-devel 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-docs 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-jdbc 9.2.1002-5.el7 9.2.1002-6.el7_5 postgresql-jdbc-javadoc 9.2.1002-5.el7 9.2.1002-6.el7_5 postgresql-libs 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-libs 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-plperl 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-plpython 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-pltcl 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-server 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-static 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-static 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-test 9.2.23-3.el7_4 9.2.24-1.el7_5 postgresql-upgrade 9.2.23-3.el7_4 9.2.24-1.el7_5 procps-ng 3.3.10-17.el7 3.3.10-17.el7_5.2 procps-ng 3.3.10-17.el7 3.3.10-17.el7_5.2 procps-ng-devel 3.3.10-17.el7 3.3.10-17.el7_5.2 procps-ng-devel 3.3.10-17.el7 3.3.10-17.el7_5.2 procps-ng-i18n 3.3.10-17.el7 3.3.10-17.el7_5.2 python 2.7.5-68.el7 2.7.5-69.el7_5 python2-ipaclient 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 python2-ipalib 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 python2-ipaserver 4.5.4-10.el7.centos 4.5.4-10.el7.centos.4.4 python-boto3 1.4.6-4.el7 1.4.6-4.el7_5.1 python-configshell 1.1.fb23-3.el7 1.1.fb23-4.el7_5 python-debug 2.7.5-68.el7 2.7.5-69.el7_5 python-devel 2.7.5-68.el7 2.7.5-69.el7_5 python-firewall 0.4.4.4-14.el7 0.4.4.4-15.el7_5 python-gluster 3.8.4-53.el7.centos 3.8.4-54.15.el7.centos python-libguestfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 python-libipa_hbac 1.16.0-19.el7 1.16.0-19.el7_5.8 python-libs 2.7.5-68.el7 2.7.5-69.el7_5 python-libs 2.7.5-68.el7 2.7.5-69.el7_5 python-libsss_nss_idmap 1.16.0-19.el7 1.16.0-19.el7_5.8 python-perf 3.10.0-862.el7 3.10.0-862.27.1.el7 python-rtslib 2.1.fb63-5.el7 2.1.fb63-12.el7_5 python-rtslib-doc 2.1.fb63-5.el7 2.1.fb63-12.el7_5 python-sss 1.16.0-19.el7 1.16.0-19.el7_5.8 python-sssdconfig 1.16.0-19.el7 1.16.0-19.el7_5.8 python-sss-murmur 1.16.0-19.el7 1.16.0-19.el7_5.8 python-test 2.7.5-68.el7 2.7.5-69.el7_5 python-tools 2.7.5-68.el7 2.7.5-69.el7_5 qemu-guest-agent 2.8.0-2.el7 2.8.0-2.el7_5.1 qemu-img 1.5.3-156.el7 1.5.3-156.el7_5.5 qemu-kvm 1.5.3-156.el7 1.5.3-156.el7_5.5 qemu-kvm-common 1.5.3-156.el7 1.5.3-156.el7_5.5 qemu-kvm-tools 1.5.3-156.el7 1.5.3-156.el7_5.5 radvd 1.9.2-9.el7 1.9.2-9.el7_5.4 rasdaemon 0.4.1-32.el7 0.4.1-33.1.el7_5 rdma-core 15-6.el7 15-7.el7_5 rdma-core 15-6.el7 15-7.el7_5 rdma-core-devel 15-6.el7 15-7.el7_5 rdma-core-devel 15-6.el7 15-7.el7_5 rear 2.00-6.el7 2.00-7.el7_5 rsyslog 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-crypto 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-doc 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-elasticsearch 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-gnutls 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-gssapi 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-libdbi 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-mmaudit 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-mmjsonparse 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-mmnormalize 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-mmsnmptrapd 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-mysql 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-pgsql 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-relp 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-snmp 8.24.0-16.el7 8.24.0-16.el7_5.4 rsyslog-udpspoof 8.24.0-16.el7 8.24.0-16.el7_5.4 ruby-libguestfs 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 samba 4.7.1-6.el7 4.7.1-9.el7_5 samba-client 4.7.1-6.el7 4.7.1-9.el7_5 samba-client-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-client-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-common 4.7.1-6.el7 4.7.1-9.el7_5 samba-common-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-common-tools 4.7.1-6.el7 4.7.1-9.el7_5 samba-dc 4.7.1-6.el7 4.7.1-9.el7_5 samba-dc-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-devel 4.7.1-6.el7 4.7.1-9.el7_5 samba-devel 4.7.1-6.el7 4.7.1-9.el7_5 samba-krb5-printing 4.7.1-6.el7 4.7.1-9.el7_5 samba-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-pidl 4.7.1-6.el7 4.7.1-9.el7_5 samba-python 4.7.1-6.el7 4.7.1-9.el7_5 samba-python-test 4.7.1-6.el7 4.7.1-9.el7_5 samba-test 4.7.1-6.el7 4.7.1-9.el7_5 samba-test-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-test-libs 4.7.1-6.el7 4.7.1-9.el7_5 samba-vfs-glusterfs 4.7.1-6.el7 4.7.1-9.el7_5 samba-winbind 4.7.1-6.el7 4.7.1-9.el7_5 samba-winbind-clients 4.7.1-6.el7 4.7.1-9.el7_5 samba-winbind-krb5-locator 4.7.1-6.el7 4.7.1-9.el7_5 samba-winbind-modules 4.7.1-6.el7 4.7.1-9.el7_5 samba-winbind-modules 4.7.1-6.el7 4.7.1-9.el7_5 scap-security-guide 0.1.36-7.el7.bclinux 0.1.36-10.el7_5.bclinux scap-security-guide-doc 0.1.36-7.el7.bclinux 0.1.36-10.el7_5.bclinux selinux-policy 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-devel 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-doc 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-minimum 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-mls 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-sandbox 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-targeted 3.13.1-192.el7 3.13.1-192.el7_5.6 shim-ia32 12-1.el7.bclinux 12-2.el7_5.bclinux shim-unsigned-ia32 12-1.el7.bclinux 12-2.el7_5.bclinux shim-unsigned-x64 12-1.el7.bclinux 12-2.el7_5.bclinux shim-x64 12-1.el7.bclinux 12-2.el7_5.bclinux slf4j 1.7.4-3.el7 1.7.4-4.el7_4 slf4j-javadoc 1.7.4-3.el7 1.7.4-4.el7_4 slf4j-manual 1.7.4-3.el7 1.7.4-4.el7_4 sos 3.5-6.el7.bclinux 3.5-9.el7_5.bclinux spamassassin 3.4.0-2.el7 3.4.0-4.el7_5 spice-glib 0.34-3.el7 0.34-3.el7_5.2 spice-glib 0.34-3.el7 0.34-3.el7_5.2 spice-glib-devel 0.34-3.el7 0.34-3.el7_5.2 spice-glib-devel 0.34-3.el7 0.34-3.el7_5.2 spice-gtk3 0.34-3.el7 0.34-3.el7_5.2 spice-gtk3 0.34-3.el7 0.34-3.el7_5.2 spice-gtk3-devel 0.34-3.el7 0.34-3.el7_5.2 spice-gtk3-devel 0.34-3.el7 0.34-3.el7_5.2 spice-gtk3-vala 0.34-3.el7 0.34-3.el7_5.2 spice-gtk-tools 0.34-3.el7 0.34-3.el7_5.2 spice-server 0.14.0-2.el7 0.14.0-2.el7_5.5 spice-server-devel 0.14.0-2.el7 0.14.0-2.el7_5.5 srp_daemon 15-6.el7 15-7.el7_5 sssd 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-ad 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-client 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-client 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-common 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-common-pac 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-dbus 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-ipa 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-kcm 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-krb5 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-krb5-common 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-ldap 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-libwbclient 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-libwbclient-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-libwbclient-devel 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-polkit-rules 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-proxy 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-tools 1.16.0-19.el7 1.16.0-19.el7_5.8 sssd-winbind-idmap 1.16.0-19.el7 1.16.0-19.el7_5.8 sudo 1.8.19p2-13.el7 1.8.19p2-14.el7_5 sudo-devel 1.8.19p2-13.el7 1.8.19p2-14.el7_5 sudo-devel 1.8.19p2-13.el7 1.8.19p2-14.el7_5 systemd 219-57.el7 219-57.el7_5.5 systemd-devel 219-57.el7 219-57.el7_5.3 systemd-devel 219-57.el7 219-57.el7_5.5 systemd-journal-gateway 219-57.el7 219-57.el7_5.5 systemd-libs 219-57.el7 219-57.el7_5.3 systemd-libs 219-57.el7 219-57.el7_5.5 systemd-networkd 219-57.el7 219-57.el7_5.5 systemd-python 219-57.el7 219-57.el7_5.5 systemd-resolved 219-57.el7 219-57.el7_5.3 systemd-resolved 219-57.el7 219-57.el7_5.5 systemd-sysv 219-57.el7 219-57.el7_5.5 systemtap 3.2-4.el7 3.2-8.el7_5 systemtap-client 3.2-4.el7 3.2-8.el7_5 systemtap-devel 3.2-4.el7 3.2-8.el7_5 systemtap-initscript 3.2-4.el7 3.2-8.el7_5 systemtap-runtime 3.2-4.el7 3.2-8.el7_5 systemtap-runtime-java 3.2-4.el7 3.2-8.el7_5 systemtap-runtime-python2 3.2-4.el7 3.2-8.el7_5 systemtap-runtime-virtguest 3.2-4.el7 3.2-8.el7_5 systemtap-runtime-virthost 3.2-4.el7 3.2-8.el7_5 systemtap-sdt-devel 3.2-4.el7 3.2-8.el7_5 systemtap-sdt-devel 3.2-4.el7 3.2-8.el7_5 systemtap-server 3.2-4.el7 3.2-8.el7_5 systemtap-testsuite 3.2-4.el7 3.2-8.el7_5 targetcli 2.1.fb46-1.el7 2.1.fb46-6.el7_5 thunderbird 52.6.0-1.el7.centos 52.9.1-1.el7.centos tkinter 2.7.5-68.el7 2.7.5-69.el7_5 tomcat 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-admin-webapps 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-docs-webapp 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-el-2.2-api 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-javadoc 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-jsp-2.2-api 7.0.76-6.el7 7.0.76-8.el7_5 tomcatjss 7.2.1-6.el7 7.2.1-7.el7_5 tomcat-jsvc 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-lib 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-servlet-3.0-api 7.0.76-6.el7 7.0.76-8.el7_5 tomcat-webapps 7.0.76-6.el7 7.0.76-8.el7_5 tuned 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-gtk 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-profiles-atomic 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-profiles-compat 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-profiles-cpu-partitioning 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-profiles-oracle 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-utils 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tuned-utils-systemtap 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tzdata 2018c-1.el7 2018f-2.el7 tzdata-java 2018c-1.el7 2018f-2.el7 util-linux 2.23.2-52.el7 2.23.2-52.el7_5.1 util-linux 2.23.2-52.el7 2.23.2-52.el7_5.1 uuidd 2.23.2-52.el7 2.23.2-52.el7_5.1 vdo 6.1.0.149-16 6.1.0.168-18 virt-dib 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 virt-p2v-maker 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 virt-v2v 1.36.10-6.el7.centos 1.36.10-6.el7_5.2 virt-who 0.21.5-1.el7 0.21.7-1.el7_5 xmlrpc-client 3.1.3-8.el7 3.1.3-9.el7_5 xmlrpc-common 3.1.3-8.el7 3.1.3-9.el7_5 xmlrpc-javadoc 3.1.3-8.el7 3.1.3-9.el7_5 xmlrpc-server 3.1.3-8.el7 3.1.3-9.el7_5 xorg-x11-drv-wacom 0.34.2-4.el7 0.34.2-5.el7 xorg-x11-drv-wacom-devel 0.34.2-4.el7 0.34.2-5.el7 xorg-x11-drv-wacom-devel 0.34.2-4.el7 0.34.2-5.el7 xorg-x11-server-common 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-devel 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-devel 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-source 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-Xdmx 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-Xephyr 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-Xnest 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-Xorg 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-Xvfb 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 xorg-x11-server-Xwayland 1.19.5-5.el7 1.19.5-5.1.el7_5.0.1 yum-NetworkManager-dispatcher 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-aliases 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-auto-update-debug-info 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-changelog 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-copr 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-fastestmirror 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-filter-data 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-fs-snapshot 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-keys 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-list-data 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-local 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-merge-conf 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-ovl 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-post-transaction-actions 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-pre-transaction-actions 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-priorities 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-protectbase 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-ps 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-remove-with-leaves 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-rpm-warm-cache 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-show-leaves 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-tmprepo 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-tsflags 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-upgrade-helper 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-verify 1.1.31-45.el7 1.1.31-46.el7_5 yum-plugin-versionlock 1.1.31-45.el7 1.1.31-46.el7_5 yum-updateonboot 1.1.31-45.el7 1.1.31-46.el7_5 yum-utils 1.1.31-45.el7 1.1.31-46.el7_5 Updated Packages: 389-ds-base-1.3.7.5-28.el7_5 ---------------------------- * Thu Sep 13 2018 Mark Reynolds - 1.3.7.5-28 - Bump version to 1.3.7.5-28 - Resolves: Bug 1628676 - 389-ds-base: race condition on reference counter leads to DoS using persistent search - Resolves: Bug 1628677 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly * Wed Aug 29 2018 Mark Reynolds - 1.3.7.5-27 - Bump version to 1.3.7.5-27 - Resolves: Bug 1623247 - Crash in vslapd_log_emergency_error * Tue Aug 14 2018 Mark Reynolds - 1.3.7.5-26 - Bump version to 1.3.7.5-26 - Resolves: Bug 1615924 - Fine grained password policy can impact search performance - Resolves: Bug 1614836 - Disable nunc-stans by default - Resolves: Bug 1614861 - ldapsearch with server side sort crashes the ldap server * Tue Jul 03 2018 Mark Reynolds - 1.3.7.5-25 - Bump version to 1.3.7.5-25 - Resolves: Bug 1597530 - Async operations can hang when the server is running nunc-stans * Wed Jun 13 2018 Mark Reynolds - 1.3.7.5-24 - Bump version to 1.3.7.5-24 - Resolves: Bug 1580257 - Fix certificate directory verification * Fri Jun 01 2018 Mark Reynolds - 1.3.7.5-23 - Bump version to 1.3.7.5-23 - Resolves: Bug 1581588 - ACI deny rules do not work correctly - Resolves: Bug 1582747 - DS only accepts RSA and Fortezza cipher families * Mon May 21 2018 Mark Reynolds - 1.3.7.5-22 - Bump version to 1.3.5.7-22 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1579702 - Replication stops working when MemberOf plugin is enabled on hub and consumer - Resolves: Bug 1579698 - replicated operations should be serialized - Resolves: Bug 1579700 - Upgrade script doesn't enable PBKDF password storage plug-in - Resolves: Bug 1580257 - ds-replcheck LDIF comparision fails when checking for conflicts - Resolves: Bug 1580523 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired * Thu Apr 05 2018 Mark Reynolds - 1.3.7.5-21 - Bump version to 1.3.7.5-21 - Resolves: Bug 1559818 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch * Wed Apr 04 2018 Mark Reynolds - 1.3.7.5-20 - Bump version to 1.3.7.5-20 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1559764 - memberof fails if group is moved into scope - Resolves: Bug 1554720 - "Truncated search results" pop-up appears in user details in WebUI - Resolves: Bug 1553605 - ipa-server-install fails with Error: Upgrade failed with no such entry - Resolves: Bug 1559760 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line - Resolves: Bug 1559464 - replica_write_ruv log a failure even when it succeeds * Tue Apr 03 2018 Matus Honek - 1.3.7.5-19 - Bump version to 1.3.7.5-19 - Resolves: Bug 1563107 - IPA server is not responding, all authentication and admin tests failed [rhel-7.5.z] 389-ds-base-devel-1.3.7.5-28.el7_5 ---------------------------------- * Thu Sep 13 2018 Mark Reynolds - 1.3.7.5-28 - Bump version to 1.3.7.5-28 - Resolves: Bug 1628676 - 389-ds-base: race condition on reference counter leads to DoS using persistent search - Resolves: Bug 1628677 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly * Wed Aug 29 2018 Mark Reynolds - 1.3.7.5-27 - Bump version to 1.3.7.5-27 - Resolves: Bug 1623247 - Crash in vslapd_log_emergency_error * Tue Aug 14 2018 Mark Reynolds - 1.3.7.5-26 - Bump version to 1.3.7.5-26 - Resolves: Bug 1615924 - Fine grained password policy can impact search performance - Resolves: Bug 1614836 - Disable nunc-stans by default - Resolves: Bug 1614861 - ldapsearch with server side sort crashes the ldap server * Tue Jul 03 2018 Mark Reynolds - 1.3.7.5-25 - Bump version to 1.3.7.5-25 - Resolves: Bug 1597530 - Async operations can hang when the server is running nunc-stans * Wed Jun 13 2018 Mark Reynolds - 1.3.7.5-24 - Bump version to 1.3.7.5-24 - Resolves: Bug 1580257 - Fix certificate directory verification * Fri Jun 01 2018 Mark Reynolds - 1.3.7.5-23 - Bump version to 1.3.7.5-23 - Resolves: Bug 1581588 - ACI deny rules do not work correctly - Resolves: Bug 1582747 - DS only accepts RSA and Fortezza cipher families * Mon May 21 2018 Mark Reynolds - 1.3.7.5-22 - Bump version to 1.3.5.7-22 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1579702 - Replication stops working when MemberOf plugin is enabled on hub and consumer - Resolves: Bug 1579698 - replicated operations should be serialized - Resolves: Bug 1579700 - Upgrade script doesn't enable PBKDF password storage plug-in - Resolves: Bug 1580257 - ds-replcheck LDIF comparision fails when checking for conflicts - Resolves: Bug 1580523 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired * Thu Apr 05 2018 Mark Reynolds - 1.3.7.5-21 - Bump version to 1.3.7.5-21 - Resolves: Bug 1559818 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch * Wed Apr 04 2018 Mark Reynolds - 1.3.7.5-20 - Bump version to 1.3.7.5-20 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1559764 - memberof fails if group is moved into scope - Resolves: Bug 1554720 - "Truncated search results" pop-up appears in user details in WebUI - Resolves: Bug 1553605 - ipa-server-install fails with Error: Upgrade failed with no such entry - Resolves: Bug 1559760 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line - Resolves: Bug 1559464 - replica_write_ruv log a failure even when it succeeds * Tue Apr 03 2018 Matus Honek - 1.3.7.5-19 - Bump version to 1.3.7.5-19 - Resolves: Bug 1563107 - IPA server is not responding, all authentication and admin tests failed [rhel-7.5.z] 389-ds-base-libs-1.3.7.5-28.el7_5 --------------------------------- * Thu Sep 13 2018 Mark Reynolds - 1.3.7.5-28 - Bump version to 1.3.7.5-28 - Resolves: Bug 1628676 - 389-ds-base: race condition on reference counter leads to DoS using persistent search - Resolves: Bug 1628677 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly * Wed Aug 29 2018 Mark Reynolds - 1.3.7.5-27 - Bump version to 1.3.7.5-27 - Resolves: Bug 1623247 - Crash in vslapd_log_emergency_error * Tue Aug 14 2018 Mark Reynolds - 1.3.7.5-26 - Bump version to 1.3.7.5-26 - Resolves: Bug 1615924 - Fine grained password policy can impact search performance - Resolves: Bug 1614836 - Disable nunc-stans by default - Resolves: Bug 1614861 - ldapsearch with server side sort crashes the ldap server * Tue Jul 03 2018 Mark Reynolds - 1.3.7.5-25 - Bump version to 1.3.7.5-25 - Resolves: Bug 1597530 - Async operations can hang when the server is running nunc-stans * Wed Jun 13 2018 Mark Reynolds - 1.3.7.5-24 - Bump version to 1.3.7.5-24 - Resolves: Bug 1580257 - Fix certificate directory verification * Fri Jun 01 2018 Mark Reynolds - 1.3.7.5-23 - Bump version to 1.3.7.5-23 - Resolves: Bug 1581588 - ACI deny rules do not work correctly - Resolves: Bug 1582747 - DS only accepts RSA and Fortezza cipher families * Mon May 21 2018 Mark Reynolds - 1.3.7.5-22 - Bump version to 1.3.5.7-22 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1579702 - Replication stops working when MemberOf plugin is enabled on hub and consumer - Resolves: Bug 1579698 - replicated operations should be serialized - Resolves: Bug 1579700 - Upgrade script doesn't enable PBKDF password storage plug-in - Resolves: Bug 1580257 - ds-replcheck LDIF comparision fails when checking for conflicts - Resolves: Bug 1580523 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired * Thu Apr 05 2018 Mark Reynolds - 1.3.7.5-21 - Bump version to 1.3.7.5-21 - Resolves: Bug 1559818 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch * Wed Apr 04 2018 Mark Reynolds - 1.3.7.5-20 - Bump version to 1.3.7.5-20 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1559764 - memberof fails if group is moved into scope - Resolves: Bug 1554720 - "Truncated search results" pop-up appears in user details in WebUI - Resolves: Bug 1553605 - ipa-server-install fails with Error: Upgrade failed with no such entry - Resolves: Bug 1559760 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line - Resolves: Bug 1559464 - replica_write_ruv log a failure even when it succeeds * Tue Apr 03 2018 Matus Honek - 1.3.7.5-19 - Bump version to 1.3.7.5-19 - Resolves: Bug 1563107 - IPA server is not responding, all authentication and admin tests failed [rhel-7.5.z] 389-ds-base-snmp-1.3.7.5-28.el7_5 --------------------------------- * Thu Sep 13 2018 Mark Reynolds - 1.3.7.5-28 - Bump version to 1.3.7.5-28 - Resolves: Bug 1628676 - 389-ds-base: race condition on reference counter leads to DoS using persistent search - Resolves: Bug 1628677 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly * Wed Aug 29 2018 Mark Reynolds - 1.3.7.5-27 - Bump version to 1.3.7.5-27 - Resolves: Bug 1623247 - Crash in vslapd_log_emergency_error * Tue Aug 14 2018 Mark Reynolds - 1.3.7.5-26 - Bump version to 1.3.7.5-26 - Resolves: Bug 1615924 - Fine grained password policy can impact search performance - Resolves: Bug 1614836 - Disable nunc-stans by default - Resolves: Bug 1614861 - ldapsearch with server side sort crashes the ldap server * Tue Jul 03 2018 Mark Reynolds - 1.3.7.5-25 - Bump version to 1.3.7.5-25 - Resolves: Bug 1597530 - Async operations can hang when the server is running nunc-stans * Wed Jun 13 2018 Mark Reynolds - 1.3.7.5-24 - Bump version to 1.3.7.5-24 - Resolves: Bug 1580257 - Fix certificate directory verification * Fri Jun 01 2018 Mark Reynolds - 1.3.7.5-23 - Bump version to 1.3.7.5-23 - Resolves: Bug 1581588 - ACI deny rules do not work correctly - Resolves: Bug 1582747 - DS only accepts RSA and Fortezza cipher families * Mon May 21 2018 Mark Reynolds - 1.3.7.5-22 - Bump version to 1.3.5.7-22 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1579702 - Replication stops working when MemberOf plugin is enabled on hub and consumer - Resolves: Bug 1579698 - replicated operations should be serialized - Resolves: Bug 1579700 - Upgrade script doesn't enable PBKDF password storage plug-in - Resolves: Bug 1580257 - ds-replcheck LDIF comparision fails when checking for conflicts - Resolves: Bug 1580523 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired * Thu Apr 05 2018 Mark Reynolds - 1.3.7.5-21 - Bump version to 1.3.7.5-21 - Resolves: Bug 1559818 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch * Wed Apr 04 2018 Mark Reynolds - 1.3.7.5-20 - Bump version to 1.3.7.5-20 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1559764 - memberof fails if group is moved into scope - Resolves: Bug 1554720 - "Truncated search results" pop-up appears in user details in WebUI - Resolves: Bug 1553605 - ipa-server-install fails with Error: Upgrade failed with no such entry - Resolves: Bug 1559760 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line - Resolves: Bug 1559464 - replica_write_ruv log a failure even when it succeeds * Tue Apr 03 2018 Matus Honek - 1.3.7.5-19 - Bump version to 1.3.7.5-19 - Resolves: Bug 1563107 - IPA server is not responding, all authentication and admin tests failed [rhel-7.5.z] NetworkManager-1.10.2-16.el7_5 ------------------------------ * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-adsl-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-bluetooth-1.10.2-16.el7_5 ---------------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-config-server-1.10.2-16.el7_5 -------------------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-dispatcher-routing-rules-1.10.2-16.el7_5 ------------------------------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-glib-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-glib-devel-1.10.2-16.el7_5 ----------------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-libnm-1.10.2-16.el7_5 ------------------------------------ * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-libnm-devel-1.10.2-16.el7_5 ------------------------------------------ * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-ovs-1.10.2-16.el7_5 ---------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-ppp-1.10.2-16.el7_5 ---------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-team-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-tui-1.10.2-16.el7_5 ---------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-wifi-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-wwan-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) PackageKit-1.1.5-2.el7.centos ----------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-command-not-found-1.1.5-2.el7.centos ----------------------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-cron-1.1.5-2.el7.centos ---------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-glib-1.1.5-2.el7.centos ---------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-glib-devel-1.1.5-2.el7.centos ---------------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-gstreamer-plugin-1.1.5-2.el7.centos ---------------------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-gtk3-module-1.1.5-2.el7.centos ----------------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-yum-1.1.5-2.el7.centos --------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 PackageKit-yum-plugin-1.1.5-2.el7.centos ---------------------------------------- * Tue Apr 24 2018 CentOS Sources - 1.1.5-2.el7.centos - remove old branding patch - Update Vendor patch to reference CentOS * Tue Apr 17 2018 Richard Hughes - 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 adwaita-gtk2-theme-3.22.2-2.el7_5 --------------------------------- * Thu Mar 22 2018 Kalev Lember - 3.22.2-2 - Do not set treeview colors - Resolves: #1549711 audispd-plugins-2.8.1-3.el7_5.1 ------------------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot audit-2.8.1-3.el7_5.1 --------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot audit-libs-2.8.1-3.el7_5.1 -------------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot audit-libs-devel-2.8.1-3.el7_5.1 -------------------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot audit-libs-python-2.8.1-3.el7_5.1 --------------------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot audit-libs-static-2.8.1-3.el7_5.1 --------------------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot augeas-1.4.0-5.el7_5.1 ---------------------- * Wed Mar 28 2018 Pino Toscano - 1.4.0-5.el7_5.1 - Fstab: allow leading whitespaces (RHBZ#1554927) augeas-devel-1.4.0-5.el7_5.1 ---------------------------- * Wed Mar 28 2018 Pino Toscano - 1.4.0-5.el7_5.1 - Fstab: allow leading whitespaces (RHBZ#1554927) augeas-libs-1.4.0-5.el7_5.1 --------------------------- * Wed Mar 28 2018 Pino Toscano - 1.4.0-5.el7_5.1 - Fstab: allow leading whitespaces (RHBZ#1554927) awscli-1.14.28-5.el7_5.1 ------------------------ * Thu May 24 2018 Oyvind Albrigtsen - 1.14.28-5.1 - Fix unsupported max_bandwidth issue Resolves: rhbz#1581138 bind-9.9.4-61.el7_5.1 --------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-chroot-9.9.4-61.el7_5.1 ---------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-devel-9.9.4-61.el7_5.1 --------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-libs-9.9.4-61.el7_5.1 -------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-libs-lite-9.9.4-61.el7_5.1 ------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-license-9.9.4-61.el7_5.1 ----------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-lite-devel-9.9.4-61.el7_5.1 -------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-pkcs11-9.9.4-61.el7_5.1 ---------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-pkcs11-devel-9.9.4-61.el7_5.1 ---------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-pkcs11-libs-9.9.4-61.el7_5.1 --------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-pkcs11-utils-9.9.4-61.el7_5.1 ---------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-sdb-9.9.4-61.el7_5.1 ------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-sdb-chroot-9.9.4-61.el7_5.1 -------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-utils-9.9.4-61.el7_5.1 --------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 binutils-2.27-28.base.el7_5.2 ----------------------------- * Tue Dec 11 2018 Nick Clifton 2.27-28.base.2 - Backport patch to stop strip from corrupting unrecognised relocs. (#1660558) * Tue May 29 2018 Nick Clifton 2.27-28.base.1 - Fix the N-V-R for z-stream release. * Fri May 25 2018 Marek Polacek 2.27-28.base.0.0.hotfix.1.bz1582602 - Hotfix build. * Fri May 25 2018 Marek Polacek 2.27-28.base - Allow "lea foo@GOT, %reg" in PIC mode on the x86. (#1582602) binutils-devel-2.27-28.base.el7_5.2 ----------------------------------- * Tue Dec 11 2018 Nick Clifton 2.27-28.base.2 - Backport patch to stop strip from corrupting unrecognised relocs. (#1660558) * Tue May 29 2018 Nick Clifton 2.27-28.base.1 - Fix the N-V-R for z-stream release. * Fri May 25 2018 Marek Polacek 2.27-28.base.0.0.hotfix.1.bz1582602 - Hotfix build. * Fri May 25 2018 Marek Polacek 2.27-28.base - Allow "lea foo@GOT, %reg" in PIC mode on the x86. (#1582602) ca-certificates-2018.2.22-70.0.el7_5 ------------------------------------ * Wed Mar 14 2018 Kai Engert - 2018.2.22-70.0 - Update to CKBI 2.22 from NSS 3.35 certmonger-0.78.4-3.el7_5.1 --------------------------- * Tue Mar 27 2018 Rob Crittenden - 0.78.4-3.1 - Use required DER encoding when setting CA basic constraint (#1560961) - NSS 3.34 more strictly enforces length checking when verifying signatures (#1560960) cloud-init-0.7.9-24.el7.centos.1 -------------------------------- * Mon Jun 25 2018 Johnny Hughes - 0.7.9-24.el7_5.1 - Manual CentOS Debranding * Thu May 17 2018 Miroslav Rezanina - 0.7.9-24.el7_5.1 - ci-Revert-azure-Fix-publishing-of-hostname.patch [bz#1568717] - ci-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch [bz#1568717] - ci-sysconfig-Don-t-disable-IPV6_AUTOCONF.patch [bz#1578702] - Resolves: bz#1568717 (Add patch to bounce NICs in Azure/update DNS [rhel-7.5.z]) - Resolves: bz#1578702 (cloud-init-0.7.9-9.el7_4.6 breaks IPv4/IPv6 dual-stack EC2 instances in AWS [rhel-7.5.z]) control-center-3.26.2-9.el7_5 ----------------------------- * Tue Apr 17 2018 Carlos Garnacho - 3.26.2-9 - Add support for Wacom Pro Pen 3D styli Resolves: #1568701 control-center-filesystem-3.26.2-9.el7_5 ---------------------------------------- * Tue Apr 17 2018 Carlos Garnacho - 3.26.2-9 - Add support for Wacom Pro Pen 3D styli Resolves: #1568701 coolkey-1.1.0-37.51.el7_5 ------------------------- * Mon Jun 25 2018 Robert Relyea - 1.1.0-37.51 - Fix regression in alt token patch that prevented blank cards from working in ESC. * Mon Apr 23 2018 Robert Relyea - 1.1.0-37.50 - support cac alt tokens which don't have a cert is slot 0, don't have a CCC, and uses a ACA. coolkey-devel-1.1.0-37.51.el7_5 ------------------------------- * Mon Jun 25 2018 Robert Relyea - 1.1.0-37.51 - Fix regression in alt token patch that prevented blank cards from working in ESC. * Mon Apr 23 2018 Robert Relyea - 1.1.0-37.50 - support cac alt tokens which don't have a cert is slot 0, don't have a CCC, and uses a ACA. copy-jdk-configs-3.3-10.el7_5 ----------------------------- * Mon Apr 30 2018 Jiri Vanek - 3.3-10 - added javaws.policy and blacklist - Resolves: rhbz#1573163 * Wed Apr 25 2018 Jiri Vanek - 3.3-3 - fixes issue when java.security for openjdk7 was erased - Resolves: rhbz#1573163 cpp-4.8.5-28.el7_5.1 -------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) ctdb-4.7.1-9.el7_5 ------------------ * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo ctdb-tests-4.7.1-9.el7_5 ------------------------ * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo dconf-0.26.0-3.el7_5.1 ---------------------- * Fri Sep 14 2018 Marek Kasik - 0.26.0-3 - Check mtimes of files in /etc/dconf/db/*.d/ directories - when running "dconf update" - Resolves: #1626372 dconf-devel-0.26.0-3.el7_5.1 ---------------------------- * Fri Sep 14 2018 Marek Kasik - 0.26.0-3 - Check mtimes of files in /etc/dconf/db/*.d/ directories - when running "dconf update" - Resolves: #1626372 debugmode-9.49.41-1.el7_5.2 --------------------------- * Tue Aug 28 2018 David Kaspar [Dee'Kej] - 9.49.41-1.el7_5.2 - ifup-post: fix incorrect condition for RESOLV_MODS (bug #1622533) * Mon Jun 11 2018 David Kaspar [Dee'Kej] - 9.49.41-1.el7_5.1 - network-scripts: setting of firewall ZONE fixed (bug #1588566) device-mapper-multipath-0.4.9-119.el7_5.1 ----------------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 device-mapper-multipath-devel-0.4.9-119.el7_5.1 ----------------------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 device-mapper-multipath-libs-0.4.9-119.el7_5.1 ---------------------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 device-mapper-multipath-sysvinit-0.4.9-119.el7_5.1 -------------------------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 dhclient-4.2.5-68.el7.centos.1 ------------------------------ * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dhcp-4.2.5-68.el7.centos.1 -------------------------- * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dhcp-common-4.2.5-68.el7.centos.1 --------------------------------- * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dhcp-devel-4.2.5-68.el7.centos.1 -------------------------------- * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dhcp-libs-4.2.5-68.el7.centos.1 ------------------------------- * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dracut-033-535.el7_5.1 ---------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-caps-033-535.el7_5.1 --------------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-config-generic-033-535.el7_5.1 ------------------------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-config-rescue-033-535.el7_5.1 ------------------------------------ * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-fips-033-535.el7_5.1 --------------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-fips-aesni-033-535.el7_5.1 --------------------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-network-033-535.el7_5.1 ------------------------------ * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-tools-033-535.el7_5.1 ---------------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 e2fsprogs-1.42.9-12.el7_5 ------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) e2fsprogs-devel-1.42.9-12.el7_5 ------------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) e2fsprogs-libs-1.42.9-12.el7_5 ------------------------------ * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) e2fsprogs-static-1.42.9-12.el7_5 -------------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) emacs-git-1.8.3.1-14.el7_5 -------------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 emacs-git-el-1.8.3.1-14.el7_5 ----------------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 fence-agents-all-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-amt-ws-4.0.11-86.el7_5.3 ------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-apc-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-apc-snmp-4.0.11-86.el7_5.3 --------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-aws-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-azure-arm-4.0.11-86.el7_5.3 ---------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-bladecenter-4.0.11-86.el7_5.3 ------------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-brocade-4.0.11-86.el7_5.3 -------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-cisco-mds-4.0.11-86.el7_5.3 ---------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-cisco-ucs-4.0.11-86.el7_5.3 ---------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-common-4.0.11-86.el7_5.3 ------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-compute-4.0.11-86.el7_5.3 -------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-drac5-4.0.11-86.el7_5.3 ------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-eaton-snmp-4.0.11-86.el7_5.3 ----------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-emerson-4.0.11-86.el7_5.3 -------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-eps-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-heuristics-ping-4.0.11-86.el7_5.3 ---------------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-hpblade-4.0.11-86.el7_5.3 -------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ibmblade-4.0.11-86.el7_5.3 --------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ifmib-4.0.11-86.el7_5.3 ------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ilo-moonshot-4.0.11-86.el7_5.3 ------------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ilo-mp-4.0.11-86.el7_5.3 ------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ilo-ssh-4.0.11-86.el7_5.3 -------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ilo2-4.0.11-86.el7_5.3 ----------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-intelmodular-4.0.11-86.el7_5.3 ------------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ipdu-4.0.11-86.el7_5.3 ----------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-ipmilan-4.0.11-86.el7_5.3 -------------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-kdump-4.0.11-86.el7_5.3 ------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-mpath-4.0.11-86.el7_5.3 ------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-rhevm-4.0.11-86.el7_5.3 ------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-rsa-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-rsb-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-sbd-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-scsi-4.0.11-86.el7_5.3 ----------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-virsh-4.0.11-86.el7_5.3 ------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-vmware-rest-4.0.11-86.el7_5.3 ------------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-vmware-soap-4.0.11-86.el7_5.3 ------------------------------------------ * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 fence-agents-wti-4.0.11-86.el7_5.3 ---------------------------------- * Mon Jul 16 2018 Oyvind Albrigtsen - 4.0.11-86.3 - fence_evacuate: fix evacuable tag mix issue Resolves: rhbz#1600602 * Thu Apr 12 2018 Oyvind Albrigtsen - 4.0.11-86.2 - fence_azure_arm: fix subscriptionId from metadata Resolves: rhbz#1566632 * Wed Apr 11 2018 Oyvind Albrigtsen - 4.0.11-86.1 - fence_azure_arm: add network-fencing Resolves: rhbz#1565670 - fence_compute/fence_evacuate: fix parameters Resolves: rhbz#1565701 firefox-60.3.0-1.el7_5.bclinux ------------------------------ * Thu Oct 25 2018 Johnny Hughes - 60.3.0-1 - Roll in CentOS Branding * Fri Oct 19 2018 Jan Horak - 60.3.0-1 - Update to 60.3.0 ESR * Wed Oct 10 2018 Jan Horak - 60.2.2-2 - Added patch for rhbz#1633932 * Tue Oct 02 2018 Jan Horak - 60.2.2-1 - Update to 60.2.2 ESR * Mon Sep 24 2018 Jan Horak - 60.2.1-1 - Update to 60.2.1 ESR * Fri Aug 31 2018 Jan Horak - 60.2.0-1 - Update to 60.2.0 ESR * Tue Aug 28 2018 Jan Horak - 60.1.0-9 - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) * Thu Aug 16 2018 Jan Horak - 60.1.0-8 - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) * Thu Jul 12 2018 Jan Horak - 60.1.0-7 - Run at-spi-bus if not running already (for the bundled gtk3) * Mon Jul 09 2018 Jan Horak - 60.1.0-6 - Fix for missing schemes for bundled gtk3 firewall-applet-0.4.4.4-15.el7_5 -------------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections firewall-config-0.4.4.4-15.el7_5 -------------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections firewalld-0.4.4.4-15.el7_5 -------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections firewalld-filesystem-0.4.4.4-15.el7_5 ------------------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections flatpak-0.8.8-4.el7_5 --------------------- * Tue Aug 28 2018 David King - 0.8.8-4 - Add patch for CVE-2018-6560 (#1547376) flatpak-builder-0.8.8-4.el7_5 ----------------------------- * Tue Aug 28 2018 David King - 0.8.8-4 - Add patch for CVE-2018-6560 (#1547376) flatpak-devel-0.8.8-4.el7_5 --------------------------- * Tue Aug 28 2018 David King - 0.8.8-4 - Add patch for CVE-2018-6560 (#1547376) flatpak-libs-0.8.8-4.el7_5 -------------------------- * Tue Aug 28 2018 David King - 0.8.8-4 - Add patch for CVE-2018-6560 (#1547376) freeradius-3.0.13-9.el7_5 ------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-devel-3.0.13-9.el7_5 ------------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-doc-3.0.13-9.el7_5 ----------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-krb5-3.0.13-9.el7_5 ------------------------------ * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-ldap-3.0.13-9.el7_5 ------------------------------ * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-mysql-3.0.13-9.el7_5 ------------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-perl-3.0.13-9.el7_5 ------------------------------ * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-postgresql-3.0.13-9.el7_5 ------------------------------------ * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-python-3.0.13-9.el7_5 -------------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-sqlite-3.0.13-9.el7_5 -------------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-unixODBC-3.0.13-9.el7_5 ---------------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() freeradius-utils-3.0.13-9.el7_5 ------------------------------- * Thu Feb 22 2018 Nikolai Kondrashov - 3.0.13-9 - Fix double free in rlm_sql acct_redundant Resolves: Bug#1551069 Radius service crashes with "Bad talloc magic value - unknown value" when using module sql rlm_sql * Mon Jul 17 2017 Nikolai Kondrashov - 3.0.13-8 - Avoid misinterpreting zero-size malloc in data2vp_extended() fix. - Related: Bug#1469415 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() fwupdate-9-8.el7.centos ----------------------- fwupdate-devel-9-8.el7.centos ----------------------------- fwupdate-efi-9-8.el7.centos --------------------------- fwupdate-libs-9-8.el7.centos ---------------------------- gcc-4.8.5-28.el7_5.1 -------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-c++-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-gfortran-4.8.5-28.el7_5.1 ----------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-gnat-4.8.5-28.el7_5.1 ------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-go-4.8.5-28.el7_5.1 ----------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-objc-4.8.5-28.el7_5.1 ------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-objc++-4.8.5-28.el7_5.1 --------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) gcc-plugin-devel-4.8.5-28.el7_5.1 --------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) ghostscript-9.07-29.el7_5.2 --------------------------- * Mon Sep 17 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.2 - Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1629842) * Mon Sep 10 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.1 - Added security fixes for: - CVE-2018-16509 (bug #1621156) - CVE-2018-15910 (bug #1621157) - CVE-2018-16542 (bug #1621380) ghostscript-cups-9.07-29.el7_5.2 -------------------------------- * Mon Sep 17 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.2 - Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1629842) * Mon Sep 10 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.1 - Added security fixes for: - CVE-2018-16509 (bug #1621156) - CVE-2018-15910 (bug #1621157) - CVE-2018-16542 (bug #1621380) ghostscript-devel-9.07-29.el7_5.2 --------------------------------- * Mon Sep 17 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.2 - Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1629842) * Mon Sep 10 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.1 - Added security fixes for: - CVE-2018-16509 (bug #1621156) - CVE-2018-15910 (bug #1621157) - CVE-2018-16542 (bug #1621380) ghostscript-doc-9.07-29.el7_5.2 ------------------------------- * Mon Sep 17 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.2 - Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1629842) * Mon Sep 10 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.1 - Added security fixes for: - CVE-2018-16509 (bug #1621156) - CVE-2018-15910 (bug #1621157) - CVE-2018-16542 (bug #1621380) ghostscript-gtk-9.07-29.el7_5.2 ------------------------------- * Mon Sep 17 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.2 - Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1629842) * Mon Sep 10 2018 David Kaspar [Dee'Kej] - 9.07-29.el7_5.1 - Added security fixes for: - CVE-2018-16509 (bug #1621156) - CVE-2018-15910 (bug #1621157) - CVE-2018-16542 (bug #1621380) git-1.8.3.1-14.el7_5 -------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-all-1.8.3.1-14.el7_5 ------------------------ * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-bzr-1.8.3.1-14.el7_5 ------------------------ * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-cvs-1.8.3.1-14.el7_5 ------------------------ * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-daemon-1.8.3.1-14.el7_5 --------------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-email-1.8.3.1-14.el7_5 -------------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-gui-1.8.3.1-14.el7_5 ------------------------ * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-hg-1.8.3.1-14.el7_5 ----------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-p4-1.8.3.1-14.el7_5 ----------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 git-svn-1.8.3.1-14.el7_5 ------------------------ * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 gitk-1.8.3.1-14.el7_5 --------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 gitweb-1.8.3.1-14.el7_5 ----------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 glusterfs-3.8.4-54.15.el7.centos -------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-api-3.8.4-54.15.el7.centos ------------------------------------ * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-api-devel-3.8.4-54.15.el7.centos ------------------------------------------ * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-cli-3.8.4-54.15.el7.centos ------------------------------------ * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-client-xlators-3.8.4-54.15.el7.centos ----------------------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-devel-3.8.4-54.15.el7.centos -------------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-fuse-3.8.4-54.15.el7.centos ------------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-libs-3.8.4-54.15.el7.centos ------------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 glusterfs-rdma-3.8.4-54.15.el7.centos ------------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 gnome-themes-standard-3.22.2-2.el7_5 ------------------------------------ * Thu Mar 22 2018 Kalev Lember - 3.22.2-2 - Do not set treeview colors - Resolves: #1549711 gnome-tweak-tool-3.22.0-2.el7_5 ------------------------------- * Fri Apr 13 2018 Kalev Lember - 3.22.0-2 - Remove scaling factor setting, moved to control-center in RHEL 7.5 - Resolves: #1567040 gnupg2-2.0.22-5.el7_5 --------------------- * Thu Jun 21 2018 Tomáš Mráz - 2.0.22-5 - fix CVE-2018-12020 - missing sanitization of original filename gnupg2-smime-2.0.22-5.el7_5 --------------------------- * Thu Jun 21 2018 Tomáš Mráz - 2.0.22-5 - fix CVE-2018-12020 - missing sanitization of original filename gsettings-desktop-schemas-3.24.1-2.el7_5 ---------------------------------------- * Tue Apr 17 2018 Carlos Garnacho - 3.24.1-2 - Add support for Wacom Pro Pen 3D styli Resolves: #1568715 gsettings-desktop-schemas-devel-3.24.1-2.el7_5 ---------------------------------------------- * Tue Apr 17 2018 Carlos Garnacho - 3.24.1-2 - Add support for Wacom Pro Pen 3D styli Resolves: #1568715 gtk-update-icon-cache-3.22.26-4.el7_5 ------------------------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 gtk3-3.22.26-4.el7_5 -------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 gtk3-devel-3.22.26-4.el7_5 -------------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 gtk3-devel-docs-3.22.26-4.el7_5 ------------------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 gtk3-immodule-xim-3.22.26-4.el7_5 --------------------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 gtk3-immodules-3.22.26-4.el7_5 ------------------------------ * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 gtk3-tests-3.22.26-4.el7_5 -------------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 httpd-2.4.6-80.el7.centos.1 --------------------------- * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored httpd-devel-2.4.6-80.el7.centos.1 --------------------------------- * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored httpd-manual-2.4.6-80.el7.centos.1 ---------------------------------- * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored httpd-tools-2.4.6-80.el7.centos.1 --------------------------------- * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored ibacm-15-7.el7_5 ---------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 initscripts-9.49.41-1.el7_5.2 ----------------------------- * Tue Aug 28 2018 David Kaspar [Dee'Kej] - 9.49.41-1.el7_5.2 - ifup-post: fix incorrect condition for RESOLV_MODS (bug #1622533) * Mon Jun 11 2018 David Kaspar [Dee'Kej] - 9.49.41-1.el7_5.1 - network-scripts: setting of firewall ZONE fixed (bug #1588566) ipa-client-4.5.4-10.el7.centos.4.4 ---------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-client-common-4.5.4-10.el7.centos.4.4 ----------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-common-4.5.4-10.el7.centos.4.4 ---------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-python-compat-4.5.4-10.el7.centos.4.4 ----------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-server-4.5.4-10.el7.centos.4.4 ---------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-server-common-4.5.4-10.el7.centos.4.4 ----------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-server-dns-4.5.4-10.el7.centos.4.4 -------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install ipa-server-trust-ad-4.5.4-10.el7.centos.4.4 ------------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install iptables-1.4.21-24.1.el7_5 -------------------------- * Tue Apr 03 2018 Phil Sutter - 1.4.21-24.1 - Fix for stopping iptables and ip6tables at the same time (RHBZ#1563168) - Propagate errors on service stop (RHBZ#1563168) - Avoid overwriting parent's return code (RHBZ#1563168) iptables-devel-1.4.21-24.1.el7_5 -------------------------------- * Tue Apr 03 2018 Phil Sutter - 1.4.21-24.1 - Fix for stopping iptables and ip6tables at the same time (RHBZ#1563168) - Propagate errors on service stop (RHBZ#1563168) - Avoid overwriting parent's return code (RHBZ#1563168) iptables-services-1.4.21-24.1.el7_5 ----------------------------------- * Tue Apr 03 2018 Phil Sutter - 1.4.21-24.1 - Fix for stopping iptables and ip6tables at the same time (RHBZ#1563168) - Propagate errors on service stop (RHBZ#1563168) - Avoid overwriting parent's return code (RHBZ#1563168) iptables-utils-1.4.21-24.1.el7_5 -------------------------------- * Tue Apr 03 2018 Phil Sutter - 1.4.21-24.1 - Fix for stopping iptables and ip6tables at the same time (RHBZ#1563168) - Propagate errors on service stop (RHBZ#1563168) - Avoid overwriting parent's return code (RHBZ#1563168) iwl100-firmware-39.31.5.1-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl1000-firmware-39.31.5.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl105-firmware-18.168.6.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl135-firmware-18.168.6.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl2000-firmware-18.168.6.1-62.2.el7_5 -------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl2030-firmware-18.168.6.1-62.2.el7_5 -------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl3160-firmware-22.0.7.0-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl3945-firmware-15.32.2.9-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl4965-firmware-228.61.2.24-62.2.el7_5 --------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl5000-firmware-8.83.5.1_1-62.2.el7_5 -------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl5150-firmware-8.24.2.2-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6000-firmware-9.221.4.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6000g2a-firmware-17.168.5.3-62.2.el7_5 ----------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6000g2b-firmware-17.168.5.2-62.2.el7_5 ----------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6050-firmware-41.28.5.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl7260-firmware-22.0.7.0-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl7265-firmware-22.0.7.0-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwpmd-15-7.el7_5 ---------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el7_5 ------------------------------------------- * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.7.0-openjdk-accessibility-1.7.0.191-2.6.15.4.el7_5 --------------------------------------------------------- * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el7_5 ------------------------------------------------ * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el7_5 ------------------------------------------------- * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.4.el7_5 ---------------------------------------------------- * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.7.0-openjdk-javadoc-1.7.0.191-2.6.15.4.el7_5 --------------------------------------------------- * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el7_5 ----------------------------------------------- * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.4 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 * Thu Jul 19 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.3 - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Mon Jul 16 2018 Severin Gehwolf - 1:1.7.0.191-2.6.15.2 - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 * Wed Jul 11 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.1 - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.0 - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Severin Gehwolf - 1:1.7.0.181-2.6.14.10 - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 * Tue Jul 03 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.10 - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 * Wed Jun 20 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.10 - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 * Tue May 22 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.9 - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5 ---------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-accessibility-1.8.0.191.b12-0.el7_5 ------------------------------------------------------ * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-accessibility-debug-1.8.0.191.b12-0.el7_5 ------------------------------------------------------------ * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-debug-1.8.0.191.b12-0.el7_5 ---------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-demo-1.8.0.191.b12-0.el7_5 --------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-demo-debug-1.8.0.191.b12-0.el7_5 --------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5 ---------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-devel-debug-1.8.0.191.b12-0.el7_5 ---------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el7_5 ------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-headless-debug-1.8.0.191.b12-0.el7_5 ------------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-javadoc-1.8.0.191.b12-0.el7_5 ------------------------------------------------ * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-javadoc-debug-1.8.0.191.b12-0.el7_5 ------------------------------------------------------ * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-javadoc-zip-1.8.0.191.b12-0.el7_5 ---------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.191.b12-0.el7_5 ---------------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-src-1.8.0.191.b12-0.el7_5 -------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 java-1.8.0-openjdk-src-debug-1.8.0.191.b12-0.el7_5 -------------------------------------------------- * Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 * Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 * Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 * Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0 - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 * Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 * Wed Aug 08 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 * Tue Aug 07 2018 Andrew Hughes - 1:1.8.0.181-4.b13 - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 jss-4.4.0-13.el7_5 ------------------ * Mon Jul 02 2018 Dogtag Team 4.4.2-13 - Bugzilla #1595759 - org.mozilla.jss.pkix.primitive.AlgorithmIdentifier decode/encode process alters original data [rhel-7.5.z] (cfu) - Bugzilla #1596552 - JSS: Add support for TLS_*_SHA384 ciphers [rhel-7.5.z] (cfu) * Tue May 22 2018 Dogtag Team 4.4.2-12 - Bugzilla #1579202 - JSS has wrong encoding for ecdsa with sha* AlgorithmIdentifier [rhel-7.5.z] (cfu) jss-javadoc-4.4.0-13.el7_5 -------------------------- * Mon Jul 02 2018 Dogtag Team 4.4.2-13 - Bugzilla #1595759 - org.mozilla.jss.pkix.primitive.AlgorithmIdentifier decode/encode process alters original data [rhel-7.5.z] (cfu) - Bugzilla #1596552 - JSS: Add support for TLS_*_SHA384 ciphers [rhel-7.5.z] (cfu) * Tue May 22 2018 Dogtag Team 4.4.2-12 - Bugzilla #1579202 - JSS has wrong encoding for ecdsa with sha* AlgorithmIdentifier [rhel-7.5.z] (cfu) kernel-3.10.0-862.27.1.el7 -------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-abi-whitelists-3.10.0-862.27.1.el7 ----------------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-debug-3.10.0-862.14.4.el7 -------------------------------- * Tue Sep 25 2018 CentOS Sources - 3.10.0-862.14.4.el7 - Apply debranding changes - Signed with the new secureboot key * Fri Sep 21 2018 Rado Vrbovsky [3.10.0-862.14.4.el7] - [scsi] Revert: lpfc: Fix port initialization failure (Radomir Vrbovsky) [1605235 1584377] - [scsi] Revert: qla2xxx: Fix NULL pointer access for fcport structure (Radomir Vrbovsky) [1597546 1547714] * Thu Sep 13 2018 Rado Vrbovsky [3.10.0-862.14.3.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 10 2018 Jan Stancek [3.10.0-862.14.2.el7] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] * Wed Aug 22 2018 Rado Vrbovsky [3.10.0-862.14.1.el7] - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619622 1614515] - [infiniband] core: Fix nospec regression (Josh Poimboeuf) [1619624 1616346] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618390 1607899] * Sat Aug 18 2018 Rado Vrbovsky [3.10.0-862.13.1.el7] - [infiniband] ib/ipoib: Fix race condition in neigh creation (Don Dutile) [1616164 1520300] - [gpu] qxl: hook monitors_config updates into crtc, not encoder (Gerd Hoffmann) [1614349 1544322] - [gpu] qxl: move qxl_send_monitors_config() (Gerd Hoffmann) [1614349 1544322] - [gpu] qxl: remove qxl_io_log() (Gerd Hoffmann) [1614349 1544322] - [kernel] locking: Introduce smp_mb__after_spinlock() (Steve Best) [1613814 1496574] - [scsi] ibmvfc: Avoid unnecessary port relogin (Steve Best) [1613202 1605080] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612353 1585297] - [nvmet-fc] move tech preview warning to nvmet_fc_register_targetport call (Ewan Milne) [1610381 1608947] - [nvme-fc] move tech preview warning to nvme_fc_register_localport call (Ewan Milne) [1610381 1608947] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1608228 1567748] - [powerpc] signals: Discard transaction state from signal frames (Steve Best) [1608227 1586153] - [ipc] shm.c: add split function to shm_vm_ops (Desnes Augusto Nunes do Rosario) [1608225 1586152] - [scsi] lpfc: Fix port initialization failure (Dick Kennedy) [1605235 1584377] - [vmbus] fix the missed signaling in hv_signal_on_read() (Vitaly Kuznetsov) [1605089 1591976] - [infiniband] ib/ipoib: Fix for potential no-carrier state (Donald Dutile) [1601935 1548474] - [vmwgfx] refuse to hibernate if we have any resources. (v2) (Dave Airlie) [1601516 1595136] - [netdrv] sfc: stop the TX queue before pushing new buffers (Xin Long) [1601353 1445576] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601009 1559106] - [kernel] hrtimer: Allow concurrent hrtimer_start() for self restarting timers (Oleksandr Natalenko) [1600911 1574387] - [iommu] amd: Add NULL sanity check for struct irq_2_irte.ir_data (Suravee Suthikulpanit) [1600661 1542697] - [hid] wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (Benjamin Tissoires) [1600660 1591499] - [md] avoid NULL dereference to queue pointer (Ming Lei) [1600056 1581845] - [scsi] qla2xxx: Fix NULL pointer access for fcport structure (Himanshu Madhani) [1597546 1547714] - [scsi] csiostor: Add a soft dep on cxgb4 driver (Arjun Vynipadath) [1597529 1584003] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588366 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588366 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3693} - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [x86] x86/syscall: Fix regression when using the last syscall (pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693} - [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Expose SMT control init function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Online siblings when SMT control is turned on (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - Revert "x86/apic: Ignore secondary threads if nosmt=force" (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU: Modify detect_extended_topology() to return result (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} * Wed Aug 01 2018 Jan Stancek [3.10.0-862.12.1.el7] - [fs] CIFS: Fix NULL pointer deref on SMB2_tcon() failure (Leif Sahlberg) [1609159 1591092] - [net] multicast: do not restore deleted record source filter mode to new one (Hangbin Liu) [1610380 1586321] - [net] multicast: remove useless parameter for group add (Hangbin Liu) [1610380 1586321] - [net] ipv6/mcast: init as INCLUDE when join SSM INCLUDE group (Hangbin Liu) [1610380 1586321] - [net] ipv4/igmp: init group mode as INCLUDE when join source group (Hangbin Liu) [1610380 1586321] - [net] ipv6: mcast: fix unsolicited report interval after receiving querys (Hangbin Liu) [1610380 1586321] - [net] ipv6: refactor ipv6_dev_mc_inc() (Hangbin Liu) [1610380 1586321] * Fri Jul 20 2018 Rado Vrbovsky [3.10.0-862.11.1.el7] - [tcmu] allow userspace to reset ring (Xiubo Li) [1599669 1562587] - [tcmu] remove commands_lock (Xiubo Li) [1599669 1562587] - [tcmu] move expired command completion to unmap thread (Xiubo Li) [1599669 1562587] - [tcmu] add cmd timeout handling wq (Xiubo Li) [1599669 1562587] - [tcmu] don't block submitting context for block waits (Xiubo Li) [1599669 1562587] - [tcmu] fix double se_cmd completion (Xiubo Li) [1599669 1562587] - [tcmu] replace spin lock with mutex (Xiubo Li) [1599669 1562587] - [target] add SAM_STAT_BUSY sense reason (Xiubo Li) [1599669 1562587] - [target] core: add device action configfs files (Xiubo Li) [1599669 1562587] - [target] Avoid mappedlun symlink creation during lun shutdown (Xiubo Li) [1599656 1585081] - [spectre] update Spectre v1 mitigation string (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [spectre] fix hiddev nospec issues (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] syscall: clarify clobbered registers in entry code (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [powerpc] add missing barrier_nospec() in __get_user64_nocheck() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [spectre] fix gadgets found by smatch scanner (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] hdspm: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] asihpi: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [kernel] time: Protect posix clock array access against speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [sched] autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [perf] core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [sysvipc] sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [usbip] vhci_sysfs: fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] kvm: Update spectre-v1 mitigation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] kvm: Add memory barrier on vmcs field lookup (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [documentation] Document array_index_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Include dependency (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] usercopy: Replace open coded stac/clac with __uaccess_{begin, end} (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: fix sparse errors (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} * Wed Jul 04 2018 Rado Vrbovsky [3.10.0-862.10.1.el7] - [x86] add _TIF_UPROBE to _TIF_DO_NOTIFY_MASK (Oleg Nesterov) [1595155 1579521] - [x86] spec_ctrl: Always clear SPEC_CTRL MSRs when disabling IBRS (Radomir Vrbovsky) [1586150 1574730] - [sound] alsa: hda/realtek - Add headset mode support for Dell laptop (Jaroslav Kysela) [1588946 1528587] - [sound] alsa: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (Jaroslav Kysela) [1593586 1535427] - [mm] compaction: release zone irqlock in isolate_freepages_block (Andrea Arcangeli) [1596283 1582793] - [mm] compaction: change the timing to check to drop the spinlock (Andrea Arcangeli) [1596283 1582793] - [fs] dcache.c: add cond_resched() in shrink_dentry_list() (Aaron Tomlin) [1596184 1584693] - [misc] vmware balloon: Treat init like reset (Cathy Avery) [1595601 1540110] - [netdrv] qede: Fix ref-cnt usage count (Chad Dupuis) [1594700 1574847] - [x86] kvm: fix LAPIC timer drift when guest uses periodic mode ("Dr. David Alan Gilbert") [1594292 1584775] - [x86] kvm: remove APIC Timer periodic/oneshot spikes ("Dr. David Alan Gilbert") [1594292 1584775] - [netdrv] mlx4_en: Increase number of default RX rings (Erez Alfasi) [1594127 1520295] - [netdrv] mlx4_en: Limit the number of RX rings (Erez Alfasi) [1594127 1520295] - [netdrv] mlx4_en: Limit the number of TX rings (Erez Alfasi) [1594127 1520295] - [fs] ceph: don't set read_ahead_kb to 0 by default (Ilya Dryomov) [1590825 1579539] - [scsi] qla2xxx: Remove stale debug value for login_retry flag (Himanshu Madhani) [1588937 1578880] - [x86] topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Prarit Bhargava) [1588563 1582023] - [acpi] osi: Add OEM _OSI strings to disable NVidia RTD3 (Jaroslav Kysela) [1584685 1581391] - [hv] vmbus: Fix a rescind issue (Eduardo Otubo) [1582124 1518498] - [linux] libata: enable host-wide tags (Ewan Milne) [1581728 1491014] - [ata] libata: remove ATA_FLAG_LOWTAG (Ewan Milne) [1581728 1491014] - [ata] Add a new flag to destinguish sas controller (Ewan Milne) [1581728 1491014] - [ata] libata: make sata_sil24 use fifo tag allocator (Ewan Milne) [1581728 1491014] - [ata] libata: move sas ata tag allocation to libata-scsi.c (Ewan Milne) [1581728 1491014] - [ata] libata: use blk taging (Ewan Milne) [1581728 1491014] - [nvme] rdma: Use mr pool (David Milburn) [1581347 1547273] - [nvme] rdma: Check remotely invalidated rkey matches our expected rkey (David Milburn) [1581347 1547273] - [nvme] rdma: wait for local invalidation before completing a request (David Milburn) [1581347 1547273] - [nvme] rdma: don't complete requests before a send work request has completed (David Milburn) [1581347 1547273] - [nvme] rdma: don't suppress send completions (David Milburn) [1581347 1547273] - [x86] kvm: Fix loss of pending INIT due to race (Radim Krcmar) [1580467 1569473] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576759 1576755] {CVE-2018-10675} - [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550171 1593586 1550169 1535427] {CVE-2018-7566} - [crypto] algif_skcipher: Load TX SG list after waiting (Bruno Eduardo de Oliveira Meneguele) [1541870 1541875] {CVE-2017-13215} * Wed Jun 27 2018 Frantisek Hrbata [3.10.0-862.9.1.el7] - [iscsi-target] Fix iscsi_np reset hung task during parallel delete (Maurizio Lombardi) [1583593 1579217] kernel-debug-devel-3.10.0-862.14.4.el7 -------------------------------------- * Tue Sep 25 2018 CentOS Sources - 3.10.0-862.14.4.el7 - Apply debranding changes - Signed with the new secureboot key * Fri Sep 21 2018 Rado Vrbovsky [3.10.0-862.14.4.el7] - [scsi] Revert: lpfc: Fix port initialization failure (Radomir Vrbovsky) [1605235 1584377] - [scsi] Revert: qla2xxx: Fix NULL pointer access for fcport structure (Radomir Vrbovsky) [1597546 1547714] * Thu Sep 13 2018 Rado Vrbovsky [3.10.0-862.14.3.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 10 2018 Jan Stancek [3.10.0-862.14.2.el7] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] * Wed Aug 22 2018 Rado Vrbovsky [3.10.0-862.14.1.el7] - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619622 1614515] - [infiniband] core: Fix nospec regression (Josh Poimboeuf) [1619624 1616346] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618390 1607899] * Sat Aug 18 2018 Rado Vrbovsky [3.10.0-862.13.1.el7] - [infiniband] ib/ipoib: Fix race condition in neigh creation (Don Dutile) [1616164 1520300] - [gpu] qxl: hook monitors_config updates into crtc, not encoder (Gerd Hoffmann) [1614349 1544322] - [gpu] qxl: move qxl_send_monitors_config() (Gerd Hoffmann) [1614349 1544322] - [gpu] qxl: remove qxl_io_log() (Gerd Hoffmann) [1614349 1544322] - [kernel] locking: Introduce smp_mb__after_spinlock() (Steve Best) [1613814 1496574] - [scsi] ibmvfc: Avoid unnecessary port relogin (Steve Best) [1613202 1605080] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612353 1585297] - [nvmet-fc] move tech preview warning to nvmet_fc_register_targetport call (Ewan Milne) [1610381 1608947] - [nvme-fc] move tech preview warning to nvme_fc_register_localport call (Ewan Milne) [1610381 1608947] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1608228 1567748] - [powerpc] signals: Discard transaction state from signal frames (Steve Best) [1608227 1586153] - [ipc] shm.c: add split function to shm_vm_ops (Desnes Augusto Nunes do Rosario) [1608225 1586152] - [scsi] lpfc: Fix port initialization failure (Dick Kennedy) [1605235 1584377] - [vmbus] fix the missed signaling in hv_signal_on_read() (Vitaly Kuznetsov) [1605089 1591976] - [infiniband] ib/ipoib: Fix for potential no-carrier state (Donald Dutile) [1601935 1548474] - [vmwgfx] refuse to hibernate if we have any resources. (v2) (Dave Airlie) [1601516 1595136] - [netdrv] sfc: stop the TX queue before pushing new buffers (Xin Long) [1601353 1445576] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601009 1559106] - [kernel] hrtimer: Allow concurrent hrtimer_start() for self restarting timers (Oleksandr Natalenko) [1600911 1574387] - [iommu] amd: Add NULL sanity check for struct irq_2_irte.ir_data (Suravee Suthikulpanit) [1600661 1542697] - [hid] wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (Benjamin Tissoires) [1600660 1591499] - [md] avoid NULL dereference to queue pointer (Ming Lei) [1600056 1581845] - [scsi] qla2xxx: Fix NULL pointer access for fcport structure (Himanshu Madhani) [1597546 1547714] - [scsi] csiostor: Add a soft dep on cxgb4 driver (Arjun Vynipadath) [1597529 1584003] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588366 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588366 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3693} - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [x86] x86/syscall: Fix regression when using the last syscall (pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693} - [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Expose SMT control init function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Online siblings when SMT control is turned on (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - Revert "x86/apic: Ignore secondary threads if nosmt=force" (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU: Modify detect_extended_topology() to return result (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} * Wed Aug 01 2018 Jan Stancek [3.10.0-862.12.1.el7] - [fs] CIFS: Fix NULL pointer deref on SMB2_tcon() failure (Leif Sahlberg) [1609159 1591092] - [net] multicast: do not restore deleted record source filter mode to new one (Hangbin Liu) [1610380 1586321] - [net] multicast: remove useless parameter for group add (Hangbin Liu) [1610380 1586321] - [net] ipv6/mcast: init as INCLUDE when join SSM INCLUDE group (Hangbin Liu) [1610380 1586321] - [net] ipv4/igmp: init group mode as INCLUDE when join source group (Hangbin Liu) [1610380 1586321] - [net] ipv6: mcast: fix unsolicited report interval after receiving querys (Hangbin Liu) [1610380 1586321] - [net] ipv6: refactor ipv6_dev_mc_inc() (Hangbin Liu) [1610380 1586321] * Fri Jul 20 2018 Rado Vrbovsky [3.10.0-862.11.1.el7] - [tcmu] allow userspace to reset ring (Xiubo Li) [1599669 1562587] - [tcmu] remove commands_lock (Xiubo Li) [1599669 1562587] - [tcmu] move expired command completion to unmap thread (Xiubo Li) [1599669 1562587] - [tcmu] add cmd timeout handling wq (Xiubo Li) [1599669 1562587] - [tcmu] don't block submitting context for block waits (Xiubo Li) [1599669 1562587] - [tcmu] fix double se_cmd completion (Xiubo Li) [1599669 1562587] - [tcmu] replace spin lock with mutex (Xiubo Li) [1599669 1562587] - [target] add SAM_STAT_BUSY sense reason (Xiubo Li) [1599669 1562587] - [target] core: add device action configfs files (Xiubo Li) [1599669 1562587] - [target] Avoid mappedlun symlink creation during lun shutdown (Xiubo Li) [1599656 1585081] - [spectre] update Spectre v1 mitigation string (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [spectre] fix hiddev nospec issues (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] syscall: clarify clobbered registers in entry code (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [powerpc] add missing barrier_nospec() in __get_user64_nocheck() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [spectre] fix gadgets found by smatch scanner (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] hdspm: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] asihpi: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [kernel] time: Protect posix clock array access against speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [sched] autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [perf] core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [sysvipc] sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [usbip] vhci_sysfs: fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] kvm: Update spectre-v1 mitigation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] kvm: Add memory barrier on vmcs field lookup (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [documentation] Document array_index_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Include dependency (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] usercopy: Replace open coded stac/clac with __uaccess_{begin, end} (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: fix sparse errors (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} * Wed Jul 04 2018 Rado Vrbovsky [3.10.0-862.10.1.el7] - [x86] add _TIF_UPROBE to _TIF_DO_NOTIFY_MASK (Oleg Nesterov) [1595155 1579521] - [x86] spec_ctrl: Always clear SPEC_CTRL MSRs when disabling IBRS (Radomir Vrbovsky) [1586150 1574730] - [sound] alsa: hda/realtek - Add headset mode support for Dell laptop (Jaroslav Kysela) [1588946 1528587] - [sound] alsa: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (Jaroslav Kysela) [1593586 1535427] - [mm] compaction: release zone irqlock in isolate_freepages_block (Andrea Arcangeli) [1596283 1582793] - [mm] compaction: change the timing to check to drop the spinlock (Andrea Arcangeli) [1596283 1582793] - [fs] dcache.c: add cond_resched() in shrink_dentry_list() (Aaron Tomlin) [1596184 1584693] - [misc] vmware balloon: Treat init like reset (Cathy Avery) [1595601 1540110] - [netdrv] qede: Fix ref-cnt usage count (Chad Dupuis) [1594700 1574847] - [x86] kvm: fix LAPIC timer drift when guest uses periodic mode ("Dr. David Alan Gilbert") [1594292 1584775] - [x86] kvm: remove APIC Timer periodic/oneshot spikes ("Dr. David Alan Gilbert") [1594292 1584775] - [netdrv] mlx4_en: Increase number of default RX rings (Erez Alfasi) [1594127 1520295] - [netdrv] mlx4_en: Limit the number of RX rings (Erez Alfasi) [1594127 1520295] - [netdrv] mlx4_en: Limit the number of TX rings (Erez Alfasi) [1594127 1520295] - [fs] ceph: don't set read_ahead_kb to 0 by default (Ilya Dryomov) [1590825 1579539] - [scsi] qla2xxx: Remove stale debug value for login_retry flag (Himanshu Madhani) [1588937 1578880] - [x86] topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Prarit Bhargava) [1588563 1582023] - [acpi] osi: Add OEM _OSI strings to disable NVidia RTD3 (Jaroslav Kysela) [1584685 1581391] - [hv] vmbus: Fix a rescind issue (Eduardo Otubo) [1582124 1518498] - [linux] libata: enable host-wide tags (Ewan Milne) [1581728 1491014] - [ata] libata: remove ATA_FLAG_LOWTAG (Ewan Milne) [1581728 1491014] - [ata] Add a new flag to destinguish sas controller (Ewan Milne) [1581728 1491014] - [ata] libata: make sata_sil24 use fifo tag allocator (Ewan Milne) [1581728 1491014] - [ata] libata: move sas ata tag allocation to libata-scsi.c (Ewan Milne) [1581728 1491014] - [ata] libata: use blk taging (Ewan Milne) [1581728 1491014] - [nvme] rdma: Use mr pool (David Milburn) [1581347 1547273] - [nvme] rdma: Check remotely invalidated rkey matches our expected rkey (David Milburn) [1581347 1547273] - [nvme] rdma: wait for local invalidation before completing a request (David Milburn) [1581347 1547273] - [nvme] rdma: don't complete requests before a send work request has completed (David Milburn) [1581347 1547273] - [nvme] rdma: don't suppress send completions (David Milburn) [1581347 1547273] - [x86] kvm: Fix loss of pending INIT due to race (Radim Krcmar) [1580467 1569473] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576759 1576755] {CVE-2018-10675} - [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550171 1593586 1550169 1535427] {CVE-2018-7566} - [crypto] algif_skcipher: Load TX SG list after waiting (Bruno Eduardo de Oliveira Meneguele) [1541870 1541875] {CVE-2017-13215} * Wed Jun 27 2018 Frantisek Hrbata [3.10.0-862.9.1.el7] - [iscsi-target] Fix iscsi_np reset hung task during parallel delete (Maurizio Lombardi) [1583593 1579217] kernel-devel-3.10.0-862.27.1.el7 -------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-doc-3.10.0-862.27.1.el7 ------------------------------ * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-headers-3.10.0-862.27.1.el7 ---------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-tools-3.10.0-862.27.1.el7 -------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-tools-libs-3.10.0-862.27.1.el7 ------------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-tools-libs-devel-3.10.0-862.27.1.el7 ------------------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kexec-tools-2.0.15-13.el7_5.2 ----------------------------- * Thu Aug 16 2018 Pingfan Liu 2.0.15-13.2 - kdumpctl: Remove 'netroot' and 'iscsi initiator' entries from kdump cmdline * Tue Jun 26 2018 Pingfan Liu 2.0.15-13.1 - makedumpfile: fix for hugepages filtering kexec-tools-anaconda-addon-2.0.15-13.el7_5.2 -------------------------------------------- * Thu Aug 16 2018 Pingfan Liu 2.0.15-13.2 - kdumpctl: Remove 'netroot' and 'iscsi initiator' entries from kdump cmdline * Tue Jun 26 2018 Pingfan Liu 2.0.15-13.1 - makedumpfile: fix for hugepages filtering kexec-tools-eppic-2.0.15-13.el7_5.2 ----------------------------------- * Thu Aug 16 2018 Pingfan Liu 2.0.15-13.2 - kdumpctl: Remove 'netroot' and 'iscsi initiator' entries from kdump cmdline * Tue Jun 26 2018 Pingfan Liu 2.0.15-13.1 - makedumpfile: fix for hugepages filtering kmod-kvdo-6.1.0.181-17.el7_5 ---------------------------- * Sat Jul 21 2018 - Andy Walsh - 6.1.0.181-17 - Fixed a bug which would cause kernel panics when a VDO device is stacked on a RAID50 device. - Resolves: rhbz#1599668 - Fixed a bug which could cause data loss when discarding unused portions of a VDO's logical space. - Resolves: rhbz#1600058 - Modified grow physical to fail in the prepare step if the size isn't changing, avoiding a suspend-and-resume cycle. - Resolves: rhbz#1600662 - Fixed a bug which would cause attempts to grow the physical size of a VDO device to fail if the device below the VDO was resized while the VDO was offline. - Resolves: rhbz#1591180 * Mon Jun 11 2018 - Andy Walsh - 6.1.0.171-17 - Bumped NVR to maintain kABI compatibility. - Resolves: rhbz#1578421 * Sat May 19 2018 - Andy Walsh - 6.1.0.171-16 - Fixed a bug which prevented disabling of the UDS index. - Resolves: rhbz#1578421 * Sun Apr 29 2018 - Andy Walsh - 6.1.0.168-16 - Updated source to use GitHub - Fixed module version checking for upgrades. - Removed debug kernel requirement from spec file. - Fixed a deadlock resulting from sleeping while holding a spinlock while getting statistics. - Resolves: rhbz#1567742 - Fixed bugs arising from attempts to access sysfs nodes during startup and shutdown. - Resolves: rhbz#1567744 - Removed the prepare_ioctl() function to avoid signature changes since this function currently does nothing. - Resolves: rhbz#1572494 kpartx-0.4.9-119.el7_5.1 ------------------------ * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 krb5-devel-1.15.1-19.el7 ------------------------ * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 krb5-libs-1.15.1-19.el7 ----------------------- * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 krb5-pkinit-1.15.1-19.el7 ------------------------- * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 krb5-server-1.15.1-19.el7 ------------------------- * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 krb5-server-ldap-1.15.1-19.el7 ------------------------------ * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 krb5-workstation-1.15.1-19.el7 ------------------------------ * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 libasan-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libasan-static-4.8.5-28.el7_5.1 ------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libatomic-4.8.5-28.el7_5.1 -------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libatomic-static-4.8.5-28.el7_5.1 --------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libblkid-2.23.2-52.el7_5.1 -------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libblkid-devel-2.23.2-52.el7_5.1 -------------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libcilkrts-7.2.1-1.2.1.el7_5 ---------------------------- * Thu Apr 05 2018 Marek Polacek 7.2.1-1.2.1 - Add support for DEC formatting extensions (#1564043) libcom_err-1.42.9-12.el7_5 -------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) libcom_err-devel-1.42.9-12.el7_5 -------------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) libdmmp-0.4.9-119.el7_5.1 ------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 libdmmp-devel-0.4.9-119.el7_5.1 ------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 libepoxy-1.3.1-2.el7_5 ---------------------- * Wed Apr 11 2018 Debarshi Ray - 1.3.1-2 - Prevent crash in epoxy_glx_version if GLX is not available Resolves: #1566101 libepoxy-devel-1.3.1-2.el7_5 ---------------------------- * Wed Apr 11 2018 Debarshi Ray - 1.3.1-2 - Prevent crash in epoxy_glx_version if GLX is not available Resolves: #1566101 libgcc-4.8.5-28.el7_5.1 ----------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgfortran-4.8.5-28.el7_5.1 ---------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgfortran-static-4.8.5-28.el7_5.1 ----------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgfortran4-8.2.1-1.3.1.el7_5 ------------------------------ * Mon Aug 27 2018 Marek Polacek 8.2.1-1.3.1 - update 0022-Default-values-for-certain-field-descriptors-in-form.patch * Thu Aug 02 2018 Marek Polacek 8.2.1-1.2.1 - update from rhel-7.6 branch * Thu Apr 05 2018 Marek Polacek 7.2.1-1.2.1 - Add support for DEC formatting extensions (#1564043) libgnat-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgnat-devel-4.8.5-28.el7_5.1 ------------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgnat-static-4.8.5-28.el7_5.1 ------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgo-4.8.5-28.el7_5.1 ---------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgo-devel-4.8.5-28.el7_5.1 ---------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgo-static-4.8.5-28.el7_5.1 ----------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgomp-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgudev1-219-57.el7_5.5 ------------------------ * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) libgudev1-devel-219-57.el7_5.5 ------------------------------ * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) libguestfs-1.36.10-6.el7_5.2 ---------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-bash-completion-1.36.10-6.el7_5.2 -------------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-benchmarking-1.36.10-6.el7_5.2 ----------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-devel-1.36.10-6.el7_5.2 ---------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-gfs2-1.36.10-6.el7_5.2 --------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-gobject-1.36.10-6.el7_5.2 ------------------------------------ * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-gobject-devel-1.36.10-6.el7_5.2 ------------------------------------------ * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-gobject-doc-1.36.10-6.el7_5.2 ---------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-inspect-icons-1.36.10-6.el7_5.2 ------------------------------------------ * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-java-1.36.10-6.el7_5.2 --------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-java-devel-1.36.10-6.el7_5.2 --------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-javadoc-1.36.10-6.el7_5.2 ------------------------------------ * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-man-pages-ja-1.36.10-6.el7_5.2 ----------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-man-pages-uk-1.36.10-6.el7_5.2 ----------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-rescue-1.36.10-6.el7_5.2 ----------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-rsync-1.36.10-6.el7_5.2 ---------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-tools-1.36.10-6.el7_5.2 ---------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-tools-c-1.36.10-6.el7_5.2 ------------------------------------ * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libguestfs-xfs-1.36.10-6.el7_5.2 -------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 libibcm-15-7.el7_5 ------------------ * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 libibumad-15-7.el7_5 -------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 libibverbs-15-7.el7_5 --------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 libibverbs-utils-15-7.el7_5 --------------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 libipa_hbac-1.16.0-19.el7_5.8 ----------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libipa_hbac-devel-1.16.0-19.el7_5.8 ----------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libitm-4.8.5-28.el7_5.1 ----------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libitm-devel-4.8.5-28.el7_5.1 ----------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libitm-static-4.8.5-28.el7_5.1 ------------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libkadm5-1.15.1-19.el7 ---------------------- * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 libmount-2.23.2-52.el7_5.1 -------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libmount-devel-2.23.2-52.el7_5.1 -------------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libmudflap-4.8.5-28.el7_5.1 --------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libmudflap-devel-4.8.5-28.el7_5.1 --------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libmudflap-static-4.8.5-28.el7_5.1 ---------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libobjc-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libquadmath-4.8.5-28.el7_5.1 ---------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libquadmath-devel-4.8.5-28.el7_5.1 ---------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libquadmath-static-4.8.5-28.el7_5.1 ----------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) librdmacm-15-7.el7_5 -------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 librdmacm-utils-15-7.el7_5 -------------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 librelp-1.2.12-1.el7_5.1 ------------------------ * Wed Mar 28 2018 Radovan Sroka 1.2.12-1.1 - fixed bad NVR - resolves rhbz#1561232 * Wed Mar 28 2018 Radovan Sroka 1.2.12-2 - fixed CVE-2018-1000140 - resolves rhbz#1561232 librelp-devel-1.2.12-1.el7_5.1 ------------------------------ * Wed Mar 28 2018 Radovan Sroka 1.2.12-1.1 - fixed bad NVR - resolves rhbz#1561232 * Wed Mar 28 2018 Radovan Sroka 1.2.12-2 - fixed CVE-2018-1000140 - resolves rhbz#1561232 libreswan-3.23-5.el7_5 ---------------------- * Fri May 25 2018 Paul Wouters - 3.23-5 - Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode [spec file only update] * Wed May 02 2018 Paul Wouters - 3.23-4 - Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode when RSA key is generated - Resolves: rhbz#1574456 Shared IKE SA leads to rekey interop issues - Resolves: rhbz#1574457 IKEv2 liveness false positive on IKEv2 idle connections causes tunnel to be restarted libsmbclient-4.7.1-9.el7_5 -------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo libsmbclient-devel-4.7.1-9.el7_5 -------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo libss-1.42.9-12.el7_5 --------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) libss-devel-1.42.9-12.el7_5 --------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) libsss_autofs-1.16.0-19.el7_5.8 ------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_certmap-1.16.0-19.el7_5.8 -------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_certmap-devel-1.16.0-19.el7_5.8 -------------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_idmap-1.16.0-19.el7_5.8 ------------------------------ * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_idmap-devel-1.16.0-19.el7_5.8 ------------------------------------ * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_nss_idmap-1.16.0-19.el7_5.8 ---------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_nss_idmap-devel-1.16.0-19.el7_5.8 ---------------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_simpleifp-1.16.0-19.el7_5.8 ---------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_simpleifp-devel-1.16.0-19.el7_5.8 ---------------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libsss_sudo-1.16.0-19.el7_5.8 ----------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] libstdc++-4.8.5-28.el7_5.1 -------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libstdc++-devel-4.8.5-28.el7_5.1 -------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libstdc++-docs-4.8.5-28.el7_5.1 ------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libstdc++-static-4.8.5-28.el7_5.1 --------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libtsan-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libtsan-static-4.8.5-28.el7_5.1 ------------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libuuid-2.23.2-52.el7_5.1 ------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libuuid-devel-2.23.2-52.el7_5.1 ------------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libvirt-3.9.0-14.el7_5.8 ------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-admin-3.9.0-14.el7_5.8 ------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-client-3.9.0-14.el7_5.8 ------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-3.9.0-14.el7_5.8 ------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-config-network-3.9.0-14.el7_5.8 ---------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.8 ----------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-interface-3.9.0-14.el7_5.8 ------------------------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-lxc-3.9.0-14.el7_5.8 ------------------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-network-3.9.0-14.el7_5.8 ---------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.8 ---------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.8 ----------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-qemu-3.9.0-14.el7_5.8 ------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-secret-3.9.0-14.el7_5.8 --------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-3.9.0-14.el7_5.8 ---------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.8 --------------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.8 --------------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.8 ------------------------------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.8 ---------------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.8 ------------------------------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.8 ---------------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.8 -------------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.8 --------------------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-kvm-3.9.0-14.el7_5.8 ----------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-daemon-lxc-3.9.0-14.el7_5.8 ----------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-devel-3.9.0-14.el7_5.8 ------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-docs-3.9.0-14.el7_5.8 ----------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-libs-3.9.0-14.el7_5.8 ----------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-lock-sanlock-3.9.0-14.el7_5.8 ------------------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-login-shell-3.9.0-14.el7_5.8 ------------------------------------ * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvirt-nss-3.9.0-14.el7_5.8 ---------------------------- * Tue Sep 04 2018 Jiri Denemark - 3.9.0-14.el7_5.8 - remote: Extract common clearing of event callbacks of client private data (rhbz#1619206) - remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc (rhbz#1619206) * Fri Jul 27 2018 Jiri Denemark - 3.9.0-14.el7_5.7 - daemon: fix rpc event leak on error path in remoteDispatchObjectEventSend (rhbz#1607752) * Tue Jun 05 2018 Jiri Denemark - 3.9.0-14.el7_5.6 - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) * Thu May 10 2018 Jiri Denemark - 3.9.0-14.el7_5.5 - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.4 - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) * Fri Apr 13 2018 Jiri Denemark - 3.9.0-14.el7_5.3 - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) * Tue Mar 20 2018 Jiri Denemark - 3.9.0-14.el7_5.2 - virDomainDeviceDefValidateAliasesIterator: Ignore some hostdevs (rhbz#1558655) * Wed Mar 14 2018 Jiri Denemark - 3.9.0-14.el7_5.1 - virDomainDeviceValidateAliasForHotplug: Use correct domain defintion (rhbz#1554928) - conf: Check for user aliases duplicates only (rhbz#1554962) libvncserver-0.9.9-12.el7_5 --------------------------- * Mon Feb 26 2018 Petr Pisar - 0.9.9-12 - Fix CVE-2018-7225 (improper client cut text length sanitization) (bug #1548440) libvncserver-devel-0.9.9-12.el7_5 --------------------------------- * Mon Feb 26 2018 Petr Pisar - 0.9.9-12 - Fix CVE-2018-7225 (improper client cut text length sanitization) (bug #1548440) libvorbis-1.3.3-8.el7.1 ----------------------- * Tue Mar 20 2018 Adam Jackson - 1.3.3-8.1 - Backport fix for CVE-2018-5146 libvorbis-devel-1.3.3-8.el7.1 ----------------------------- * Tue Mar 20 2018 Adam Jackson - 1.3.3-8.1 - Backport fix for CVE-2018-5146 libvorbis-devel-docs-1.3.3-8.el7.1 ---------------------------------- * Tue Mar 20 2018 Adam Jackson - 1.3.3-8.1 - Backport fix for CVE-2018-5146 libwacom-0.24-4.el7 ------------------- * Wed Apr 04 2018 Peter Hutterer 0.24-4 - Add the Wacom Cintiq Pro 24 and Cintiq Pro 32 (#1551883) libwacom-data-0.24-4.el7 ------------------------ * Wed Apr 04 2018 Peter Hutterer 0.24-4 - Add the Wacom Cintiq Pro 24 and Cintiq Pro 32 (#1551883) libwacom-devel-0.24-4.el7 ------------------------- * Wed Apr 04 2018 Peter Hutterer 0.24-4 - Add the Wacom Cintiq Pro 24 and Cintiq Pro 32 (#1551883) libwbclient-4.7.1-9.el7_5 ------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo libwbclient-devel-4.7.1-9.el7_5 ------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo linux-firmware-20180220-62.2.git6d51311.el7_5 --------------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) logwatch-7.4.0-35.20130522svn140.el7_5 -------------------------------------- * Tue Jun 19 2018 Jan Synáček - 7.4.0-35.20130522svn140 - unmatched entries after ssh changed log format (#1504979) lua-guestfs-1.36.10-6.el7_5.2 ----------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 mariadb-5.5.60-1.el7_5 ---------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-bench-5.5.60-1.el7_5 ---------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-devel-5.5.60-1.el7_5 ---------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-embedded-5.5.60-1.el7_5 ------------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-embedded-devel-5.5.60-1.el7_5 ------------------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-libs-5.5.60-1.el7_5 --------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-server-5.5.60-1.el7_5 ----------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 mariadb-test-5.5.60-1.el7_5 --------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 microcode_ctl-2.1-29.16.el7_5 ----------------------------- * Wed Sep 05 2018 Eugene Syromiatnikov - 2:2.1-29.16 - Add 7.3.z kernel version to kernel_early configuration. * Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-29.15 - Fix dracut module checks in Host-Only mode. * Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-29.14 - Disable 06-4f-01 microcode in config (#1623630). * Wed Aug 29 2018 Eugene Syromiatnikov - 2:2.1-29.12 - Drop "hypervisor" /proc/cpuinfo flag check. - Intel CPU microcode update to 20180807a. - Add README.caveats documentation file. - Add intel-microcode2ucode manual page. - Add check for early microcode load, use it in microcode_ctl dracut module. - Check that the currently running kernel is installed before running dracut -f. * Fri Aug 10 2018 Eugene Syromiatnikov - 2:2.1-29.11 - Add an ability to disable "hypervisor" /proc/cpuinfo flag check. - Intel CPU microcode update to 20180807. - Resolves: #1614847. * Fri Jul 27 2018 Eugene Syromiatnikov - 2:2.1-29.10 - Provide %attr for the ghosted /lib/firmware. * Thu Jul 26 2018 Eugene Syromiatnikov - 2:2.1-29.9 - Remove model name blacklists from caveats configuration files. * Tue Jul 24 2018 Eugene Syromiatnikov - 2.1-29.8 - Add model name blacklist infrastructure. - Store Intel ucode files in /usr/share/microcode_ctl; do not populate them in a virtualised environment. - Resolves: #1576334 * Tue Jul 17 2018 Eugene Syromiatnikov - 2.1-29.7 - Add infrastructure for handling kernel-version-dependant microcode. - Resolves: #1576334 * Mon Jul 16 2018 Eugene Syromiatnikov - 2.1-29.4 - Intel CPU microcode update to 20180703. - Resolves: #1573456 mod_auth_mellon-0.13.1-3.el7_5 ------------------------------ * Thu Apr 19 2018 John Dennis - 0.13.1-3 - Resolves: rhbz#1553854 Add diagnostic logging - Add README.redhat.rst doc, explains how to enable diagnostic logging * Thu Mar 29 2018 John Dennis - 0.13.1-2 - Resolves: rhbz#1553854 Add diagnostic logging - Add MellonSignatureMethod config option to set signature method used to sign SAML messages sent by Mellon. Defaults to original sha1. mod_ldap-2.4.6-80.el7.centos.1 ------------------------------ * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored mod_proxy_html-2.4.6-80.el7.centos.1 ------------------------------------ * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored mod_session-2.4.6-80.el7.centos.1 --------------------------------- * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored mod_ssl-2.4.6-80.el7.centos.1 ----------------------------- * Tue Jun 26 2018 CentOS Sources - 2.4.6-80.el7.centos.1 - Remove index.html, add centos-noindex.tar.gz - change vstring - change symlink for poweredby.png - update welcome.conf with proper aliases * Mon May 28 2018 Luboš Uhliarik - 2.4.6-80.1 - Resolves: #1560609 - httpd: active connections being terminated when httpd gets gracefully stopped/restarted, GracefulShutdownTimeout is not being honored mod_wsgi-3.4-13.el7_5.1 ----------------------- * Thu Aug 30 2018 Luboš Uhliarik - 3.4-13.1 - mod_wsgi forces HEAD to GET (#1623666) * Thu Dec 14 2017 Joe Orton - 3.4-13 - reduce chance of deadlock at process shutdown (#1493429) mokutil-12-2.el7_5.bclinux -------------------------- * Fri Aug 24 2018 Fabian Arrotin - 12-2.el7 - Rebuilt with new shim (built with new key/cert) motif-2.3.4-14.el7_5 -------------------- * Wed May 30 2018 Carlos Soriano - 2.3.4-14 - Remove redundant includes that were left by mistake upstream. Resolves: rhbz#1518966 * Wed May 30 2018 Carlos Soriano - 2.3.4-13 - Fix motifzone 1665. Motif was deactivating shorcuts in cascade menus when closing them by mouse. Resolves: RHBZ#1467303 motif-devel-2.3.4-14.el7_5 -------------------------- * Wed May 30 2018 Carlos Soriano - 2.3.4-14 - Remove redundant includes that were left by mistake upstream. Resolves: rhbz#1518966 * Wed May 30 2018 Carlos Soriano - 2.3.4-13 - Fix motifzone 1665. Motif was deactivating shorcuts in cascade menus when closing them by mouse. Resolves: RHBZ#1467303 motif-static-2.3.4-14.el7_5 --------------------------- * Wed May 30 2018 Carlos Soriano - 2.3.4-14 - Remove redundant includes that were left by mistake upstream. Resolves: rhbz#1518966 * Wed May 30 2018 Carlos Soriano - 2.3.4-13 - Fix motifzone 1665. Motif was deactivating shorcuts in cascade menus when closing them by mouse. Resolves: RHBZ#1467303 mutt-1.5.21-28.el7_5 -------------------- * Thu Jul 26 2018 Matej Mužila - 5:1.5.21-28 - Resolves: CVE-2018-14354 CVE-2018-14357 CVE-2018-14362 * Mon Feb 27 2017 Matej Muzila - 5:1.5.21-27 - Resolves #1388511 (System default CA bundle not set as default in compiled-in default or config) - Resolves #1388512 (mutt sends e-mail with broken "From" header, which has no host part) mutter-3.26.2-17.el7_5 ---------------------- * Tue Aug 28 2018 Florian Müllner - 3.26.2-17 - Fix crash when transient dialog closes during drag operation - Resolves: #1622036 * Wed Aug 08 2018 Florian Müllner - 3.26.2-16 - Fix support for external monitor configurations - Resolves: #1622000 * Tue Jul 17 2018 Florian Müllner - 3.26.2-15 - Fix time comparison bug causing hang Resolves: #1601948 * Tue Apr 17 2018 Carlos Garnacho - 3.26.2-14 - Add support for Wacom Pro Pen 3D styli Resolves: #1568702 mutter-devel-3.26.2-17.el7_5 ---------------------------- * Tue Aug 28 2018 Florian Müllner - 3.26.2-17 - Fix crash when transient dialog closes during drag operation - Resolves: #1622036 * Wed Aug 08 2018 Florian Müllner - 3.26.2-16 - Fix support for external monitor configurations - Resolves: #1622000 * Tue Jul 17 2018 Florian Müllner - 3.26.2-15 - Fix time comparison bug causing hang Resolves: #1601948 * Tue Apr 17 2018 Carlos Garnacho - 3.26.2-14 - Add support for Wacom Pro Pen 3D styli Resolves: #1568702 net-snmp-5.7.2-33.el7_5.2 ------------------------- * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-agent-libs-5.7.2-33.el7_5.2 ------------------------------------ * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-devel-5.7.2-33.el7_5.2 ------------------------------- * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-gui-5.7.2-33.el7_5.2 ----------------------------- * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-libs-5.7.2-33.el7_5.2 ------------------------------ * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-perl-5.7.2-33.el7_5.2 ------------------------------ * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-python-5.7.2-33.el7_5.2 -------------------------------- * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-sysvinit-5.7.2-33.el7_5.2 ---------------------------------- * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) net-snmp-utils-5.7.2-33.el7_5.2 ------------------------------- * Mon Apr 23 2018 Josef Ridky - 1:5.7.2-33.2 - Add ACFS support (#1570506) * Wed Mar 28 2018 Josef Ridky - 1:5.7.2-33.1 - Build for z-stream (#1560965) * Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 - Backport upstream leak fix (#1533780) nspr-4.19.0-1.el7_5 ------------------- * Mon Mar 05 2018 Daiki Ueno - 4.19.0-1 - Rebase to NSPR 4.19 * Thu Mar 01 2018 Daiki Ueno - 4.19.0-0.1.beta - Rebase to NSPR 4.19 BETA nspr-devel-4.19.0-1.el7_5 ------------------------- * Mon Mar 05 2018 Daiki Ueno - 4.19.0-1 - Rebase to NSPR 4.19 * Thu Mar 01 2018 Daiki Ueno - 4.19.0-0.1.beta - Rebase to NSPR 4.19 BETA nss-3.36.0-7.el7_5 ------------------ * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-devel-3.36.0-7.el7_5 ------------------------ * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-pkcs11-devel-3.36.0-7.el7_5 ------------------------------- * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-softokn-3.36.0-5.el7_5 -------------------------- * Mon Mar 19 2018 Daiki Ueno - 3.36.0-5 - Use correct tarball of NSS 3.36.0 release * Thu Mar 15 2018 Bob Relyea - 3.36.0-4 - Clear AES key information after use * Wed Mar 07 2018 Daiki Ueno - 3.36.0-3 - Revert the default behavior change in filesystem probes * Wed Mar 07 2018 Bob Relyea - 3.36.0-2 - Add KAS tests to fipstest * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Update to NSS 3.36.0 * Mon Mar 05 2018 Daiki Ueno - 3.36.0-0.3.beta - Apply upstream patch likely to be part of the official release * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.2.beta - Restore nss-softokn-3.16-add_encrypt_derive.patch to add back support for single DES mechanisms * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Update to NSS 3.36 BETA - Remove upstreamed nss-softokn-3.16-add_encrypt_derive.patch - Remove upstreamed nss-softokn-3.28-fix-fips-login.patch - Remove upstreamed nss-softokn-fix-ecc-post.patch nss-softokn-devel-3.36.0-5.el7_5 -------------------------------- * Mon Mar 19 2018 Daiki Ueno - 3.36.0-5 - Use correct tarball of NSS 3.36.0 release * Thu Mar 15 2018 Bob Relyea - 3.36.0-4 - Clear AES key information after use * Wed Mar 07 2018 Daiki Ueno - 3.36.0-3 - Revert the default behavior change in filesystem probes * Wed Mar 07 2018 Bob Relyea - 3.36.0-2 - Add KAS tests to fipstest * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Update to NSS 3.36.0 * Mon Mar 05 2018 Daiki Ueno - 3.36.0-0.3.beta - Apply upstream patch likely to be part of the official release * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.2.beta - Restore nss-softokn-3.16-add_encrypt_derive.patch to add back support for single DES mechanisms * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Update to NSS 3.36 BETA - Remove upstreamed nss-softokn-3.16-add_encrypt_derive.patch - Remove upstreamed nss-softokn-3.28-fix-fips-login.patch - Remove upstreamed nss-softokn-fix-ecc-post.patch nss-softokn-freebl-3.36.0-5.el7_5 --------------------------------- * Mon Mar 19 2018 Daiki Ueno - 3.36.0-5 - Use correct tarball of NSS 3.36.0 release * Thu Mar 15 2018 Bob Relyea - 3.36.0-4 - Clear AES key information after use * Wed Mar 07 2018 Daiki Ueno - 3.36.0-3 - Revert the default behavior change in filesystem probes * Wed Mar 07 2018 Bob Relyea - 3.36.0-2 - Add KAS tests to fipstest * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Update to NSS 3.36.0 * Mon Mar 05 2018 Daiki Ueno - 3.36.0-0.3.beta - Apply upstream patch likely to be part of the official release * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.2.beta - Restore nss-softokn-3.16-add_encrypt_derive.patch to add back support for single DES mechanisms * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Update to NSS 3.36 BETA - Remove upstreamed nss-softokn-3.16-add_encrypt_derive.patch - Remove upstreamed nss-softokn-3.28-fix-fips-login.patch - Remove upstreamed nss-softokn-fix-ecc-post.patch nss-softokn-freebl-devel-3.36.0-5.el7_5 --------------------------------------- * Mon Mar 19 2018 Daiki Ueno - 3.36.0-5 - Use correct tarball of NSS 3.36.0 release * Thu Mar 15 2018 Bob Relyea - 3.36.0-4 - Clear AES key information after use * Wed Mar 07 2018 Daiki Ueno - 3.36.0-3 - Revert the default behavior change in filesystem probes * Wed Mar 07 2018 Bob Relyea - 3.36.0-2 - Add KAS tests to fipstest * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Update to NSS 3.36.0 * Mon Mar 05 2018 Daiki Ueno - 3.36.0-0.3.beta - Apply upstream patch likely to be part of the official release * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.2.beta - Restore nss-softokn-3.16-add_encrypt_derive.patch to add back support for single DES mechanisms * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Update to NSS 3.36 BETA - Remove upstreamed nss-softokn-3.16-add_encrypt_derive.patch - Remove upstreamed nss-softokn-3.28-fix-fips-login.patch - Remove upstreamed nss-softokn-fix-ecc-post.patch nss-sysinit-3.36.0-7.el7_5 -------------------------- * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-tools-3.36.0-7.el7_5 ------------------------ * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-util-3.36.0-1.el7_5 ----------------------- * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Rebase to NSS 3.36 BETA nss-util-devel-3.36.0-1.el7_5 ----------------------------- * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Rebase to NSS 3.36 BETA ocaml-libguestfs-1.36.10-6.el7_5.2 ---------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 ocaml-libguestfs-devel-1.36.10-6.el7_5.2 ---------------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 open-vm-tools-10.1.10-3.el7_5.1 ------------------------------- * Tue Jun 05 2018 Miroslav Rezanina - 10.1010-3.1 - Ignore ENXIO errors with SyncDriver resolves: rhbz#1582123 open-vm-tools-desktop-10.1.10-3.el7_5.1 --------------------------------------- * Tue Jun 05 2018 Miroslav Rezanina - 10.1010-3.1 - Ignore ENXIO errors with SyncDriver resolves: rhbz#1582123 open-vm-tools-devel-10.1.10-3.el7_5.1 ------------------------------------- * Tue Jun 05 2018 Miroslav Rezanina - 10.1010-3.1 - Ignore ENXIO errors with SyncDriver resolves: rhbz#1582123 openldap-2.4.44-15.el7_5 ------------------------ * Tue Apr 03 2018 Matus Honek - 2.4.44-15 - Bump release to version 2.4.44-15 * Thu Mar 29 2018 Matus Honek - 2.4.44-14 - MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1563080) openldap-clients-2.4.44-15.el7_5 -------------------------------- * Tue Apr 03 2018 Matus Honek - 2.4.44-15 - Bump release to version 2.4.44-15 * Thu Mar 29 2018 Matus Honek - 2.4.44-14 - MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1563080) openldap-devel-2.4.44-15.el7_5 ------------------------------ * Tue Apr 03 2018 Matus Honek - 2.4.44-15 - Bump release to version 2.4.44-15 * Thu Mar 29 2018 Matus Honek - 2.4.44-14 - MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1563080) openldap-servers-2.4.44-15.el7_5 -------------------------------- * Tue Apr 03 2018 Matus Honek - 2.4.44-15 - Bump release to version 2.4.44-15 * Thu Mar 29 2018 Matus Honek - 2.4.44-14 - MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1563080) openldap-servers-sql-2.4.44-15.el7_5 ------------------------------------ * Tue Apr 03 2018 Matus Honek - 2.4.44-15 - Bump release to version 2.4.44-15 * Thu Mar 29 2018 Matus Honek - 2.4.44-14 - MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1563080) openscap-1.2.16-8.el7_5 ----------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-containers-1.2.16-8.el7_5 ---------------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-devel-1.2.16-8.el7_5 ----------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-engine-sce-1.2.16-8.el7_5 ---------------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-engine-sce-devel-1.2.16-8.el7_5 ---------------------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-extra-probes-1.2.16-8.el7_5 ------------------------------------ * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-python-1.2.16-8.el7_5 ------------------------------ * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-scanner-1.2.16-8.el7_5 ------------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-utils-1.2.16-8.el7_5 ----------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openslp-2.0.0-7.el7_5 --------------------- * Tue Jul 03 2018 Vitezslav Crhonek - 1:2.0.0-7 - Fix possible heap memory corruption, CVE-2017-17833 Resolves: #1575698 openslp-devel-2.0.0-7.el7_5 --------------------------- * Tue Jul 03 2018 Vitezslav Crhonek - 1:2.0.0-7 - Fix possible heap memory corruption, CVE-2017-17833 Resolves: #1575698 openslp-server-2.0.0-7.el7_5 ---------------------------- * Tue Jul 03 2018 Vitezslav Crhonek - 1:2.0.0-7 - Fix possible heap memory corruption, CVE-2017-17833 Resolves: #1575698 oprofile-0.9.9-25.el7_5.1 ------------------------- * Tue Jun 19 2018 William Cohen - 0.9.9-25el7.1 - rhbz1593131 oprofile-devel-0.9.9-25.el7_5.1 ------------------------------- * Tue Jun 19 2018 William Cohen - 0.9.9-25el7.1 - rhbz1593131 oprofile-gui-0.9.9-25.el7_5.1 ----------------------------- * Tue Jun 19 2018 William Cohen - 0.9.9-25el7.1 - rhbz1593131 oprofile-jit-0.9.9-25.el7_5.1 ----------------------------- * Tue Jun 19 2018 William Cohen - 0.9.9-25el7.1 - rhbz1593131 osinfo-db-20170813-7.el7.bclinux -------------------------------- * Thu Jan 31 2019 Wei Ye - 20170813-7 - Add BC-Linux7 os info. patch-2.7.1-10.el7_5 -------------------- * Fri Apr 13 2018 Than Ngo - 2.7.1-10 - Fixed Coverity reported issues * Mon Apr 09 2018 Than Ngo - 2.7.1-9 - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands perf-3.10.0-862.27.1.el7 ------------------------ * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] perl-Git-1.8.3.1-14.el7_5 ------------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 perl-Git-SVN-1.8.3.1-14.el7_5 ----------------------------- * Mon Jun 18 2018 Pavel Cahyna - 1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1 perl-Sys-Guestfs-1.36.10-6.el7_5.2 ---------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 pki-base-10.5.1-15.el7_5 ------------------------ * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-base-java-10.5.1-15.el7_5 ----------------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-ca-10.5.1-15.el7_5 ---------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-javadoc-10.5.1-15.el7_5 --------------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-kra-10.5.1-15.el7_5 ----------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-server-10.5.1-15.el7_5 -------------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-symkey-10.5.1-15.el7_5 -------------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz pki-tools-10.5.1-15.el7_5 ------------------------- * Mon Aug 13 2018 Dogtag Team 10.5.1-15 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1600905 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs [rhel-7.5.z] (cfu) - Bugzilla Bug #1611245 - Certificate generation happens with partial attributes in CMCRequest file [rhel-7.5.z] (cfu) - Bugzilla Bug #1611250 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1612880 - CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] (cfu) - Bugzilla Bug #1614837 - ipa-replica-install --setup-kra broken on DL0 with latest version [rhel-7.5.z] (abokovoy) - Bugzilla Bug #1614839 - CC: Enable all config audit events [rhel-7.5.z] (cfu) - Bugzilla Bug #1615266 - ECC keys not supported for signing audit logs [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1539933 - keyGen fails when only Identity * Mon Jul 02 2018 Dogtag Team 10.5.1-14 - Updated "jss" build and runtime requirements (mharmsen) - Updated "tomcatjss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request authenticated through SharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in SharedToken scenario's [rhel-7.5.z] (cfu) - Bugzilla Bug #1595606 - AuditVerify failure due to line breaks [rhel-7.5.z] (cfu) - Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu) - Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden by CSR encoding [rhel-7.5.z] (cfu) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Sat Jun 09 2018 Dogtag Team 10.5.1-13.1 - Rebuild due to build system database problem * Fri Jun 08 2018 Dogtag Team 10.5.1-13 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Tue May 22 2018 Dogtag Team 10.5.1-12 - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, * Mon Apr 09 2018 Dogtag Team 10.5.1-11 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz * Fri Mar 23 2018 Dogtag Team 10.5.1-10 - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz plexus-archiver-2.4.2-5.el7_5 ----------------------------- * Fri Jun 01 2018 Mikolaj Izdebski - 0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 plexus-archiver-javadoc-2.4.2-5.el7_5 ------------------------------------- * Fri Jun 01 2018 Mikolaj Izdebski - 0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 postgresql-9.2.24-1.el7_5 ------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-contrib-9.2.24-1.el7_5 --------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-devel-9.2.24-1.el7_5 ------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-docs-9.2.24-1.el7_5 ------------------------------ * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-jdbc-9.2.1002-6.el7_5 -------------------------------- * Fri Apr 20 2018 Pavel Raiskup - 9.2.1002-6 - fix incompatibility with 9.6+ (rhbz#1547424) - it's unnecessary to depend on whole java (rhbz#1406931) postgresql-jdbc-javadoc-9.2.1002-6.el7_5 ---------------------------------------- * Fri Apr 20 2018 Pavel Raiskup - 9.2.1002-6 - fix incompatibility with 9.6+ (rhbz#1547424) - it's unnecessary to depend on whole java (rhbz#1406931) postgresql-libs-9.2.24-1.el7_5 ------------------------------ * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-plperl-9.2.24-1.el7_5 -------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-plpython-9.2.24-1.el7_5 ---------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-pltcl-9.2.24-1.el7_5 ------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-server-9.2.24-1.el7_5 -------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-static-9.2.24-1.el7_5 -------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-test-9.2.24-1.el7_5 ------------------------------ * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 postgresql-upgrade-9.2.24-1.el7_5 --------------------------------- * Tue Aug 14 2018 Pavel Raiskup - 9.2.24-1 - update to the latest 9.2 release - fix CVE-2018-10915 procps-ng-3.3.10-17.el7_5.2 --------------------------- * Tue May 15 2018 Kamil Dudka - 3.3.10-17.el7_5.2 - check for truncation after calling snprintf() - Related: CVE-2018-1124 * Fri May 11 2018 Kamil Dudka - 3.3.10-17.el7_5.1 - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 procps-ng-devel-3.3.10-17.el7_5.2 --------------------------------- * Tue May 15 2018 Kamil Dudka - 3.3.10-17.el7_5.2 - check for truncation after calling snprintf() - Related: CVE-2018-1124 * Fri May 11 2018 Kamil Dudka - 3.3.10-17.el7_5.1 - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 procps-ng-i18n-3.3.10-17.el7_5.2 -------------------------------- * Tue May 15 2018 Kamil Dudka - 3.3.10-17.el7_5.2 - check for truncation after calling snprintf() - Related: CVE-2018-1124 * Fri May 11 2018 Kamil Dudka - 3.3.10-17.el7_5.1 - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 python-2.7.5-69.el7_5 --------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-boto3-1.4.6-4.el7_5.1 ---------------------------- * Thu May 24 2018 Oyvind Albrigtsen - 1.4.6-4.1 - Fix missing "import sys" in s3/transfer.py Resolves: rhbz#1581764 python-configshell-1.1.fb23-4.el7_5 ----------------------------------- * Thu Mar 29 2018 Maurizio Lombardi - 1:1.1.fb23-4 - Fix failure when parsing parameters - Add 0003-Fix-failing-to-pasre-par-val-parameters.patch - Add 0004-Fix-failing-to-pasre-param-like-cfgstr-par-val.patch python-debug-2.7.5-69.el7_5 --------------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-devel-2.7.5-69.el7_5 --------------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-firewall-0.4.4.4-15.el7_5 -------------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections python-gluster-3.8.4-54.15.el7.centos ------------------------------------- * Thu Aug 16 2018 CentOS Sources - 3.8.4-54.15.el7.centos - remove vendor and/or packager lines * Thu Jul 12 2018 Milind Changire - 3.8.4-54.15 - fixes bugs bz#1590774 bz#1597509 bz#1599803 * Thu Jul 05 2018 Milind Changire - 3.8.4-54.14 - fixes bugs bz#1590774 bz#1595752 bz#1597509 bz#1597648 bz#1598353 bz#1598416 * Fri Jun 29 2018 Milind Changire - 3.8.4-54.13 - fixes bugs bz#1594656 bz#1594682 bz#1596076 * Mon Jun 04 2018 Milind Changire - 3.8.4-54.12 - fixes bugs bz#1556680 bz#1583462 bz#1583464 bz#1583733 bz#1585046 * Wed May 30 2018 Milind Changire - 3.8.4-54.11 - fixes bugs bz#1556680 * Wed May 30 2018 Milind Changire - 3.8.4-54.10 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.9 - fixes bugs bz#1556680 * Tue Apr 24 2018 Milind Changire - 3.8.4-54.8 - fixes bugs bz#1556680 * Mon Apr 16 2018 Milind Changire - 3.8.4-54.7 - fixes bugs bz#1556680 python-libguestfs-1.36.10-6.el7_5.2 ----------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 python-libipa_hbac-1.16.0-19.el7_5.8 ------------------------------------ * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] python-libs-2.7.5-69.el7_5 -------------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-libsss_nss_idmap-1.16.0-19.el7_5.8 ----------------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] python-perf-3.10.0-862.27.1.el7 ------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] python-rtslib-2.1.fb63-12.el7_5 ------------------------------- * Mon Jun 04 2018 Maurizio Lombardi - 2.1.fb63-12 - saveconfig: way to block-level save with delete command * Tue Apr 24 2018 Maurizio Lombardi - 2.1.fb63-11 - Fix a failure in absence of save file * Thu Apr 19 2018 Maurizio Lombardi - 2.1.fb63-10 - Add missing patch "tcmu: add control constructor arg" * Fri Apr 13 2018 Maurizio Lombardi - 2.1.fb63-9 - Support tcmu hw max sectors - saveconfig: dump control string containing control=value tuples * Wed Apr 11 2018 Maurizio Lombardi - 2.1.fb63-8 - Fix ALUA tpg config setup * Tue Apr 10 2018 Maurizio Lombardi - 2.1.fb63-7 - Introduce support to saveconfig at the storage object level * Tue Mar 27 2018 Maurizio Lombardi - 2.1.fb63-6 - enable alua for pscsi/tcmu if kernel reports support python-rtslib-doc-2.1.fb63-12.el7_5 ----------------------------------- * Mon Jun 04 2018 Maurizio Lombardi - 2.1.fb63-12 - saveconfig: way to block-level save with delete command * Tue Apr 24 2018 Maurizio Lombardi - 2.1.fb63-11 - Fix a failure in absence of save file * Thu Apr 19 2018 Maurizio Lombardi - 2.1.fb63-10 - Add missing patch "tcmu: add control constructor arg" * Fri Apr 13 2018 Maurizio Lombardi - 2.1.fb63-9 - Support tcmu hw max sectors - saveconfig: dump control string containing control=value tuples * Wed Apr 11 2018 Maurizio Lombardi - 2.1.fb63-8 - Fix ALUA tpg config setup * Tue Apr 10 2018 Maurizio Lombardi - 2.1.fb63-7 - Introduce support to saveconfig at the storage object level * Tue Mar 27 2018 Maurizio Lombardi - 2.1.fb63-6 - enable alua for pscsi/tcmu if kernel reports support python-sss-1.16.0-19.el7_5.8 ---------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] python-sss-murmur-1.16.0-19.el7_5.8 ----------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] python-sssdconfig-1.16.0-19.el7_5.8 ----------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] python-test-2.7.5-69.el7_5 -------------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-tools-2.7.5-69.el7_5 --------------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python2-ipaclient-4.5.4-10.el7.centos.4.4 ----------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install python2-ipalib-4.5.4-10.el7.centos.4.4 -------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install python2-ipaserver-4.5.4-10.el7.centos.4.4 ----------------------------------------- * Tue Sep 25 2018 CentOS Sources - 4.5.4-10.el7.centos.4.4 - Roll in CentOS Branding * Fri Sep 07 2018 Florence Blanc-Renaud - 4.5.4-10.el7_5.4.4 - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup * Mon Sep 03 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.3 - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code * Thu Aug 30 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4.2 - Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates * Thu Aug 16 2018 Florence Blanc-Renaud - 4.5.4-10.el7.4 - Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid() * Mon Jun 11 2018 Rob Crittenden - 4.5.4-10.el7.3 - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers * Tue May 15 2018 Florence Blanc-Renaud - 4.5.4-10.el7.2 - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured * Tue Apr 10 2018 Florence Blanc-Renaud - 4.5.4-10.el7.1 - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install qemu-guest-agent-2.8.0-2.el7_5.1 -------------------------------- * Tue Jul 17 2018 Wainer dos Santos Moschetta - 2.8.0-2.el7_5.1 - Corrected the package version from 2.8.0-3.el7 to 2.8.0-2.el7_5.1 - Resolves: bz#1598210 (Backport some features to 2.8 in RHEL 7.5 [rhel-7.5.z]) * Fri Jul 13 2018 Wainer dos Santos Moschetta - 2.8.0-3.el7 - qemuga-qga-Add-guest-get-host-name-command.patch [bz#1598210] - qemuga-qga-Add-guest-get-users-command.patch [bz#1598210] - qemuga-qga-Add-guest-get-timezone-command.patch [bz#1598210] - qemuga-qemu-ga-check-if-utmpx.h-is-available-on-the-system.patch [bz#1598210] - qemuga-qemu-ga-add-guest-get-osinfo-command.patch [bz#1598210] - qemuga-test-qga-pass-environemnt-to-qemu-ga.patch [bz#1598210] - qemuga-test-qga-add-test-for-guest-get-osinfo.patch [bz#1598210] - Resolves: bz#1598210 (Backport some features to 2.8 in RHEL 7.5 [rhel-7.5.z]) qemu-img-1.5.3-156.el7_5.5 -------------------------- * Wed Aug 01 2018 Miroslav Rezanina - 1.5.3-156.el7_5.5 - kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824] - kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824] - kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824] - kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824] - kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824] - kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248] - Resolves: bz#1549824 (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z]) - Resolves: bz#1586248 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z]) * Mon Jul 23 2018 Miroslav Rezanina - 1.5.3-156.el7_5.4 - kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302] - kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302] - kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302] - kvm-apic-drop-debugging.patch [bz#1596302] - kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302] - Resolves: bz#1596302 (Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z]) * Fri Jun 08 2018 Miroslav Rezanina - 1.5.3-156.el7_5.3 - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363] - Resolves: bz#1584363 (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z]) * Fri May 11 2018 Miroslav Rezanina - 1.5.3-156.el7_5.2 - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075] - Resolves: bz#1574075 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z]) * Mon Apr 16 2018 Miroslav Rezanina - 1.5.3-156.el7_5.1 - kvm-vga-add-ram_addr_t-cast.patch [bz#1567913] - kvm-vga-fix-region-calculation.patch [bz#1567913] - Resolves: bz#1567913 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z]) qemu-kvm-1.5.3-156.el7_5.5 -------------------------- * Wed Aug 01 2018 Miroslav Rezanina - 1.5.3-156.el7_5.5 - kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824] - kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824] - kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824] - kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824] - kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824] - kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248] - Resolves: bz#1549824 (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z]) - Resolves: bz#1586248 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z]) * Mon Jul 23 2018 Miroslav Rezanina - 1.5.3-156.el7_5.4 - kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302] - kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302] - kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302] - kvm-apic-drop-debugging.patch [bz#1596302] - kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302] - Resolves: bz#1596302 (Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z]) * Fri Jun 08 2018 Miroslav Rezanina - 1.5.3-156.el7_5.3 - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363] - Resolves: bz#1584363 (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z]) * Fri May 11 2018 Miroslav Rezanina - 1.5.3-156.el7_5.2 - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075] - Resolves: bz#1574075 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z]) * Mon Apr 16 2018 Miroslav Rezanina - 1.5.3-156.el7_5.1 - kvm-vga-add-ram_addr_t-cast.patch [bz#1567913] - kvm-vga-fix-region-calculation.patch [bz#1567913] - Resolves: bz#1567913 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z]) qemu-kvm-common-1.5.3-156.el7_5.5 --------------------------------- * Wed Aug 01 2018 Miroslav Rezanina - 1.5.3-156.el7_5.5 - kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824] - kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824] - kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824] - kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824] - kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824] - kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248] - Resolves: bz#1549824 (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z]) - Resolves: bz#1586248 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z]) * Mon Jul 23 2018 Miroslav Rezanina - 1.5.3-156.el7_5.4 - kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302] - kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302] - kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302] - kvm-apic-drop-debugging.patch [bz#1596302] - kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302] - Resolves: bz#1596302 (Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z]) * Fri Jun 08 2018 Miroslav Rezanina - 1.5.3-156.el7_5.3 - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363] - Resolves: bz#1584363 (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z]) * Fri May 11 2018 Miroslav Rezanina - 1.5.3-156.el7_5.2 - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075] - Resolves: bz#1574075 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z]) * Mon Apr 16 2018 Miroslav Rezanina - 1.5.3-156.el7_5.1 - kvm-vga-add-ram_addr_t-cast.patch [bz#1567913] - kvm-vga-fix-region-calculation.patch [bz#1567913] - Resolves: bz#1567913 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z]) qemu-kvm-tools-1.5.3-156.el7_5.5 -------------------------------- * Wed Aug 01 2018 Miroslav Rezanina - 1.5.3-156.el7_5.5 - kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824] - kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824] - kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824] - kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824] - kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824] - kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248] - Resolves: bz#1549824 (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z]) - Resolves: bz#1586248 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z]) * Mon Jul 23 2018 Miroslav Rezanina - 1.5.3-156.el7_5.4 - kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302] - kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302] - kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302] - kvm-apic-drop-debugging.patch [bz#1596302] - kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302] - Resolves: bz#1596302 (Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z]) * Fri Jun 08 2018 Miroslav Rezanina - 1.5.3-156.el7_5.3 - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363] - Resolves: bz#1584363 (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z]) * Fri May 11 2018 Miroslav Rezanina - 1.5.3-156.el7_5.2 - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075] - Resolves: bz#1574075 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z]) * Mon Apr 16 2018 Miroslav Rezanina - 1.5.3-156.el7_5.1 - kvm-vga-add-ram_addr_t-cast.patch [bz#1567913] - kvm-vga-fix-region-calculation.patch [bz#1567913] - Resolves: bz#1567913 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z]) radvd-1.9.2-9.el7_5.4 --------------------- * Thu Apr 12 2018 Pavel Zhukov - 1.9.2-9.4 - Check pid file before running main flow - Enable -Werror=all flag * Wed Apr 11 2018 Pavel Zhukov - 1.9.2-9.3 - Related: 1564391 - Backport file locking and pidfile removal * Thu Mar 22 2018 Pavel Zhukov - 1.9.2-9.2 - Resolves: #1564391 - Write pid file in nodaemon mode - Fix coverity warnings rasdaemon-0.4.1-33.1.el7_5 -------------------------- * Thu Mar 29 2018 Aristeu Rozanski 0.4.1-33.1.el7 - Refreshed build for zstream [1562017] * Mon Mar 19 2018 Aristeu Rozanski 0.4.1-33.el7 - Enabled not standard errors [1520602] rdma-core-15-7.el7_5 -------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 rdma-core-devel-15-7.el7_5 -------------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 rear-2.00-7.el7_5 ----------------- * Fri Jul 13 2018 Pavel Cahyna - 2.00-7 - Backport upstream PR1383: Allow backup to be stored in ISO for ppc64/ppc64le Includes also commit 30099a98fdc1eab6373bc3682929bc4b9c09b54b. Resolves: #1596182 rsyslog-8.24.0-16.el7_5.4 ------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-crypto-8.24.0-16.el7_5.4 -------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-doc-8.24.0-16.el7_5.4 ----------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-elasticsearch-8.24.0-16.el7_5.4 --------------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-gnutls-8.24.0-16.el7_5.4 -------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-gssapi-8.24.0-16.el7_5.4 -------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-libdbi-8.24.0-16.el7_5.4 -------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-mmaudit-8.24.0-16.el7_5.4 --------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-mmjsonparse-8.24.0-16.el7_5.4 ------------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-mmnormalize-8.24.0-16.el7_5.4 ------------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-mmsnmptrapd-8.24.0-16.el7_5.4 ------------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-mysql-8.24.0-16.el7_5.4 ------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-pgsql-8.24.0-16.el7_5.4 ------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-relp-8.24.0-16.el7_5.4 ------------------------------ * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-snmp-8.24.0-16.el7_5.4 ------------------------------ * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 rsyslog-udpspoof-8.24.0-16.el7_5.4 ---------------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 ruby-libguestfs-1.36.10-6.el7_5.2 --------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 samba-4.7.1-9.el7_5 ------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-client-4.7.1-9.el7_5 -------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-client-libs-4.7.1-9.el7_5 ------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-common-4.7.1-9.el7_5 -------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-common-libs-4.7.1-9.el7_5 ------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-common-tools-4.7.1-9.el7_5 -------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-dc-4.7.1-9.el7_5 ---------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-dc-libs-4.7.1-9.el7_5 --------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-devel-4.7.1-9.el7_5 ------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-krb5-printing-4.7.1-9.el7_5 --------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-libs-4.7.1-9.el7_5 ------------------------ * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-pidl-4.7.1-9.el7_5 ------------------------ * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-python-4.7.1-9.el7_5 -------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-python-test-4.7.1-9.el7_5 ------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-test-4.7.1-9.el7_5 ------------------------ * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-test-libs-4.7.1-9.el7_5 ----------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-vfs-glusterfs-4.7.1-9.el7_5 --------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-winbind-4.7.1-9.el7_5 --------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-winbind-clients-4.7.1-9.el7_5 ----------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-winbind-krb5-locator-4.7.1-9.el7_5 ---------------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo samba-winbind-modules-4.7.1-9.el7_5 ----------------------------------- * Wed Jul 04 2018 Andreas Schneider - 4.7.1-9 - related: #1581375 - Remove patch which doesn't fully work * Mon May 28 2018 Andreas Schneider - 4.7.1-8 - resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3 * Wed May 23 2018 Andreas Schneider - 4.7.1-7 - resolves: #1581369 - Fix segfault updating dns during 'net ads join' - resolves: #1581373 - Fix segfault during NT1 session setup - resolves: #1581376 - Fix segfault in keytab handling - resolves: #1581377 - Fix segfault in smbclient dfsgetinfo scap-security-guide-0.1.36-10.el7_5.bclinux ------------------------------------------- * Wed Sep 26 2018 Johnny Hughes - 0.1.36-10 - Manual CentOS Debranding * Wed Jun 27 2018 Matěj Týč - 0.1.36-10 - Fix local/d typos in Ansible remediation (RHBZ#1592887) - Fix Ansible remediation of SELinux policies (RHBZ#1592970) - Fix Ansible remediation of login.defs umask (RHBZ#1592957) * Fri Apr 27 2018 Watson Yuuma Sato - 0.1.36-9 - Fix remediation of AIDE notification (RHBZ#1571315) * Wed Apr 25 2018 Watson Yuuma Sato - 0.1.36-8 - Allow AIDE to notify other emails than only root (RHBZ#1571315) - Fix some failing rules from profiles PCI-DSS, DISA STIG and USGCB (RHBZ#1571312) - Fix kernel module loading rules (RHBZ#1571319) scap-security-guide-doc-0.1.36-10.el7_5.bclinux ----------------------------------------------- * Wed Sep 26 2018 Johnny Hughes - 0.1.36-10 - Manual CentOS Debranding * Wed Jun 27 2018 Matěj Týč - 0.1.36-10 - Fix local/d typos in Ansible remediation (RHBZ#1592887) - Fix Ansible remediation of SELinux policies (RHBZ#1592970) - Fix Ansible remediation of login.defs umask (RHBZ#1592957) * Fri Apr 27 2018 Watson Yuuma Sato - 0.1.36-9 - Fix remediation of AIDE notification (RHBZ#1571315) * Wed Apr 25 2018 Watson Yuuma Sato - 0.1.36-8 - Allow AIDE to notify other emails than only root (RHBZ#1571315) - Fix some failing rules from profiles PCI-DSS, DISA STIG and USGCB (RHBZ#1571312) - Fix kernel module loading rules (RHBZ#1571319) selinux-policy-3.13.1-192.el7_5.6 --------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-devel-3.13.1-192.el7_5.6 --------------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-doc-3.13.1-192.el7_5.6 ------------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-minimum-3.13.1-192.el7_5.6 ----------------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-mls-3.13.1-192.el7_5.6 ------------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-sandbox-3.13.1-192.el7_5.6 ----------------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-targeted-3.13.1-192.el7_5.6 ------------------------------------------ * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 shim-ia32-12-2.el7_5.bclinux ---------------------------- * Fri Aug 24 2018 Fabian Arrotin - 12-2.el7 - Rebuilt with new shim (built with new key/cert) shim-unsigned-ia32-12-2.el7_5.bclinux ------------------------------------- * Mon Jul 23 2018 Fabian Arrotin - 12.2.el7.centos - Added 0001-Add-vendor-esl.patch (Patrick Uiterwijk) - Rebuilt with combined centos.esl (so new and previous crt) shim-unsigned-x64-12-2.el7_5.bclinux ------------------------------------ * Mon Jul 23 2018 Fabian Arrotin - 12.2.el7.centos - Added 0001-Add-vendor-esl.patch (Patrick Uiterwijk) - Rebuilt with combined centos.esl (so new and previous crt) shim-x64-12-2.el7_5.bclinux --------------------------- * Fri Aug 24 2018 Fabian Arrotin - 12-2.el7 - Rebuilt with new shim (built with new key/cert) slf4j-1.7.4-4.el7_4 ------------------- * Tue Mar 20 2018 Michael Simacek - 0:1.7.4-4 - Disallow EventData deserialization by default (CVE-2018-8088) slf4j-javadoc-1.7.4-4.el7_4 --------------------------- * Tue Mar 20 2018 Michael Simacek - 0:1.7.4-4 - Disallow EventData deserialization by default (CVE-2018-8088) slf4j-manual-1.7.4-4.el7_4 -------------------------- * Tue Mar 20 2018 Michael Simacek - 0:1.7.4-4 - Disallow EventData deserialization by default (CVE-2018-8088) sos-3.5-9.el7_5.bclinux ----------------------- * Tue Dec 04 2018 weimingjiang - Roll in BCLinux Branding spamassassin-3.4.0-4.el7_5 -------------------------- * Thu Sep 27 2018 Ondřej Lysoněk - 3.4.0-4 - Add missing Requires for perl(XSLoader) and perl(ExtUtils::MakeMaker), - which are no longer auto-generated due to a (expected) change in rpm-build - Related: rhbz#1632998 * Thu Sep 27 2018 Ondřej Lysoněk - 3.4.0-3 - Fix CVE-2018-11781 - Local user code injection in the meta rule syntax - Fix CVE-2017-15705 - Certain unclosed tags in crafted emails allow for - scan timeouts and resulting denial of service - Resolves: rhbz#1632998 spice-glib-0.34-3.el7_5.2 ------------------------- * Thu Aug 09 2018 Frediano Ziglio - 0.34-3.2 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 13 2018 Victor Toso - 0.34-3.1 - Fix migration failure when USB is enabled Resolves: rhbz#1590412 spice-glib-devel-0.34-3.el7_5.2 ------------------------------- * Thu Aug 09 2018 Frediano Ziglio - 0.34-3.2 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 13 2018 Victor Toso - 0.34-3.1 - Fix migration failure when USB is enabled Resolves: rhbz#1590412 spice-gtk-tools-0.34-3.el7_5.2 ------------------------------ * Thu Aug 09 2018 Frediano Ziglio - 0.34-3.2 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 13 2018 Victor Toso - 0.34-3.1 - Fix migration failure when USB is enabled Resolves: rhbz#1590412 spice-gtk3-0.34-3.el7_5.2 ------------------------- * Thu Aug 09 2018 Frediano Ziglio - 0.34-3.2 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 13 2018 Victor Toso - 0.34-3.1 - Fix migration failure when USB is enabled Resolves: rhbz#1590412 spice-gtk3-devel-0.34-3.el7_5.2 ------------------------------- * Thu Aug 09 2018 Frediano Ziglio - 0.34-3.2 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 13 2018 Victor Toso - 0.34-3.1 - Fix migration failure when USB is enabled Resolves: rhbz#1590412 spice-gtk3-vala-0.34-3.el7_5.2 ------------------------------ * Thu Aug 09 2018 Frediano Ziglio - 0.34-3.2 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 13 2018 Victor Toso - 0.34-3.1 - Fix migration failure when USB is enabled Resolves: rhbz#1590412 spice-server-0.14.0-2.el7_5.5 ----------------------------- * Thu Aug 09 2018 Frediano Ziglio - 0.14.0-2.5 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Tue Jun 12 2018 Victor Toso - 0.14.0-2.4 - Don't mute Record channel on client reconnection Resolves: rhbz#1582601 * Fri Apr 27 2018 Christophe Fergeau - 0.14.0-2.3 - Revert back to spice 0.12 behaviour where QXL guest resources for cursor commands are only released when the current cursor is replaced. This avoids a QEMU regression causing crashes during migration Resolves: rhbz#1572489 * Mon Mar 19 2018 Christophe Fergeau - 0.14.0-2.2 - Rebuild for missing changelog entry Related: rhbz#1551072 * Thu Mar 15 2018 Christophe Fergeau - 0.14.0-2.1 - Disable TLSv1.0 Related: rhbz#1551072 spice-server-devel-0.14.0-2.el7_5.5 ----------------------------------- * Thu Aug 09 2018 Frediano Ziglio - 0.14.0-2.5 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Tue Jun 12 2018 Victor Toso - 0.14.0-2.4 - Don't mute Record channel on client reconnection Resolves: rhbz#1582601 * Fri Apr 27 2018 Christophe Fergeau - 0.14.0-2.3 - Revert back to spice 0.12 behaviour where QXL guest resources for cursor commands are only released when the current cursor is replaced. This avoids a QEMU regression causing crashes during migration Resolves: rhbz#1572489 * Mon Mar 19 2018 Christophe Fergeau - 0.14.0-2.2 - Rebuild for missing changelog entry Related: rhbz#1551072 * Thu Mar 15 2018 Christophe Fergeau - 0.14.0-2.1 - Disable TLSv1.0 Related: rhbz#1551072 srp_daemon-15-7.el7_5 --------------------- * Tue Feb 27 2018 Jarod Wilson 15-7 - i40iw: revoke systemd udev rules auto-load on i40e hardware, due to causing problems with suspend and resume, and fall back to load via systemd rdma initscript. - Resolves: rhbz#1568325 sssd-1.16.0-19.el7_5.8 ---------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-ad-1.16.0-19.el7_5.8 ------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-client-1.16.0-19.el7_5.8 ----------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-common-1.16.0-19.el7_5.8 ----------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-common-pac-1.16.0-19.el7_5.8 --------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-dbus-1.16.0-19.el7_5.8 --------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-ipa-1.16.0-19.el7_5.8 -------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-kcm-1.16.0-19.el7_5.8 -------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-krb5-1.16.0-19.el7_5.8 --------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-krb5-common-1.16.0-19.el7_5.8 ---------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-ldap-1.16.0-19.el7_5.8 --------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-libwbclient-1.16.0-19.el7_5.8 ---------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-libwbclient-devel-1.16.0-19.el7_5.8 ---------------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-polkit-rules-1.16.0-19.el7_5.8 ----------------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-proxy-1.16.0-19.el7_5.8 ---------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-tools-1.16.0-19.el7_5.8 ---------------------------- * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sssd-winbind-idmap-1.16.0-19.el7_5.8 ------------------------------------ * Thu Jul 26 2018 Jakub Hrozek - 1.16.0-19.8 - Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z] * Tue Jul 24 2018 Jakub Hrozek - 1.16.0-19.7 - Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z] * Fri Jul 20 2018 Jakub Hrozek - 1.16.0-19.6 - Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z] * Thu May 31 2018 Fabiano Fidêncio - 1.16.0-19.5 - Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z] * Mon May 21 2018 Fabiano Fidêncio - 1.16.0-19.4 - Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.3 - Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z] * Fri May 18 2018 Fabiano Fidêncio - 1.16.0-19.2 - Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] * Mon Apr 23 2018 Fabiano Fidêncio - 1.16.0-19.1 - Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] sudo-1.8.19p2-14.el7_5 ---------------------- * Mon May 28 2018 Daniel Kopecek - 1.8.19p2-14 - Fixed deadlocking after command termination when iolog is enabled Resolves: rhbz#1582155 sudo-devel-1.8.19p2-14.el7_5 ---------------------------- * Mon May 28 2018 Daniel Kopecek - 1.8.19p2-14 - Fixed deadlocking after command termination when iolog is enabled Resolves: rhbz#1582155 systemd-219-57.el7_5.5 ---------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-devel-219-57.el7_5.5 ---------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-journal-gateway-219-57.el7_5.5 -------------------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-libs-219-57.el7_5.5 --------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-networkd-219-57.el7_5.5 ------------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-python-219-57.el7_5.5 ----------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-resolved-219-57.el7_5.5 ------------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-sysv-219-57.el7_5.5 --------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemtap-3.2-8.el7_5 --------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-client-3.2-8.el7_5 ---------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-devel-3.2-8.el7_5 --------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-initscript-3.2-8.el7_5 -------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-runtime-3.2-8.el7_5 ----------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-runtime-java-3.2-8.el7_5 ---------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-runtime-python2-3.2-8.el7_5 ------------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-runtime-virtguest-3.2-8.el7_5 --------------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-runtime-virthost-3.2-8.el7_5 -------------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-sdt-devel-3.2-8.el7_5 ------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-server-3.2-8.el7_5 ---------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) systemtap-testsuite-3.2-8.el7_5 ------------------------------- * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-8 - rhbz1563052 (stp_deref string truncation off-by-one error) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-7 - rhbz1566422 (module build-id checking broken on unload) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-6 - rhbz1567356 (backtraces broken w/ kaslr) * Tue Apr 24 2018 Frank Ch. Eigler - 3.2-5 - rhbz1558350 (nfsd.proc.create typo fix) targetcli-2.1.fb46-6.el7_5 -------------------------- * Wed Jun 13 2018 Maurizio Lombardi - 2.1.fb46-6 - handle backups with block-level delete * Mon Jun 04 2018 Maurizio Lombardi - 2.1.fb46-5 - saveconfig: way for block-level save with delete command * Mon Apr 23 2018 Maurizio Lombardi - 2.1.fb46-4 - Properly detect errors when writing backup files. (Closes: #80) (#81) - Read number of backup files to keep from file - config: defend on '/etc/target/backup' directory - config: backup when current config is different from recent backup copy - config: rename key 'kept_backups' as 'max_backup_files' - backup: global option to tune max no. of backup conf files * Fri Apr 13 2018 Maurizio Lombardi - 2.1.fb46-3 - Support tcmu hw max sectors - create: add a way to set control string * Wed Apr 11 2018 Maurizio Lombardi - 2.1.fb46-2 - Add saveconfig command to StorageObject level thunderbird-52.9.1-1.el7.centos ------------------------------- * Tue Jul 24 2018 Johnny Hughes - 52.9.1-1 - Manual CentOS Debranding * Tue Jul 10 2018 Jan Horak - 52.9.1-1 - Update to 52.9.1 * Thu May 17 2018 Jan Horak - 52.8.0-2 - Update to 52.8.0 * Mon Mar 26 2018 Jan Horak - 52.7.0-1 - Update to 52.7.0 tkinter-2.7.5-69.el7_5 ---------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 tomcat-7.0.76-8.el7_5 --------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-admin-webapps-7.0.76-8.el7_5 ----------------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-docs-webapp-7.0.76-8.el7_5 --------------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-el-2.2-api-7.0.76-8.el7_5 -------------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-javadoc-7.0.76-8.el7_5 ----------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-jsp-2.2-api-7.0.76-8.el7_5 --------------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-jsvc-7.0.76-8.el7_5 -------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-lib-7.0.76-8.el7_5 ------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-servlet-3.0-api-7.0.76-8.el7_5 ------------------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcat-webapps-7.0.76-8.el7_5 ----------------------------- * Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session. tomcatjss-7.2.1-7.el7_5 ----------------------- * Mon Jul 02 2018 Matthew Harmsen 7.2.1-7 - Updated jss build and runtime dependencies - Bugzilla Bug #1597180 - Tomcatjss: Add support for TLS_*_SHA384 ciphers [rhel-7.5.z] (cfu) tuned-2.9.0-1.el7_5.bclinux.2 ----------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-gtk-2.9.0-1.el7_5.bclinux.2 --------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-profiles-atomic-2.9.0-1.el7_5.bclinux.2 --------------------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-profiles-compat-2.9.0-1.el7_5.bclinux.2 --------------------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-profiles-cpu-partitioning-2.9.0-1.el7_5.bclinux.2 ------------------------------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-profiles-oracle-2.9.0-1.el7_5.bclinux.2 --------------------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-utils-2.9.0-1.el7_5.bclinux.2 ----------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tuned-utils-systemtap-2.9.0-1.el7_5.bclinux.2 --------------------------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tzdata-2018f-2.el7 ------------------ * Fri Oct 19 2018 Patsy Griffin Franklin - 2018f-2 - Bump release and rebuild for target. * Thu Oct 18 2018 Patsy Griffin Franklin - 2018f-1 - Europe/Volgograd will change from UTC+3 to UTC+4 on October 28,2018. - Add patch to remove use of 25:00. - Drop previous change to DST in Brazil. The government rescinded the change. * Thu Oct 11 2018 Patsy Griffin Franklin - 2018e-4 - Brazil moved the start of DST from the first Sunday in November to the third Sunday in November. * Sun May 06 2018 Patsy Franklin - 2018e-3 - Update the tzdata2018e.tar.gz file. Make the tzdata.zi file during prep. * Fri May 04 2018 Patsy Franklin - 2018e-2 - Rebase to tzdata-2018e - North Korea changed from UTC+8:30 to UTC+9 on May 5, 2018. - In this update, the upstream project now defaults to using the "vanguard" data implementation which includes negative DST offsets. However, we are continuing to provide the "rearguard" format for data which does not use negative DST offsets to provide better compatibility with existing tools. We intend to transition to the "vanguard" data implementation in the future. * Thu Mar 22 2018 Patsy Franklin - 2018d-1 - Rebase to tzdata-2018d - DST for Asia/Gaza and Asia/Hebron has changed from March 31 to March 24. - Antarctica/Casey station changed to UTC+8 on March 11. tzdata-java-2018f-2.el7 ----------------------- * Fri Oct 19 2018 Patsy Griffin Franklin - 2018f-2 - Bump release and rebuild for target. * Thu Oct 18 2018 Patsy Griffin Franklin - 2018f-1 - Europe/Volgograd will change from UTC+3 to UTC+4 on October 28,2018. - Add patch to remove use of 25:00. - Drop previous change to DST in Brazil. The government rescinded the change. * Thu Oct 11 2018 Patsy Griffin Franklin - 2018e-4 - Brazil moved the start of DST from the first Sunday in November to the third Sunday in November. * Sun May 06 2018 Patsy Franklin - 2018e-3 - Update the tzdata2018e.tar.gz file. Make the tzdata.zi file during prep. * Fri May 04 2018 Patsy Franklin - 2018e-2 - Rebase to tzdata-2018e - North Korea changed from UTC+8:30 to UTC+9 on May 5, 2018. - In this update, the upstream project now defaults to using the "vanguard" data implementation which includes negative DST offsets. However, we are continuing to provide the "rearguard" format for data which does not use negative DST offsets to provide better compatibility with existing tools. We intend to transition to the "vanguard" data implementation in the future. * Thu Mar 22 2018 Patsy Franklin - 2018d-1 - Rebase to tzdata-2018d - DST for Asia/Gaza and Asia/Hebron has changed from March 31 to March 24. - Antarctica/Casey station changed to UTC+8 on March 11. util-linux-2.23.2-52.el7_5.1 ---------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area uuidd-2.23.2-52.el7_5.1 ----------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area vdo-6.1.0.168-18 ---------------- * Sun Apr 29 2018 - Andy Walsh - 6.1.0.168-18 - Bumped NVR for z-stream candidate * Sun Apr 29 2018 - Andy Walsh - 6.1.0.168-17 - Updated source to use GitHub - Fixed bug where VDO would always be created with a dense index even when a sparse index was requested. - Resolves: rhbz#1572496 virt-dib-1.36.10-6.el7_5.2 -------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 virt-p2v-maker-1.36.10-6.el7_5.2 -------------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 virt-v2v-1.36.10-6.el7_5.2 -------------------------- * Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 - Fix qemu-img-ma dependency resolves: rhbz#1570533 * Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 - Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key resolves: rhbz#1558922 virt-who-0.21.7-1.el7_5 ----------------------- * Wed Apr 25 2018 William Poteat 0.21.7-1 - 1569299: try/exception needed for hypervisor_id check (wpoteat@redhat.com) xmlrpc-client-3.1.3-9.el7_5 --------------------------- * Wed May 23 2018 Michael Simacek - 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 xmlrpc-common-3.1.3-9.el7_5 --------------------------- * Wed May 23 2018 Michael Simacek - 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 xmlrpc-javadoc-3.1.3-9.el7_5 ---------------------------- * Wed May 23 2018 Michael Simacek - 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 xmlrpc-server-3.1.3-9.el7_5 --------------------------- * Wed May 23 2018 Michael Simacek - 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 xorg-x11-drv-wacom-0.34.2-5.el7 ------------------------------- * Thu Apr 05 2018 Peter Hutterer 0.34.2-5 - Add support for the Pro Pen 3D (#1557255) xorg-x11-drv-wacom-devel-0.34.2-5.el7 ------------------------------------- * Thu Apr 05 2018 Peter Hutterer 0.34.2-5 - Add support for the Pro Pen 3D (#1557255) xorg-x11-server-Xdmx-1.19.5-5.1.el7_5.0.1 ----------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-Xephyr-1.19.5-5.1.el7_5.0.1 ------------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-Xnest-1.19.5-5.1.el7_5.0.1 ------------------------------------------ * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-Xorg-1.19.5-5.1.el7_5.0.1 ----------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-Xvfb-1.19.5-5.1.el7_5.0.1 ----------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-Xwayland-1.19.5-5.1.el7_5.0.1 --------------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-common-1.19.5-5.1.el7_5.0.1 ------------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-devel-1.19.5-5.1.el7_5.0.1 ------------------------------------------ * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode xorg-x11-server-source-1.19.5-5.1.el7_5.0.1 ------------------------------------------- * Fri Oct 26 2018 Johnny Hughes - 1.19.5-5.1 - Fix CVE-2018-14665 * Fri Oct 12 2018 Adam Jackson - 1.19.5-5.1 - Enable backing store's Always mode yum-NetworkManager-dispatcher-1.1.31-46.el7_5 --------------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-aliases-1.1.31-46.el7_5 ---------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-auto-update-debug-info-1.1.31-46.el7_5 ------------------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-changelog-1.1.31-46.el7_5 ------------------------------------ * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-copr-1.1.31-46.el7_5 ------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-fastestmirror-1.1.31-46.el7_5 ---------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-filter-data-1.1.31-46.el7_5 -------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-fs-snapshot-1.1.31-46.el7_5 -------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-keys-1.1.31-46.el7_5 ------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-list-data-1.1.31-46.el7_5 ------------------------------------ * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-local-1.1.31-46.el7_5 -------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-merge-conf-1.1.31-46.el7_5 ------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-ovl-1.1.31-46.el7_5 ------------------------------ * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-post-transaction-actions-1.1.31-46.el7_5 --------------------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-pre-transaction-actions-1.1.31-46.el7_5 -------------------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-priorities-1.1.31-46.el7_5 ------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-protectbase-1.1.31-46.el7_5 -------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-ps-1.1.31-46.el7_5 ----------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-remove-with-leaves-1.1.31-46.el7_5 --------------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-rpm-warm-cache-1.1.31-46.el7_5 ----------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-show-leaves-1.1.31-46.el7_5 -------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-tmprepo-1.1.31-46.el7_5 ---------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-tsflags-1.1.31-46.el7_5 ---------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-upgrade-helper-1.1.31-46.el7_5 ----------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-verify-1.1.31-46.el7_5 --------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-plugin-versionlock-1.1.31-46.el7_5 -------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-updateonboot-1.1.31-46.el7_5 -------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617 yum-utils-1.1.31-46.el7_5 ------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617