Release notes for the update from 190529 to 190730 Summary: Added Packages: 0 Removed Packages: 0 Modified Packages: 93 Updated Packages: NetworkManager-1.12.0-10.el7_6 ------------------------------ * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-adsl-1.12.0-10.el7_6 ----------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-bluetooth-1.12.0-10.el7_6 ---------------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-glib-1.12.0-10.el7_6 ----------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-libnm-1.12.0-10.el7_6 ------------------------------------ * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-team-1.12.0-10.el7_6 ----------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-tui-1.12.0-10.el7_6 ---------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-wifi-1.12.0-10.el7_6 ----------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) NetworkManager-wwan-1.12.0-10.el7_6 ----------------------------------- * Mon Mar 04 2019 Beniamino Galvani - 1:1.12.0-10 - manager: ignore ovs-system master when assuming connections (rh #1676551) - device: do ARP announcements only after masters have a slave (rh #1678796) * Tue Feb 19 2019 Beniamino Galvani - 1:1.12.0-9 - device: restore routes after a link down event (rh #1676551) * Fri Nov 02 2018 Thomas Haller - 1:1.12.0-8 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) * Mon Oct 22 2018 Beniamino Galvani - 1:1.12.0-7 - manager: accept non-null device for VPN activations (rh #1641174) - drop dependency of NetworkManager-ovs on openvswitch (rh #1633190) bind-libs-9.9.4-73.el7_6 ------------------------ * Fri Nov 23 2018 Petr Menšík - 32:9.9.4-73 - Fixes debug level comments (#1647539) bind-libs-lite-9.9.4-73.el7_6 ----------------------------- * Fri Nov 23 2018 Petr Menšík - 32:9.9.4-73 - Fixes debug level comments (#1647539) bind-license-9.9.4-73.el7_6 --------------------------- * Fri Nov 23 2018 Petr Menšík - 32:9.9.4-73 - Fixes debug level comments (#1647539) bind-utils-9.9.4-73.el7_6 ------------------------- * Fri Nov 23 2018 Petr Menšík - 32:9.9.4-73 - Fixes debug level comments (#1647539) cronie-1.4.11-20.el7_6 ---------------------- * Tue Oct 23 2018 Marcel Plch - 1.4.11-20 - Fix race condition when crontab is modified the same second before and after reading the crontab - Resolves: rhbz#1638691 cronie-anacron-1.4.11-20.el7_6 ------------------------------ * Tue Oct 23 2018 Marcel Plch - 1.4.11-20 - Fix race condition when crontab is modified the same second before and after reading the crontab - Resolves: rhbz#1638691 dbus-1.10.24-13.el7_6 --------------------- * Tue Dec 11 2018 David King - 1:1.10.24-13 - Add a symlink for dbus-daemon-launch-helper (#1568856) dbus-libs-1.10.24-13.el7_6 -------------------------- * Tue Dec 11 2018 David King - 1:1.10.24-13 - Add a symlink for dbus-daemon-launch-helper (#1568856) device-mapper-1.02.149-10.el7_6.3 --------------------------------- * Mon Dec 17 2018 Marian Csontos - 7:2.02.180-10.el7_6.3 - Fix component detection for MD RAID version 1.0 and 0.90. - Use sync io if async io_setup fails, or when use_aio=0 is set in config. - Fix dmstats report printing no output. * Wed Oct 31 2018 Marian Csontos - 7:2.02.180-10.el7_6.2 - Fix possible write beyond metadata area. * Wed Oct 10 2018 Marian Csontos - 7:2.02.180-10.el7_6.1 - Fix clustered mirror repair. device-mapper-event-1.02.149-10.el7_6.3 --------------------------------------- * Mon Dec 17 2018 Marian Csontos - 7:2.02.180-10.el7_6.3 - Fix component detection for MD RAID version 1.0 and 0.90. - Use sync io if async io_setup fails, or when use_aio=0 is set in config. - Fix dmstats report printing no output. * Wed Oct 31 2018 Marian Csontos - 7:2.02.180-10.el7_6.2 - Fix possible write beyond metadata area. * Wed Oct 10 2018 Marian Csontos - 7:2.02.180-10.el7_6.1 - Fix clustered mirror repair. device-mapper-event-libs-1.02.149-10.el7_6.3 -------------------------------------------- * Mon Dec 17 2018 Marian Csontos - 7:2.02.180-10.el7_6.3 - Fix component detection for MD RAID version 1.0 and 0.90. - Use sync io if async io_setup fails, or when use_aio=0 is set in config. - Fix dmstats report printing no output. * Wed Oct 31 2018 Marian Csontos - 7:2.02.180-10.el7_6.2 - Fix possible write beyond metadata area. * Wed Oct 10 2018 Marian Csontos - 7:2.02.180-10.el7_6.1 - Fix clustered mirror repair. device-mapper-libs-1.02.149-10.el7_6.3 -------------------------------------- * Mon Dec 17 2018 Marian Csontos - 7:2.02.180-10.el7_6.3 - Fix component detection for MD RAID version 1.0 and 0.90. - Use sync io if async io_setup fails, or when use_aio=0 is set in config. - Fix dmstats report printing no output. * Wed Oct 31 2018 Marian Csontos - 7:2.02.180-10.el7_6.2 - Fix possible write beyond metadata area. * Wed Oct 10 2018 Marian Csontos - 7:2.02.180-10.el7_6.1 - Fix clustered mirror repair. efivar-libs-36-11.el7_6.1 ------------------------- * Tue Nov 13 2018 Javier Martinez Canillas - 36-11.el7_6.1 - Fix partition number detection when it's not provided (pjones) Resolves: rhbz#1649712 fcoe-utils-1.0.32-2.el7_6 ------------------------- * Fri Jan 25 2019 Chris Leech - 1.0.32-2 - 1656720 fcoemon fix ignored devices from recv buffer resize bug freetype-2.8-12.el7_6.1 ----------------------- * Thu Nov 22 2018 Marek Kasik - 2.8-12.el7_6.1 - Fix definition of constant ft_encoding_gb2312 in freetype.h - Resolves: #1652187 gcc-4.8.5-36.el7_6.2 -------------------- * Wed Feb 13 2019 Marek Polacek 4.8.5-36.2 - allow libitm to use HTM (#1674383) - fix mode mismatch in prepare_cmp_insn (#1676795, PR target/63442) * Wed Jan 16 2019 Jeff Law 4.8.5-36.1 - Avoid code generation bug due to incorrect CFG in the presence of setjmp/longjmp (#1655148). glibc-2.17-260.el7_6.6 ---------------------- * Fri May 03 2019 Florian Weimer - 2.17-260.6 - Backport libio vtable validation improvements (#1705899) * Tue Apr 30 2019 Florian Weimer - 2.17-260.5 - Use versioned Obsoletes: for nss_db (#1704593) * Mon Apr 01 2019 Florian Weimer - 2.17-260.4 - ja_JP: Add new Japanese Era name (#1693152) * Thu Jan 03 2019 Florian Weimer - 2.17-260.3 - elf: Fix data race in _dl_profile_fixup (#1661242) * Thu Dec 20 2018 Florian Weimer - 2.17-260.1 - aarch64: Disable lazy symbol binding of TLSDESC (#1661244) glibc-common-2.17-260.el7_6.6 ----------------------------- * Fri May 03 2019 Florian Weimer - 2.17-260.6 - Backport libio vtable validation improvements (#1705899) * Tue Apr 30 2019 Florian Weimer - 2.17-260.5 - Use versioned Obsoletes: for nss_db (#1704593) * Mon Apr 01 2019 Florian Weimer - 2.17-260.4 - ja_JP: Add new Japanese Era name (#1693152) * Thu Jan 03 2019 Florian Weimer - 2.17-260.3 - elf: Fix data race in _dl_profile_fixup (#1661242) * Thu Dec 20 2018 Florian Weimer - 2.17-260.1 - aarch64: Disable lazy symbol binding of TLSDESC (#1661244) gnutls-3.3.29-9.el7_6 --------------------- * Tue Feb 12 2019 Anderson Sasaki 3.3.29-9 - Make sure the FIPS startup KAT selftest run for ECDSA (#1673919) grub2-2.02-0.76.el7_6.bclinux.1 ------------------------------- grub2-common-2.02-0.76.el7_6.bclinux.1 -------------------------------------- grub2-efi-ia32-2.02-0.76.el7_6.bclinux.1 ---------------------------------------- grub2-efi-x64-2.02-0.76.el7_6.bclinux.1 --------------------------------------- grub2-pc-2.02-0.76.el7_6.bclinux.1 ---------------------------------- grub2-pc-modules-2.02-0.76.el7_6.bclinux.1 ------------------------------------------ grub2-tools-2.02-0.76.el7_6.bclinux.1 ------------------------------------- grub2-tools-extra-2.02-0.76.el7_6.bclinux.1 ------------------------------------------- grub2-tools-minimal-2.02-0.76.el7_6.bclinux.1 --------------------------------------------- ipset-6.38-3.el7_6 ------------------ * Tue Nov 06 2018 Stefano Brivio - 6.38-3 - Fix loading of sets with dependencies on other sets (RHBZ#1646666) ipset-libs-6.38-3.el7_6 ----------------------- * Tue Nov 06 2018 Stefano Brivio - 6.38-3 - Fix loading of sets with dependencies on other sets (RHBZ#1646666) kernel-3.10.0-957.21.3.el7 -------------------------- * Fri Jun 14 2019 Jan Stancek [3.10.0-957.21.3.el7] - [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478} - [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477} - [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477} * Tue May 28 2019 Jan Stancek [3.10.0-957.21.2.el7] - [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633] * Thu May 23 2019 Jan Stancek [3.10.0-957.21.1.el7] - [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Wed May 15 2019 Jan Stancek [3.10.0-957.20.1.el7] - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Fri Apr 26 2019 Jan Stancek [3.10.0-957.19.1.el7] - [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929] - [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348] - [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348] - [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749] - [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405] - [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405] - [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405] - [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236] - [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236] - [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236] - [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307] - [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454] - [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535] - [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466] - [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293] - [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435] - [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523] - [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428] * Tue Apr 23 2019 Jan Stancek [3.10.0-957.18.1.el7] - [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825] * Mon Apr 15 2019 Jan Stancek [3.10.0-957.17.1.el7] - [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906] * Thu Apr 11 2019 Jan Stancek [3.10.0-957.16.1.el7] - [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427] - [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421] - [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049] - [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227] - [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705] - [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887] - [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180] - [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855] - [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292] - [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203] * Thu Mar 28 2019 Jan Stancek [3.10.0-957.15.1.el7] - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780] - [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462] * Tue Mar 26 2019 Jan Stancek [3.10.0-957.14.1.el7] - [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001] - [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001] - [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001] - [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001] kernel-tools-3.10.0-957.21.3.el7 -------------------------------- * Fri Jun 14 2019 Jan Stancek [3.10.0-957.21.3.el7] - [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478} - [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477} - [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477} * Tue May 28 2019 Jan Stancek [3.10.0-957.21.2.el7] - [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633] * Thu May 23 2019 Jan Stancek [3.10.0-957.21.1.el7] - [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Wed May 15 2019 Jan Stancek [3.10.0-957.20.1.el7] - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Fri Apr 26 2019 Jan Stancek [3.10.0-957.19.1.el7] - [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929] - [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348] - [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348] - [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749] - [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405] - [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405] - [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405] - [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236] - [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236] - [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236] - [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307] - [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454] - [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535] - [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466] - [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293] - [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435] - [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523] - [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428] * Tue Apr 23 2019 Jan Stancek [3.10.0-957.18.1.el7] - [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825] * Mon Apr 15 2019 Jan Stancek [3.10.0-957.17.1.el7] - [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906] * Thu Apr 11 2019 Jan Stancek [3.10.0-957.16.1.el7] - [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427] - [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421] - [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049] - [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227] - [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705] - [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887] - [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180] - [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855] - [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292] - [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203] * Thu Mar 28 2019 Jan Stancek [3.10.0-957.15.1.el7] - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780] - [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462] * Tue Mar 26 2019 Jan Stancek [3.10.0-957.14.1.el7] - [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001] - [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001] - [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001] - [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001] kernel-tools-libs-3.10.0-957.21.3.el7 ------------------------------------- * Fri Jun 14 2019 Jan Stancek [3.10.0-957.21.3.el7] - [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478} - [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477} - [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477} * Tue May 28 2019 Jan Stancek [3.10.0-957.21.2.el7] - [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633] * Thu May 23 2019 Jan Stancek [3.10.0-957.21.1.el7] - [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Wed May 15 2019 Jan Stancek [3.10.0-957.20.1.el7] - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Fri Apr 26 2019 Jan Stancek [3.10.0-957.19.1.el7] - [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929] - [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348] - [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348] - [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749] - [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405] - [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405] - [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405] - [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236] - [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236] - [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236] - [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307] - [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454] - [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535] - [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466] - [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293] - [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435] - [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523] - [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428] * Tue Apr 23 2019 Jan Stancek [3.10.0-957.18.1.el7] - [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825] * Mon Apr 15 2019 Jan Stancek [3.10.0-957.17.1.el7] - [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906] * Thu Apr 11 2019 Jan Stancek [3.10.0-957.16.1.el7] - [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427] - [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421] - [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049] - [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227] - [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705] - [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887] - [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180] - [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855] - [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292] - [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203] * Thu Mar 28 2019 Jan Stancek [3.10.0-957.15.1.el7] - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780] - [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462] * Tue Mar 26 2019 Jan Stancek [3.10.0-957.14.1.el7] - [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001] - [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001] - [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001] - [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001] krb5-libs-1.15.1-37.el7_6 ------------------------- * Tue Dec 18 2018 Robbie Harwood - 1.15.1-37 - Bring back builtin crypto (openssl broke too many FIPS setups) - Resolves: #1657890 * Mon Dec 17 2018 Robbie Harwood - 1.15.1-36 - Clean up MEMORY ccache behavior to match upstream more closely - Resolves: #1657890 * Tue Dec 11 2018 Robbie Harwood - 1.15.1-35 - Fix bugs with concurrent use of MEMORY ccaches - Resolves: #1657890 libblkid-2.23.2-59.el7_6.1 -------------------------- * Thu Jan 31 2019 Karel Zak 2.23.2-59.el7_6.1 - fix #1664752 - Bull (Atos) server lands up in invalid stty settings on the serial console after boot preventing login libgcc-4.8.5-36.el7_6.2 ----------------------- * Wed Feb 13 2019 Marek Polacek 4.8.5-36.2 - allow libitm to use HTM (#1674383) - fix mode mismatch in prepare_cmp_insn (#1676795, PR target/63442) * Wed Jan 16 2019 Jeff Law 4.8.5-36.1 - Avoid code generation bug due to incorrect CFG in the presence of setjmp/longjmp (#1655148). libgomp-4.8.5-36.el7_6.2 ------------------------ * Wed Feb 13 2019 Marek Polacek 4.8.5-36.2 - allow libitm to use HTM (#1674383) - fix mode mismatch in prepare_cmp_insn (#1676795, PR target/63442) * Wed Jan 16 2019 Jeff Law 4.8.5-36.1 - Avoid code generation bug due to incorrect CFG in the presence of setjmp/longjmp (#1655148). libgudev1-219-62.el7_6.7 ------------------------ * Wed Apr 24 2019 Lukas Nykryn - 219-62.7 - rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1701230) * Thu Mar 21 2019 Lukas Nykryn - 219-62.6 - Revert "bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks" (#1643172) * Thu Feb 14 2019 Lukas Nykryn - 219-62.5 - sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871) * Thu Feb 07 2019 Lukas Nykryn - 219-62.4 - Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667870) - Allocate temporary strings to hold dbus paths on the heap (#1667870) * Wed Jan 16 2019 Lukas Nykryn - 219-62.3 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 07 2019 Lukas Nykryn - 219-62.2 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Mon Nov 26 2018 Lukas Nykryn - 219-62.1 - dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688) libmount-2.23.2-59.el7_6.1 -------------------------- * Thu Jan 31 2019 Karel Zak 2.23.2-59.el7_6.1 - fix #1664752 - Bull (Atos) server lands up in invalid stty settings on the serial console after boot preventing login libreswan-3.25-4.8.el7_6 ------------------------ * Thu May 09 2019 Paul Wouters - 3.25-4.8 - Resolves: rhbz#1708060 IKEv1 traffic interruption when responder deletes SAs 60 seconds before EVENT_SA_REPLACE [rhel-7.6.z] * Thu May 02 2019 Paul Wouters - 3.25-4.7 - Resolves: rhbz#1683577 Opportunistic IPsec instances of /32 groups or auto=start [updated for eclipsed handling] * Thu Apr 11 2019 Paul Wouters - 3.25-4.6 - Resolves: rhbz#1680483 libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure [rhel-7.6.z] [updated] * Sun Mar 31 2019 Paul Wouters - 3.25-4.5 - Resolves: rhbz#1683577 Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart [rhel-7.6.z] [updated] * Tue Feb 26 2019 Paul Wouters - 3.25-4.4 - Resolves: rhbz#1683577 Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart [rhel-7.6.z] * Mon Feb 25 2019 Paul Wouters - 3.25-4.3 - Resolves: rhbz#1680483 libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure [rhel-7.6.z] * Fri Feb 15 2019 Paul Wouters - 3.25-4.2 - Resolves: rhbz#1672921 - Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N [updated bugfix] * Fri Jan 11 2019 Paul Wouters - 3.25-4.1 - Resolves: rhbz#1665369 libreswan 3.25 in FIPS mode is incorrectly rejecting X.509 public keys that are >= 3072 bits [rhel-7.6.z] * Tue Jan 08 2019 Paul Wouters - 3.25-4 - Resolves: rhbz#1660536 libreswan assertion failed when OAKLEY_KEY_LENGTH is zero for IKE using AES_CBC - Resolves: rhbz#1660544 config: recursive include check doesn't work - Resolves: rhbz#1660542 Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N - Resolves: rhbz#1664244 [abrt] [faf] libreswan: strncpy(): /usr/libexec/ipsec/pluto killed by 11 * Mon Dec 03 2018 Paul Wouters - 3.25-3 - Resolves: rhbz#1655440 Unable to verify certificate with non-empty Extended Key Usage which does not include serverAuth or clientAuth libsmartcols-2.23.2-59.el7_6.1 ------------------------------ * Thu Jan 31 2019 Karel Zak 2.23.2-59.el7_6.1 - fix #1664752 - Bull (Atos) server lands up in invalid stty settings on the serial console after boot preventing login libssh2-1.4.3-12.el7_6.2 ------------------------ * Wed Mar 20 2019 Kamil Dudka 1.4.3-12.el7_6.2 - sanitize public header file (detected by rpmdiff) * Tue Mar 19 2019 Kamil Dudka 1.4.3-12.el7_6.1 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) libstdc++-4.8.5-36.el7_6.2 -------------------------- * Wed Feb 13 2019 Marek Polacek 4.8.5-36.2 - allow libitm to use HTM (#1674383) - fix mode mismatch in prepare_cmp_insn (#1676795, PR target/63442) * Wed Jan 16 2019 Jeff Law 4.8.5-36.1 - Avoid code generation bug due to incorrect CFG in the presence of setjmp/longjmp (#1655148). libteam-1.27-6.el7_6.1 ---------------------- * Thu Mar 14 2019 Xin Long - 1.27-6.el7_6.1 - Added patch to update port state according to partner's sync bit [1689254] * Fri Aug 17 2018 Xin Long - 1.27-6 - Added patch to fix the issue that no active port is set [1593241] libuuid-2.23.2-59.el7_6.1 ------------------------- * Thu Jan 31 2019 Karel Zak 2.23.2-59.el7_6.1 - fix #1664752 - Bull (Atos) server lands up in invalid stty settings on the serial console after boot preventing login lvm2-2.02.180-10.el7_6.3 ------------------------ * Mon Dec 17 2018 Marian Csontos - 7:2.02.180-10.el7_6.3 - Fix component detection for MD RAID version 1.0 and 0.90. - Use sync io if async io_setup fails, or when use_aio=0 is set in config. - Fix dmstats report printing no output. * Wed Oct 31 2018 Marian Csontos - 7:2.02.180-10.el7_6.2 - Fix possible write beyond metadata area. * Wed Oct 10 2018 Marian Csontos - 7:2.02.180-10.el7_6.1 - Fix clustered mirror repair. lvm2-libs-2.02.180-10.el7_6.3 ----------------------------- * Mon Dec 17 2018 Marian Csontos - 7:2.02.180-10.el7_6.3 - Fix component detection for MD RAID version 1.0 and 0.90. - Use sync io if async io_setup fails, or when use_aio=0 is set in config. - Fix dmstats report printing no output. * Wed Oct 31 2018 Marian Csontos - 7:2.02.180-10.el7_6.2 - Fix possible write beyond metadata area. * Wed Oct 10 2018 Marian Csontos - 7:2.02.180-10.el7_6.1 - Fix clustered mirror repair. mesa-libEGL-18.0.5-4.el7_6 -------------------------- * Sat Dec 15 2018 Dave Airlie - 18.0.5-4 - disable shm put/get for now it caused regressions mesa-libGL-18.0.5-4.el7_6 ------------------------- * Sat Dec 15 2018 Dave Airlie - 18.0.5-4 - disable shm put/get for now it caused regressions mesa-libgbm-18.0.5-4.el7_6 -------------------------- * Sat Dec 15 2018 Dave Airlie - 18.0.5-4 - disable shm put/get for now it caused regressions mesa-libglapi-18.0.5-4.el7_6 ---------------------------- * Sat Dec 15 2018 Dave Airlie - 18.0.5-4 - disable shm put/get for now it caused regressions microcode_ctl-2.1-47.5.el7_6 ---------------------------- * Wed Jun 19 2019 Eugene Syromiatnikov - 2:2.1-47.5 - Intel CPU microcode update to 20190618. - Resolves: #1722575. * Sun Jun 02 2019 Eugene Syromiatnikov - 2:2.1-47.4 - Remove disclaimer, as it is not as important now to justify kmsg/log pollution; its contents are partially adopted in README.caveats. * Wed May 29 2019 Eugene Syromiatnikov - 2:2.1-47.3 - Intel CPU microcode update to 20190514a. - Resolves: #1714958. * Fri May 10 2019 Eugene Syromiatnikov - 2:2.1-47.2 - Intel CPU microcode update to 20190507_Public_DEMO. - Resolves: #1704374. * Fri May 10 2019 Eugene Syromiatnikov - 2:2.1-47.1 - Intel CPU microcode update to 20190312. - Add "Provides:" tags generation. - Fix %postun script. - Resolves: #1704374. mokutil-15-2.el7_6.bclinux -------------------------- * Fri Feb 22 2019 Fabian Arrotin -15-2.el7.centos - Rebuilt with a patch for non SB machines (Fixes #15522) nss-3.36.0-7.1.el7_6 -------------------- * Mon Nov 12 2018 Bob Relyea - 3.36.0-7.1 - Update the cert verify code to allow a new ipsec usage and follow RFC 4945 nss-pem-1.0.3-5.el7_6.1 ----------------------- * Mon Jan 14 2019 Kamil Dudka 1.0.3-5.el7_6.1 - fix performance regression in libcurl (#1659108) nss-sysinit-3.36.0-7.1.el7_6 ---------------------------- * Mon Nov 12 2018 Bob Relyea - 3.36.0-7.1 - Update the cert verify code to allow a new ipsec usage and follow RFC 4945 nss-tools-3.36.0-7.1.el7_6 -------------------------- * Mon Nov 12 2018 Bob Relyea - 3.36.0-7.1 - Update the cert verify code to allow a new ipsec usage and follow RFC 4945 nss-util-3.36.0-1.1.el7_6 ------------------------- * Mon Nov 12 2018 Bob Relyea - 3.36.0-1.1 - Update the cert verify code to allow a new ipsec usage and follow RFC 4945 openldap-2.4.44-21.el7_6 ------------------------ * Tue Dec 18 2018 Matus Honek - 2.4.44-21 - MozNSS Compat. Layer: Protect /tmp/openldap-tlsmc-* files (#1590184) openssl-1.0.2k-16.2.el7.bclinux ------------------------------- * Wed May 08 2019 guzhifeng 1.0.2k-16.2 - Add China cryptographic algorithm SM2 SM3 SMS4 - Fix wget some websites meet decode error. openssl-libs-1.0.2k-16.2.el7.bclinux ------------------------------------ * Wed May 08 2019 guzhifeng 1.0.2k-16.2 - Add China cryptographic algorithm SM2 SM3 SMS4 - Fix wget some websites meet decode error. perl-5.16.3-294.el7_6 --------------------- * Mon Jan 07 2019 Jitka Plesnikova - 4:5.16.3-294 - Fix CVE-2018-18311 Integer overflow leading to buffer overflow (bug #1661064) perl-Pod-Escapes-1.04-294.el7_6 ------------------------------- * Mon Jan 07 2019 Jitka Plesnikova - 4:5.16.3-294 - Fix CVE-2018-18311 Integer overflow leading to buffer overflow (bug #1661064) perl-libs-5.16.3-294.el7_6 -------------------------- * Mon Jan 07 2019 Jitka Plesnikova - 4:5.16.3-294 - Fix CVE-2018-18311 Integer overflow leading to buffer overflow (bug #1661064) perl-macros-5.16.3-294.el7_6 ---------------------------- * Mon Jan 07 2019 Jitka Plesnikova - 4:5.16.3-294 - Fix CVE-2018-18311 Integer overflow leading to buffer overflow (bug #1661064) policycoreutils-2.5-29.el7_6.1 ------------------------------ * Wed Jan 16 2019 Vit Mojzis - 2.5-29.1 - scripts/fixfiles: Do not fail on file_contexts.local (#1665813) polkit-0.112-18.el7_6.1 ----------------------- * Tue Jan 22 2019 Jan Rybar - 0.112-18.el7_6.1 - Fix of CVE-2019-6133, PID reuse via slow fork - Resolves: rhbz#1667311 python-2.7.5-80.el7_6 --------------------- * Tue Jun 11 2019 Charalampos Stratakis - 2.7.5-80 - Security fix for CVE-2019-10160 Resolves: rhbz#1718401 * Mon May 20 2019 Charalampos Stratakis - 2.7.5-79 - Updated fix for CVE-2019-9636 Resolves: rhbz#1711166 * Thu May 09 2019 Charalampos Stratakis - 2.7.5-78 - Remove unversioned obsoletes Resolves: rhbz#1708674 * Tue Mar 26 2019 Charalampos Stratakis - 2.7.5-77 - Security fix for CVE-2019-9636 Resolves: rhbz#1689316 python-libs-2.7.5-80.el7_6 -------------------------- * Tue Jun 11 2019 Charalampos Stratakis - 2.7.5-80 - Security fix for CVE-2019-10160 Resolves: rhbz#1718401 * Mon May 20 2019 Charalampos Stratakis - 2.7.5-79 - Updated fix for CVE-2019-9636 Resolves: rhbz#1711166 * Thu May 09 2019 Charalampos Stratakis - 2.7.5-78 - Remove unversioned obsoletes Resolves: rhbz#1708674 * Tue Mar 26 2019 Charalampos Stratakis - 2.7.5-77 - Security fix for CVE-2019-9636 Resolves: rhbz#1689316 python-paramiko-2.1.1-9.el7 --------------------------- * Thu Oct 18 2018 Jake Hunsaker - 2.1.1-9 - Fix a security flaw (CVE-2018-1000805) in Paramiko's server mode (does not effect client mode). Backported from 2.1.6 Resolves rhbz#1637366 python-perf-3.10.0-957.21.3.el7 ------------------------------- * Fri Jun 14 2019 Jan Stancek [3.10.0-957.21.3.el7] - [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479} - [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478} - [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477} - [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477} * Tue May 28 2019 Jan Stancek [3.10.0-957.21.2.el7] - [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633] * Thu May 23 2019 Jan Stancek [3.10.0-957.21.1.el7] - [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Wed May 15 2019 Jan Stancek [3.10.0-957.20.1.el7] - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091} - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091} * Fri Apr 26 2019 Jan Stancek [3.10.0-957.19.1.el7] - [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929] - [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348] - [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348] - [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749] - [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405] - [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405] - [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405] - [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236] - [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236] - [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236] - [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307] - [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454] - [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535] - [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466] - [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149] - [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293] - [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435] - [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435] - [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435] - [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523] - [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428] * Tue Apr 23 2019 Jan Stancek [3.10.0-957.18.1.el7] - [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825] * Mon Apr 15 2019 Jan Stancek [3.10.0-957.17.1.el7] - [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906] * Thu Apr 11 2019 Jan Stancek [3.10.0-957.16.1.el7] - [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427] - [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427] - [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421] - [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049] - [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227] - [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705] - [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887] - [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180] - [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855] - [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292] - [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203] * Thu Mar 28 2019 Jan Stancek [3.10.0-957.15.1.el7] - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780] - [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462] * Tue Mar 26 2019 Jan Stancek [3.10.0-957.14.1.el7] - [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001] - [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001] - [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001] - [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001] - [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001] - [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001] selinux-policy-3.13.1-229.el7_6.9 --------------------------------- * Thu Jan 17 2019 Lukas Vrabec - 3.13.1-229.9 - Allow gssd_t domain to manage kernel keyrings of every domain. Resolves: rhbz#1665815 - Add new interface domain_manage_all_domains_keyrings() Resolves: rhbz#1665815 * Mon Jan 14 2019 Lukas Vrabec - 3.13.1-229.8 - Add interface domain_rw_all_domains_keyrings() Resolves: rhbz#1665815 - Allow gssd_t domain to read/write kernel keyrings of every domain. Resolves: rhbz#1665815 * Thu Dec 20 2018 Lukas Vrabec - 3.13.1-229.7 - Update snapperd policy to allow snapperd manage all non security dirs. Resolves: rhbz#1661158 * Fri Nov 02 2018 Lukas Vrabec - 3.13.1-229.6 - Allow nova_t domain to use pam Resolves: rhbz:#1645270 - sysstat: grant sysstat_t the search_dir_perms set Resolves: rhbz#1645271 * Fri Oct 12 2018 Lukas Vrabec - 3.13.1-229.5 - Remove disabling ganesha module in pre install phase of installation new selinux-policy package where ganesha is again standalone module Resolves: rhbz#1638257 * Thu Oct 11 2018 Lukas Vrabec - 3.13.1-229.4 - Allow staff_t userdomain and confined_admindomain attribute to allow use generic ptys because of new sudo feature 'io logging' Resolves: rhbz#1638427 * Thu Oct 11 2018 Lukas Vrabec - 3.13.1-229.3 - Run ganesha as ganesha_t domain again, revert changes where ganesha is running as nfsd_t Resolves: rhbz#1638257 * Wed Oct 10 2018 Lukas Vrabec - 3.13.1-229.2 - Fix missing patch in spec file Resolves: rhbz#1635704 * Fri Oct 05 2018 Lukas Vrabec - 3.13.1-229.1 - Allow cinder_volume_t domain to dbus chat with systemd_logind_t domain Resolves: rhbz#1635704 selinux-policy-targeted-3.13.1-229.el7_6.9 ------------------------------------------ * Thu Jan 17 2019 Lukas Vrabec - 3.13.1-229.9 - Allow gssd_t domain to manage kernel keyrings of every domain. Resolves: rhbz#1665815 - Add new interface domain_manage_all_domains_keyrings() Resolves: rhbz#1665815 * Mon Jan 14 2019 Lukas Vrabec - 3.13.1-229.8 - Add interface domain_rw_all_domains_keyrings() Resolves: rhbz#1665815 - Allow gssd_t domain to read/write kernel keyrings of every domain. Resolves: rhbz#1665815 * Thu Dec 20 2018 Lukas Vrabec - 3.13.1-229.7 - Update snapperd policy to allow snapperd manage all non security dirs. Resolves: rhbz#1661158 * Fri Nov 02 2018 Lukas Vrabec - 3.13.1-229.6 - Allow nova_t domain to use pam Resolves: rhbz:#1645270 - sysstat: grant sysstat_t the search_dir_perms set Resolves: rhbz#1645271 * Fri Oct 12 2018 Lukas Vrabec - 3.13.1-229.5 - Remove disabling ganesha module in pre install phase of installation new selinux-policy package where ganesha is again standalone module Resolves: rhbz#1638257 * Thu Oct 11 2018 Lukas Vrabec - 3.13.1-229.4 - Allow staff_t userdomain and confined_admindomain attribute to allow use generic ptys because of new sudo feature 'io logging' Resolves: rhbz#1638427 * Thu Oct 11 2018 Lukas Vrabec - 3.13.1-229.3 - Run ganesha as ganesha_t domain again, revert changes where ganesha is running as nfsd_t Resolves: rhbz#1638257 * Wed Oct 10 2018 Lukas Vrabec - 3.13.1-229.2 - Fix missing patch in spec file Resolves: rhbz#1635704 * Fri Oct 05 2018 Lukas Vrabec - 3.13.1-229.1 - Allow cinder_volume_t domain to dbus chat with systemd_logind_t domain Resolves: rhbz#1635704 shadow-utils-4.1.5.1-25.el7_6.1 ------------------------------- * Fri Feb 01 2019 Tomáš Mráz - 2:4.1.5.1-25.1 - re-allow all numeric usernames when SHADOW_ALLOW_ALL_NUMERIC_USER environment variable is set (#1651450) shim-x64-15-2.el7_6.bclinux --------------------------- * Fri Feb 22 2019 Fabian Arrotin -15-2.el7.centos - Rebuilt with a patch for non SB machines (Fixes #15522) sos-3.6-16.el7_6.bclinux ------------------------ * Thu Apr 18 2019 Liu Jing - Roll in BC-Linux Branding - add collection of license information systemd-219-62.el7_6.7 ---------------------- * Wed Apr 24 2019 Lukas Nykryn - 219-62.7 - rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1701230) * Thu Mar 21 2019 Lukas Nykryn - 219-62.6 - Revert "bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks" (#1643172) * Thu Feb 14 2019 Lukas Nykryn - 219-62.5 - sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871) * Thu Feb 07 2019 Lukas Nykryn - 219-62.4 - Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667870) - Allocate temporary strings to hold dbus paths on the heap (#1667870) * Wed Jan 16 2019 Lukas Nykryn - 219-62.3 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 07 2019 Lukas Nykryn - 219-62.2 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Mon Nov 26 2018 Lukas Nykryn - 219-62.1 - dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688) systemd-libs-219-62.el7_6.7 --------------------------- * Wed Apr 24 2019 Lukas Nykryn - 219-62.7 - rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1701230) * Thu Mar 21 2019 Lukas Nykryn - 219-62.6 - Revert "bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks" (#1643172) * Thu Feb 14 2019 Lukas Nykryn - 219-62.5 - sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871) * Thu Feb 07 2019 Lukas Nykryn - 219-62.4 - Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667870) - Allocate temporary strings to hold dbus paths on the heap (#1667870) * Wed Jan 16 2019 Lukas Nykryn - 219-62.3 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 07 2019 Lukas Nykryn - 219-62.2 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Mon Nov 26 2018 Lukas Nykryn - 219-62.1 - dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688) systemd-sysv-219-62.el7_6.7 --------------------------- * Wed Apr 24 2019 Lukas Nykryn - 219-62.7 - rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1701230) * Thu Mar 21 2019 Lukas Nykryn - 219-62.6 - Revert "bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks" (#1643172) * Thu Feb 14 2019 Lukas Nykryn - 219-62.5 - sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871) * Thu Feb 07 2019 Lukas Nykryn - 219-62.4 - Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667870) - Allocate temporary strings to hold dbus paths on the heap (#1667870) * Wed Jan 16 2019 Lukas Nykryn - 219-62.3 - journald: free cmdline buffers owned by iovec (#1666646) * Mon Jan 07 2019 Lukas Nykryn - 219-62.2 - journald: do not store the iovec entry for process commandline on stack (#1657788) - journald: set a limit on the number of fields (1k) (#1657792) - journal-remote: set a limit on the number of fields in a message (#1657792) * Mon Nov 26 2018 Lukas Nykryn - 219-62.1 - dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688) teamd-1.27-6.el7_6.1 -------------------- * Thu Mar 14 2019 Xin Long - 1.27-6.el7_6.1 - Added patch to update port state according to partner's sync bit [1689254] * Fri Aug 17 2018 Xin Long - 1.27-6 - Added patch to fix the issue that no active port is set [1593241] tuned-2.10.0-6.el7_6.3 ---------------------- * Tue Nov 27 2018 Jaroslav Škarvada - 2.10.0-6.3 - Reworked setup_kvm_mod_low_latency to count with kernel changes Resolves: rhbz#1653767 * Tue Nov 27 2018 Jaroslav Škarvada - 2.10.0-6.2 - Updated disable-ksm-once patch Related: rhbz#1652822 * Fri Nov 23 2018 Jaroslav Škarvada - 2.10.0-6.1 - Disable ksm once, re-enable it on full rollback Resolves: rhbz#1652822 tzdata-2019a-1.el7 ------------------ * Tue Mar 26 2019 Patsy Griffin Franklin - 2019a-1 - Rebase to tzdata-2019a - Palestine will start DST on 2019-03-30, rather than 2019-03-23 as previously predicted. - Metlakatla rejoined Alaska time on 2019-01-20, ending its observances of Pacific standard time. * Wed Jan 02 2019 Patsy Griffin Franklin - 2018i-1 - Rebase to tzdata-2018i (includes changes from tzdata-2018h) - São Tomé and Príncipe changed from UTC+01 to UTC+00 on 2019-01-01. - Qyzylorda, Kazakhstan changed from UTC+06 to UTC+05 on 2018-12-21. - Created a new zone Asia/Qostanay since Qostanay, Kazakhstan didn't transition with the Qyzylorda change. - Metlakatla, Alaska will observe PST for this winter only. - Predict that Morocco will continue to adjust clocks around Ramadan. - Also include predictions for Iran from 2038 through 2090. * Mon Oct 29 2018 Patsy Griffin Franklin - 2018g-1 - Rebase to tzdata-2018g - Morocco will remain at UTC+1 rather than switching back to UTC+0 as planned. This change is effective Octobober 28, 2018. * Thu Oct 18 2018 Patsy Griffin Franklin - 2018f-1 - Europe/Volgograd will change from UTC+3 to UTC+4 on October 28,2018. - Add patch to remove use of 25:00. - Drop previous change to DST in Brazil. The government rescinded the change. * Thu Oct 11 2018 Patsy Griffin Franklin - 2018e-4 - Brazil moved the start of DST from the first Sunday in November to the third Sunday in November. util-linux-2.23.2-59.el7_6.1 ---------------------------- * Thu Jan 31 2019 Karel Zak 2.23.2-59.el7_6.1 - fix #1664752 - Bull (Atos) server lands up in invalid stty settings on the serial console after boot preventing login xfsprogs-4.5.0-19.el7_6 ----------------------- * Mon Feb 11 2019 Eric Sandeen 4.5.0-19 - xfs_copy: accept CRC version of ABTB_MAGIC in ASSERT (#1641023)