commit 5b8446bde525083ad6773d6a523380f7780e1a72

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=817

dtb-aarch64.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

dtb-aarch64.spec

@@ -31,7 +31,7 @@
 Name:           dtb-aarch64
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

dtb-armv6l.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

dtb-armv6l.spec

@@ -31,7 +31,7 @@
 Name:           dtb-armv6l
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

dtb-armv7l.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

dtb-armv7l.spec

@@ -31,7 +31,7 @@
 Name:           dtb-armv7l
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-64kb.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-64kb.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-debug.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-debug.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-default.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-default.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-docs.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-docs.spec

@@ -33,7 +33,7 @@ License:        GPL-2.0
 Group:          Documentation/Man
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-lpae.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-lpae.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-obs-build.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-obs-build.spec

@@ -66,7 +66,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-obs-qa.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-obs-qa.spec

@@ -38,7 +38,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-pae.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-pae.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-source.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-source.spec

@@ -32,7 +32,7 @@ License:        GPL-2.0
 Group:          Development/Sources
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-syms.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-syms.spec

@@ -27,7 +27,7 @@ Group:          Development/Sources
 Version:        4.15.1
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-syzkaller.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-syzkaller.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-vanilla.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-vanilla.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

kernel-zfcpdump.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:15:56 CET 2018 - jslaby@suse.cz
+
+- x86/speculation: Add basic IBRS support infrastructure
+  (bsc#1068032 CVE-2017-5753).
+- x86/pti: Do not enable PTI on CPUs which are not vulnerable
+  to Meltdown (bsc#1068032 CVE-2017-5753).
+- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre
+  v2 microcodes (bsc#1068032 CVE-2017-5753).
+- x86/nospec: Fix header guards names (bsc#1068032 CVE-2017-5753).
+- x86/bugs: Drop one "mitigation" from dmesg (bsc#1068032
+  CVE-2017-5753).
+- x86/cpu/bugs: Make retpoline module warning conditional
+  (bsc#1068032 CVE-2017-5753).
+- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+  (bsc#1068032 CVE-2017-5753).
+- x86/retpoline: Simplify vmexit_fill_RSB() (bsc#1068032
+  CVE-2017-5753).
+- x86/speculation: Simplify indirect_branch_prediction_barrier()
+  (bsc#1068032 CVE-2017-5753).
+- module/retpoline: Warn about missing retpoline in module
+  (bsc#1068032 CVE-2017-5753).
+- x86/spectre: Check CONFIG_RETPOLINE in command line parser
+  (bsc#1068032 CVE-2017-5753).
+- x86/speculation: Use Indirect Branch Prediction Barrier in
+  context switch (bsc#1068032 CVE-2017-5753).
+- Refresh
+  patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch.
+- Refresh
+  patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
+- Refresh
+  patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch.
+- Refresh
+  patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch.
+- Refresh
+  patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch.
+- Refresh patches.suse/supported-flag.
+- Delete
+  patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch.
+- Delete
+  patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch.
+- Delete patches.suse/0008-x86-kvm-Add-IBPB-support.patch.
+- Delete
+  patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch.
+- Delete
+  patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch.
+- Delete
+  patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch.
+- Delete
+  patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch.
+- Delete
+  patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch.
+  Update to the patches from 4.16-rc1 and the updated IBRS patches from
+  the dwmw's repo.
+- commit cd20d46
+
+-------------------------------------------------------------------
+Mon Feb  5 10:50:15 CET 2018 - jslaby@suse.cz
+
+- Documentation: Document array_index_nospec (bsc#1068032
+  CVE-2017-5715).
+- array_index_nospec: Sanitize speculative array de-references
+  (bsc#1068032 CVE-2017-5715).
+- x86: Implement array_index_mask_nospec (bsc#1068032
+  CVE-2017-5715).
+- x86: Introduce barrier_nospec (bsc#1068032 CVE-2017-5715).
+- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+  (bsc#1068032 CVE-2017-5715).
+- x86/usercopy: Replace open coded stac/clac with
+  __uaccess_{begin, end} (bsc#1068032 CVE-2017-5715).
+- x86/syscall: Sanitize syscall table de-references under
+  speculation (bsc#1068032 CVE-2017-5715).
+- nl80211: Sanitize array index in parse_txq_params (bsc#1068032
+  CVE-2017-5715).
+- x86/spectre: Report get_user mitigation for spectre_v1
+  (bsc#1068032 CVE-2017-5715).
+- Delete patches.suse/0001-Documentation-document-array_ptr.patch.
+- Delete
+  patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch.
+- Delete patches.suse/0003-x86-implement-array_ptr_mask.patch.
+- Delete
+  patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch.
+- Delete
+  patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch.
+- Delete
+  patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch.
+- Delete
+  patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch.
+  Replace by the patches from 4.16-rc1.
+- commit 8343cab
+
+-------------------------------------------------------------------
+Mon Feb  5 10:43:09 CET 2018 - jslaby@suse.cz
+
+- scsi: aacraid: remove redundant setting of variable c
+  (git-fixes).
+- commit 143e25c
+
 -------------------------------------------------------------------
 Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 
@@ -95,7 +195,101 @@ Sun Feb  4 18:58:19 CET 2018 - jslaby@suse.cz
 - tools/gpio: Fix build error with musl libc (bnc#1012628).
 - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
   (bnc#1012628).
-- commit 622b47a
+- Linux 4.15.1 (bnc#1012628).
+- x86/efi: Clarify that reset attack mitigation needs appropriate
+  userspace (bnc#1012628).
+- Input: synaptics-rmi4 - do not delete interrupt memory too early
+  (bnc#1012628).
+- Input: synaptics-rmi4 - unmask F03 interrupts when port is
+  opened (bnc#1012628).
+- test_firmware: fix missing unlock on error in
+  config_num_requests_store() (bnc#1012628).
+- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+  (bnc#1012628).
+- iio: adc: stm32: fix scan of multiple channels with DMA
+  (bnc#1012628).
+- spi: imx: do not access registers while clocks disabled
+  (bnc#1012628).
+- serial: imx: Only wakeup via RTSDEN bit if the system has
+  RTS/CTS (bnc#1012628).
+- serial: 8250_dw: Revert "Improve clock rate setting"
+  (bnc#1012628).
+- serial: 8250_uniphier: fix error return code in
+  uniphier_uart_probe() (bnc#1012628).
+- serial: 8250_of: fix return code when probe function fails to
+  get reset (bnc#1012628).
+- mei: me: allow runtime pm for platform with D0i3 (bnc#1012628).
+- android: binder: use VM_ALLOC to get vm area (bnc#1012628).
+- ANDROID: binder: remove waitqueue when thread exits
+  (bnc#1012628).
+- usb/gadget: Fix "high bandwidth" check in
+  usb_gadget_ep_match_desc() (bnc#1012628).
+- usb: uas: unconditionally bring back host after reset
+  (bnc#1012628).
+- usb: f_fs: Prevent gadget unbind if it is already unbound
+  (bnc#1012628).
+- USB: serial: simple: add Motorola Tetra driver (bnc#1012628).
+- usbip: list: don't list devices attached to vhci_hcd
+  (bnc#1012628).
+- usbip: prevent bind loops on devices attached to vhci_hcd
+  (bnc#1012628).
+- USB: serial: io_edgeport: fix possible sleep-in-atomic
+  (bnc#1012628).
+- CDC-ACM: apply quirk for card reader (bnc#1012628).
+- USB: cdc-acm: Do not log urb submission errors on disconnect
+  (bnc#1012628).
+- USB: serial: pl2303: new device id for Chilitag (bnc#1012628).
+- usb: option: Add support for FS040U modem (bnc#1012628).
+- tty: fix data race between tty_init_dev and flush of buf
+  (bnc#1012628).
+- staging: ccree: fix fips event irq handling build (bnc#1012628).
+- staging: ccree: NULLify backup_info when unused (bnc#1012628).
+- staging: lustre: separate a connection destroy from free struct
+  kib_conn (bnc#1012628).
+- scsi: storvsc: missing error code in storvsc_probe()
+  (bnc#1012628).
+- scsi: aacraid: Fix hang in kdump (bnc#1012628).
+- scsi: aacraid: Fix udev inquiry race condition (bnc#1012628).
+- ima/policy: fix parsing of fsuuid (bnc#1012628).
+- igb: Free IRQs when device is hotplugged (bnc#1012628).
+- mtd: nand: denali_pci: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
+  (bnc#1012628).
+- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+  (bnc#1012628).
+- power: reset: zx-reboot: add missing
+  MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012628).
+- HID: wacom: Fix reporting of touch toggle
+  (WACOM_HID_WD_MUTE_DEVICE) events (bnc#1012628).
+- HID: wacom: EKR: ensure devres groups at higher indexes are
+  released (bnc#1012628).
+- crypto: af_alg - whitelist mask and type (bnc#1012628).
+- crypto: sha3-generic - fixes for alignment and big endian
+  operation (bnc#1012628).
+- crypto: inside-secure - avoid unmapping DMA memory that was
+  not mapped (bnc#1012628).
+- crypto: inside-secure - fix hash when length is a multiple of
+  a block (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+  generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - Fix out-of-bounds access of the data buffer
+  in generic-gcm-aesni (bnc#1012628).
+- crypto: aesni - add wrapper for generic gcm(aes) (bnc#1012628).
+- crypto: aesni - fix typo in generic_gcmaes_decrypt
+  (bnc#1012628).
+- crypto: aesni - handle zero length dst buffer (bnc#1012628).
+- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+  (bnc#1012628).
+- ALSA: hda - Reduce the suspend time consumption for ALC256
+  (bnc#1012628).
+- gpio: Fix kernel stack leak to userspace (bnc#1012628).
+- gpio: stmpe: i2c transfer are forbiden in atomic context
+  (bnc#1012628).
+- tools/gpio: Fix build error with musl libc (bnc#1012628).
+- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
+  (bnc#1012628).
+- commit 671bf29
 
 -------------------------------------------------------------------
 Thu Feb  1 19:51:30 CET 2018 - matwey.kornilov@gmail.com

kernel-zfcpdump.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.1
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g9df97e2
+Release:        <RELEASE>.g5b8446b
 %else
 Release:        0
 %endif

patches.suse.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:08ae71b54f7d1732048a64b19bfaf9a3809211d220492f31f8cc4c72d8475a4d
+oid sha256:64bfb8fc6caf53e2b70247559483b98a9cbe73285ab455a455df70c135b982e6
-size 107895
+size 111773

series.conf

@@ -108,6 +108,10 @@
 	########################################################
 	# kbuild/module infrastructure fixes
 	########################################################
+
+	# putting it here, as patches.suse/supported-flag is on the top of that
+	patches.suse/module-retpoline-Warn-about-missing-retpoline-in-mod.patch
+
 	patches.suse/rpm-kernel-config
 	patches.suse/supported-flag
 	patches.suse/supported-flag-underscores
@@ -129,36 +133,42 @@
 	########################################################
 	patches.suse/setuid-dumpable-wrongdir
 
-	patches.suse/0001-Documentation-document-array_ptr.patch
+	patches.suse/0001-Documentation-Document-array_index_nospec.patch
-	patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch
+	patches.suse/0002-array_index_nospec-Sanitize-speculative-array-de-ref.patch
-	patches.suse/0003-x86-implement-array_ptr_mask.patch
+	patches.suse/0003-x86-Implement-array_index_mask_nospec.patch
-	patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch
+	patches.suse/0004-x86-Introduce-barrier_nospec.patch
-	patches.suse/0005-x86-__get_user-use-__uaccess_begin_nospec.patch
+	patches.suse/0005-x86-Introduce-__uaccess_begin_nospec-and-uaccess_try.patch
-	patches.suse/0006-x86-get_user-use-pointer-masking-to-limit-speculatio.patch
+	patches.suse/0006-x86-usercopy-Replace-open-coded-stac-clac-with-__uac.patch
-	patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch
+	patches.suse/0007-x86-uaccess-Use-__uaccess_begin_nospec-and-uaccess_t.patch
-	patches.suse/0008-vfs-fdtable-prevent-bounds-check-bypass-via-speculat.patch
+	patches.suse/0008-x86-get_user-Use-pointer-masking-to-limit-speculatio.patch
-	patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch
+	patches.suse/0009-x86-syscall-Sanitize-syscall-table-de-references-und.patch
-	patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch
+	patches.suse/0010-vfs-fdtable-Prevent-bounds-check-bypass-via-speculat.patch
+	patches.suse/0011-nl80211-Sanitize-array-index-in-parse_txq_params.patch
+	patches.suse/0012-x86-spectre-Report-get_user-mitigation-for-spectre_v.patch
 
 	patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch
 	patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch
 	patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch
 	patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch
-	patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch
+	patches.suse/0005-x86-pti-Do-not-enable-PTI-on-CPUs-which-are-not-vuln.patch
-	patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch
+	patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-PRED_CMD-on-early.patch
 	patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch
-	patches.suse/0008-x86-kvm-Add-IBPB-support.patch
+	patches.suse/0009-x86-nospec-Fix-header-guards-names.patch
-	patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch
+	patches.suse/0010-x86-bugs-Drop-one-mitigation-from-dmesg.patch
-	patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch
+	patches.suse/0011-x86-cpu-bugs-Make-retpoline-module-warning-condition.patch
-	patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch
+	patches.suse/0012-x86-cpufeatures-Clean-up-Spectre-v2-related-CPUID-fl.patch
-	patches.suse/0012-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch
+	patches.suse/0013-x86-retpoline-Simplify-vmexit_fill_RSB.patch
-	patches.suse/0013-x86-Simplify-spectre_v2-command-line-parsing.patch
+	patches.suse/0014-x86-speculation-Simplify-indirect_branch_prediction_.patch
-	patches.suse/0014-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch
+
-	patches.suse/0015-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch
+	patches.suse/x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch
-	patches.suse/0016-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch
+	patches.suse/x86-spectre-Check-CONFIG_RETPOLINE-in-command-line-p.patch
-	patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch
+	patches.suse/x86-spectre-Simplify-spectre_v2-command-line-parsing.patch
-	patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I-fix.patch
+
-	patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch
+	patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch
+	patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch
+	patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch
+	patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch
+	patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch
 
 	########################################################
 	# Architecture-specific patches. These used to be all
@@ -410,6 +420,8 @@
 
 	patches.suse/megaraid-mbox-fix-SG_IO
 
+	patches.suse/scsi-aacraid-remove-redundant-setting-of-variable-c.patch
+
 	########################################################
 	# DRM/Video
 	########################################################

source-timestamp

@@ -1,3 +1,3 @@
-2018-02-04 20:20:08 +0100
+2018-02-07 10:20:22 +0100
-GIT Revision: 9df97e2cc9de99f99fbca51698b158ef5853f08d
+GIT Revision: 5b8446bde525083ad6773d6a523380f7780e1a72
 GIT Branch: stable