commit 5b3d0ced9505101bb6a7c1f0eb4978d8f7e9d005

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=809
2018-01-25 13:33:20 +00:00 · 2018-01-25 13:33:20 +00:00 · 531dbf4264
commit 531dbf4264
parent 76c41d6be9
35 changed files with 960 additions and 35 deletions
--- a/dtb-aarch64.changes
+++ b/dtb-aarch64.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/dtb-aarch64.spec
+++ b/dtb-aarch64.spec
@ -31,7 +31,7 @@
 Name:           dtb-aarch64
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/dtb-armv6l.changes
+++ b/dtb-armv6l.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/dtb-armv6l.spec
+++ b/dtb-armv6l.spec
@ -31,7 +31,7 @@
 Name:           dtb-armv6l
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/dtb-armv7l.changes
+++ b/dtb-armv7l.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/dtb-armv7l.spec
+++ b/dtb-armv7l.spec
@ -31,7 +31,7 @@
 Name:           dtb-armv7l
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-64kb.changes
+++ b/kernel-64kb.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-64kb.spec
+++ b/kernel-64kb.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-debug.changes
+++ b/kernel-debug.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-debug.spec
+++ b/kernel-debug.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-default.changes
+++ b/kernel-default.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-default.spec
+++ b/kernel-default.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-docs.changes
+++ b/kernel-docs.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-docs.spec
+++ b/kernel-docs.spec
@ -33,7 +33,7 @@ License:        GPL-2.0
 Group:          Documentation/Man
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-lpae.changes
+++ b/kernel-lpae.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-lpae.spec
+++ b/kernel-lpae.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-obs-build.changes
+++ b/kernel-obs-build.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-obs-build.spec
+++ b/kernel-obs-build.spec
@ -59,7 +59,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-obs-qa.changes
+++ b/kernel-obs-qa.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-obs-qa.spec
+++ b/kernel-obs-qa.spec
@ -38,7 +38,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-pae.changes
+++ b/kernel-pae.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-pae.spec
+++ b/kernel-pae.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-source.changes
+++ b/kernel-source.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-source.spec
+++ b/kernel-source.spec
@ -32,7 +32,7 @@ License:        GPL-2.0
 Group:          Development/Sources
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-syms.changes
+++ b/kernel-syms.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-syms.spec
+++ b/kernel-syms.spec
@ -27,7 +27,7 @@ Group:          Development/Sources
 Version:        4.14.15
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-syzkaller.changes
+++ b/kernel-syzkaller.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-syzkaller.spec
+++ b/kernel-syzkaller.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-vanilla.changes
+++ b/kernel-vanilla.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-vanilla.spec
+++ b/kernel-vanilla.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/kernel-zfcpdump.changes
+++ b/kernel-zfcpdump.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
+
+- Revert "futex: Prevent overflow by strengthen input validation"
+  (4.14.15-fix).
+- commit 5b3d0ce
+
+-------------------------------------------------------------------
+Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace intel's shit by the potential upstream solution for spectre_v1.
+- commit 6fdb1df
+
 -------------------------------------------------------------------
 Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

--- a/kernel-zfcpdump.spec
+++ b/kernel-zfcpdump.spec
@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.14.15
 %if 0%{?is_kotd}
-Release:        <RELEASE>.gfe1d712
+Release:        <RELEASE>.g5b3d0ce
 %else
 Release:        0
 %endif
--- a/patches.suse.tar.bz2
+++ b/patches.suse.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:65b98557c5d0d5fe0fdffb7227ac7f2eb54ebb1741b6f92fabb263643dff68e7
-size 76404
+oid sha256:e0b5ad2fae65d89cb16c16d9608c326740a587d19cbceaa5b0ef1cede8cd49ab
+size 80168
--- a/series.conf
+++ b/series.conf
@ -1535,24 +1535,21 @@
 	########################################################
 	# Scheduler / Core
 	########################################################
+	patches.suse/revert-futex-Prevent-overflow-by-strengthen-input-va.patch
+
 	patches.suse/setuid-dumpable-wrongdir
 	patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch

-
-	patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch
-	patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch
-	patches.suse/0006-uvcvideo-prevent-speculative-execution.patch
-	patches.suse/0007-carl9170-prevent-speculative-execution.patch
-	patches.suse/0008-p54-prevent-speculative-execution.patch
-	patches.suse/0009-qla2xxx-prevent-speculative-execution.patch
-	patches.suse/0010-cw1200-prevent-speculative-execution.patch
-	patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch
-	patches.suse/0012-ipv4-prevent-speculative-execution.patch
-	patches.suse/0013-ipv6-prevent-speculative-execution.patch
-	patches.suse/0014-fs-prevent-speculative-execution.patch
-	patches.suse/0015-net-mpls-prevent-speculative-execution.patch
-	patches.suse/0016-udf-prevent-speculative-execution.patch
-	patches.suse/0017-userns-prevent-speculative-execution.patch
+	patches.suse/0001-Documentation-document-array_ptr.patch
+	patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch
+	patches.suse/0003-x86-implement-array_ptr_mask.patch
+	patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch
+	patches.suse/0005-x86-__get_user-use-__uaccess_begin_nospec.patch
+	patches.suse/0006-x86-get_user-use-pointer-masking-to-limit-speculatio.patch
+	patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch
+	patches.suse/0008-vfs-fdtable-prevent-bounds-check-bypass-via-speculat.patch
+	patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch
+	patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch

 	patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch
 	patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-2018-01-23 21:12:07 +0100
-GIT Revision: fe1d712f2b5ce144d972874454b0a7a144aaec15
+2018-01-25 14:26:16 +0100
+GIT Revision: 5b3d0ced9505101bb6a7c1f0eb4978d8f7e9d005
 GIT Branch: stable