------------------------------------------------------------------- Mon Apr 10 16:45:14 CEST 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 0d90f83 ------------------------------------------------------------------- Mon Apr 10 11:47:36 CEST 2017 - mbenes@suse.cz - bsc#1030575: Update to upstream version - commit 99544fe ------------------------------------------------------------------- Thu Apr 6 10:23:41 CEST 2017 - mbenes@suse.cz - bsc#1031660: Add upstream references - commit 75fec40 ------------------------------------------------------------------- Wed Apr 5 17:49:53 CEST 2017 - mbenes@suse.cz - Fix for CVE-2017-7308 (packet_set_ring function in net/packet/af_packet.c vulnerable) Live patch for CVE-2017-7308. Fixes: CVE-2017-7308 References: bsc#1031660 CVE-2017-7308 - commit 743ad14 ------------------------------------------------------------------- Fri Mar 31 13:51:36 CEST 2017 - mbenes@suse.cz - bsc#1030575: Add references - commit dcfb9c8 ------------------------------------------------------------------- Fri Mar 24 14:28:53 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit f7ee3aa ------------------------------------------------------------------- Fri Mar 24 12:39:20 CET 2017 - mbenes@suse.cz - Fix for CVE-2017-7184 (xfrm kernel heap out-of-bounds access) Live patch for CVE-2017-7184. Fixes: CVE-2017-7184 References: bsc#1030575 CVE-2017-7184 - commit 223a98c ------------------------------------------------------------------- Wed Mar 8 09:38:52 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 93a96ee ------------------------------------------------------------------- Tue Feb 14 11:12:42 CET 2017 - mbenes@suse.cz - Fix for CVE-2017-5970 (ipv4: keep skb->dst around in presence of IP options) Live patch for CVE-2017-5970. Upstream commit 34b2cef20f19 ("ipv4: keep skb->dst around in presence of IP options"). Fixes: CVE-2017-5970 References: bsc#1025013 CVE-2017-5970 - commit bdfc97a ------------------------------------------------------------------- Fri Dec 30 15:28:38 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9806 (double free in netlink_dump) Live patch for CVE-2016-9806. Upstream commit 92964c79b357 ("netlink: Fix dump skb leak/double free"). Fixes: CVE-2016-9806 References: bsc#1017589 CVE-2016-9806 - commit 7d09b50 ------------------------------------------------------------------- Fri Dec 30 12:50:41 CET 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit 4d88565 ------------------------------------------------------------------- Thu Dec 22 17:15:25 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9794 (ALSA: use-after-free in,kill_fasync) Live patch for CVE-2016-9794. Upstream commit 3aa02cb664c5 ("ALSA: pcm : Call kill_fasync() in stream lock"). Fixes: CVE-2016-9794 References: bsc#1013543 CVE-2016-9794 - commit fbd84a7 ------------------------------------------------------------------- Tue Dec 20 14:51:09 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-8632 (tipc: tipc_msg_build() doesn't validate MTU) Live patch for CVE-2016-8632. Upstream commit 3de81b758853 ("tipc: check minimum bearer MTU"). Fixes: CVE-2016-8632 References: bsc#1012852 CVE-2016-8632 - commit e4c637f ------------------------------------------------------------------- Tue Dec 13 14:47:06 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9576 (Use-after-free in SCSI Generic driver) Live patch for CVE-2016-9576. Based on SLE12(-SP1) commit b3017e878b1b ("splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (CVE-2016-9576, bsc#1013604)."). Fixes: CVE-2016-9576 References: bsc#1014271 CVE-2016-9576 - commit debf04f ------------------------------------------------------------------- Tue Dec 6 13:14:17 CET 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit 250c55c ------------------------------------------------------------------- Mon Dec 5 11:27:12 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-8655 (Local root privilege packet_set_ring/timer_list) Live patch for CVE-2016-8655. Upstream commit 84ac7260236a ("packet: fix race condition in packet_set_ring"). Fixes: CVE-2016-8655 References: bsc#1012759 CVE-2016-8655 - commit 1880217 ------------------------------------------------------------------- Mon Nov 28 15:40:04 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9555 (net/sctp: slab-out-of-bounds in sctp_sf_ootb) Live patch for CVE-2016-9555. Upstream commit bf911e985d6b ("sctp: validate chunk len before actually using it"). Fixes: CVE-2016-9555 References: bsc#1012183 CVE-2016-9555 - commit 74dfd73 ------------------------------------------------------------------- Tue Oct 25 12:51:17 CEST 2016 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit f21fd47 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Wed Oct 19 14:24:21 CEST 2016 - mbenes@suse.cz - New branch for SLE12_Update_16 - commit 5380322 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb