- SAPHanaSR
-
- SAPHanaSR-monitor not reporting correctly
(bsc#1192963)
add patch:
0001-bsc-1192963.patch
- Version bump to 0.161.1_BF
- add the required 'xmllint' to the package
(bsc#1201945)
- changes to the demote_clone function of the resource agent:
if the role is '1:P' (topology agent run into timeouts) the
function fail with rc=1, to get the managed resource stopped
changes to the stop_clone function of the topology agent:
call landscapeHostConfiguration.py and set the roles as they were
reported. If the command timed out, set the role to '1:P' and
return 1 to get the node fenced.
The used timeout for the landscapeHostConfiguration.py call can
be configured by the cluster action timeout, if needed. It will
be 50% of the action timeout or the minimum of 300s.
(bsc#1198127)
- add new HA/DR provider hook susChkSrv
(jsc#PED-1241, jsc#PED-1240)
- add new tool SAPHanaSR-manageProvider to show, add and delete
HA/DR provider sections in the global.ini of SAP HANA.
- update suse icon to new branding
- Version bump to 0.160.1
- fix HANA_CALL function to support MCOS environments again
(bsc#1198780)
- fix SAPHanaSR-replay-archive to handle hb_report archives again
(bsc#1198897)
- add HANA_CALL_TIMEOUT parameter back to the resource agents and
read the setting from the cluster configuration, if available.
Defaults to '60'.
Related to github issue#36
- add new HA/DR provider hook susTkOver
(jsc#SLE-16347)
- add new hook script for SAP HANA System Replication Scale-Up Cost
Optimized Scenario.
(jsc#SLE-18613)
- add a new instance parameter 'REMOVE_SAP_SOCKETS'.
It is an optional parameter and defaults to 'true'. Now you can
control, if the RA should remove the unix domain sockets related
to sapstartsrv before (re-)start sapstartsrv or if it should try
to adjust the permissions and ownership of these files instead.
- amazon-ssm-agent
-
- Fix mangled ExlusiveArch field
- Update to version 3.1.1260.0
+ Added missing check for invalid S3 path parameter
+ Added support for domain join using a non-local username
+ Fixed broken links in README.md
+ Fixed ECS Exec issue where agent was using environment variables for credentials
+ Updated Ec2Detector test to query smbios directly for system information
- from version 3.1.1208.0
+ Updated ec2detector module to use Get-CmiInstance instead of wmic.exe
+ Fixed file creation mode of ssm-agent-users sudoer file (bsc#1196556, CVE-2022-29527)
- from version 3.1.1188.0
+ Added new ec2detector module to determine if agent is on EC2
+ Added support for port forwarding to remote host
+ Added quotes around inventory parameter ValueName on Windows
+ Fix for domain join DNS IP assignments in shared directories
+ Replaced namedpipe updater test with ec2detector test
- from version 3.1.1141.0
+ Add application inventory by file for Bottlerocket
+ Fix infinite retry logic to send failed replies in MGSInteractor
+ Remove usage of io/fs package
- from version 3.1.1080.0
+ (windows only) Remove symlink scan during update
- from version 3.1.1045.0
+ Fixed sourceHash validation for aws:application document plugin
+ Added document parameter validation for values passed to target document of aws:runDocument plugin
+ (windows only) Fix process leak when legacy cloudwatch plugin is enabled
+ (windows only) Fail installation if C:ProgramDataAmazonSSM has symlinks
- from version 3.1.1004.0
+ Added platform detection for Bottlerocket OS
+ Consolidated regional endpoint generation to common endpoint module
- from version 3.1.941.0
+ Added support for Rocky linux
+ Fixed sharefile/shareprofile not being propagated to updateutil
+ Fixed incorrect darwin platform detection post BigSur
+ Fixed log flush issue in updater
+ Updated .NET dependencies for domainjoin and cloudwatch (windows only)
+ Updated go version to 1.17.6
- from version 3.1.821.0
+ Implement new core module named MessageService to start processing commands from both MGS and MDS
* Merge functionalities from RunCommandService core module and Session core module.
* Receive run command documents through MGS if connected and fallback to MDS otherwise.
This functionality requires appropriate permissions for both endpoints and will be rolled
out gradually to end users.
* Provide filesystem based idempotency check to avoid duplicate run command document execution.
* Increase default run command pool buffer size from 1 to 5 to load additional documents
before-hand for processing.
+ Fix nil pointer deference panic produced in named pipe test case during agent update
+ Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop
- from version 3.1.804.0
+ Add support for upstart when running get-diagnostic command using ssm-cli
+ Fix systemctl service name to support older versions of systemctl
+ Include changes to facilitate testing
+ Update DNS server selection logic for seamless domain join on linux and darwin
+ Update go version to go1.17.5
+ Update golang sys package dependency
- from version 3.1.715.0
+ Derive default directories from appconfig on Darwin
+ Set x-bit on newly-created directories
- from version 3.1.634.0
+ Fix for ssm-setup-cli to be able to select service manager without the agent being installed
- from version 3.1.630.0
+ Added greengrass component recipe for the new SystemsManagerAgent component
+ Added support for registering agent on a greengrass device
+ Added support for downloading more than 1000 objects in downloadContent
+ Fixed retry logic for onprem and s3 upload
+ Fixed unit tests when running on Mac
+ Update AWS SDK to v1.41.4
+ Update logic to retrieve platform details for Rocky Linux
- from version 3.1.501.0
+ Add diagnostics command to ssm-cli
+ Fix caching for onprem credentials
+ Additional configuration options for Seamless Domain Join
+ Gracefully exit session if group of runas user is modified
+ Skip retries for cert validation errors in S3 HEAD requests
+ Fix DNS failures on CentOS 8.2
+ Update several dependencies
- from version 3.1.459.0
+ Fixed a bug with powershell command for Inventory
- from version 3.1.426.0
+ Fixed cpu spike issue manifesting on snap
+ Fixed issue with version comparison in EC2Config update plugin
+ Fixed panic when command output was being truncated
+ Updated build to use go1.16.8
+ Removed Profile from inventory powershell commands on Windows
- from version 3.1.338.0
+ Fix to eliminate WaitGroup reuse panic triggered during agent reboot
+ Fix to include applications without UninstallString in Inventory for Windows
+ Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand
+ Fixed a bug where RunCommand could delay executions for up to 15 minutes
- from version 3.1.282.0
+ Add serial port logging of AwsNitroEnclaves package version on windows during startup
+ Allow usage of existing loggroup/logstream when the user does not have create permission
+ Change service interrogate request log to debug
+ Cleanup old surveyor channel files on startup
+ Fix filehandle leak in windows leading to agent going offline
+ Fix to schedule correct next run time during orchestration directories cleanup
+ Fix to sequentially update correct runcount value in the document bookkeeping file
+ Fix a bug with version parsing EC2Config updater
+ Updated rpm packaging for fips compliance
- from version 3.1.192.0
+ Added darwin arm64 to makefile
+ Added logic to limit orchestration directory cleanup
+ Added packaging for public SSM Agent container image
+ Fixed cloudwatch endpoint for telemetry metrics requests
+ Fixed handling of Windows filepaths and mutex locks
+ Fixed agent worker handling of OS signals and termination channel requests
+ Updated datachannel retry strategy to not retry for a specific error scenario
+ Updated default gomaxproc value for Windows
+ Update build to use go1.16.6
- from version 3.1.127.0
+ Added a workaround for windows random halts
+ Fixed race condition during reboot document execution
- from version 3.1.90.0
+ Updated to version 3.1
+ Updated build to build statically linked binaries for linux 64bit
* Minimum supported linux kernel version for linux 64bit is 3.2+
+ Fixed permissions for docker config file
+ Fixed issue with ubuntu prerm and postinst scripts
+ Fixed issue where processor stop was being called twice
- from version 3.0.1390.0
+ Added config option to delete orchestration folder
+ Added snapcraft packaging config
+ Added workaround for aws:runDocument status bug
+ Added improved handling of file closure
+ Added support for go mod and updated build to use go 1.16.4
+ Fixed bug parsing vpce s3 urls
+ Refactored use of agent identity in agent cli
+ Updated check if agent is running as windows service
+ Updated handling of session cancellation to still send output to client side
+ Updated interactive session exit code logic to match non-interactive mode
+ Updated vendor dependencies
- Update directory path for GOPATH
- Update to version 3.0.1295.0
+ Added configurable custom identity and identity consumption order
+ Added cross-account domain join
+ Added cleanup for older versions of updater artifacts
+ Added a workaround for MacOS kernel bug that sometimes kept RunCommand from launching
+ Added a workaround for log file contention on Windows
+ Added synchronization to RunCommand service stop
+ Changed hibernation log level
+ MacOS executables are now signed
+ Removed delay in non-interactive session type
- apparmor
-
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
- bind
-
- Security Fixes:
* Previously, there was no limit to the number of database lookups
performed while processing large delegations, which could be abused
to severely impact the performance of named running as a recursive
resolver. This has been fixed.
[bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
* A memory leak was fixed that could be externally triggered in the
DNSSEC verification code for the ECDSA algorithm.
[bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
* Memory leaks were fixed that could be externally triggered in the
DNSSEC verification code for the EdDSA algorithm.
[bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
- ca-certificates-mozilla
-
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
Removed:
- Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CA:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
- cifs-utils
-
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
(bsc#1198976, CVE-2022-29869)
* add cifs-utils-CVE-2022-29869.patch
- cloud-regionsrv-client
-
- Follow up fix to 10.0.4 (bsc#1202706)
- While the source code was updated to support SLE Micro the spec file
was not updated for the new locations of the cache and the certs.
Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
- Handle exception when trying to deregister a system form the server
- Update to version 10.0.4 (bsc#1199668)
- Store the update server certs in the /etc path instead of /usr to
accomodate read only setup of SLE-Micro
- compat-openssl098
-
- bsc#1201283 - fix unknown option passed to 'openssl x509' from c_rehash
* Modified openssl1-Fix-file-operations-in-c_rehash.patch
- crash
-
- Fix lookup of symbol "/linux_banner"/, as in newer kernels the symbol is
placed in the .init section ('D') as opposed to the read-only section ('R').
Also make this specific to kernels >= 2.6.11. This fix is a combination of
upstream commit fce91bec and a chunk from upstream commit 9fab193e.
(bsc#1195911)
Added:
crash-Fix-the-failure-of-reporting-vmcore-and-vmlinux-do-n.patch
- ------------------------------------------------------------------
- cronie
-
- Allow to define the logger info and warning priority, fixes
jsc#SLE-24577
* run-crons
* sysconfig.cron
- curl
-
- Security Fix: [bsc#1204383, CVE-2022-32221]
* POST following PUT confusion
* Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
* Control codes in cookie denial of service
* Add curl-CVE-2022-35252.patch
- drbd
-
- bsc#1197431 resync speed is cut by 90+% after resize
+ bsc-1197431-drbd-rename-tl_clear-tl_restart-to-tl_walk.patch
+ bsc-1197431-drbd-introduce-__tl_walk-COMPLETION_RESUMED.patch
+ bsc-1197431-drbd-log-name-and-pid-of-opening-closing-process.patch
+ bsc-1197431-drbd-expose-openers-via-debugfs.patch
+ bsc-1197431-drbd-cleanup-peer_requests-waiting-for-activity-log-.patch
+ bsc-1197431-drbd-micro-optimization-for-diskless-primary-nodes.patch
+ bsc-1197431-drbd-rename-resource-susp-to-resource-susp_user.patch
+ bsc-1197431-drbd-optimize-the-IO-submit-code-path.patch
+ bsc-1197431-drbd-optimize-submit-path-a-bit.patch
+ bsc-1197431-drbd-make-the-additional-timing-measurement-a-compil.patch
+ bsc-1197431-Revert-drbd-fix-Logic-BUG-after-P_NEG_DREPLY.patch
+ bsc-1197431-drbd-Fix-sending-peer-ack-into-a-flapping-connection.patch
+ bsc-1197431-drbd-new-helper-function-drbd_req_in_actlog.patch
+ bsc-1197431-drbd-expose-waiting-for-activity-log-accounting-of-p.patch
+ bsc-1197431-drbd-headers-introduce-P_CONFIRM_STABLE-modified.patch
+ bsc-1197431-drbd-move-definition-of-drbd_send_b_ack-to-its-only-.patch
+ bsc-1197431-drbd-introduce-active_ee_cnt-for-number-of-active-pe.patch
+ bsc-1197431-drbd-protocol-114-fix-distributed-deadlock-on-second-modified.patch
+ bsc-1197431-drbd-backward-compat-fix-for-deadlock-in-protocol-11.patch
+ bsc-1197431-drbd-introduce-module-parameter-protocol_version_min.patch
+ bsc-1197431-drbd-fix-missing-set-out-of-sync-for-D_INCONSISTENT-.patch
+ bsc-1197431-drbd-flush-not-yet-submitted-buffers-before-becoming.patch
+ bsc-1197431-drbd-Fix-slow-resync-after-node-was-diskless-primary.patch
+ bsc-1197431-drbd-debugfs-rename-now-to-jif-where-it-hold-jiffies.patch
+ bsc-1197431-drbd-fix-regression-in-request-timeout-handling.patch
+ bsc-1197431-drbd-Fix-clearing-of-PRIMARY_LOST_QUORUM-flag.patch
+ bsc-1197431-drbd-Fix-restoring-the-PRIMARY_LOST_QUORUM-from-meta.patch
+ bsc-1197431-drbd-Set-the-NEW_CUR_UUID-bit-only-in-the-state-engi.patch
+ bsc-1197431-drbd-fix-lifetime-of-need-to-apply-activity-log-meta.patch
+ bsc-1197431-drbd-Move-call-to-inc_ap_bio-into-__drbd_make_reques.patch
+ bsc-1197431-drbd-Move-inc_ap_bio-from-drbd_int.h-to-drbd_req.c.patch
+ bsc-1197431-drbd-Eliminate-the-dedicated-ping_wait-wait-queue.patch
+ bsc-1197431-drbd-Enforce-new-current-UUID-written-before-writes-.patch
+ bsc-1197431-drbd-fix-spurious-new-current-UUID-generation.patch
+ bsc-1164833-spinlock_deadlock_dev_al_lock.patch
+ bsc-1197431-drbd-Do-not-generate-a-new-current-UUID-wile-IO-is-f.patch
- expat
-
- Security fix:
* (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
function in xmlparse.c
- Added patch expat-CVE-2022-40674.patch
- fence-agents
-
- Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm
fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437
(bsc#1195891)
- Apply proposed patch
0001-fix_support_for_sovereign_clouds_and_MSI-439.patch
- fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in
GCP due to missing "/--zone"/ parameter (bsc#1198872)
- Apply proposed patch
0001-fence_gce-Make-zone-optional-for-get_nodes_list-487.patch
- gpg2
-
- Security fix [CVE-2022-34903, bsc#1201225]
- Vulnerable to status injection
- Added patch gnupg-CVE-2022-34903.patch
- grub2
-
- fs/xfs: add bigtime incompat feature support (bsc#1203387)
* grub2-fs-xfs-Add-bigtime-incompat-feature-support.patch
- icu
-
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
from upstream, use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- jasper
-
- security update:
* CVE-2022-2963 [bsc#1202642]
+ jasper-CVE-2022-2963.patch
- java-1_7_1-ibm
-
- Update to Java 7.1 Service Refresh 5 Fix Pack 15 [bsc#1202427]
[bsc#1201684, CVE-2022-34169] [bsc#1201692, CVE-2022-21541]
[bsc#1201685, CVE-2022-21549] [bsc#1201694, CVE-2022-21540]
- Update to Java 7.1 Service Refresh 5 Fix Pack 10 [bsc#1201643]
[bsc#1198671, CVE-2022-21476] [bsc#1198670, CVE-2022-21449]
[bsc#1198673, CVE-2022-21496] [bsc#1198674, CVE-2022-21434]
[bsc#1198672, CVE-2022-21426] [bsc#1198675, CVE-2022-21443]
[bsc#1191912, CVE-2021-35561] [bsc#1194931, CVE-2022-21299]
- json-c
-
- Added CVE-2020-12762.patch (bsc#1171479, CVE-2020-12762)
- Added gcc7-fix.patch
- Update to upstream release 0.12.1
- Removed upstream fixed json-c-0.12-unused_variable_size.patch
- Added fix-set-but-not-used.patch
- json-c 0.12
Fixes for security issues contained in this release have been
previously patched into this package, but listed for completeness:
* Address security issues:
* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int
- Further changes:
* Avoid potential overflow in json_object_get_double
* Eliminate the mc_abort() function and MC_ABORT macro.
* Make the json_tokener_errors array local. It has been deprecated for
a while, and json_tokener_error_desc() should be used instead.
* change the floating point output format to %.17g so values with
more than 6 digits show up in the output.
* Remove the old libjson.so name compatibility support. The library is
only created as libjson-c.so now and headers are only installed
into the ${prefix}/json-c directory.
* When supported by the linker, add the -Bsymbolic-functions flag.
* Make strict mode more strict:
* number must not start with 0
* no single-quote strings
* no comments
* trailing char not allowed
* only allow lowercase literals
* Added a json_object_new_double_s() convenience function to allow
an exact string representation of a double to be specified when
creating the object and use it in json_tokener_parse_ex() so
a re-serialized object more exactly matches the input.
* Add support NaN and Infinity
- packaging changes:
* json-c-hash-dos-and-overflow-random-seed-4e.patch is upstream
* Move from json-c-lfs.patch which removed warning errors and
autoconf call to json-c-0.12-unused_variable_size.patch from
upstream which fixes the warning
* except for SLE 11 where autoreconf call is required
* add licence file to main package
- kernel-default
-
- Revert "/sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)"/
This reverts commit 8d1c33d1ed3d4b198344cf4cf8763447532f6b90
since it breaks the build
- commit 253e49e
- Add CVE reference on lightnvm removal patch
modified:
- patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 0412b0e
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- commit 0429966
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 1828312
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- commit 960c031
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 8e21ba7
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- commit 24dad4e
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- commit 3b41e99
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048)
Backporting notes:
* context changes
- commit f023a62
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1154048)
- commit 6c2117a
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)
Backporting notes:
* context changes
* config update
- commit 8d1c33d
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1129770)
- commit 015493e
- Revert "/video: hgafb: fix potential NULL pointer dereference"/ (bsc#1129770)
Backporting notes:
* test return value of ioremap() and return an error
- commit dfae32b
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
(CVE-2022-41848 bsc#1203987).
- commit 4b5f9dc
- Input: melfas_mip4 - fix return value check in mip4_probe()
(git-fixes).
- commit 327938f
- xhci: bail out early if driver can't accress host in resume
(git-fixes).
- commit 7b6647e
- blacklist.conf: no gadget mode in SLE12
- commit 4ef9a32
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 0686374
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit 6704bc6
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 0c59466
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 80ea4bf
- scsi: qla2xxx: Remove unused declarations for qla2xxx
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 6a1070c
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1203935).
- commit c812e29
- blacklist.conf: Add 1bf4580e00a2 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- commit 2a37e27
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- commit d956a8c
- Input: iforce - constify usb_device_id and fix space before
'[' error (git-fixes).
- commit bfb50de
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path
(git-fixes).
- commit b282bf7
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- commit f6eaf2e
- USB: serial: option: add Quectel RM500K module support.
- commit 981a205
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- commit 3376669
- USB: serial: option: add Telit LE910Cx 0x1250 composition
(git-fixes).
- commit f8d705a
- blacklist.conf: irrelevant in our configurations
- commit c5487ee
- USB: serial: option: add support for Cinterion MV31 with new
baseline (git-fixes).
- commit ce91afd
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
(git-fixes).
- commit 2a4a3b7
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(git-fixes).
- commit 4e282b8
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (git-fixes).
- commit 85d64e6
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(git-fixes).
- commit 63072dd
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(git-fixes).
- commit 93c7c8f
- blacklist.conf: irrelevant in our configurations
- commit 1ea4ae1
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit fc09d0c
- blacklist.conf: blacklist commit 02c0cab8e734
- commit 07b2c53
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 21400d8
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
bsc#1203769).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit accf4df
- md: call __md_stop_writes in md_stop (git-fixes).
- Revert "/md-raid: destroy the bitmap after destroying the thread"/
(git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- commit ab754e2
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit a86f7ba
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 231362a
- blacklist.conf: add several SCSI commits to black list
- commit 82ee683
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit b210a45
- media: em28xx: initialize refcount before kref_get
(CVE-2022-3239 bsc#1203552).
- commit 477c587
- powerpc: Use device_type helpers to access the node type
(bsc#1203424 ltc#199544).
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-update-code.patch.
- commit b1e0425
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 5d51965
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- Refresh for the above patch added in,
blacklist.conf: remove the above patch from blaclist.conf
patches.suse/0034-dm-verity-add-check_at_most_once-option-to-only-vali.patch.
- commit 1b3d265
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit b644c0f
- Update references:
- patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
- patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
- patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
- patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
- patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
- patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
- patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
(add CVE-2022-32296 bsc#1200288)
- commit 97c264a
- x86/bugs: Reenable retbleed=off
While for older kernels the return thunks are statically built in and
cannot be dynamically patched out, retbleed=off should still be possible
to do so that the mitigation can still be disabled on Intel who don't
use the return thunks but IBRS.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit e330fc7
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
(bsc#1203462).
- commit b3b2090
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit 39653db
- Update
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
(bsc#1124235), adding back Refernces lost in previous update.
- commit 47c6490
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
(git-fixes).
- Refresh patches.suse/scsi-libfc-handling-of-extra-kref.
- commit 27f7754
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit 1fdd74c
- git_sort: Cleanup series_insert test setup and add test for patch with
missing headers
- commit 05c630d
- scsi: ch: Make it possible to open a ch device multiple times
again (git-fixes).
- Refresh
patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch.
- Replace/Refresh
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
("/scsi: ch: fixup refcounting imbalance for SCSI devices"/)
with actual upstream version of this commit, which makes it apply
correctly (it was just a "/submitted"/ version)
- commit cb2ed7c
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (git-fixes).
- commit 6d3bb9f
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 85ce439
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit a67ea91
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit ed06fa8
- scsi: lpfc: Check the return value of alloc_workqueue()
(git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
(git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- Revert "/scsi: sd: Keep disk read-only when re-reading partition"/
(git-fixes).
- scsi: core: Avoid that a kernel warning appears during system
resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning
(git-fixes).
- commit 2cdb167
- cifs: clean up an inconsistent indenting (bsc#1190317).
- commit 84e7187
- git_sort: Check if Patch-mainline tag exists
If Patch-mainline and Git-commit tags are missing in the patch, sort script
will fail with:
IndexError: list index out of range
This change ensures that Patch-mainline tag is present and if not, raise
an error to warn the user.
- commit 10d17a7
- Update
patches.suse/mm-rmap.c-don-t-reuse-anon_vma-if-we-just-want-a-copy.patch
(git-fixes, bsc#1203098).
- commit 3881fc3
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188, bsc#1203107).
- commit 7df6276
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
bsc#1202097).
- commit 7253cd6
- fuse: limit nsec (bsc#1203126).
- commit 4695dc9
- blacklist.conf: add 2fdbb8dd0155 to blacklist
- commit 374db7c
- objtool: Track original function across branches (bsc#1202396).
- Refresh
patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- Refresh
patches.suse/objtool-make-bp-scratch-register-warning-more-robust.patch.
- commit d5d2614
- objtool: Don't use ignore flag for fake jumps (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- commit 3c1c10e
- objtool: Add --backtrace support (bsc#1202396).
- Refresh
patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- commit 59346c1
- objtool: Set insn->func for alternatives (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- Refresh
patches.suse/objtool-add-relocation-check-for-alternative-sections.patch.
- commit 55a9c4c
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit 9b79372
- mm/rmap.c: don't reuse anon_vma if we just want a copy
(git-fixes, bsc#1203098).
- commit d3fffdb
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- commit 8addcab
- MyBS: Fix upload to OBS.
When a cookie is received and SSH authentication is not used osc_wrapper
crashes with message:
Can't use an undefined value as a symbol reference at MyBS.pm line 290.
Fix this by not trying to save cookies for plain authentication.
- commit fc4c81a
- blacklist.conf: add c5deb27895e0, as no fix is needed (problem can't occur)
- commit d29d53a
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit 7fc364d
- Update
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Update
patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
Add missing objtool annotations from upstream commits to fix bsc#1202396.
- commit 8f6e21f
- KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP (git-fixes).
- commit 3b2de9e
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks (git-fixes).
- commit beb4e5a
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- commit df2ab3a
- objtool: Add support for intra-function calls (bsc#1202396).
- commit 72c2448
- objtool: Remove INSN_STACK (bsc#1202396).
- commit df6f4c2
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit 696a729
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit 9614631
- objtool: Fix ORC vs alternatives (bsc#1202396).
- commit 7725f8e
- objtool: Uniquely identify alternative instruction groups
(bsc#1202396).
- commit cad8676
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- commit f556567
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- commit 7537bdc
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit b0b1864
- objtool: Rename struct cfi_state (bsc#1202396).
- commit f1ccddb
- objtool: Support multiple stack_op per instruction
(bsc#1202396).
- commit bd1355d
- objtool: Support conditional retpolines (bsc#1202396).
- commit 7d5809e
- objtool: Convert insn type to enum (bsc#1202396).
- commit 1160056
- objtool: Rename elf_open() to prevent conflict with libelf
from elftoolchain (bsc#1202396).
- commit c167b3d
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- commit fc37030
- squashfs: fix xattr id and id lookup sanity checks
(bsc#1203013).
- commit e118d89
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- commit 6748621
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"/find -xtype l"/ will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- cifs: move from strlcpy with unused retval to strscpy
(bsc#1190317).
- commit bb4c21d
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
(bsc#1190317).
- commit f2b9741
- cifs: remove unused server parameter from calc_smb_size()
(bsc#1190317).
- commit c52dabc
- cifs: Do not use tcon->cfid directly, use the cfid we get from
open_cached_dir (bsc#1190317).
- commit ed7d7cd
- cifs: fix lock length calculation (bsc#1190317).
- commit 704a256
- cifs: alloc_mid function should be marked as static
(bsc#1190317).
- commit 1cd087c
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
(bsc#1190317).
- commit 7d1a646
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- commit 39cdb6e
- cifs: remove remaining build warnings (bsc#1190317).
- commit bb9d34f
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- commit 36dc5c1
- cifs: remove minor build warning (bsc#1190317).
- commit 99f07da
- cifs: remove some camelCase and also some static build warnings
(bsc#1190317).
- commit 12a6e0e
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- commit 042656d
- cifs: remove redundant initialization to variable
mnt_sign_enabled (bsc#1190317).
- commit 5f2fe58
- smb3: check xattr value length earlier (bsc#1190317).
- commit 420acb4
- linux.keyring: Downgrade to older format.
Compatibility with SLE12 SP5.
- commit cd7de7f
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- commit cc50c41
- cifs: return errors during session setup during reconnects
(bsc#1190317).
- commit f26e757
- cifs: fix uninitialized pointer in error case in
dfs_cache_get_tgt_share (bsc#1190317).
- commit 2cd67ba
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- commit 6ad2a16
- cifs: version operations for smb20 unneeded when legacy support
disabled (bsc#1190317).
- commit c14744a
- cifs: when extending a file with falloc we should make files
not-sparse (bsc#1190317).
- commit 722a067
- smb3: check for null tcon (bsc#1190317).
- commit 19827ce
- cifs: return the more nuanced writeback error on close()
(bsc#1190317).
- commit 21102b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
(bsc#1190317).
- commit 55e93f1
- smb3: don't set rc when used and unneeded in query_info_compound
(bsc#1190317).
- commit b7a8710
- cifs: smbd: fix typo in comment (bsc#1190317).
- commit 0fd8d36
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1190317).
- commit 18a7023
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- commit cebd44b
- cifs: move definition of cifs_fattr earlier in cifsglob.h
(bsc#1190317).
- commit de5bdb2
- objtool: Fix sibling call detection (bsc#1202396).
- commit 7a3804d
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- commit 34b4ec9
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
CVE-2022-3028).
- commit e68eb5b
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit c9ac9a2
- tar-up.sh: Include kernel signature in OBS upload.
It is not clear that OBS can handle uncompressed tar signatures but it
can still be verified manually.
- commit cb24650
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit d995183
- scripts: Verify tarball signature before use.
While there are Linux tarballs provided in standard location on many
machines it is not clear where these mirrors are mounted from, how
secure was the mirroring proccess, and the storage itself.
For local testing it is faster to use git but for OBS builds we want
the upstream tarballs to get bit-identical tarball files, and then we
also want the verification to ensure integrity of the mirror.
xz compressions is not completely deterministic, and while the tarball
content should be the same the bit representation varies. When
uploadiong to OBS it is desirable to use bit-identical files to prevent
OBS storing multiple big files with the same content inside but not
apparently identical.
- commit a075c40
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit cbbd572
- powerpc/perf: Add privileged access check for thread_imc
(FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
(FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in
(FATE#322448, bsc#1054914, git-fixes).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo)
(FATE#322448, bsc#1054914, git-fixes).
- Refresh patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch
- commit 0095cdd
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1190317).
- commit ef2c03a
- SMB3: EBADF/EIO errors in rename/open caused by race condition
in smb2_compound_op (bsc#1190317).
- commit 1850f8f
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- commit a9f06fa
- cifs: fix NULL ptr dereference in refresh_mounts()
(bsc#1190317).
- commit 67eb87c
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- commit 60e64c6
- cifs: verify that tcon is valid before dereference in
cifs_kill_sb (bsc#1190317).
- commit 2548aaa
- cifs: potential buffer overflow in handling symlinks
(bsc#1190317).
- commit 4a3401c
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- commit a7766a9
- cifs: release cached dentries only if mount is complete
(bsc#1190317).
- commit 0e4cc46
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- commit 396d99d
- cifs: remove check of list iterator against head past the loop
body (bsc#1190317).
- commit 53771a6
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(bsc#1190317).
- commit 4dc7010
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
(bsc#1190317).
- commit d9eafa4
- ceph: don't truncate file in atomic_open (bsc#1202830).
- commit 5d95105
- cifs: change smb2_query_info_compound to use a cached fid,
if available (bsc#1190317).
- commit 8153d9b
- cifs: convert the path to utf16 in smb2_query_info_compound
(bsc#1190317).
- commit feab50e
- cifs: we do not need a spinlock around the tree access during
umount (bsc#1190317).
- commit 3cf620b
- cifs: fix handlecache and multiuser (bsc#1190317).
- commit 61380d0
- Backport causes crashes on all arches so revert the patch until
I find the root cause
- commit 83c44b2
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1190317).
- commit 33643f3
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1190317).
- commit 96ae468
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1190317).
- commit dd406c0
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- commit 063a3b9
- cifs: mark sessions for reconnection in helper function
(bsc#1190317).
- commit 145a355
- Fix a warning about a malformed kernel doc comment in cifs
(bsc#1190317).
- commit 5777710
- check sk_peer_cred pointer before put_cred() call
- commit 78087f4
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
path is empty (bsc#1190317).
- commit 11e7725
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
bsc#1202672).
- commit 743f12e
- net: handle kABI change in struct sock (bsc#1194535
CVE-2021-4203).
- commit c37013b
- Drop the unused function after porting on 4.12
- commit a8cf8a3
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
functions (git-fixes).
- commit 977d6ab
- blacklist.conf: update blacklist
- commit 185c40c
- mvpp2: fix panic on module removal (git-fixes).
- commit 7f3079c
- mvpp2: refactor the HW checksum setup (git-fixes).
- commit 8ea5b04
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- commit 10e6082
- net/mlx5e: Use the inner headers to determine tc/pedit offload
limitation on decap flows (git-fixes).
- commit 9697304
- blacklist.conf: update blacklist
- commit 46ff3d0
- fuse: handle kABI change in struct sock (bsc#1194535
CVE-2021-4203).
- commit cb0be42
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit cfbed38
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit 851ec16
- tracing/uprobes: Check the return value of kstrdup() for
tu->filename (git-fixes).
- commit 8dca833
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF
tracing (git-fixes).
- commit 7aa1321
- xprtrdma: Fix trace point use-after-free race (git-fixes).
- commit a8b511a
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- commit 2512414
- tracing/perf: Use strndup_user() instead of buggy open-coded
version (git-fixes).
- commit f7c4f1b
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- commit 2dd27f0
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- commit ec6873e
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
(bsc#1190317).
- commit c2c268e
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- commit f5d8a69
- cifs: fix ntlmssp auth when there is no key exchange
(bsc#1190317).
- commit 0965ebd
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- commit ea690c7
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- commit 73ad842
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- commit 7d782ba
- Revert "/USB: xhci: fix U1/U2 handling for hardware with
XHCI_INTEL_HOST quirk set"/ (git-fixes).
- commit 7bb63b3
- blacklist.conf: cleanup designed to break kABI
- commit d77a5a8
- blacklist.conf: cleanup on a minor driver that would require a kABI fixup
- commit 4b84bde
- blacklist.conf: optimization on a minor driver that would require a kABI fixup
- commit ab46ac0
- blacklist.conf: driver only introduced in v4.14
- commit c8efaee
- blacklist.conf: for an architecture unsupported on SLE12
- commit e27f3be
- blacklist.conf: irrelevant in our config
- commit cca8fdf
- blacklist.conf: subsystem the patch is for is introduced only in v4.13
- commit 94d5cd2
- squashfs: add more sanity checks in id lookup (git-fixes).
- commit 0993c72
- squashfs: add more sanity checks in inode lookup (git-fixes).
- commit 5e5b6f8
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- commit acc3d9a
- phy: tegra: fix device-tree node lookups (git-fixes).
- commit 8650336
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit f2d03b6
- blacklist.conf: very likely to cause regressions
- commit 857d8cc
- powerpc/xive: Fix refcount leak in xive_get_max_prio
(fate#322438 git-fixess).
- commit 6f2e0e1
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit ccc3683
- powerpc: define get_cycles macro for arch-override
(bsc#1065729).
- commit db10d90
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit c398028
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
(CVE-2022-2588 bsc#1202096).
- commit 05c19f7
- KVM: PPC: Book3S HV: Context tracking exit guest context before
enabling irqs (bsc#1065729).
- commit d7f9277
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit 2e356ce
- blacklist.conf: later reverted upstream
- commit a099951
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 202a421
- Revert "/r8152: adjust the settings about MAC clock speed down
for RTL8153"/ (git-fixes).
- commit 893a9a7
- MyBS: Avoid lock recursion in certificate check
SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
CA certificate as the SSL trust root.
Check that the error is caused by bad certificate, and don't handle
other errors so that users can see authentication errors correctly.
Also unlock the cookie storage in case the problem is resolved with
using the built-in certificate.
- commit 21d6a61
- net: usb: lan78xx: Connect PHY before registering MAC
(git-fixes).
- commit d406530
- blacklist.conf: misattributed
- commit 113cb73
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- commit 30cd9be
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit ea9c6cd
- MyBS: Save hoarded cookies to disk
The performance of the OBS SSH authentication system is very bad, and
can be overwhelmed by about 1 authentication/s.
With osc saving cookies to disk this is not seen as problem.
Saving cookies to disk in MyBS should work around the authentication
system performance problem until it's resolved.
The design ensures that processes competing for authentication use the
same cookie once one become available rether than authenticating
independently, overwhelming the authentication service.
- Reading cookie file is lockless, file update atomic with mv
- Requesting auth & writing out obtained cookie is locked
- To be able to break stale lock the lockfile is empty, cookie is saved
to a separate tmeporary file
Cookie file contains the whole Set-Cookie header content. It would be
possible to add support for multiple cookies but OBS only ever sets one
cookie so multiple cookies are not supported.
- commit 37ed7ba
- ext4: make sure ext4_append() always allocates new block
(bsc#1198577 CVE-2022-1184).
- commit bc8c541
- ext4: check if directory block is within i_size (bsc#1198577
CVE-2022-1184).
- commit b9efa04
- ext4: Fix check for block being out of directory size
(bsc#1198577 CVE-2022-1184).
- commit be40637
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1202528).
- commit e115339
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- commit f4a62aa
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- commit bfdf1f9
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking (bsc#1202528).
- commit a4caa5b
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- commit eedfc1d
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- commit 0d074a5
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (bsc#1202528).
- commit 83cf4e8
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- commit b1b7482
- Fix releasing of old bundles in xfrm_bundle_lookup()
(bsc#1201264 bsc#1190397 bsc#1199617).
- commit bc50d6c
- btrfs: include delalloc related info in dump space info tracepoint (bsc#1202528).
- commit 41ed5ae
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- commit 7ff1a2f
- cxgb4vf: update kernel-doc line comments (git-fixes).
- commit 86bb074
- cxgb4: update kernel-doc line comments (git-fixes).
- commit 54c720b
- cxgb4: fix endian conversions for L4 ports in filters
(git-fixes).
- commit aa42e53
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- commit dc23e3b
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- commit b83d2bf
- blacklist.conf: update blacklist
- commit 8032df7
- blacklist.conf: update blacklist
- commit aea5602
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
- Delete
patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit 354153b
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- commit 68811a9
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1202528).
- commit d9b864b
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- commit a73dbd4
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- commit 60db43c
- btrfs: rip out may_commit_transaction (bsc#1202528).
- Refresh
patches.suse/btrfs-handle-preemptive-delalloc-flushing-slightly-differently.patch.
- commit c5ab5f9
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt (bsc#1202528).
- Refresh
patches.suse/btrfs-only-ignore-delalloc-if-delalloc-is-much-smaller-than-ordered.patch.
- commit 59f31f6
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1202528).
- commit f7a119e
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1202528).
- commit 9a30ad9
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1202528).
- commit a265556
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1202528).
- commit b31d6c3
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1202528).
- commit fbc80a6
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- commit db608fb
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- commit 8aab0b2
- btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
- Refresh
patches.suse/0006-btrfs-move-and-export-can_overcommit.patch.
- Refresh
patches.suse/0020-btrfs-do-not-account-global-reserve-in-can_overcommit.patch.
- Refresh
patches.suse/Btrfs-fix-race-between-adding-and-putting-tree-mod-s.patch.
- Refresh
patches.suse/btrfs-ensure-replaced-device-doesn-t-have-pending-chunk-allocation.patch.
- Refresh
patches.suse/btrfs-fix-btrfs_calc_reclaim_metadata_size-calculation.patch.
- commit f88ccad
- net/mlx5: Clear LAG notifier pointer after unregister
(git-fixes).
- commit d878d7c
- net: dsa: mt7530: Change the LINK bit to reflect the link status
(git-fixes).
- commit ece75a8
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC
pressure (git-fixes).
- commit 8794a66
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- commit 9d72e43
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- commit 3faa94c
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1202528).
- commit 9bb464a
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- commit dfed983
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- commit fa5b783
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- commit ed57e7f
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- commit 99a8046
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- commit efb656d
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- commit f95c0ae
- btrfs: improve preemptive background space flushing (bsc#1202528).
- commit 951dafe
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- commit f16f950
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- commit ac2920d
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1202528).
- commit 5a1a4e8
- ata: libata: add qc->flags in ata_qc_complete_template
tracepoint (git-fixes).
- commit 8897145
- blacklist.conf: not-relevant cleanups for drivers/char/random
- commit 4551df9
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
stale pointer (git-fixes).
- commit 8449873
- MyBS: Only send authorization when out of cookies
- commit 0e13567
- MyBS: Hoard cookies
- commit f84b974
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
(git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
(git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
(git-fixes).
- commit ce1e4d8
- MyBS: Add OBS SSH key support
- commit 2992b24
- kabi/severities: add mlx5 internal symbols
- commit 8c6dd4b
- net: ll_temac: Add more error handling of dma_map_single()
calls (git-fixes).
- commit af7573f
- net: ll_temac: Fix support for little-endian platforms
(git-fixes).
- Refresh
patches.suse/net-ll_temac-Fix-race-condition-causing-TX-hang.patch.
- commit 12402e7
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- commit 5bf9adc
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- commit 5222049
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq
for drop profiles (git-fixes).
- commit e2d5d61
- net: emaclite: Simplify if-else statements (git-fixes).
- commit 43fe9bd
- net/mlx5: Fix auto group size calculation (git-fixes).
- commit f65c99f
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- commit 717b8ab
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup() (bsc#1201948 CVE-2022-36879).
- commit 6a240fe
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
(CVE-2022-20368 bsc#1202346).
- commit bcc8988
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
across ioctls (bsc#1202347 CVE-2022-20369).
- commit 0cf8c8f
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- commit 832ae90
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- commit 10f3936
- Update metadata references
- commit 7183678
- md/bitmap: don't set sb values if can't pass sanity check
(bsc#1197158).
- commit 34e4bcc
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
CVE-2022-26373).
- commit a207cec
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
CVE-2022-26373).
- commit 30ef9f9
- Move kABI patches to kABI section.
- commit a80bab0
- powerpc: powernv: kABI: add back powernv_get_random_long
(bsc#1065729).
- commit 3080872
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
later in boot (bsc#1065729).
- commit 869d405
- md-raid: destroy the bitmap after destroying the thread
(git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- pNFS: Don't keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- commit 3bc259d
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
(bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit 42e06ba
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
(bsc#1120716).
- commit ce36184
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
(bsc#1065729).
- powerpc/powernv: Use darn instruction for get_random_seed()
on Power9 (bsc#1065729).
- commit 4e67aee
- xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
- commit 9ad699f
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit a44d410
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1201726
CVE-2022-26373).
- commit 8e898cd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
(bsc#1201726 CVE-2022-26373).
- commit 9388584
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(CVE-2022-29581 bsc#1199665).
- commit 944805b
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
bsc#1202154).
- commit 0d36370
- ipv4: avoid using shared IP generator for connected sockets
(CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
bsc#1196616).
- commit df5e606
- blacklist.conf: Relatively high risk of unexpected performance change
- commit 58f819d
- blacklist.conf: Many dependencies with relatively high risk of unexpected performance change
- commit 56dc959
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- xfs: always free inline data before resetting inode fork during
ifree (bsc#1202017).
- commit 89a46fc
- blacklist.conf: remove 98c4f78dcdd8 from blacklist
This is a required fix, as 43518812d2 was backported.
- commit 62ac6c4
- blacklist.conf: Add fadump commits introducing boot_mem_top
bec53196adf4 powerpc/fadump: add support to preserve crash data on FADUMP disabled kernel
7dee93a9a880 powerpc/fadump: support holes in kernel boot memory area
The current fadump code in 4.12 kernel does not support bootmem holes.
If these commits are backported the current backports need review for
use of boot_memory_size instead of boot_mem_top
- commit 66afc75
- powerpc/fadump: fix PT_LOAD segment for boot memory area
(bsc#1103269 ltc#169948 git-fixes).
- powerpc/fadump: make crash memory ranges array allocation
generic (bsc#1103269 ltc#169948 git-fixes).
- Refresh patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch
- commit 2607c5c
- blacklist.conf: Append 'drm/amdgpu/acp: Make PM domain really work'
- commit 5d0cbbf
- blacklist.conf: Append 'drm: mxsfb: Clear FIFO_CLEAR bit'
- commit a9d2273
- blacklist.conf: Append 'drm: mxsfb: Increase number of outstanding requests on V4 and newer HW'
- commit eb95663
- blacklist.conf: Append 'drm: mxsfb: Enable recovery on underflow'
- commit 5c872c1
- blacklist.conf: Append 'drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg'
- commit 9af6ddf
- blacklist.conf: Append 'drm/radeon: Fix off-by-one power_state index heap overwrite'
- commit 0f57ec5
- blacklist.conf: Append 'drm/radeon: Avoid power table parsing memory leaks'
- commit 2212d5c
- blacklist.conf: Append 'amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create'
- commit 6d1e3d5
- blacklist.conf: Append 'drm/radeon: Fix a missing check bug in radeon_dp_mst_detect()'
- commit 5ae4891
- blacklist.conf: Append 'Fix misc new gcc warnings'
- commit ba680f8
- blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4'
- commit 6465ff9
- blacklist.conf: Append 'drm/amdgpu: check alignment on CPU page for bo map'
- commit 11881ba
- blacklist.conf: Append 'drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()'
- commit 06bd647
- blacklist.conf: Append 'drm/i915: Fix the GT fence revocation runtime PM logic'
- commit 278dbb6
- blacklist.conf: Append 'drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence'
- commit 46e7a2f
- blacklist.conf: Append 'drm/i915/dp: Track pm_qos per connector'
- commit 1a3ef34
- blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies'
- commit e361acc
- blacklist.conf: Append 'drm/i915/gem: Avoid implicit vmap for highmem on x86-32'
- commit f730816
- blacklist.conf: Append 'drm/dp_mst: Kill the second sideband tx slot, save the world'
- commit ee6a373
- blacklist.conf: Append 'drm: mst: Fix query_payload ack reply struct'
- commit 9b06dd2
- blacklist.conf: Append 'drm/i915/gen8+: Add RC6 CTX corruption WA'
- commit 7617aa6
- blacklist.conf: Append 'make 'user_access_begin()' do 'access_ok()''
- commit 36185b4
- lkdtm: Disable return thunks in rodata.c (bsc#1114648).
- commit 1db863b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648).
- commit c693b03
- blacklist.conf: Add ppc numa commits
e75130f20b1f powerpc/numa: Offline memoryless cpuless node 0
10f78fd0dabb powerpc/numa: Fix a regression on memoryless node 0
- commit f94fd1c
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- commit 7c39b90
- kvm/emulate: Fix SETcc emulation function offsets with SLS
(bsc#1201930).
- commit 0c004d2
- netfilter: nf_queue: do not allow packet truncation below
transport header offset (bsc#1201940 CVE-2022-36946).
- commit 06aa700
- latent_entropy: avoid build error when plugin cflags are not
set (git-fixes).
- Refresh patches.suse/fdt-add-support-for-rng-seed.patch.
- commit 66e3bae
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
(git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
(git-fixes).
- random: always fill buffer in get_random_bytes_wait (git-fixes).
- commit 4bf323f
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
(bsc#1201651).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201651).
- scsi: qla2xxx: Zero undefined mailbox IN registers
(bsc#1201651).
- scsi: qla2xxx: Fix incorrect display of max frame size
(bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
injection (bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
with I/Os (bsc#1201958).
Refresh:
- patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
(bsc#1201958).
- scsi: qla2xxx: Fix losing target when it reappears during delete
(bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
tests (bsc#1201958).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
timeouts (bsc#1201958).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
(bsc#1201958).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
(bsc#1201958).
- scsi: qla2xxx: Fix excessive I/O error messages by default
(bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
(bsc#1201958).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
(bsc#1201958).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201958).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
(bsc#1201958).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
(bsc#1201958).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
(bsc#1201958).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
(bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
(bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
(bsc#1201958).
- scsi: qla2xxx: edif: Remove old doorbell interface
(bsc#1201958).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
(bsc#1201958).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
authentication application (bsc#1201958).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
(bsc#1201958).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
(bsc#1201958).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
(bsc#1201958).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201958).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
(bsc#1201958).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
(bsc#1201958).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
(bsc#1201958).
- commit a8936d6
- Drop qla2xxx patch which prevented nvme port discovery
(bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
Upstream fixed the problem by reverting the offending commit.
Delete:
- patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 452db23
- scsi: lpfc: Address NULL pointer dereference after
starget_to_rport() (git-fixes).
- commit 996de99
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit 5f1b81f
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit 8656e81
- net: xilinx_emaclite: Do not print real IOMEM pointer
(git-fixes).
- commit 1032862
- mvpp2: suppress warning (git-fixes).
- commit 163d5b9
- net: ethernet: fix potential use-after-free in ec_bhf_remove
(git-fixes).
- commit 08e620e
- net: hamradio: fix memory leak in mkiss_close (git-fixes).
- commit d5b5550
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 4e39a7a
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
(git-fixes).
- commit 5a1c833
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
(git-fixes).
- commit 70491b7
- net: stmmac: dwmac1000: Fix extended MAC address registers
definition (git-fixes).
- commit 0a365bd
- net: mdio: octeon: Fix some double free issues (git-fixes).
- commit 770566f
- net: mdio: thunder: Fix a double free issue in the .remove
function (git-fixes).
- commit 77a03ff
- net: fec: fix the potential memory leak in fec_enet_init()
(git-fixes).
- commit 3c37ef9
- net: fec: check DMA addressing limitations (git-fixes).
- commit 994eea1
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
(git-fixes).
- commit c9228da
- net: stmmac: fix incorrect DMA channel intr enable setting of
EQoS v4.10 (git-fixes).
- commit 2b936dd
- Refresh
patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c149c1b
- Remove our homegrown IBRS implementation
... now that there's an upstream version.
- x86/entry: Add kernel IBRS implementation (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Delete
patches.suse/x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch.
- Delete
patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Delete
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Delete
patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete
patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- commit 7278759
- media: saa7146: mxb: Fix a NULL pointer dereference in
mxb_attach() (git-fixes).
- commit d6ee03c
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- commit 2128de3
- media: uvcvideo: fix division by zero at stream start
(git-fixes).
- commit 24c7763
- blacklist.conf: cleanup breaking kABI by renames
- commit 112598f
- blacklist.conf: cleanup breaking kABI by renames
- commit 25ac149
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
(git-fixes).
- commit 945069e
- blacklist.conf: misattributed patch
- commit 379c546
- bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes).
- commit 3e6c035
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- commit acd09d7
- net: macb: mark device wake capable when "/magic-packet"/
property present (git-fixes).
- commit 674240e
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- commit 0674aaf
- vrf: Fix IPv6 with qdisc and xfrm (git-fixes).
- commit 0a2458c
- net: stmmac: dwmac1000: Disable ACS if enhanced descs are not
used (git-fixes).
- commit 2e76107
- net: stmmac: Fix misuses of GENMASK macro (git-fixes).
- commit fc6700d
- kABI workaround for including mm.h in fs/sysfs/file.c
(bsc#1200598 CVE-2022-20166).
- commit fe1fe6b
- blacklist.conf: update blacklist
- commit ae741a4
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
sysfs_emit (bsc#1200598 CVE-2022-20166).
- commit 3d23964
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
CVE-2022-20166).
- commit c8e2e5b
- drivers core: Remove strcat uses around sysfs_emit and neaten
(bsc#1200598 CVE-2022-20166).
- commit 5cd9512
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
* ...) functions (bsc#1200598 CVE-2022-20166).
- commit 7554520
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
(bsc#1200598 CVE-2022-20166).
- commit c5a70d7
- cxgb3/l2t: Fix undefined behaviour (git-fixes).
- commit 8076d39
- kabi/severities: add cxgb3 network driver
- commit 3a6a137
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit 5efdb64
- Sort in RETbleed backport into the sorted section
Now that it is upstream...
- Refresh
patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
patches.suse/sched-topology-Improve-load-balancing-on-AMD-EPYC.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
patches.suse/x86-cpu-add-a-steppings-field-to-struct-x86_cpu_id.patch.
- Refresh
patches.suse/x86-cpu-add-table-argument-to-cpu_matches.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh
patches.suse/x86-microcode-amd-increase-microcode-patch_max_size.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh
patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch.
- Refresh
patches.suse/x86-speculation-add-srbds-vulnerability-and-mitigation-documentation.patch.
- Refresh
patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch.
- Refresh
patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- commit d06c642
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
for migration (bsc#1201610).
- commit 674875f
- random: fix crash on multiple early calls to (git-fixes)
- commit cf465a0
- vt: vt_ioctl: fix race in VT_RESIZEX (bsc#1200910
CVE-2020-36558).
- commit 3c76a1f
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
(bsc#1201429 CVE-2020-36557).
- commit f15e18d
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- commit 7e31757
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit 704434f
- Refresh patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch
Fix the build error due to missing is_console_locked()
- commit 39e2064
- Delete patches.suse/IBRS-forbid-shooting-in-foot.patch.
Backported upstream commit
7c693f54c873 ("/x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS"/)
already takes care of that.
- commit e4bbbc2
- fbmem: Check virtual screen sizes in fb_set_var()
(CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
(CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
(CVE-2021-33655 bsc#1201635).
- commit c1a0922
- Delete patches.suse/x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch.
Superceded by the upstream version
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch
- commit 5309cbd
- blacklist.conf: add a few patches
- commit cf91d33
- serial: mvebu-uart: correctly report configured baudrate value
(git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- fsl_lpuart: Don't enable interrupts too early (git-fixes).
- arch_topology: Do not set llc_sibling if llc_id is invalid
(git-fixes).
- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
(git-fixes).
- commit 4567918
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit c9dc552
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 08341d7
- blacklist.conf: cosmetic fix
- commit 5ba3d81
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- commit 346b0d8
- blacklist.conf: adds an uevent user space is not ready for
- commit 6ac2a70
- usbnet: fix memory leak in error case (git-fixes).
- commit f3b6abf
- usbnet: fix memory allocation in helpers.
- commit 9363858
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
rx queue (bsc#1201381).
- commit 334fe0b
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- commit 6824fa5
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 1dda89e
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- commit ee19e9d
- pty: do tty_flip_buffer_push without port->lock in pty_write
(bsc#1198829 CVE-2022-1462).
- commit c0b9f34
- tty: use new tty_insert_flip_string_and_push_buffer() in
pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit 1b70eb4
- dm mirror log: round up region bitmap size to BITS_PER_LONG
(git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
(git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
(git-fixes).
- dm btree remove: fix use after free in rebalance_children()
(git-fixes).
- blk-cgroup: synchronize blkg creation against policy
deactivation (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
(git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
(git-fixes).
- blk-zoned: allow zone management send operations without
CAP_SYS_ADMIN (git-fixes).
- lib/hexdump.c: return -EINVAL in case of error in hex2bin()
(git-fixes).
- commit 4cd1fd7
- blacklist.conf: Update for git-fixes
- commit e740cc0
- net: ll_temac: Fix TX BD buffer overwrite (git-fixes).
- commit 1ff015f
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- commit 0c73d92
- net: ll_temac: Fix bug causing buffer descriptor overrun
(git-fixes).
- commit 2fe2e0f
- net: stmmac: fix missing IFF_MULTICAST check in
dwmac4_set_filter (git-fixes).
- commit 075d2fd
- bnxt_en: Remove the setting of dev_port (git-fixes).
- commit 1fccfbd
- blacklist.conf: update
- commit d2fcee3
- Refresh
patches.suse/v5-0001-crypto-DRBG-add-FIPS-140-2-CTRNG-for-noise-source.patch.
A modified version of the patch did make it mainline. Detected by git-fixes.
- commit 9eec360
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 2a23102
- scripts/sequence-patch.sh: create sub-function apply_one_patch()
Carve out the main functionality of applying a single patch from
apply_patches() into a sub-function.
- commit f24575e
- scripts/sequence-patch.sh: let "/--fast"/, "/--rapid"/ and "/"/ behave consistently
Today scripts/sequence-patch.sh will stop before applying a patch when
being called with "/--fast"/ or "/--rapid"/ and a patch name, while it will
apply the named patch when being called without "/--fast"/ or "/--rapid"/.
Change that by letting apply_patches() use the PATCHES_BEFORE[] and
PATCHES_AFTER[] arrays as apply_rapid_patches() and
apply_fast_patches() are doing already.
In order to keep the capability to single step through the remaining
patches add a function for that purpose.
- commit 134d511
- Refresh
patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch.
Fix a build warning.
- commit 539b424
- scripts/tar-up.sh: Detect untracked changes to rpm directory.
- commit bd49209
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
universally for now) added two new compiler-dependent configs:
* CC_NO_ARRAY_BOUNDS
* GCC12_NO_ARRAY_BOUNDS
Ignore them -- they are unset by dummy tools (they depend on gcc version
== 12), but set as needed during real compilation.
- commit a14607c
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 22a9ddc
- kernel-binary.spec: check s390x vmlinux location
As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
directly into arch/s390/boot. As the specfile is shared among branches,
check both locations and let objcopy use one that exists.
- commit cd15543
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- scripts/check-embargoed-bugz: Skip check for the direct to push to *_EMBARGO branch, too
- commit 2553069
- kernel-binary.spec: Support radio selection for debuginfo.
To disable debuginfo on 5.18 kernel a radio selection needs to be
switched to a different selection. This requires disabling the currently
active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- scripts/git_sort/git_sort.py: add driver for-next repo
- commit bd4759e
- Add dtb-starfive
- commit 85335b1
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit a90bbcf
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- pahole 1.22 required for full BTF features.
also recommend pahole for kernel-source to make the kernel buildable
with standard config
- commit 364f54b
- use jobs not processors in the constraints
jobs is the number of vcpus available to the build, while processors
is the total processor count of the machine the VM is running on.
- commit a6e141d
- scripts/run_oldconfig.sh: use pahole from dummy-tools if available (bsc#1198388)
Similar to other dummy-tools, use also pahole from dummy-tools, if it is
available. This makes the configs consistent on all distros, not
dependining on developers' version.
- commit a9e6b6c
- git_sort: Fix error message for patches missing Git-commit.
To reject unsortable patches from out-of-tree section patches without a
Git-commit that don't have Patch-mainline Submitted or Not yet are
rejected with an error message saying that this tag is not supported.
However, this is the case also for patches that have Patch-mainline
Queued or version which are missing Git-commit.
Add a separate error message for this case.
Fixes: eaff9bcc7268 ("/git_sort/lib: Only allow patches intended for mainline."/)
- commit 24354fd
- scripts/python: Align with kbuild.
The port to python3 happened independently in kernel-source and kbuild
creating some source differences.
These differences cause problems with applying patches across different
repositories. Align the sources by removing trivial differences.
- commit 9796048
- scripts/gitlog2changes: Fix parsing of GPG-signed commit
- commit a384f30
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- scripts: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit 2ea024c
- scripts/run_oldconfig.sh: Ignore PAHOLE_VERSION.
- commit c585f2b
- git_sort.py: Add bpf-next tree.
- commit a4d4ce2
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- powerpc: Set crashkernel offset to mid of RMA region
(bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit b6d78fb
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
bsc#1198484)
Let's iron out the reduced initrd optimisation in Tumbleweed.
Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- git_sort: Fix error when sorted section is empty.
- commit 06a0c32
- MyBS.pm: support the password-store keyring
osc can use password-store via the Python keyring and password-store backend.
We can detect this configuration from its specific credentials_mgr_class
setting, and instead call the 'pass' command directly, similarly to the
secret-tool.
- commit 38694df
- README: Remove remaining traces of Novell
- commit fbc8e4e
- git_sort: tests: Fix warning about default branch
Since the version in SLE 15 git init prints this warning which is logged
in the test result:
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
The -b argument to git init to suppress this warning is not available on
git versions that do not print the warning.
pygit2.init_repository does not print this warning so use it instead.
- commit 873477c
- git_sort: tests: Fix quilt mode test on TW
The quilt mode test requires getopt which is no longer installed by
default.
- commit 2e0e020
- scripts/check-embargoed-bugz: git pre-push script for checking embargoed bugs
- commit f5044f8
- scripts/stableids: allow machine to be localhost
And do not attempt to ssh anywhere in that case.
- commit 2e223ff
- scripts/stableids: number more than 999 patches properly
I.e. pad enough number of zeros for patches count >= 1000.
- commit ecfeb07
- scripts/git_sort/git_sort.py: Remove a dev branch of the -rcu tree
- commit ce56f17
- scripts/git-pre-commit: Detect empty patches.
- commit 616effa
- git_sort/lib: use correct class name for MutableSet
[BUG]
With latest python3.10, all git_sort scripts fails to start:
$ ./scripts/git_sort/series_insert.py
Traceback (most recent call last):
File "/~/btrfs/suse/kernel-source/./scripts/git_sort/series_insert.py"/, line 34, in <module>
import lib
File "/~/btrfs/suse/kernel-source/scripts/git_sort/lib.py"/, line 569, in <module>
class OrderedSet(collections.MutableSet):
AttributeError: module 'collections' has no attribute 'MutableSet'
[CAUSE]
From python3.3 and later, MutableSet needs to be referred using
"/collections.abc.MutableSet"/, instead of just "/collections.MutableSet"/.
After python3.9, the old compatible behavior seems to be removed, thus
causing above crash.
[FIX]
Try to import MutableSet from collections.abc first, if not found, then
try again from collections.
For v3.10 the first try should success, while on v3.4 I don't have any
system to test though. Hopes this would work.
- commit 5fedfe0
- git_sort: Use -next rather than -testing in gregkh/usb
- commit 7232b7b
- git_sort: Add driver-core repository.
- commit d7ae15d
- scripts/git_sort/git_sort.py: add Greg KH's USB repo
- commit bd0fd0c
- scripts/osc_wrapper: fix issue where osc build cannot find git HEAD if
checked out branch is a worktree
- commit 14421cd
- test_series_sort.py: Also test submitted patch.
- commit 6a7dd95
- scripts/git_sort/tests: Update to current codestreams.
- commit 94b31df
- git_sort/lib: Only allow patches intended for mainline.
- commit eaff9bc
- check-patchhdr: Do not require Patch-mainline on kABI patches.
These patches are not meant to be submitted, anyway.
- commit b5822d2
- header.py: Reject Patch-mainline: No
This tag is deprecated. Never or Not yet should be used instead.
- commit 50efd72
- scripts/git_sort/git_sort.py: add a dev branch of the -rcu tree
- commit 60ddeaf
- scripts/git_sort/git_sort.py: add gpio maintainers git tree
- commit 189ee55
- MyBS.pm: Do not use pool as suffix for QA repository.
- commit 1c60609
- MyBS.pm: Use pool repository when present.
The standard repository in SLE15 SP3 in OBS does not contain packages.
- commit a1fda61
- scripts/git_sort/git_sort.py: Update drm-next repo
- commit c36d95b
- scripts/bugzilla: report only active versions
Report only product versions that are marked as active. This makes
bugzilla-create work properly for products with inactive versions.
- commit ef0f3ae
- scripts/run_oldconfig.sh: pretend RUSTC doesn't exist
HAS_RUST and RUSTC_VERSION is set (or unset) depending if rustc exists
on a machine where run_oldconfig.sh is run. We don't want the config to
oscillate, so disable rust completely for the time being.
Don't use /bin/false, use nonsense like /nothing/nowhere instead. It
makes scripts/rust-version.sh NOT to scream about missing output.
If we ever want to support rust, we have to:
* introduce dummy-tools into rust world (there is no CROSS_COMPILE
before RUST currently)
* change ignored configs in rpm/check-for-config-changes
- commit 8149db0
- test-all.sh: Pass argument list to Python and make script executable
Improve the helper shell script:
- Pass command line options to python3 to allow things like "/-v"/.
- Set the executable bit, so it can be invoked directly.
- commit 7cc2bcf
- scripts/git_sort/git_sort.py: Add repo for Chuck Lever
Check Lever (aka "/cel"/) is co-maintainer for nfsd.
- commit 7d3e0dc
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 3bdd6db
- header.py: Fix unmatched prentheses.
Fixes: 65d0b2d07e8c ("/README, patch-tag-template, header.py: Abolish Novell and FATE (bsc#1189904)."/)
- commit ffde1c0
- README, patch-tag-template, header.py: Abolish Novell and FATE
(bsc#1189904).
- commit 65d0b2d
- scripts/sequence-patch.sh: Add --signing-key option
The --signing-key option allows the user to specify a certificate and key
to be used for module signing. Checks ensure that it can also be used
for signing the kernel for UEFI Secure Boot.
- commit d2affe4
- scripts: support gz and zst compression methods
Extend 95df98b61fde ("/scripts/supported-conf-fixup: recognize compressed modules"/)
for gzip and zstd compression.
- commit deab245
- run_oldconfig.sh: Also make scripts executable.
When new scripts ar added by a patch they are not executable after
sequence-patch.
- commit 17cad6a
- commit b70c29e
- Add dtb-microchip
- commit c797107
- MyBS: Fix the kernel-obs-build existence check.
- commit 9cd6187
- MyBS: Only wipe kernel-obs-build when it exists.
It does not exist for livepatches.
- commit ca3fae0
- MyBS: Wipe kernel-obs-build after uploading a kernel.
kernel-obs-build is a subpackage of kernel-default built by repacking
kernel-default and is used for building other packages.
In development repositories it is possible that a broken kernel that
does not boot is uploaded, and when kernel-obs-build is built with the
broken content no packages can be built anymore in the QA repository
that uses the kernel-obs-build.
Wipe the kernel-obs-build binaries on upload so that stale broken
binaries don't remain. The package need to be rebuilt with the new
kernel binaries anyway so this does not cause useless rebuilds (unless
you reup-load same git revsion).
Alternative would be to create much more complex repository setup with
aggeregates which does not sound like it would save anything.
- commit c5a3108
This was accidentally merged into packaging rather than scripts as
kernel-source commit 65979e3c8b2d ("/scripts/git_sort/git_sort.py: add bpf
git repo"/).
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 3b45eef
- commit abd8982
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 6b8a8e7
- scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862).
- commit d3f1aea
- run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862).
- commit 2b68831
- scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862).
scripts/dummy-tools is a cross-toolchain from the kernel which
advertises support for _everything_ (on the toolchain side). Using
these, we obtain super-configs which are then reduced during build time
when real toolchain (like gcc, ld, ...) is used.
This allows us to drop the need for cross-compilers, specific versions
of gcc etc. This is always pain as run_oldconfig.sh ran on different
machines produces different configs.
- commit f1e7bc3
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- commit 52a1ad7
- scripts/wd-functions.sh: add tar.gz base kernel tarball
Linux -rc snapshots are released as tar.gz files, add support for them.
- commit d4457f3
- git-sort: Update nvme repo branch.
- commit f005189
- scripts/python/check-patchhdr: explicitly prefer python3
Debian and OpenSUSE Tumblweed no longer have the /usr/bin/python
symlink, at least this is explained and spelled out on the Debian
Python Policy [0]. This guideline specifically requests that scripts
do not use `/usr/bin/env`, do not use `/usr/bin/python` and instead
use the exact version desired.
So do just that. Without this, you cannot use kernel-source and commit
changes without a warning of the python interpreter missing.
With regards to support to Python 2, some SLE release will simply have
a python2 script, and some releases for Python3. Release branches where
we have python 3 can opt-in to embrace this patch.
[0] https://www.debian.org/doc/packaging-manuals/python-policy/ch-python.html#s-interpreter
- commit a81b795
- scripts/tar-up.sh: remove -u from helptext
Fixes commit 3efbe774d5cfa0ced909811a7fc3fe16bffaf580
- commit 606be75
- commit 3233d64
- scripts/renamepatches: Add explanation.
- commit c7715af
- scripts/renamepatches: Tool for unifying patch filenames across
branches.
It often happens that different developers add patches under different
names to different branches. When the branches are merged the patches
are added twice instead of causing a conflict.
Renaming patches in advance in one of the branches makes merging much
more straightforwared.
- commit 0951065
- scripts/stableids: s/bnc/bsc/ and cleanup old versions
The current reference to be used is bsc, not bnc anymore. So update the
script.
And remove all discontinued stable versions.
- commit 193862b
- scripts/git_sort/git_sort.py: Add clock maintainer tree
- commit 5435172
- scripts/git_sort/git_sort.py: update SCSI and NVMe repositories
- commit 509f06e
- commit 793c656
- scripts: Support gnome_keyring for OBS connections
.oscrc may specify keyring= or gnome_keyring= directive to instruct us
obtaining the password from the local keyring. When only the latter is
specified we would fail to fetch the password. Fix this by handling
gnome_keyring= as keyring= too.
- commit c496909
- scripts/git-fixes: Import script from kbuild.
- commit 3e66f73
- scripts/git_sort/git_sort.py: add gitloite to k_org_prefixes
If you define in your gitconfig to use gitolite for accessing kernel.org
the scripts won't recongnise your remotes in $LINUX_GIT
Add gitloite support to k_org_prefixes
- commit 27af818
- scripts/run_oldconfig.sh: support setting config options with value
Existing -nco-* options for run_oldconfig.sh only allow adding/replacing
options with y or m values or disabling them but cannot be used to set
options which take e.g. a number or string as value.
Add new parameter -nco which allows setting a config option to an arbitrary
value, e.g.
./run_oldconfig -nco LOG_BUF_SHIFT=18
./run_oldconfig -nco DEFAULT_TCP_CONG="/cubic"/
- commit 9c449cf
- MyBS.pm: use secret-tool instead of custom script
secret-tool is available from the package of the same name under
Leap and Tumbleweed.
- commit d2378aa
- scripts/lib/SUSE/MyBS.pm: Fix uninitialized value.
- commit 47ccb93
- scripts/lib/SUSE/MyBS.pm: Support new style obfuscated password.
- commit 5f57bd3
- scripts: Simplistic keyring implementation for bs-upload-kernel
This adds a very simply PoC implementation for querying the keyring
for the OBS password. It's obviously not really secure, but still
better than storing the password in plain text or with trivial
encryption. I couldn't find a plain perl implementation of the
secretstorage protocol.
- commit 4bafc0a
- scripts/run_oldconfig.sh: Ignore CONFIG_CC_VERSION_TEXT
- commit e81b5cd
- git_sort: drop nvme repositories from the list
The nvme-5.8 branch has been rebased four times in three weeks so that
trying to manage nvme patches with git_sort means more harm than good.
- commit b382424
- scripts/lib/SUSE/MyBS.pm: update for OBS
Similar to 3ae8f5694d41...
- commit 54326bb
- scripts/lib/SUSE/MyBS.pm: Adjust basic auth realm for IBS.
- commit 3ae8f56
- scripts/run_oldconfig.sh: Ignore LD_VERSION in config.
- commit e3040fe
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e1a964f
- git_sort: update URL of net and net-next reporitories
With the introduction of Jakub Kicinski as co-maintainer, the official
URL of net and net-next trees was changed from davem/* to netdev/*.
The original URLs are preserved as aliases but let's switch to the
official ones.
Keeping the old URLs with lower priority so that git_sort can update
Git-repo tags and subsection headers without complaints about unrecognized
repository.
- commit 4457462
- scripts/git_sort/git_sort.py: add masahiroy/linux-kbuild.git repository
- commit 1ed2975
- scripts/git_sort/git_sort.py: Add ulfh/mmc
- commit 7febf5c
- scripts/supported-conf-fixup: support guards containing a dash
The script expects guards to contain only letters and digits (apart from
the leading '-' or '+'). As we are using "/+foo-kmp"/ style guards to mark
modules to put into an internal KMP, we need the script to expect '-'
characters as well.
- commit ce984f3
- scripts/git_sort/git_sort.py: add efi/next repository
- commit 5c191a3
- scripts/git_sort/git_sort.py: add linux-pinctrl repository
- commit 73604d8
- scripts/git_sort/git_sort.py: Add EDAC for-next queue
- commit e718107
- scripts/git_sort/git_sort.py: add thermal/linux.git to the repo list
- commit 84aca34
- scripts/git_sort/git_sort.py: add linux-ipmi repository
- commit 78b705e
- Remove git_sort tests for openSUSE-42.3 (EOL).
- commit d090435
- scripts/check-patch-blacklist: Exit gracefully if blacklist.conf is not present
- commit fe1be04
- scripts/osc_wrapper: make it work with osc >= 0.165
osc >= 0.165 by default tries to run services. This needs an .osc dir
and _project, _package, and _files in it. So disable running services as
we do not need them.
- commit 58db0dd
- scripts/stableids: handle new DRM commits tagging
- commit 4fec579
- scripts/log2: Add --amend option
This works similarly like git-commit --amend option, used for folding the
changes onto the commit HEAD. Unlike git-commit, this re-invokes
scripts/log and the changelog entry is completely refreshed, hence the
previous manual change in the log may be lost and need to be re-entered.
- commit 38eaa49
- Copy git-sort merge tool installation instructions to README.md
- commit 5596d4b
- scripts/git_sort/git_sort.py: Remove s390/linux.git for-linus
This branch no longer exists.
- commit c4479c2
- scripts/sequence-patch.sh: Add --dry-run option
It is often sufficient to check whether the patch series applies
without writing out the patched files.
- commit b999a1f
- scripts/git_sort/git_sort.py: Add device tree repository
- commit 3069f2e
- scripts/git_sort/git_sort.py: add dma-mapping repository
- commit bf870d0
- scripts: stableids, handle new pattern
They started using capital C in commit.
- commit dd41f26
- scripts/git_sort/git_sort.py: add arm64 repository
Delete no longer existing repository linux-mmots
- commit 2e5580a
- scripts/install-git-hooks: Fix spelling of git option --remove-section
- commit 19cc664
- git_sort.py: add soundwire repo.
- commit 99afd50
- git-pre-commit: Warn on blacklisted commits.
- commit 0dea234
- scripts/git_sort/git_sort.py: Add perf repository.
- commit 727e371
- Revert "/scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote"/
This reverts commit 061a324a9d93e90ad21e077b956ed3184203e3cc.
- commit 3373b12
- scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote
It doesn't exist (anymore).
- commit 061a324
- cripts/git_sort/git_sort.py add jejb/scsi repository.
- commit d1fd61a
- scripts/stableids: add dump_only option
This is useful for generating only SHAs. These are used for putting
stable patches into sorted section.
- commit 7669764
- scripts/stableids: add bnc for 5.3 kernel
There is a map of bncs for various kernels. SLE15-SP2 is based on 5.3,
so add the reference.
- commit 7650550
- commit 74150a8
- scripts/git_sort/git_sort.py:
- commit a6474a1
- git-sort: merge_tool: Catch parsing errors of patches from remote branch
Avoids unsightly python backtraces for problems such as a Git-commit id
which is not in LINUX_GIT.
- commit 1eef4e7
- scripts/sort_supported.rb: Script for sorting supported.conf
This script uses a heuristic that works on 99% entries.
There are two lines in current supported.conf that need adjustment in
comment to pass.
- commit 398394f
- scripts/supported-conf-fixup: recognize compressed modules
At the moment, just allow *.ko.xz in addition to *.ko. It would be nice to
make it respect COMPRESS_MODULES from rpm/config.sh but that would require
someone who does actually speak Perl.
- commit 95df98b
- git-sort: merge_tool: Preserve the order of patches when calculating "/added"/
When merging, the relative order of the patches added to the out-of-tree
section between the merge base and remote must be preserved. Previously it
was not, on the erroneous expectation that all added patches are
commit-sorted. Therefore, added patches (remote - base) in the oot
subsection were appended in shuffled order to the oot subsection of the
result.
- commit aa6b527
- scripts/run_oldconfig.sh: support rt partial debug config.
- commit e1353be
- scripts/git_sort/README.md: Update quilt-ks repository URL
- commit 03c796b
- commit 03c6291
- commit 6c1fcb9
- scripts/run_oldconfig.sh: Fix native config check in kbuild.
- commit 93c6080
- commit cbd56d5
- commit 629ccf3
- scripts/tar-up.sh: do not make assumptions about the remote name (bsc#1141488)
The script assumed a remote named 'origin' exists. While this is true
for cloning a repo with default options, the name of the remote can be
easily changed. Also there can be more than one remotes.
Extend the script to exclude a branch named 'scripts' in all configured
remotes.
- commit b98fb06
- commit df44667
- scripts/git_sort/git_sort.py:
- commit f216f54
- scripts/guards: Add missing link.
- commit 9d16ecd
- commit c2096bb
- commit 3f9c688
- git_sort: add crypto maintainer tree.
- commit f74c585
- git-sort: tests: Use --no-gpg-checks in SLE12-SP2 Dockerfile
The updated SLE12-SP2 docker image uses a repo that needs --no-gpg-checks
for non-interactive usage.
- commit ce25676
- git-sort: qcp: Create subdir of quilt's .pc if needed
qcp.py creates a ~refresh file under a subdirectory of quilt's "/.pc"/
directory. If there haven't been other patches applied yet which are in the
same subdirectory (ex: "/patches.fixes"/), that directory does not exist.
This situation can also occur in other scenarios when using `rapidquilt`.
change qcp to create the directory if needed, instead of failing.
- commit 4f437ad
- commit 3d5eb00
- git-sort: README: Add information about how to report problems
- commit 332fdaa
- scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword
- commit 3ef3587
- git-sort: Always explicitely handle a pygit2 import error
As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73
("/series_sort: Catch pygit2 import failure."/) is wrong; given that there is
no explicit installation step of the git-sort scripts and that they are
"/just there"/ in the kernel-source repository, every user-callable script
needs to check that the user followed installation requirements.
- commit 50602bd
- git-sort: Move mainline remote check to series_sort
git_sort can be used on any git repository. series_sort OTOH needs the
reference repository to be a clone of the mainline Linux kernel repository.
Move the warning accordingly.
Using the same rationale as in commit 6d67b1042a73 ("/series_sort: Catch
pygit2 import failure."/), the check is only in series_sort.py even though
other scripts like series_insert.py have the same requirement.
Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 6daf637
- git-sort: Move mainline remote check to series_sort
git_sort can be used on any git repository. series_sort() OTOH expects the
reference repository to be a clone of the mainline Linux kernel repository.
Move the warning accordingly and make it an error since further operations
would fail.
Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 9b0e07a
- scripts: git_sort: Warn about missing upstream repo
I've witnessed several people having misconfigured their remotes and
then calling sortig scripts on series.conf results in cryptic error
messages like:
> Traceback (most recent call last):
> File "/scripts/git_sort/series_sort.py"/, line 121, in <module>
> sorted_entries = lib.series_sort(index, input_entries)
> File "//home/mkoutny/suse/kernel-source-12-sp3/scripts/git_sort/lib.py"/, line 425, in series_sort
> for e in sorted(result[head].items(), key=operator.itemgetter(0))])
> KeyError: None HEAD
Add warning when the upstream torvalds/linux remote is not found to give
users a clue about the situation.
- commit 027d524
- scripts/sequence-patch.sh: fix --fuzz option
The --fuzz getopt long param was not accepting values.
- commit 0307fc9
- README: Adjust links to internal wiki.
- commit 2ee9bf3
- commit 52b5cf3
- commit 86af8b9
- scripts/git_sort/git_sort.py: Add s390/linux.git fixes.
- commit e19d62a
- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
- commit 4223e69
- scripts/bugzilla: use /usr/bin/python3 directly
/usr/bin/env python3 allows the first interpreter in $PATH to be use, which
can product unreliable results.
- commit 8296635
- scripts/python/suse_git/header.py: add jsc#w+-d+ for Jira references
With the upcoming switch to Jira for feature tracking, we need to teach
the checker about the new tag. Enforcement is still disabled.
- commit b7bee5d
- scritps/log2: add patch changes to index before running checks.
- commit 90691bf
- git-sort: series_sort: Make "/series.conf"/ the implicit argument
Similar to series_insert, "/series.conf"/ becomes the default file where to
read/write the patch series. In contrast to series_sort, if the input is
not a tty and no argument is specified, the old mode is preserved, which is
to behave as an stdin/stdout filter. This way, the original usecase of
piping all or a subset of series.conf lines through series_sort (for
example, in the method described in the script header) remains unchanged.
- commit a010ff5
- git-sort: quilt-mode: Fix git_sort.py path
Commit e5655f63f99c ("/git-sort: Remove tools not related to series_sort"/)
removed the "/git-sort"/ symlink but did not update quilt-mode.sh to use the
direct path to git_sort.py.
- commit 949d090
- scripts/git_sort/git_sort.py: add kvalo/wireless-drivers-next/master
- commit 46e9bdf
- git-sort: Handle new pygit2.discover_repository behavior
A consequence of pygit2 commit c32ee0c25384 ("/Now discover_repository
returns None if repo not found"/).
- commit 9ae2824
- tar-up.sh: do not copy files ending with ~
- commit 70993c1
- check-patchhdr: Remove "/slightly strange pattern"/
Make fuller use of the unittest API:
* use assertRaises when testing exceptions
* use assertEqual when testing for equality
* reorder arguments to (expected value, actual value) when testing for
equality, for more intuitive output in case of failure
* use unittest.skip instead of commenting out tests
- commit ba48e04
- git-sort: Add license text
- commit c7a1094
- git-sort: Remove tools not related to series_sort
Some scripts were copied over from the ksapply repository but are not
needed for git-sort, series_sort or quilt-mode. In preparation for moving
the series_sort code to its own repository, remove these scripts. They can
still be found in the ksapply repository:
https://gitlab.suse.de/benjamin_poirier/ksapply
- commit e5655f6
- scripts/sequence-patch.sh: Add --rapid option
It uses rapidquilt to apply patches.
- commit 7178c2c
- commit 8ce95c7
- scripts: Run pre-commit checks only once when splitting changes into multiple commits
Instead of repeating the series_sort check for each patch, we can do the
check once at the beginning, which saves time. Same goes for the other
checks part of the pre-commit hook.
- commit 0f98ccc
- run_oldconfig - crosscompile
- commit 98367ef
- scripts/log2: add --no-edit argument.
- commit 990531c
- scripts/lib/SUSE/MyBS.pm: new osc stores oscrc in .config
So enumerate both possibilities before giving up.
- commit cd4eb98
- scripts: use syncconfig instead of silentoldconfig where available
Since mainline commit 0085b4191f3e ("/kconfig: remove silentoldconfig
target"/), "/make silentoldconfig"/ can be no longer used. Use "/make
syncconfig"/ instead if available.
- commit 0d0454a
- git_sort.py: Add drm-misc-next to list of repos/branches
DRM fixes occationally go from drm-misc-next directly into linux-next
without the intermediate step of drm-next. Support for drm-misc-next is
required by several recent commits.
- commit 379ad30
- git_sort.py: Remove trailing whitespace
- commit c5e56ea
- scripts/series2git: Strip [PATCH] prefix in the subject line
This makes the commit a bit more similar to the original change.
- commit 3d0cc05
- Distribute git configuration in a versioned file
The kernel-source repository uses a script to set certain git config values
which are meant to be distributed to all users. This mechanism makes it
cumbersome to update these configuration values and eventually track their
history.
For security reasons, git does not have a way to implicitly include
configuration values in a repository's content. However, we can explicitly
include extra configuration values from a versioned file using the
"/include.path"/ configuration directive. Reuse the old mechanism to add this
directive (which should hopefully not need changes in the future) and
include the actual configuration values of interest to all users in a
separate file.
- extra-gitconfig:
- scripts/install-git-hooks:
- commit c8faf99
- Configure attributes using .gitattributes file
As stated in gitattributes(5):
Attributes which should be version-controlled and distributed to
other repositories (i.e., attributes of interest to all users)
should go into .gitattributes files.
Therefore, move the currently-used attributes to a .gitattributes file.
This is to support future changes to attributes.
The attributes in $GIT_DIR/info/attributes have precedence over
.gitattributes. Therefore, users who have run scripts/install-git-hooks
from a version predating this patch may have attributes in
$GIT_DIR/info/attributes that override the ones in .gitattributes.
Unfortunately, we are stuck with this blemish from the past and must
forever clean up the mess.
- .gitattributes:
- .gitignore:
- scripts/install-git-hooks:
- commit 668a353
- commit 097d8f0
- Update documentation wrt. Patch-mainline
Common practice is to set Patch-mainline to a Linux release tag. More
than 95% of all patches follow this convention. The remaining 5% have
been fixed accordingly in SLE15.
The documentation is inconsistent wrt. to the content of Patch-mainline.
In some places it refers to a release tag, in others it refers to a version
number. With this cleanup, documentation in scripts/ refers to release tags.
This change is a follow-up for commit 1d81d2699cd3.
- README: Update documentation wrt. Patch-mainline
Common practice is to set Patch-mainline to a Linux release tag. More
than 95% of all patches follow this convention. The remaining 5% have
been fixed accordingly in SLE15.
The README file is inconsistent wrt. to the content of Patch-mainline.
In some places it refers to a release tag, in others it refers to a version
number. With this cleanup, it refers to release tags everywhere.
This change is a follow-up for commit 1d81d2699cd3.
- commit 57b996f
- tar-up.sh: allow packaging multiple architectures.
tar-up.sh has -a option to generate package for a particular
architecture. Extend the -a option processing to accept comma separated
list of architectures. Also fix a bug with ppc64 selecting both ppc64
and ppc64le.
- commit 1d17b6d
- scripts/git_sort/README.md: Add update_clone.py documentation
- commit 2286fa5
- scripts/tar-up.sh: Don't package gitlog-excludes file
Also fix the evaluation of gitlog-excludes file, too
- commit 18a9758
- scripts: sequence-patch.sh: Use '_' to replace '#' charactor (bsc#1107937)
The pound char ('#') could cause kernel "/make prepare"/ failure if
toolchain contains latest automake (1.15).
"/make prepare"/ wil fail like:
$ LANG=C make modules_prepare
[snip]
CALL scripts/checksyscalls.sh
DESCEND objtool
HOSTCC /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep.o
HOSTLD /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o
LINK /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep
/home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/.fixdep-in.o.cmd:1: *** missing separator. Stop.
make[4]: *** [Makefile:42: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o] Error 2
make[3]: *** [/home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/build/Makefile.include:4: fixdep] Error 2
make[2]: *** [Makefile:52: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/libsubcmd.a] Error 2
make[1]: *** [Makefile:61: objtool] Error 2
make: *** [Makefile:1689: tools/objtool] Error 2
The cause is latest make will consider pound char as a separator.
Kernel has some fixes for it:
9feeb638cde0 ("/tools build: fix # escaping in .cmd files for future Make"/)
9564a8cf422d ("/Kbuild: fix # escaping in .cmd files for future Make"/)
But backporting those 2 fixes can't solve the problem if the kernel
path contains '#'.
Considering how common we name the branch using bsc#123456, it would
definitely cause problem if using some rolling release distributions.
Fix the $TAG variable by replacing the '#' to '_', so we won't need to
bother the problem.
- commit 4be920f
- commit b5a813e
- scripts/sequence-patch.sh: use kernel-azure instead of kernel-default
- commit c2c287e
- scripts/git_sort/qcp.py: Print info message on stdout
- commit 38de9a0
- git-sort: Run tests under SLE15
- commit a31a983
- git-sort: Run tests under openSUSE Leap 15.0
- commit 825f5ea
- git-sort: Update sle12-sp3 docker image name
name changed, most likely as a result of the recent changes to
registry.suse.de
- commit 678ee7d
- git-sort: Update openSUSE docker image names
The "/opensuse"/ project "/has been deprecated in favor of the opensuse/leap
and opensuse/tumbleweed images provided and maintained by the openSUSE
Project release team"/. [https://store.docker.com/images/opensuse]
- commit 7a9578c
- commit 8effdc9
- scripts/cvs-wd-timestamp: use UTC timezone
Do not respect users' time zone and use the predictable one. So that
when people upload a kernel (e.g. tar-up and osc_wrapper upload), the
time stamp makes no difference.
- commit 386cbe7
- scripts/git_sort/git_sort.py:
- commit 3ac5af6
- commit 17f9140
- commit 36a3f5c
- scripts: run_oldconfig.sh: pass $CC via $MAKE_ARGS
For some reason, "/make oldconfig"/ ignores CC environment variable so that
"/CC=gcc-8 make oldconfig"/ still uses default gcc. To actually use compiler
passed to run_oldconfig.sh by buildtest-kernel script, we need to pass CC
value as an argument to make, i.e. "/make CC=gcc-8 oldconfig"/.
If run_oldconfig.sh is run with CC set, add its value to MAKE_ARGS.
- commit 5672543
- scripts/git_sort/README.md: Add quilt-ks OBS repo key fingerprint
- commit 1b3ea9a
- scripts/git_sort/git_sort.py: add modules-next tree
- commit 9804f92
- commit 1cbf60e
- scripts/git_sort/patch.py: Fix patch writeback
The file must be truncated otherwise we have stray content from the former
patch leftover at the end of the file when the new patch is shorter.
- commit a597010
- scripts/git_sort/series_conf.py: Fix Patch parameter
Fixes: e68bd465cdc4 ("/git-sort: Rewrite Patch class to read bytes instead of str"/)
- commit 7674464
- scripts: Make sure hooks directory exists
When using git worktrees they have a separate git directory which does not
contain the 'hooks' directory by default. Let's create it when installing
hooks.
- commit 2905fbd
- scripts/git_sort/patch.py: Fix detection of patch header end
Consider linux commit 1e047eaab3bb ("/block/loop: fix deadlock after
loop_set_status"/), some lines from the log start with "/---"/ but do not mark
the end of the patch header. Fix the pattern matching to match what is done
in quilt.
Also add a test which triggers the issue.
- commit b710f8d
- scripts: ignore CONFIG_GCC_VERSION when checking for oldconfig changes
Since 4.18-rc1, "/make oldconfig"/ writes gcc version and capabilities into
generated .config. Thus whenever we build the package or run checks with
different gcc version than used to update config/*/*, check for "/outdated
configs"/ fails.
As a quick band-aid, omit the lines with CONFIG_GCC_VERSION from both
configs before comparing them. This way, the check won't fail unless run
with newer gcc which would add new capabilities. More robust solution will
require a wider discussion.
- scripts/git_sort/git_sort.py: Remove dead code
- commit 45100db
- scripts/git_sort/lib.py: Add some docstrings
- commit 271ab0a
- scripts: Support a bare LINUX_GIT
This was already tried in commit 130e61c098de ("/scripts/linux_git.sh:
support more dirs and bare repos"/) but it missed modifying all related
usages which hardcode "//.git"/.
- commit a6d98d2
- scripts/git_sort/git_sort.py: Support bare repository
get_heads() assumes that the repository has the default configuration of
fetch refspecs following `git clone`. This does not work if the user
modified the refspecs or used `git clone --bare`. Change get_heads()
to perform the transformation of the remote branch name into the local ref
according to refspec configuration.
- commit 56e8686
- scripts/tests/test_linux_git.py: Clarify tests
Each actual test case is moved to its own unittest case. This produces
clearer output.
- commit 9ce16e2
- Delete series.conf.
Commit 8c4b29dee8b2 ("/scripts/git-pre-commit: only sort series when
required"/) added an empty series.conf to the scripts branch.
- commit b6e9b17
- check-patchhdr: Use print_function instead of sys.stderr.write.
Commit 5ba62488b03 switched to using sys.stderr.write(), but the right
way to do prints with python 2/3 compatibilty is to import
print_function and use print().
- commit 653e07e
- git-sort: Rewrite Patch class to read bytes instead of str
Some patches contain characters from multiple encodings, for example a
backport of commit 395072592e8e ("/drm/i915: broken copyright encoding in
intel_bios.c"/). Reading those files in text mode triggers a
UnicodeDecodeError. Therefore, read patch files as bytes and convert the
header only to str. At the same time, the constructor is simplified to
accept only a stream.
- commit 0c3fcd6
- check-patchhdr fix error printing on python2.
- commit 5ba6248
- scripts: scripts/log should work with python2.
- commit 3a12a82
- git-sort: Handle empty Git-commit tags
Although rejected by the current check-patchhdr, some old patches still
have such invalid tags.
- commit 3b4c077
- scripts/git_sort/update_clone.py: Support modifying remotes in an existing repository
- commit ced4b81
- scripts/git_sort/git_sort.py: Use Repository.remotes instead of parsing config
- commit 93be9e4
- scripts/bugzilla-create: fix usage header
The usage header specified BUGIDs for the arguments when it expects
patch files.
- commit 791c922
- scripts/bugzilla-create: skip 'unspecified' version
Some products provide an 'unspecified' version name in the list of versions
but it can't be used to file a report. Let's skip it.
- commit d7a9adc
- scripts/log2: splice_series: Use cat to echo all remaining lines
The "/after patch"/ state echoes all remaining lines from the old series
without any possible state change. Instead of reading line by line, use the
more efficient `cat`.
- commit f6fb30c
- scripts/log2: Fix splice_series when adding two consecutive sections
Currently, if adding two new sections back to back, when doing
splice_series for the patches in the first section, they will be followed
by all of the added whitespace lines, including the ones that followed the
second section. That's unsightly. Stop echoing added whitespace lines once
a new non-empty line is encountered.
- commit dae2e83
- scripts/git_sort/git_sort.py: Support libgit/pygit2 0.27
With the update to libgit 0.27, pygit2 returns Repository Config elements
ConfigEntry instances instead of plain str as before. Introduce an
adaptation layer to support both old and new interfaces.
- commit f170315
- scripts/log2: Fix argument passing to splice_series
Multiple users reported seeing the following error
Error: new series does not contain all lines from old series.
after commit 4a3b64a07ab6 ("/scripts/log2: Improve automatic series.conf
modifications"/).
Reproduction seems to depend on the bash version; it occurs on SLE12-SP3
with 4.3.42 but not on tumbleweed with 4.4.19. The problem is caused by the
fact that `read -r -u 4 new` in splice_series reads the entire content of
$new_series as one line. $new_series is passed as a here string on file
descriptor 4, `4<<<$new_series`.
According to bash(1) for version 4.3.42, "/Pathname expansion and word
splitting are not performed."/ for here strings. However, it appears like
word splitting might be for certain invocations (not all, for reasons I
don't understand). Work around the problem by replacing the here string
with a simpler construct.
Referenches: bsc#1094120
- commit 5845ab1
- git-sort: merge_tool: Fix handling of moved patches in remote branch
Patches that have changed subsystem section between the base and remote
refs must be processed in upstreaming mode because their new git-repo tag
after the merge will not match their old section in series.conf from the
local ref.
References: bsc#1093777
- commit b806cf0
- scripts/git_sort/tests/test_series_insert.py: Make it executable, like other tests
- commit ecd3542
- scripts/git_sort/series_conf.py: Document pygit2 dependency avoidance
- commit ac02a72
- scripts/git_sort/sequence-insert.py: Udate doc to reflect path change
The scripts have been merged in kernel-source and are no longer part of a
separate "/ksapply"/ repository.
- commit 597c570
- scripts/git_sort/clone_all.py: Combine --no-tags option
- commit 5c06131
- scripts/sequence-patch.sh: update supported.conf parsing (fate#319339)
+*-kmp is a valid guard that should results in a module being flagged
as supported. This clones the logic from the spec file to reflect that.
- commit d897f77
- scripts/python/check-patchhdr: Port to python3
- commit 4e62ede
- scripts/git_sort/README.md: Update according to the new --upstream option
- commit 18d4825
- scripts/osc_wrapper: fix argument swap
- commit 511c395
- commit 94752b1
- scripts/tests/lib.py:
- scripts/tests/test_log2.py:
- scripts/log2:
Add splice_series() tests. Coverage is measured using kcov:
https://github.com/SimonKagstrom/kcov
- commit 82873ff
- scripts/log2: Improve automatic series.conf modifications
When multiple patches are added at once and individual commits are created
automatically, the modifications to series.conf are split into individual
changes that add one new patch line each. Currently, all new comments and
empty lines are added along with the first patch. Change scripts/log2 so
that the comments preceding a patch and the whitespace lines following it
are added together with the patch.
- commit 4a3b64a
- scripts/git_sort/series_conf.py: Update pipe workaround for python3
The workaround needs to be updated after the migration from python 2 to 3.
Use the solution described here:
https://stackoverflow.com/questions/26692284/brokenpipeerror-in-python
https://bugs.python.org/issue11380
- commit c45b3a2
- bs-upload-kernel: build klp_symbols when supported.
cherry-picked from kbuild
- commit aa873d6
- scripts/git_sort/clone_all.py: Add a script to setup a repository with all remotes from git_sort
- commit 55a1366
- scripts/git_sort/git_sort.py: Fix Head uniqueness check
- commit 7c5bc66
- scripts/git_sort/git_sort.py: Fix remote list
- commit 64ee72a
- git-sort: Add option to control movement of patches between subsystem sections
Currently, a valid ordering in series.conf may become outdated after a
subsystem repository is merged into an upstream repository. At that point,
a series.conf which passed the validation check in the past would no longer
be accepted because, for example, patches in the "/net"/ section should move
to the "/mainline"/ section. This means that users often have to first
refresh the ordering in series.conf to reflect upstream changes before
adding new patches. In order to reduce the burden on users, make it the
default that patches will remain in their current subsystem section unless
it is explicitely requested to move them to upstream sections. This should
effectively accept an outdated but once-valid ordering.
- commit cb21f89
- git-sort: Ignore empty input lines
- commit 51f0b86
- git-sort: Encapsulate indexed commit information in a sortable object
This eases the comparison and sorting of commits from different heads.
- commit 3959932
- sequence-patch: just exist if there is no config.sh
- commit 7ae9881
- git-sort: Fix compatibility with old `comm`
Certain distro releases have an older `comm` which doesn't support the
"/--total"/ option. Use a trivial workaround. Also add tests for
pre-commit.sh, including one which triggers this problem.
- commit 52e4510
- git-sort: Fix interpreter
- commit c6628e6
- git-sort: Extend series_sort tests
... and fix related issues.
- commit 535548a
- git_sort.py: remove duplicate remote.
- commit e5476dc
- scripts: add bugzilla-create and bugzilla-resolve scripts
bugzilla-create will accept a list of one or more patches, and
for each one:
- create bugzilla reports with the patch subject as the summary
- update the patch References tag to contain the new report ID
- attach the patch to the report
- assign the bug to the reporter
bugzilla-resolve will accept a list of one or more bug IDs and resolve
them as FIXED with an automated message indicating they have been
committed to the kernel git repo.
Use of either requires that the user set up a ~/.bugzillarc as documented
in the scripts/bugzilla-create help or attempts to create bug reports
will fail with authorization required errors.
- commit 3dff52c
- commit de89c2b
- scripts/git_sort/git_sort.py: Handle unsupported cache db format
The upcoming python3 port will introduce two changes to the database format
used for the cache: the default database format of python's "/shelve"/ module
changed from bdb to gnu dbm and the default protocol version of the
"/pickle"/ module changed from 0 to 3.
python2 only supports the gnu dbm format if the gdbm module is available.
python2 does not handle pickle protocol version 3. In case a user runs the
python3 version of git-sort and then runs the python2 version again, the
cache file will be unreadable. Handle that situation explicitly by
rebuilding the cache.
If this commit is not available, the alternative workaround is to delete
the cache file manually (typically under ~/.cache/git-sort).
- commit 15bd1c2
- commit 17db4b8
- scripts/git_sort/git_sort.py:
- commit bfef53d
- git-sort: pre-commit: Don't specify series.conf path relative to scripts
commit hooks run from the root of the working tree in a non-bare repository
(according to githooks(5)). Therefore, the path to series.conf can be
specified relative to that root. This change also allows to run the scripts
from an alternate location during development.
- commit b87f537
- git-sort: pre-commit: Run if sorted patch files have changed
Previously we would run the checker script only if the sorted section of
series.conf had changed. However, a commit could render the sort invalid by
making changes to the tags of a patch that is in the sorted section but no
changes to series.conf. Therefore, check the sorted series and the patches
that it contains if either have changed.
- commit 9ea0831
- git-sort: series_conf: Add a mode to print names only
Print patch file names from the sorted section without comments or empty
lines.
- commit 58b9d36
- git-sort: Extend series_insert.py test to trigger an error
adds a test which triggers the problem fixed in commit 4c26c132dc7b
("/scripts/git_sort/series_insert.py: Fix exception names"/)
- commit 21902a2
- git-sort: Add a test of series_insert.py
- commit 25ab285
- git-sort: Factor out test code to write patches
- commit 39e1be1
- scripts: Allow excluding commits in changelog
For ignoring superfluous commits appearing the changelog, add a
capability to scripts to ignore the given commit list.
User can put the commit IDs in rpm/gitlog-excludes file so taht
tar-up.sh will ignore them.
- commit 2d24811
- scripts/git_sort/series_insert.py: Fix exception names
After factoring out exception classes, series_insert.py was not
updated.
Fixes: 9ad1206cfd3a45dc0f7825d0f93053a9fd9fb07e
- commit 4c26c13
- scripts/git_sort/pre-commit.sh:
- scripts/git-pre-commit:
Refine the sorted section check
Because series_sort.py has some dependencies (namely pygit2), avoid running
it unless there was a change in the sorted section.
- commit 27a0058
- git-sort: Factor out series.conf splitting
- commit 9e149fc
- git-sort: Factor out exception classes
- commit 9ad1206
- scripts/git_sort/merge_tool.py: Update tags
merge_tool can create an invalid series.conf (example in merge commit
3e43fe0554). It may move patches to upstream repositories sections in
series.conf but it does not update the Git-repo tags in those patches
accordingly. Fix that problem. Also explicitely `git add` those modified
patches to make sure that they end up in the merge commit.
- commit 7b8db07
- git-sort: Add Dockerfiles to run tests under different OS releases
- commit eef6cac
- commit f41d7e5
- commit e4a7aa9
- git-sort: Catch some simple error cases
.. and print formatted error messages instead of python backtraces.
- commit 4f82790
- git-sort: Use a consistent variable name for subprocess results
- commit a240443
- git-sort: Add merge_tool test
- commit a426acf
- git-sort: Port to python3
Most of the changes are related to subprocess calling, encoding and str vs.
bytes.
- commit 600ead2
- git-sort: Replace __cmp__ operators
In Python 3 the support for __cmp__() has been removed.
- commit 404509f
- Revert "/scripts/osc_wrapper: fix quoting of osc define"/
This reverts commit ac17e1f7e8d084b86ee7094833db7f9fce9bc503.
Apparently the quoting level is different depending on how you build :/
- commit e08c406
- git-sort: Fix tag parsing for describe()
Fix the following traceback:
File "/./scripts/git_sort/series_sort.py"/, line 123, in <module>
lib.update_tags(index, to_update)
File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/lib.py"/, line 454, in update_tags
patch.change(tag_name, index.describe(entry.cindex))
File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/git_sort.py"/, line 516, in describe
if self.version_match.match(tag)]
AttributeError: '_pygit2.Commit' object has no attribute 'get_object'
It happens when there are lightweight tags formatted like release tags (ex:
v2.6.13.4).
- commit cf4f000
- git_sort: Add an alias of linux.git
- commit 5aa06b0
- commit e89e2b8
- scripts/git_sort/merge_tool.py: Catch `merge` execution failure.
Print a verbose error message.
- commit b9651cd
- git_sort: add remotes from SLE15
- commit f433a01
- scripts/git_sort/merge_tool.py: Update instructions.
Since the git-sort scripts have been merged in the kernel-source
repository, the path can be stated in an unambiguous way.
- commit 6e10fbf
- commit dd15feb
- Relax checks on xen patches.
- commit b3a11cb
- commit 1134911
- git-sort: lib: Fix handling of workdir with no patches applied.
- commit b1c58cb
- git-sort: lib_tag.sh: Limit the attribution tags that are recognized.
limits the attribution tags that are recognized to the ones accepted by
check-patchhdr.
- commit bc6beb7
- git-sort: qdupcheck: Fix handling of workdir with no patches applied.
- commit 4aa2f24
- git-sort: tag: Trivial, use specialized function.
- commit 6573793
- git-sort: qgoto: Fix handling of workdir with no patches applied.
- commit 375c498
- git-sort: Fix splitting of series.conf
If "/before"/ and "/after"/ have the same content (for example, empty), the
assertion would inappropriately trigger.
Also flush remaining comments and whitespace buffers.
Add a related test.
- commit 3e2b4fa
- git-sort: series_sort: Fix error message when the sorted subsection is absent.
... and add a test that triggers it.
- commit 9602358
- scripts/osc_wrapper: fix quoting of osc define
- commit ac17e1f
- git-sort: Fix SortIndex interface to repository heads.
A few library functions assume that they can access the repo_heads from
index.repo_heads. Restore that attribute and add a basic test of
series_sort which catches this problem.
Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 6a71e74
- git-sort: Fix cache rebuild condition.
Currently, when "/-d"/ gives the expected information that the cache will not
be rebuilt, `git sort` still rebuilds the cache. Fix this problem and add a
test to catch it.
Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 7b8b987
- git-sort: Check cache integrity
References: bsc#1078216
- commit bcc8a71
- git-sort: Add cache tests
- commit f888ef7
- git-sort: Encapsulate cache management in an object.
moves cache management code out of the SortIndex and avoids instantiating a
SortIndex when running in the dump mode.
- commit 2c7d8e4
- git-sort: Factor out functions to read local repository.
moves repository reading functions out of the SortIndex. Those functions
are not closely tied to the index and moving them out will ease
refactoring.
- commit 587a8d2
- git-sort: Extend unit test with (fake) Linux repository.
Add a basic test of the sorting functionality.
- commit 5dd770a
- git-sort: Control quilt configuration.
Some scripts parse the output of quilt. However that output can change
depending on certain quilt options. This, in turn, breaks some expectations
of the scripts. Fix this by specifying which configuration quilt should use
when its output will be parsed.
For example, qgoto assumed that the output of `quilt top` begins with
"/patches/"/ but that depends on the QUILT_PATCHES_PREFIX configuration
variable.
- commit 79b5128
- scripts/install-git-hooks: Use /bin/bash when creating new pre-commit hook
Commit c8a5532f3db3 ("/scripts/*: Set /bin/bash explicitly"/) already
explicitly set all shebangs to point to /bin/bash since the majority
of the scripts are using bashisms. However, it missed the shebang that
is created by install_snippet() function in install-git-hooks. This
commit makes the printed shebang also point to /bin/bash.
This fixes a failure due to scripts/git-pre-commit having a /bin/bash
shebang, but being sourced from .git/hooks/pre-commit, which in turn
uses /bin/sh, essentially ignoring the shebang of the git-pre-commit
script.
This will apply to newly installed hooks.
- commit 7c8b438
- scripts/git_sort: fix Patch-mainline generated for untagged mainline commits
For patches with commit id in mainline but not tagged yet, git_sort.py
generates Patch-mainline referring to next expected tag. If latest mainline
tag is an RC, e.g. 4.15-rc7, it generates text like
Patch-mainline: v4.16 or v4.15-rc8 (next release)
but it should be
Patch-mainline: v4.15 or v4.15-rc8 (next release)
Fixes: 7dce3df8966c ("/Make series_sort and commit check work together."/)
- commit 4f08653
- commit e85eac6
- commit b2e262e
- commit afc2448
- commit 2364997
- commit 2f6a084
- commit 6d67b10
- scripts/git_sort/lib.py: Suppress quilt output in check_series().
In particular, this fixes garbage output when running qgoto.py before the
series file has been swapped.
- commit 5574911
- commit 70729dd
- git_sort: Check for a tag's presence when changing it.
Its absence would indicate an improperly tagged patch.
- commit 0acd905
- scripts/git_sort/qcp.py: Fix function call with wrong arguments.
One of the calls to Patch.get() was not properly changed when updating from
tag_get().
Also throw in a comment fix for the related function.
Fixes: c089092e7d98 ("/git-sort: Encapsulate patch tag operations in an object."/)
- commit 442047d
- scripts/git_sort/git_sort.py: add more networking remotes
pablo/nf.git netfilter fixes for net
pablo/nf-next.git netfilter patches for net-next
horms/ipvs.git IPVS fixes for net
homes/ipvs-next IPVS patches for net-next
klassert/ipsec.git IPsec fixes for net
klassert/ipsec-next.git IPSEC patches for net-next
- commit daa89da
- scripts/git_sort/clean_header.sh: Explicitely handle an error.
The code to determine the remote url for a commit may fail without any
output. Add a message for this common error scenario.
- commit 2d3beda
- scripts/git_sort/series_insert.py: Catch an exception for nicer output.
- commit 0d59b48
- scripts/git-pre-commit: only sort series when required
The series file only needs sorting when a patch or the series.conf
file have changed. We can skip sorting if there is nothing to do.
- commit 8c4b29d
- scripts/git-pre-commit: make series sorting configurable by branch
Since we don't want to sort the series on every branch, we should
make that configurable. Adding "/SERIES_SORT=yes"/ to rpm/config.sh
will enable it.
- commit 9e192a4
- scripts/log2: actually invoke scripts/check-patch-dirs
The previous commit added scripts/check-patch-dirs but didn't actually
invoke it as indicated in the log message.
- commit 23674da
- scripts/check-patch-dirs: enforce adding patches only into proper dirs
The master and stable branches now only allow patches in patches.suse,
patches.kernel.org, patches.rpmify, and patches.kabi.
scripts/check-patch-dirs will check the branch and ensure that patches
being added or modified are only allowed in the directories listed
above. It will be invoked automatically via scripts/log2.
- commit 77b939d
- Make series_sort and commit check work together.
- commit 7dce3df
- scripts/git_sort/git_sort.py: Add some remote heads.
According to current patches in SLE15.
- commit 131a901
- scripts/git_sort/git_sort.py: Remove linux-next from remotes.
As pointed out by Vlastimil, linux-next is not even good for patches from
akpm:
Using linux-next commit id's for akpm's mmotm tree is almost
certainly wrong, because they unique to next-$DATE snapshot, and on
the next day the commit id will be different. It will also never be
merged into mainline with the same id.
- commit 4809ebe
- scripts/git_sort/git_sort.py: Add some remote heads.
According to patches currently found in SLE15.
- commit a3e6d3f
- scripts/git_sort/git_sort.py: Move linux-next at the end of the remote list.
- commit 3a30505
- scripts/git_sort/git_sort.py: add s390 maintainer tree
- commit 58f8a70
- scripts/git_sort/lib.py: Only set cindex when it matches with dest_head.
Consider a patch which is in the section for a remote head that is not
available locally and the commit from that patch is found in another remote
head which is available locally and is sorted as downstream from the
current one.
In that case (commit found, repo not indexed, patch moved downstream, good
tag), self.cindex is set to a value relative to a different head ("/head"/)
than self.dest_head ("/current_head"/). This leads to an exception in
series_sort().
- commit 28ae23c
- scripts/git-pre-commit: Check the content of the series.conf sorted section.
- commit 869e9a9
- scripts/git_sort/git_sort.py: Clear environment before running git.
Otherwise we run into trouble when running git_sort as part of a git commit
hook.
- commit a0f314d
- README: Add information about sorted patches section of series.conf
- commit 636f808
- scripts/git_sort/series_sort.py: Pass --check if there is no sorted section.
- commit 270922f
- scripts/git_sort/README.md: Add information about series_insert.py
- commit ad9a342
- scripts/git_sort/lib.py: Rewrite Git-repo tag when patch moves upstream.
The first change is cosmetic since in that branch head == current_head.
The second change fixes a (copy/paste) bug.
These two branches now contain the same code. Leave them separate
nevertheless for clarity (with the comments).
- commit fe1fe99
- git-sort: Add a script to insert new entries in series.conf.
Specifically, to add new patches to the sorted section of series.conf.
- commit 089b4ef
- scripts/git_sort/lib.py: Rewrite Git-repo only if it differs.
An entry may move upstream but already have the target Git-repo tag. This
will happen if a series.conf line is moved to the "/out-of-tree"/ section to
be resorted. Currently, if the Git-repo is not in the canonical (git://)
form, the tag value will be needlessly rewritten.
- commit 0ac6457
- Revert "/scripts/linux_git.sh: support more dirs and bare repos"/
This reverts commit 130e61c098de9f6c49d36a9210ecc5d5b7758c47.
This breaks user branch builds.
- commit d76dbca
- commit 9f5c189
- scripts/linux_git.sh: support more dirs and bare repos
linux-2.6 was used only for historical reasons. New clones put
theirselves to "/linux"/. Or even to "/linux.git"/ when only a bare
repository is created. So walk over all these and pick the right one.
- commit 130e61c
- scripts: Factor out function to determine mainline Linux git repository path.
- commit 842e04c
- git-sort: Factor out function to determine scripts path
- commit 02a6641
- scripts/series2git: skip expanded stable patches.
- commit 79c578b
- scripts/git_sort/lib.py: Automatically try to replace series.
The modified quilt (described in scripts/git_sort/README.md) replaces the
stock "/series"/ file with a symlink to series.conf when any command is run
from a kernel-source expanded tree.
If we detect that this replacement has not been done, instead of directly
erroring out, first try to run a simple quilt command so that the
replacement takes place.
- commit 1a7c329
- scripts/git_sort/git_sort.py: Fix != comparison of RepoURL objects.
__cmp__() needs to be implemented.
- commit 7b51a6e
- git-sort: Update Git-repo tags.
Patch tags are updated when a patch is moved to a new section or a tag is
outdated. Note that this only happens when the respective commit is found
locally.
- commit 79c65c9
- scripts/git_sort/lib.py: Remove section headers from series header.
Currently, if there is no mainline section, the first thing that will be
found inside the sorted patches section is a section header like
"/# out-of-tree patches"/. It will be considered to be a comment that's part
of the series header ("/# sorted patches"/). Change series_header() to filter
out such section headers.
- commit 455039b
- scripts/git_sort/lib.py: provide LINUX_GIT fallback.
This is same as previous scripts do (see scripts/wd-functions.sh)
- commit edc5eca
- scripts/git_sort/git_sort.py: Introduce describe() function.
It is similar to `git describe --contains` while restricting the result to
the mainline linux tags corresponding to releases and release candidates
(rc).
- commit 0abe03a
- scripts/git_sort/git_sort.py: Fix an erroneous reference to a global variable.
- commit 2811919
- git-sort: Set cwd when calling git.
avoids repetitive code
- commit 3611e1d
- git-sort: Encapsulate patch tag operations in an object.
This allows a single read of the patch file, multiple operations (read and
write) followed by a single write.
- commit c089092
- commit e814cbe
- scripts/git_sort/git_sort.py: Recognize repository urls that don't end with .git
It is possible to clone from a URL while omitting the suffix "/.git"/.
- commit 439e8ef
- scripts/git_sort/lib.py: Group related code together.
There should be no difference in "/object"/ code.
- commit a1e71a3
- scripts/git_sort/lib.py: Remove unused function.
- commit 8a0c736
- scripts/git_sort/git_sort.py: Update remote list according to currently in-use remotes
- commit 5d61b5f
- git-sort: Get commit information from git-sort index
Currently, we assume that a commit can be sorted if it is found in the git
repository. However, this assumption is wrong because some commits are not
indexed (not reachable from one of the (url, branch) pairs in "/remotes"/).
These commits end up in the "/unknown/local patches"/ section. Moreover, we
determine the Head for a commit by matching the content of the Git-repo tag
to a reverse map of the urls in "/remotes"/. This artificially limits us to a
single branch per url in the Git-sort index.
This patch changes from_patch() to use the git-sort index to determine if a
commit can be sorted. If the commit is found, the Head for a patch is
determined using the git-sort index information. If the commit is not found
(because its respective subsystem repository is not available locally), we
rely on the section comment in series.conf. The Git-repo tag is ignored.
- commit 1a4488a
- scripts/git_sort/lib.py: Extract some constants
- commit 21e1549
- scripts/git_sort/git_sort.py: Make Head objects comparable.
If "/remotes"/ is properly sorted, this allows to determine is one Head is
the upstream of another.
- commit 8d50e81
- scripts/git_sort/git_sort.py: Parse abbreviated url without extension.
This is the format output by RepoURL.str()
- commit 16928c0
- git-sort: Encode local/virtual head urls using None.
- commit 2056d71
- scripts/git_sort/git_sort.py: Add a function to lookup a commit.
- commit 544f5d0
- git-sort: Store history as a dict of indexes.
.. instead of a list of commits. This new structure is faster to look up if
a commit was reached from a head.
- commit e8d72dd
- scripts/git_sort/git_sort.py: Avoid a dual personality history
Since commit 897bbc34bdb7 ("/git-sort: Encapsulate repo url and branch name
into objects"/) history will either be a plain dict or an OrderedDict
depending on whether it comes from the cache or get_history(). Always use
an OrderedDict.
- commit e8e47be
- scripts/git_sort/series_sort.py: Introduce --check option.
This mode does not modify the series file but reports via exit status 2 if
the series is not sorted. It should be helpful in implementing a commit
hook.
- commit 9dd4e1b
- scripts/git_sort/git_sort.py: Disambiguate remote revision.
avoids ambiguity in case there is a local branch or tag with a name that
conflicts with the remote.
- commit e57d843
- scripts/git_sort/git_sort.py: Recognize http protocol for kernel.org
As reported by Oliver Neukum, git repositories hosted on kernel.org are
also available (via redirect) from http.
- commit 720a01f
- commit 22da616
- commit 2a6898e
- scripts/git_sort/lib.py: Give some advice in error message.
- commit 32b858b
- git-sort: Encapsulate repo url and branch name into objects
This fixes the fact that alias urls for the same repository (ex: via git://
or https:// protocol) were no longer recognized as such.
- commit 897bbc3
- git-sort: Introduce cache version
to support updating from older format.
- commit 4f1bbbb
- git-sort: Encapsulate sorting logic into an object
This allows initializing the cache once and then making repeated calls that
consult it.
- commit 76bf0ca
- scripts/git_sort/lib.py: Fix format string
Fixes: ksapply.git 1714bbedc549 ("/Preserve order and name of unavailable subsystem sections"/)
- --
lib.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib.py b/lib.py
index c5e7d8f..e8bb65d 100644
- -- a/lib.py
+++ b/lib.py
@@ -340,7 +340,7 @@ def get_url_map():
for canon_url, branch_name in git_sort.remotes:
if canon_url in result:
raise KSException("/URL mapping is ambiguous, "/%s"/ may map to "/
- "/multiple head names"/)
+ "/multiple head names"/ % (canon_url,))
result[canon_url] = git_sort.head_name(canon_url, branch_name)
return result
- -
2.14.2
- commit fc35d7f
- scripts/git_sort/lib.py: Remove printing of leftover subsystem entries
There should be no more of those after ksapply.git c4dea303ad73 ("/Error out
when trying to series_sort a patch from a repo that is not indexed"/)
- commit 29ae46a
- scripts/git_sort/git_sort.py: Catch some exceptions.
... to make the output less scary for users.
As in lib.py, GSException is for internal errors (in the git_sort code) and
GSError is for external errors.
- commit e8de5e6
- scripts/git_sort/git_sort.py: Give some advice in error message.
- commit 5aee432
- No more icecream.
- commit 04a66b3
- scripts/git_sort/lib.py:
Update marker for the end of the sorted section. "/Wireless Networking"/ will
not always follow the sorted section.
- commit d0e0545
- git-sort: Add more remote heads
Contributed by Jiri Kosina <jkosina@suse.cz>
- commit 785f657
- scripts/series_sort.py:
- scripts/git_sort/README.md:
- scripts/git_sort/lib.py:
- scripts/git_sort/quilt-mode.sh:
Make required adjustments for flattened directory structure.
- commit 62c6754
- scripts/git_sort/README.md:
- scripts/git_sort/armor_origin.sh:
- scripts/git_sort/backport-mode.sh:
- scripts/git_sort/check_missing_fixes.sh:
- scripts/git_sort/clean_conflicts.awk:
- scripts/git_sort/clean_header.sh:
- scripts/git_sort/git-f1:
- scripts/git_sort/git-overview:
- scripts/git_sort/git-sort:
- scripts/git_sort/git_sort.py:
- scripts/git_sort/ksapply.sh:
- scripts/git_sort/lib.py:
- scripts/git_sort/lib.sh:
- scripts/git_sort/lib_from.sh:
- scripts/git_sort/lib_tag.py:
- scripts/git_sort/lib_tag.sh:
- scripts/git_sort/merge_tool.py:
- scripts/git_sort/patch_body.awk:
- scripts/git_sort/patch_header.awk:
- scripts/git_sort/qcp.py:
- scripts/git_sort/qdupcheck.py:
- scripts/git_sort/qgoto.py:
- scripts/git_sort/quilt-mode.sh:
- scripts/git_sort/refs_in_series.sh:
- scripts/git_sort/rename_patch.sh:
- scripts/git_sort/sequence-insert.py:
- scripts/git_sort/series_sort.py:
- scripts/git_sort/update-configs.sh:
- scripts/git_sort/vi-conflicts.sh:
Import from
https://gitlab.suse.de/benjamin_poirier/ksapply 5b025d0
https://github.com/benthaman/git-helpers 6479796
- commit 0aaea3b
- scripts/stableids: add 4.12 as SLE15 kernel
- commit 58b8d0c
- scripts/stable*: generate one file per commit
- commit 1dc9b0e
- scripts/stableids: drop support for 2.6.x.y
- commit e23e1fc
- SUSE::MyBS: Do not create repositories with no architectures to build
- commit 31029c0
- scripts/stableids: pass --no-renames to diff
- commit 55832be
- scripts/osc_wrapper: Accept --ibs | --obs as the first parameter
It is a parameter of the subcommands, but people tend to confuse it.
- commit 30f26fb
- scripts/stop-sync: Use the kerncvs.suse.de hostname
- commit e52fa92
- README: add comment regarding bisectability of patch series
- commit c8c4199
- scripts/osc_wrapper: Replace '/' with ':' in cve/* branch names
- commit 117c8c7
- bs-upload-kernel: Workaround for vim syntax highlighting
- commit dcede42
- SUSE::MyBS: Sync with kbuild.git
Cherry-pick part of 948fd5e15d06 ("/bs-check-kernel-results: Use
make-stderr.log if available"/).
- commit 7a4e6fb
- keyutils
-
- Apply default TTL to DNS records from getaddrinfo() (upstream):
* dns-Apply-a-default-TTL-to-records-obtained-from-get.patch
- less
-
- Fix Startup terminal initialization, bsc#1200738
* bsc1200738.patch
- libcroco
-
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
any productions (boo#1171685 CVE-2020-12825).
- libgcrypt
-
- FIPS: Auto-initialize drbg if needed. [bsc#1200095]
* Add a _gcry_drbg_init() to _gcry_drbg_randomize() and to
_gcry_drbg_add_bytes() to fix a crash in FIPS mode.
* Add libgcrypt-FIPS-Autoinitialize-drbg-if-needed.patch
- libjpeg-turbo
-
fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function
+ libjpeg-turbo-CVE-2020-35538.patch
- security update
- added patches
- libjpeg62-turbo
-
fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function
+ libjpeg-turbo-CVE-2020-35538.patch
- security update
- added patches
- libksba
-
- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
- libnl-1_1
-
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
Add: libnl-1_1-fix-elevation-of-privilege-vulnerability.patch
- libnl3
-
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
Add: libnl3-fix-elevation-of-privilege-vulnerability.patch
- libtasn1
-
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
- libtirpc
-
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
connections (bsc#1201680)
- backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libxml2
-
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- mozilla-nspr
-
- update to version 4.34
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
- update to 4.33:
* fixes to build system and export of private symbols
- mozilla-nss
-
- update to NSS 3.79.1 (bsc#1202645)
* bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1759794 - protect SFTKSlot needLogin with slotLock.
* bmo#1760998 - avoid data race on primary password change.
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
rest of the DSA ciphers, keeping signature verification only
(bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
we removed the code to short-circuit broken hashes and moved to
using the SLI.
- Remove upstreamed patches:
* nss-fips-version-indicators.patch
* nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
- bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- bmo#1766907 - Update mercurial in clang-format docker image.
- bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
- bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
- bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- bmo#1764788 - Correct invalid record inner and outer content type alerts.
- bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
- bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
bmo#1763120 - Add ECH Grease Support to tstclnt
bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
NSS 3.76.1
* bmo#1756271 - Remove token member from NSSSlot struct.
NSS 3.76
* bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
* bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
* bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
* bmo#1679803 - Add SHA256 fingerprint comments to old
certdata.txt entries.
* bmo#1753505 - Avoid truncating files in nss-release-helper.py.
* bmo#1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
- update to NSS 3.74
* bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
OCSP responses
* bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
* bmo#1721426 - NSS does not properly restrict server keys based on policy
* bmo#1733003 - Set nssckbi version number to 2.54
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
* bmo#1735407 - Replace GlobalSign ECC Root CA R4
* bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
* bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
certificates
* bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
CIF A62634068 root certificate
* bmo#1740095 - Add iTrusChina ECC root certificate
* bmo#1740095 - Add iTrusChina RSA root certificate
* bmo#1738805 - Add ISRG Root X2 root certificate
* bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
* bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
* bmo#1735028 - Check for missing signedData field
* bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
* Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
* bmo#1735028 - check for missing signedData field.
* bmo#1737470 - Ensure DER encoded signatures are within size limits.
* bmo#1729550 - NSS needs FiPS 140-3 version indicators.
* bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
* bmo#1738600 - sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
* Remove newline at the end of coreconf.dep
* bmo#1731911 - Fix nsinstall parallel failure.
* bmo#1729930 - Increase KDF cache size to mitigate perf
regression in about:logins
- update to NSS 3.71
* bmo#1717716 - Set nssckbi version number to 2.52.
* bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
* bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
* bmo#1717707 - Add HARICA Client ECC Root CA 2021.
* bmo#1717707 - Add HARICA Client RSA Root CA 2021.
* bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
* bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
* bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
* bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
* bmo#1720226 (Backout) - integrity checks in key4.db not happening
on private components with AES_CBC
NSS 3.69
* bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
* bmo#1720226 - integrity checks in key4.db not happening on private
components with AES_CBC (backed out again)
* bmo#1720235 - SSL handling of signature algorithms ignores
environmental invalid algorithms.
* bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
nss failures.
(removed obsolete nss-btrfs-sqlite.patch)
* bmo#1720230 - Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
* bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
* bmo#1720232 - SQLite calls could timeout in starvation situations.
* bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
* bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
* bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Update nss-fips-constructor-self-tests.patch to scan
LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
test certificate creation and disables the library checksum
validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
makes the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
Most of the relevant changes are already upstream since NSS 3.60.
- multipath-tools
-
- Use %tmpfiles_create macro for tmpfiles.d file
- Update to version 0.7.9+232+suse.cbc3754:
* Fix multipathd authorization bypass and symlink attack
(bsc#1202739 CVE-2022-41973 CVE-2022-41974)
* add multipath-dracut.conf: dracut config file to install
tmpfiles.d/multipath.conf in initramfs
- Update to version 0.7.9+229+suse.a7d71062:
* Avoid linking to libreadline to avoid licensing issue
(bsc#1202616)
- Update to version 0.7.9+208+suse.8c8dded:
* libmultipath: use uint64_t for sg_id.lun (bsc#1187534)
- ncurses
-
- Add patch ncurses-bnc1198627.patch
* Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- openldap2
-
- bsc#1198341 - Prevent memory reuse which may lead to instability
* 0226-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- p11-kit
-
- Conflict with ca-certificates < 1_201403302107-15.6.2 to make sure
update-ca-certifictes calls trust export with --format=pem-directory-hash
(bsc#1201985)
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
Added p11-kit-CVE-2020-29362.patch:
- pacemaker
-
- scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340)
* bsc#1196340-0009-Test-scheduler-do-not-enforce-resource-stop-if-any-n.patch
- scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340)
* bsc#1196340-0008-Test-scheduler-do-not-enforce-resource-stop-on-a-rej.patch
- scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340)
* bsc#1196340-0007-Fix-scheduler-do-not-enforce-resource-stop-if-any-ne.patch
- scheduler: find_lrm_op() to be able to check against a specified target_rc (bsc#1196340)
* bsc#1196340-0006-Refactor-scheduler-find_lrm_op-to-be-able-to-check-a.patch
- cts-scheduler: fix on_node attribute of lrm_rsc_op entries in the tests (bsc#1196340)
* bsc#1196340-0005-Test-cts-scheduler-fix-on_node-attribute-of-lrm_rsc_.patch
- scheduler: is_newer_op() to be able to compare lrm_rsc_op entries from different nodes (bsc#1196340)
* bsc#1196340-0004-Refactor-scheduler-is_newer_op-to-be-able-to-compare.patch
- scheduler: compare ids of lrm_rsc_op entries case-sensitively (bsc#1196340)
* bsc#1196340-0003-Fix-scheduler-compare-ids-of-lrm_rsc_op-entries-case.patch
- scheduler: functionize comparing which lrm_rsc_op is newer (bsc#1196340)
* bsc#1196340-0002-Refactor-scheduler-functionize-comparing-which-lrm_r.patch
- scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340)
* bsc#1196340-0001-Fix-scheduler-do-not-enforce-resource-stop-on-a-rejo.patch
- OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707)
* bsc#1129707-0001-OCF-controld-Give-warning-when-no-quorum-policy-not-.patch
- perl-HTTP-Daemon
-
- Fix request smuggling in HTTP::Daemon
(CVE-2022-31081, bsc#1201157)
* CVE-2022-31081.patch
* CVE-2022-31081-2.patch
* CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
- permissions
-
* fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20170707:
* chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
* add capability for prometheus-blackbox_exporter (bsc#1191194)
* make btmp root:utmp (bsc#1050467)
* pcp: remove no longer needed / conflicting entries
- Update to version 20170707:
- python
-
- Add patch CVE-2021-28861-double-slash-path.patch:
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- python-M2Crypto
-
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
bsc#1178829), which mitigates the Bleichenbacher timing attacks
in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
- python-base
-
- Add patch CVE-2021-28861-double-slash-path.patch:
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- python3
-
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- python3-base
-
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- python3-lxml
-
- Add patch CVE-2020-27783.patch to fix CVE-2020-27783 mXSS due to the use of
improper parser
Fix bsc#1179534
- python36
-
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- release-notes-sles
-
- 12.5.20220718 (tracked in bsc#933411)
- Added note about Samba 4.15 (jsc#SLE-23330)
(bsc#1196097)
- Added note about DFS share failover (jsc#SLE-20041)
- Added note about Xenstore stubdom (bsc#1185196)
- Added note about CONFIG_NUMA_EMU (jsc#SLE-11600)
- Removed LibreOffice and MariaDB from requiring specific contracts
- resource-agents
-
- ECO: Maint: Azure Events RA can not handle AV Zones (jsc#PED-2000)
Add upstream patch:
0001-azure-events-az-new-resource-agent-1774.patch
- RA aws-vpc-move-ip is lacking the possibility to assign a label to an interface.
(bsc#1199766) Include upsteam patch:
0001-aws-vpc-move-ip-Allow-to-set-the-interface-label.patch
- rsync
-
- Add support for --trust-sender parameter (patch by Jie Gong in
bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
* Added patch rsync-CVE-2022-29154-trust-sender-1.patch
* Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
- rsyslog
-
- add Requires for latest lbfastjsion version (bsc#1202243)
- fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
* add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- salt
-
- Fix state.apply in test mode with file state module
on user/group checking (bsc#1202167)
- Added:
* fix-state.apply-in-test-mode-with-file-state-module-.patch
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Added:
* retry-if-rpm-lock-is-temporarily-unavailable-547-551.patch
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Added:
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* add-support-for-gpgautoimport-to-refresh_db-in-the-z.patch
- Add support for name, pkgs and diff_attr parameters to upgrade
function for zypper and yum (bsc#1198489)
- Added:
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Added:
* normalize-package-names-once-with-pkg.installed-remo.patch
* unify-logic-on-using-multiple-requisites-and-add-onf.patch
- Fix handling of a sign-in response by a syndic node (bsc#1199906)
- Added:
* fix-handling-of-a-sign-in-response-by-a-syndic-node-.patch
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
- Added:
* remove-redundand-overrides-causing-confusing-debug-l.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- samba
-
- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).
- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042).
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099).
* Add support for bind 9.18; (bso#14986).
* logging dsdb audit to specific files does not work;
(bso#15076).
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069)
* netgroups support removed; (bso#15087); (bsc#1199247).
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734).
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071).
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
* vfs_gpfs recalls=no option prevents listing files; (bso#15055).
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071).
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091).
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108).
* smbd doesn't handle UPNs for looking up names; (bso#15054).
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443).
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- sqlite3
-
- update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
- update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
- update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
- update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
related test failures on 32 bit
- update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
- update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
- update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
sqlite-src-3380100-atof1.patch
- update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like "/--wrap N"/,
"/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
- update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
- update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("/START"/) is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
- sudo
-
- Modified sudo-sudoers.patch
* bsc#1177578
* Removed redundant and confusing 'secure_path' settings in
sudo-sudoers file.
- Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Ignore entries when converting LDAP to sudoers. Prevents empty
host list being treated as "/ALL"/ wildcard.
* bsc#1201462
* Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e
- supportutils-plugin-ha-sap
-
- Update to version 0.0.4+git.1663748456.ad13e75:
* fix basic support for saptune
add saptune version 3 awareness and add a hint for the new
saptune supportconfig plugin delivered within the saptune
package >= 3.x
(bsc#1203202)
- Update to version 0.0.3+git.1659022100.39bfcd6:
* Update README.md
* Replace spaces to tabs.
* Search for other groups too.
* Include /etc/group in plugin-ha_sap.txt (bsc#1201831)
* Update ha_sap
* Update pacemaker.log location change
* suppress link path in Readme.md
* add section 'Additional information' to the Readme.md
* change release status of the project
* Update README.md
* Update ha_sap
- systemd-presets-branding-SLE
-
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
- tcl
-
- Fix a race condition in test socket-13.1
(tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
sqlite3 to have only a single copy and keep it more up to date
(bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
- telnet
-
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
(CVE-2022-39028, bsc#1203759)
CVE-2022-39028.patch
- tiff
-
- security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971]
+ tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
* CVE-2022-2867 [bsc#1202466]
* CVE-2022-2868 [bsc#1202467]
* CVE-2022-2869 [bsc#1202468]
+ tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
Rename tiff-CVE-2022-0561.patch to
tiff-CVE-2022-0561,CVE-2022-34266.patch
This CVE is actually a duplicate.
- security update:
* CVE-2022-34526 [bsc#1202026]
+ tiff-CVE-2022-34526.patch
- security update
* CVE-2022-2056 [bsc#1201176]
* CVE-2022-2057 [bsc#1201175]
* CVE-2022-2058 [bsc#1201174]
+ tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
- timezone
-
- Update to reflect new Chile DST change, bsc#1202310
* bsc1202310.patch
- unzip
-
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
- update-alternatives
-
- util-linux
-
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- util-linux-systemd
-
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- which
-
- https urls, added signature (but did not find the public key)
- Use %license instead of %doc [bsc#1082318]
- Move installinfo scriptlet to preun so it won't fail
- Cleanup spec file with spec-cleaner
- Correct usage of info scriplets
- GNU which 2.21:
* Upgraded code from bash to version 4.3 (now uses eaccess).
* Fixed a bug related to getgroups / sysconfig that caused Which
not to see more than 64 groups for a single user
* Build system maintenance.
- Update project and source URL to GNU project
- xen
-
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
leaks (XSA-403)
xsa403.patch
- Adjustment to patch xsa402-4.patch (bsc#1199966)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
xsa370.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
xsa404-1.patch
xsa404-2.patch
xsa404-3.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
xsa407-0a.patch
xsa407-0b.patch
xsa407-0c.patch
xsa407-0d.patch
xsa407-0e.patch
xsa407-0f.patch
xsa407-0g.patch
xsa407-0h.patch
xsa407-0i.patch
xsa407-1.patch
xsa407-2.patch
xsa407-3.patch
xsa407-4.patch
xsa407-5.patch
xsa407-6.patch
xsa407-7.patch
xsa407-8.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- xfsprogs
-
- mkfs: validate extent size hint parameters (bsc#1138247)
- add xfsprogs-xfs-move-inode-extent-size-hint-validation-to-libxfs.patch
- add xfsprogs-xfs_repair-use-libxfs-extsize-cowextsize-validation-.patch
- add xfsprogs-mkfs-validate-extent-size-hint-parameters.patch
- xfs_repair: Fix root inode's parent when it's bogus for sf directory
(bsc#1138227)
- add xfsprogs-xfs_repair-Fix-root-inode-s-parent-when-it-s-bogus-f.patch
- yast2-storage
-
- Partitioner: PVs are not wrongly removed when resizing a VG
(bsc#1197208).
- 3.2.23
- zlib
-
- Fix heap-based buffer over-read or buffer overflow in inflate via
large gzip header extra field (bsc#1202175, CVE-2022-37434,
CVE-2022-37434-extra-header-1.patch,
CVE-2022-37434-extra-header-2.patch).