[4.18.0-240.OL8] - Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-240] - [include] block: allow for_each_bvec to support zero len bvec [1872032] - [nvme] nvme-pci: disable the write zeros command for Intel 600P/P3100 [1875391] [4.18.0-239] - [init] init/Kconfig: disable io_uring [1879754] - [block] blk-mq: always allow reserved allocation in hctx_may_queue [1740874] - [nvme] nvme-rdma: Avoid double freeing of async event data [1878140] - [kernel] printk: queue wake_up_klogd irq_work only if per-CPU areas are ready [1867022] [4.18.0-238] - [firmware] efi: dont reserve MOK config table memory region [1878584] - [fs] xfs: fix boundary test in xfs_attr_shortform_verify [1875316] {CVE-2020-14385} - [powerpc] powerpc/pseries: Do not initiate shutdown when system is running on UPS [1870477] [4.18.0-237] - [fs] nfsd: avoid a NULL dereference in __cld_pipe_upcall [1847225] - [net] packet: fix overflow in tpacket_rcv [1876224] {CVE-2020-14386} - [net] packet: make tp_drops atomic [1876224] {CVE-2020-14386} - [net] espintcp: restore IP CB before handing the packet to xfrm [1868201] - [fs] Revert NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE [1865978] - [fs] Revert NFSv4.x recover from pre-mature loss of openstateid [1865978] - [infiniband] RDMA/mlx4: Read pkey table length instead of hardcoded value [1853564] - [net] net/smc: set rx_off for SMCR explicitly [1875833] - [drm] drm/i915: Auto detect DPCD backlight support by default [1872381] - [drm] drm/i915: Fix DPCD register order in intel_dp_aux_enable_backlight [1872381] - [drm] drm/i915: Assume 100 brightness when not in DPCD control mode [1872381] - [drm] drm/i915: Fix eDP DPCD aux max backlight calculations [1872381] - [kernel] tracing: Define MCOUNT_INSN_SIZE when not defined without direct calls [1857599] - [kernel] ftrace: Fix function_graph tracer interaction with BPF trampoline [1857599] - [x86] x86/function_graph: Simplify with function_graph_enter [1857599] - [kernel] function_graph: Create function_graph_enter to consolidate architecture code [1857599] [4.18.0-236] - [crypto] pefile: Support multiple signatures in verify_pefile_signature [1862072] - [security] integrity: Load certs from the EFI MOK config table [1868306] - [security] integrity: Move import of MokListRT certs to a separate routine [1868306] - [firmware] efi: Support for MOK variable config table [1868306] - [kernel] Move to dual-signing to split signing keys up better [1837434] {CVE-2020-10713} - [powerpc] pseries/hotplug-cpu: wait indefinitely for vCPU death [1856588] - [powerpc] kvm: ppc: book3s hv: Rework secure mem slot dropping [1851259] - [powerpc] kvm: ppc: book3s hv: Move kvmppc_svm_page_out up [1851259] - [powerpc] kvm: ppc: book3s hv: Migrate hot plugged memory [1851259] - [powerpc] kvm: ppc: book3s hv: In H_SVM_INIT_DONE, migrate remaining normal-GFNs to secure-GFNs [1851259] - [powerpc] kvm: ppc: book3s hv: Track the state GFNs associated with secure VMs [1851259] - [powerpc] kvm: ppc: book3s hv: Disable page merging in H_SVM_INIT_START [1851259] - [powerpc] kvm: ppc: book3s hv: Fix function definition in book3s_hv_uvmem.c [1851259] - [kernel] mmap locking api: initial implementation as rwsem wrappers [1851259] - [mm] handle multiple owners of device private pages in migrate_vma [1851259] - [mm] migrate.c: clean up useless code in migrate_vma_collect_pmd [1851259] - [mm] remove the unused MIGRATE_PFN_DEVICE flag [1851259] - [powerpc] rhel: powerpc: kvm: Increase HDEC threshold to enter guest [1733467] - [netdrv] r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 [1851966] - [fs] ceph: fix inode number handling on arches with 32-bit ino_t [1869679] - [fs] ceph: dont allow setlease on cephfs [1872382] - [block] blk-mq: order adding requests to hctx-