------------------------------------------------------------------- Mon Apr 10 16:45:01 CEST 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit c6f7b1e ------------------------------------------------------------------- Mon Apr 10 13:14:50 CEST 2017 - mbenes@suse.cz - bsc#1030467: Add references - commit 4ea714f ------------------------------------------------------------------- Mon Apr 10 11:47:36 CEST 2017 - mbenes@suse.cz - bsc#1030575: Update to upstream version - commit 99544fe ------------------------------------------------------------------- Thu Apr 6 10:23:41 CEST 2017 - mbenes@suse.cz - bsc#1031660: Add upstream references - commit 75fec40 ------------------------------------------------------------------- Wed Apr 5 17:49:53 CEST 2017 - mbenes@suse.cz - Fix for CVE-2017-7308 (packet_set_ring function in net/packet/af_packet.c vulnerable) Live patch for CVE-2017-7308. Fixes: CVE-2017-7308 References: bsc#1031660 CVE-2017-7308 - commit 743ad14 ------------------------------------------------------------------- Fri Mar 31 13:51:36 CEST 2017 - mbenes@suse.cz - bsc#1030575: Add references - commit dcfb9c8 ------------------------------------------------------------------- Tue Mar 28 16:04:05 CEST 2017 - mbenes@suse.cz - Fix for bsc#1030467 (Dirty COW fix causes some apps to freeze) Live patch for bsc#1030467. Upstream commit 8310d48b125d ("mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp"). Fixes: bsc#1030467 References: bsc#1030467 - commit c5a8909 ------------------------------------------------------------------- Fri Mar 24 14:28:29 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 612e3aa ------------------------------------------------------------------- Fri Mar 24 12:39:20 CET 2017 - mbenes@suse.cz - Fix for CVE-2017-7184 (xfrm kernel heap out-of-bounds access) Live patch for CVE-2017-7184. Fixes: CVE-2017-7184 References: bsc#1030575 CVE-2017-7184 - commit 223a98c ------------------------------------------------------------------- Wed Mar 8 09:36:18 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 5978d58 ------------------------------------------------------------------- Tue Feb 14 11:12:42 CET 2017 - mbenes@suse.cz - Fix for CVE-2017-5970 (ipv4: keep skb->dst around in presence of IP options) Live patch for CVE-2017-5970. Upstream commit 34b2cef20f19 ("ipv4: keep skb->dst around in presence of IP options"). Fixes: CVE-2017-5970 References: bsc#1025013 CVE-2017-5970 - commit bdfc97a ------------------------------------------------------------------- Thu Feb 2 11:14:43 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 83bad18 ------------------------------------------------------------------- Wed Feb 1 15:36:36 CET 2017 - mbenes@suse.cz - bsc#1004419: fix the loading problem on XEN kGraft patches for bsc#1004419 are broken for XEN arch. The modules cannot be loaded and kGraft reports "symbol follow_trans_huge_pmd() not resolved". The mentioned function comes from mm/huge_memory.c which is built only when CONFIG_TRANSPARENT_HUGEPAGES is set. This is not the case of XEN. The problem is that there is only one definition of the function. The only callsite is in follow_page_mask() which is built for XEN. The whole kernel builds successfully because GCC compiler is satisfied with a declaration of the function in include/linux/huge_mm.h. Then dead code elimination is applied and the only callsite is removed for XEN. Linked of course finds no problem afterwards. Move kallsyms lookup for follow_trans_huge_pmd() to !xen section and rely on a dead code elimination too. References: bsc#1023031 - commit 9ce989f ------------------------------------------------------------------- Fri Dec 30 15:28:38 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9806 (double free in netlink_dump) Live patch for CVE-2016-9806. Upstream commit 92964c79b357 ("netlink: Fix dump skb leak/double free"). Fixes: CVE-2016-9806 References: bsc#1017589 CVE-2016-9806 - commit 7d09b50 ------------------------------------------------------------------- Fri Dec 30 12:50:24 CET 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit 041ae2b ------------------------------------------------------------------- Thu Dec 22 17:15:25 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9794 (ALSA: use-after-free in,kill_fasync) Live patch for CVE-2016-9794. Upstream commit 3aa02cb664c5 ("ALSA: pcm : Call kill_fasync() in stream lock"). Fixes: CVE-2016-9794 References: bsc#1013543 CVE-2016-9794 - commit fbd84a7 ------------------------------------------------------------------- Tue Dec 20 14:51:09 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-8632 (tipc: tipc_msg_build() doesn't validate MTU) Live patch for CVE-2016-8632. Upstream commit 3de81b758853 ("tipc: check minimum bearer MTU"). Fixes: CVE-2016-8632 References: bsc#1012852 CVE-2016-8632 - commit e4c637f ------------------------------------------------------------------- Tue Dec 13 14:47:06 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9576 (Use-after-free in SCSI Generic driver) Live patch for CVE-2016-9576. Based on SLE12(-SP1) commit b3017e878b1b ("splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (CVE-2016-9576, bsc#1013604)."). Fixes: CVE-2016-9576 References: bsc#1014271 CVE-2016-9576 - commit debf04f ------------------------------------------------------------------- Tue Dec 6 13:11:38 CET 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit 1a0ae81 ------------------------------------------------------------------- Mon Dec 5 11:27:12 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-8655 (Local root privilege packet_set_ring/timer_list) Live patch for CVE-2016-8655. Upstream commit 84ac7260236a ("packet: fix race condition in packet_set_ring"). Fixes: CVE-2016-8655 References: bsc#1012759 CVE-2016-8655 - commit 1880217 ------------------------------------------------------------------- Mon Nov 28 15:40:04 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9555 (net/sctp: slab-out-of-bounds in sctp_sf_ootb) Live patch for CVE-2016-9555. Upstream commit bf911e985d6b ("sctp: validate chunk len before actually using it"). Fixes: CVE-2016-9555 References: bsc#1012183 CVE-2016-9555 - commit 74dfd73 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Fri Oct 21 13:23:56 CEST 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit 6a5988f ------------------------------------------------------------------- Thu Oct 20 11:23:09 CEST 2016 - mbenes@suse.cz - Fix for CVE-2016-5195 (mm: local privilege escalation using MAP_PRIVATE) Live patch for CVE-2016-5195. Upstream commit 19be0eaffa3a ("mm: remove gup_flags FOLL_WRITE games from __get_user_pages()"). Fixes: CVE-2016-5195 References: bsc#1004419 CVE-2016-5195 - commit ed4e33f ------------------------------------------------------------------- Wed Jul 13 10:21:52 CEST 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit f2ab9fb ------------------------------------------------------------------- Fri Jul 1 17:38:14 CEST 2016 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit 68a5fb6 ------------------------------------------------------------------- Thu Jun 30 16:37:47 CEST 2016 - mbenes@suse.cz - Fix for CVE-2016-4470 (Uninitialized variable in request_key handling) Live patch for CVE-2016-4470. Upstream commit 38327424b40b ("KEYS: potential uninitialized variable"). Fixes: CVE-2016-4470 References: bsc#984764 CVE-2016-4470 - commit 3d2806b ------------------------------------------------------------------- Sat Jun 25 11:34:27 CEST 2016 - mmarek@suse.cz - New branch for SLE12_Update_15 - commit c4772f0 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb