commit ac017470b9f9e7c85b28bb48f40b3116c8fe68c7

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=814
2018-01-31 18:59:10 +00:00 · 2018-01-31 18:59:10 +00:00 · 7cbecc587b
commit 7cbecc587b
parent a4316030a3
44 changed files with 7351 additions and 1762 deletions
--- a/config.sh
+++ b/config.sh
@ -1,5 +1,5 @@
 # The version of the main tarball to use
-SRCVERSION=4.14
+SRCVERSION=4.15
 # variant of the kernel-source package, either empty or "-rt"
 VARIANT=
 # buildservice projects to build the kernel against
--- a/config.tar.bz2
+++ b/config.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f8ab736c4c6563827d0a5a1a30443f9754c89668a6e025cb731cda96eefcd969
+oid sha256:9e9aa1e55c4fe952603aa612cefc47354df633c6e1752934292b61920b65647f
-size 175599
+size 176920
--- a/dtb-aarch64.changes
+++ b/dtb-aarch64.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/dtb-aarch64.spec
+++ b/dtb-aarch64.spec
@ -16,8 +16,8 @@
 #
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %include %_sourcedir/kernel-spec-macros
@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb})
 Name:           dtb-aarch64
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -362,6 +362,7 @@ cd pp
 for dts in al/*.dts allwinner/*.dts altera/*.dts amd/*.dts amlogic/*.dts apm/*.dts arm/*.dts broadcom/*.dts cavium/*.dts exynos/*.dts freescale/*.dts hisilicon/*.dts lg/*.dts marvell/*.dts mediatek/*.dts nvidia/*.dts qcom/*.dts renesas/*.dts rockchip/*.dts socionext/*.dts sprd/*.dts xilinx/*.dts zte/*.dts ; do
    target=${dts%*.dts}
    install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
    install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
    # HACK: work around U-Boot ignoring vendor dir
@ -540,7 +541,6 @@ cd /boot
 %files -n dtb-al
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/al
@ -552,7 +552,6 @@ cd /boot
 %files -n dtb-allwinner
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/allwinner
@ -564,7 +563,6 @@ cd /boot
 %files -n dtb-altera
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/altera
@ -576,7 +574,6 @@ cd /boot
 %files -n dtb-amd
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/amd
@ -588,7 +585,6 @@ cd /boot
 %files -n dtb-amlogic
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/amlogic
@ -600,7 +596,6 @@ cd /boot
 %files -n dtb-apm
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/apm
@ -612,7 +607,6 @@ cd /boot
 %files -n dtb-arm
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/arm
@ -624,7 +618,6 @@ cd /boot
 %files -n dtb-broadcom
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/broadcom
@ -636,7 +629,6 @@ cd /boot
 %files -n dtb-cavium
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/cavium
@ -648,7 +640,6 @@ cd /boot
 %files -n dtb-exynos
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/exynos
@ -660,7 +651,6 @@ cd /boot
 %files -n dtb-freescale
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/freescale
@ -672,7 +662,6 @@ cd /boot
 %files -n dtb-hisilicon
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/hisilicon
@ -684,7 +673,6 @@ cd /boot
 %files -n dtb-lg
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/lg
@ -696,7 +684,6 @@ cd /boot
 %files -n dtb-marvell
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/marvell
@ -708,7 +695,6 @@ cd /boot
 %files -n dtb-mediatek
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/mediatek
@ -720,7 +706,6 @@ cd /boot
 %files -n dtb-nvidia
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/nvidia
@ -732,7 +717,6 @@ cd /boot
 %files -n dtb-qcom
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/qcom
@ -744,7 +728,6 @@ cd /boot
 %files -n dtb-renesas
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/renesas
@ -756,7 +739,6 @@ cd /boot
 %files -n dtb-rockchip
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/rockchip
@ -768,7 +750,6 @@ cd /boot
 %files -n dtb-socionext
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/socionext
@ -780,7 +761,6 @@ cd /boot
 %files -n dtb-sprd
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/sprd
@ -792,7 +772,6 @@ cd /boot
 %files -n dtb-xilinx
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/xilinx
@ -804,7 +783,6 @@ cd /boot
 %files -n dtb-zte
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %dir %{dtbdir}/zte
--- a/dtb-armv6l.changes
+++ b/dtb-armv6l.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/dtb-armv6l.spec
+++ b/dtb-armv6l.spec
@ -16,8 +16,8 @@
 #
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %include %_sourcedir/kernel-spec-macros
@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb})
 Name:           dtb-armv6l
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -159,6 +159,7 @@ cd pp
 for dts in bcm2835*.dts ; do
    target=${dts%*.dts}
    install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
    install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
    # HACK: work around U-Boot ignoring vendor dir
@ -183,7 +184,6 @@ cd /boot
 %files -n dtb-bcm2835
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/bcm2835*.dtb
--- a/dtb-armv7l.changes
+++ b/dtb-armv7l.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/dtb-armv7l.spec
+++ b/dtb-armv7l.spec
@ -16,8 +16,8 @@
 #
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %include %_sourcedir/kernel-spec-macros
@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb})
 Name:           dtb-armv7l
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -530,6 +530,7 @@ cd pp
 for dts in am335x-*.dts am3517*.dts am57xx-*.dts armada-370-*.dts armada-375-*.dts armada-385-*.dts armada-388-*.dts armada-398-*.dts armada-xp-*.dts bcm2836*.dts dove-*.dts exynos4*.dts exynos5*.dts imx5*.dts imx6*.dts imx7*.dts keystone-*.dts meson6-*.dts meson8-*.dts meson8b-*.dts omap3*.dts omap4*.dts omap5*.dts qcom-*.dts rk3*.dts socfpga_*.dts ste-*.dts sun4i-*.dts sun5i-*.dts sun6i-*.dts sun7i-*.dts sun8i-*.dts sun9i-*.dts tegra20-*.dts tegra30-*.dts tegra114-*.dts tegra124-*.dts vexpress-*.dts vf500-*.dts vf610-*.dts xenvm-*.dts zynq-*.dts ; do
    target=${dts%*.dts}
    install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
    install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
    # HACK: work around U-Boot ignoring vendor dir
@ -841,7 +842,6 @@ cd /boot
 %files -n dtb-am335x
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/am335x-*.dtb
@ -852,7 +852,6 @@ cd /boot
 %files -n dtb-am3517
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/am3517*.dtb
@ -863,7 +862,6 @@ cd /boot
 %files -n dtb-am57xx
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/am57xx-*.dtb
@ -874,7 +872,6 @@ cd /boot
 %files -n dtb-armada-370
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-370-*.dtb
@ -885,7 +882,6 @@ cd /boot
 %files -n dtb-armada-375
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-375-*.dtb
@ -896,7 +892,6 @@ cd /boot
 %files -n dtb-armada-385
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-385-*.dtb
@ -907,7 +902,6 @@ cd /boot
 %files -n dtb-armada-388
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-388-*.dtb
@ -918,7 +912,6 @@ cd /boot
 %files -n dtb-armada-398
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-398-*.dtb
@ -929,7 +922,6 @@ cd /boot
 %files -n dtb-armada-xp
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/armada-xp-*.dtb
@ -940,7 +932,6 @@ cd /boot
 %files -n dtb-bcm2836
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/bcm2836*.dtb
@ -951,7 +942,6 @@ cd /boot
 %files -n dtb-dove
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/dove-*.dtb
@ -962,7 +952,6 @@ cd /boot
 %files -n dtb-exynos4
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/exynos4*.dtb
@ -973,7 +962,6 @@ cd /boot
 %files -n dtb-exynos5
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/exynos5*.dtb
@ -984,7 +972,6 @@ cd /boot
 %files -n dtb-imx5
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/imx5*.dtb
@ -995,7 +982,6 @@ cd /boot
 %files -n dtb-imx6
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/imx6*.dtb
@ -1006,7 +992,6 @@ cd /boot
 %files -n dtb-imx7
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/imx7*.dtb
@ -1017,7 +1002,6 @@ cd /boot
 %files -n dtb-keystone
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/keystone-*.dtb
@ -1028,7 +1012,6 @@ cd /boot
 %files -n dtb-meson6
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/meson6-*.dtb
@ -1039,7 +1022,6 @@ cd /boot
 %files -n dtb-meson8
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/meson8-*.dtb
@ -1050,7 +1032,6 @@ cd /boot
 %files -n dtb-meson8b
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/meson8b-*.dtb
@ -1061,7 +1042,6 @@ cd /boot
 %files -n dtb-omap3
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/omap3*.dtb
@ -1072,7 +1052,6 @@ cd /boot
 %files -n dtb-omap4
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/omap4*.dtb
@ -1083,7 +1062,6 @@ cd /boot
 %files -n dtb-omap5
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/omap5*.dtb
@ -1094,7 +1072,6 @@ cd /boot
 %files -n dtb-qcom
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/qcom-*.dtb
@ -1105,7 +1082,6 @@ cd /boot
 %files -n dtb-rk3
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/rk3*.dtb
@ -1116,7 +1092,6 @@ cd /boot
 %files -n dtb-socfpga
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/socfpga_*.dtb
@ -1127,7 +1102,6 @@ cd /boot
 %files -n dtb-ste
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/ste-*.dtb
@ -1138,7 +1112,6 @@ cd /boot
 %files -n dtb-sun4i
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun4i-*.dtb
@ -1149,7 +1122,6 @@ cd /boot
 %files -n dtb-sun5i
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun5i-*.dtb
@ -1160,7 +1132,6 @@ cd /boot
 %files -n dtb-sun6i
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun6i-*.dtb
@ -1171,7 +1142,6 @@ cd /boot
 %files -n dtb-sun7i
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun7i-*.dtb
@ -1182,7 +1152,6 @@ cd /boot
 %files -n dtb-sun8i
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun8i-*.dtb
@ -1193,7 +1162,6 @@ cd /boot
 %files -n dtb-sun9i
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/sun9i-*.dtb
@ -1204,7 +1172,6 @@ cd /boot
 %files -n dtb-tegra2
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra20-*.dtb
@ -1215,7 +1182,6 @@ cd /boot
 %files -n dtb-tegra3
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra30-*.dtb
@ -1226,7 +1192,6 @@ cd /boot
 %files -n dtb-tegra114
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra114-*.dtb
@ -1237,7 +1202,6 @@ cd /boot
 %files -n dtb-tegra124
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/tegra124-*.dtb
@ -1248,7 +1212,6 @@ cd /boot
 %files -n dtb-vexpress
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/vexpress-*.dtb
@ -1259,7 +1222,6 @@ cd /boot
 %files -n dtb-vf500
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/vf500-*.dtb
@ -1270,7 +1232,6 @@ cd /boot
 %files -n dtb-vf6
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/vf610-*.dtb
@ -1281,7 +1242,6 @@ cd /boot
 %files -n dtb-xenvm
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/xenvm-*.dtb
@ -1292,7 +1252,6 @@ cd /boot
 %files -n dtb-zynq
 %endif
 %defattr(-,root,root)
 %doc COPYING
 %ghost /boot/dtb
 %dir %{dtbdir}
 %{dtbdir}/zynq-*.dtb
--- a/dtb.spec.in.in
+++ b/dtb.spec.in.in
@ -89,6 +89,7 @@ cd pp
 for dts in $ALL_SUPPORTED_DTB; do
    target=${dts%*.dts}
    install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target)
    # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target)
    install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target)
 %ifarch aarch64
    # HACK: work around U-Boot ignoring vendor dir
--- a/kernel-64kb.changes
+++ b/kernel-64kb.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-64kb.spec
+++ b/kernel-64kb.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-64kb
 Summary:        Kernel with 64kb PAGE_SIZE
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1164,10 +1164,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-binary.spec.in
+++ b/kernel-binary.spec.in
@ -978,10 +978,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-debug.changes
+++ b/kernel-debug.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-debug.spec
+++ b/kernel-debug.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-debug
 Summary:        A Debug Version of the Kernel
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1178,10 +1178,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-default.changes
+++ b/kernel-default.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-default.spec
+++ b/kernel-default.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-default
 Summary:        The Standard Kernel
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1279,10 +1279,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-docs.changes
+++ b/kernel-docs.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-docs.spec
+++ b/kernel-docs.spec
@ -16,8 +16,8 @@
 #
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %include %_sourcedir/kernel-spec-macros
@ -31,9 +31,9 @@ Name:           kernel-docs
 Summary:        Kernel Documentation
 License:        GPL-2.0
 Group:          Documentation/Man
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
--- a/kernel-lpae.changes
+++ b/kernel-lpae.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-lpae.spec
+++ b/kernel-lpae.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-lpae
 Summary:        Kernel for LPAE enabled systems
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1158,10 +1158,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-obs-build.changes
+++ b/kernel-obs-build.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-obs-build.spec
+++ b/kernel-obs-build.spec
@ -19,7 +19,7 @@
 #!BuildIgnore: post-build-checks
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -32,13 +32,20 @@ BuildRequires:  util-linux
 %if 0%{?suse_version}
 %if %vanilla_only
 BuildRequires:  kernel-vanilla
 %define kernel_flavor -vanilla
 %else
-BuildRequires:  kernel-default
+%ifarch %ix86
 %define kernel_flavor -pae
 %else
 %ifarch armv7l armv7hl
 %define kernel_flavor -lpae
 %else
 %define kernel_flavor -default
 %endif
 %endif
 %endif
 %endif
 BuildRequires:  kernel%kernel_flavor
 %if 0%{?rhel_version}
 BuildRequires:  kernel
@ -57,9 +64,9 @@ BuildRequires:  dracut
 Summary:        package kernel and initrd for OBS VM builds
 License:        GPL-2.0
 Group:          SLES
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -109,7 +116,7 @@ echo "DefaultTasksAccounting=no" >> /etc/systemd/system.conf
 # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
 # this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
-export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
+export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
 # manually load all modules to make sure they're available
 for i in $KERNEL_MODULES; do
@ -139,7 +146,7 @@ ROOT=""
               -m "$KERNEL_MODULES" \
               -k /boot/%{kernel_name}-*-default -M /boot/System.map-*-default -i /tmp/initrd.kvm -B
 %else
-dracut --host-only --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
+dracut --host-only --no-hostonly-cmdline --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
 %endif
 #cleanup
--- a/kernel-obs-build.spec.in
+++ b/kernel-obs-build.spec.in
@ -32,13 +32,20 @@ BuildRequires:  util-linux
 %if 0%{?suse_version}
 %if %vanilla_only
 BuildRequires:  kernel-vanilla
 %define kernel_flavor -vanilla
 %else
-BuildRequires:  kernel-default
+%ifarch %ix86
 %define kernel_flavor -pae
 %else
 %ifarch armv7l armv7hl
 %define kernel_flavor -lpae
 %else
 %define kernel_flavor -default
 %endif
 %endif
 %endif
 %endif
 BuildRequires:  kernel%kernel_flavor
 %if 0%{?rhel_version}
 BuildRequires:  kernel
@ -109,7 +116,7 @@ echo "DefaultTasksAccounting=no" >> /etc/systemd/system.conf
 # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
 # this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
-export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
+export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth"
 # manually load all modules to make sure they're available
 for i in $KERNEL_MODULES; do
@ -139,7 +146,7 @@ ROOT=""
               -m "$KERNEL_MODULES" \
               -k /boot/%{kernel_name}-*-default -M /boot/System.map-*-default -i /tmp/initrd.kvm -B
 %else
-dracut --host-only --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
+dracut --host-only --no-hostonly-cmdline --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'`
 %endif
 #cleanup
--- a/kernel-obs-qa.changes
+++ b/kernel-obs-qa.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-obs-qa.spec
+++ b/kernel-obs-qa.spec
@ -17,7 +17,7 @@
 # needsrootforbuild
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %include %_sourcedir/kernel-spec-macros
@ -36,9 +36,9 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        Basic QA tests for the kernel
 License:        GPL-2.0
 Group:          SLES
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
--- a/kernel-pae.changes
+++ b/kernel-pae.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-pae.spec
+++ b/kernel-pae.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-pae
 Summary:        Kernel with PAE Support
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1228,10 +1228,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-source.changes
+++ b/kernel-source.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-source.spec
+++ b/kernel-source.spec
@ -17,8 +17,8 @@
 # icecream 0
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -30,9 +30,9 @@ Name:           kernel-source
 Summary:        The Linux Kernel Sources
 License:        GPL-2.0
 Group:          Development/Sources
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
--- a/kernel-syms.changes
+++ b/kernel-syms.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-syms.spec
+++ b/kernel-syms.spec
@ -24,10 +24,10 @@ Name:           kernel-syms
 Summary:        Kernel Symbol Versions (modversions)
 License:        GPL-2.0
 Group:          Development/Sources
-Version:        4.14.15
+Version:        4.15.0
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
--- a/kernel-syzkaller.changes
+++ b/kernel-syzkaller.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-syzkaller.spec
+++ b/kernel-syzkaller.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-syzkaller
 Summary:        Kernel used for fuzzing by syzkaller
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1161,10 +1161,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-vanilla.changes
+++ b/kernel-vanilla.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-vanilla.spec
+++ b/kernel-vanilla.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-vanilla
 Summary:        The Standard Kernel - without any SUSE patches
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1155,10 +1155,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/kernel-zfcpdump.changes
+++ b/kernel-zfcpdump.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Jan 31 07:51:04 CET 2018 - jslaby@suse.cz
 - Update to 4.15-final.
 - Eliminated 5 patches.
 - Config changes:
  - Security:
    - GENERIC_CPU_VULNERABILITIES=y
 - commit 978c9b0
 -------------------------------------------------------------------
 Tue Jan 30 13:15:01 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
  upstream references (add CVE-2018-5332 bsc#1075621).
 - commit 510de01
 -------------------------------------------------------------------
 Tue Jan 30 13:13:54 CET 2018 - mkubecek@suse.cz
 - Update
  patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
  upstream references (add CVE-2018-5333 bsc#1075617).
 - commit e6cf845
 -------------------------------------------------------------------
 Mon Jan 29 09:15:43 CET 2018 - jslaby@suse.cz
@ -21,7 +47,7 @@ Fri Jan 26 08:40:10 CET 2018 - jslaby@suse.cz
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133
+- commit 13295d4
 -------------------------------------------------------------------
 Thu Jan 25 21:47:49 CET 2018 - jslaby@suse.cz
@ -132,6 +158,121 @@ Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
  (4.14.15-fix).
 - commit 5b3d0ce
 -------------------------------------------------------------------
 Thu Jan 25 08:23:15 CET 2018 - jslaby@suse.cz
 - x86/cpufeature: Move processor tracing out of scattered features
  (bsc#1068032 CVE-2017-5753).
 - Refresh
  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
 - Refresh
  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
 - commit 8d8b718
 -------------------------------------------------------------------
 Wed Jan 24 20:19:27 CET 2018 - jslaby@suse.cz
 - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
  macros (bsc#1068032 CVE-2017-5753).
 - commit 8dc7c71
 -------------------------------------------------------------------
 Wed Jan 24 20:17:09 CET 2018 - jslaby@suse.cz
 - x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032
  CVE-2017-5753).
 - x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753).
 - x86/enter: Use IBRS on syscall and interrupts (bsc#1068032
  CVE-2017-5753).
 - x86/enter: Create macros to restrict/unrestrict Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/idle: Control Indirect Branch Speculation in idle
  (bsc#1068032 CVE-2017-5753).
 - x86: Simplify spectre_v2 command line parsing (bsc#1068032
  CVE-2017-5753).
 - x86/speculation: Add inlines to control Indirect Branch
  Speculation (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBRS support infrastructure
  (bsc#1068032 CVE-2017-5753).
 - x86/mm: Only flush indirect branches when switching into non
  dumpable process (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Use Indirect Branch Prediction Barrier in
  context switch (bsc#1068032 CVE-2017-5753).
 - x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753).
 - x86/speculation: Add basic IBPB (Indirect Branch Prediction
  Barrier) support (bsc#1068032 CVE-2017-5753).
 - x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2
  microcodes (bsc#1068032 CVE-2017-5753).
 - x86/pti: Do not enable PTI on processors which are not
  vulnerable to Meltdown (bsc#1068032 CVE-2017-5753).
 - x86/msr: Add definitions for new speculation control MSRs
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add AMD feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add Intel feature bits for Speculation Control
  (bsc#1068032 CVE-2017-5753).
 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032
  CVE-2017-5753).
 - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  (bsc#1068032 CVE-2017-5753).
 - x86/retpoline: Fill RSB on context switch for affected CPUs
  (bsc#1068032 CVE-2017-5753).
 - commit e36ab4f
 -------------------------------------------------------------------
 Wed Jan 24 19:41:00 CET 2018 - jslaby@suse.cz
 - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
 - asm/nospec, array_ptr: sanitize speculative array de-references
  (bsc#1068032 CVE-2017-5715).
 - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
 - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
  CVE-2017-5715).
 - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
  CVE-2017-5715).
 - x86, get_user: use pointer masking to limit speculation
  (bsc#1068032 CVE-2017-5715).
 - x86: narrow out of bounds syscalls to sys_read under speculation
  (bsc#1068032 CVE-2017-5715).
 - vfs, fdtable: prevent bounds-check bypass via speculative
  execution (bsc#1068032 CVE-2017-5715).
 - kvm, x86: update spectre-v1 mitigation (bsc#1068032
  CVE-2017-5715).
 - nl80211: sanitize array index in parse_txq_params (bsc#1068032
  CVE-2017-5715).
 - Delete
  patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
 - Delete
  patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch.
 - Delete
  patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
 - Delete
  patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0007-carl9170-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0008-p54-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0010-cw1200-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0012-ipv4-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0013-ipv6-prevent-speculative-execution.patch.
 - Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0016-udf-prevent-speculative-execution.patch.
 - Delete
  patches.suse/0017-userns-prevent-speculative-execution.patch.
  Replace by the potential upstream solution.
 - commit 804f8a1
 -------------------------------------------------------------------
 Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
@ -336,6 +477,13 @@ Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz
  patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
 - commit fe1d712
 -------------------------------------------------------------------
 Mon Jan 22 13:29:31 CET 2018 - msuchanek@suse.de
 - rpm/mkspec-dtb: Remove COPYING file (bsc#1076905).
  It conflicts between different versions of dtb package.
 - commit 0e5fcf9
 -------------------------------------------------------------------
 Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
@ -391,6 +539,27 @@ Sun Jan 21 14:58:37 CET 2018 - jslaby@suse.cz
  patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
 - commit 5790c9a
 -------------------------------------------------------------------
 Thu Jan 18 11:20:11 CET 2018 - jslaby@suse.cz
 - Update config files (bsc#1068032 CVE-2017-5715).
  Enable RETPOLINE -- the compiler is capable of them already.
 - commit 5d5345e
 -------------------------------------------------------------------
 Wed Jan 17 16:02:16 CET 2018 - rjschwei@suse.com
 - kernel-obs-build.spec.in: enable xfs module
  This allows the public cloud team to build images with XFS
  as root filesystem
 - commit 95a2d6f
 -------------------------------------------------------------------
 Wed Jan 17 15:19:38 CET 2018 - msuchanek@suse.de
 - macros.kernel-source: pass -f properly in module subpackage (boo#1076393).
 - commit 66bd9b8
 -------------------------------------------------------------------
 Wed Jan 17 10:26:10 CET 2018 - jslaby@suse.cz
@ -624,6 +793,17 @@ Tue Jan 16 13:54:06 CET 2018 - jslaby@suse.cz
  patches.suse/0036-Clear-the-host-registers-after-setbe.patch.
 - commit edd3e75
 -------------------------------------------------------------------
 Mon Jan 15 15:08:48 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc8.
 - Eliminated 3 patches.
 - Config changes:
  - Security:
    - BPF_JIT_ALWAYS_ON=y
    - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern)
 - commit 05e4405
 -------------------------------------------------------------------
 Fri Jan 12 17:34:16 CET 2018 - jslaby@suse.cz
@ -648,7 +828,15 @@ Fri Jan 12 10:04:49 CET 2018 - jslaby@suse.cz
 - bpf: prevent out-of-bounds speculation (bsc#1068032
  CVE-2017-5753).
- commit 77de35d
+- commit 0eca303
 -------------------------------------------------------------------
 Thu Jan 11 19:57:16 CET 2018 - matwey.kornilov@gmail.com
 - config: arm64: Enable Aardvark PCIe controller
  Aardvark PCIe controller is a part of Marvel Armada 3700 SoC.
  This option is required to support PCIe for JeOS-espressobin.
 - commit b0bb655
 -------------------------------------------------------------------
 Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
@ -657,6 +845,14 @@ Thu Jan 11 16:39:36 CET 2018 - tiwai@suse.de
  (bsc#1075613).
 - commit 80f2eaf
 -------------------------------------------------------------------
 Thu Jan 11 10:41:47 CET 2018 - lpechacek@suse.com
 - rpm/kernel-binary.spec.in: more specific kGraft Provides: (fate#323682)
  Follow openSUSE packaging practices described at
  https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package.
 - commit 050081b
 -------------------------------------------------------------------
 Thu Jan 11 09:01:53 CET 2018 - mkubecek@suse.cz
@ -719,7 +915,7 @@ Wed Jan 10 10:40:45 CET 2018 - jslaby@suse.cz
 - Delete
  patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch.
  Use the variants from upstream (tip tree).
- commit c72c6e5
+- commit 33b16eb
 -------------------------------------------------------------------
 Wed Jan 10 10:14:27 CET 2018 - jslaby@suse.cz
@ -804,13 +1000,28 @@ Tue Jan  9 14:35:46 CET 2018 - jslaby@suse.cz
  bnc#1074920, bnc#1074921, bnc#1075018, bnc#1075034)
 - commit f4b3cf0
 -------------------------------------------------------------------
 Mon Jan  8 11:23:11 CET 2018 - msuchanek@suse.de
 - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303).
  call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID
  being added into the initrd's /etc/cmdline.d/95root-dev.conf
 - commit da5186f
 -------------------------------------------------------------------
 Mon Jan  8 04:46:44 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc7.
 - Eliminated 1 patch.
 - commit b07c570
 -------------------------------------------------------------------
 Sat Jan  6 10:10:30 CET 2018 - jslaby@suse.cz
 - rpm/constraints.in: lower kernel-syzkaller's mem requirements
  OBS now reports that it needs only around 2G, so lower the limit to
  8G, so that more compliant workers can be used.
- commit 7637ae2
+- commit a73399a
 -------------------------------------------------------------------
 Fri Jan  5 19:15:55 CET 2018 - jslaby@suse.cz
@ -1208,6 +1419,54 @@ Wed Jan  3 16:57:12 CET 2018 - jslaby@suse.cz
 - Update config files.
 - commit 58fec0f
 -------------------------------------------------------------------
 Wed Jan  3 15:34:27 CET 2018 - jeffm@suse.com
 - config: x86, PAGE_TABLE_ISOLATION=y (bsc#1068032).
 - commit 4343d87
 -------------------------------------------------------------------
 Tue Jan  2 15:14:16 CET 2018 - jslaby@suse.cz
 - userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
 - carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
 - x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
 - bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
 - locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
 - x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
 - commit ee4aa62
 -------------------------------------------------------------------
 Tue Jan  2 04:37:31 CET 2018 - jeffm@suse.com
 - Update to 4.15-rc6.
 - Config changes:
  - x86: PAGE_TABLE_ISOLATION=n (default, performance)
 - commit cd70bd8
 -------------------------------------------------------------------
 Mon Jan  1 09:55:10 CET 2018 - jslaby@suse.cz
@ -1637,18 +1896,42 @@ Mon Dec 25 03:42:33 CET 2017 - jeffm@suse.com
  DEBUG_LIST, which is very expensive and obvious on benchmarks.
 - commit 7bfff34
 -------------------------------------------------------------------
 Mon Dec 25 01:45:31 CET 2017 - jeffm@suse.com
 - config: refresh i386/default
  Commit 4735d41aeeb added a disabled CONFIG_SPI_INTEL_SPI_PLATFORM option
  that doesn't exist on i386/default (at least in 4.15-rc5).
 - commit 84167ae
 -------------------------------------------------------------------
 Sun Dec 24 19:43:43 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc5.
 - Config changes:
  - i386: NR_CPUS 128->64
    - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount)
 - commit 9e8deb3
 -------------------------------------------------------------------
 Thu Dec 21 13:31:54 CET 2017 - msuchanek@suse.de
 - kernel-obs-build: use pae and lpae kernels where available
  (bsc#1073579).
 - commit 1ac1946
 -------------------------------------------------------------------
 Thu Dec 21 11:54:37 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PCI as well (bsc#1073836)
- commit 3f42b52
+- commit ddb33b2
 -------------------------------------------------------------------
 Thu Dec 21 11:29:01 CET 2017 - tiwai@suse.de
 - Disable CONFIG_SPI_INTEL_SPI_PLATFORM for BIOS breakge on Lenovo laptops
  (bsc#1073836)
- commit c1a63f1
+- commit 4735d41
 -------------------------------------------------------------------
 Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
@ -1943,6 +2226,18 @@ Wed Dec 20 11:40:41 CET 2017 - jslaby@suse.cz
 - usb: musb: da8xx: fix babble condition handling (bnc#1012628).
 - commit 674981b
 -------------------------------------------------------------------
 Tue Dec 19 02:20:44 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc4.
 - Eliminated 1 patch.
 - Config changes:
  - ARM:
    - QCOM_FALKOR_ERRATUM_E1041=y
  - Overlayfs:
    - OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y (preserves existing behavior)
 - commit ff8819c
 -------------------------------------------------------------------
 Sun Dec 17 23:11:47 CET 2017 - jslaby@suse.cz
@ -2286,6 +2581,12 @@ Thu Dec 14 10:42:26 CET 2017 - jslaby@suse.cz
 - afs: Connect up the CB.ProbeUuid (bnc#1012628).
 - commit 45f120a
 -------------------------------------------------------------------
 Wed Dec 13 15:39:44 CET 2017 - msuchanek@suse.de
 - s390/sclp: disable FORTIFY_SOURCE for early sclp code (-).
 - commit 62412b6
 -------------------------------------------------------------------
 Tue Dec 12 19:55:02 CET 2017 - bp@suse.de
@ -2452,6 +2753,19 @@ Mon Dec 11 09:31:08 CET 2017 - jslaby@suse.cz
  (bnc#1012628).
 - commit c4edabf
 -------------------------------------------------------------------
 Mon Dec 11 03:44:03 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc3.
 - Eliminated 1 patch.
 - commit 383d72f
 -------------------------------------------------------------------
 Sat Dec  9 20:12:16 CET 2017 - afaerber@suse.de
 - config: armv7hl: Enable SUN4I_A10_CCU for Allwinner A20 (boo#1072032)
 - commit 170d177
 -------------------------------------------------------------------
 Fri Dec  8 14:10:52 CET 2017 - msuchanek@suse.de
@ -2631,6 +2945,13 @@ Tue Dec  5 10:13:14 CET 2017 - jslaby@suse.cz
  More make-ORC-reliable patches.
 - commit a6a5b05
 -------------------------------------------------------------------
 Mon Dec  4 16:10:35 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc2.
 - Eliminated 2 patches.
 - commit 68549b6
 -------------------------------------------------------------------
 Thu Nov 30 10:05:48 CET 2017 - jslaby@suse.cz
@ -2971,6 +3292,7 @@ Thu Nov 30 09:41:53 CET 2017 - jslaby@suse.cz
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - Delete
  patches.suse/revert-mmc-Delete-bounce-buffer-handling.patch.
 - mmc: sdhci: Avoid swiotlb buffer being full (bnc#1068877).
 - commit acb1236
 -------------------------------------------------------------------
@ -2980,6 +3302,129 @@ Wed Nov 29 20:47:36 CET 2017 - msuchanek@suse.de
  While moving # END COMMON DEPS moved following comment with it.
 - commit 858b7e7
 -------------------------------------------------------------------
 Tue Nov 28 02:01:48 CET 2017 - afaerber@suse.de
 - config: armv7hl: Update to 4.15-rc1
 - commit b4c7f19
 -------------------------------------------------------------------
 Tue Nov 28 01:25:18 CET 2017 - afaerber@suse.de
 - config: armv6hl: Update to 4.15-rc1
 - commit edcdf48
 -------------------------------------------------------------------
 Tue Nov 28 01:19:11 CET 2017 - afaerber@suse.de
 - config: arm64: Update to 4.15-rc1
 - commit 3278861
 -------------------------------------------------------------------
 Mon Nov 27 18:14:28 CET 2017 - jeffm@suse.com
 - Update to 4.15-rc1.
 - Eliminated 74 patches.
 - ARM configs need updating.
 - Config changes:
  - General:
    - CPU_ISOLATION=y
    - GUP_BENCHMARK=n
  - x86:
    - X86_INTEL_UMIP=y
    - PINCTRL_CEDARFORK=m
    - INTEL_SOC_PMIC_CHTDC_TI=m
    - INTEL_WMI_THUNDERBOLT=m
    - DELL_SMBIOS_WMI=m
    - DELL_SMBIOS_SMM=m
    - CHT_DC_TI_PMIC_OPREGION=y
    - RPMSG_CHAR=m
  - i386:
    - IR_SPI=m
    - IR_GPIO_CIR=m
    - IR_GPIO_TX=m
    - IR_PWM_TX=m
  - powerpc:
    - PPC_RADIX_MMU_DEFAULT=y (default)
    - MEM_SOFT_DIRTY=n (needs arch expert review)
    - PINCTRL=n
    - PPC_FAST_ENDIAN_SWITCH=n (default)
  - s390:
    - GCC_PLUGINS=n
    - MEM_SOFT_DIRTY=(needs arch expert review)
    - PINCTRL=n
    - FORTIFY_SOURCE=y
  - s390/zfcpdump:
    - BPF_STREAM_PARSER=n
    - MTD=n
  - Network:
    - NET_SCH_CBS=m
    - VSOCKETS_DIAG=m
    - DP83822_PHY=m
    - RENESAS_PHY=m
    - THUNDERBOLT_NET=m
  - Input:
    - TOUCHSCREEN_EXC3000=m
    - TOUCHSCREEN_HIDEEP=m
    - TOUCHSCREEN_S6SY761=m
    - DRM_I2C_ADV7511_CEC=y
  - Misc:
    - IPMI_PROC_INTERFACE=y
    - GPIO_MAX3191X=m
    - MANAGER_SBS=m
    - W1_SLAVE_DS28E17=m
    - SENSORS_MAX6621=m
    - SENSORS_MAX31785=m
    - CEC_GPIO=m
    - TYPEC_TPS6598X=m
    - RPMSG_VIRTIO=m
    - IIO_CROS_EC_ACCEL_LEGACY=m
    - RFD77402=m
    - NTB_SWITCHTEC=m
    - MMC_SDHCI_OMAP=m
  - Filesystems:
    - XFS_ONLINE_SCRUB=n (still experimental)
    - BTRFS_FS_REF_VERIFY=n
    - CRAMFS_BLOCKDEV=y
    - CRAMFS_MTD=y
    - INTEGRITY_TRUSTED_KEYRING=y
  - Crypto:
    - CRYPTO_SM3=m
    - SIGNED_PE_FILE_VERIFICATION=y
    - SYSTEM_TRUSTED_KEYS (empty)
    - SYSTEM_EXTRA_CERTIFICATE=n
    - SECONDARY_TRUSTED_KEYRING=n
  - LEDS:
    - LEDS_APU=m
    - LEDS_TRIGGER_ACTIVITY=m
  - RTC:
    - RTC_DRV_PCF85363=m
  - Xen:
    - XEN_PVCALLS_FRONTEND=n
  - Graphics:
    - DRM_AMD_DC=y
    - DRM_AMD_DC_PRE_VEGA=y
    - DRM_AMD_DC_FBC=y ?
    - DRM_AMD_DC_DCN1_0=y
    - DEBUG_KERNEL_DC=n
    - NOUVEAU_DEBUG_MMU=n
  - Storage:
    - NVME_MULTIPATH=y
  - IB:
    - MLX4_CORE_GEN2=y
  - Sound:
    - SND_SOC_INTEL_SST_TOPLEVEL=m
    - SND_SOC_INTEL_BAYTRAIL=m
  - Testing:
    - KCOV_ENABLE_COMPARISONS=y (syzkaller)
    - BOOTPARAM_LOCKDEP_CROSSRELEASE_FULLSTACK=n
    - PREEMPTIRQ_EVENTS=y
    - TEST_FIND_BIT=n
    - PKCS7_TEST_KEY=n
    - CHASH_SELFTEST=n
    - CHASH_STATS=n
 - commit bc47c49
 -------------------------------------------------------------------
 Sun Nov 26 19:17:08 CET 2017 - afaerber@suse.de
--- a/kernel-zfcpdump.spec
+++ b/kernel-zfcpdump.spec
@ -17,8 +17,8 @@
 # needssslcertforbuild
-%define srcversion 4.14
+%define srcversion 4.15
-%define patchversion 4.14.15
+%define patchversion 4.15.0
 %define variant %{nil}
 %define vanilla_only 0
@ -58,9 +58,9 @@ Name:           kernel-zfcpdump
 Summary:        The IBM System Z zfcpdump Kernel
 License:        GPL-2.0
 Group:          System/Kernel
-Version:        4.14.15
+Version:        4.15.0
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9a6fca5
+Release:        <RELEASE>.gac01747
 %else
 Release:        0
 %endif
@ -1164,10 +1164,10 @@ Summary:        Metapackage to pull in matching kernel-livepatch package
 Group:          System/Kernel
 Requires:       kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor
 Provides:       multiversion(kernel)
-Provides:	kernel-default-kgraft
+Provides:	kernel-default-kgraft = %version
-Provides:	kernel-xen-kgraft
+Provides:	kernel-xen-kgraft = %version
-Obsoletes:	kernel-default-kgraft < 4.12
+Obsoletes:	kernel-default-kgraft < %version
-Obsoletes:	kernel-xen-kgraft < 4.12
+Obsoletes:	kernel-xen-kgraft < %version
 %description livepatch
 This is a metapackage that pulls in the matching kernel-livepatch package for a
--- a/linux-4.15.tar.xz
+++ b/linux-4.15.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769
 size 102181404
--- a/macros.kernel-source
+++ b/macros.kernel-source
@ -19,7 +19,7 @@
 	    krel=$(make -s -C /usr/src/linux-obj/%_target_cpu/$flavor kernelrelease) \
 	    kver=${krel%%-*} \
 	    flavors_to_build="$flavors_to_build $flavor" \
-	    echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-p} %{-b} %{-c:-c} $flavor $kver" \
+	    echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-f} %{-p} %{-b} %{-c:-c} $flavor $kver" \
 	done \
 	echo "%%global flavors_to_build${flavors_to_build:-%%nil}" \
 	echo "%%{expand:%%(test -z '%flavors_to_build' && echo %%%%internal_kmp_error)}" \
--- a/1
+++ b/1
@ -161,7 +161,6 @@ sub generate_spec($$$)
            "%files -n $PKG_NAME\n" .
            "%endif\n" .
            "%defattr(-,root,root)\n" .
            "%doc COPYING\n" .
            "%ghost /boot/dtb\n" .
            "%dir %{dtbdir}\n" .
            $dtb_subdir .
--- a/patches.kernel.org.tar.bz2
+++ b/patches.kernel.org.tar.bz2
--- a/patches.suse.tar.bz2
+++ b/patches.suse.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:89acf8a114444c0abde36adb32d14310e8fd246f57dcb41a32ece7d4ffaab0d9
+oid sha256:aad87eb3dd9be3ecc73bdc411f1d8474a27561ec02dc6f29bb2af8d8a2b5b070
-size 78932
+size 74296
--- a/series.conf
+++ b/series.conf
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-2018-01-29 09:15:43 +0100
+2018-01-31 08:03:28 +0100
-GIT Revision: 9a6fca576ed483a18c4ef64b85e247fcb33e4c1b
+GIT Revision: ac017470b9f9e7c85b28bb48f40b3116c8fe68c7
 GIT Branch: stable