-
Tue Sep 08 2020 Kevin Lyons <kevin.x.lyons@oracle.com> [4.18.0-193.19.1.el8_2.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7
-
Wed Aug 26 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.19.1.el8_2]
- [net] tcp: add sanity tests in tcp_add_backlog() (Guillaume Nault) [1861378 1790843]
- [net] tcp: implement coalescing on backlog queue (Guillaume Nault) [1861378 1790843]
- [include] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1861378 1790843]
- [net] tcp: take care of compressed acks in tcp_add_reno_sack() (Guillaume Nault) [1861378 1790843]
- [include] tcp: hint compiler about sack flows (Guillaume Nault) [1861378 1790843]
- [net] tcp: drop dst in tcp_add_backlog() (Guillaume Nault) [1861378 1790843]
-
Wed Aug 19 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.18.1.el8_2]
- [security] selinux: allow reading labels before policy is loaded (Ondrej Mosnacek) [1861721 1839819]
- [security] selinux: allow labeling before policy is loaded (Ondrej Mosnacek) [1861722 1777525]
- [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Baoquan He) [1854207 1838809]
-
Wed Aug 12 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.17.1.el8_2]
- [net] netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag (Phil Sutter) [1854531 1847553]
- [net] netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type (Phil Sutter) [1854531 1847553]
- [s390] s390: prevent leaking kernel address in BEAR (Claudio Imbrenda) [1854986 1850907]
- [s390] scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (Philipp Rudo) [1861355 1857312]
-
Wed Aug 05 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.16.1.el8_2]
- [infiniband] IB/rdmavt: Free kernel completion queue when done (Gopal Tiwari) [1857757 1805036]
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}
- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}
- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}
-
Wed Jul 29 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.15.1.el8_2]
- [wireless] iwlwifi: pcie: handle QuZ configs with killer NICs as well (Jarod Wilson) [1857773 1844129]
- [wireless] iwlwifi: pcie: move power gating workaround earlier in the flow (Jarod Wilson) [1857773 1844129]
- [nvme] nvme: fix possible deadlock when nvme_update_formats fails (Gopal Tiwari) [1857115 1781927]
- [iommu] iommu: move flags field before ids in iommu_fwspec (Jerry Snitselaar) [1856966 1833512]
- [x86] kvm: x86: only do L1TF workaround on affected processors (Vitaly Kuznetsov) [1857796 1800673]
- [x86] kvm: x86: create mmu/ subdirectory (Vitaly Kuznetsov) [1857796 1800673]
- [kvm] KVM: SVM: Override default MMIO mask if memory encryption is enabled (Wei Huang) [1857796 1800673]
-
Mon Jul 13 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.14.1.el8_2]
- [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975]
- [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975]
- [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975]
- [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975]
- [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975]
- [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975]
- [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775]
- [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980]
-
Tue Jul 07 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.13.1.el8_2]
- [x86] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (Lenny Szubowicz) [1846180 1824005]
-
Thu Jul 02 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.12.1.el8_2]
- [net] openvswitch: simplify the ovs_dp_cmd_new (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: fix possible memleak on destroy flow-table (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: add likely in flow_lookup (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: simplify the flow_hash (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: optimize flow-mask looking up (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: optimize flow mask cache hash collision (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: shrink the mask array if necessary (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: convert mask list in mask array (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: add flow-mask cache for performance (Eelco Chaudron) [1851235 1819202]
- [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_compat: use .release_ops and remove list of extension (Phil Sutter) [1845164 1757933]
- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [pci] PCI: pciehp: Fix MSI interrupt race (Myron Stowe) [1852045 1779610]
- [kernel] smp: Allow smp_call_function_single_async() to insert locked csd (Peter Xu) [1851406 1830014]
- [x86] kvm: Clean up host's steal time structure (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [x86] kvm: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [virt] x86/kvm: Cache gfn to pfn translation (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [virt] x86/kvm: Introduce kvm_(un)map_gfn() (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
-
Fri Jun 26 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.11.1.el8_2]
- [net] netfilter: conntrack: fix infinite loop on rmmod (Florian Westphal) [1851005 1832381]
- [net] netfilter: conntrack: allow insertion of clashing entries (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: split resolve_clash function (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: place confirm-bit setting in a helper (Florian Westphal) [1851003 1821404]
- [net] netfilter: never get/set skb->tstamp (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: remove two args from resolve_clash (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: tell compiler to not inline nf_ct_resolve_clash (Florian Westphal) [1851003 1821404]
- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843440 1843441] {CVE-2020-10757}
- [x86] x86/vector: Remove warning on managed interrupt migration (Peter Xu) [1848545 1812331]
- [s390] s390/cio: fix virtio-ccw DMA without PV (Philipp Rudo) [1842620 1814787]