commit 87c3051acb6309197d85dc973f8eab6b4768faf0

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=1579

dtb-aarch64.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

dtb-aarch64.spec

@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-aarch64
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -49,10 +49,7 @@ BuildRequires:  dtc >= 1.4.0
 BuildRequires:  xz
 Requires:       kernel = %version
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh

dtb-armv6l.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

dtb-armv6l.spec

@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-armv6l
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -49,10 +49,7 @@ BuildRequires:  dtc >= 1.4.0
 BuildRequires:  xz
 Requires:       kernel = %version
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh

dtb-armv7l.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

dtb-armv7l.spec

@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-armv7l
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -49,10 +49,7 @@ BuildRequires:  dtc >= 1.4.0
 BuildRequires:  xz
 Requires:       kernel = %version
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh

dtb-riscv64.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

dtb-riscv64.spec

@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-riscv64
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -49,10 +49,7 @@ BuildRequires:  dtc >= 1.4.0
 BuildRequires:  xz
 Requires:       kernel = %version
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh

kernel-64kb.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-64kb.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-64kb
 Summary:        Kernel with 64kb PAGE_SIZE
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,16 +243,13 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -304,10 +334,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -597,14 +624,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -690,13 +715,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -704,8 +726,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -721,34 +742,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -765,27 +783,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -798,13 +806,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -837,11 +845,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1079,8 +1082,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1353,9 +1356,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-binary.spec.in

@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -452,14 +485,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -545,13 +576,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -559,8 +587,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -576,34 +603,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -620,27 +644,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -653,13 +667,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -692,11 +706,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -934,8 +943,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1205,9 +1214,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-cert-subpackage

@@ -19,6 +19,7 @@ else
 fi
 # XXX: Only call mokutil if UEFI and shim are used
 for cert in @CERTS@; do
+	cert="/etc/uefi/certs/${cert}.crt"
 	if ! mokutil --import "$cert" --root-pw ${MOK_ARG}; then
 		echo "Failed to import $cert"
 	fi
@@ -30,6 +31,7 @@ if ! command -v mokutil >/dev/null; then
 	exit 0
 fi
 for cert in @CERTS@; do
+	cert="/etc/uefi/certs/${cert}.crt"
 	ln "$cert" "$cert.delete"
 done
 exit 0
@@ -39,6 +41,7 @@ if ! command -v mokutil >/dev/null; then
 	exit 0
 fi
 for cert in @CERTS@; do
+	cert="/etc/uefi/certs/${cert}.crt"
 	if ! test -e "$cert"; then
 		if ! mokutil --delete "$cert.delete" --root-pw; then
 			echo "Failed to delete $cert"

kernel-debug.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-debug.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-debug
 Summary:        A Debug Version of the Kernel
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,10 +243,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %ifarch ppc64
 Provides:       kernel-kdump = 2.6.28
 Obsoletes:      kernel-kdump <= 2.6.28
@@ -224,10 +257,7 @@ Obsoletes:      kernel-kdump-base <= 2.6.28
 %endif
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -312,10 +342,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -603,14 +630,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -696,13 +721,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -710,8 +732,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -727,34 +748,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -771,27 +789,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -804,13 +812,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -843,11 +851,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1085,8 +1088,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1367,9 +1370,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-default.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-default.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-default
 Summary:        The Standard Kernel
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,10 +243,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %ifarch %ix86
 Provides:       kernel-smp = 2.6.17
 Obsoletes:      kernel-smp <= 2.6.17
@@ -268,10 +301,7 @@ Obsoletes:      kernel-ec2-base <= 4.4
 %endif
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -356,10 +386,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -646,14 +673,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -739,13 +764,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -753,8 +775,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -770,34 +791,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -814,27 +832,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -847,13 +855,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -886,11 +894,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1128,8 +1131,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1468,9 +1471,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-docs.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-docs.spec

@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -31,9 +31,9 @@ Name:           kernel-docs
 Summary:        Kernel Documentation
 License:        GPL-2.0-only
 Group:          Documentation/Man
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -64,14 +64,11 @@ BuildRequires:  texlive-zapfding
 %endif
 Url:            http://www.kernel.org/
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -142,10 +139,7 @@ Source120:      kabi.tar.bz2
 Source121:      sysctl.tar.bz2
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12

kernel-kvmsmall.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-kvmsmall.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-kvmsmall
 Summary:        The Small Developer Kernel for KVM
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,16 +243,13 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -304,10 +334,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -601,14 +628,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -694,13 +719,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -708,8 +730,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -725,34 +746,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -769,27 +787,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -802,13 +810,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -841,11 +849,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1083,8 +1086,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1365,9 +1368,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-lpae.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-lpae.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-lpae
 Summary:        Kernel for LPAE enabled systems
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,16 +243,13 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -304,10 +334,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -595,14 +622,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -688,13 +713,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -702,8 +724,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -719,34 +740,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -763,27 +781,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -796,13 +804,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -835,11 +843,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1077,8 +1080,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1347,9 +1350,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-obs-build.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-obs-build.spec

@@ -19,7 +19,7 @@
 
 #!BuildIgnore: post-build-checks
 
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -45,7 +45,7 @@ BuildRequires:  util-linux
 %endif
 %endif
 %endif
-BuildRequires:  kernel%kernel_flavor-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+BuildRequires:  kernel%kernel_flavor-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 
 %if 0%{?rhel_version}
 BuildRequires:  kernel
@@ -64,9 +64,9 @@ BuildRequires:  dracut
 Summary:        package kernel and initrd for OBS VM builds
 License:        GPL-2.0-only
 Group:          SLES
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif

kernel-obs-qa.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-obs-qa.spec

@@ -17,7 +17,7 @@
 # needsrootforbuild
 
 
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -36,9 +36,9 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        Basic QA tests for the kernel
 License:        GPL-2.0-only
 Group:          SLES
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif

kernel-pae.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-pae.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-pae
 Summary:        Kernel with PAE Support
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,10 +243,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %ifarch %ix86
 Provides:       kernel-bigsmp = 2.6.17
 Obsoletes:      kernel-bigsmp <= 2.6.17
@@ -238,10 +271,7 @@ Obsoletes:      kernel-ec2-base <= 4.4
 %endif
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -326,10 +356,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -623,14 +650,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -716,13 +741,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -730,8 +752,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -747,34 +768,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -791,27 +809,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -824,13 +832,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -863,11 +871,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1105,8 +1108,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1417,9 +1420,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-source.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-source.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -30,9 +30,9 @@ Name:           kernel-source
 Summary:        The Linux Kernel Sources
 License:        GPL-2.0-only
 Group:          Development/Sources
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -43,14 +43,11 @@ BuildRequires:  fdupes
 BuildRequires:  sed
 Requires(post): coreutils sed
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 Provides:       linux
 Provides:       multiversion(kernel)
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -258,10 +255,6 @@ install -m 644 %_sourcedir/kernel-subpackage-spec $RPM_BUILD_ROOT/usr/lib/rpm/ke
 install -m 644 -T %_sourcedir/kernel-default-base.spec.txt $RPM_BUILD_ROOT/usr/lib/rpm/kernel/kernel-default-base.spec
 %endif
 
-sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-	-e "s:@SRCVARIANT@:%variant:g" \
-	%_sourcedir/source-post.sh > %name-post.sh
-
 pushd "%buildroot"
 perl "%_sourcedir/group-source-files.pl" \
 	-D "$OLDPWD/devel.files" -N "$OLDPWD/nondevel.files" \
@@ -283,9 +276,15 @@ ts="$(head -n1 %_sourcedir/source-timestamp)"
 find %buildroot/usr/src/linux* ! -type l | xargs touch -d "$ts"
 
 %if ! %vanilla_only
-%post -f %name-post.sh
+%post
+%relink_function
 
-%post -n kernel-devel%variant -f %name-post.sh
+relink linux-%kernelrelease%variant /usr/src/linux%variant
+
+%post -n kernel-devel%variant
+%relink_function
+
+relink linux-%kernelrelease%variant /usr/src/linux%variant
 
 %files -f nondevel.files
 %defattr(-, root, root)

kernel-source.spec.in

@@ -47,10 +47,7 @@ Provides:       %name-srchash-@COMMIT_FULL@
 Provides:       linux
 Provides:       multiversion(kernel)
 Source0:        @TARBALL_URL@linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -258,10 +255,6 @@ install -m 644 %_sourcedir/kernel-subpackage-spec $RPM_BUILD_ROOT/usr/lib/rpm/ke
 install -m 644 -T %_sourcedir/kernel-default-base.spec.txt $RPM_BUILD_ROOT/usr/lib/rpm/kernel/kernel-default-base.spec
 %endif
 
-sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-	-e "s:@SRCVARIANT@:%variant:g" \
-	%_sourcedir/source-post.sh > %name-post.sh
-
 pushd "%buildroot"
 perl "%_sourcedir/group-source-files.pl" \
 	-D "$OLDPWD/devel.files" -N "$OLDPWD/nondevel.files" \
@@ -283,9 +276,15 @@ ts="$(head -n1 %_sourcedir/source-timestamp)"
 find %buildroot/usr/src/linux* ! -type l | xargs touch -d "$ts"
 
 %if ! %vanilla_only
-%post -f %name-post.sh
+%post
+%relink_function
 
-%post -n kernel-devel%variant -f %name-post.sh
+relink linux-%kernelrelease%variant /usr/src/linux%variant
+
+%post -n kernel-devel%variant
+%relink_function
+
+relink linux-%kernelrelease%variant /usr/src/linux%variant
 
 %files -f nondevel.files
 %defattr(-, root, root)

kernel-spec-macros

@@ -40,4 +40,16 @@
 # macro to add the source timestamp to package descriptions
 %define source_timestamp %(sed '1s/^/Source Timestamp: /' %_sourcedir/source-timestamp || :)
 
+# function used in developent package scriptlets
+%define relink_function relink() {			\
+    if [ -h "$2" ]; then				\
+	local old=$(readlink "$2")			\
+	[ "$old" = "$1" ] && return 0			\
+	echo "Changing symlink $2 from $old to $1"	\
+    elif [ -e "$2" ]; then				\
+	echo "Replacing file $2 with symlink to $1"	\
+    fi							\
+    rm -f "$2" && ln -s "$1" "$2"			\
+}
+
 # vim: ft=spec

kernel-syms.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-syms.spec

@@ -24,10 +24,10 @@ Name:           kernel-syms
 Summary:        Kernel Symbol Versions (modversions)
 License:        GPL-2.0-only
 Group:          Development/Sources
-Version:        5.14.2
+Version:        5.14.3
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -52,7 +52,7 @@ Requires:       kernel-pae-devel = %version-%source_rel
 %endif
 Requires:       pesign-obs-integration
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 Provides:       multiversion(kernel)
 Source:         README.KSYMS
 Requires:       kernel-devel%variant = %version-%source_rel

kernel-vanilla.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-vanilla.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-vanilla
 Summary:        The Standard Kernel - without any SUSE patches
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,16 +243,13 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -304,10 +334,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -594,14 +621,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -687,13 +712,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -701,8 +723,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -718,34 +739,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -762,27 +780,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -795,13 +803,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -834,11 +842,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1076,8 +1079,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1344,9 +1347,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

kernel-zfcpdump.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Mon Sep 13 06:48:13 CEST 2021 - jslaby@suse.cz
+
+- Linux 5.14.3 (bsc#1012628).
+- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
+  (bsc#1012628).
+- cxl/pci: Fix lockdown level (bsc#1012628).
+- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
+- PCI: Call Max Payload Size-related fixup quirks early
+  (bsc#1012628).
+- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+  (bsc#1012628).
+- staging: mt7621-pci: fix hang when nothing is connected to
+  pcie ports (bsc#1012628).
+- xhci: Fix failure to give back some cached cancelled URBs
+  (bsc#1012628).
+- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
+- xhci: fix even more unsafe memory usage in xhci tracing
+  (bsc#1012628).
+- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
+- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
+- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
+- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
+  or intr (bsc#1012628).
+- usb: cdnsp: fix the wrong mult value for HS isoc or intr
+  (bsc#1012628).
+- usb: xhci-mtk: fix issue of out-of-bounds array access
+  (bsc#1012628).
+- usb: host: xhci-rcar: Don't reload firmware after the completion
+  (bsc#1012628).
+- Bluetooth: btusb: Make the CSR clone chip force-suspend
+  workaround more generic (bsc#1012628).
+- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
+  (bsc#1012628).
+- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
+  (bsc#1012628).
+- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
+  user enables ASPM" (bsc#1012628).
+- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
+- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
+- firmware: dmi: Move product_sku info to the end of the modalias
+  (bsc#1012628).
+- commit 87c3051
+
+-------------------------------------------------------------------
+Sun Sep 12 02:26:02 CEST 2021 - jeffm@suse.com
+
+- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
+- commit 3b944fc
+
+-------------------------------------------------------------------
+Sun Sep 12 00:05:38 CEST 2021 - martin.wilck@suse.com
+
+- fixup "rpm: support gz and zst compression methods"
+  Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
+- commit 23510fc
+
+-------------------------------------------------------------------
+Fri Sep 10 22:51:08 CEST 2021 - msuchanek@suse.de
+
+- kernel-cert-subpackage: Fix certificate location in scriptlets
+  (bsc#1189841).
+  Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
+- commit 8684de8
+
+-------------------------------------------------------------------
+Fri Sep 10 12:17:08 CEST 2021 - ohering@suse.de
+
+- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
+- commit 6205661
+
 -------------------------------------------------------------------
 Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
 
@@ -6,6 +77,18 @@ Thu Sep  9 16:33:33 CEST 2021 - rgoldwyn@suse.com
   Compat patch no longer required since userspace is upgraded to v3.x
 - commit c28bbe5
 
+-------------------------------------------------------------------
+Wed Sep  8 16:22:46 CEST 2021 - jeffm@suse.com
+
+- supported-flag: consolidate separate patches into one
+  The history of the five supported flag patches can be found in the commit
+  log.  This commit unifies them and reverts the removal of get_next_line
+  from mainline to allow supported() to repeatedly scan the file in memory
+  without modifying it.  I looked into using tsearch() to handle the
+  lookups and it turns out that it's no faster than just scanning the file
+  repeatedly in memory.
+- commit d3dcd16
+
 -------------------------------------------------------------------
 Wed Sep  8 16:16:46 CEST 2021 - jeffm@suse.com
 
@@ -89,6 +172,49 @@ Mon Sep  6 19:48:11 CEST 2021 - mkoutny@suse.com
   CVE-2021-3759).
 - commit 9193235
 
+-------------------------------------------------------------------
+Mon Sep  6 13:02:53 CEST 2021 - msuchanek@suse.de
+
+- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
+  (bsc#1189841).
+  These are unchanged since 2011 when they were introduced. No need to
+  track them separately.
+- commit 692d38b
+
+-------------------------------------------------------------------
+Mon Sep  6 12:47:58 CEST 2021 - msuchanek@suse.de
+
+- rpm: Abolish image suffix (bsc#1189841).
+  This is used only with vanilla kernel which is not supported in any way.
+  The only effect is has is that the image and initrd symlinks are created
+  with this suffix.
+  These symlinks are not used except on s390 where the unsuffixed symlinks
+  are used by zipl.
+  There is no reason why a vanilla kernel could not be used with zipl as
+  well as it's quite unexpected to not be able to boot when only a vanilla
+  kernel is installed.
+  Finally we now have a backup zipl kernel so if the vanilla kernel is
+  indeed unsuitable the backup kernel can be used.
+- commit e2f37db
+
+-------------------------------------------------------------------
+Mon Sep  6 12:03:57 CEST 2021 - msuchanek@suse.de
+
+- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
+- commit e602b0f
+
+-------------------------------------------------------------------
+Mon Sep  6 11:08:08 CEST 2021 - msuchanek@suse.de
+
+- rpm: Define $certs as rpm macro (bsc#1189841).
+  Also pass around only the shortened hash rather than full filename.
+  As has been discussed in bsc#1124431 comment 51
+  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
+  the certificates is an API which cannot be changed unless we can ensure
+  that no two kernels that use different certificate location can be built
+  with the same certificate.
+- commit d9a1357
+
 -------------------------------------------------------------------
 Sat Sep  4 10:22:09 CEST 2021 - jslaby@suse.cz
 

kernel-zfcpdump.spec

@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.14
-%define patchversion 5.14.2
+%define patchversion 5.14.3
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules xz
@@ -49,6 +49,39 @@
 %global cpu_arch %(%_sourcedir/arch-symbols %_target_cpu)
 %define cpu_arch_flavor %cpu_arch/%build_flavor
 
+%global certs %( for f in %_sourcedir/*.crt; do                                                         \
+    if ! test -e "$f"; then                                                                             \
+        continue                                                                                        \
+    fi                                                                                                  \
+    h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")                                          \
+    if [ -z "$h" ] ; then                                                                               \
+        echo Cannot parse "$f" >&2                                                                      \
+        confinue                                                                                        \
+    fi                                                                                                  \
+    cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')                   \
+    echo Found signing certificate "$f" "($cert)" >&2                                                   \
+    cat "$f" >>%_sourcedir/.kernel_signing_key.pem                                                      \
+    mkdir -p %_sourcedir/.kernel_signing_certs                                                          \
+    openssl x509 -inform PEM -in "$f" -outform DER -out %_sourcedir/.kernel_signing_certs/"$cert".crt   \
+    echo -n "$cert" ""                                                                                  \
+done )
+
+%ifarch %ix86 x86_64
+%define image vmlinuz
+%endif
+%ifarch ppc ppc64 ppc64le
+%define image vmlinux
+%endif
+%ifarch s390 s390x
+%define image image
+%endif
+%ifarch %arm
+%define image zImage
+%endif
+%ifarch aarch64 riscv64
+%define image Image
+%endif
+
 # Define some CONFIG variables as rpm macros as well. (rpm cannot handle
 # defining them all at once.)
 %define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB CONFIG_LIVEPATCH_IPA_CLONES CONFIG_DEBUG_INFO_BTF_MODULES
@@ -86,9 +119,9 @@ Name:           kernel-zfcpdump
 Summary:        The IBM System Z zfcpdump Kernel
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.14.2
+Version:        5.14.3
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g314dce0
+Release:        <RELEASE>.g87c3051
 %else
 Release:        0
 %endif
@@ -210,16 +243,13 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-314dce0059447f7063b87fb9e87c4744e389054d
-Provides:       kernel-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       kernel-%build_flavor-base-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
+Provides:       kernel-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 # END COMMON DEPS
-Provides:       %name-srchash-314dce0059447f7063b87fb9e87c4744e389054d
+Provides:       %name-srchash-87c3051acb6309197d85dc973f8eab6b4768faf0
 %obsolete_rebuilds %name
 Source0:        http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
-Source2:        source-post.sh
 Source3:        kernel-source.rpmlintrc
-Source8:        devel-pre.sh
-Source9:        devel-post.sh
 Source10:       preun.sh
 Source11:       postun.sh
 Source12:       pre.sh
@@ -304,10 +334,7 @@ BuildArch:      i686
 
 # These files are found in the kernel-source package:
 NoSource:       0
-NoSource:       2
 NoSource:       3
-NoSource:       8
-NoSource:       9
 NoSource:       10
 NoSource:       11
 NoSource:       12
@@ -597,14 +624,12 @@ fi
 # copy module signing certificate(s). We use the default path and trick
 # certs/Makefile to not regenerate the certificate. It is done this way so
 # that the kernel-source package can be rebuilt even without the certificate
-mkdir -p certs
-for f in %_sourcedir/*.crt; do
-    if ! test -e "$f"; then
-        continue
-    fi
+echo Signing certificates "%certs"
+if [ -f %_sourcedir/.kernel_signing_key.pem ] ; then
+    mkdir -p certs
     touch certs/x509.genkey
-    cat "$f" >>certs/signing_key.pem
-done
+    cp "%_sourcedir/.kernel_signing_key.pem" certs/signing_key.pem
+fi
 
 %if "%CONFIG_KMSG_IDS" == "y"
     chmod +x ../scripts/kmsg-doc
@@ -690,13 +715,10 @@ add_vmlinux()
 # architecture specifics
 %ifarch %ix86 x86_64
     add_vmlinux --compressed
-    image=bzImage
-    cp -p arch/x86/boot/$image %buildroot/boot/vmlinuz-%kernelrelease-%build_flavor
-    image=vmlinuz
+    cp -p arch/x86/boot/bzImage %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch ppc ppc64 ppc64le
     add_vmlinux
-    image=vmlinux
 %endif
 %ifarch s390 s390x
     add_vmlinux --compressed
@@ -704,8 +726,7 @@ add_vmlinux()
     if test ! -f arch/s390/boot/$image; then
         image=bzImage
     fi
-    cp -p arch/s390/boot/$image %buildroot/boot/image-%kernelrelease-%build_flavor
-    image=image
+    cp -p arch/s390/boot/$image %buildroot/boot/%image-%kernelrelease-%build_flavor
     if test -e arch/s390/boot/kerntypes.o; then
         cp -p arch/s390/boot/kerntypes.o %buildroot/boot/Kerntypes-%kernelrelease-%build_flavor
     elif test -x "$(which dwarfextract 2>/dev/null)"; then
@@ -721,34 +742,31 @@ add_vmlinux()
 %endif
 %ifarch %arm
     add_vmlinux --compressed
-    image=zImage
-    cp -p arch/arm/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch aarch64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/arm64/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/arm64/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 %ifarch riscv64
     add_vmlinux --compressed
-    image=Image
-    cp -p arch/riscv/boot/$image %buildroot/boot/$image-%kernelrelease-%build_flavor
+    cp -p arch/riscv/boot/%image %buildroot/boot/%image-%kernelrelease-%build_flavor
 %endif
 
 # sign the modules, firmware and possibly the kernel in the buildservice
 BRP_PESIGN_FILES=""
 %if "%CONFIG_EFI_STUB" == "y"
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %ifarch s390x ppc64 ppc64le
 %if 0%{?usrmerged}
-BRP_PESIGN_FILES="%modules_dir/$image"
+BRP_PESIGN_FILES="%modules_dir/%image"
 %else
-BRP_PESIGN_FILES="/boot/$image-%kernelrelease-%build_flavor"
+BRP_PESIGN_FILES="/boot/%image-%kernelrelease-%build_flavor"
 %endif
 %endif
 %if "%CONFIG_MODULE_SIG" == "y"
@@ -765,27 +783,17 @@ export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules}
 %endif
 
 if test -x /usr/lib/rpm/pesign/gen-hmac; then
-	$_ -r %buildroot /boot/$image-%kernelrelease-%build_flavor
+	$_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor
 fi
 
 # Package the compiled-in certificates as DER files in /etc/uefi/certs
 # and have mokutil enroll them when the kernel is installed
-certs=()
+echo Signing certificates "%certs"
+certs=(%certs)
 if test %CONFIG_MODULE_SIG = "y"; then
-    for f in %_sourcedir/*.crt; do
-            if ! test -s "$f"; then
-                    continue
-            fi
-            h=$(openssl x509 -inform PEM -fingerprint -noout -in "$f")
-            test -n "$h"
-            cert=/etc/uefi/certs/$(echo "$h" | \
-                sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
-            if test -e %buildroot/"$cert"; then
-                    continue
-            fi
+    for f in %_sourcedir/.kernel_signing_certs/*.crt; do
             mkdir -p %buildroot/etc/uefi/certs
-            openssl x509 -inform PEM -in "$f" -outform DER -out %buildroot/"$cert"
-            certs=("${certs[@]}" "$cert")
+            cp -v $f %buildroot/etc/uefi/certs
     done
 fi
 
@@ -798,13 +806,13 @@ for sub in '' '-extra' \
     '') base_package=1 ;;
     *) base_package=0 ;;
     esac
-    for script in preun postun pre post devel-pre devel-post; do
+    for script in preun postun pre post; do
         if test %build_flavor = "zfcpdump"; then
             : >%my_builddir/$script$sub.sh
             continue
         fi
         sed -e "s:@KERNELRELEASE@:%kernelrelease:g" \
-            -e "s:@IMAGE@:$image:g" \
+            -e "s:@IMAGE@:%image:g" \
             -e "s:@FLAVOR""@:%build_flavor:g" \
             -e "s:@SUBPACKAGE@:%name$sub:g" \
             -e "s:@BASE_PACKAGE@:$base_package:g" \
@@ -837,11 +845,6 @@ for sub in '' '-extra' \
     done
 done
 
-%if %build_vanilla
-# keep this -suffix list in sync with post.sh and postun.sh
-suffix=-%build_flavor
-%endif
-
 cp -p .config %buildroot/boot/config-%kernelrelease-%build_flavor
 sysctl_file=%buildroot/boot/sysctl.conf-%kernelrelease-%build_flavor
 for file in %my_builddir/sysctl/{defaults,%cpu_arch/arch-defaults,%cpu_arch_flavor}; do
@@ -1079,8 +1082,8 @@ shopt -s nullglob dotglob
 sed -e 's/^[.]//' | grep -v -e '[.]ipa-clones$' -e '/Symbols[.]list$' -e '/ipa-clones[.]list$'| \
 add_dirs_to_filelist >> %my_builddir/kernel-devel.files
 
-{   echo %ghost /boot/$image$suffix
-    echo %ghost /boot/initrd$suffix
+{   echo %ghost /boot/%image
+    echo %ghost /boot/initrd
     cd %buildroot
     for f in boot/*; do
         l="${f##*/}"
@@ -1353,9 +1356,17 @@ kernel module packages) against the %build_flavor flavor of the kernel.
 
 %if "%CONFIG_MODULES" == "y"
 
-%pre devel -f devel-pre.sh
+%pre devel
 
-%post devel -f devel-post.sh
+# handle update from an older kernel-source with linux-obj as symlink
+if [ -h /usr/src/linux-obj ]; then
+    rm -vf /usr/src/linux-obj
+fi
+
+%post devel
+%relink_function
+
+relink ../../linux-%{kernelrelease}%{variant}-obj/"%cpu_arch_flavor" /usr/src/linux-obj/"%cpu_arch_flavor"
 
 %files devel -f kernel-devel.files
 %defattr(-,root,root)

macros.kernel-source

@@ -72,13 +72,13 @@ esac)
 	echo "%description -n %{-n*}%{!-n:%name}-kmp-_dummy_" \
 	%{-c:
 		for fmt in DER PEM; do h=$(openssl x509 -inform $fmt -fingerprint -noout -in %{-c*}); if test -n "$h"; then break; fi; done \
-		cert=/etc/uefi/certs/$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p').crt
+		cert=$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p')
 		: The -n expanstion in kernel-cert-subpackage only works if
 		: -n is actually passed to the macro. Fix this here, so that
 		: we do not have to modify the modsign-repackage script
 		sed "s|@CERTS@|$cert|g; s|%%{-n.}|%{-n*}%{!-n:%name}|g" /usr/lib/rpm/kernel-cert-subpackage \
 		echo "%%global __spec_install_pre %%__spec_install_pre \\\\\
-  mkdir -p %%buildroot/etc/uefi/certs; openssl x509 -in %{-c*} -inform $fmt -out %%buildroot/$cert -outform DER" } \
+  mkdir -p %%buildroot/etc/uefi/certs; openssl x509 -in %{-c*} -inform $fmt -out %%buildroot/etc/uefi/certs/${cert}.crt -outform DER" } \
 	)}
 
 # kernel_module_package: simply pass on all options and arguments.

patches.kernel.org.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a8fc784c72ec6ee87a43a9f963d4d8cd7af884f3c4b65dafe00b0b975dd5af89
-size 20918
+oid sha256:fe1bb55b1196dadcc75a9643c584b1b4ab8f3fc9eadbd59537942fbb6063d49e
+size 39420

patches.suse.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:7c703a3d435b46db9dab7f70faecf6fab7ab39ddda1ccc5c8dde68a2a564dbfc
-size 61459
+oid sha256:0acea3f5304c36fe16dac05b576b8d721422f091dde127d3793bb54efb68fc7b
+size 61157

post.sh

@@ -2,13 +2,9 @@
 # ... but avoid the first installion (bsc#1180058)
 test $1 -gt 1 && touch /boot/do_purge_kernels
 
-suffix=
-if test "@FLAVOR@" = "vanilla"; then
-    suffix=-@FLAVOR@
-fi
 for x in /boot/@IMAGE@ /boot/initrd; do
-    rm -f $x$suffix
-    ln -s ${x##*/}-@KERNELRELEASE@-@FLAVOR@ $x$suffix
+    rm -f $x
+    ln -s ${x##*/}-@KERNELRELEASE@-@FLAVOR@ $x
 done
 @USRMERGE@# compat stuff for /boot.
 @USRMERGE@# if /boot and /usr are not speparate partitions we can just link

series.conf

@@ -54,6 +54,30 @@
 	patches.kernel.org/5.14.2-013-ALSA-usb-audio-Work-around-for-XRUN-with-low-l.patch
 	patches.kernel.org/5.14.2-014-media-stkwebcam-fix-memory-leak-in-stk_camera_.patch
 	patches.kernel.org/5.14.2-015-Linux-5.14.2.patch
+	patches.kernel.org/5.14.3-001-firmware-dmi-Move-product_sku-info-to-the-end-.patch
+	patches.kernel.org/5.14.3-002-can-c_can-fix-null-ptr-deref-on-ioctl.patch
+	patches.kernel.org/5.14.3-003-igmp-Add-ip_mc_list-lock-in-ip_check_mc_rcu.patch
+	patches.kernel.org/5.14.3-004-Revert-r8169-avoid-link-up-interrupt-issue-on-.patch
+	patches.kernel.org/5.14.3-005-ALSA-usb-audio-Add-registration-quirk-for-JBL-.patch
+	patches.kernel.org/5.14.3-006-Bluetooth-Add-additional-Bluetooth-part-for-Re.patch
+	patches.kernel.org/5.14.3-007-Bluetooth-btusb-Make-the-CSR-clone-chip-force-.patch
+	patches.kernel.org/5.14.3-008-usb-host-xhci-rcar-Don-t-reload-firmware-after.patch
+	patches.kernel.org/5.14.3-009-usb-xhci-mtk-fix-issue-of-out-of-bounds-array-.patch
+	patches.kernel.org/5.14.3-010-usb-cdnsp-fix-the-wrong-mult-value-for-HS-isoc.patch
+	patches.kernel.org/5.14.3-011-usb-gadget-tegra-xudc-fix-the-wrong-mult-value.patch
+	patches.kernel.org/5.14.3-012-usb-mtu3-restore-HS-function-when-set-SS-SSP.patch
+	patches.kernel.org/5.14.3-013-usb-mtu3-use-mult-for-HS-isoc-or-intr.patch
+	patches.kernel.org/5.14.3-014-usb-mtu3-fix-the-wrong-HS-mult-value.patch
+	patches.kernel.org/5.14.3-015-xhci-fix-even-more-unsafe-memory-usage-in-xhci.patch
+	patches.kernel.org/5.14.3-016-xhci-fix-unsafe-memory-usage-in-xhci-tracing.patch
+	patches.kernel.org/5.14.3-017-xhci-Fix-failure-to-give-back-some-cached-canc.patch
+	patches.kernel.org/5.14.3-018-staging-mt7621-pci-fix-hang-when-nothing-is-co.patch
+	patches.kernel.org/5.14.3-019-x86-reboot-Limit-Dell-Optiplex-990-quirk-to-ea.patch
+	patches.kernel.org/5.14.3-020-PCI-Call-Max-Payload-Size-related-fixup-quirks.patch
+	patches.kernel.org/5.14.3-021-cxl-pci-Fix-debug-message-in-cxl_probe_regs.patch
+	patches.kernel.org/5.14.3-022-cxl-pci-Fix-lockdown-level.patch
+	patches.kernel.org/5.14.3-023-cxl-acpi-Do-not-add-DSDT-disabled-ACPI0016-hos.patch
+	patches.kernel.org/5.14.3-024-Linux-5.14.3.patch
 
 	########################################################
 	# Build fixes that apply to the vanilla kernel too.
@@ -94,11 +118,8 @@
 
 	# SUSE specific build tweaks
 	patches.suse/rpm-kernel-config
-	patches.suse/supported-flag
-	patches.suse/supported-flag-underscores
-	patches.suse/supported-flag-wildcards
-	patches.suse/supported-flag-external
-	patches.suse/supported-flag-modverdir
+	patches.suse/revert-modpost-remove-get_next_text-and-make-grab-release_-file-s.patch
+	patches.suse/add-suse-supported-flag.patch
 	patches.suse/genksyms-add-override-flag.diff
 	patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
 	patches.suse/kernel-add-release-status-to-kernel-build.patch

source-timestamp

@@ -1,3 +1,3 @@
-2021-09-10 10:18:59 +0000
-GIT Revision: 314dce0059447f7063b87fb9e87c4744e389054d
+2021-09-13 04:48:19 +0000
+GIT Revision: 87c3051acb6309197d85dc973f8eab6b4768faf0
 GIT Branch: stable

split-modules

@@ -178,9 +178,9 @@ if $opt_extra && test -f "$opt_builddir/Module.optional"; then
     done < "$opt_builddir/Module.optional"
 
     while read xpath; do
-	case $path in
+	case $xpath in
 	    *.ko.xz|*.ko.gz|*.ko.zst)
-		path=${path%.*};;
+		path=${xpath%.*};;
 	esac
 	path=${path%.ko}
 	mod=${path##*/}