Unbreakable Enterprise kernel security , bug fix and enhancement update

ID ELSA-2015-3064
Type oraclelinux
Reporter Oracle
Modified 2015-07-30T00:00:00


kernel-uek [3.8.13-98] - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502729] {CVE-2015-0239} {CVE-2015-0239} - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502159] {CVE-2015-3339}

[3.8.13-97] - add ql2400, ql2500 firmware versions to prerequisites (Dan Duval) [Orabug: 21474929] - correct QLogic firmware dependencies in the spec file (Dan Duval) [Orabug: 21474929]

[3.8.13-96] - xen-blkfront: don't add indirect page to list when !feature_persistent (Bob Liu) [Orabug: 21459266]

[3.8.13-95] - add firmware dependencies to spec files (Dan Duval) [Orabug: 21417522]

[3.8.13-94] - ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444784] {CVE-2015-2922} - ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444685] {CVE-2015-3636}

[3.8.13-93] - config: sync up config files to make build clean (Guangyu Sun) [Orabug: 21425838] - acpi: fix typo in drivers/acpi/osl.c (Guangyu Sun) [Orabug: 21418329]

[3.8.13-92] - Revert 'i40e: Add support for getlink, setlink ndo ops' (Brian Maly) [Orabug: 21314906] - x86: Do not try to sync identity map for non-mapped pages (Dave Hansen) [Orabug: 21326516]

[3.8.13-91] - rds: re-entry of rds_ib_xmit/rds_iw_xmit (Wengang Wang) [Orabug: 21324074] - drm/mgag200: Reject non-character-cell-aligned mode widths (Adam Jackson) [Orabug: 20868823] - drm/mgag200: fix typo causing bw limits to be ignored on some chips (Dave Airlie) [Orabug: 20868823] - drm/mgag200: remove unused driver_private access (David Herrmann) [Orabug: 20868823] - drm/mgag200: Invalidate page tables when pinning a BO (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Fix LUT programming for 16bpp (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Fix framebuffer pitch calculation (Takashi Iwai) [Orabug: 20868823] - drm/mgag200: Add sysfs support for connectors (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Add an crtc_disable callback to the crtc helper funcs (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Fix logic in mgag200_bo_pin() (v2) (Egbert Eich) [Orabug: 20868823] - drm/mgag200: inline reservations (Maarten Lankhorst) [Orabug: 20868823] - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (Maarten Lankhorst) [Orabug: 20868823] - drm/mgag200: Added resolution and bandwidth limits for various G200e products. (Julia Lemire) [Orabug: 20868823] - drm/mgag200: Reject modes that are too big for VRAM (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Don't do full cleanup if mgag200_device_init fails (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Hardware cursor support (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Add missing write to index before accessing data register (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Fix framebuffer base address programming (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Convert counter delays to jiffies (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Fix writes into MGA1064_PIX_CLK_CTL register (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Don't change unrelated registers during modeset (Christopher Harvey) [Orabug: 20868823] - Revert 'lpfc: Fix for lun discovery issue with 8Gig adapter.' (Guru Anbalagane) [Orabug: 21304962]

[3.8.13-90] - x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308309] {CVE-2015-2830} - Update patched for lpfc from to for UEK R3 U6 release. (Dick Kennedy)
- lpfc: Change buffer pool empty message to miscellaneous category (Dick Kennedy)
- lpfc: Fix incorrect log message reported for empty FCF record. (Dick Kennedy)
- lpfc: Fix rport leak. (Dick Kennedy)
- lpfc: Correct loss of RSCNs during array takeaway/giveback testing. (Dick Kennedy)
- lpfc: Fix crash in vport_delete. (Dick Kennedy)
- lpfc: Fix to remove IRQF_SHARED flag for MSI/MSI-X vectors. (Dick Kennedy)
- lpfc: Fix discovery issue when changing from Pt2Pt to Fabric. (Dick Kennedy)
- lpfc: Correct reporting of vport state on fdisc command failure. (Dick Kennedy)
- lpfc: Add support for RDP ELS command. (Dick Kennedy)
- lpfc: Fix ABORTs WQ selection in terminate_rport_io (Dick Kennedy)
- lpfc: Correct reference counting of rport (Dick Kennedy)
- lpfc: Add support for ELS LCB. (Dick Kennedy)
- lpfc: Correct loss of target discovery after cable swap. (Dick Kennedy)
- dtrace: sigaltstack is no longer a stub syscall (Kris Van Hees) [Orabug: 21304183] - hpsa: add in new offline mode (Don Brace) [Orabug: 21289871] - hpsa: add in new controllers (Don Brace) [Orabug: 21289871] - hpsa: hpsa decode sense data for io and tmf (Don Brace) [Orabug: 21289871] - hpsa: enable bus mastering during init (Don Brace) [Orabug: 21289871] - hpsa: enhance kdump (Don Brace) [Orabug: 21289871] - hpsa: enhance error checking. (Don Brace) [Orabug: 21289871] - hpsa: enhance driver output (Don Brace) [Orabug: 21289871] - hpsa: update pci device table (Don Brace) [Orabug: 21289871] - vmw_pvscsi: Fix pvscsi_abort() function. (Arvind Kumar) [Orabug: 21266080] - qla2xxx: Update driver version to (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Restore physical port WWPN only, when port down detected for FA-WWPN port. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Fix virtual port configuration, when switch port is disabled/enabled. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Prevent multiple firmware dump collection for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Disable Interrupt handshake for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add debugging info for MBX timeout. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add serdes read/write support for ISP27XX (Andrew Vasquez) [Orabug: 21241070] - qla2xxx: Add udev notification to save fw dump for ISP27XX (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add message for sucessful FW dump collected for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add support to load firmware from file for ISP 26XX/27XX. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Fix beacon blink for ISP27XX. (Nigel Kirkland) [Orabug: 21241070] - qla2xxx: Increase the wait time for firmware to be ready for P3P. (Chad Dupuis) [Orabug: 21241070] - qla2xxx: Fix printks in ql_log message (Yannick Guerrini) [Orabug: 21241070] - qla2xxx: Fix printk in qla25xx_setup_mode (Yannick Guerrini) [Orabug: 21241070] - bnx2i: update to (Vaughan Cao) [Orabug: 21241055] - bnx2fc: update to 2.9.3 (Vaughan Cao) [Orabug: 21241055] - bnx2x: update to 1.712.33 (Vaughan Cao) [Orabug: 21241055] - cnic: update to 2.5.20h (Vaughan Cao) [Orabug: 21241055] - bnx2: update to 2.2.5o (Vaughan Cao) [Orabug: 21241055] - md: use SRCU to improve performance (Mikulas Patocka) [Orabug: 18231164] - kvm: raise KVM_SOFT_MAX_VCPUS to support more vcpus (Dan Duval) [Orabug: 21144488] - vsock: Make transport the proto owner (Andy King) [Orabug: 21266075] - VSOCK: Move af_vsock.h and vsock_addr.h to include/net (Asias He) [Orabug: 21266075]

[3.8.13-89] - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (Bob Liu)
- xen/block: add multi-page ring support (Bob Liu)
- driver: xen-blkfront: move talk_to_blkback to a more suitable place (Bob Liu)
- drivers: xen-blkback: delay pending_req allocation to connect_ring (Bob Liu)
- xen/grant: introduce func gnttab_unmap_refs_sync() (Bob Liu)
- xen/blkback: safely unmap purge persistent grants (Bob Liu)
- xenbus_client: Extend interface to support multi-page ring (Wei Liu)
- be2net: update the driver version to (Sathya Perla) [Orabug: 21275400] - be2net: update copyright year to 2015 (Vasundhara Volam) [Orabug: 21275400] - be2net: use be_virtfn() instead of !be_physfn() (Kalesh AP) [Orabug: 21275400] - be2net: simplify UFI compatibility checking (Vasundhara Volam) [Orabug: 21275400] - be2net: post full RXQ on interface enable (Suresh Reddy) [Orabug: 21275400] - be2net: check for INSUFFICIENT_VLANS error (Kalesh AP) [Orabug: 21275400] - be2net: receive pkts with L3, L4 errors on VFs (Somnath Kotur) [Orabug: 21275400] - be2net: log link status (Ivan Vecera) [Orabug: 21275400] - be2net: Fix a bug in Rx buffer posting (Ajit Khaparde) [Orabug: 21275400] - be2net: bump up the driver version to (Sathya Perla) [Orabug: 21275400] - be2net: use PCI MMIO read instead of config read for errors (Suresh Reddy) [Orabug: 21275400] - be2net: restrict MODIFY_EQ_DELAY cmd to a max of 8 EQs (Suresh Reddy) [Orabug: 21275400] - be2net: Prevent VFs from enabling VLAN promiscuous mode (Vasundhara Volam) [Orabug: 21275400] - ethernet: codespell comment spelling fixes (Joe Perches) [Orabug: 21275400] - be2net: avoid creating the non-RSS default RXQ if FW allows to (Vasundhara Volam) [Orabug: 21275400] - be2net: use a wrapper to schedule and cancel error detection task (Sathya Perla) [Orabug: 21275400] - be2net: shorten AMAP_GET/SET_BITS() macro calls (Sathya Perla) [Orabug: 21275400] - be2net: MODULE_DEVICE_TABLE: fix some callsites (Andrew Morton) [Orabug: 21275400] - be2net: avoid unncessary swapping of fields in eth_tx_wrb (Sathya Perla) [Orabug: 21275400] - be2net: process port misconfig async event (Vasundhara Volam) [Orabug: 21275400] - be2net: refactor be_set_rx_mode() and be_vid_config() for readability (Sathya Perla) [Orabug: 21275400] - be2net: remove duplicate code in be_cmd_rx_filter() (Sathya Perla) [Orabug: 21275400] - be2net: use offset based FW flashing for Skyhawk chip (Vasundhara Volam) [Orabug: 21275400] - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (Vasundhara Volam) [Orabug: 21275400] - be2net: refactor code that checks flash file compatibility (Vasundhara Volam) [Orabug: 21275400] - be2net: replace (1 << x) with BIT(x) (Vasundhara Volam) [Orabug: 21275400] - be2net: move un-exported routines from be.h to respective src files (Sathya Perla) [Orabug: 21275400] - bridge: add flags argument to ndo_bridge_setlink and ndo_bridge_dellink (Roopa Prabhu) [Orabug: 21275400] - be2net: move definitions related to FW cmdsfrom be_hw.h to be_cmds.h (Vasundhara Volam) [Orabug: 21275400] - be2net: issue function reset cmd in resume path (Kalesh AP) [Orabug: 21275400] - be2net: add a log message for POST timeout in Lancer (Kalesh AP) [Orabug: 21275400] - be2net: fix failure case in setting flow control (Kalesh AP) [Orabug: 21275400] - be2net: move interface create code to a separate routine (Kalesh AP) [Orabug: 21275400] - VMCI: Guard against overflow in queue pair allocation (Jorgen Hansen) [Orabug: 21266077] - VMCI: Check userland-provided datagram size (Andy King) [Orabug: 21266077] - VMCI: Fix two UVA mapping bugs (Jorgen Hansen) [Orabug: 21266077] - VMCI: integer overflow in vmci_datagram_dispatch() (Dan Carpenter) [Orabug: 21266077] - VMCI: fix error handling path when registering guest driver (Dmitry Torokhov) [Orabug: 21266077] - VMCI: Add support for virtual IOMMU (Andy King) [Orabug: 21266077] - VMCI: Remove non-blocking/pinned queuepair support (Andy King) [Orabug: 21266077]

[3.8.13-88] - Oracle Linux Kernel Module Signing Key (Alexey Petrenko) [Orabug: 21249387] - extrakeys.pub is not needed for the build (Alexey Petrenko) [Orabug: 21249387] - Fix kabi break due to find_special_page was introduced (Bob Liu) [Orabug: 21250018] - xen/gntdev: provide find_special_page VMA operation (David Vrabel) [Orabug: 21250018] - xen/gntdev: mark userspace PTEs as special on x86 PV guests (David Vrabel) [Orabug: 21250018] - xen-blkback: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] - xen/gntdev: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] - xen/gntdev: convert priv->lock to a mutex (David Vrabel) [Orabug: 21250018] - xen/grant-table: add a mechanism to safely unmap pages that are in use (Jennifer Herbert) [Orabug: 21250018] - xen-netback: use foreign page information from the pages themselves (Jennifer Herbert) [Orabug: 21250018] - xen: mark grant mapped pages as foreign (Jennifer Herbert) [Orabug: 21250018] - xen/grant-table: add helpers for allocating pages (David Vrabel) [Orabug: 21250018] - x86/xen: require ballooned pages for grant maps (Jennifer Herbert) [Orabug: 21250018] - xen: remove scratch frames for ballooned pages and m2p override (David Vrabel) [Orabug: 21250018] - xen/grant-table: pre-populate kernel unmap ops for xen_gnttab_unmap_refs() (David Vrabel) [Orabug: 21250018] - mm: add 'foreign' alias for the 'pinned' page flag (Jennifer Herbert) [Orabug: 21250018] - mm: provide a find_special_page vma operation (David Vrabel) [Orabug: 21250018] - NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (Tariq Saeed) [Orabug: 20933419] - swiotlb: don't assume PA 0 is invalid (Jan Beulich) [Orabug: 21249144]

[3.8.13-87] - qla4xxx: Update driver version to v5. (Nilesh Javali) [Orabug: 21241091] - qla4xxx: check the return value of dma_alloc_coherent() (Maurizio Lombardi) [Orabug: 21241091] - scsi: qla4xxx: ql4_mbx.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] - scsi: qla4xxx: ql4_os.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] - qla4xxx: fix get_host_stats error propagation (Mike Christie) [Orabug: 21241091] - scsi_ibft: Fix finding Broadcom specific ibft sign (Vikas Chaudhary) [Orabug: 21241091] - dtrace: convert from sdt_instr_t to asm_instr_t (Kris Van Hees) [Orabug: 21267945] - dtrace: percpu: move from __get_cpu_var() to this_cpu_ptr() (Kris Van Hees) [Orabug: 21265599] - dtrace: do not vmalloc/vfree from probe context (Kris Van Hees) [Orabug: 21267934] - dtrace: restructuring for multi-arch support (Kris Van Hees) [Orabug: 21267922] - kallsyms: fix /proc/kallmodsyms to not be misled by const variables (Nick Alcock) [Orabug: 21257170] - storvsc: force discovery of LUNs that may have been removed. (K. Y. Srinivasan) [Orabug: 20768211] - storvsc: in responce to a scan event, scan the host (K. Y. Srinivasan) [Orabug: 20768211] - builds: configs: Enable mgs driver for OL7 (Santosh Shilimkar) [Orabug: 20505584] - aacraid: driver version change (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: AIF raw device remove support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: performance improvement changes (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: IOCTL fix (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: IOP RESET command handling changes (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: 240 simple volume support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: vpd page code 0x83 support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: MSI-x support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: 4KB sector support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: IOCTL pass-through command fix (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: AIF support for SES device add/remove (Mahesh Rajashekhara) [Orabug: 21208741] - scsi: use 64-bit LUNs (Hannes Reinecke) [Orabug: 21208741] - remove deprecated IRQF_DISABLED from SCSI (Michael Opdenacker) [Orabug: 21208741] - aacraid: kdump fix (Mahesh Rajashekhara) [Orabug: 21208741] - drivers: avoid parsing names as kthread_run() format strings (Kees Cook) [Orabug: 21208741] - aacraid: Fix for arrays are going offline in the system. System hangs (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: Dual firmware image support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: suppress two GCC warnings (Paul Bolle) [Orabug: 21208741] - aacraid: 1024 max outstanding command support for Series 7 and above (Mahesh Rajashekhara) [Orabug: 21208741]

[3.8.13-86] - kallsyms: fix /proc/kallmodsyms to not be misled by external symbols (Nick Alcock) [Orabug: 21245508] - wait: change waitfd() to use wait4(), not waitid(); reduce invasiveness (Nick Alcock) [Orabug: 21245391] - ixgbevf: upgrade to version 2.16.1 (Brian Maly) [Orabug: 21104474] - ipv6: don't call addrconf_dst_alloc again when enable lo (Gao feng) [Orabug: 21088702] - efi/xen: Pass missing argument to EFI runtime Xen hypercall (Daniel Kiper) [Orabug: 21247143]

[3.8.13-85] - fanotify: fix notification of groups with inode & mount marks (Jan Kara) [Orabug: 21168905] - NVMe: Fix VPD B0 max sectors translation (Keith Busch) [Orabug: 21117187] - NVMe: Add translation for block limits (Keith Busch) [Orabug: 21117187] - nvme: Fix PRP list calculation for non-4k system page size (Murali Iyer) [Orabug: 21117187] - NVMe: Fix potential corruption on sync commands (Keith Busch) [Orabug: 21117187] - NVMe: Fix potential corruption during shutdown (Keith Busch) [Orabug: 21117187] - NVMe: Initialize device list head before starting (Keith Busch) [Orabug: 21117187] - NVMe: Asynchronous controller probe (Keith Busch) [Orabug: 21117187] - NVMe: Register management handle under nvme class (Keith Busch) [Orabug: 21117187] - NVMe: Update SCSI Inquiry VPD 83h translation (Keith Busch) [Orabug: 21117187] - NVMe: Update data structures for NVMe 1.2 (Matthew Wilcox) [Orabug: 21117187] - NVMe: Update namespace and controller identify structures to the 1.1a spec (Dimitri John Ledkov) [Orabug: 21117187] - NVMe: Update module version (Keith Busch) [Orabug: 21117187] - fnic: Override the limitation on number of scsi timeouts (Narsimhulu Musini) [Orabug: 21084835] - fnic: IOMMU Fault occurs when IO and abort IO is out of order (Anil Chintalapati (achintal)) [Orabug: 21084835] - Fnic: Fnic Driver crashed with NULL pointer reference (Hiral Shah) [Orabug: 21084835] - Fnic: For Standalone C series, 'sending VLAN request' message seen even if the link is down (Hiral Shah) [Orabug: 21084835] - Fnic: Improper resue of exchange Ids (Hiral Shah) [Orabug: 21084835] - Fnic: Memcopy only mimumum of data or trace buffer (Hiral Shah) [Orabug: 21084835] - Fnic: Not probing all the vNICS via fnic_probe on boot (Hiral Shah) [Orabug: 21084835] - fnic: assign FIP_ALL_FCF_MACS to fcoe_all_fcfs (Hiral Shah) [Orabug: 21084835] - uek-rpm: ol6: update build environment to 6.6 (Guangyu Sun)

[3.8.13-84] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226722] {CVE-2014-9585}

[3.8.13-83] - snic: fix format string overflow (Brian Maly) [Orabug: 21091759] - scsi: add snic driver to makefile (Brian Maly) [Orabug: 21091759] - snic: enable snic in kernel configs (Brian Maly) [Orabug: 21091759] - snic: minor checkpatch fixes (Narsimhulu Musini) [Orabug: 21091759] - snic: Add Makefile, patch Kconfig, MAINTAINERS (Narsimhulu Musini) [Orabug: 21091759] - snic: Add event tracing to capture IO events. (Narsimhulu Musini) [Orabug: 21091759] - snic: Add sysfs entries to list stats and trace data (Narsimhulu Musini) [Orabug: 21091759] - snic: Add low level queuing interfaces (Narsimhulu Musini) [Orabug: 21091759] - snic: add SCSI handling, AEN, and fwreset handling (Narsimhulu Musini) [Orabug: 21091759] - snic: Add snic target discovery (Narsimhulu Musini) [Orabug: 21091759] - snic: Add meta request, handling of meta requests. (Narsimhulu Musini) [Orabug: 21091759] - snic: Add interrupt, resource firmware interfaces (Narsimhulu Musini) [Orabug: 21091759] - snic: snic module infrastructure (Narsimhulu Musini) [Orabug: 21091759] - xen/mmu: Move the setting of pvops.write_cr3 to later phase in bootup. (Konrad Rzeszutek Wilk) [Orabug: 21197204] - x86-64, xen, mmu: Provide an early version of write_cr3. (Konrad Rzeszutek Wilk) [Orabug: 21197204] - uek-rpm: build: Use SHA512 instead of SHA256 for module signing (Natalya Naumova) [Orabug: 20687425] - config: ol6: make CONFIG_SERIAL_8250_NR_UARTS 64 (Guangyu Sun) [Orabug: 21141039] - config: enable CONFIG_INTEL_TXT (Guangyu Sun) [Orabug: 21176777] - export host-only net/core and net/ipv4 parameters to a container as read-only (Thomas Tanaka) [Orabug: 21151210] - Revert 'i40e: Add FW check to disable DCB and wrap autoneg workaround with FW check' (Brian Maly) [Orabug: 21103806] - xen-netfront: print correct number of queues (David Vrabel) [Orabug: 21150627] - xen-netfront: release per-queue Tx and Rx resource when disconnecting (David Vrabel) [Orabug: 21150627] - xen-netfront: fix locking in connect error path (David Vrabel) [Orabug: 21150627] - xen-netfront: call netif_carrier_off() only once when disconnecting (David Vrabel) [Orabug: 21150627] - xen-netfront: don't nest queue locks in xennet_connect() (David Vrabel) [Orabug: 21150627] - xen-net{back, front}: Document multi-queue feature in netif.h (Andrew J. Bennieston) [Orabug: 21150627] - xen-netfront: recreate queues correctly when reconnecting (David Vrabel) [Orabug: 21150627] - xen-netfront: fix oops when disconnected from backend (David Vrabel) [Orabug: 21150627] - xen-netfront: initialise queue name in xennet_init_queue (Wei Liu) [Orabug: 21150627] - xen-netfront: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] - xen-netfront: Factor queue-specific data into queue struct. (Andrew J. Bennieston) [Orabug: 21150627] - xen-netback: bookkeep number of active queues in our own module (Wei Liu) [Orabug: 21150627] - net: xen-netback: include linux/vmalloc.h again (Arnd Bergmann) [Orabug: 21150627] - xen-netback: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] - xen-netback: Factor queue-specific data into queue struct (Wei Liu) [Orabug: 21150627] - xen-netback: Move grant_copy_op array back into struct xenvif. (Andrew J. Bennieston) [Orabug: 21150627] - ixgbe: Look up MAC address in Open Firmware or IDPROM (Martin K Petersen) [Orabug: 20983421] - ixgbe: update to ver 4.0.3 (Ethan Zhao) [Orabug: 20983421]

[3.8.13-82] - config: enable some secure boot features for ol7 (Guangyu Sun) [Orabug: 18961720] - efi: Disable secure boot if shim is in insecure mode (Josh Boyer) [Orabug: 18961720] - hibernate: Disable in a signed modules environment (Josh Boyer) [Orabug: 18961720] - efi: Add EFI_SECURE_BOOT bit (Josh Boyer) [Orabug: 18961720] - Add option to automatically set securelevel when in Secure Boot mode (Matthew Garrett) [Orabug: 18961720] - asus-wmi: Restrict debugfs interface when securelevel is set (Matthew Garrett) [Orabug: 18961720] - x86: Restrict MSR access when securelevel is set (Matthew Garrett) [Orabug: 18961720] - uswsusp: Disable when securelevel is set (Matthew Garrett) [Orabug: 18961720] - kexec: Disable at runtime if securelevel has been set. (Matthew Garrett) [Orabug: 18961720] - acpi: Ignore acpi_rsdp kernel parameter when securelevel is set (Matthew Garrett) [Orabug: 18961720] - acpi: Limit access to custom_method if securelevel is set (Matthew Garrett) [Orabug: 18961720] - Restrict /dev/mem and /dev/kmem when securelevel is set. (Matthew Garrett) [Orabug: 18961720] - x86: Lock down IO port access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] - PCI: Lock down BAR access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] - Enforce module signatures when securelevel is greater than 0 (Matthew Garrett) [Orabug: 18961720] - Add BSD-style securelevel support (Matthew Garrett) [Orabug: 18961720] - MODSIGN: Support not importing certs from db (Josh Boyer) [Orabug: 18961720] - MODSIGN: Import certificates from UEFI Secure Boot (Josh Boyer) [Orabug: 18961720] - MODSIGN: Add module certificate blacklist keyring (Josh Boyer) [Orabug: 18961720] - Add an EFI signature blob parser and key loader. (Dave Howells) [Orabug: 18961720] - Add EFI signature data types (Dave Howells) [Orabug: 18961720] - efi: fix error handling in add_sysfs_runtime_map_entry() (Dan Carpenter) [Orabug: 18961720] - PEFILE: Relax the check on the length of the PKCS#7 cert (David Howells) [Orabug: 18961720] - kexec: purgatory: add clean-up for purgatory directory (Michael Welling) [Orabug: 18961720] - x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory (Vivek Goyal) [Orabug: 18961720] - kexec: remove CONFIG_KEXEC dependency on crypto (Vivek Goyal) [Orabug: 18961720] - kexec: create a new config option CONFIG_KEXEC_FILE for new syscall (Vivek Goyal) [Orabug: 18961720] - resource: fix the case of null pointer access (Vivek Goyal) [Orabug: 18961720] - kexec: verify the signature of signed PE bzImage (Vivek Goyal) [Orabug: 18961720] - kexec: support kexec/kdump on EFI systems (Vivek Goyal) [Orabug: 18961720] - kexec: support for kexec on panic using new system call (Vivek Goyal) [Orabug: 18961720] - kexec-bzImage64: support for loading bzImage using 64bit entry (Vivek Goyal) [Orabug: 18961720] - kexec: load and relocate purgatory at kernel load time (Vivek Goyal) [Orabug: 18961720] - purgatory: core purgatory functionality (Vivek Goyal) [Orabug: 18961720] - purgatory/sha256: provide implementation of sha256 in purgaotory context (Vivek Goyal) [Orabug: 18961720] - kexec: implementation of new syscall kexec_file_load (Vivek Goyal) [Orabug: 18961720] - kexec: new syscall kexec_file_load() declaration (Vivek Goyal) [Orabug: 18961720] - kexec: make kexec_segment user buffer pointer a union (Vivek Goyal) [Orabug: 18961720] - resource: provide new functions to walk through resources (Vivek Goyal) [Orabug: 18961720] - kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() (Vivek Goyal) [Orabug: 18961720] - kexec: move segment verification code in a separate function (Vivek Goyal) [Orabug: 18961720] - kexec: rename unusebale_pages to unusable_pages (Vivek Goyal) [Orabug: 18961720] - kernel: build bin2c based on config option CONFIG_BUILD_BIN2C (Vivek Goyal) [Orabug: 18961720] - bin2c: move bin2c in scripts/basic (Vivek Goyal) [Orabug: 18961720] - kexec: remove unnecessary return (Xishi Qiu) [Orabug: 18961720] - keys: remove duplicated loads of ksplice certificate (Guangyu Sun) [Orabug: 21034277] - X.509: Support parse long form of length octets in Authority Key Identifier (Chun-Yi Lee) [Orabug: 18961720] - KEYS: Pre-clear struct key on allocation (David Howells) [Orabug: 18961720] - KEYS: Fix searching of nested keyrings (David Howells) [Orabug: 18961720] - KEYS: Fix multiple key add into associative array (David Howells) [Orabug: 18961720] - KEYS: Fix the keyring hash function (David Howells) [Orabug: 18961720] - PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs (David Howells) [Orabug: 18961720] - PKCS#7: Provide a single place to do signed info block freeing (David Howells) [Orabug: 18961720] - PKCS#7: Add a missing static (David Howells) [Orabug: 18961720] - X.509: Need to export x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] - PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 (David Howells) [Orabug: 18961720] - PKCS#7: Use x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] - X.509: x509_request_asymmetric_keys() doesn't need string length arguments (David Howells) [Orabug: 18961720] - PKCS#7: fix sparse non static symbol warning (Wei Yongjun) [Orabug: 18961720] - PKCS#7: Missing inclusion of linux/err.h (David Howells) [Orabug: 18961720] - ima: define '.ima' as a builtin 'trusted' keyring (Mimi Zohar) [Orabug: 18961720] - KEYS: validate certificate trust only with builtin keys (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: validate certificate trust only with selected key (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: verify a certificate is signed by a 'trusted' key (Mimi Zohar) [Orabug: 18961720] - KEYS: make partial key id matching as a dedicated function (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: Reinstate EPERM for a key type name beginning with a '.' (David Howells) [Orabug: 18961720] - KEYS: special dot prefixed keyring name bug fix (Mimi Zohar) [Orabug: 18961720] - pefile: Validate PKCS#7 trust chain (David Howells) [Orabug: 18961720] - pefile: Digest the PE binary and compare to the PKCS#7 data (David Howells) [Orabug: 18961720] - pefile: Handle pesign using the wrong OID (Vivek Goyal) [Orabug: 18961720] - pefile: Parse the 'Microsoft individual code signing' data blob (David Howells) [Orabug: 18961720] - pefile: Parse the presumed PKCS#7 content of the certificate blob (David Howells) [Orabug: 18961720] - pefile: Strip the wrapper off of the cert data block (David Howells) [Orabug: 18961720] - pefile: Parse a PE binary to find a key and a signature contained therein (David Howells) [Orabug: 18961720] - Provide PE binary definitions (David Howells) [Orabug: 18961720] - KEYS: X.509: Fix a spelling mistake (David Howells) [Orabug: 18961720] - PKCS#7: Provide a key type for testing PKCS#7 (David Howells) [Orabug: 18961720] - PKCS#7: Find intersection between PKCS#7 message and known, trusted keys (David Howells) [Orabug: 18961720] - PKCS#7: Verify internal certificate chain (David Howells) [Orabug: 18961720] - PKCS#7: Find the right key in the PKCS#7 key list and verify the signature (David Howells) [Orabug: 18961720] - PKCS#7: Digest the data in a signed-data message (David Howells) [Orabug: 18961720] - PKCS#7: Implement a parser [RFC 2315] (David Howells) [Orabug: 18961720] - X.509: Export certificate parse and free functions (David Howells) [Orabug: 18961720] - X.509: Add bits needed for PKCS#7 (David Howells) [Orabug: 18961720] - x86/efi: Support initrd loaded above 4G (Yinghai Lu) [Orabug: 18961720] - x86, boot: Do not include boot.h in string.c (Vivek Goyal) [Orabug: 18961720] - x86, boot: Move memcmp() into string.h and string.c (Vivek Goyal) [Orabug: 18961720] - x86, boot: Create a separate string.h file to provide standard string functions (Vivek Goyal) [Orabug: 18961720] - kexec: add sysctl to disable kexec_load (Kees Cook) [Orabug: 18961720] - x86: Add xloadflags bit for EFI runtime support on kexec (Dave Young) [Orabug: 18961720] - x86/efi: Pass necessary EFI data for kexec via setup_data (Dave Young) [Orabug: 18961720] - efi: Export EFI runtime memory mapping to sysfs (Dave Young) [Orabug: 18961720] - efi: Export more EFI table variables to sysfs (Dave Young) [Orabug: 18961720] - x86/efi: Cleanup efi_enter_virtual_mode() function (Dave Young) [Orabug: 18961720] - x86/efi: Fix off-by-one bug in EFI Boot Services reservation (Dave Young) [Orabug: 18961720] - x86/efi: Add a wrapper function efi_map_region_fixed() (Dave Young) [Orabug: 18961720] - keys: change asymmetric keys to use common hash definitions (Dmitry Kasatkin) [Orabug: 18961720] - crypto: provide single place for hash algo information (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: fix error return code in big_key_instantiate() (Wei Yongjun) [Orabug: 18961720] - KEYS: Fix keyring quota misaccounting on key replacement and unlink (David Howells) [Orabug: 18961720] - KEYS: Fix a race between negating a key and reading the error set (David Howells) [Orabug: 18961720] - KEYS: Make BIG_KEYS boolean (Josh Boyer) [Orabug: 18961720] - X.509: remove possible code fragility: enumeration values not handled (Antonio Alecrim Jr) [Orabug: 18961720] - X.509: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] - MPILIB: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720]