commit 012b5f1af172a10743adafae5d717ccd5d7a2ac4

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=1052
2019-04-13 08:07:00 +00:00 · 2019-04-13 08:07:00 +00:00 · 83138b8a98
commit 83138b8a98
parent 074776b040
35 changed files with 296 additions and 48 deletions
--- a/dtb-aarch64.changes
+++ b/dtb-aarch64.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/dtb-aarch64.spec
+++ b/dtb-aarch64.spec
@ -31,7 +31,7 @@
 Name:           dtb-aarch64
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
--- a/dtb-armv6l.changes
+++ b/dtb-armv6l.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/dtb-armv6l.spec
+++ b/dtb-armv6l.spec
@ -31,7 +31,7 @@
 Name:           dtb-armv6l
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
--- a/dtb-armv7l.changes
+++ b/dtb-armv7l.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/dtb-armv7l.spec
+++ b/dtb-armv7l.spec
@ -31,7 +31,7 @@
 Name:           dtb-armv7l
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
--- a/kernel-64kb.changes
+++ b/kernel-64kb.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-64kb.spec
+++ b/kernel-64kb.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source2:        source-post.sh
--- a/kernel-debug.changes
+++ b/kernel-debug.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-debug.spec
+++ b/kernel-debug.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %ifarch ppc64
 Provides:       kernel-kdump = 2.6.28
 Obsoletes:      kernel-kdump <= 2.6.28
--- a/kernel-default.changes
+++ b/kernel-default.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-default.spec
+++ b/kernel-default.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %ifarch %ix86
 Provides:       kernel-smp = 2.6.17
 Obsoletes:      kernel-smp <= 2.6.17
--- a/kernel-docs.changes
+++ b/kernel-docs.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-docs.spec
+++ b/kernel-docs.spec
@ -33,7 +33,7 @@ License:        GPL-2.0
 Group:          Documentation/Man
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -63,7 +63,7 @@ BuildRequires:  texlive-zapfding
 %endif
 Url:            http://www.kernel.org/
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
--- a/kernel-kvmsmall.changes
+++ b/kernel-kvmsmall.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-kvmsmall.spec
+++ b/kernel-kvmsmall.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source2:        source-post.sh
--- a/kernel-lpae.changes
+++ b/kernel-lpae.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-lpae.spec
+++ b/kernel-lpae.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source2:        source-post.sh
--- a/kernel-obs-build.changes
+++ b/kernel-obs-build.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-obs-build.spec
+++ b/kernel-obs-build.spec
@ -45,7 +45,7 @@ BuildRequires:  util-linux
 %endif
 %endif
 %endif
-BuildRequires:  kernel%kernel_flavor-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+BuildRequires:  kernel%kernel_flavor-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4

 %if 0%{?rhel_version}
 BuildRequires:  kernel
@ -66,7 +66,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
--- a/kernel-obs-qa.changes
+++ b/kernel-obs-qa.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-obs-qa.spec
+++ b/kernel-obs-qa.spec
@ -38,7 +38,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
--- a/kernel-pae.changes
+++ b/kernel-pae.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-pae.spec
+++ b/kernel-pae.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %ifarch %ix86
 Provides:       kernel-bigsmp = 2.6.17
 Obsoletes:      kernel-bigsmp <= 2.6.17
--- a/kernel-source.changes
+++ b/kernel-source.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-source.spec
+++ b/kernel-source.spec
@ -32,7 +32,7 @@ License:        GPL-2.0
 Group:          Development/Sources
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -43,7 +43,7 @@ BuildRequires:  fdupes
 BuildRequires:  sed
 Requires(post): coreutils sed
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 Provides:       linux
 Provides:       multiversion(kernel)
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
--- a/kernel-syms.changes
+++ b/kernel-syms.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-syms.spec
+++ b/kernel-syms.spec
@ -27,7 +27,7 @@ Group:          Development/Sources
 Version:        5.0.7
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -55,7 +55,7 @@ Requires:       kernel-zfcpdump-devel = %version-%source_rel
 %endif
 Requires:       pesign-obs-integration
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 Provides:       multiversion(kernel)
 Source:         README.KSYMS
 Requires:       kernel-devel%variant = %version-%source_rel
--- a/kernel-vanilla.changes
+++ b/kernel-vanilla.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-vanilla.spec
+++ b/kernel-vanilla.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source2:        source-post.sh
--- a/kernel-zfcpdump.changes
+++ b/kernel-zfcpdump.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Apr 12 15:02:34 CEST 2019 - jroedel@suse.de
+
+- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
+- commit 012b5f1
+
+-------------------------------------------------------------------
+Fri Apr 12 14:16:06 CEST 2019 - jroedel@suse.de
+
+- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
+  bsc#1131800).
+- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
+  (CVE-2019-3887 bsc#1131800).
+- commit d597027
+
 -------------------------------------------------------------------
 Thu Apr 11 17:09:53 CEST 2019 - msuchanek@suse.de

--- a/kernel-zfcpdump.spec
+++ b/kernel-zfcpdump.spec
@ -64,7 +64,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        5.0.7
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g557a269
+Release:        <RELEASE>.g012b5f1
 %else
 Release:        0
 %endif
@ -169,10 +169,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
-Provides:       kernel-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       kernel-%build_flavor-base-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
+Provides:       kernel-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 # END COMMON DEPS
-Provides:       %name-srchash-557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+Provides:       %name-srchash-012b5f1af172a10743adafae5d717ccd5d7a2ac4
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source2:        source-post.sh
--- a/patches.kernel.org.tar.bz2
+++ b/patches.kernel.org.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:884c1f0c1e6bc5a4782c1f1d9c86c7ee6bbe845bfaba33be6cf70db3b5420e6e
-size 645871
+oid sha256:583792d2b6cc253677d87ff7eb36bb15631a430d95382d5447112c2c86a2578d
+size 648414
--- a/series.conf
+++ b/series.conf
@ -1236,6 +1236,13 @@
 	# KVM patches
 	########################################################

+	# bsc#1131800 CVE-2019-3887
+	patches.kernel.org/0001-kvm-x86-nvmx-close-leak-of-l0-s-x2apic-msrs-cve-2019-3887
+	patches.kernel.org/0002-kvm-x86-nvmx-fix-x2apic-vtpr-read-intercept
+
+	# bsc#1131427 CVE-2019-3882
+	patches.kernel.org/vfio-type1-limit-dma-mappings-per-container
+
 	########################################################
 	# documentation
 	########################################################
@ -1249,3 +1256,4 @@
 	# You'd better have a good reason for adding a patch
 	# below here.
 	########################################################
+
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-2019-04-11 18:03:03 +0000
-GIT Revision: 557a269c6b07e7786fccd5a2e2b7edb46d2024b0
+2019-04-12 13:02:34 +0000
+GIT Revision: 012b5f1af172a10743adafae5d717ccd5d7a2ac4
 GIT Branch: stable