Release notes for the update from 190114 to 190202 Summary: Added Packages: 0 Removed Packages: 0 Modified Packages: 101 Updated Packages names: audit 2.8.1-3.el7 2.8.1-3.el7_5.1 audit-libs 2.8.1-3.el7 2.8.1-3.el7_5.1 bind-libs-lite 9.9.4-61.el7 9.9.4-61.el7_5.1 bind-license 9.9.4-61.el7 9.9.4-61.el7_5.1 binutils 2.27-27.base.el7 2.27-28.base.el7_5.2 ca-certificates 2017.2.20-71.el7 2018.2.22-70.0.el7_5 coolkey 1.1.0-37.el7 1.1.0-37.51.el7_5 device-mapper-multipath 0.4.9-119.el7 0.4.9-119.el7_5.1 device-mapper-multipath-libs 0.4.9-119.el7 0.4.9-119.el7_5.1 dhclient 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-common 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dhcp-libs 4.2.5-68.el7.centos 4.2.5-68.el7.centos.1 dracut 033-535.el7 033-535.el7_5.1 dracut-config-rescue 033-535.el7 033-535.el7_5.1 dracut-fips 033-535.el7 033-535.el7_5.1 dracut-network 033-535.el7 033-535.el7_5.1 e2fsprogs 1.42.9-11.el7 1.42.9-12.el7_5 e2fsprogs-libs 1.42.9-11.el7 1.42.9-12.el7_5 firewalld 0.4.4.4-14.el7 0.4.4.4-15.el7_5 firewalld-filesystem 0.4.4.4-14.el7 0.4.4.4-15.el7_5 gnupg2 2.0.22-4.el7 2.0.22-5.el7_5 gsettings-desktop-schemas 3.24.1-1.el7 3.24.1-2.el7_5 gtk-update-icon-cache 3.22.26-3.el7 3.22.26-4.el7_5 initscripts 9.49.41-1.el7 9.49.41-1.el7_5.2 iptables 1.4.21-24.el7 1.4.21-24.1.el7_5 iwl1000-firmware 39.31.5.1-62.el7 39.31.5.1-62.2.el7_5 iwl100-firmware 39.31.5.1-62.el7 39.31.5.1-62.2.el7_5 iwl105-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl135-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl2000-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl2030-firmware 18.168.6.1-62.el7 18.168.6.1-62.2.el7_5 iwl3160-firmware 22.0.7.0-62.el7 22.0.7.0-62.2.el7_5 iwl3945-firmware 15.32.2.9-62.el7 15.32.2.9-62.2.el7_5 iwl4965-firmware 228.61.2.24-62.el7 228.61.2.24-62.2.el7_5 iwl5000-firmware 8.83.5.1_1-62.el7 8.83.5.1_1-62.2.el7_5 iwl5150-firmware 8.24.2.2-62.el7 8.24.2.2-62.2.el7_5 iwl6000-firmware 9.221.4.1-62.el7 9.221.4.1-62.2.el7_5 iwl6000g2a-firmware 17.168.5.3-62.el7 17.168.5.3-62.2.el7_5 iwl6000g2b-firmware 17.168.5.2-62.el7 17.168.5.2-62.2.el7_5 iwl6050-firmware 41.28.5.1-62.el7 41.28.5.1-62.2.el7_5 iwl7260-firmware 22.0.7.0-62.el7 22.0.7.0-62.2.el7_5 iwl7265-firmware 22.0.7.0-62.el7 22.0.7.0-62.2.el7_5 kernel 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-tools 3.10.0-862.el7 3.10.0-862.27.1.el7 kernel-tools-libs 3.10.0-862.el7 3.10.0-862.27.1.el7 kexec-tools 2.0.15-13.el7 2.0.15-13.el7_5.2 kpartx 0.4.9-119.el7 0.4.9-119.el7_5.1 krb5-libs 1.15.1-18.el7 1.15.1-19.el7 libblkid 2.23.2-52.el7 2.23.2-52.el7_5.1 libcom_err 1.42.9-11.el7 1.42.9-12.el7_5 libgcc 4.8.5-28.el7 4.8.5-28.el7_5.1 libgomp 4.8.5-28.el7 4.8.5-28.el7_5.1 libgudev1 219-57.el7 219-57.el7_5.5 libmount 2.23.2-52.el7 2.23.2-52.el7_5.1 libreswan 3.23-3.el7 3.23-5.el7_5 libss 1.42.9-11.el7 1.42.9-12.el7_5 libstdc++ 4.8.5-28.el7 4.8.5-28.el7_5.1 libuuid 2.23.2-52.el7 2.23.2-52.el7_5.1 linux-firmware 20180220-62.git6d51311.el7 20180220-62.2.git6d51311.el7_5 mariadb-libs 5.5.56-2.el7 5.5.60-1.el7_5 microcode_ctl 2.1-29.el7 2.1-29.16.el7_5 mokutil 12-1.el7.bclinux 12-2.el7_5.bclinux NetworkManager 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-adsl 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-bluetooth 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-glib 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-libnm 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-team 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-tui 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-wifi 1.10.2-13.el7 1.10.2-16.el7_5 NetworkManager-wwan 1.10.2-13.el7 1.10.2-16.el7_5 nspr 4.17.0-1.el7 4.19.0-1.el7_5 nss 3.34.0-4.el7 3.36.0-7.el7_5 nss-softokn 3.34.0-2.el7 3.36.0-5.el7_5 nss-softokn-freebl 3.34.0-2.el7 3.36.0-5.el7_5 nss-sysinit 3.34.0-4.el7 3.36.0-7.el7_5 nss-tools 3.34.0-4.el7 3.36.0-7.el7_5 nss-util 3.34.0-2.el7 3.36.0-1.el7_5 openldap 2.4.44-13.el7 2.4.44-15.el7_5 openscap 1.2.16-6.el7 1.2.16-8.el7_5 openscap-scanner 1.2.16-6.el7 1.2.16-8.el7_5 patch 2.7.1-8.el7 2.7.1-10.el7_5 procps-ng 3.3.10-17.el7 3.3.10-17.el7_5.2 python 2.7.5-68.el7 2.7.5-69.el7_5 python-firewall 0.4.4.4-14.el7 0.4.4.4-15.el7_5 python-libs 2.7.5-68.el7 2.7.5-69.el7_5 python-perf 3.10.0-862.el7 3.10.0-862.27.1.el7 qemu-guest-agent 2.8.0-2.el7 2.8.0-2.el7_5.1 rsyslog 8.24.0-16.el7 8.24.0-16.el7_5.4 scap-security-guide 0.1.36-7.el7.bclinux 0.1.36-10.el7_5.bclinux selinux-policy 3.13.1-192.el7 3.13.1-192.el7_5.6 selinux-policy-targeted 3.13.1-192.el7 3.13.1-192.el7_5.6 shim-x64 12-1.el7.bclinux 12-2.el7_5.bclinux sudo 1.8.19p2-13.el7 1.8.19p2-14.el7_5 systemd 219-57.el7 219-57.el7_5.5 systemd-libs 219-57.el7 219-57.el7_5.5 systemd-sysv 219-57.el7 219-57.el7_5.5 tuned 2.9.0-1.el7.bclinux 2.9.0-1.el7_5.bclinux.2 tzdata 2018c-1.el7 2018f-2.el7 util-linux 2.23.2-52.el7 2.23.2-52.el7_5.1 yum-plugin-fastestmirror 1.1.31-45.el7 1.1.31-46.el7_5 Updated Packages: NetworkManager-1.10.2-16.el7_5 ------------------------------ * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-adsl-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-bluetooth-1.10.2-16.el7_5 ---------------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-glib-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-libnm-1.10.2-16.el7_5 ------------------------------------ * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-team-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-tui-1.10.2-16.el7_5 ---------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-wifi-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) NetworkManager-wwan-1.10.2-16.el7_5 ----------------------------------- * Fri Jun 15 2018 Thomas Haller - 1:1.10.2-16 - device: fix crash during reapply of connection settings (rh #1591631) * Wed Jun 06 2018 Beniamino Galvani - 1:1.10.2-15 - device: start IP configuration when master carrier goes up (rh #1576254) * Mon Apr 23 2018 Beniamino Galvani - 1:1.10.2-14 - manager: retry activating devices when the parent becomes managed (rh #1553595) - manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265) - manager: fix starting teamd after service restart (rh #1551958) audit-2.8.1-3.el7_5.1 --------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot audit-libs-2.8.1-3.el7_5.1 -------------------------- * Mon Jul 23 2018 Steve Grubb 2.8.1-3.el7_5.1 resolves: #1607298 - auditd sometimes in failed state after boot bind-libs-lite-9.9.4-61.el7_5.1 ------------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 bind-license-9.9.4-61.el7_5.1 ----------------------------- * Thu Aug 09 2018 Petr Menšík - 32:9.9.4-61.1 - Fix CVE-2018-5740 binutils-2.27-28.base.el7_5.2 ----------------------------- * Tue Dec 11 2018 Nick Clifton 2.27-28.base.2 - Backport patch to stop strip from corrupting unrecognised relocs. (#1660558) * Tue May 29 2018 Nick Clifton 2.27-28.base.1 - Fix the N-V-R for z-stream release. * Fri May 25 2018 Marek Polacek 2.27-28.base.0.0.hotfix.1.bz1582602 - Hotfix build. * Fri May 25 2018 Marek Polacek 2.27-28.base - Allow "lea foo@GOT, %reg" in PIC mode on the x86. (#1582602) ca-certificates-2018.2.22-70.0.el7_5 ------------------------------------ * Wed Mar 14 2018 Kai Engert - 2018.2.22-70.0 - Update to CKBI 2.22 from NSS 3.35 coolkey-1.1.0-37.51.el7_5 ------------------------- * Mon Jun 25 2018 Robert Relyea - 1.1.0-37.51 - Fix regression in alt token patch that prevented blank cards from working in ESC. * Mon Apr 23 2018 Robert Relyea - 1.1.0-37.50 - support cac alt tokens which don't have a cert is slot 0, don't have a CCC, and uses a ACA. device-mapper-multipath-0.4.9-119.el7_5.1 ----------------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 device-mapper-multipath-libs-0.4.9-119.el7_5.1 ---------------------------------------------- * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 dhclient-4.2.5-68.el7.centos.1 ------------------------------ * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dhcp-common-4.2.5-68.el7.centos.1 --------------------------------- * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dhcp-libs-4.2.5-68.el7.centos.1 ------------------------------- * Tue May 15 2018 CentOS Sources - 4.2.5-68.el7.centos.1 - Roll in CentOS Branding * Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character dracut-033-535.el7_5.1 ---------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-config-rescue-033-535.el7_5.1 ------------------------------------ * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-fips-033-535.el7_5.1 --------------------------- * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 dracut-network-033-535.el7_5.1 ------------------------------ * Wed Jun 13 2018 Lukas Nykryn - 033-535.1 - dracut.sh: workaround broken read from /proc/modules Resolves: #1578222 e2fsprogs-1.42.9-12.el7_5 ------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) e2fsprogs-libs-1.42.9-12.el7_5 ------------------------------ * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) firewalld-0.4.4.4-15.el7_5 -------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections firewalld-filesystem-0.4.4.4-15.el7_5 ------------------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections gnupg2-2.0.22-5.el7_5 --------------------- * Thu Jun 21 2018 Tomáš Mráz - 2.0.22-5 - fix CVE-2018-12020 - missing sanitization of original filename gsettings-desktop-schemas-3.24.1-2.el7_5 ---------------------------------------- * Tue Apr 17 2018 Carlos Garnacho - 3.24.1-2 - Add support for Wacom Pro Pen 3D styli Resolves: #1568715 gtk-update-icon-cache-3.22.26-4.el7_5 ------------------------------------- * Mon Apr 09 2018 Debarshi Ray - 3.22.26-4 - Avoid a division by zero with RandR 1.3 - Resolves: #1502788 initscripts-9.49.41-1.el7_5.2 ----------------------------- * Tue Aug 28 2018 David Kaspar [Dee'Kej] - 9.49.41-1.el7_5.2 - ifup-post: fix incorrect condition for RESOLV_MODS (bug #1622533) * Mon Jun 11 2018 David Kaspar [Dee'Kej] - 9.49.41-1.el7_5.1 - network-scripts: setting of firewall ZONE fixed (bug #1588566) iptables-1.4.21-24.1.el7_5 -------------------------- * Tue Apr 03 2018 Phil Sutter - 1.4.21-24.1 - Fix for stopping iptables and ip6tables at the same time (RHBZ#1563168) - Propagate errors on service stop (RHBZ#1563168) - Avoid overwriting parent's return code (RHBZ#1563168) iwl100-firmware-39.31.5.1-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl1000-firmware-39.31.5.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl105-firmware-18.168.6.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl135-firmware-18.168.6.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl2000-firmware-18.168.6.1-62.2.el7_5 -------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl2030-firmware-18.168.6.1-62.2.el7_5 -------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl3160-firmware-22.0.7.0-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl3945-firmware-15.32.2.9-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl4965-firmware-228.61.2.24-62.2.el7_5 --------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl5000-firmware-8.83.5.1_1-62.2.el7_5 -------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl5150-firmware-8.24.2.2-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6000-firmware-9.221.4.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6000g2a-firmware-17.168.5.3-62.2.el7_5 ----------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6000g2b-firmware-17.168.5.2-62.2.el7_5 ----------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl6050-firmware-41.28.5.1-62.2.el7_5 ------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl7260-firmware-22.0.7.0-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) iwl7265-firmware-22.0.7.0-62.2.el7_5 ------------------------------------ * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) kernel-3.10.0-862.27.1.el7 -------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-tools-3.10.0-862.27.1.el7 -------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kernel-tools-libs-3.10.0-862.27.1.el7 ------------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] kexec-tools-2.0.15-13.el7_5.2 ----------------------------- * Thu Aug 16 2018 Pingfan Liu 2.0.15-13.2 - kdumpctl: Remove 'netroot' and 'iscsi initiator' entries from kdump cmdline * Tue Jun 26 2018 Pingfan Liu 2.0.15-13.1 - makedumpfile: fix for hugepages filtering kpartx-0.4.9-119.el7_5.1 ------------------------ * Tue Jul 24 2018 Benjamin Marzinski 0.4.9-119.1 - Add 0237-RHBZ-1607749-add-transport-blacklist.patch * and new blacklist option, "protocol" - Resolves: bz #1607749 krb5-libs-1.15.1-19.el7 ----------------------- * Fri Mar 02 2018 Robbie Harwood - 1.15.1-19 - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 libblkid-2.23.2-52.el7_5.1 -------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libcom_err-1.42.9-12.el7_5 -------------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) libgcc-4.8.5-28.el7_5.1 ----------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgomp-4.8.5-28.el7_5.1 ------------------------ * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libgudev1-219-57.el7_5.5 ------------------------ * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) libmount-2.23.2-52.el7_5.1 -------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area libreswan-3.23-5.el7_5 ---------------------- * Fri May 25 2018 Paul Wouters - 3.23-5 - Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode [spec file only update] * Wed May 02 2018 Paul Wouters - 3.23-4 - Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode when RSA key is generated - Resolves: rhbz#1574456 Shared IKE SA leads to rekey interop issues - Resolves: rhbz#1574457 IKEv2 liveness false positive on IKEv2 idle connections causes tunnel to be restarted libss-1.42.9-12.el7_5 --------------------- * Fri Mar 23 2018 Lukas Czerner 1.42.9-12 - Fix 32/64-bit overflow when multiplying by blocks/clusters per group (#1553004) libstdc++-4.8.5-28.el7_5.1 -------------------------- * Tue Mar 27 2018 Jeff Law 4.8.5-29 - s390 retpoline support for spectre mitigation (#1552021) libuuid-2.23.2-52.el7_5.1 ------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area linux-firmware-20180220-62.2.git6d51311.el7_5 --------------------------------------------- * Wed Jun 06 2018 Bruno E. O. Meneguele 20180220-62.2.git6d51311 - amd: update microcode for family 15h v2018-05-24 (rhbz 1585939) * Tue May 22 2018 Bruno E. O. Meneguele 20180220-62.1.git6d51311 - amd: add microcode for family 17h and update for family 15h (rhbz 1576321) mariadb-libs-5.5.60-1.el7_5 --------------------------- * Thu May 10 2018 Michal Schorm - 1:5.5.60-1 - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 microcode_ctl-2.1-29.16.el7_5 ----------------------------- * Wed Sep 05 2018 Eugene Syromiatnikov - 2:2.1-29.16 - Add 7.3.z kernel version to kernel_early configuration. * Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-29.15 - Fix dracut module checks in Host-Only mode. * Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-29.14 - Disable 06-4f-01 microcode in config (#1623630). * Wed Aug 29 2018 Eugene Syromiatnikov - 2:2.1-29.12 - Drop "hypervisor" /proc/cpuinfo flag check. - Intel CPU microcode update to 20180807a. - Add README.caveats documentation file. - Add intel-microcode2ucode manual page. - Add check for early microcode load, use it in microcode_ctl dracut module. - Check that the currently running kernel is installed before running dracut -f. * Fri Aug 10 2018 Eugene Syromiatnikov - 2:2.1-29.11 - Add an ability to disable "hypervisor" /proc/cpuinfo flag check. - Intel CPU microcode update to 20180807. - Resolves: #1614847. * Fri Jul 27 2018 Eugene Syromiatnikov - 2:2.1-29.10 - Provide %attr for the ghosted /lib/firmware. * Thu Jul 26 2018 Eugene Syromiatnikov - 2:2.1-29.9 - Remove model name blacklists from caveats configuration files. * Tue Jul 24 2018 Eugene Syromiatnikov - 2.1-29.8 - Add model name blacklist infrastructure. - Store Intel ucode files in /usr/share/microcode_ctl; do not populate them in a virtualised environment. - Resolves: #1576334 * Tue Jul 17 2018 Eugene Syromiatnikov - 2.1-29.7 - Add infrastructure for handling kernel-version-dependant microcode. - Resolves: #1576334 * Mon Jul 16 2018 Eugene Syromiatnikov - 2.1-29.4 - Intel CPU microcode update to 20180703. - Resolves: #1573456 mokutil-12-2.el7_5.bclinux -------------------------- * Fri Aug 24 2018 Fabian Arrotin - 12-2.el7 - Rebuilt with new shim (built with new key/cert) nspr-4.19.0-1.el7_5 ------------------- * Mon Mar 05 2018 Daiki Ueno - 4.19.0-1 - Rebase to NSPR 4.19 * Thu Mar 01 2018 Daiki Ueno - 4.19.0-0.1.beta - Rebase to NSPR 4.19 BETA nss-3.36.0-7.el7_5 ------------------ * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-softokn-3.36.0-5.el7_5 -------------------------- * Mon Mar 19 2018 Daiki Ueno - 3.36.0-5 - Use correct tarball of NSS 3.36.0 release * Thu Mar 15 2018 Bob Relyea - 3.36.0-4 - Clear AES key information after use * Wed Mar 07 2018 Daiki Ueno - 3.36.0-3 - Revert the default behavior change in filesystem probes * Wed Mar 07 2018 Bob Relyea - 3.36.0-2 - Add KAS tests to fipstest * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Update to NSS 3.36.0 * Mon Mar 05 2018 Daiki Ueno - 3.36.0-0.3.beta - Apply upstream patch likely to be part of the official release * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.2.beta - Restore nss-softokn-3.16-add_encrypt_derive.patch to add back support for single DES mechanisms * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Update to NSS 3.36 BETA - Remove upstreamed nss-softokn-3.16-add_encrypt_derive.patch - Remove upstreamed nss-softokn-3.28-fix-fips-login.patch - Remove upstreamed nss-softokn-fix-ecc-post.patch nss-softokn-freebl-3.36.0-5.el7_5 --------------------------------- * Mon Mar 19 2018 Daiki Ueno - 3.36.0-5 - Use correct tarball of NSS 3.36.0 release * Thu Mar 15 2018 Bob Relyea - 3.36.0-4 - Clear AES key information after use * Wed Mar 07 2018 Daiki Ueno - 3.36.0-3 - Revert the default behavior change in filesystem probes * Wed Mar 07 2018 Bob Relyea - 3.36.0-2 - Add KAS tests to fipstest * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Update to NSS 3.36.0 * Mon Mar 05 2018 Daiki Ueno - 3.36.0-0.3.beta - Apply upstream patch likely to be part of the official release * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.2.beta - Restore nss-softokn-3.16-add_encrypt_derive.patch to add back support for single DES mechanisms * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Update to NSS 3.36 BETA - Remove upstreamed nss-softokn-3.16-add_encrypt_derive.patch - Remove upstreamed nss-softokn-3.28-fix-fips-login.patch - Remove upstreamed nss-softokn-fix-ecc-post.patch nss-sysinit-3.36.0-7.el7_5 -------------------------- * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-tools-3.36.0-7.el7_5 ------------------------ * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7 - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) * Thu Apr 19 2018 Daiki Ueno - 3.36.0-6 - Exercise SSL tests which only run under non-FIPS setting * Wed Apr 18 2018 Daiki Ueno - 3.36.0-5 - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h * Fri Apr 13 2018 Daiki Ueno - 3.36.0-4 - Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode * Tue Mar 27 2018 Daiki Ueno - 3.36.0-3 - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running * Mon Mar 12 2018 Daiki Ueno - 3.36.0-2 - Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 nss-util-3.36.0-1.el7_5 ----------------------- * Mon Mar 05 2018 Daiki Ueno - 3.36.0-1 - Rebase to NSS 3.36 * Thu Mar 01 2018 Daiki Ueno - 3.36.0-0.1.beta - Rebase to NSS 3.36 BETA openldap-2.4.44-15.el7_5 ------------------------ * Tue Apr 03 2018 Matus Honek - 2.4.44-15 - Bump release to version 2.4.44-15 * Thu Mar 29 2018 Matus Honek - 2.4.44-14 - MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1563080) openscap-1.2.16-8.el7_5 ----------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) openscap-scanner-1.2.16-8.el7_5 ------------------------------- * Thu Apr 19 2018 Martin Preisler - 1.2.16-8 - Use the chroot mode for rpm probes (#1556988) * Wed Apr 18 2018 Martin Preisler - 1.2.16-7 - Use the chroot mode for textfilecontent (#1547107) patch-2.7.1-10.el7_5 -------------------- * Fri Apr 13 2018 Than Ngo - 2.7.1-10 - Fixed Coverity reported issues * Mon Apr 09 2018 Than Ngo - 2.7.1-9 - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands procps-ng-3.3.10-17.el7_5.2 --------------------------- * Tue May 15 2018 Kamil Dudka - 3.3.10-17.el7_5.2 - check for truncation after calling snprintf() - Related: CVE-2018-1124 * Fri May 11 2018 Kamil Dudka - 3.3.10-17.el7_5.1 - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 python-2.7.5-69.el7_5 --------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-firewall-0.4.4.4-15.el7_5 -------------------------------- * Fri Aug 10 2018 Eric Garver - 0.4.4.4-15 - backport patches to avoid NM for generated connections python-libs-2.7.5-69.el7_5 -------------------------- * Wed May 30 2018 Charalampos Stratakis - 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 python-perf-3.10.0-862.27.1.el7 ------------------------------- * Fri Dec 14 2018 Rado Vrbovsky [3.10.0-862.27.1.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1630693 1630694] {CVE-2018-14646} - [fs] Force log to disk before reading the AGF during a fstrim (Carlos Maiolino) [1657142 1564186] - [md] raid1: panic because of using freed memory (Xiao Ni) [1656499 1632575] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1655043 1625721] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1655043 1625721] - [scsi] libfc: don't advance state machine for incoming FLOGI (Chris Leech) [1655043 1625721] - [block] clear ctx pending bit under ctx lock (Ming Lei) [1650469 1633675] - [security] Make [un]register_lsm_notifier() null ops if !selinux_enabled (Don Dutile) [1648810 1621072] - [x86] kprobes: Use 5-byte NOP when the code might be modified by ftrace (Josh Poimboeuf) [1647815 1577050] - [fs] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: uffdio_copy: set the page dirty if VM_WRITE is not set (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: add i_size checks (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: disable irqs when taking the waitqueue lock (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd.c: remove redundant pointer uwq (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [mm] userfaultfd: prevent non-cooperative events vs mcopy_atomic races (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] userfaultfd: convert to use anon_inode_getfd() (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} - [fs] mm, userfaultfd, thp: avoid waiting when PMD under THP migration (Andrea Arcangeli) [1640517 1640519] {CVE-2018-18397} * Thu Nov 08 2018 Jan Stancek [3.10.0-862.26.1.el7] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1647328 1609890] * Tue Nov 06 2018 Jan Stancek [3.10.0-862.25.1.el7] - [s390] detect etoken facility (Hendrik Brueckner) [1635134 1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1635134 1625349] - [s390] use expoline thunks in the BPF JIT (Hendrik Brueckner) [1636884 1583564] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1636884 1583564] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1636884 1583564] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] lib: use expoline for indirect branches (Hendrik Brueckner) [1636884 1583564] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1636884 1583564] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1636884 1583564] - [s390] add assembler macros for CPU alternatives (Hendrik Brueckner) [1636884 1583564] - [s390] ftrace: optimize mcount code (Hendrik Brueckner) [1636884 1583564] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644674 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644672 1632898] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635796 1619793] - [fs] nfsv4: Fix a typo in nfs41_sequence_process (Steve Dickson) [1634721 1596713] - [fs] nfsv4: revert commit 5f83d86cf531d ("nfsv4.x: Fix wraparound issues..") (Steve Dickson) [1634721 1596713] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634707 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634707 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634707 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634707 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634707 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634707 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634707 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634707 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634707 1575768] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1626034 1554777] - [scsi] lpfc: Fix Abort request WQ selection (Dick Kennedy) [1626034 1519548] - [drm] ast: Load lut in crtc_commit (Dave Airlie) [1639350 1630037] * Tue Oct 30 2018 Rado Vrbovsky [3.10.0-862.24.1.el7] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644237 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644237 1613248] * Fri Oct 26 2018 Rado Vrbovsky [3.10.0-862.23.1.el7] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643361 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643361 1608955] * Fri Oct 19 2018 Rado Vrbovsky [3.10.0-862.22.1.el7] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640676 1601153] - [usb] revert "cdc-wdm: fix "out-of-sync" due to missing notifications" (Torez Smith) [1640189 1494216] - [nvme] pci: serialize pci resets (David Milburn) [1637104 1543698] * Thu Oct 04 2018 Rado Vrbovsky [3.10.0-862.21.1.el7] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1635132 1632050] * Mon Oct 01 2018 Rado Vrbovsky [3.10.0-862.20.1.el7] - [md] raid10 set default value for max_sectors (Nigel Croxon) [1630436 1594014] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1630191 1620041] - [pci] Add wrappers for dev_printk() (Jarod Wilson) [1630191 1495223] - [scsi] qla2xxx: Avoid double completion of abort command (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix incorrect handle for abort IOCB (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix queue ID for async abort with Multiqueue (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Fix double free bug after firmware timeout (Himanshu Madhani) [1624503 1547714] - [scsi] qla2xxx: Return error when TMF returns (Himanshu Madhani) [1622526 1599351] - [scsi] qla2xxx: Fix NULL pointer crash due to active timer for ABTS (Himanshu Madhani) [1622526 1599351] - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620554 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621997 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621997 1523151] - [netdrv] igb: Remove superfluous reset to PHY and page 0 selection (Corinna Vinschen) [1619125 1611610] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} * Mon Sep 24 2018 Rado Vrbovsky [3.10.0-862.19.1.el7] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1631648 1607907] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1630195 1626358] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629568 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629568 1619602] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1626948 1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1626948 1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1626948 1588002] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1626374 1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1626374 1621969] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1625537 1609717] - [mm] swap: divide-by-zero when zero length swap file on ssd (Joe Lawrence) [1624501 1608965] - [mm] swap: warn when a swap area overflows the maximum size (Joe Lawrence) [1624501 1608965] - [mm] kvfree the swap cluster info if the swap file is unsatisfactory (Joe Lawrence) [1624501 1608965] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613923 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613710 1613650] {CVE-2017-18344} * Mon Sep 17 2018 Rado Vrbovsky [3.10.0-862.18.1.el7] - [fs] nfsd: remove blocked locks on client teardown (Scott Mayhew) [1628562 1504058] - [mm] shm_mnt is as longterm as it gets (Aaron Tomlin) [1628073 1597314] - [net] route: also update fnhe_genid when updating a route cache (Xin Long) [1627788 1523073] - [net] route: update fnhe_expires for redirect when the fnhe exists (Xin Long) [1627788 1523073] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] qemu-guest-agent-2.8.0-2.el7_5.1 -------------------------------- * Tue Jul 17 2018 Wainer dos Santos Moschetta - 2.8.0-2.el7_5.1 - Corrected the package version from 2.8.0-3.el7 to 2.8.0-2.el7_5.1 - Resolves: bz#1598210 (Backport some features to 2.8 in RHEL 7.5 [rhel-7.5.z]) * Fri Jul 13 2018 Wainer dos Santos Moschetta - 2.8.0-3.el7 - qemuga-qga-Add-guest-get-host-name-command.patch [bz#1598210] - qemuga-qga-Add-guest-get-users-command.patch [bz#1598210] - qemuga-qga-Add-guest-get-timezone-command.patch [bz#1598210] - qemuga-qemu-ga-check-if-utmpx.h-is-available-on-the-system.patch [bz#1598210] - qemuga-qemu-ga-add-guest-get-osinfo-command.patch [bz#1598210] - qemuga-test-qga-pass-environemnt-to-qemu-ga.patch [bz#1598210] - qemuga-test-qga-add-test-for-guest-get-osinfo.patch [bz#1598210] - Resolves: bz#1598210 (Backport some features to 2.8 in RHEL 7.5 [rhel-7.5.z]) rsyslog-8.24.0-16.el7_5.4 ------------------------- * Mon Apr 16 2018 Jiri Vymazal - 8.24.0-16.5 RHEL 7.5.z ERRATUM - fixed imjournal duplicating msgs under some conditions resolves: rhbz#1545582 scap-security-guide-0.1.36-10.el7_5.bclinux ------------------------------------------- * Wed Sep 26 2018 Johnny Hughes - 0.1.36-10 - Manual CentOS Debranding * Wed Jun 27 2018 Matěj Týč - 0.1.36-10 - Fix local/d typos in Ansible remediation (RHBZ#1592887) - Fix Ansible remediation of SELinux policies (RHBZ#1592970) - Fix Ansible remediation of login.defs umask (RHBZ#1592957) * Fri Apr 27 2018 Watson Yuuma Sato - 0.1.36-9 - Fix remediation of AIDE notification (RHBZ#1571315) * Wed Apr 25 2018 Watson Yuuma Sato - 0.1.36-8 - Allow AIDE to notify other emails than only root (RHBZ#1571315) - Fix some failing rules from profiles PCI-DSS, DISA STIG and USGCB (RHBZ#1571312) - Fix kernel module loading rules (RHBZ#1571319) selinux-policy-3.13.1-192.el7_5.6 --------------------------------- * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 selinux-policy-targeted-3.13.1-192.el7_5.6 ------------------------------------------ * Tue Jul 31 2018 Lukas Vrabec - 3.13.1-192.6 - Allow virtlogd_t domain to chat via dbus with systemd_logind Resolves: rhbz#1593740 * Fri Jun 29 2018 Lukas Vrabec - 3.13.1-192.5 - Allow virtlogd_t domain to write inhibit systemd pipes. Resolves: rhbz#1596730 * Thu Jun 07 2018 Lukas Vrabec - 3.13.1-192.4 - Allow certmonger to sends emails Resolves: rhbz#1588363 * Wed Mar 28 2018 Lukas Vrabec - 3.13.1-192.3 - Allow snapperd_t domain to unmount fs_t filesystems Resolves: rhbz#1561424 * Mon Mar 26 2018 Lukas Vrabec - 3.13.1-192.2 - Allow snapperd_t to set priority for kernel processes Resolves: rhbz#1558656 * Wed Mar 21 2018 Lukas Vrabec - 3.13.1-192.1 - Backport several changes for snapperdfrom Fedora Rawhide Resolves: rhbz#1558656 shim-x64-12-2.el7_5.bclinux --------------------------- * Fri Aug 24 2018 Fabian Arrotin - 12-2.el7 - Rebuilt with new shim (built with new key/cert) sudo-1.8.19p2-14.el7_5 ---------------------- * Mon May 28 2018 Daniel Kopecek - 1.8.19p2-14 - Fixed deadlocking after command termination when iolog is enabled Resolves: rhbz#1582155 systemd-219-57.el7_5.5 ---------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-libs-219-57.el7_5.5 --------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) systemd-sysv-219-57.el7_5.5 --------------------------- * Wed Jan 16 2019 Lukas Nykryn - 219-57.5 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 14 2019 Lukas Nykryn - 219-57.4 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Fri Aug 31 2018 Lukas Nykryn - 219-57.3 - restart automounts unit on update (#1596241) * Mon Jul 30 2018 Lukas Nykryn - 219-57.2 - automount: handle state changes of the corresponding mount unit correctly (#1596241) * Mon Jun 25 2018 Lukas Nykryn - 219-57.1 - umount: always use MNT_FORCE in umount_all() (#7213) (#1571098) - core: Implement timeout based umount/remount limit (#1571098) - core: Implement sync_with_progress() (#1571098) tuned-2.9.0-1.el7_5.bclinux.2 ----------------------------- * Wed Aug 08 2018 Jaroslav Škarvada - 2.9.0-1.2 - use online CPUs for cpusets calculations instead of present CPUs resolves: rhbz#1613951 * Wed Jul 04 2018 Jaroslav Škarvada - 2.9.0-1.1 - plugin_scheduler: whitelist/blacklist processed also for thread names resolves: rhbz#1598031 tzdata-2018f-2.el7 ------------------ * Fri Oct 19 2018 Patsy Griffin Franklin - 2018f-2 - Bump release and rebuild for target. * Thu Oct 18 2018 Patsy Griffin Franklin - 2018f-1 - Europe/Volgograd will change from UTC+3 to UTC+4 on October 28,2018. - Add patch to remove use of 25:00. - Drop previous change to DST in Brazil. The government rescinded the change. * Thu Oct 11 2018 Patsy Griffin Franklin - 2018e-4 - Brazil moved the start of DST from the first Sunday in November to the third Sunday in November. * Sun May 06 2018 Patsy Franklin - 2018e-3 - Update the tzdata2018e.tar.gz file. Make the tzdata.zi file during prep. * Fri May 04 2018 Patsy Franklin - 2018e-2 - Rebase to tzdata-2018e - North Korea changed from UTC+8:30 to UTC+9 on May 5, 2018. - In this update, the upstream project now defaults to using the "vanguard" data implementation which includes negative DST offsets. However, we are continuing to provide the "rearguard" format for data which does not use negative DST offsets to provide better compatibility with existing tools. We intend to transition to the "vanguard" data implementation in the future. * Thu Mar 22 2018 Patsy Franklin - 2018d-1 - Rebase to tzdata-2018d - DST for Asia/Gaza and Asia/Hebron has changed from March 31 to March 24. - Antarctica/Casey station changed to UTC+8 on March 11. util-linux-2.23.2-52.el7_5.1 ---------------------------- * Thu Jul 12 2018 Karel Zak 2.23.2-52.el7_5.1 - fix #1594681 - blkid does not output swap area yum-plugin-fastestmirror-1.1.31-46.el7_5 ---------------------------------------- * Fri Jul 20 2018 Michal Domonkos - 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug#1600617