21 files changed, 113 insertions, 91 deletions
diff --git a/0001-netfilter-nat-fix-udp-checksum-corruption.patch b/0001-netfilter-nat-fix-udp-checksum-corruption.patch
new file mode 100644
index 000000000..a890ef924
--- /dev/null
+++ b/0001-netfilter-nat-fix-udp-checksum-corruption.patch
@@ -0,0 +1,33 @@
+From 7500096ef55989594c5e699a8ea078110bd3fc1a Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Mon, 20 May 2019 13:48:10 +0200
+Subject: [PATCH] netfilter: nat: fix udp checksum corruption
+
+Due to copy&paste error nf_nat_mangle_udp_packet passes IPPROTO_TCP,
+resulting in incorrect udp checksum when payload had to be mangled.
+
+Fixes: dac3fe72596f9 ("netfilter: nat: remove csum_recalc hook")
+Reported-by: Marc Haber <mh+netdev@zugschlus.de>
+Tested-by: Marc Haber <mh+netdev@zugschlus.de>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/netfilter/nf_nat_helper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c
+index ccc06f7539d7..53aeb12b70fb 100644
+--- a/net/netfilter/nf_nat_helper.c
++++ b/net/netfilter/nf_nat_helper.c
+@@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
+ 	if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
+ 		return true;
+ 
+-	nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP,
++	nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,
+ 			   udph, &udph->check, datalen, oldlen);
+ 
+ 	return true;
+-- 
+2.21.0
+
diff --git a/Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pa.patch b/Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pa.patch
deleted file mode 100644
index ee7a5309b..000000000
--- a/Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pa.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 7451bbd2c5c1c6512689855532ad49f26ba00cd6 Mon Sep 17 00:00:00 2001
-From: Marcel Holtmann <marcel@holtmann.org>
-Date: Wed, 22 May 2019 09:05:40 +0200
-Subject: [PATCH] Bluetooth: Check key sizes only when Secure Simple Pairing is
- enabled
-
-The encryption is only mandatory to be enforced when both sides are using
-Secure Simple Pairing and this means the key size check makes only sense
-in that case.
-
-On legacy Bluetooth 2.0 and earlier devices like mice the encryption was
-optional and thus causing an issue if the key size check is not bound to
-using Secure Simple Pairing.
-
-Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
-Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-Cc: stable@vger.kernel.org
----
- net/bluetooth/hci_conn.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
-index 3cf0764d5793..7516cdde3373 100644
---- a/net/bluetooth/hci_conn.c
-+++ b/net/bluetooth/hci_conn.c
-@@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
- 			return 0;
- 	}
- 
--	if (hci_conn_ssp_enabled(conn) &&
--	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
-+	/* If Secure Simple Pairing is not enabled, then legacy connection
-+	 * setup is used and no encryption or key sizes can be enforced.
-+	 */
-+	if (!hci_conn_ssp_enabled(conn))
-+		return 1;
-+
-+	if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
- 		return 0;
- 
- 	/* The minimum encryption key size needs to be enforced by the
--- 
-2.20.1
-
diff --git a/Revert-Bluetooth-Align-minimum-encryption-key-size.patch b/Revert-Bluetooth-Align-minimum-encryption-key-size.patch
new file mode 100644
index 000000000..1318de32a
--- /dev/null
+++ b/Revert-Bluetooth-Align-minimum-encryption-key-size.patch
@@ -0,0 +1,54 @@
+From c8f57936ab21a1430ae2209fa874e842d13552d3 Mon Sep 17 00:00:00 2001
+From: Jeremy Cline <jcline@redhat.com>
+Date: Tue, 11 Jun 2019 14:59:23 +0000
+Subject: [PATCH] Revert "Bluetooth: Align minimum encryption key size for LE
+ and BR/EDR connections"
+
+This reverts commit d5bb334a8e171b262e48f378bd2096c0ea458265.
+
+This patch broke a number of older bluetooth devices and while an RFC
+that fixes this patch has been posted upstream, it has not been merged
+and there are still a few folks reporting problems.
+
+Signed-off-by: Jeremy Cline <jcline@redhat.com>
+---
+ include/net/bluetooth/hci_core.h | 3 ---
+ net/bluetooth/hci_conn.c         | 8 --------
+ 2 files changed, 11 deletions(-)
+
+diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
+index 05b1b96f4d9e..094e61e07030 100644
+--- a/include/net/bluetooth/hci_core.h
++++ b/include/net/bluetooth/hci_core.h
+@@ -190,9 +190,6 @@ struct adv_info {
+ 
+ #define HCI_MAX_SHORT_NAME_LENGTH	10
+ 
+-/* Min encryption key size to match with SMP */
+-#define HCI_MIN_ENC_KEY_SIZE		7
+-
+ /* Default LE RPA expiry time, 15 minutes */
+ #define HCI_DEFAULT_RPA_TIMEOUT		(15 * 60)
+ 
+diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
+index 3cf0764d5793..bd4978ce8c45 100644
+--- a/net/bluetooth/hci_conn.c
++++ b/net/bluetooth/hci_conn.c
+@@ -1276,14 +1276,6 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
+ 	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
+ 		return 0;
+ 
+-	/* The minimum encryption key size needs to be enforced by the
+-	 * host stack before establishing any L2CAP connections. The
+-	 * specification in theory allows a minimum of 1, but to align
+-	 * BR/EDR and LE transports, a minimum of 7 is chosen.
+-	 */
+-	if (conn->enc_key_size < HCI_MIN_ENC_KEY_SIZE)
+-		return 0;
+-
+ 	return 1;
+ }
+ 
+-- 
+2.21.0
+
diff --git a/configs/fedora/generic/CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT b/configs/fedora/generic/CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT
new file mode 100644
index 000000000..b0c4eae87
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT
@@ -0,0 +1 @@
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index 170e109a7..d1808b5e7 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -4130,6 +4130,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=256
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 116e56f5d..92602b416 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -4110,6 +4110,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=256
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index 62161d2b9..a39b0dd45 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -4243,6 +4243,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=32
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 56c26c5c0..6c4ab4e3c 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -4106,6 +4106,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=32
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index d27bacca2..874017f4d 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -4087,6 +4087,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=32
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index f3acc627f..a7fca44c8 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -4224,6 +4224,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_PLATFORM_DRIVER=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=32
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index ef134d413..0b87d7c62 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -3865,6 +3865,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=32
 CONFIG_NS83820=m
diff --git a/kernel-i686.config b/kernel-i686.config
index 8f60aa6d5..41057b9d1 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -3846,6 +3846,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=32
 CONFIG_NS83820=m
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index bc688b823..a37c61ad5 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -3588,6 +3588,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=1024
 CONFIG_NR_IRQS=512
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 7955d0c31..a23326d07 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -3567,6 +3567,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=1024
 CONFIG_NR_IRQS=512
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index 80fc19f6b..894ded60d 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -3559,6 +3559,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 # CONFIG_NOZOMI is not set
 CONFIG_NR_CPUS=64
 CONFIG_NS83820=m
diff --git a/kernel-s390x.config b/kernel-s390x.config
index e5e7c7ad3..d58fdfe4e 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -3538,6 +3538,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 # CONFIG_NOZOMI is not set
 CONFIG_NR_CPUS=64
 CONFIG_NS83820=m
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 29d327a5a..db2ed00ba 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -3909,6 +3909,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_NOUVEAU_DEBUG_MMU=y
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=8192
 CONFIG_NS83820=m
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 718c23c83..ef5038e3f 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -3890,6 +3890,7 @@ CONFIG_NORTEL_HERMES=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOZOMI=m
 CONFIG_NR_CPUS=1024
 CONFIG_NS83820=m
diff --git a/kernel.spec b/kernel.spec
index 5f59cbf0c..ea706d09e 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 8
+%define stable_update 9
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -587,7 +587,8 @@ Patch526: 0001-platform-x86-ideapad-laptop-Remove-no_hw_rfkill_list.patch
 
 # rhbz 1711468
 # https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@holtmann.org/
-Patch527: Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pa.patch
+# https://lore.kernel.org/linux-bluetooth/af8cf6f4-4979-2f6f-68ed-e5b368b17ec7@redhat.com/
+Patch527: Revert-Bluetooth-Align-minimum-encryption-key-size.patch
 
 # CVE-2019-12378 rhbz 1715459 1715460
 Patch528: ipv6_sockglue-fix-missing-check-bug-in-ip6_ra_control.patch
@@ -616,15 +617,15 @@ Patch535: wcd9335-fix-a-incorrect-use-of-kstrndup.patch
 # CVE-2019-12456 rhbz 1717182 1717183
 Patch536: scsi-mpt3sas_ctl-fix-double-fetch-bug-in_ctl_ioctl_main.patch
 
-# rhbz 1708717
-Patch537: neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch
-
 # CVE-2019-12614 rhbz 1718176 1718185
 Patch538: powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
 
 # https://patchwork.kernel.org/patch/10817377/
 Patch539: usb-dwc2-Fix-DMA-cache-alignment-issues.patch
 
+# Mainlined, https://bugzilla.redhat.com/show_bug.cgi?id=1716289
+Patch540: 0001-netfilter-nat-fix-udp-checksum-corruption.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1863,6 +1864,10 @@ fi
 #
 #
 %changelog
+* Tue Jun 11 2019 Jeremy Cline <jcline@redhat.com> - 5.1.9-300
+- Linux v5.1.9
+- Fix UDP checkshums for SIP packets (rhbz 1716289)
+
 * Sun Jun 09 2019 Jeremy Cline <jcline@redhat.com> - 5.1.8-300
 - Linux v5.1.8
 
diff --git a/neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch b/neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch
deleted file mode 100644
index 6c4b078b5..000000000
--- a/neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 51b840ae99c70e03ff463e3d98d4fcac2e31344c Mon Sep 17 00:00:00 2001
-From: David Ahern <dsahern@gmail.com>
-Date: Wed, 1 May 2019 18:08:34 -0700
-Subject: [PATCH] neighbor: Reset gc_entries counter if new entry is released
- before insert
-
-Ian and Alan both reported seeing overflows after upgrades to 5.x kernels:
-  neighbour: arp_cache: neighbor table overflow!
-
-Alan's mpls script helped get to the bottom of this bug. When a new entry
-is created the gc_entries counter is bumped in neigh_alloc to check if a
-new one is allowed to be created. ___neigh_create then searches for an
-existing entry before inserting the just allocated one. If an entry
-already exists, the new one is dropped in favor of the existing one. In
-this case the cleanup path needs to drop the gc_entries counter. There
-is no memory leak, only a counter leak.
-
-Fixes: 58956317c8d ("neighbor: Improve garbage collection")
-Reported-by: Ian Kumlien <ian.kumlien@gmail.com>
-Reported-by: Alan Maguire <alan.maguire@oracle.com>
-Signed-off-by: David Ahern <dsahern@gmail.com>
----
- net/core/neighbour.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 30f6fd8f68e0..aff051e5521d 100644
---- a/net/core/neighbour.c
-+++ b/net/core/neighbour.c
-@@ -663,6 +663,8 @@ static struct neighbour *___neigh_create(struct neigh_table *tbl,
- out_tbl_unlock:
- 	write_unlock_bh(&tbl->lock);
- out_neigh_release:
-+	if (!exempt_from_gc)
-+		atomic_dec(&tbl->gc_entries);
- 	neigh_release(n);
- 	goto out;
- }
--- 
-2.21.0
-
diff --git a/sources b/sources
index a803dcac2..7ea3025ed 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-5.1.tar.xz) = ae96f347badc95f1f3acf506c52b6cc23c0bd09ce8f4ce6705d4b4058b62593059bba1bc603c8d8b00a2f19131e7e56c31ac62b45883a346fa61d655e178f236
-SHA512 (patch-5.1.8.xz) = b87bea971d0ec92a3243ba868d5a4a25c16a0e36dda50edbaf59ea60ce11d96019517b1d3153de829e91791976ef37f59433c65563e04ae33ac107b9a8badf73
+SHA512 (patch-5.1.9.xz) = 07fe43bdcb37f8f082cfeb19c3728fd0c5292d479793d02bad1386b2b3eb0618f1b4c95b17dba16eac19b1cdfd3d8aa9c235784d7abed2222b4dd14636756ec6