commit ac017470b9f9e7c85b28bb48f40b3116c8fe68c7

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=814

config.sh

@@ -1,5 +1,5 @@
 # The version of the main tarball to use
-SRCVERSION=4.14
+SRCVERSION=4.15
 # variant of the kernel-source package, either empty or "-rt"
 VARIANT=
 # buildservice projects to build the kernel against

config.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f8ab736c4c6563827d0a5a1a30443f9754c89668a6e025cb731cda96eefcd969
-size 175599
+oid sha256:9e9aa1e55c4fe952603aa612cefc47354df633c6e1752934292b61920b65647f
+size 176920

dtb-aarch64.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

dtb-aarch64.spec

@@ -16,8 +16,8 @@
 #
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb})
 
 Name:           dtb-aarch64
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -362,6 +362,7 @@ cd pp
 for dts in al/*.dts allwinner/*.dts altera/*.dts amd/*.dts amlogic/*.dts apm/*.dts arm/*.dts broadcom/*.dts cavium/*.dts exynos/*.dts freescale/*.dts hisilicon/*.dts lg/*.dts marvell/*.dts mediatek/*.dts nvidia/*.dts qcom/*.dts renesas/*.dts rockchip/*.dts socionext/*.dts sprd/*.dts xilinx/*.dts zte/*.dts ; do
     target=${dts%*.dts}
     install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
+    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
     install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
     # HACK: work around U-Boot ignoring vendor dir
@@ -540,7 +541,6 @@ cd /boot
 %files -n dtb-al
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/al
@@ -552,7 +552,6 @@ cd /boot
 %files -n dtb-allwinner
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/allwinner
@@ -564,7 +563,6 @@ cd /boot
 %files -n dtb-altera
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/altera
@@ -576,7 +574,6 @@ cd /boot
 %files -n dtb-amd
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/amd
@@ -588,7 +585,6 @@ cd /boot
 %files -n dtb-amlogic
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/amlogic
@@ -600,7 +596,6 @@ cd /boot
 %files -n dtb-apm
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/apm
@@ -612,7 +607,6 @@ cd /boot
 %files -n dtb-arm
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/arm
@@ -624,7 +618,6 @@ cd /boot
 %files -n dtb-broadcom
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/broadcom
@@ -636,7 +629,6 @@ cd /boot
 %files -n dtb-cavium
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/cavium
@@ -648,7 +640,6 @@ cd /boot
 %files -n dtb-exynos
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/exynos
@@ -660,7 +651,6 @@ cd /boot
 %files -n dtb-freescale
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/freescale
@@ -672,7 +662,6 @@ cd /boot
 %files -n dtb-hisilicon
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/hisilicon
@@ -684,7 +673,6 @@ cd /boot
 %files -n dtb-lg
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/lg
@@ -696,7 +684,6 @@ cd /boot
 %files -n dtb-marvell
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/marvell
@@ -708,7 +695,6 @@ cd /boot
 %files -n dtb-mediatek
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/mediatek
@@ -720,7 +706,6 @@ cd /boot
 %files -n dtb-nvidia
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/nvidia
@@ -732,7 +717,6 @@ cd /boot
 %files -n dtb-qcom
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/qcom
@@ -744,7 +728,6 @@ cd /boot
 %files -n dtb-renesas
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/renesas
@@ -756,7 +739,6 @@ cd /boot
 %files -n dtb-rockchip
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/rockchip
@@ -768,7 +750,6 @@ cd /boot
 %files -n dtb-socionext
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/socionext
@@ -780,7 +761,6 @@ cd /boot
 %files -n dtb-sprd
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/sprd
@@ -792,7 +772,6 @@ cd /boot
 %files -n dtb-xilinx
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/xilinx
@@ -804,7 +783,6 @@ cd /boot
 %files -n dtb-zte
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/zte

dtb-armv6l.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

dtb-armv6l.spec

@@ -16,8 +16,8 @@
 #
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb})
 
 Name:           dtb-armv6l
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -159,6 +159,7 @@ cd pp
 for dts in bcm2835*.dts ; do
     target=${dts%*.dts}
     install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
+    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
     install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
     # HACK: work around U-Boot ignoring vendor dir
@@ -183,7 +184,6 @@ cd /boot
 %files -n dtb-bcm2835
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/bcm2835*.dtb

dtb-armv7l.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

dtb-armv7l.spec

@@ -16,8 +16,8 @@
 #
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb})
 
 Name:           dtb-armv7l
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -530,6 +530,7 @@ cd pp
 for dts in am335x-*.dts am3517*.dts am57xx-*.dts armada-370-*.dts armada-375-*.dts armada-385-*.dts armada-388-*.dts armada-398-*.dts armada-xp-*.dts bcm2836*.dts dove-*.dts exynos4*.dts exynos5*.dts imx5*.dts imx6*.dts imx7*.dts keystone-*.dts meson6-*.dts meson8-*.dts meson8b-*.dts omap3*.dts omap4*.dts omap5*.dts qcom-*.dts rk3*.dts socfpga_*.dts ste-*.dts sun4i-*.dts sun5i-*.dts sun6i-*.dts sun7i-*.dts sun8i-*.dts sun9i-*.dts tegra20-*.dts tegra30-*.dts tegra114-*.dts tegra124-*.dts vexpress-*.dts vf500-*.dts vf610-*.dts xenvm-*.dts zynq-*.dts ; do
     target=${dts%*.dts}
     install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
+    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
     install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
     # HACK: work around U-Boot ignoring vendor dir
@@ -841,7 +842,6 @@ cd /boot
 %files -n dtb-am335x
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/am335x-*.dtb
@@ -852,7 +852,6 @@ cd /boot
 %files -n dtb-am3517
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/am3517*.dtb
@@ -863,7 +862,6 @@ cd /boot
 %files -n dtb-am57xx
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/am57xx-*.dtb
@@ -874,7 +872,6 @@ cd /boot
 %files -n dtb-armada-370
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-370-*.dtb
@@ -885,7 +882,6 @@ cd /boot
 %files -n dtb-armada-375
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-375-*.dtb
@@ -896,7 +892,6 @@ cd /boot
 %files -n dtb-armada-385
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-385-*.dtb
@@ -907,7 +902,6 @@ cd /boot
 %files -n dtb-armada-388
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-388-*.dtb
@@ -918,7 +912,6 @@ cd /boot
 %files -n dtb-armada-398
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-398-*.dtb
@@ -929,7 +922,6 @@ cd /boot
 %files -n dtb-armada-xp
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-xp-*.dtb
@@ -940,7 +932,6 @@ cd /boot
 %files -n dtb-bcm2836
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/bcm2836*.dtb
@@ -951,7 +942,6 @@ cd /boot
 %files -n dtb-dove
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/dove-*.dtb
@@ -962,7 +952,6 @@ cd /boot
 %files -n dtb-exynos4
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/exynos4*.dtb
@@ -973,7 +962,6 @@ cd /boot
 %files -n dtb-exynos5
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/exynos5*.dtb
@@ -984,7 +972,6 @@ cd /boot
 %files -n dtb-imx5
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/imx5*.dtb
@@ -995,7 +982,6 @@ cd /boot
 %files -n dtb-imx6
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/imx6*.dtb
@@ -1006,7 +992,6 @@ cd /boot
 %files -n dtb-imx7
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/imx7*.dtb
@@ -1017,7 +1002,6 @@ cd /boot
 %files -n dtb-keystone
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/keystone-*.dtb
@@ -1028,7 +1012,6 @@ cd /boot
 %files -n dtb-meson6
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/meson6-*.dtb
@@ -1039,7 +1022,6 @@ cd /boot
 %files -n dtb-meson8
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/meson8-*.dtb
@@ -1050,7 +1032,6 @@ cd /boot
 %files -n dtb-meson8b
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/meson8b-*.dtb
@@ -1061,7 +1042,6 @@ cd /boot
 %files -n dtb-omap3
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/omap3*.dtb
@@ -1072,7 +1052,6 @@ cd /boot
 %files -n dtb-omap4
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/omap4*.dtb
@@ -1083,7 +1062,6 @@ cd /boot
 %files -n dtb-omap5
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/omap5*.dtb
@@ -1094,7 +1072,6 @@ cd /boot
 %files -n dtb-qcom
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/qcom-*.dtb
@@ -1105,7 +1082,6 @@ cd /boot
 %files -n dtb-rk3
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/rk3*.dtb
@@ -1116,7 +1092,6 @@ cd /boot
 %files -n dtb-socfpga
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/socfpga_*.dtb
@@ -1127,7 +1102,6 @@ cd /boot
 %files -n dtb-ste
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/ste-*.dtb
@@ -1138,7 +1112,6 @@ cd /boot
 %files -n dtb-sun4i
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun4i-*.dtb
@@ -1149,7 +1122,6 @@ cd /boot
 %files -n dtb-sun5i
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun5i-*.dtb
@@ -1160,7 +1132,6 @@ cd /boot
 %files -n dtb-sun6i
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun6i-*.dtb
@@ -1171,7 +1142,6 @@ cd /boot
 %files -n dtb-sun7i
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun7i-*.dtb
@@ -1182,7 +1152,6 @@ cd /boot
 %files -n dtb-sun8i
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun8i-*.dtb
@@ -1193,7 +1162,6 @@ cd /boot
 %files -n dtb-sun9i
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun9i-*.dtb
@@ -1204,7 +1172,6 @@ cd /boot
 %files -n dtb-tegra2
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra20-*.dtb
@@ -1215,7 +1182,6 @@ cd /boot
 %files -n dtb-tegra3
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra30-*.dtb
@@ -1226,7 +1192,6 @@ cd /boot
 %files -n dtb-tegra114
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra114-*.dtb
@@ -1237,7 +1202,6 @@ cd /boot
 %files -n dtb-tegra124
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra124-*.dtb
@@ -1248,7 +1212,6 @@ cd /boot
 %files -n dtb-vexpress
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/vexpress-*.dtb
@@ -1259,7 +1222,6 @@ cd /boot
 %files -n dtb-vf500
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/vf500-*.dtb
@@ -1270,7 +1232,6 @@ cd /boot
 %files -n dtb-vf6
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/vf610-*.dtb
@@ -1281,7 +1242,6 @@ cd /boot
 %files -n dtb-xenvm
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/xenvm-*.dtb
@@ -1292,7 +1252,6 @@ cd /boot
 %files -n dtb-zynq
 %endif
 %defattr(-,root,root)
-%doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/zynq-*.dtb

dtb.spec.in.in

@@ -89,6 +89,7 @@ cd pp
 for dts in $ALL_SUPPORTED_DTB; do
     target=${dts%*.dts}
     install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
+    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
     install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
     # HACK: work around U-Boot ignoring vendor dir

kernel-64kb.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-64kb.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-64kb
 Summary:        Kernel with 64kb PAGE_SIZE
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1164,10 +1164,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-binary.spec.in

@@ -978,10 +978,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-debug.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-debug.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-debug
 Summary:        A Debug Version of the Kernel
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1178,10 +1178,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-default.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-default.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-default
 Summary:        The Standard Kernel
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1279,10 +1279,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-docs.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-docs.spec

@@ -16,8 +16,8 @@
 #
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -31,9 +31,9 @@ Name:           kernel-docs
 Summary:        Kernel Documentation
 License:        GPL-2.0
 Group:          Documentation/Man
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif

kernel-lpae.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-lpae.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-lpae
 Summary:        Kernel for LPAE enabled systems
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1158,10 +1158,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-obs-build.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-obs-build.spec

@@ -19,7 +19,7 @@
 
 #!BuildIgnore: post-build-checks
 
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -32,13 +32,20 @@ BuildRequires:  util-linux
 
 %if 0%{?suse_version}
 %if %vanilla_only
-BuildRequires:  kernel-vanilla
 %define kernel_flavor -vanilla
 %else
-BuildRequires:  kernel-default
+%ifarch %ix86
+%define kernel_flavor -pae
+%else
+%ifarch armv7l armv7hl
+%define kernel_flavor -lpae
+%else
 %define kernel_flavor -default
 %endif
 %endif
+%endif
+%endif
+BuildRequires:  kernel%kernel_flavor
 
 %if 0%{?rhel_version}
 BuildRequires:  kernel
@@ -57,9 +64,9 @@ BuildRequires:  dracut
 Summary:        package kernel and initrd for OBS VM builds
 License:        GPL-2.0
 Group:          SLES
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -109,7 +116,7 @@ echo "DefaultTasksAccounting=no" >> /etc/systemd/system.conf
 
 # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
 # this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
-export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
+export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
 
 # manually load all modules to make sure they're available
 for i in $KERNEL_MODULES; do
@@ -139,7 +146,7 @@ ROOT=""
                -m "$KERNEL_MODULES" \
                -k /boot/%{kernel_name}-*-default -M /boot/System.map-*-default -i /tmp/initrd.kvm -B
 %else
-dracut --host-only --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
+dracut --host-only --no-hostonly-cmdline --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
 %endif
 
 #cleanup

kernel-obs-build.spec.in

@@ -32,13 +32,20 @@ BuildRequires:  util-linux
 
 %if 0%{?suse_version}
 %if %vanilla_only
-BuildRequires:  kernel-vanilla
 %define kernel_flavor -vanilla
 %else
-BuildRequires:  kernel-default
+%ifarch %ix86
+%define kernel_flavor -pae
+%else
+%ifarch armv7l armv7hl
+%define kernel_flavor -lpae
+%else
 %define kernel_flavor -default
 %endif
 %endif
+%endif
+%endif
+BuildRequires:  kernel%kernel_flavor
 
 %if 0%{?rhel_version}
 BuildRequires:  kernel
@@ -109,7 +116,7 @@ echo "DefaultTasksAccounting=no" >> /etc/systemd/system.conf
 
 # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
 # this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
-export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
+export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
 
 # manually load all modules to make sure they're available
 for i in $KERNEL_MODULES; do
@@ -139,7 +146,7 @@ ROOT=""
                -m "$KERNEL_MODULES" \
                -k /boot/%{kernel_name}-*-default -M /boot/System.map-*-default -i /tmp/initrd.kvm -B
 %else
-dracut --host-only --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
+dracut --host-only --no-hostonly-cmdline --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
 %endif
 
 #cleanup

kernel-obs-qa.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-obs-qa.spec

@@ -17,7 +17,7 @@
 # needsrootforbuild
 
 
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -36,9 +36,9 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        Basic QA tests for the kernel
 License:        GPL-2.0
 Group:          SLES
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif

kernel-pae.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-pae.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-pae
 Summary:        Kernel with PAE Support
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1228,10 +1228,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-source.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-source.spec

@@ -17,8 +17,8 @@
 # icecream 0
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -30,9 +30,9 @@ Name:           kernel-source
 Summary:        The Linux Kernel Sources
 License:        GPL-2.0
 Group:          Development/Sources
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif

kernel-syms.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-syms.spec

@@ -24,10 +24,10 @@ Name:           kernel-syms
 Summary:        Kernel Symbol Versions (modversions)
 License:        GPL-2.0
 Group:          Development/Sources
-Version:        4.14.15
+Version:        4.15.0
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif

kernel-syzkaller.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-syzkaller.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-syzkaller
 Summary:        Kernel used for fuzzing by syzkaller
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1161,10 +1161,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-vanilla.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-vanilla.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-vanilla
 Summary:        The Standard Kernel - without any SUSE patches
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1155,10 +1155,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

kernel-zfcpdump.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
+
+- Update to 4.15-final.
+- Eliminated 5 patches.
+- Config changes:
+  - Security:
+    - GENERIC_CPU_VULNERABILITIES=y
+- commit 978c9b0
+
+-------------------------------------------------------------------
+Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
+  upstream references (add CVE-2018-5332 bsc#1075621).
+- commit 510de01
+
+-------------------------------------------------------------------
+Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
+
+- Update
+  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
+  upstream references (add CVE-2018-5333 bsc#1075617).
+- commit e6cf845
+
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
 
@@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 
 - x86/ibrs: Add new helper macros to save/restore
   MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
-- commit 6f87133
+- commit 13295d4
 
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
   (4.14.15-fix).
 - commit 5b3d0ce
 
+-------------------------------------------------------------------
+Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
+
+- x86/cpufeature: Move processor tracing out of scattered features
+  (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- commit 8d8b718
+
+-------------------------------------------------------------------
+Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
+
+- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
+  macros (bsc#1068032 CVE-2017-5753).
+- commit 8dc7c71
+
+-------------------------------------------------------------------
+Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
+
+- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
+  CVE-2017-5753).
+- x86/ibrs: Add new helper macros to save/restore
+  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
+- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
+  CVE-2017-5753).
+- x86/enter: Create macros to restrict/unrestrict Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/idle: Control Indirect Branch Speculation in idle
+  (bsc#1068032 CVE-2017-5753).
+- x86: Simplify spectre_v2 command line parsing (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Add inlines to control Indirect Branch
+  Speculation (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/mm: Only flush indirect branches when switching into non
+  dumpable process (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Add basic IBPB (Indirect Branch Prediction
+  Barrier) support (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
+  microcodes (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on processors which are not
+  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/msr: Add definitions for new speculation control MSRs
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add AMD feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add Intel feature bits for Speculation Control
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
+  CVE-2017-5753).
+- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Fill RSB on context switch for affected CPUs
+  (bsc#1068032 CVE-2017-5753).
+- commit e36ab4f
+
+-------------------------------------------------------------------
+Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
+
+- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
+- asm/nospec, array_ptr: sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
+- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
+  CVE-2017-5715).
+- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86, get_user: use pointer masking to limit speculation
+  (bsc#1068032 CVE-2017-5715).
+- x86: narrow out of bounds syscalls to sys_read under speculation
+  (bsc#1068032 CVE-2017-5715).
+- vfs, fdtable: prevent bounds-check bypass via speculative
+  execution (bsc#1068032 CVE-2017-5715).
+- kvm, x86: update spectre-v1 mitigation (bsc#1068032
+  CVE-2017-5715).
+- nl80211: sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- Delete
+  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
+- Delete
+  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
+- Delete
+  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
+- Delete
+  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0008-p54-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
+- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0016-udf-prevent-speculative-execution.patch.
+- Delete
+  patches.suse/0017-userns-prevent-speculative-execution.patch.
+  Replace by the potential upstream solution.
+- commit 804f8a1
+
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
 
@@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
   patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 
+-------------------------------------------------------------------
+Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
+
+- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
+  It conflicts between different versions of dtb package.
+- commit 0e5fcf9
+
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
 
@@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
   patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 
+-------------------------------------------------------------------
+Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
+
+- Update config files (bsc#1068032 CVE-2017-5715).
+  Enable RETPOLINE -- the compiler is capable of them already.
+- commit 5d5345e
+
+-------------------------------------------------------------------
+Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
+
+- kernel-obs-build.spec.in: enable xfs module
+  This allows the public cloud team to build images with XFS
+  as root filesystem
+- commit 95a2d6f
+
+-------------------------------------------------------------------
+Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
+
+- macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
+- commit 66bd9b8
+
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
 
@@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
   patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 
+-------------------------------------------------------------------
+Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc8.
+- Eliminated 3 patches.
+- Config changes:
+  - Security:
+    - BPF_JIT_ALWAYS_ON=y
+    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
+- commit 05e4405
+
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
 
@@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 
 - bpf: prevent out-of-bounds speculation (bsc#1068032
   CVE-2017-5753).
-- commit 77de35d
+- commit 0eca303
+
+-------------------------------------------------------------------
+Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
+
+- config: arm64: Enable Aardvark PCIe controller
+  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
+  This option is required to support PCIe for JeOS-espressobin.
+- commit b0bb655
 
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
   (bsc#1075613).
 - commit 80f2eaf
 
+-------------------------------------------------------------------
+Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
+
+- rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
+  Follow openSUSE packaging practices described at
+  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
+- commit 050081b
+
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
 
@@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
   patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
   Use the variants from upstream (tip tree).
-- commit c72c6e5
+- commit 33b16eb
 
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
   bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 
+-------------------------------------------------------------------
+Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
+
+- kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
+  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
+  being added into the initrd's /etc/cmdline.d/95root-dev.conf
+- commit da5186f
+
+-------------------------------------------------------------------
+Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc7.
+- Eliminated 1 patch.
+- commit b07c570
+
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
   OBS now reports that it needs only around 2G, so lower the limit to
   8G, so that more compliant workers can be used.
-- commit 7637ae2
+- commit a73399a
 
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 
+-------------------------------------------------------------------
+Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
+
+- config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
+- commit 4343d87
+
+-------------------------------------------------------------------
+Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
+
+- userns: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- net: mpls: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- Thermal/int340x: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- cw1200: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- qla2xxx: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
+- carl9170: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- uvcvideo: prevent speculative execution (bnc#1068032
+  CVE-2017-5753).
+- x86, bpf, jit: prevent speculative execution when JIT is enabled
+  (bnc#1068032 CVE-2017-5753).
+- bpf: prevent speculative execution in eBPF interpreter
+  (bnc#1068032 CVE-2017-5753).
+- locking/barriers: introduce new observable speculation barrier
+  (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
+  feature (bnc#1068032 CVE-2017-5753).
+- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
+  CVE-2017-5753).
+- commit ee4aa62
+
+-------------------------------------------------------------------
+Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
+
+- Update to 4.15-rc6.
+- Config changes:
+  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
+- commit cd70bd8
+
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
 
@@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
   DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 
+-------------------------------------------------------------------
+Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
+
+- config: refresh i386/default
+  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
+  that doesn't exist on i386/default (at least in 4.15-rc5).
+- commit 84167ae
+
+-------------------------------------------------------------------
+Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc5.
+- Config changes:
+  - i386: NR_CPUS 128->64
+    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
+- commit 9e8deb3
+
+-------------------------------------------------------------------
+Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
+
+- kernel-obs-build: use pae and lpae kernels where available
+  (bsc#1073579).
+- commit 1ac1946
+
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
-- commit 3f42b52
+- commit ddb33b2
 
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
   (bsc#1073836)
-- commit c1a63f1
+- commit 4735d41
 
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 
+-------------------------------------------------------------------
+Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc4.
+- Eliminated 1 patch.
+- Config changes:
+  - ARM:
+    - QCOM_FALKOR_ERRATUM_E1041=y
+  - Overlayfs:
+    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
+- commit ff8819c
+
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
 
@@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 
+-------------------------------------------------------------------
+Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
+
+- s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
+- commit 62412b6
+
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
 
@@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
   (bnc#1012628).
 - commit c4edabf
 
+-------------------------------------------------------------------
+Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc3.
+- Eliminated 1 patch.
+- commit 383d72f
+
+-------------------------------------------------------------------
+Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
+- commit 170d177
+
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
 
@@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
   More make-ORC-reliable patches.
 - commit a6a5b05
 
+-------------------------------------------------------------------
+Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc2.
+- Eliminated 2 patches.
+- commit 68549b6
+
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
 
@@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
   patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
+- mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 
 -------------------------------------------------------------------
@@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
   While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 
+-------------------------------------------------------------------
+Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
+
+- config: armv7hl: Update to 4.15-rc1
+- commit b4c7f19
+
+-------------------------------------------------------------------
+Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
+
+- config: armv6hl: Update to 4.15-rc1
+- commit edcdf48
+
+-------------------------------------------------------------------
+Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
+
+- config: arm64: Update to 4.15-rc1
+- commit 3278861
+
+-------------------------------------------------------------------
+Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
+
+- Update to 4.15-rc1.
+- Eliminated 74 patches.
+- ARM configs need updating.
+- Config changes:
+  - General:
+    - CPU_ISOLATION=y
+    - GUP_BENCHMARK=n
+  - x86:
+    - X86_INTEL_UMIP=y
+    - PINCTRL_CEDARFORK=m
+    - INTEL_SOC_PMIC_CHTDC_TI=m
+    - INTEL_WMI_THUNDERBOLT=m
+    - DELL_SMBIOS_WMI=m
+    - DELL_SMBIOS_SMM=m
+    - CHT_DC_TI_PMIC_OPREGION=y
+    - RPMSG_CHAR=m
+  - i386:
+    - IR_SPI=m
+    - IR_GPIO_CIR=m
+    - IR_GPIO_TX=m
+    - IR_PWM_TX=m
+  - powerpc:
+    - PPC_RADIX_MMU_DEFAULT=y (default)
+    - MEM_SOFT_DIRTY=n (needs arch expert review)
+    - PINCTRL=n
+    - PPC_FAST_ENDIAN_SWITCH=n (default)
+  - s390:
+    - GCC_PLUGINS=n
+    - MEM_SOFT_DIRTY=(needs arch expert review)
+    - PINCTRL=n
+    - FORTIFY_SOURCE=y
+  - s390/zfcpdump:
+    - BPF_STREAM_PARSER=n
+    - MTD=n
+  - Network:
+    - NET_SCH_CBS=m
+    - VSOCKETS_DIAG=m
+    - DP83822_PHY=m
+    - RENESAS_PHY=m
+    - THUNDERBOLT_NET=m
+  - Input:
+    - TOUCHSCREEN_EXC3000=m
+    - TOUCHSCREEN_HIDEEP=m
+    - TOUCHSCREEN_S6SY761=m
+    - DRM_I2C_ADV7511_CEC=y
+  - Misc:
+    - IPMI_PROC_INTERFACE=y
+    - GPIO_MAX3191X=m
+    - MANAGER_SBS=m
+    - W1_SLAVE_DS28E17=m
+    - SENSORS_MAX6621=m
+    - SENSORS_MAX31785=m
+    - CEC_GPIO=m
+    - TYPEC_TPS6598X=m
+    - RPMSG_VIRTIO=m
+    - IIO_CROS_EC_ACCEL_LEGACY=m
+    - RFD77402=m
+    - NTB_SWITCHTEC=m
+    - MMC_SDHCI_OMAP=m
+  - Filesystems:
+    - XFS_ONLINE_SCRUB=n (still experimental)
+    - BTRFS_FS_REF_VERIFY=n
+    - CRAMFS_BLOCKDEV=y
+    - CRAMFS_MTD=y
+    - INTEGRITY_TRUSTED_KEYRING=y
+  - Crypto:
+    - CRYPTO_SM3=m
+    - SIGNED_PE_FILE_VERIFICATION=y
+    - SYSTEM_TRUSTED_KEYS (empty)
+    - SYSTEM_EXTRA_CERTIFICATE=n
+    - SECONDARY_TRUSTED_KEYRING=n
+  - LEDS:
+    - LEDS_APU=m
+    - LEDS_TRIGGER_ACTIVITY=m
+  - RTC:
+    - RTC_DRV_PCF85363=m
+  - Xen:
+    - XEN_PVCALLS_FRONTEND=n
+  - Graphics:
+    - DRM_AMD_DC=y
+    - DRM_AMD_DC_PRE_VEGA=y
+    - DRM_AMD_DC_FBC=y ?
+    - DRM_AMD_DC_DCN1_0=y
+    - DEBUG_KERNEL_DC=n
+    - NOUVEAU_DEBUG_MMU=n
+  - Storage:
+    - NVME_MULTIPATH=y
+  - IB:
+    - MLX4_CORE_GEN2=y
+  - Sound:
+    - SND_SOC_INTEL_SST_TOPLEVEL=m
+    - SND_SOC_INTEL_BAYTRAIL=m
+  - Testing:
+    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
+    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
+    - PREEMPTIRQ_EVENTS=y
+    - TEST_FIND_BIT=n
+    - PKCS7_TEST_KEY=n
+    - CHASH_SELFTEST=n
+    - CHASH_STATS=n
+- commit bc47c49
+
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
 

kernel-zfcpdump.spec

@@ -17,8 +17,8 @@
 # needssslcertforbuild
 
 
-%define srcversion 4.14
-%define patchversion 4.14.15
+%define srcversion 4.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -58,9 +58,9 @@ Name:           kernel-zfcpdump
 Summary:        The IBM System Z zfcpdump Kernel
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@@ -1164,10 +1164,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
-Provides:	kernel-xen-kgraft
-Obsoletes:	kernel-default-kgraft < 4.12
-Obsoletes:	kernel-xen-kgraft < 4.12
+Provides:	kernel-default-kgraft = %version
+Provides:	kernel-xen-kgraft = %version
+Obsoletes:	kernel-default-kgraft < %version
+Obsoletes:	kernel-xen-kgraft < %version
 
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a

linux-4.15.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769
+size 102181404

macros.kernel-source

@@ -19,7 +19,7 @@
 	    krel=$(make -s -C /usr/src/linux-obj/%_target_cpu/$flavor kernelrelease) \
 	    kver=${krel%%-*} \
 	    flavors_to_build="$flavors_to_build $flavor" \
-	    echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-p} %{-b} %{-c:-c} $flavor $kver" \
+	    echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-f} %{-p} %{-b} %{-c:-c} $flavor $kver" \
 	done \
 	echo "%%global flavors_to_build${flavors_to_build:-%%nil}" \
 	echo "%%{expand:%%(test -z '%flavors_to_build' && echo %%%%internal_kmp_error)}" \

mkspec-dtb

@@ -161,7 +161,6 @@ sub generate_spec($$$)
             "%files -n $PKG_NAME\n" .
             "%endif\n" .
             "%defattr(-,root,root)\n" .
-            "%doc COPYING\n" .
             "%ghost /boot/dtb\n" .
             "%dir %{dtbdir}\n" .
             $dtb_subdir .

patches.suse.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:89acf8a114444c0abde36adb32d14310e8fd246f57dcb41a32ece7d4ffaab0d9
-size 78932
+oid sha256:aad87eb3dd9be3ecc73bdc411f1d8474a27561ec02dc6f29bb2af8d8a2b5b070
+size 74296

source-timestamp

@@ -1,3 +1,3 @@
-2018-01-29 09:15:43 +0100
-GIT Revision: 9a6fca576ed483a18c4ef64b85e247fcb33e4c1b
+2018-01-31 08:03:28 +0100
+GIT Revision: ac017470b9f9e7c85b28bb48f40b3116c8fe68c7
 GIT Branch: stable