- ntp
-
- bsc#1215801: Use system-supplied libevent instead of local copy.
- google-cloud-sap-agent
-
- Update to version 2.8 (bsc#1217373, bsc#1217374)
* Bump agent version to 2.8 to support C3/M3 certification
* Update go.yml to use go 1.21
* Switch from "slices" to "go_exp.../slices" for go version dependency
* Use newly refactored discovery packages.
* Fixes issue with diskname from source or device name
* Adds extreme disk type IOps and Throughput for host metrics
* Add `INTEGRATION` target config environment for collection definition testing
* Add project number to SAP System proto
* Add a cache to discovered resources. This reduces the number of API
calls needed to perform System Discovery
* Replace windows wmic hardware queries with PowerShell wmi queries
* Fix test flakiness
* Improve development process for collection definition configuration
* HANA PD based snapshot and restore - changes to add wait for uploading
* Fix for kokoro build issue in processmetrics/networkstats
* GCBDR SAPCoreAPP Package in Agent for SAP
* Add version tracking for WLM validation config
* Send workload validation config to remote instances for use during remote collection
* Add flag for passing in workload validation config into remote collection OTE
* Bump google.golang.org/grpc from 1.58.2 to 1.58.3
- from version 2.7
* Added ote for hma dashboards migration
* Increase Max backoff in storage package to 300 seconds
* Added subpaths for collection of required TCP metrics
* Add more debug logs and increase the wait-time for PD operations in restore
* No public description
* Add 30 second timeout to read/write from the local file system for Backint
* No public description
* Adds RHEL 9 VM Manager policy
* Extract cloud-related discovery functions into separate file
* Adding timeout to systemReplication.py command execution
* Allow download attempts without verifying connection to bucket
* Invoke `collectiondefinition.Start` when starting the agent in daemon mode
* SAP Agent CLI - usability improvements for flags and help menu
* Add host project information to HANA DB component discovery data.
* Use proto names for default configuration during Backint installation
* Extending logging capabilities to all packages of the agent
* Added a feature for exposing TCP connection metrics
* Migrating context logging logic to all packages of SAP Agent
* Add an ifthisthenthatlint to ensure new script is kept in sync with rule proto
* (collectiondefition) - Discard unknown fields and remove breaking metrics
* Moving commandlineexecutor from internal to shared for sqlserveragent
* Define startup function for collectiondefinition package
* Check error on close of destFile in backint restore
* Allow trailing zeros for millisecond timestamps in Backint
* Add pid to all agent logs
* Bump SAP Agent version to 2.7 (placeholder release version)
* Separate collection definition validation functionality into a separate file
* Add datetime to migration folder for Backint installation
* Add symlink for Backint log file to install directory
* Set a deadline for the final flush to cloud logging
* Increase chunk retry deadline in storage package
* Fix order dependent tests in sapagent/internal/storage
* Change support bundle feature to collect the OTE logs from new path
* Usage logging for remote WLM validation metrics collection from the collector instance
* Extract discovery functions performed on the host to a separate file
* Improve agent shutdown experience in daemon mode
* Fix Backint restoring incorrect file
* Google Events - rule proto initial submission
* Move gce package to shared folder for use by SQL Server agent
* Add GCS integration into collectiondefinition package
* Standardize import aliases
* go mod updates
* Fixing go/gotsan data race error in processmetrics_test
* Add Backint support for Inquire line: `#EBID <external_backup_id>`
* Chown Backint install directories to user/group of the opt/ folder
* Create OTE logs under a subdir under /var/log as /var/log is only writable by root
* Will not create an empty log file for logusage logs and one
time execution logs will have 0666 file mode
* Setting the log file created to world read+write permission
* Bump golang.org/x/net from 0.15.0 to 0.17.0
* Add recovery_bucket parameter to Backint
* Extract SAP related discovery functions to a separate file
* Fix Backint install directory
* Fix Backint parallel uploads
* Move maintenance collector to beta API
* Pruning batches to prevent time series duplication
* Added a logger for incorporating service context keys in logs
* Encode the DB password string to handle passwords with special characters
* Handling non error scenarios better in netweaver.go
* Internal change
* fixes typo on backint install
* Allow all users to execute google_cloud_sap_agent
* Fix hdbbackint script.
* Subdirs for Backint DIAGNOSE temporary files
* Report zero-value metrics for upcoming maintenance
* Clean up gcealpha functionality
* Fix default configuration values in daemon and backint
* Update the comment in proto to reflect that the metric
path in skip list should start with /sap
* Implemented separation of context of different services
- Update to version 2.6 (bsc#1215672, bsc#1215673)
* Rolling back previous change for storing Project Number,
Project ID is sufficient, no need to add complexity
* Determine location of HANA global.ini using SAP system discovery logic
* Add numeric project ID prefix to object name for ReadMetrics
* Discovery now looks up and stores project number with discovery data
* ReadMetrics updates for IAM permissions and bucket object names
* fixing the bug in backoff logic, using separate policies
for each collector and adding some logs
* Backint migration from the old agent and supporting legacy parameters
* adding new backoff policies for process metrics and fixing the
bug in process metrics sapservice collector
* Bump SAP Agent version to 2.6
* Fix an issue where HANA hosts may not be discovered
properly if hostname differs from instance name
* Use Go 1.20 friendly sorting solution
* adding retries in process metrics logic with backoffs
* Fix parsing of instance (host/VM) name in Pacemaker pcmk_delay_max metric
* Add the collection definition changes for the SAP HANA Topology metrics
* Template for Cloud Monitoring Alerts for Backint errors
* adding backoff to InstanceProperties to each collector
* Reduced the number of parameters of startXX functions
by consolidating them into respective structs
* completing TODO (b/298315981): Create a map from skipped
list metrics and pass it to collectors.
* Proto package name changes to reflect the current path
* Use instance_name instead of instance_id for baremetal systems
* Decode encryption keys for Backint.
* Moving hareplication metric to fast moving metrics
* Added backoffs package in process metrics to keep the backoff policies
and retry policies separately and make it reusable acrosss process metrics
* Install Backint OTE
* Adding skip list logic to process metrics
* Separating fastmoving metrics into a separate file from other process metrics
* Update remote collection to use collected instance's Cloud Properties
* ReadMetrics upload to bucket and send status to monitoring
* Remove local implementation of DW API in favor of using generated third_party version
* ReadMetrics read input file and write results to local filesystem
* Clean up command line executions to collect SAP Control metrics
* Adding new OTE structure for ReadMetrics
* Add the SUSE specific spec file to keep upstream changes and SUSE packaging in sync
* Collect and report upcoming maintenance
* Add basepath override and gcealpha functionality
* Making proto changes for process metrics re-arch
* Changes for generating HANA Insights locally into a markdown file
* Delay feature specific daily action logs by 24 hours
to avoid noise created by startup failures
* Update to the rule "maximum_invalid_connect_attempts"
* Add some missing related resources
* Fix rate limiting for compression enabled uploads/downloads
* Optional User-Agent parameter added to storage package client connection
* Relocate gcealpha to /internal
* Fix parse_test error
* Retries added for opening files in Backint
* Make processmetrics unit tests hermetic
* Remove if-this-then-that requirement from WLM validation rule
* Fix WriteInsight JSON encoding, and add missing elements
* Add configuration value to change API endpoint for Data Warehouse calls
* Storage package progress messages based off of read/writes directly to the bucket
* Make Collect DB Metrics as NO-OP when metrics are being read from override file
* Remove unused field from backint proto
* Custom retries for the storage package with exponential backoff and MaxRetries setting
- Update to version 2.5
+ No upstream changelog provided
- yast2-auth-client
-
- Skip whitespace-only lines parsing krb5.conf; (bsc#1215297);
- Remove duplicated when clause (dead code) in
src/lib/authui/ldapkrb/main_dialog.rb
- 3.3.21
- supportutils
-
- Changes in version 3.0.12
+ Optimize lsof usage (bsc#1183663)
+ Collects ntp or chrony as needed (bsc#1196293)
- Added email.txt based on OPTION_EMAIL
- Added run time detection (bsc#1213127)
- regionServiceClientConfigGCE
-
- Update to version 4.0.1 (bsc#1217538)
+ Replace 130.211.242.136.pem and 130.211.88.88.pem certs
expiring in 8 years and new length of 4096
These certs will replace the current certs that
expire soon
- Update to version 4.0.0 (bsc#1199668)
+ Move the cert location to /usr for compatibility with ro setup of
SLE-Micro
+ Fix url in spec file to pint to the proper location of the source
- ncurses
-
- Add patch bsc1218014-cve-2023-50495.patch
* Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
(bsc#1218014)
- openslp
-
- add separate source openslp.logrotate.systemd to use systemctl
reload for logrotate configuration [bnc#1206153]
new file: openslp.logrotate.systemd
- jbigkit
-
- security update
- added patches
fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler
+ jbigkit-CVE-2022-1210.patch
- crmsh
-
- Update to version 4.1.1+git.1698634014.97c7bf37:
* Fix: utils: Call stdout2list correctly (bsc#1216597)
- yast2-registration
-
- Switch to the new SUSEConnect-ng (bsc#1212799), includes
additional fixes:
- SSL reload fix (bsc#1195220)
- Detection of base products coming from SCC
(bsc#1194989, bsc#1217317)
- 3.3.2
- rsyslog
-
- fix rsyslog crash in imrelp (bsc#1210286)
* add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
- openssl-1_1
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- tiff
-
- security update:
* CVE-2023-2731 [bsc#1211478]
Fix null pointer deference in LZWDecode()
This patch also contains a required commit which is marked
to fix CVE-2022-1622 [bsc#1199483] but we are not vulnerable
to that CVE because relevant code is not present.
+ tiff-CVE-2023-2731.patch
* CVE-2023-26965 [bsc#1212398]
Fix heap-based use after free in loadImage()
+ tiff-CVE-2023-26965.patch
* CVE-2022-40090 [bsc#1214680]
Fix infinite loop in TIFFReadDirectory()
+ tiff-CVE-2022-40090.patch
* CVE-2023-1916 [bsc#1210231]
Fix out-of-bounds read in extractImageSection()
+ tiff-CVE-2023-1916.patch
- security update:
* CVE-2023-38289 [bsc#1213589]
+ tiff-CVE-2023-38289.patch
* CVE-2023-38288 [bsc#1213590]
+ tiff-CVE-2023-38288.patch
* CVE-2023-3576 [bsc#1213273]
+ tiff-CVE-2023-3576.patch
* CVE-2020-18768 [bsc#1214574]
+ tiff-CVE-2020-18768.patch
* CVE-2023-26966 [bsc#1212881]
+ tiff-CVE-2023-26966.patch
* CVE-2023-3618 [bsc#1213274]
+ tiff-CVE-2023-3618.patch
* CVE-2023-2908 [bsc#1212888]
+ tiff-CVE-2023-2908.patch
* CVE-2023-3316 [bsc#1212535]
+ tiff-CVE-2023-3316.patch
- compat-openssl098
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- cloud-regionsrv-client
-
- Update to version 10.1.5 (bsc#1217583)
+ Fix fallback path when IPv6 network path is not usable
+ Enable an IPv6 fallback path in IMDS access if it cannot be accessed
over IPv4
+ Enable IMDS access over IPv6
- Update to version 10.1.4 (bsc#1217451)
+ Fetch cert for new update server during failover
- ca-certificates
-
- Use --overwrite option (bsc#1216685, ca-certificates-overwrite.diff)
- samba
-
- Add new idmap_nss option 'use_upn' for those NSS modules able to
handle UPNs or DOMAIN/user name format; (bsc#1215369);
- Avoid unnecessary locking in idmap parent setup; (bsc#1215369);
- Do not try to set domain online in the idmap child;
(bsc#1215369); (bso#15317).
- zypper
-
- Backport needs-rebooting command from Code15 (bsc#1217948)
- BuildRequires: libzypp-devel >= 16.22.11.
- version 1.13.65
- avahi
-
- Add avahi-CVE-2023-38473.patch: derive alternative host name from
its unescaped version (bsc#1216419 CVE-2023-38473).
- libzypp
-
- Touch /run/reboot-needed if a patch suggesting a reboot was
installed (bsc#1217948)
It is expected that /run is cleaned at boot time, so the presence
of the file is one way to indicate that the system needs a reboot.
The recommended way for scripts to test whether a system reboot
is suggested will be calling `zypper needs-rebooting`.
- version 16.22.11 (0)
- Ignore if the media to unmount is no longer mounted
(bsc#1216064)
- Close all media after having preloaded the cache.
Mitigates the change that during package installation e.g. a
nfs.service restart forcefully unmounts the media we access
(bsc#1216064)
- version 16.22.10 (0)
- repo: Don't download unneeded sqlite metadata (fixes #476)
- version 16.22.9 (0)
- kernel-default
-
- PCI: Disable ATS for specific Intel IPU E2000 devices
(bsc#1218622).
- commit 6c47e22
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit 74aafd7
- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1202095 CVE-2022-2586).
- commit 32951b9
- netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1202095 CVE-2022-2586).
- commit d107d27
- netfilter: preserve KABI for struct nft_set (bsc#1202095 CVE-2022-2586).
- commit b3d22c5
- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (bsc#1202095 CVE-2022-2586).
- commit 61a0caa
- Resolve build warnings from previous series due to missing commit for
Ice Lake freerunning counters
perf/x86/intel/uncore: Add box_offsets for free-running counters
(jsc#PED-5023 bsc#1211439).
- commit 8524ea3
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
(CVE-2023-51779 bsc#1218559).
- commit f63e944
- blacklist.conf: update blacklist
- commit 6de7142
- xhci: Clear EHB bit only at end of interrupt handler
(git-fixes).
- commit 21f5e35
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
(git-fixes).
- commit d5b5186
- MyBS: Workaround for kernel-obs-build build failure
(JSC-SLE#5501, boo#1211226, bsc#1218184)
kernel-obs-build needs root for build. This is in some way enabled for
the package link case but not for multibuild case. As a workaround add
the allowrootforbuild flag to prjconf for multibuild.
- commit 71a32af
- md/raid1: fix error: ISO C90 forbids mixed declarations
(git-fixes).
- commit c63e55d
- dm-integrity: don't modify bio's immutable bio_vec in
integrity_metadata() (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
md_set_readonly() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
(git-fixes).
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
(git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
(git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
(git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
progress (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
error paths (git-fixes).
- md/raid0: add discard support for the 'original' layout
(git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
(git-fixes).
- nbd: Add the maximum limit of allocated index in nbd_dev_add
(git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
error path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
(git-fixes).
- dm stats: check for and propagate alloc_percpu failure
(git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create()
fails (git-fixes).
- dm cache: add cond_resched() to various workqueue loops
(git-fixes).
- dm thin: add cond_resched() to various workqueue loops
(git-fixes).
- dm: remove flush_scheduled_work() during local_exit()
(git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors
(git-fixes).
- commit 640b528
- Previous perf cve-4.12->SLE12-SP5 manual merge was incorrect. Fix.
- Refresh
patches.suse/perf-Fix-perf_event_validate_size-lockdep-splat.patch.
- Refresh patches.suse/perf-Fix-perf_event_validate_size.patch.
- commit 3382aa6
- MyBS: Fix the logic of the wipe conditional.
- with no_init specified leave the built packages
- with multibuild the package may be present even if build is not
enabled, delete anyway
- commit 9c2f303
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
When MULTIBUILD option in config.sh is enabled generate a _multibuild
file listing all spec files.
- commit f734347
- Build in the correct KOTD repository with multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
With multibuild setting repository flags is no longer supported for
individual spec files - see
https://github.com/openSUSE/open-build-service/issues/3574
Add ExclusiveArch conditional that depends on a macro set up by
bs-upload-kernel instead. With that each package should build only in
one repository - either standard or QA.
Note: bs-upload-kernel does not interpret rpm conditionals, and only
uses the first ExclusiveArch line to determine the architectures to
enable.
- commit aa5424d
- bs-upload-kernel, MyBS, Buildresults: Support multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
- strip package name prefix when recording results
- add package prefix to linked packages
- when _multibuild file is present do not link packages
- use onlybuild BuildFlag for limiting build to specific packages
- generate is_kotd_qa macro in project config that can be used to
determine if the package is built in the QA repository
This is _very_ convoluted. No shell or lua tools can be used because
this information needs to be available to the OBS to schedule the
package in the correct repository, and it does not run scripts. The
builtin sub macro for slicing strings causes a build error - it
expanded correctly by the scheduler but not available at package build
time. If conditional cannot be used because rpm macros from project
config are added to a macro include file, and those do not support
conditionals. That leaves the option to use an expression that
explicitly enumerates all QA repository names. This requires unusal
and convoluted check in the spec file to make use of.
- commit 747f601
- MyBS: create_package: Specify package should build in QA repository
by argument (JSC-SLE#5501, boo#1211226, bsc#1218184)
Drop the unused title and description arguments, move the package name
match to upload_package and pass teh result, add additional argument for
multibuild.
- commit a355e71
- bs-upload-kernel: Wipe kernel-obs-build before upload
(JSC-SLE#5501, boo#1211226, bsc#1218184)
The kernel upload takes long enough for packages to start building
during the upload. If the project contains kernel-obs-build binary that
crashes on boot builds fail as a result. Wipe kernel-obs-build before
the upload. Handle the case when the package does not exist yet by
ignoring the error.
- commit cdac4cc
- bs-upload-kernel: Use one package list (JSC-SLE#5501, boo#1211226, bsc#1218184)
There were ultiple package lists passed to upload_package supporting the
distinction between package names starting with kernel- which can be
individually selected for build, and other packages. Pass only one
package list to simplify the logic and make it possible to know the full
package list before doing the upload.
- commit ec941eb
- bs-upload-kernel: Support package limit for non-kernel packages
(JSC-SLE#5501, boo#1211226, bsc#1218184)
The -f option of the bs-upload-kernel script adds kernel- prefix
unconditionally the package name.
List all spec files in the uploaded directory, and check if the package
exists with or without the kernel- prefix.
- commit 354b77b
- bs-upload-kernel: Drop BS_SUFFIX (JSC-SLE#5501, boo#1211226, bsc#1218184)
BS_SUFFIX was used by SLE12 SP1 for Arm. This release is no longer
maintained, and this feature gets no testing.
Substantial changes to this script are required, and it's unlikely this
feture would keep working after that.
- commit e27b306
- blacklist.conf: Add 1ca0b6051505 cgroup: Remove duplicates in cgroup v1 tasks file
- commit a77e914
- blacklist.conf: add non-backport commits of git-fixes
- commit 4d91f49
- blacklist.conf: change to logging only
- commit a144be1
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- commit 0feae40
- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- commit d343735
- Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237
CVE-2020-26555).
- Bluetooth: hci_event: Fix coding style (bsc#1215237
CVE-2020-26555).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
(bsc#1215237 CVE-2020-26555).
- commit eb3189f
- Bluetooth: Reject connection with the device which has same
BD_ADDR (bsc#1215237 CVE-2020-26555).
- commit fea8835
- Bluetooth: hci_event: Ignore NULL link key (bsc#1215237
CVE-2020-26555).
- commit c0e1033
- perf/x86/intel/uncore: Fix reference count leak in
__uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix reference count leak in
snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
PMU (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
server (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix integer overflow on 23 bit left
shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running
events (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix oops when counting IMC uncore events
on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix missing marker for
snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439
(git-fixes)).
- commit 1cc4e6d
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit 6cfe60a
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit d398d5f
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit 6765acb
- perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023
bsc#1211439).
- commit 60ab65b
- perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit fac3f56
- perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 7c0409f
- perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit f918ead
- perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit c544da1
- perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 5b98b63
- perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 0e12a3f
- perf/x86/intel: Fix Ice Lake event constraint table
(jsc#PED-5023 bsc#1211439).
- commit cd283d5
- perf/x86/intel/uncore: Update Ice Lake uncore units
(jsc#PED-5023 bsc#1211439).
- commit 0e10240
- perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR
uncore support (jsc#PED-5023 bsc#1211439).
- commit 9c5fb1a
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to
the to Intel CPU family (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit 2561a0a
- perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 2e1087f
- x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023
bsc#1211439).
- commit 5b5d85f
- perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023
bsc#1211439).
- commit c6183ea
- perf/x86/intel/uncore: Add Ice Lake server uncore support
(jsc#PED-5023 bsc#1211439).
- commit 4150606
- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box
(jsc#PED-5023 bsc#1211439).
- commit c73e167
- perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit f5492f0
- perf/x86/cstate: Update C-state counters for Ice Lake
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit fef0544
- perf/x86/msr: Add new CPU model numbers for Ice Lake
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-add-cannon-lake-to-retbleed-affected-cpu-list.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-speculation-Mark-all-Skylake-CPUs-as-vulnerable-to-GDS.patch.
- Refresh
patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- commit 68588a6
- perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 2ec338b
- x86/cpu: Add Comet Lake to the Intel CPU models header
(jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit bd3eac7
- x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023
bsc#1211439).
- blacklist.conf:
- Refresh patches.suse/x86-CPU-Add-Icelake-model-number.patch.
- Refresh patches.suse/x86-cpu-sanitize-fam6_atom-naming.patch.
- commit 45e2da6
- perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit ebba1f6
- perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x
register (jsc#PED-5023 bsc#1211439).
- commit b357e8f
- perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge
(jsc#PED-5023 bsc#1211439).
- commit 1e6f0c4
- perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023
bsc#1211439).
- commit b9f2803
- perf/x86/intel/uncore: Support MMIO type uncore blocks
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 2ed2c09
- perf/x86/intel/uncore: Factor out box ref/unref functions
(jsc#PED-5023 bsc#1211439).
- commit 9298d3b
- perf/x86/intel/uncore: Add uncore support for Snow Ridge server
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 6e7af12
- perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit ba0eb7e
- perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/intel_rapl-add-support-for-IceLake-desktop.patch.
- Refresh
patches.suse/powercap-intel-rapl-add-support-for-ICX.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 7786ce1
- perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake,
AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439).
- commit 4d459ae
- perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs
(jsc#PED-5023 bsc#1211439).
- commit 1e8abbc
- perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 55befa5
- x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit 34f99e6
- s390/vx: fix save/restore of fpu kernel context (git-fixes
bsc#1218362).
- commit 657e47b
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- commit 6f2b20c
- Input: powermate - fix use-after-free in
powermate_config_complete (git-fixes).
- commit 6690cf9
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 64cb7dc
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
packet (bsc#1218253 CVE-2023-6932).
- commit ebe786a
- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors
(bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
(bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
(bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 9108d42
- tracing: Update snapshot buffer on resize if it is allocated
(git-fixes).
- commit 30f36d0
- ring-buffer: Fix memory leak of free page (git-fixes).
- commit 7dfbb97
- blacklist.conf: add a not-relevant ftrace fix
- commit 09bf0c1
- blacklist.conf: false positive
- commit 71ff422
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
(git-fixes).
- commit 6e72146
- net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed
(git-fixes).
- commit ce068ed
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
(git-fixes).
- commit 715a8e7
- blacklist.conf: update blacklist
- commit 9a12072
- blacklist.conf: update blacklist
- commit cc9998b
- net: stmmac: Move debugfs init/exit to ->probe()/->remove() (git-fixes).
- commit e003b9a
- net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes).
- commit 39aa8c8
- net: macb: disable scatter-gather for macb on sama5d3 (git-fixes).
- commit a5f5aa8
- netfilter: nft_compat: use-after-free when deleting targets
(git-fixes).
- commit 2ea1f0c
- netfilter: nf_tables: fix use-after-free when deleting compat
expressions (git-fixes).
- commit b4fa1c0
- tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes).
- commit b480783
- blacklist.conf: update blacklist
- commit 14f35e3
- netfilter: ebtables: also count base chain policies (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 051bd2a
- netfilter: ebtables: compat: un-break 32bit setsockopt when
no rules are present (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 332123a
- netfilter: ebtables: don't attempt to allocate 0-sized compat
array (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 39f9e26
- netfilter: preserve KABI for xt_compat_init_offsets (git-fixes).
- commit 71e46a5
- netfilter: compat: reject huge allocation requests (git-fixes).
- commit f398964
- netfilter: compat: prepare xt_compat_init_offsets to return
errors (git-fixes).
- commit a1a8d4f
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057).
- commit d3f8ccb
- tracing: Disable snapshot buffer when stopping instance tracers
(git-fixes).
- commit b07eab3
- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 5c0c11a
- tracing: Always update snapshot buffer size (git-fixes).
- commit c831a81
- tracing: relax trace_event_eval_update() execution with
cond_resched() (git-fixes).
- commit f1e2f19
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit 50692e8
- README.BRANCH: update maintainers list
- commit 4795fb8
- ipv6/addrconf: fix a potential refcount underflow for idev
(git-fixes).
- commit 0afb0f6
- ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
- commit a02e296
- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 934530e
- sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
- commit 96165ef
- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 42264ea
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 8fe5105
- xsk: Fix incorrect netdev reference count (git-fixes).
- commit 2ed0c59
- xfrm: reuse uncached_list to track xdsts (git-fixes).
- blacklist.conf: remove from the blacklist
- Refresh
patches.suse/ipv4-fix-race-condition-between-route-lookup-and-inv.patch.
- Refresh
patches.suse/ipv4-lock-mtu-in-fnhe-when-received-PMTU-net.ipv4.ro.patch.
- commit 38edc03
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
(bsc#1217801).
- commit b55327d
- tracing: Fix a possible race when disabling buffered events
(bsc#1217036).
- commit 5f21a8d
- net: usb: ax88179_178a: fix failed operations during
ax88179_reset (git-fixes).
- commit 9041dc6
- r8152: Cancel hw_phy_work if we have an error in probe
(git-fixes).
- commit 6ae718a
- r8152: Run the unload routine if we have errors during probe
(git-fixes).
- commit d668b36
- r8152: Increase USB control msg timeout to 5000ms as per spec
(git-fixes).
- commit 3e20995
- tracing: Fix a warning when allocating buffered events fails
(bsc#1217036).
- commit 80b9661
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
(git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
(git-fixes).
- commit 9c4175d
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
bsc#1217936).
- commit 4da118c
- nvmet: nul-terminate the NQNs passed in the connect command
(bsc#1217250 CVE-2023-6121).
- commit 2021a67
- tracing: Fix incomplete locking when disabling buffered events
(bsc#1217036).
- commit 9d8e191
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes, bsc#1217036).
- commit 693b5e0
- kernel-source: Remove config-options.changes (jsc#PED-5021)
The file doc/config-options.changes was used in the past to document
kernel config changes. It was introduced in 2010 but haven't received
any updates on any branch since 2015. The file is renamed by tar-up.sh
to config-options.changes.txt and shipped in the kernel-source RPM
package under /usr/share/doc. As its content now only contains outdated
information, retaining it can lead to confusion for users encountering
this file.
Config changes are nowadays described in associated Git commit messages,
which get automatically collected and are incorporated into changelogs
of kernel RPM packages.
Drop then this obsolete file, starting with its packaging logic.
For branch maintainers: Upon merging this commit on your branch, please
correspondingly delete the file doc/config-options.changes.
- commit adedbd2
- README.md: Make a few polishing changes (jsc#PED-5021)
* Move @suse.com address at the front of SUSE email domains, as that is
the one that should be normally used for contributions, according to
the current SUSE Open Source Policy.
* Avoid repeatedly using "please" in two consecutive sentences.
* Fix a typo in section "Patch sorting": "commit" -> "commits".
* Prefix relative commands in section "Config option changes" with "./"
even if they are from a subdirectory, for consistency with the rest of
the document.
* Turn "Related information" into a proper list.
- commit 7c8a1e3
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
Reduce indentation in the list of references, make the style consistent
with README.md.
- commit 70e3c33
- doc/README.SUSE: Add how to update the config for module signing
(jsc#PED-5021)
Configuration files for SUSE kernels include settings to integrate with
signing support provided by the Open Build Service. This creates
problems if someone tries to use such a configuration file to build
a "standalone" kernel as described in doc/README.SUSE:
* Default configuration files available in the kernel-source repository
unset CONFIG_MODULE_SIG_ALL to leave module signing to
pesign-obs-integration. In case of a "standalone" build, this
integration is not available and the modules don't get signed.
* The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
".kernel_signing_key.pem" which is a file populated by certificates
provided by OBS but otherwise not available. The value ends up in
/boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
decides to use one of these files as their base configuration then the
build fails with an error because the specified module signing key is
missing.
Add information on how to enable module signing and where to find the
relevant upstream documentation.
- commit a699dc3
- net/ulp: use consistent error code when blocking ULP
(CVE-2023-0461 bsc#1208787 bsc#1217079).
- net/ulp: prevent ULP without clone op from entering the LISTEN
status (CVE-2023-0461 bsc#1208787 bsc#1217079).
- commit fb04b97
- scripts: Install pre-merge-commit hook
When merge is not carried out with `--no-commit` or it does not yield in
a conflict, our standard pre-commit checks are omitted.
Rectify that by invoking pre-commit hook via pre-merge-commit too.
- commit 87067a7
- scripts: pre-commit: Check newly added blacklist.conf entries
When blacklist.conf entries are added by merging an "upstream" branch,
they are not checked against present commits and the repo ends up in
inconsistent state when the patch is present and blacklisted at the same
time.
The state is checked in pre-commit hook when a (blacklisted) patch is
added. Prevent reaching this state when adding blacklist.conf entries
too.
Using scripts/check-patch-blacklist for this check would be
prohibitively slow (~5 minutes with 40k patches).
- commit 1f68a01
- doc/README.SUSE: Remove how to build modules using kernel-source
(jsc#PED-5021)
Remove the first method how to build kernel modules from the readme. It
describes a process consisting of the kernel-source installation,
configuring this kernel and then performing an ad-hoc module build.
This method is not ideal as no modversion data is involved in the
process. It results in a module with no symbol CRCs which can be wrongly
loaded on an incompatible kernel.
Removing the method also simplifies the readme because only two main
methods how to build the modules are then described, either doing an
ad-hoc build using kernel-devel, or creating a proper Kernel Module
Package.
- commit 9285bb8
- Revert "Bluetooth: btsdio: fix use after free bug in
btsdio_remove due to unfinished work" (git-fixes).
- commit a2b7495
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
(git-fixes).
- md/raid10: Do not add spare disk when recovery fails
(git-fixes).
- md/raid10: clean up md_add_new_disk() (git-fixes).
- md/raid10: prioritize adding disk to 'removed' mirror
(git-fixes).
- md/raid10: improve code of mrdev in raid10_sync_request
(git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(git-fixes).
- md/bitmap: factor out a helper to set timeout (git-fixes).
- md/bitmap: always wake up md_thread in timeout_store
(git-fixes).
- dm-raid: remove useless checking in raid_message() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
(git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md: fix data corruption for raid456 when reshape restart while
grow up (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
(git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
(git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
(git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: fix incorrect declaration about claim_rdev in
md_import_device (git-fixes).
- md: remove lock_bdev / unlock_bdev (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: do not return existing mddevs from mddev_find_or_alloc
(git-fixes).
- md: refactor mddev_find_or_alloc (git-fixes).
- md: factor out a mddev_alloc_unit helper from mddev_find
(git-fixes).
- md: get sysfs entry after redundancy attr group create
(git-fixes).
- commit 293695f
- md: fix deadlock causing by sysfs_notify (git-fixes).
- Refresh patches.kabi/md-backport-kabi.patch.
- commit f6c5a12
- md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).
- md: add new workqueue for delete rdev (git-fixes).
- commit 17e8908
- blacklist.conf: update for non-backport commits
- commit 8da9f2d
- usb-storage: fix deadlock when a scsi command timeouts more
than once (git-fixes).
- commit cf05cec
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
(git-fixes).
- commit 762e0de
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- Refresh
patches.suse/USB-serial-option-add-Quectel-EC200A-module-support.patch.
- commit b94685a
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- commit 55c3b8d
- blacklist.conf: cleanup
- commit 8877293
- blacklist.conf: pure cleanup
- commit e8a295a
- usb: typec: tcpm: Fix altmode re-registration causes sysfs
create fail (git-fixes).
- commit fc9ee7b
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive
(bsc#1214764).
- commit 66a91f5
- Update patches.kabi/NFSv4-Fix-OPEN-CLOSE-race-FIX.patch
(bsc#1176950, bsc#1217525).
- Refresh
patches.kabi/NFSv4-Wait-for-stateid-updates-after-CLOSE-OPEN_DOWN_kabi.patch.
- commit 70e60bf
- netfilter: conntrack: dccp: copy entire header to stack buffer,
not just basic one (CVE-2023-39197 bsc#1216976).
- commit 91c26b6
- kernel-binary: suse-module-tools is also required when installed
Requires(pre) adds dependency for the specific sciptlet.
However, suse-module-tools also ships modprobe.d files which may be
needed at posttrans time or any time the kernel is on the system for
generating ramdisk. Add plain Requires as well.
- commit 8c12816
- Revert "tracing: Fix warning in trace_buffered_event_disable()"
(bsc#1217036)
Temporarily revert the commit. It exposed a separate issue related to
trace buffered event synchronization which needs to be fixed first.
- commit 579dd1d
- README.SUSE: fix patches.addon use
It's series, not series.conf in there.
And make it more precise on when the patches are applied.
- commit cb8969c
- Do not store build host name in initrd
Without this patch, kernel-obs-build stored the build host name
in its .build.initrd.kvm
This patch allows for reproducible builds of kernel-obs-build and thus
avoids re-publishing the kernel-obs-build.rpm when nothing changed.
Note that this has no influence on the /etc/hosts file
that is used during other OBS builds.
https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e
- cpu/hotplug: Create SMT sysfs interface for all arches
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- Refresh patches.suse/cpu-SMT-Move-SMT-prototypes-into-cpu_smt.h.patch.
- Refresh patches.suse/cpu-SMT-Store-the-current-max-number-of-threads.patch.
- Refresh patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- Refresh patches.suse/x86-power-Fix-nosmt-vs-hibernation-triple-fault-duri.patch.
- commit f37a0c7
- Update config files.
- commit dbf7641
- s390/cio: unregister device when the only path is gone
(git-fixes bsc#1217607).
- commit 750467a
- s390/dasd: use correct number of retries for ERP requests
(git-fixes bsc#1217604).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217603).
- commit d2fc41b
- cpu/SMT: Remove topology_smt_supported() (bsc#1214408).
- commit 3012e9b
- cpu/SMT: Store the current/max number of threads (bsc#1214408).
- Refresh
patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch.
- commit bfa1761
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).
- commit acb1c39
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).
- Refresh
patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch.
- commit 76bedc5
- s390/dasd: protect device queue against concurrent access
(git-fixes bsc#1217519).
- commit dab3b0f
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
docker together (bsc#1216031).
- commit f260538
- Ensure ia32_emulation is always enabled for kernel-obs-build
If ia32_emulation is disabled by default, ensure it is enabled
back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
[ms: Always pass the parameter, no need to grep through the config which
may not be very reliable]
- commit 56a2c2f
- rpm: Define git commit as macro
- commit bcc92c8
- kernel-source: Move provides after sources
- commit dbbf742
- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
CVE-2023-45863).
- commit 9922921
- xfs: make sure maxlen is still congruent with prod when rounding
down (git-fixes).
- commit 0154927
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
(git-fixes).
- commit 6c99467
- l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).
- commit 0e54c67
- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file
overflow (git-fixes).
- commit 28faea4
- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit f386e74
- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
Implement KABI fix for above
- commit 5b65c0e
- perf/core: Fix __perf_read_group_add() locking (bsc#1216584
CVE-2023-5717).
- perf/core: Fix locking for children siblings group read
(bsc#1216584 CVE-2023-5717).
- commit 8ccfe6e
- s390/crashdump: fix TOD programmable field size (git-fixes
bsc#1217206).
- commit 9780bde
- blacklist.conf: Add a not-suitable kprobes patch
- commit 0eb14eb
- ring-buffer: Avoid softlockup in ring_buffer_resize()
(git-fixes).
- commit d8d3409
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
(git-fixes).
- scsi: qla2xxx: Fix double free of dsd_list during driver load
(git-fixes).
- commit 9172a73
- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
Not supported by our compiler.
- commit eb32b5a
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
(LTC#203996 bsc#1217087).
- commit 3a41a21
- s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).
- commit b4ffc60
- s390/mm: add missing arch_set_page_dat() call to gmap
allocations (LTC#203996 bsc#1217087).
- commit 1b2cc83
- s390/mm: add missing arch_set_page_dat() call to
vmem_crst_alloc() (LTC#203996 bsc#1217087).
- commit 0dd665d
- s390/cmma: fix initial kernel address space page table walk
(LTC#203996 bsc#1217087).
- commit 1ad76c2
- igb: set max size RX buffer when store bad packet is enabled
(bsc#1216259 CVE-2023-45871).
- commit d675d77
- drm/qxl: fix UAF on handle creation (CVE-2023-39198
bsc#1216965).
- commit 9ba677b
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit b07c667
- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
to fix build on x86_32.
There was a fix submitted to upstream but it was not accepted:
https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37
- net-memcg: Fix scope of sockmem pressure indicators
(bsc#1216759).
- commit 508863b
- scripts/osc_wrapper: call osc init before build
Otherwise osc build doesn't build anything and complains instead:
Directory '...' is not a working copy.
Use "kernel-source" as package as it doesn't matter which we build. It's
only to make osc happy that we have a working copy. And all packages
link to kernel-source anyway.
- commit 2201b26
- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
bsc#1210778).
- commit 0f8804e
- USB: ene_usb6250: Allocate enough memory for full object
(bsc#1216051 CVE-2023-45862).
- commit 6d3e018
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
bsc#1216514).
- commit 64da298
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
- commit 5844864
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- sched/core: Mitigate race
cpus_share_cache()/update_top_cache_domain() (git fixes
(sched)).
- sched: Reenable interrupts in do_sched_yield() (git fixes
(sched)).
- sched: correct SD_flags returned by tl->sd_flags() (git fixes
(sched)).
- sched: Avoid scale real weight down to zero (git fixes (sched)).
- sched/core: Fix migration to invalid CPU in
__set_cpus_allowed_ptr() (git fixes (sched)).
- sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
(git fixes (sched)).
- sched/rt: Minimize rq->lock contention in
do_sched_rt_period_timer() (git fixes (sched)).
- commit 913e5fc
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit b83449b
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9afb234
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit bb2fa98
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit d6a80de
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit ede2396
- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit 8fb5a69
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 1100fe5
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit c026b47
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 0f74b6a
- blacklist.conf: Fix only in the event of a customer bug
- commit 17b0259
- blacklist.conf: Mostly cosmetic fix to a build warning
- commit 1af83e7
- blacklist.conf: Fix to experimental feature, fix only in the event of a customer bug
- commit 56273cd
- blacklist.conf: Complex dependencies missing that applies to an extreme corner case, fix only in the event of a customer bug
- commit d67ae17
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9b299fd
- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit cd58927
- blacklist.conf: Guard against unlikely tuning value, fix only in the event of a customer bug
- commit 166c336
- blacklist.conf: Missing dependencies, fix only in the event of a customer bug
- commit cbebcfe
- blacklist.conf: Sparse warning fix
- commit b199522
- blacklist.conf: Cosmetic, debugging patch for unused config
- commit 22b7a31
- iommu/amd: Set iommu->int_enabled consistently when interrupts
are set up (bsc#1206010).
- commit d889c94
- iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
- Delete patches.kabi/kABI-Fix-kABI-for-struct-amd_iommu.patch.
- commit 2e08e52
- kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
(bsc#1206010).
- iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
(bsc#1206010).
- commit 422a4d8
- git_sort: horms/ipvs remotes switched from master to main branch
- commit 777aadb
- virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
(git-fixes).
- commit 595e0b1
- 9p: virtio: make sure 'offs' is initialized in zc_request
(git-fixes).
- commit 10bf215
- blacklist.conf: add "hwrng: virtio - Fix race on data_avail and actual data"
- commit c5a6489
- virtio_net: Fix error unwinding of XDP initialization
(git-fixes).
- commit 2d8db2e
- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 4eba973
- virtio: Protect vqs list access (git-fixes).
- commit 0445801
- crypto: virtio: Fix use-after-free in
virtio_crypto_skcipher_finalize_req() (git-fixes).
- commit 1c1619c
- vsock/virtio: add transport parameter to the
virtio_transport_reset_no_sock() (git-fixes).
- Refresh
patches.suse/vhost-vsock-accept-only-packets-with-the-right-dst_c.patch.
patches.suse/net-virtio_vsock-Enhance-connection-semantics.patch
- commit b2f8fd4
- virtio_balloon: fix deadlock on OOM (git-fixes).
- commit 55dd88a
- xen-netback: use default TX queue size for vifs (git-fixes).
- commit bcb62a2
- xen/x86: obtain full video frame buffer address for Dom0 also
under EFI (bsc#1215743).
- commit 04d5576
- scripts/CKC: report "partly" correctly from parents
Commit a2aefc584d8 introduced blacklist reporting. Unforturnately
it repurposed return code 1 from check_branch function to mean
"backlisted" instead of "partly", which was not adjusted in
check_parents function.
- commit 143d5b4
- scripts/CKC: do not report results for fictional branches
Unfortunately, only return values of 0-255 range are allowed, thus
pick some distinct one.
- commit 5a9b63a
- xen/x86: obtain upper 32 bits of video frame buffer address
for Dom0 (bsc#1215743).
- commit e0fb7ee
- s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
- commit 46941f7
- usb: typec: altmodes/displayport: fix pin_assignment_show
(git-fixes).
- commit d110fbf
- usb: typec: altmodes/displayport: Fix configure initial pin
assignment (git-fixes).
- commit 849955e
- net: usb: dm9601: fix uninitialized variable use in
dm9601_mdio_read (git-fixes).
- commit f96b2d4
- README: Add the .md extension to the filename (jsc#PED-5021)
The README document has been converted to Markdown. Add the .md
extension to its filename so it gets nicely formatted on the Github
mirror.
- commit 245860e
- README: Reflow text to 80-column width (jsc#PED-5021)
- commit 6b67443
- README: Convert the document to Markdown (jsc#PED-5021)
- commit bbaa1b1
- README: Adjust heading style (jsc#PED-5021)
* Underscore all headings as a preparation for Markdown conversion.
* Use title-style capitalization for the document name and
sentence-style capitalization for section headings, as recommended in
the current SUSE Documentation Style Guide.
* Strip the table of contents. The document is short and easy to
navigate just by scrolling through it.
- commit 6f0a5cf
- README: Generalize the document (jsc#PED-5021)
* Rename the document to "SUSE Kernel Repository".
* Add an Overview section which describes what the repository contains
and provides a short introductory paragraph how the kernel is built.
The latter is borrowed from doc/README.SUSE.
- commit d24911b
- README: Update the Related Information section (jsc#PED-5021)
Add a link to kernel.suse.com and the kernel page on the openSUSE wiki.
- commit ac14bcc
- README: Update the Embargoed Patches section (jsc#PED-5021)
* Improve wording and style: avoid use of the "e.g." and "i.e."
abbreviations, etc.
* Update the example branch names to SLE15-SP5.
* Remove the example how to merge the embargoed branch back because the
commands should be obvious to anyone dealing with embargoed branches.
- commit e9f83e5
- README: Update the Ignoring Kernel ABI Changes section (jsc#PED-5021)
* Improve the wording and style: rework use of ambiguous "we", avoid use
of the future tense when not necessary, etc.
* Update the text to reflect that symvers and symtypes are the reference
files. Remove any mention of symbol sets.
- commit 61dabdd
- README: Update the Kernel ABI Changes section (jsc#PED-5021)
* Add a short description about stable kABI to give readers more
context.
* Rework the main part of the section to reflect that the ABI reference
is stored in symvers and symtypes files, applies to SLE12 onwards.
* Adjust the update-symvers example to note that in order to update both
reference files, one has to pass to the script the default and devel
packages for a respective kernel.
* Drop the second update-symvers example which mentions use of --filter
because the option should not be generally very useful to most people.
* Update the note about who should update the kabi files to say that it
should be branch maintainers.
- commit 1d97539
- scripts/CKC: fixed iterating over an array + skip unrecognized options
- 182c5295bfe1 introduced option parsing which unfotunately broke
iterating over the terms since it changed the type of KBC_CHECK_TERMS
from a string (of space separated tokens) to a proper bash array
which requires a different method of iteration.
- With different version of the script flying around it's better to
skip unrecognized options so that they are not mistaken for terms to
search for, one can always force them after '--'.
- commit f0ca120
- README: Update the What Is The Kernel ABI? section (jsc#PED-5021)
* Remove long obsolete information about "kernel(...)" per-class RPM
dependencies and replace it with information about "ksym(...)"
per-symbol entries.
* Simplify structure of the text.
- commit 7a70ee0
- README: Update the Committing and Log Messages section (jsc#PED-5021)
Rework the section to reflect that RPM changelogs are nowadays produces
directly from a Git log.
- commit 2dcbfb9
- scripts/CKC: add -c (--color) and -C (--Color) options
- c turns on colored results unconditionally.
- C turns on colored results if and only if the STDOUT is connected to
the terminal which is useful when piping the output somewhere.
Neither option is the default.
Color mapping:
ok = green
missing = red
partly = yellow
blacklisted = magenta
Example:
./scripts/check-kernel-commit 559089e0a93d -c
- commit 34a9cf5
- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
xsa-441, cve-2023-34324).
- commit a9545c4
- README: Update the Config Option Changes section (jsc#PED-5021)
* Slightly improve wording in the section.
* Bump the example directory to SLE15-SP5 to match the previous update
to the Before you commit section.
- commit 5494c94
- README: Update the Before You Commit section (jsc#PED-5021)
* Prefix the example invocation of scripts/sequence-patch.sh with "./"
for consistency with the rest of the document.
* Update the example output from scripts/sequence-patch.sh to match the
regular invocation instead of the Rapidquilt case and bump the output
to SLE15-SP5.
* Drop the paragraph describing that a fix patch should be placed in
series.conf close to the patch which introduced the associated bug.
The current situation is that the patches should be sorted according
to the upstream order.
* Add a new paragraph describing use of scripts/sequence-patch.sh with
Rapidquilt.
* Fix typos, slightly improve wording and integrate some occurrences of
additional details in parentheses.
- commit 05796c7
- blacklist.conf: risky backport that doesn't fix any actual bug
- commit 3d04b1a
- s390/vdso: add missing FORCE to build targets (git-fixes
bsc#1216140).
- commit cd866ae
- blacklist.conf: does not really fix any bug
- commit cba9926
- blacklist.conf: changes exported symbol
- commit d468872
- README: Update the Patch Headers section (jsc#PED-5021)
* Fix typos, slightly improve some wording and avoid writing additional
details in parentheses.
* Remove ":" from the names of patch tags which appear in regular
sentences. The suffix is somewhat redundant and made README
inconsistent with doc/README.PATCH-POLICY.SUSE in this regard.
* Provide an updated example for the patch header format. The new
example is shorter and shows current typically-used references.
- commit 28312bc
- README: Update the Getting Started section (jsc#PED-5021)
* Drop a mention that Git > 1.5.x is needed. This version was released
in 2007 already.
* Capitalize names of Git, Quilt and RPM, where appropriate.
* Remove the use of the --quilt option from the sequence-patch.sh
example as it is the default.
* Replace patches.fixes/ with patches.suse/ since the latter is now the
common directory for fix patches.
* Fix some typos and avoid use of a serial comma.
- commit 8b03ad9
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- commit 3f2541c
- blacklist.conf: cleanup, not fix
- commit 23ed894
- audit: fix potential double free on error path from
fsnotify_add_inode_mark (git-fixes).
- commit 4086838
- blacklist.conf: irrelevant in our configs
- commit 60908b6
- tools/thermal: Fix possible path truncations (git-fixes).
- commit 012a1c3
- blacklist.conf: build only fix
- commit 9be29dc
- KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
- commit 1e42611
- blacklist.conf: the codebase changed too much to backport the patch
- commit 79518bf
- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
CVE-2023-39189).
- commit 1a88b87
- git_sort: Add ARM KVM repository
- commit 9df3d01
- mm, memcg: reconsider kmem.limit_in_bytes deprecation
(bsc#1208788 bsc#1213705).
- commit 2d13fe0
- memcg: drop kmem.limit_in_bytes (bsc#1208788)
This brings a breaking commit for easier backport, it'll be fixed
differently in a following commit.
- commit f87e772
- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 154e29d
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
(git-fixes).
- commit 86ad453
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
(git-fixes).
- commit 5c6ec60
- net: usb: smsc75xx: Fix uninit-value access in
__smsc75xx_read_reg (git-fixes).
- commit aaff955
- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
(jsc#PED-5021)
- commit c05cfc9
- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 5490bdd
- tracing: Fix race issue between cpu buffer write and swap
(git-fixes).
- commit cd23ed9
- blacklist.conf: Add a not-needed ftrace cleanup
- commit 8f29597
- tracing: Fix memleak due to race between current_tracer and
trace (git-fixes).
- commit 39d6a56
- tracing: Fix cpu buffers unavailable due to 'record_disabled'
missed (git-fixes).
- commit 6f0b300
- scripts/CKC: speedup the script by caching grep patches results
- searching patches seems to be the most expensive operation
- it's done repeatedly for the same arguments (term, branch)
- store results in an associative array and look them up later
$ time ./scripts/check-kernel-commit 1240eb93f0616b21c675416516ff3d74798fdc97
...
Before
real 0m25.595s
user 2m14.772s
sys 0m10.509s
After
real 0m18.022s
user 1m31.260s
sys 0m7.380s
- commit d9efd35
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860).
- commit bb891c5
- scripts/CKC: implement option parsing and -g <pattern> or --grep <pattern>
- option parsing can be easily extended in the future
- "-g <pattern>" skips top-level branches not matching the pattern
examples:
CKC -g 'LTSS$' 544f1d62e3e6
CKC 544f1d62e3e6 -g 5-SP4
CKC -g 'stable|ALP' 544f1d62e3e6
- update help message
- add -h or --help option for consistency
- reading config file remains as it is for backwards compatibility
- commit 182c529
- s390/zcrypt: fix reply buffer calculations for CCA replies
(LTC#203322 bsc#1213950).
- commit 877301e
- s390/zcrypt: change reply buffer size offering (LTC#203322
bsc#1213950).
- commit e230ae5
- scsi: zfcp: Defer fc_rport blocking until after ADISC response
(LTC#203327 bsc#1213977 git-fixes).
- commit 1163975
- openssl-1_0_0
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- pacemaker
-
- attrd: don't start a new election when receiving a client update (bsc#1215446)
* bsc#1215446-0001-Low-attrd-don-t-start-a-new-election-when-receiving-.patch
- vim
-
- Updated to version 9.0 with patch level 2103, fixes the following security problems
* Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
* Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
* Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
* Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103
- python-chardet
-
- Fix update-alternative in %postun, bsc#1218765
- openssh
-
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
This mitigates a prefix truncation attack that could be used to
undermine channel security.
- SAPHanaSR
-
- Version bump to 0.162.2
* inside SAPHanaSR-hookHelper use the full path for the cibadmin
command to support non root users in special user environments
(bsc#1216484)
* if the SAPHanaSR.py hook has successfully reported a SR event
to the cluster a still existing fall-back state file will be
removed to prevent an override of an already reported
SR state.
(bsc#1215693)
* improve supportability by providing the current process ID of
the RA, which is logged in the RA outputs, to HANA tracefiles
too.
This allows a mapping of the SAP related command invocations
from the RA and the HANA executions which might have a delay
in between.
(bsc#1214613)
* avoid explicid and implicid usage of /tmp filesystem to keep
the SAPHanaSR resource agents working even in situations with
/tmp filesystem full.
(bsc#1210728)
* update man pages:
SAPHanaSR.7
SAPHanaSR_basic_cluster.7
SAPHanaSR_maintenance_examples.7
ocf_suse_SAPHana.7
ocf_suse_SAPHanaTopology.7
susCostOpt.py.7
SAPHanaSR-monitor.8
SAPHanaSR-showAttr.8
* add improvements from SAP to the RA scripts, part II
(jsc#PED-1739, jsc#PED-2608)
- libxml2
-
- Security update:
* [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
in tree.c
- Added file libxml2-CVE-2023-45322.patch
- curl
-
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
* Add curl-libssh_Implement_SFTP_packet_size_limit.patch
- Security fixes:
* [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
* [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
* Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
- systemd
-
- Import commit cdbaab11e02eb29810963d9248677cf5ce84dc7f
bf57bec240 man: document that PAMName= and NotifyAccess=all don't mix well.
823ec43d38 man: add brief documentation for the (sd-pam) processes created due to PAMName= (#4967)
256f8e70d2 service: accept the fact that the three xyz_good() functions return ints
2a62219d4d service: drop _pure_ decorator on static function
14e71b9180 service: a cgroup empty notification isn't reason enough to go down (bsc#1212207)
943f812b3d service: add explanatory comments to control_pid_good() and cgroup_good()
87a54d3060 service: fix main_pid_good() comment
- Import commit 17837e912c887402ff309215056d441b2881f9b6
27e9161566 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
557ac78b1c utmp-wtmp: fix error in case isatty() fails
3e0bde3ade sd-netlink: handle EINTR from poll() gracefully, as success
61d939f79a stdio-bridge: don't be bothered with EINTR
367ee82375 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
acca59ec26 libsystemd: ignore both EINTR and EAGAIN
0ae5743060 errno-util: introduce ERRNO_IS_TRANSIENT()
- Import commit f4af8cbfb8ddc2baddfd992ebff0fb4858e4f651
02dde27b0e man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab (bsc#1211725)
9f0a3ab847 units/initrd-parse-etc.service: Conflict with emergency.target
98035f2aa8 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
0a8225faea core/mount: Don't unmount initramfs mounts
9eaf1537b4 man: describe that changing Storage= does not move existing data
- w3m
-
- CVE-2023-4255 out-of-bounds write in function checkType() in etc.c
(bsc#1218226)
- add 0001-Fix-OOB-access-due-to-multiple-backspaces.patch
- libxkbcommon
-
- Add security patches (boo#1105832):
* Fail-expression-lookup-on-invalid-atoms.patch (CVE-2018-15859)
* compose-fix-infinite-loop-in-parser-on-some-inputs.patch (CVE-2018-15856)
* keycodes-don-t-try-to-copy-zero-key-aliases.patch (CVE-2018-15858)
* parser-Don-t-set-more-maps-when-we-don-t-have-any.patch (CVE-2018-15864)
* xkbcomp-Don-t-crash-on-no-op-modmask-expressions.patch (CVE-2018-15863)
* xkbcomp-Don-t-explode-on-invalid-virtual-modifiers.patch (CVE-2018-15862)
* xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch (CVE-2018-15861)
* xkbcomp-fix-crash-when-parsing-an-xkb_geometry-secti.patch (CVE-2018-15855)
* xkbcomp-fix-crashes-in-the-parser-when-geometry-toke.patch (CVE-2018-15854)
* xkbcomp-fix-pointer-value-for-FreeStmt.patch (CVE-2018-15857)
* xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch (CVE-2018-15853)
- python-urllib3
-
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
gh#urllib3/urllib3@4e98d57809da
- suse-module-tools
-
- Update to version 12.13: added blacklist entries in modprobe.conf
* blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
* blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
* blacklist isst_if_mbox_msr (bsc#1187196)
- procps
-
- Add patch bsc1216825.patch
Avoid SIGSEGV in case of sending SIGTERM to a top command
running in batch mode (bsc#1216825)
- autofs
-
- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
Don't use initgroups at spawn (bsc#1214710)
- sqlite3
-
- Sync version 3.44.0 from Factory
* Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
* sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
* Obsoletes sqlite-CVE-2022-46908.patch
* Obsoletes sqlite-src-3390000-func7-pg-181.patch
- nfs-utils
-
- Add 0207-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
Inconsistencies in /etc/exports shouldn't be fatal.
(bsc#1212594)
- zlib
-
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
overflow in zipOpenNewFileInZip4_6, bsc#1216378
* CVE-2023-45853.patch
- tar
-
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
PAX archives can lead to a crash, bsc#1217969
* fix-CVE-2023-39804.patch
- nghttp2
-
- security update
- added patches
fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
+ nghttp2-CVE-2023-44487.patch
- patterns-sles
-
- Require kmod-compat rather than kmod. It's kmod-compat that has the tools
used by the kernel and scripts (bsc#1215533).
- libssh2_org
-
- Security fix: [bsc#1218127, CVE-2023-48795]
* Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
* Add libssh2_org-CVE-2023-48795.patch
- wget
-
- Fixed the failure to detect SSL handshake timeout
[bsc#1217717, wget-add-support-for-timeout-with-ssl.patch,
wget-gnutls-honor-connect-timeout.patch]
- gcc48
-
- Add gcc48-bsc1218020.patch to fix miscompile of wcstod on aarch64.
[bsc#1218020]
- pam
-
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
[bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- pam_unix: Add no_pass_expiry option to ignore password expiration
[bsc#1215594 pam-unix-add-no_pass_expiry-option.patch]
- mozilla-nss
-
- update to NSS 3.90.1
* bmo#1813401 - regenerate NameConstraints test certificates.
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.
- Add nss-fix-bmo1813401.patch to fix bsc#1214980