SLFO-pool/kernel-livepatch-MICRO-6-0_Update_2
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1.0
kernel-livepatch-MICRO-6-0_…/kernel-livepatch-MICRO-6-0_Update_2.changes

2334 lines
98 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Thu Oct 30 10:13:10 CET 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 85ad92d
-------------------------------------------------------------------
Wed Oct 29 11:41:53 CET 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38664 ("ice: Fix a null pointer dereference in ice_copy_and_init_pkg()")
Live patch for CVE-2025-38664. Upstream commit:
- 4ff12d82dac1 ("ice: Fix a null pointer dereference in ice_copy_and_init_pkg()")
KLP: CVE-2025-38664
References: bsc#1248631 CVE-2025-38664
- commit 28bbecc
-------------------------------------------------------------------
Mon Oct 27 17:35:07 CET 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38617 ("net/packet: fix a race in packet_set_ring() and packet_notifier()")
Live patch for CVE-2025-38617. Upstream commit:
- 01d3c8417b9c ("net/packet: fix a race in packet_set_ring() and packet_notifier()")
KLP: CVE-2025-38617
References: bsc#1249208 CVE-2025-38617
- commit f7bea4a
-------------------------------------------------------------------
Tue Oct 21 08:58:42 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38618 ("vsock: Do not allow binding to VMADDR_PORT_ANY")
Live patch for CVE-2025-38618. Upstream commit:
- aba0c94f61ec ("vsock: Do not allow binding to VMADDR_PORT_ANY")
KLP: CVE-2025-38618
References: bsc#1249207 CVE-2025-38618
- commit 8e242ac
-------------------------------------------------------------------
Fri Oct 17 09:31:13 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 0ec2011
-------------------------------------------------------------------
Thu Oct 16 08:10:47 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2024-53164 ("net: sched: fix ordering of qlen adjustment")
Live patch for CVE-2024-53164. Upstream commit:
- 5eb7de8cd58e ("net: sched: fix ordering of qlen adjustment")
KLP: CVE-2024-53164
References: bsc#1246019 CVE-2024-53164
- commit be4fe45
-------------------------------------------------------------------
Wed Oct 15 18:14:07 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38678 ("netfilter: nf_tables: reject duplicate device on updates")
Live patch for CVE-2025-38678. Upstream commit:
- cf5fb87fcdaa ("netfilter: nf_tables: reject duplicate device on updates")
KLP: CVE-2025-38678
References: bsc#1249534 CVE-2025-38678
- commit 9fedca7
-------------------------------------------------------------------
Fri Oct 10 03:58:09 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2025-38499 ("clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns")
Live patch for CVE-2025-38499. Upstream commit:
- c28f922c9dce ("clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns")
KLP: CVE-2025-38499
References: bsc#1248673 CVE-2025-38499
- commit cba321a
-------------------------------------------------------------------
Tue Oct 7 17:50:17 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38396 ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
Live patch for CVE-2025-38396. Upstream commit:
- cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
KLP: CVE-2025-38396
References: bsc#1247158 CVE-2025-38396
- commit beb608a
-------------------------------------------------------------------
Mon Oct 6 15:00:24 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38566 ("sunrpc: fix handling of server side tls alerts")
Live patch for CVE-2025-38566. Upstream commit:
- bee47cb026e7 ("sunrpc: fix handling of server side tls alerts")
KLP: CVE-2025-38566
References: bsc#1248376 CVE-2025-38566
- commit f1e26eb
-------------------------------------------------------------------
Mon Oct 6 11:43:37 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2024-49974 ("NFSD: limit the number of concurrent async COPY operations")
Live patch for CVE-2024-49974. Upstream commit:
- 8d915bbf3926 ("NFSD: Force all NFSv4.2 COPY requests to be synchronous")
KLP: CVE-2024-49974
References: bsc#1232384 CVE-2024-49974
- commit 8cf9389
-------------------------------------------------------------------
Fri Oct 3 12:03:00 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-21971 ("net_sched: Prevent creation of classes with TC_H_ROOT")
Live patch for CVE-2025-21971. Upstream commit:
- 0c3057a5a04d ("net_sched: Prevent creation of classes with TC_H_ROOT")
KLP: CVE-2025-21971
References: bsc#1245794 CVE-2025-21971
- commit 46a1702
-------------------------------------------------------------------
Fri Oct 3 11:19:04 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38110 ("net/mdiobus: Fix potential out-of-bounds clause 45 read/write access")
Live patch for CVE-2025-38110. Upstream commit:
- 260388f79e94 ("net/mdiobus: Fix potential out-of-bounds clause 45 read/write access")
KLP: CVE-2025-38110
References: bsc#1249458 CVE-2025-38110
- commit 7e8149c
-------------------------------------------------------------------
Thu Oct 2 15:16:52 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38644 ("wifi: mac80211: reject TDLS operations when station is not associated")
Live patch for CVE-2025-38644. Upstream commit:
- 16ecdab5446f ("wifi: mac80211: reject TDLS operations when station is not associated")
KLP: CVE-2025-38644
References: bsc#1248749 CVE-2025-38644
- commit a10df65
-------------------------------------------------------------------
Thu Oct 2 13:38:40 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 9f7d6eb
-------------------------------------------------------------------
Wed Oct 1 16:29:12 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38206 ("exfat: fix double free in delayed_free")
Live patch for CVE-2025-38206. Upstream commit:
- 1f3d9724e16d ("exfat: fix double free in delayed_free")
KLP: CVE-2025-38206
References: bsc#1246075 CVE-2025-38206
- commit 9eb1606
-------------------------------------------------------------------
Wed Oct 1 15:00:56 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38471 ("kernel: tls: always refresh the queue when reading sock")
Live patch for CVE-2025-38471. Upstream commit:
- 4ab26bce3969 ("tls: always refresh the queue when reading sock")
KLP: CVE-2025-38471
References: bsc#1247452 CVE-2025-38471
- commit 1f77ac2
-------------------------------------------------------------------
Wed Oct 1 11:43:30 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38477 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
Live patch for CVE-2025-38477. Upstream commits:
- 5e28d5a3f774 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
- cf074eca0065 ("net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class")
KLP: CVE-2025-38477
References: bsc#1247315 CVE-2025-38477
- commit 6796f28
-------------------------------------------------------------------
Tue Sep 30 16:52:07 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-53168 ("sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket")
Live patch for CVE-2024-53168. Upstream commits:
- d477eb900484 ("net: make sock_inuse_add() available")
- 3f23f96528e8 ("sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket")
KLP: CVE-2024-53168
References: bsc#1243650 CVE-2024-53168
- commit 039077a
-------------------------------------------------------------------
Tue Sep 30 12:26:04 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2024-50154 ("tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().")
Live patch for CVE-2024-50154. Upstream commits:
- e8c526f2bdf1 ("tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().")
- c31e72d021db ("tcp: Fix use-after-free of nreq in reqsk_timer_handler().")
KLP: CVE-2024-50154
References: bsc#1233072 CVE-2024-50154
- commit 2ee4c52
-------------------------------------------------------------------
Wed Sep 24 17:17:58 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2025-21791 ("vrf: use RCU protection in l3mdev_l3_out()")
Live patch for CVE-2025-21791. Upstream commit:
- 6d0ce46a9313 ("vrf: use RCU protection in l3mdev_l3_out()")
KLP: CVE-2025-21791
References: bsc#1240744 CVE-2025-21791
- commit 5270be9
-------------------------------------------------------------------
Fri Sep 19 17:04:03 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38089 ("sunrpc: handle SVC_GARBAGE during svc auth processing as auth error")
Live patch for CVE-2025-38089. Upstream commit:
- 94d10a4dba0b ("sunrpc: handle SVC_GARBAGE during svc auth processing as auth error")
KLP: CVE-2025-38089
References: bsc#1245509 CVE-2025-38089
- commit 2398e30
-------------------------------------------------------------------
Fri Sep 19 12:39:50 CEST 2025 - vincenzo.mezzela@suse.com
- klp_trace.h: add KLPR_TRACE_EVENT_CONDITION macro
- commit 17e9fce
-------------------------------------------------------------------
Thu Sep 18 09:39:17 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 5a4d4cc
-------------------------------------------------------------------
Wed Sep 17 12:46:42 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2025-21692 ("net: sched: fix ets qdisc OOB Indexing")
Live patch for CVE-2025-21692. Upstream commit:
- d62b04fca434 ("net: sched: fix ets qdisc OOB Indexing")
KLP: CVE-2025-21692
References: bsc#1237048 CVE-2025-21692
- commit 7b23137
-------------------------------------------------------------------
Mon Sep 15 14:16:36 CEST 2025 - mpdesouza@suse.com
- Fix for CVE-2024-49860 ("ACPI: sysfs: validate return type of _STR method")
Live patch for CVE-2024-49860. Upstream commit:
- 4bb1e7d02741 ("ACPI: sysfs: validate return type of _STR method")
KLP: CVE-2024-49860
References: bsc#1231862 CVE-2024-49860
- commit f67a3d8
-------------------------------------------------------------------
Fri Sep 12 20:25:10 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38177 ("kernel: sch_hfsc: make hfsc_qlen_notify() idempotent")
Live patch for CVE-2025-38177. Upstream commit:
- 51eb3b65544c ("sch_hfsc: make hfsc_qlen_notify() idempotent")
KLP: CVE-2025-38177
References: bsc#1246356 CVE-2025-38177
- commit 2448b46
-------------------------------------------------------------------
Wed Sep 10 16:53:55 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-38109 ("net/mlx5: fix ECVF vports unload on shutdown flow")
Live patch for CVE-2025-38109. Upstream commit:
- 687560d8a9a2 ("net/mlx5: Fix ECVF vports unload on shutdown flow")
KLP: CVE-2025-38109
References: bsc#1245685 CVE-2025-38109
- commit a5d2ea4
-------------------------------------------------------------------
Tue Sep 9 14:57:58 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38181 ("calipso: fix null-ptr-deref in calipso_req_{set,del}attr()")
Live patch for CVE-2025-38181. Upstream commit:
- 10876da918fa ("calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().")
KLP: CVE-2025-38181
References: bsc#1246001 CVE-2025-38181
- commit e1def10
-------------------------------------------------------------------
Tue Sep 9 11:49:56 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-21756 ("vsock: Keep the binding until socket destruction")
Live patch for CVE-2025-21756. Upstream commits:
- fcdd2242c023 ("vsock: Keep the binding until socket destruction")
- 78dafe1cf3af ("vsock: Orphan socket after transport release")
KLP: CVE-2025-21756
References: bsc#1245795 CVE-2025-21756
- commit ea7d1b0
-------------------------------------------------------------------
Tue Sep 9 04:38:51 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2025-38498 ("do_change_type(): refuse to operate on unmounted/not ours mounts")
Live patch for CVE-2025-38498. Upstream commit:
- 12f147ddd6de ("do_change_type(): refuse to operate on unmounted/not ours mounts")
KLP: CVE-2025-38498
References: bsc#1247499 CVE-2025-38498
- commit 8eebc30
-------------------------------------------------------------------
Fri Sep 5 10:00:56 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 4aa9aff
-------------------------------------------------------------------
Fri Sep 5 09:29:38 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2025-38555 ("usb: gadget : fix use-after-free in composite_dev_cleanup()")
Live patch for CVE-2025-38555. Upstream commit:
- 151c0aa896c4 ("usb: gadget : fix use-after-free in
composite_dev_cleanup()")
KLP: CVE-2025-38555
References: bsc#1248298 CVE-2025-38555
- commit 466e488
-------------------------------------------------------------------
Wed Sep 3 16:50:49 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38087 ("net/sched: fix use-after-free in taprio_dev_notifier")
Live patch for CVE-2025-38087. Upstream commit:
- b160766e26d4 ("net/sched: fix use-after-free in taprio_dev_notifier")
KLP: CVE-2025-38087
References: bsc#1245505 CVE-2025-38087
- commit 95ff041
-------------------------------------------------------------------
Tue Sep 2 20:14:02 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-21999 ("proc: fix UAF in proc_get_inode()")
Live patch for CVE-2025-21999. Upstream commit:
- 654b33ada4ab ("proc: fix UAF in proc_get_inode()")
KLP: CVE-2025-21999
References: bsc#1242579 CVE-2025-21999
- commit 5c12bf0
-------------------------------------------------------------------
Mon Sep 1 09:41:08 CEST 2025 - nstange@suse.de
- scripts/tar-up.sh: unconditionally enable s390x on SLE default
Nowadays, s390x builds should be enabed for all SLE default kernels
-- the versions from before the point where s390x coverage got
added to the product have gone out of support a long time ago.
Remove the conditional s390x enablement logic from tar-up.sh.
- commit 9bcbefb
-------------------------------------------------------------------
Fri Aug 29 11:47:22 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38001 ("net_sched: hfsc: Address reentrant enqueue adding class to eltree twice")
Live patch for CVE-2025-38001. Upstream commit:
- ac9fe7dd8e73 ("net_sched: hfsc: Address reentrant enqueue adding class to eltree twice")
KLP: CVE-2025-38001
References: bsc#1244235 CVE-2025-38001
- commit fef2ca9
-------------------------------------------------------------------
Thu Aug 28 21:57:55 CEST 2025 - mpdesouza@suse.com
- Fix for CVE-2024-49867 ("btrfs: wait for fixup workers before stopping cleaner kthread during umount")
Live patch for CVE-2024-49867. Upstream commits:
- a362bb864b8d ("btrfs: fix hang during unmount when stopping a space reclaim worker")
- 41fd1e94066a ("btrfs: wait for fixup workers before stopping cleaner kthread during umount")
KLP: CVE-2024-49867
References: bsc#1232271 CVE-2024-49867
- commit 14352e7
-------------------------------------------------------------------
Tue Aug 26 16:37:49 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-21659 ("netdev: prevent accessing NAPI instances from another namespace")
Live patch for CVE-2025-21659. Upstream commit:
- d1cacd747768 ("netdev: prevent accessing NAPI instances from another namespace")
KLP: CVE-2025-21659
References: bsc#1236207 CVE-2025-21659
- commit 7dd06b6
-------------------------------------------------------------------
Mon Aug 25 17:30:08 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38000 ("sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()")
Live patch for CVE-2025-38000. Upstream commit:
- 3f981138109f ("sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()")
KLP: CVE-2025-38000
References: bsc#1245775 CVE-2025-38000
- commit 7d64cbe
-------------------------------------------------------------------
Thu Aug 21 15:48:37 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-37890 ("net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc")
Live patch for CVE-2025-37890. Upstream commit:
- 141d34391abb ("net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc")
KLP: CVE-2025-37890
References: bsc#1245791 CVE-2025-37890
- commit ddba0b8
-------------------------------------------------------------------
Wed Aug 20 18:35:27 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-47674 ("mm: avoid leaving partial pfn mappings around in error case")
Live patch for CVE-2024-47674. Upstream commit:
- 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case")
KLP: CVE-2024-47674
References: bsc#1231676 CVE-2024-47674
- commit 4259378
-------------------------------------------------------------------
Wed Aug 20 16:59:21 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-21701 ("net: avoid race between device unregistration and ethnl ops")
Live patch for CVE-2025-21701. Upstream commit:
- 12e070eb6964 ("net: avoid race between device unregistration and ethnl ops")
KLP: CVE-2025-21701
References: bsc#1245805 CVE-2025-21701
- commit f1c3868
-------------------------------------------------------------------
Mon Aug 18 22:18:51 CEST 2025 - mpdesouza@suse.com
- Fix for CVE-2024-47706 ("block, bfq: fix possible UAF for bfqq->bic with merge chain")
Live patch for CVE-2024-47706. Upstream commit:
- 18ad4df091dd ("block, bfq: fix possible UAF for bfqq->bic with merge chain")
KLP: CVE-2024-47706
References: bsc#1231943 CVE-2024-47706
- commit 38baf0c
-------------------------------------------------------------------
Mon Aug 18 14:38:37 CEST 2025 - pmladek@suse.com
- kernel-livepatch.spec: Replace kernel-syms with kernel-<flavor>-specific dependencies (bsc#1248108)
The commit ead79afe7cbfae ("kernel-livepatch.spec: Update build
dependencies for non-default flavors") broke build of livepatches
which were built with kernel-syms-rt.
The problem is that livepatch packages for already released kernels
are built in exactly the same build environment as the initial livepatch.
The BS (Build Service) installs the build environment using the given
_buildinfo-*.xml and ignores BuildRequires. But the BuildRequires are
later checked by rpmbuild tool. It would complain when new dependencies
were added.
Unfortunately, kernel-syms-rt does not exist on SLE16. This was the main
motivation for the above mentioned commit.
But the package kernel-syms is empty. Its only purpose is to add other
dependencies. Replace it by opencoding the dependencies.
Note that the kernel devel files are historically split into various
packages, kernel-<flavor>-devel, kernel-devel-<flavor>, and
even kernel-devel. But it is enough to require kernel-<flavor>-devel
because it requires the other devel files on its own. This seems
to be true back to SLE15-SP4 at minimum.
- commit 7696578
-------------------------------------------------------------------
Fri Aug 15 06:40:41 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 4a38f63
-------------------------------------------------------------------
Thu Aug 14 10:52:36 CEST 2025 - nstange@suse.de
- Revert "Remove the support for different flavors, take 2"
This reverts commit b9cd4812c513d94d75916b50ea06ffef6ce8cf5b.
- commit 8c83f4c
-------------------------------------------------------------------
Thu Aug 14 10:15:15 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38212 ("ipc: fix to protect IPCS lookups using RCU")
Live patch for CVE-2025-38212. Upstream commit:
- d66adabe9180 ("ipc: fix to protect IPCS lookups using RCU")
KLP: CVE-2025-38212
References: bsc#1246030 CVE-2025-38212
- commit 939565c
-------------------------------------------------------------------
Tue Aug 12 12:05:22 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38494 ("HID: core: do not bypass hid_hw_raw_request")
Live patch for CVE-2025-38494. Upstream commit:
- c2ca42f190b6 ("HID: core: do not bypass hid_hw_raw_request")
KLP: CVE-2025-38494
References: bsc#1247350 CVE-2025-38494
- commit 23745e4
-------------------------------------------------------------------
Fri Aug 8 12:38:20 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38495 ("HID: core: ensure the allocated report buffer can contain the reserved report ID")
Live patch for CVE-2025-38495. Upstream commit:
- 4f15ee98304b ("HID: core: ensure the allocated report buffer can contain the reserved report ID")
KLP: CVE-2025-38495
References: bsc#1247351 CVE-2025-38495
- commit 34fe5aa
-------------------------------------------------------------------
Mon Aug 4 18:22:03 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2025-38079 ("crypto: algif_hash - fix double free in hash_accept")
Live patch for CVE-2025-38079. Upstream commit:
- b2df03ed4052 ("crypto: algif_hash - fix double free in hash_accept")
KLP: CVE-2025-38079
References: bsc#1245218 CVE-2025-38079
- commit b0df6f5
-------------------------------------------------------------------
Fri Aug 1 08:32:46 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 80f0135
-------------------------------------------------------------------
Thu Jul 31 15:30:08 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-38083 ("net_sched: prio: fix a race in prio_tune()")
Live patch for CVE-2025-38083. Upstream commit:
- d35acc1be348 ("net_sched: prio: fix a race in prio_tune()")
KLP: CVE-2025-38083
References: bsc#1245350 CVE-2025-38083
- commit 22ac46f
-------------------------------------------------------------------
Mon Jul 28 17:33:44 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-56664 ("bpf, sockmap: fix race between element replace and close()")
Live patch for CVE-2024-56664. Upstream commit:
- ed1fc5d76b81 ("bpf, sockmap: Fix race between element replace and close()")
KLP: CVE-2024-56664
References: bsc#1235250 CVE-2024-56664
- commit 91ad675
-------------------------------------------------------------------
Fri Jul 25 15:45:00 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2025-37797 ("net_sched: hfsc: Fix a UAF vulnerability in class handling")
Live patch for CVE-2025-37797. Upstream commit:
- 3df275ef0a6a ("net_sched: hfsc: Fix a UAF vulnerability in class handling")
KLP: CVE-2025-37797
References: bsc#1245793 CVE-2025-37797
- commit da31cee
-------------------------------------------------------------------
Wed Jul 23 15:53:40 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-37752 ("net_sched: sch_sfq: move the limit validation")
Live patch for CVE-2025-37752. Upstream commit:
- b3bf8f63e617 ("net_sched: sch_sfq: move the limit validation")
KLP: CVE-2025-37752
References: bsc#1245776 CVE-2025-37752
- commit 462dc50
-------------------------------------------------------------------
Mon Jul 21 17:40:08 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-53125 ("bpf: sync_linked_regs() must preserve subreg_def")
Live patch for CVE-2024-53125. Upstream commit:
- e9bd9c498cb0 ("bpf: sync_linked_regs() must preserve subreg_def")
KLP: CVE-2024-53125
References: bsc#1245804 CVE-2024-53125
- commit 6b1241e
-------------------------------------------------------------------
Mon Jul 21 16:10:14 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-21702 ("pfifo_tail_enqueue: Drop new packet when sch->limit == 0")
Live patch for CVE-2025-21702. Upstream commit:
- 647cef20e649 ("pfifo_tail_enqueue: Drop new packet when sch->limit == 0")
KLP: CVE-2025-21702
References: bsc#1245797 CVE-2025-21702
- commit f983220
-------------------------------------------------------------------
Fri Jul 18 07:25:31 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 6b20ea1
-------------------------------------------------------------------
Thu Jul 17 08:37:02 CEST 2025 - nstange@suse.de
- Update signing key spec in _buildenvs
- commit abead9b
-------------------------------------------------------------------
Wed Jul 16 14:46:15 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-53146 ("NFSD: prevent a potential integer overflow")
Live patch for CVE-2024-53146. Upstream commit:
- 7f33b92e5b18 ("NFSD: Prevent a potential integer overflow")
KLP: CVE-2024-53146
References: bsc#1234854 CVE-2024-53146
- commit f75cbbc
-------------------------------------------------------------------
Tue Jul 15 09:44:00 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-53214 ("vfio/pci: Properly hide first-in-list PCIe extended capability")
Live patch for CVE-2024-53214. Upstream commit:
- fe4bf8d0b671 ("vfio/pci: Properly hide first-in-list PCIe extended capability")
KLP: CVE-2024-53214
References: bsc#1235005 CVE-2024-53214
- commit 66109e6
-------------------------------------------------------------------
Wed Jul 9 15:04:24 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2024-53173 ("NFSv4.0: Fix a use-after-free problem in the asynchronous open()")
Live patch for CVE-2024-53173. Upstream commit:
- 2fdb05dc0931 ("NFSv4.0: Fix a use-after-free problem in the asynchronous open()")
KLP: CVE-2024-53173
References: bsc#1234892 CVE-2024-53173
- commit 05efc4b
-------------------------------------------------------------------
Tue Jul 8 18:44:27 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2024-57893 ("ALSA: seq: oss: fix races at processing SysEx messages")
Live patch for CVE-2024-57893. Upstream commit:
- 0179488ca992 ("ALSA: seq: oss: Fix races at processing SysEx messages")
KLP: CVE-2024-57893
References: bsc#1235921 CVE-2024-57893
- commit 2101793
-------------------------------------------------------------------
Fri Jul 4 12:09:26 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2024-50250 ("fsdax: dax_unshare_iter needs to copy entire blocks")
Live patch for CVE-2024-50250. Upstream commits:
- 95472274b6fe ("fsdax: remove zeroing code from dax_unshare_iter")
- 50793801fc7f ("fsdax: dax_unshare_iter needs to copy entire blocks")
KLP: CVE-2024-50250
References: bsc#1233227 CVE-2024-50250
- commit b8b6332
-------------------------------------------------------------------
Tue Jul 1 13:36:15 CEST 2025 - mbenes@suse.cz
- kernel-livepatch.spec: Update build dependencies for non-default flavors
Starting with commit 7c95ae0ac0bb ("mkspec: Exclude rt flavor from
kernel-syms dependencies (bsc#1244337).") kernel-syms does not pull
kernel-%variant-devel package for non-default %variant. It needs to be
required alongside.
Hence, add new BuildRequires for these cases (-rt flavor only at the
time).
- commit ead79af
-------------------------------------------------------------------
Mon Jun 30 09:42:26 CEST 2025 - lidong.zhong@suse.com
- Fix for CVE-2025-22115 ("btrfs: fix block group refcount race in btrfs_create_pending_block_groups()")
Live patch for CVE-2025-22115. Upstream commit:
- 2d8e5168d48a ("btrfs: fix block group refcount race in btrfs_create_pending_block_groups()")
KLP: CVE-2025-22115
References: bsc#1241579 CVE-2025-22115
- commit 6f9a60b
-------------------------------------------------------------------
Fri Jun 27 16:46:40 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2025-21772 ("partitions: mac: fix handling of bogus partition table")
Live patch for CVE-2025-21772. Upstream commit:
- 80e648042e51 ("partitions: mac: fix handling of bogus partition table")
KLP: CVE-2025-21772
References: bsc#1238912 CVE-2025-21772
- commit ff41df4
-------------------------------------------------------------------
Fri Jun 27 13:57:01 CEST 2025 - mbenes@suse.cz
- Remove the support for different flavors, take 2
There is a support for different kernel flavors from the beginning in
our spec file. Originally, there were -default and -xen flavors.
However, it is questionable. A live patch is built against a very
specific kernel binary. Different flavors of the same kernel source can
be easily different also in this respect.
Remove it then. The build process is driven by "variant" macro deriving
from a branch name. We can stick with that. %klp_module_package defines
%flavor based on that. It also keeps %flavors_to_build definition for
older releases without this change.
- commit b9cd481
-------------------------------------------------------------------
Thu Jun 26 16:50:56 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-53166 ("block, bfq: fix bfqq uaf in bfq_limit_depth()")
Live patch for CVE-2024-53166. Upstream commit:
- e8b8344de398 ("block, bfq: fix bfqq uaf in bfq_limit_depth()")
KLP: CVE-2024-53166
References: bsc#1234885 CVE-2024-53166
- commit 81da975
-------------------------------------------------------------------
Thu Jun 26 13:24:09 CEST 2025 - mbenes@suse.cz
- Revert "Remove the support for different flavors"
The removal of flavors in spec file needs to go hand in hand with rpm
macros update unfortunately. It is a work in progress so revert the spec
file changes for now so that current builds do not fail.
This reverts commit 6254bb4ada3a5af59ea00493698f92edc0b4c9a2.
- commit 0ae16b9
-------------------------------------------------------------------
Thu Jun 26 12:26:41 CEST 2025 - mbenes@suse.cz
- scripts/tar-up.sh: Handle SLFO-Main_Update_0 package
SLFO-Main_Update_0 (and possibly its -RT variant) will be used by QA for
testing live patching in SLFO:Main project before a product like SLE16
is branched off.
Handle it in our scripts so that everything works properly.
- commit b8cab65
-------------------------------------------------------------------
Wed Jun 25 20:10:19 CEST 2025 - fernando.gonzalez@suse.com
- Fix for CVE-2024-57793 ("virt: tdx-guest: just leak decrypted memory on unrecoverable errors")
Live patch for CVE-2024-57793. Upstream commit:
- 27834971f616 ("virt: tdx-guest: Just leak decrypted memory on unrecoverable errors")
KLP: CVE-2024-57793
References: bsc#1235769 CVE-2024-57793
- commit 9188186
-------------------------------------------------------------------
Fri Jun 20 14:10:12 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-50208 ("RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages")
Live patch for CVE-2024-50208. Upstream commit:
- 7988bdbbb85a ("RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages")
KLP: CVE-2024-50208
References: bsc#1233118 CVE-2024-50208
- commit 64e407d
-------------------------------------------------------------------
Fri Jun 20 09:26:49 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit c1ce411
-------------------------------------------------------------------
Thu Jun 19 15:46:53 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-56558 ("nfsd: make sure exp active before svc_export_show")
Live patch for CVE-2024-56558. Upstream commit:
- be8f982c369c ("nfsd: make sure exp active before svc_export_show")
KLP: CVE-2024-56558
References: bsc#1243648 CVE-2024-56558
- commit 6c10955
-------------------------------------------------------------------
Wed Jun 18 13:01:24 CEST 2025 - mbenes@suse.cz
- Remove the support for different flavors
There is a support for different kernel flavors from the beginning in
our spec file. Originally, there were -default and -xen flavors.
However, it is questionable. A live patch is built against a very
specific kernel binary. Different flavors of the same kernel source can
be easily different also in this respect.
Remove it then. The build process is driven by "variant" macro deriving
from a branch name. We can stick with that.
- commit 6254bb4
-------------------------------------------------------------------
Tue Jun 17 17:34:26 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2024-56601 ("net: inet: do not leave a dangling sk pointer in inet_create()")
Live patch for CVE-2024-56601. Upstream commit:
- 9365fa510c6f ("net: inet: do not leave a dangling sk pointer in inet_create()")
KLP: CVE-2024-56601
References: bsc#1235231 CVE-2024-56601
- commit 8ed95b5
-------------------------------------------------------------------
Fri Jun 13 17:15:17 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-50279 ("dm cache: fix out-of-bounds access to the dirty bitset when resizing")
Live patch for CVE-2024-50279. Upstream commit:
- 792227719725 ("dm cache: fix out-of-bounds access to the dirty bitset when resizing")
KLP: CVE-2024-50279
References: bsc#1233708 CVE-2024-50279
- commit e44031b
-------------------------------------------------------------------
Thu Jun 12 15:47:10 CEST 2025 - ali.abdallah@suse.de
- Fix for CVE-2024-50301 ("security/keys: fix slab-out-of-bounds in key_task_permission")
Live patch for CVE-2024-50301. Upstream commit:
- 4a74da044ec9 ("security/keys: fix slab-out-of-bounds in key_task_permission")
KLP: CVE-2024-50301
References: bsc#1233680 CVE-2024-50301
- commit 9512dc2
-------------------------------------------------------------------
Wed Jun 11 16:22:53 CEST 2025 - ali.abdallah@suse.com
- Fix for CVE-2024-53074 ("wifi: iwlwifi: mvm: don't leak a link on AP removal")
Live patch for CVE-2024-53074. Upstream commit:
- 3ed092997a00 ("wifi: iwlwifi: mvm: don't leak a link on AP removal")
KLP: CVE-2024-53074
References: bsc#1235086 CVE-2024-53074
- commit 3866fad
-------------------------------------------------------------------
Tue Jun 10 17:38:12 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2024-56582 ("btrfs: fix use-after-free in btrfs_encoded_read_endio()")
Live patch for CVE-2024-56582. Upstream commit:
- 05b36b04d74a ("btrfs: fix use-after-free in btrfs_encoded_read_endio()")
KLP: CVE-2024-56582
References: bsc#1235129 CVE-2024-56582
- commit 1246b11
-------------------------------------------------------------------
Tue Jun 10 17:10:43 CEST 2025 - ali.abdallah@suse.com
- Fix for CVE-2024-53208 ("Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync")
Live patch for CVE-2024-53208. Upstream commit:
- 0b882940665c ("Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync")
KLP: CVE-2024-53208
References: bsc#1236244 CVE-2024-53208
- commit 5ba33f5
-------------------------------------------------------------------
Tue Jun 10 16:46:12 CEST 2025 - lucas.mulling@suse.com
- Fix for CVE-2024-50257 ("netfilter: fix use-after-free in get_info()")
Live patch for CVE-2024-50257. Upstream commit:
- f48d258f0ac5 ("netfilter: Fix use-after-free in get_info()")
KLP: CVE-2024-50257
References: bsc#1233245 CVE-2024-50257
- commit 51da021
-------------------------------------------------------------------
Tue Jun 10 13:31:02 CEST 2025 - marco.crivellari@suse.com
- Fix for CVE-2024-50127 ("net: sched: fix use-after-free in taprio_change()")
Live patch for CVE-2024-50127. Upstream commit:
- f504465970ae ("net: sched: fix use-after-free in taprio_change()")
KLP: CVE-2024-50127
References: bsc#1232908 CVE-2024-50127
- commit 1416c3b
-------------------------------------------------------------------
Mon Jun 9 16:32:38 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-56605 ("Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()")
Live patch for CVE-2024-56605. Upstream commit:
- 7c4f78cdb8e7 ("Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()")
KLP: CVE-2024-56605
References: bsc#1235062 CVE-2024-56605
- commit aae04ea
-------------------------------------------------------------------
Fri Jun 6 20:48:05 CEST 2025 - mpdesouza@suse.com
- Fix for CVE-2024-50125 ("Bluetooth: SCO: Fix UAF on sco_sock_timeout") and CVE-2024-50124 ("Bluetooth: ISO: Fix UAF on iso_sock_timeout")
Live patch for CVE-2024-50125 and CVE-2024-50124. Upstream commits:
- f4712fa993f6 ("Bluetooth: call sock_hold earlier in sco_conn_del")
- 1bf4470a3939 ("Bluetooth: SCO: Fix UAF on sco_sock_timeout")
- 246b435ad668 ("Bluetooth: ISO: Fix UAF on iso_sock_timeout")
KLP: CVE-2024-50125 CVE-2024-50124
References: bsc#1232929 CVE-2024-50125 bsc#1232927 CVE-2024-50124
- commit 771b3c8
-------------------------------------------------------------------
Fri Jun 6 09:25:52 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 3816ab3
-------------------------------------------------------------------
Tue Jun 3 17:44:30 CEST 2025 - ali.abdallah@suse.com
- Fix for CVE-2024-49855 ("nbd: fix race between timeout and normal completion")
Live patch for CVE-2024-49855. Upstream commit:
- c9ea57c91f03 ("nbd: fix race between timeout and normal completion")
KLP: CVE-2024-49855
References: bsc#1232900 CVE-2024-49855
- commit 1132d48
-------------------------------------------------------------------
Thu May 29 17:05:28 CEST 2025 - ali.abdallah@suse.com
- Fix for CVE-2025-21680 ("pktgen: avoid out-of-bounds access in get_imix_entries")
Live patch for CVE-2025-21680. Upstream commit:
- 76201b597976 ("pktgen: Avoid out-of-bounds access in get_imix_entries")
KLP: CVE-2025-21680
References: bsc#1236701 CVE-2025-21680
- commit 8a2fb27
-------------------------------------------------------------------
Thu May 29 12:02:14 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-58013 ("Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync")
Live patch for CVE-2024-58013. Upstream commit:
- 26fbd3494a7d ("Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync")
KLP: CVE-2024-58013
References: bsc#1239096 CVE-2024-58013
- commit 11adcce
-------------------------------------------------------------------
Tue May 27 10:57:16 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-57996 ("net_sched: sch_sfq: don't allow 1 packet limit")
Live patch for CVE-2024-57996. Upstream commit:
- 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit")
KLP: CVE-2024-57996
References: bsc#1239077 CVE-2024-57996
- commit 7a84123
-------------------------------------------------------------------
Tue May 27 10:09:50 CEST 2025 - nstange@suse.de
- Revert signing key spec update in _buildenv for x86_64
- commit 7e60069
-------------------------------------------------------------------
Mon May 26 09:35:30 CEST 2025 - nstange@suse.de
- Update signing key spec in _buildenvs
- commit 208bc9b
-------------------------------------------------------------------
Fri May 16 09:51:37 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 345ab8e
-------------------------------------------------------------------
Thu May 15 10:23:31 CEST 2025 - nstange@suse.de
- uname_patch: don't use klp_convert.h wrappers
With the removal of klp_convert.h, the uname_patch fails to compile.
Replace all invocations of the KLP_SYM_LINKAGE or KLP_SYM() macros
formerly defined there in by their expansions for the !USE_KLP_CONVERT
case and drop the klp_convert.h #include.
Fixes: b2fa29be2 ("Remove old klp-convert support")
- commit 601b6d1
-------------------------------------------------------------------
Tue May 13 14:58:11 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-53042 ("ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()")
Live patch for CVE-2024-53042. Upstream commit:
- ad4a3ca6a8e8 ("ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()")
KLP: CVE-2024-53042
References: bsc#1233678 CVE-2024-53042
- commit 8797f72
-------------------------------------------------------------------
Tue May 13 13:01:08 CEST 2025 - nstange@suse.de
- Update _buildenv gettext-*-mini bdep hdrmd5
- commit 50fbeba
-------------------------------------------------------------------
Fri May 9 20:26:42 CEST 2025 - mpdesouza@suse.com
- Fix for CVE-2024-53156 ("wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()")
Live patch for CVE-2024-53156. Upstream commit:
- 8619593634cb ("wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()")
KLP: CVE-2024-53156
References: bsc#1234847 CVE-2024-53156
- commit f104b01
-------------------------------------------------------------------
Mon Apr 28 15:07:30 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-50115 ("KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory")
Live patch for CVE-2024-50115. Upstream commit:
- f559b2e9c5c5 ("KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory")
KLP: CVE-2024-50115
References: bsc#1233019 CVE-2024-50115
- commit 42a02f5
-------------------------------------------------------------------
Mon Apr 28 14:31:04 CEST 2025 - mbenes@suse.cz
- Remove old klp-convert support
There was an intention to use old/original klp-convert in our live
patches. It never happened. Kallsyms was used up until SLE15-SP6 where
everything was migrated to much lighter klp-convert-mini implementation.
Remove the old klp-convert support all together now.
- commit b2fa29b
-------------------------------------------------------------------
Mon Apr 28 14:00:44 CEST 2025 - mbenes@suse.cz
- Remove kallsyms infrastructure
Kernel kallsyms infrastructure is not used to resolving externalized
symbols on newer codestreams starting with SLE15-SP6. We can remove all
the scaffolding from live patches git repo.
- commit 5b8b913
-------------------------------------------------------------------
Fri Apr 25 14:11:19 CEST 2025 - mbenes@suse.cz
- uname_patch: Use klp-convert-mini instead of kallsyms
Newer codestreams starting with SLE15-SP6 use klp-convert-mini
infrastructure in the kernel. Convert uname_patch to use it instead of
the current kallsyms.
- commit 8f07a2e
-------------------------------------------------------------------
Fri Apr 25 09:27:49 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 3c949d6
-------------------------------------------------------------------
Tue Apr 22 19:20:13 CEST 2025 - fernando.gonzalez@suse.com
- Fix for CVE-2024-53237 ("Bluetooth: fix use-after-free in device_for_each_child()")
Live patch for CVE-2024-53237. Upstream commit:
- 27aabf27fd01 ("Bluetooth: fix use-after-free in device_for_each_child()")
KLP: CVE-2024-53237
References: bsc#1235008 CVE-2024-53237
- commit 30d2df1
-------------------------------------------------------------------
Fri Apr 18 16:23:36 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-53082 ("virtio_net: Add hash_key_length check")
Live patch for CVE-2024-53082. Upstream commit:
- 3f7d9c1964fc ("virtio_net: Add hash_key_length check")
KLP: CVE-2024-53082
References: bsc#1233677 CVE-2024-53082
- commit ffef37d
-------------------------------------------------------------------
Thu Apr 17 11:33:41 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-8805 ("BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability")
Live patch for CVE-2024-8805. Upstream commit:
- b25e11f978b6 ("Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE")
KLP: CVE-2024-8805
References: bsc#1240840 CVE-2024-8805
- commit 597d9e3
-------------------------------------------------------------------
Fri Apr 11 09:13:26 CEST 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit 8f290cc
-------------------------------------------------------------------
Wed Apr 9 12:00:01 CEST 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-56650 ("netfilter: x_tables: fix LED ID check in led_tg_check()")
Live patch for CVE-2024-56650. Upstream commit:
- 04317f4eb2aa ("netfilter: x_tables: fix LED ID check in led_tg_check()")
KLP: CVE-2024-56650
References: bsc#1235431 CVE-2024-56650
- commit 0c50674
-------------------------------------------------------------------
Tue Apr 1 17:20:52 CEST 2025 - pmladek@suse.com
- Fix for CVE-2024-56600 ("net: inet6: do not leave a dangling sk pointer in inet6_create()")
Live patch for CVE-2024-56600. Upstream commit:
- 9df99c395d0f ("net: inet6: do not leave a dangling sk pointer in inet6_create()")
KLP: CVE-2024-56600
References: bsc#1235218 CVE-2024-56600
- commit 51ffef8
-------------------------------------------------------------------
Fri Mar 28 07:49:46 CET 2025 - nstange@suse.de
- Bump up the version number in spec file
- commit f7c7533
-------------------------------------------------------------------
Thu Mar 20 11:19:46 CET 2025 - fernando.gonzalez@suse.com
- Fix for CVE-2024-57882 ("mptcp: fix TCP options overflow.")
Live patch for CVE-2024-57882. Upstream commit:
- cbb26f7d8451 ("mptcp: fix TCP options overflow.")
KLP: CVE-2024-57882
References: bsc#1235916 CVE-2024-57882
- commit ba2b309
-------------------------------------------------------------------
Wed Mar 19 18:18:43 CET 2025 - nstange@suse.de
- Update _buildenv findutils bdep hdrmd5
- commit 1652e77
-------------------------------------------------------------------
Tue Mar 11 20:19:15 CET 2025 - fernando.gonzalez@suse.com
- Fix for CVE-2024-46818 ("drm/amd/display: check gpio_id before used as array index")
Live patch for CVE-2024-46818. Upstream commit:
- 2a5626eeb3b5 ("drm/amd/display: Check gpio_id before used as array index")
KLP: CVE-2024-46818
References: bsc#1231204 CVE-2024-46818
- commit 9ece440
-------------------------------------------------------------------
Tue Mar 11 09:56:16 CET 2025 - fernando.gonzalez@suse.com
- Fix for CVE-2024-46815 ("drm/amd/display: check num_valid_sets before accessing reader_wm_sets[]")
Live patch for CVE-2024-46815. Upstream commit:
- b38a4815f79b ("drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]")
KLP: CVE-2024-46815
References: bsc#1231196 CVE-2024-46815
- commit 406bd91
-------------------------------------------------------------------
Mon Mar 10 22:44:11 CET 2025 - mpdesouza@suse.com
- Fix for CVE-2024-56648 ("net: hsr: avoid potential out-of-bound access in fill_frame_info()")
Live patch for CVE-2024-56648. Upstream commit:
- b9653d19e556 ("net: hsr: avoid potential out-of-bound access in fill_frame_info()")
KLP: CVE-2024-56648
References: bsc#1235452 CVE-2024-56648
- commit 787a6d4
-------------------------------------------------------------------
Fri Mar 7 15:10:50 CET 2025 - mpdesouza@suse.com
- Fix for CVE-2024-50302 ("HID: core: zero-initialize the report buffer")
Live patch for CVE-2024-50302. Upstream commit:
- 177f25d1292c ("HID: core: zero-initialize the report buffer")
KLP: CVE-2024-50302
References: bsc#1233679 CVE-2024-50302
- commit 65f4e96
-------------------------------------------------------------------
Tue Feb 11 12:20:39 CET 2025 - vincenzo.mezzela@suse.com
- Fix for CVE-2024-53104 ("media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format")
Live patch for CVE-2024-53104. Upstream commit:
- ecf2b43018da ("media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format")
KLP: CVE-2024-53104
References: bsc#1236783 CVE-2024-53104
- commit 952fdbd
-------------------------------------------------------------------
Wed Feb 5 20:54:19 CET 2025 - fernando.gonzalez@suse.com
- Fix for CVE-2024-45016 ("netem: fix return value if duplicate enqueue fails")
Live patch for CVE-2024-45016. Upstream commits:
- c07ff8592d57 ("netem: fix return value if duplicate enqueue fails")
KLP: CVE-2024-45016
References: bsc#1230998 CVE-2024-45016
- commit bac89e0
-------------------------------------------------------------------
Mon Jan 27 22:10:47 CET 2025 - mpdesouza@suse.com
- Fix for CVE-2024-47684 ("tcp: check skb is non-NULL in tcp_rto_delta_us()")
Live patch for CVE-2024-47684. Upstream commit:
- c8770db2d544 ("tcp: check skb is non-NULL in tcp_rto_delta_us()")
KLP: CVE-2024-47684
References: bsc#1231993 CVE-2024-47684
- commit 53017d8
-------------------------------------------------------------------
Wed Jan 15 13:14:12 CET 2025 - mpdesouza@suse.com
- kernel-livepatch.spec: Execute lp-mod-check.sh using a shell
Otherwise it might fail to execute due to missing execution bit when
pushed to IBS using osc-tiny.
- commit c120c76
-------------------------------------------------------------------
Wed Jan 15 13:14:11 CET 2025 - mpdesouza@suse.com
- register-patches.sh: Bump Source index
[nstange: update comment right before the S= assignment as well]
- commit 8301adf
-------------------------------------------------------------------
Tue Jan 14 15:00:46 CET 2025 - nstange@suse.de
- Implement post-build checks on the livepatch module
Implement checks for some common pitfalls to be run on
the final compiled livepatch module:
- no dependencies to other modules are allowed
- no .klp relas against jump tables.
[nstange: invoke directly from the kernel livepatch build,
instead of through the kernel's Kbuild modpost]
- commit 3152f76
-------------------------------------------------------------------
Fri Dec 6 08:52:17 CET 2024 - nstange@suse.de
- Update PATCHINFO_ID after the initial submission
- commit 662a500
-------------------------------------------------------------------
Tue Nov 12 08:09:07 CET 2024 - nstange@suse.de
- scripts/tar-up: copy _buildenv.* files
The IBS project reorganizations for the SLE Micro product family, more
specifically the absence of kernel submission maintenance projects,
make it necessary to provide _buildenv.* files in the top-level
livepatch project sources as an alternative means for instructing IBS
what target kernel to build against.
Make tar-up.sh to copy all _buildenv.* files found under rpm/ in the
source tree to the top-level destination directory to be uploaded to
IBS.
- commit 403970f
-------------------------------------------------------------------
Tue Nov 12 07:53:41 CET 2024 - nstange@suse.de
- Add IBS _buildenv files
- commit f77f7f6
-------------------------------------------------------------------
Wed Oct 9 15:46:30 CEST 2024 - lhruska@suse.cz
- klp_trace.h: improvement for SLE15-SP6 external symbols
Because some parts of tracepoint macro (like traceiter definition) are hidden
behind the macro, so klp-build cannot even detect those symbols.
To avoid doing some heuristics detecting `traceiter` missing definition, this
patch modifies the `KLPR_DECLARE_TRACE` macro to add the KLP_RELOC_SYMBOL
to its symbols. To do this, it needs to know the module name, which SHOULD
be always defined in the same module we are trying to LP, so I added only one
parameter (module name) putting it to both LPed object name and also to
target object name parameters.
- commit 4215e6e
-------------------------------------------------------------------
Wed Oct 2 12:19:33 CEST 2024 - lhruska@suse.cz
- klp_trace: Add SLE15-SP6 support
- commit e4bee4a
-------------------------------------------------------------------
Mon Sep 2 13:25:26 CEST 2024 - nstange@suse.de
- New branch for MICRO-6-0_Update_2
- commit ed7da42
-------------------------------------------------------------------
Mon Sep 2 13:02:29 CEST 2024 - nstange@suse.de
- scripts: make tar-up recognize SLE Micro codestreams
- commit be8c692
-------------------------------------------------------------------
Mon Oct 23 11:19:00 CEST 2023 - nstange@suse.de
- klp_syscalls.h: adapt to kernels >= 6.1 on s390x and ppc64le
There had been a couple of changes to the kernel's architecture specific
syscall related definitions on ppc64le and s390x, which require some
amendments to the klp_syscalls.h abstraction wrappers to enable support:
- 7e92e01b7245 ("powerpc: Provide syscall wrapper"),
- 94746890202c ("powerpc: Don't add __powerpc_ prefix to syscall entry
points"),
- 2213d44e140f ("s390/syscalls: get rid of system call alias functions").
Implement that.
- commit 049524d
-------------------------------------------------------------------
Fri Oct 13 11:26:56 CEST 2023 - nstange@suse.de
- kallsyms_relocs: Drop 'mod' argument from symbol iteration callback
With upstream commit 3703bd54cd37 ("kallsyms: Delete an unused parameter
related to {module_}kallsyms_on_each_symbol()"), the 'mod' argument is
no longer passed to the kallsyms symbol iteration callbacks. Drop it from
the kallsyms_relocs helper implementation accordingly.
- commit e5e774b
-------------------------------------------------------------------
Mon Feb 27 18:56:17 CET 2023 - mpdesouza@suse.com
- create-makefile.sh: Add Kbuild.inc files support
Check if there are Kbuild.inc files and copy it's content into the new
Makefile. An example of Kbuild.inc can be used to enable -Werror for specific
object on all architectures:
CFLAGS_livepatch_main.o = -Werror
- commit a23f264
-------------------------------------------------------------------
Fri Feb 10 19:10:03 CET 2023 - mpdesouza@suse.com
- livepatch_main.c: Remove KLP_NOREG_API checks
All currently supported codestreams define KLP_NOREG_API, making this
checks obsolete.
- commit 06c9fa0
-------------------------------------------------------------------
Mon Dec 12 01:53:36 CET 2022 - mpdesouza@suse.com
- klp_trace.h: Add KLPR_TRACE_EVENT macros
Currently klp-ccp cannot track and redefine macros that use livepatches
or exported symbols, thus generating a large amount of code that needs
to be massaged. These macros define two variants of TRACE_EVENT macros,
for kernels older than 5.10, and another version for > 5.10, which
dropped data_args argument.
- commit 288960b
-------------------------------------------------------------------
Thu Oct 27 15:59:38 CEST 2022 - nstange@suse.de
- klp_syscalls.h: fix KLP_COMPAT_SYSCALL_SYM() macro for s390
Currently, the KLP_COMPAT_SYSCALL_SYM() expands to the __s390_compat_*()
variant, which expects the original types for its arguments, not longs.
For compatibility with the other archs, make it expand to the __se_compat_*()
version expecting longs for its arguments.
- commit 36a47e5
-------------------------------------------------------------------
Tue Oct 18 13:09:46 CEST 2022 - nstange@suse.de
- rpm: enable support for builds against the -RT kernel variant
Currently there is only support for building a kernel-livepatch package against
the default flavor of the canonical (<empty>) kernel variant. Livepatches for
the -RT variant will be provided in the future though. Prepare the packaging
scripts for this.
More specifically, make scripts/tar-up.sh extract an optional "variant"
component from the codestream name (as read from scripts/release-version.sh):
- SLE15-SP4-RT_Update_xy would specify a -RT variant while
- SLE15-SP4_Update_xy retains its meaning and referes to the <empty> variant
as before.
Introduce a %variant macro to the spec file and make tar-up.sh to set its value,
just alongside the other substitutions its already doing.
Make the spec file's package name and dependency specification to depend on
the %variant as appropriate.
- commit c5dc06b
-------------------------------------------------------------------
Thu Jun 16 08:16:19 CEST 2022 - nstange@suse.de
- uname_patch: include livepatch_uname.h from the uname livepatch code
Currently, livepatch_uname.c doesn't include livepatch_uname.h, which prohibits
compile-time protoype checking. Include livepatch_uname.h from
livepatch_uname.c, just as it's always being done for all the other livepatches,
too.
- commit c3ba44c
-------------------------------------------------------------------
Thu Jun 16 08:08:52 CEST 2022 - nstange@suse.de
- klp_syscalls: provide s390x variant of KLP_SYSCALL_DECLx() for kernels >= 5.12
s390x' syscall prototypes have changed with kernel commit 3a790cc1c9ef ("s390:
pass struct pt_regs instead of registers to syscalls") accepted for v5.12.
Add a corresponding KLP_SYSCALL_DECLx() #define to klp_syscalls.h.
- commit 9380841
-------------------------------------------------------------------
Fri Jun 10 10:49:32 CEST 2022 - nstange@suse.de
- kallsyms_relocs: allow for explicit initialization
Currently, the kallsyms_relocs code initializes itself in a lazy fashion upon
the first usage of its klp_resolve_kallsyms_relocs().
However, that initialization code, __kallsyms_relocs_init(), is now also in
charge of populating the klpe_find_module function pointer. As users might
depend on klpe_find_module() before their first call to
klp_resolve_kallsyms_relocs(), give them a means to trigger the initialization
explicitly: rename __kallsyms_relocs_init() to klp_kallsyms_relocs_init() and
make it externally visible.
- commit 5fe7b9f
-------------------------------------------------------------------
Fri Jun 10 10:42:28 CEST 2022 - nstange@suse.de
- kallsyms_relocs: lookup find_module() at initialization time
The livepatch initialization handlers invoking the kallsyms_relocs functionality
for their resp. target modules usually depend on the kernel's find_module().
However, with upstream commit 089049f6c995 ("module: unexport find_module and
module_mutex"), find_module() got unexported and is no longer directly
available.
Make the kallsyms_relocs initialization code look it up via kallsyms and
make the result available to livepatch initialization handlers via the
new, externally visible klpe_find_module function poiner.
- commit 7c53b1f
-------------------------------------------------------------------
Fri Jun 10 10:36:19 CEST 2022 - nstange@suse.de
- kallsyms_relocs: give klp_module_kallsyms_on_each_symbol a "klpe_" prefix
In line with our usual convention of giving symbols populated by means of
kallsyms-lookups a "klpe_" prefix, rename the internal
"klp_module_kallsyms_on_each_symbol" to "klpe_module_kallsyms_on_each_symbol".
- commit 20e54d1
-------------------------------------------------------------------
Fri Jun 10 10:25:55 CEST 2022 - nstange@suse.de
- kallsyms_relocs: factor out lookup code and make __kallsyms_relocs_init() use it
Currently, __kallsyms_relocs_init() contains some open-coded kallsyms lookup for
filling in the klp_module_kallsyms_on_each_symbol function pointer at bootstrap
time. Future commits will make the init code to populate some more symbols,
which more or less resembles the functionality klp_resolve_kallsyms_relocs() is
already providing.
Enable code reuse by factoring out the kallsyms lookup related pieces from
klp_resolve_kallsyms_relocs() into the new __klp_resolve_kallsyms_relocs()
and make both, klp_resolve_kallsyms_relocs() and __kallsyms_relocs_init() to
invoke it.
- commit 1bef553
-------------------------------------------------------------------
Fri Jun 10 09:47:40 CEST 2022 - nstange@suse.de
- kallsyms_relocs: strip underscore prefix from __klp_resolve_kallsyms_relocs()
The double undescore prefix of "__klp_resolve_kallsyms_relocs()" suggests that
the caller is supposed to take care of some locking, of module_mutex in this
case.
However, since upstream commit 013c1667cf78 ("kallsyms: refactor
{,module_}kallsyms_on_each_symbol"), module_kallsyms_on_each_symbol(), and
hence also the __klp_resolve_kallsyms_relocs() using that, doesn't need to
have module_mutex locked by callers anymore.
To reflect this, remove the underscore prefix from
__klp_resolve_kallsyms_relocs() and drop the comment about module_mutex from
the code.
- commit 4476b8b
-------------------------------------------------------------------
Thu Feb 24 10:36:40 CET 2022 - mbenes@suse.cz
- livepatch: Add MODULE_INFO with a git revision
A git HEAD revision was removed from "uname -v" output. Add it as
MODULE_INFO to a live patch kernel module, so it can be acquired by
modinfo tool if needed. The information is also available in a rpm
changelog.
- commit ff67cb6
-------------------------------------------------------------------
Wed Feb 23 19:21:44 CET 2022 - mbenes@suse.cz
- uname_patch: Trim klp tag to fix the overflow
SLE15-SP4 introduces an option to specify a preempt model during boot.
new_utsname->version was updated to take this into account and contains
PREEMPT_DYNAMIC tag now. In the end, there is not much space left to
include our klp_tag and it overflows. Instead of removing the tag
completely, trim it so that the user can at least easily spot that a
live patch is installed on the system.
A git HEAD revision will be stored elsewhere.
While at it, make the tag const.
References: bsc#1196281
- commit 51e46f7
-------------------------------------------------------------------
Wed Feb 23 19:20:37 CET 2022 - mbenes@suse.cz
- uname_patch: Update to v5.14 kernel/sys.c
Backport upstream commit 88a686728b37 ("kbuild: simplify access to the
kernel's version").
- commit 86c9d55
-------------------------------------------------------------------
Thu Aug 5 16:50:11 CEST 2021 - nstange@suse.de
- scripts/register-patches.sh: fix issue with per-klp_object #if-guards
scripts/register-patches.sh is supposed to #if-guard each constructed
klp_object instance by the logical or of the individual functions'
associated conditions as specified in the corresponding
patched_funcs.csv entries. If only one such function entry doesn't have a
condition associated with it, the compound logical || would always evaluate
to true though and thus, register-patches.sh should skip the
per-klp_object #if-guard alltogether in this case.
To this end, the inner loop iterating over the function entries resets the
array o_conds of unique conditions seen for the current object and breaks
out upon encountering an unconditional patch entry, i.e. one w/o an empty
condition field. The problem is that the break from the inner loop has no
effect on the outer loop over the different patched_funcs.csv's and thus,
the emptied o_conds array can get populated again in the course of
processing a later patched_funcs.csv. Later code would then find the
non-empty o_conds and guard the currently constructed klp_object by oring
its individual entries together rather than omitting the #if-guard as a
whole as it should.
Fix this by introducing the boolean variable "any_unconds", flip it to true
upon encountering an unconditional function entry and force the o_conds
array to empty if any_unconds is found to be set once the outer loop has
completed.
- commit dae55a1
-------------------------------------------------------------------
Wed Jan 13 11:41:32 CET 2021 - nstange@suse.de
- klp_syscalls.h: fix syscall prototype mismatch on s390x for kernels >= 4.17
The __SYSCALL_DEFINEx(x, name, ...) macro as defined in
arch/s390/include/asm/syscall_wrapper.h declares two protoypes for
a given syscall: __s390x_sys##name() and __se_sys##name(). The former
symbol is made to be an alias to the latter and the function arguments are
of the "real" type as specified in the macro invocation whereas the
latter's argument types are transformed into longs.
Currently the KLP_SYSCALL_SYM() helper macro from our klp_syscalls.h
evaluates to the __s390x_sys##name() variant, but its expansion result is
intended to be used with KLP_SYSCALL_DECLx(), which does the transformation
of the arguments' types to longs. This results in compilation errors due to
the syscall prototype declaration from KLP_SYSCALL_DECLx() confliciting
with the one from __SYSCALL_DEFINEx(), if visible.
The current behaviour of KLP_SYSCALL_DECLx() should be retained in order
to keep it working for the compatibility stubs, i.e. with
KLP_SYSCALL_COMPAT_STUB_SYM(). So fix the issue by making KLP_SYSCALL_SYM()
to evaluate to the __se_sys##name() variant on 390x for kernel versions >=
4.17.
- commit 862bd77
-------------------------------------------------------------------
Tue Jan 12 13:38:00 CET 2021 - nstange@suse.de
- scripts/register-patches.sh: stringify klp_funcs' ->old_name
In order to enable the use of e.g. KLP_SYSCALL_SYM() for the to be
livepatched function's name in patched_funcs.csv, make register-patches.sh
wrap the emitted klp_funcs' ->old_name initialization values with
__stringify() rather than writing string tokens directly.
- commit f54c4d6
-------------------------------------------------------------------
Tue May 19 15:01:34 CEST 2020 - mbenes@suse.cz
- scripts: Disable use of klp-convert
klp-convert tool was introduced to improve a situation with unexported
symbols while preparing live patches. However, it is still not stable
enough and upstream still needs to decide the purpose of the tool. Given
that it is used only for uname patch and only on SLE15-SP1 it is better
to just disable it for now.
At the same, leave the infrastructure in place, because we might use it
in the future.
- commit 3397b3e
-------------------------------------------------------------------
Wed Apr 8 10:14:20 CEST 2020 - nstange@suse.de
- scripts: enable s390x for SLE12-SP4
The initial live patch shall be built on s390x for future SLE12-SP4 kernel
releases. Make tar-up.sh add s390x to ExclusiveArch from the (not yet
existing) SLE12-SP4_Update_13 onwards.
- commit f49a99e
-------------------------------------------------------------------
Mon Mar 30 11:59:20 CEST 2020 - nstange@suse.de
- scripts: enable s390x for SLE15-SP2
- commit 933574a
-------------------------------------------------------------------
Wed Mar 25 10:45:50 CET 2020 - nstange@suse.de
- scripts: Generate ExclusiveArch in spec file dynamically
s390x support is slowly being introduced for newly created
master-livepatch based branches. In order to avoid problems with existing
branches for e.g. the maintenance team, don't add s390x to the hard-coded
list of ExclusiveArchs, but let tar-up.sh enable it dynamically depending
on the codestream in question.
For now, s390x builds will be enabled on SLE12-SP5, beginning with
SLE12-SP5_Update_3 onwards.
- commit 27b683d
-------------------------------------------------------------------
Mon Dec 2 13:49:24 CET 2019 - mbenes@suse.cz
- Revert "shadow variables: allow for dynamic initialization"
This reverts commit 843c6fa42429afc1682cdb39119e7a011af2abc9.
- commit 23d37c8
-------------------------------------------------------------------
Mon Dec 2 13:40:37 CET 2019 - mbenes@suse.cz
- Revert "shadow variables: introduce upstream patch"
This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78.
- commit c1be24c
-------------------------------------------------------------------
Mon Dec 2 13:38:18 CET 2019 - mbenes@suse.cz
- Revert "shadow variables: drop EXPORT_SYMBOL()s"
This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e.
- commit 5771a4b
-------------------------------------------------------------------
Mon Dec 2 13:38:04 CET 2019 - mbenes@suse.cz
- Revert "shadow variables: share shadow data among KGraft modules"
This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f.
- commit 1c87412
-------------------------------------------------------------------
Mon Dec 2 13:37:30 CET 2019 - mbenes@suse.cz
- Revert "shadow variables: add KGR_SHADOW_ID helper"
This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c.
- commit 41936fd
-------------------------------------------------------------------
Sat Sep 7 18:53:16 CEST 2019 - nstange@suse.de
- uname_patch: convert to the syscall stub wrapper macros from klp_syscalls.h
In order to make the live patch to the newuname() syscall work on
kernels >= 4.17 again, convert it to the KLP_SYSCALL_*() wrapper macros
provided by klp_syscalls.h.
References: bsc#1149841
- commit b5af38e
-------------------------------------------------------------------
Sat Sep 7 18:53:15 CEST 2019 - nstange@suse.de
- Provide wrapper macros for syscall naming
Live patching syscall stubs is a common task, for example any live patch
package modifies the newuname syscall.
For the actual definitions of the live patched syscall stubs, the
__SYSCALL_DEFINEx() name can always be (and often has been) used like e.g.
__SYSCALL_DEFINEx(3, _klp_timer_create, const clockid_t, which_clock,
struct sigevent __user *, timer_event_spec,
timer_t __user *, created_timer_id)
{
/* New implementation */
}
Up to kernel 4.16, this used to define a function named
"SyS_klp_timer_create" which could then be used to live patch the
"SyS_timer_create".
However, beginning with kernel version 4.17, resp. upstream commits
- fa697140f9a2 ("syscalls/x86: Use 'struct pt_regs' based syscall calling
convention for 64-bit syscalls")
- e145242ea0df ("syscalls/core, syscalls/x86: Clean up syscall stub
naming convention")
- d5a00528b58c ("syscalls/core, syscalls/x86: Rename struct pt_regs-based
sys_*() to __x64_sys_*()"),
things became more complex:
- The naming of the resulting stubs now varies across architecture.
- Some architectures (x86_64, s390x) instantiate an additional
compat stub for syscalls sharing a common implementation between 32 and
64 bits. (The 32 bit entry code used to convert from the 32 bit ABI to
64 bit and simply call the 64 bit syscall stub afterwards. That's
handled by the new 32 bit stubs now.)
- The stubs' signatures have changed: each argument used to get mapped
to either long or long long, but on x86_64, the stubs are now receiving
a single struct pt_regs only -- it's their responsibility to extract
the arguments as appropriate.
In order to not require each and every live patch touching syscalls to
include an insane amount of ifdeffery, provide a set of #defines hiding it:
1.) KLP_SYSCALL_SYM(name) expands to the syscall stub name for 64 bits
as defined by _SYSCALL_DEFINEx(x, _name, ...).
2.) If the architeture requires 32bit specific stubs for syscalls sharing
a common implementation between 32 and 64bits, the
KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS macro is defined.
3.) If KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS is defined, then
KLP_SYSCALL_COMPAT_STUB_SYM(name) expands to the syscall stub name
for 32 bits as defined by _SYSCALL_DEFINEx(x, _name, ...).
4.) For syscalls not sharing a common implementation between 32 and
64 bits, i.e. those defined by COMPAT_SYSCALL_DEFINEx(),
the macro KLP_COMPAT_SYSCALL_SYM(name) expands to the stub name
defined as defined by COMPAT_SYSCALL_DEFINEx(x, _name, ...).
5.) Finally, for hiding differences between the signatures,
provide the macro KLP_SYSCALL_DECLx(x, sym, ...) which
expands to a declaration of sym, with the x arguments either
mapped to long resp. long long each, or collapsed to a single
struct pt_regs argument as appropriate for the architecture.
Note that these macros are defined as appropriate on kernels before and
after 4.17, so that live patch code can be shared.
References: bsc#1149841
- commit da7b9a5
-------------------------------------------------------------------
Sat Aug 24 19:06:03 CEST 2019 - nstange@suse.de
- scripts/create-makefile.sh: add -I flag for toplevel directory to ccflags-y
Since upstream commit 58156ba4468f ("kbuild: skip 'addtree' and 'flags'
magic for external module build") Kbuild won't add an -I flag for an
external module's toplevel source directory to the compilation flags
anymore.
This results in compilation errors like the following:
uname_patch/livepatch_uname.c:36:10: fatal error: klp_convert.h: No such
file or directory
#include "klp_convert.h"
^~~~~~~~~~~~~~~
Fix this by appending '-I$(obj)' to ccflags-y within the Makefile created
by scripts/create-makefile.sh. Note that "$(obj)" is set to the current
source directory before the Makefile is sourced by Kbuild.
- commit b30a48e
-------------------------------------------------------------------
Thu Mar 7 15:23:42 CET 2019 - mbenes@suse.cz
- livepatch_main.c: Adaptation to a new livepatch API
The atomic replace patch set among others removed the two-stage API.
There is no (un)registration step needed now. SLES backport defines
KLP_NOREG_API macro to easily distinguish whether the kernel provides
the old or the new API. Use it and change the module init and exit
functions accordingly.
- commit 060163b
-------------------------------------------------------------------
Thu Feb 7 14:13:00 CET 2019 - mbenes@suse.cz
- uname_patch: Use klp-convert macros and rely on klp-convert where
possible
- commit 4c9eb70
-------------------------------------------------------------------
Wed Feb 6 14:12:44 CET 2019 - mbenes@suse.cz
- Define macros to switch easily between klp-convert and kallsyms
Kallsyms trick does not have to be used for resolving undefined symbols
when klp-convert is available. It would be great though to share live
patches sources between both modes of operation.
Define macros to help with the task. Their definitions depend on
whether USE_KLP_CONVERT macro is defined. tar-up.sh script is
responsible to decide.
- commit e3a42b7
-------------------------------------------------------------------
Wed Feb 6 10:53:44 CET 2019 - mbenes@suse.cz
- Use klp-convert where provided
klp-convert tool converts undefined symbols in a live patch kernel module
to special relocation records which are resolved by the kernel. It
allows to omit kallsyms tricks.
Wire it to the spec file and let tar-up.sh script decide if it is to be
used depending on a codestream. SLE15-SP1 is supported currently.
- commit 3efd330
-------------------------------------------------------------------
Tue Dec 11 11:27:23 CET 2018 - mbenes@suse.cz
- uname_patch: don't hold uts_sem while accessing userspace memory
Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while
accessing userspace memory").
- commit d4e00de
-------------------------------------------------------------------
Tue Oct 2 16:38:19 CEST 2018 - mbenes@suse.cz
- scripts/tar-up.sh: Add ppc64le to ExclusiveArch even for SLE12-SP2
- commit 77a8a8b
-------------------------------------------------------------------
Wed Aug 8 15:08:00 CEST 2018 - nstange@suse.de
- Provide common kallsyms wrapper API
With bsc#1103203, the need for disambiguating between a multiply
defined symbol arose. This is something the kallsyms_lookup_name() based
code snippet we used to copy&paste to every individual CVE fix can't
handle.
Implement a proper wrapper API for doing the kallsyms lookups.
- commit bd113d8
-------------------------------------------------------------------
Wed Aug 8 15:07:59 CEST 2018 - nstange@suse.de
- Provide common kallsyms wrapper API
With bsc#1103203, the need for disambiguating between a multiply
defined symbol arose. This is something the kallsyms_lookup_name() based
code snippet we used to copy&paste to every individual CVE fix can't
handle.
Implement a proper wrapper API for doing the kallsyms lookups.
- commit 4aed7d2
-------------------------------------------------------------------
Wed Jul 11 13:55:14 CEST 2018 - nstange@suse.de
- provide KGR_SHADOW_ID() helper macro
- provide KLP_SHADOW_ID() helper macro
In analogy to the KGR_SHADOW_ID() macro, introduce KLP_SHADOW_ID() for
the construction of unique shadow variable id's.
- commit 7325c49
-------------------------------------------------------------------
Sun Jul 8 13:02:18 CEST 2018 - nstange@suse.de
- scripts/register-patches.sh: implement conditional inclusion
Currently, subpatches provide a patched_funcs.csv file describing what
needs to be patched. register-patches.sh inspects those to assemble one
global klp_patch structure.
The current format for these patched_funcs.csv's is
obj old_func(,sympos) newfun
However, sometimes subpatches depend on some kernel configuration values
like CONFIG_X86_64 and functions shall get patched only if the target
kernel configuration matches.
Extends the patched_funcs.csv format to
obj old_func(,sympos) newfun (cpp condition)
where everything coming after 'newfun' is taken to be a CPP condition to be
used for conditional inclusion. In case there's no condition specified,
assign that entry the same semantics as if a '1' had been given.
Make register-patches.sh guard the corresponding klp_func entries with #if
pragmas.
Furthermore, let it guard the enclosing klp_object instances by or'ing
together all its klp_funcs' conditions.
For the sake of better readability, omit redundant #if pragmas as well as
condition clauses. In particular,
- if a function entry hasn't got any condition explicitly specified,
there won't be any #if pragma, neither at the klp_func nor at the
klp_object level,
- if multiple function entries for an object are protected by the same
condition, it'll be or'ed in at the klp_object level only once,
- if all of an object's functions share the same condition, no #if pragmas
will be emitted at the klp_func level because they would only duplicate
what's already there for the enclosing object and
- multiple subsequent function entries sharing the same condition get
collated.
- commit 56f0729
-------------------------------------------------------------------
Sun Jul 8 13:02:17 CEST 2018 - nstange@suse.de
- scripts/register-patches.sh: allow spaces as patched_funcs.csv separators
Currently there's one single cut(1) usage which requires that (single) tabs
are used as field separators for the patched_funcs.csv.
As the rest of the code can deal with sequences of any whitespace already,
this imposes an unnecessary restriction on the format.
Substitute that cut(1) usage by a sed(1) invocation as appropriate.
- commit 9852661
-------------------------------------------------------------------
Mon Jun 4 15:20:08 CEST 2018 - mbenes@suse.cz
- livepatch_main.c: Set .replace to true
- commit 643f04c
-------------------------------------------------------------------
Mon May 14 08:30:00 CEST 2018 - nstange@suse.de
- scrips/create-makefile.sh: add support for assembly files
- commit cf2464a
-------------------------------------------------------------------
Mon Mar 5 15:44:31 CET 2018 - nstange@suse.de
- shadow variables: allow for dynamic initialization
Currently, the only shadow variable initialization scheme exposed by the
allocation API is to let klp_shadow_alloc() resp. klp_shadow_get_or_alloc()
memcpy some user provided buffer to the freshly allocated shadow variable.
This is too limited for shadow structures containing pointers into
themselves like list_heads or mutexes.
Change the internal __klp_shadow_get_or_alloc() to take a pointer to an
initializer functions and call that in place of the memcpy() operation.
In order to retain former functionality of klp_shadow_alloc() and
klp_shadow_get_or_alloc(), make them pass the new
__klp_shadow_memcpy_init() wrapper to __klp_shadow_get_or_alloc().
Finally, introduce the new klp_shadow_alloc_with_init() and
klp_shadow_get_or_alloc_with_init() which pass a user provided initializer
function pointer onwards to __klp_shadow_get_or_alloc().
- commit 843c6fa
-------------------------------------------------------------------
Wed Dec 6 14:40:14 CET 2017 - mbenes@suse.cz
- Revert "shadow variables: introduce upstream patch"
This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78.
- commit a27c66a
-------------------------------------------------------------------
Wed Dec 6 14:37:09 CET 2017 - mbenes@suse.cz
- Revert "shadow variables: drop EXPORT_SYMBOL()s"
This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e.
- commit 40d0ba6
-------------------------------------------------------------------
Wed Dec 6 14:37:06 CET 2017 - mbenes@suse.cz
- Revert "shadow variables: share shadow data among KGraft modules"
This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f.
- commit d184b38
-------------------------------------------------------------------
Wed Dec 6 14:36:56 CET 2017 - mbenes@suse.cz
- Revert "shadow variables: add KGR_SHADOW_ID helper"
This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c.
- commit 22d6153
-------------------------------------------------------------------
Wed Dec 6 12:18:06 CET 2017 - mbenes@suse.cz
- rpm/config.sh: Use SUSE:SLE-15:GA project
- commit ff32fc9
-------------------------------------------------------------------
Wed Dec 6 12:14:17 CET 2017 - mbenes@suse.cz
- Revert "scripts: Generate ExclusiveArch in spec file dynamically"
This reverts commit 95ed856ea8f99b4e48d7d324278b3628d2ac2fa2.
SLE15 will support ppc64le arch from the beginning.
- commit 92e9bdb
-------------------------------------------------------------------
Tue Dec 5 16:42:04 CET 2017 - mbenes@suse.cz
- uname_patch: fix UNAME26 for 4.0
Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for
4.0").
- commit 5988feb
-------------------------------------------------------------------
Mon Dec 4 15:25:24 CET 2017 - mbenes@suse.cz
- Revert "Add compat.h to deal with changes of KGR_PATCH macro"
This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709.
All currently supported kernels (that is, everything since
SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop
compat, because we don't need it anymore.
- commit 11e3220
-------------------------------------------------------------------
Thu Nov 30 15:15:20 CET 2017 - mbenes@suse.cz
- scripts: Generate ExclusiveArch in spec file dynamically
ppc64le architecture kernel support is not present in all currently
supported branches. It may cause problem for the maintenance team.
Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for
SLE12-SP3 and 'x86_64' for the rest.
- commit 95ed856
-------------------------------------------------------------------
Thu Nov 16 14:27:46 CET 2017 - mbenes@suse.cz
- rpm/kgraft-patch.spec: Add ppc64le as a supported arch
ppc64le is about to be supported in Live Patching product. Add it to
ExclusiveArch tag.
- commit 8437c94
-------------------------------------------------------------------
Thu Nov 16 14:26:35 CET 2017 - mbenes@suse.cz
- rpm/kgraft-patch.spec: Remove s390x from supported archs
s390x is not supported in Live Patching product. Remove it from
ExclusiveArch.
- commit f9614f2
-------------------------------------------------------------------
Tue Oct 31 10:34:53 CET 2017 - nstange@suse.de
- livepatch_main.c: klp_patch_init(): fix error handling
In case either of the invocations of klp_register_patch() or
klp_enable_patch() fails, anything which has been setup by the prior
per-(sub-)patch initialiation code, i.e. the expansion of
@@KLP_PATCHES_INIT_CALLS@@, won't get undone.
Fix this.
Also make klp_patch_init() look more like the common 'goto err' idiom
and adjust scripts/register_patches.sh accordingly.
Fix for commit 7e20201cdcb8 ("kGraft to livepatch migration. API
change.").
- commit 6552b44
-------------------------------------------------------------------
Tue Oct 31 10:34:52 CET 2017 - nstange@suse.de
- scripts/register_patches.sh: generate klp_object array
The KLP API doesn't take a flat list of to be patched functions
like KGraft did, but introduces an intermediate layer: struct
klp_object.
Each klp_patch instance is supposed to reference an array of
klp_object's which in turn provide an array of klp_func's each.
To facilitate merging, we want to generate this list of klp_object's
automatically, exactly like we did for the flat function list with KGraft.
For each klp_patch instance, there must be at most one klp_object entry
referring to the same object.
Hence care must be taken not to add an entry for the same object twice
in case two different (sub-)patches both patch some functions therein.
Require from each (sub-)patch to provide the list of to be patched
symbols in a file named SUBPATCH/patched_funcs.csv with each line
conforming to the
obj old_func(,sympos) new_func
pattern.
Make scripts/register.sh generate an klp_object array initializer based on
this and let it expand the @@KLP_PATCHES_OBJS@@ tag within livepatch_main.c
accordingly.
Do not replace the now obsolete @@KLP_PATCHES_FUNCS@@ anymore.
Add and remove the @@KLP_PATCHES_OBJS@@ and @@KLP_PATCHES_FUNCS@@
markers to and from livepatch_main.c respectively.
[ mb: amend copy&paste error ($newfun at the end of uname klp_func[]) ]
- commit 0fe721b
-------------------------------------------------------------------
Thu Oct 26 13:54:06 CEST 2017 - lpechacek@suse.com
- kGraft to livepatch migration. External rename.
External rename and thus final step of kGraft -> upstream livepatch
migration. kgraft-patch* modules are now livepatch* and live in
/lib/modules/$(uname -r)/livepatch.
References: fate#323682
[ mb: changelog ]
- commit f842fd5
-------------------------------------------------------------------
Thu Oct 5 12:12:29 CEST 2017 - nstange@suse.de
- shadow variables: add KGR_SHADOW_ID helper
As shadow variables are supposed to be shared among different KGraft
modules their id's must be compile time constants.
Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform
manner based on the bsc# number and a local id.
- commit 237c8f3
-------------------------------------------------------------------
Thu Oct 5 12:12:28 CEST 2017 - nstange@suse.de
- shadow variables: share shadow data among KGraft modules
As it stands, each KGraft module maintains its own set of shadow variable
management structures and thus, shadow variables are not sharable between
livepatch modules.
This behaviour is different from the upstream implementation and, as
pointed out by Miroslav Benes, it also opens up an opportunity for a small
window where the system might become vulnerable again during transition as
we stack new livepatches on top.
Let all KGraft patches share the shadow data.
Sharing is implemented by moving the management structures from a KGraft
module's .data to dynamically allocated memory. Each KGraft module will
have specifically named pointers, 'kgr_shadow_hash12' and
'kgr_shadow_lock12', referencing them.
Upon initialization, a KGraft module will discover already existing such
shadow data by kallsyms-searching all loaded modules for these pointer
symbols. If none is found, a new instance is allocated. The newly
introduced kgr_shadow_init() implementing this is idempotent and can thus
be called from the bsc# subpatches' initializers if needed.
Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct
another kallsyms search and deallocate the shadow data in case there are
no more users. kgr_shadow_cleanup() is also idempotent.
Initialization and teardown of the common shadow data is serialized with
the module_mutex which has to be taken for the kallsyms search anyway.
- commit 8e1e705
-------------------------------------------------------------------
Thu Oct 5 12:12:27 CEST 2017 - nstange@suse.de
- shadow variables: drop EXPORT_SYMBOL()s
The shadow variable API will only ever get used by the KGraft module itself
and thus, there's no need for exporting it.
Drop all EXPORT_SYMBOL annotations.
- commit ac6cfeb
-------------------------------------------------------------------
Thu Oct 5 12:12:26 CEST 2017 - nstange@suse.de
- shadow variables: introduce upstream patch
Joe Lawrence posted the sixth version of his shadow variable patch [1]
implementing the association of additional out-of-band data members to
existing structure instances from livepatches.
Jiri Kosina has applied this to his
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables
tree and thus, it's queued up and close to getting merged.
The plan is to eventually backport this shadow variable support to SLE
kernels, but we also want to have it usable from KGraft modules by now.
Port the implementation to the kraft-patches module.
Namely,
- dump shadow.c in it's current upstream state as it is after commits
439e7271dc2b ("livepatch: introduce shadow variable API")
5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to
shadow.c")
19205da6a0da ("livepatch: Small shadow variable documentation fixes")
- add a shadow.h header and declare the newly introduced functions there
- and incorporate the new files into the KGraft module's build system.
[1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com
("[PATCH v6] livepatch: introduce shadow variable API")
- commit e899c4f
-------------------------------------------------------------------
Wed Jul 12 11:14:40 CEST 2017 - lpechacek@suse.com
- kGraft to livepatch migration. API change.
Change from kGraft API to livepatch API.
Note: error handling in _init() function is broken and fixed later.
Automatic generation of klp_objects is not present at all. Added later.
References: fate#323682
[ mb: changelog, patch split, whitespace errors ]
- commit 7e20201
-------------------------------------------------------------------
Wed Jul 12 11:08:57 CEST 2017 - lpechacek@suse.com
- kGraft to livepatch migration. Internal rename.
Internal rename in preparation for kGraft -> upstream livepatch
migration. External module naming stays the same. API is not touched
yet.
References: fate#323682
[ mb: changelog edit ]
- commit 28a04a2
-------------------------------------------------------------------
Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de
- scripts/register-patches.sh: register subpatch sources in rpm spec
In order to reduce the manual merging work upon addition of new
(sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c
dynamically") introduced the register-patches.sh helper. It discovers
those and tweaks the main entry point, kgr_patch_main.c, as needed.
However, a remaining manual merging task is to list a (sub)patch's source
archive in rpm/kgraft-patch.spec and to %setup it.
Make scripts/register-patches.sh do this.
Namely,
- introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@
placeholders in rpm/kgraft-patch.spec
- and make scripts/register-patches.sh expand those within a spec file
to be given as an additional command line argument.
Finally, adjust scripts/tar-up.sh accordingly.
- commit 9eafc8a
-------------------------------------------------------------------
Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de
- scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@
register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@
placeholder by concatenating all available patches' KGR_PATCH_<XY>_FUNCS
together, separating them by commas.
The KGR_PATCH_<XY>_FUNCS are CPP macros supposed to be provided by each
patch. If one of these happens to be empty, the preprocessed expansion
will contain two consecutive commas which gcc doesn't like in array
initializers.
Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require
the individual KGR_PATCH_<XY>_FUNCS macros to already contain trailing
ones as needed.
Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically")
- commit ba41416
-------------------------------------------------------------------
Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de
- scripts: create kgr_patch_main.c dynamically
The kgraft-patches repository has got many branches, each corresponding
to a supported codestream. Each of those carries a potentially different
set of live (sub)patches which are controlled through the entry points in
kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch
based on the pristine master is a pita due to conflicts.
Since all (sub)patches stick to certain conventions already, the required
modifications of the merging-hotspot kgr_patch_main.c are quite mechanic.
Let a script do the work.
Namely,
- insert some special @@-embraced placeholders at the few places depending
on the actual set of (sub)patches,
- let register-patches.sh discover the available (sub)patches by searching
for directories
- and let register-patches.sh replace those placeholders in
kgr_patch_main.c
Finally, add a register-patches.sh invocation to tar-up.sh.
This procedure requires that a SUBPATCH located in directory SUBPATCH/
adheres to the following conventions:
- It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header.
- This header must provide declarations for kgr_patch_SUBPATCH_init()
and kgr_patch_SUBPATCH_cleanup().
- This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro.
It should expand to a comma separated list of KGR_PATCH*() entries,
each corresponding to a function the subpatch wants to replace.
[mbenes: fixed typos, empty line removed]
- commit 4e8dc88
-------------------------------------------------------------------
Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz
- Replace $(PWD) with $(CURDIR) in Makefile
CURDIR is an internal variable of make and more suitable.
- commit 03bf1d5
-------------------------------------------------------------------
Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz
- Create Makefile automatically
Introduce scripts/create-makefile.sh script to automatically create a
makefile. The scripts is called from tar-up.sh or could be called
manually.
- commit 1af6c29
-------------------------------------------------------------------
Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz
- Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project
- commit bdc7598
-------------------------------------------------------------------
Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz
- Add compat.h to deal with changes of KGR_PATCH macro
Sympos patch set for kGraft redefined KGR_PATCH macro and added two new
ones. Add new compat.h which contains macro magic so that all kGraft
patches would work on both old and new kernels with the patch set
merged.
- commit 4186bef
-------------------------------------------------------------------
Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz
- Fix the number of parameters of KGR_PATCH macro
New kernels contain kGraft's sympos patch set which changed number of
paramaters of KGR_PATCH macro and introduced new macros. Fix it in
master so it will be ok for new branches.
- commit 78cf676
-------------------------------------------------------------------
Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com
- Include the RPM version number in the module name
- commit 8fa02c6
-------------------------------------------------------------------
Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz
- Remove forgotten debug option in the Makefile
- commit 9c24ab8
-------------------------------------------------------------------
Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz
- Add license and copyright notices
- commit d42d3aa
-------------------------------------------------------------------
Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz
- Remove immediate flag
Fake signal was merged to kGraft and immediate feature removed. Remove
it in kGraft patches from now on too.
- commit c767ad2
-------------------------------------------------------------------
Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz
- Set immediate flag to false
Using immediate set to true can lead to BUGs and oopses when
downgrading, reverting or applying replace_all patches. There is no way
how to find out if there is a process in the old code which is being
removed. The module would be put, removed and the process will crash.
The consistency model guarantees that there is no one in the old code
when the finalization ends. Thus use it for all case to be safe.
- commit 830e1a3
-------------------------------------------------------------------
Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz
- Fix description in rpm spec file
Spec file description mentions initial kGraft patch which is only true
for real initial patch. Make it more neutral.
References: bsc#930408
- commit a55e023
-------------------------------------------------------------------
Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz
- Generate archives names automatically in tar-up.sh
- commit 1f34f18
-------------------------------------------------------------------
Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz
- Automatically generate .changes file from git log
Also add comments to tar-up.sh script to distinguish between sections.
- commit 212a7ae
-------------------------------------------------------------------
Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz
- Revert "Require exact kernel version in the patch"
This needs to be done differently, so that modprobe --force works as
expected.
References: bnc#920615
This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a.
- commit bc88dd7
-------------------------------------------------------------------
Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz
- Require exact kernel version in the patch
References: bnc#920615
- commit c62c11a
-------------------------------------------------------------------
Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz
- Add the git commit and branch to the package description
References: bnc#920633
- commit 1ff4e48
-------------------------------------------------------------------
Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz
- Set immediate flag for the initial patch
Setting immediate to true will simplify installation of the initial patch and
possibly also of the further updates.
References: bnc#907150
- commit 391b810
-------------------------------------------------------------------
Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz
- Add .replace_all set to true
Add .replace_all flag set to true even to the initial patch. Thus we will not
forget to add that later. Also .immediate is there as a comment.
- commit 933e15e
-------------------------------------------------------------------
Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz
- Drop the hardcoded kernel release string
The updated kgraft-devel macros set this during build time, so we do not
need to know the kernel release string beforehand. As a name suffix for
the source packages, let's use SLE12_Test in the master branch and
SLE12_Update_<n> in the update branches.
- commit 65f7a25
-------------------------------------------------------------------
Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz
- Check that we are building against the set kernel version
- commit 689e44a
-------------------------------------------------------------------
Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz
- Mark the module as supported
References: bnc#904970
- commit 6249314
-------------------------------------------------------------------
Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz
- Build the test packages against Devel:kGraft:SLE12
- commit c952fbb
-------------------------------------------------------------------
Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz
- Add top git commit hash to uname -v
Add top git commit hash to version part of uname. This makes the identification
of current patch level easy (even in crash: p kgr_tag).
References: fate#317769
- commit 54c9595
-------------------------------------------------------------------
Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz
- Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@
We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to
sysfs tree. @@RELEASE@@ changes with each new version of package.
- commit 51fd9dd
-------------------------------------------------------------------
Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz
- Add a source-timestamp file with the git commit hash and branch
This is required by the bs-upload-kernel script to upload packages to
the BS. It can also be used by the specfile in the future.
- commit feab4f1
-------------------------------------------------------------------
Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz
- Initial commit
- commit 600de9d
-------------------------------------------------------------------
Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz
- Add config.sh script
This tells the automatic builder which IBS project to use.
- commit aa7f1cb
Reference in New Issue View Git Blame Copy Permalink