------------------------------------------------------------------- Thu Aug 3 10:49:24 CEST 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 28fb631 ------------------------------------------------------------------- Tue Aug 1 19:27:25 CEST 2017 - nstange@suse.de - Fix for CVE-2017-7533 (Local privilege escalation issue through dentry name / fsnotify race) Live patch for CVE-2017-7533. Upstream commit 49d31c2f389a ("dentry snapshots"). Fixes: CVE-2017-7533 References: bsc#1050751 CVE-2017-7533 - commit 9d07ce5 ------------------------------------------------------------------- Mon Jul 3 13:14:14 CEST 2017 - mbenes@suse.cz - Fix obvious mistake wrt. rpm version and release number - commit 4e2e066 ------------------------------------------------------------------- Fri Jun 30 12:53:34 CEST 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 268a6ba ------------------------------------------------------------------- Thu Jun 29 15:22:42 CEST 2017 - nstange@suse.de - Fix for CVE-2017-7645 ("The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attac...") Live patch for CVE-2017-7645. Upstream commit e6838a29ecb4 ("nfsd: check for oversized NFSv2/v3 arguments"). Fixes: CVE-2017-7645 References: bsc#1046191 CVE-2017-7645 - commit 56d1355 ------------------------------------------------------------------- Thu Jun 22 16:25:43 CEST 2017 - mbenes@suse.cz - bsc#1039496: follow-up fix to remove a regression Original commit "mm: enlarge stack guard gap" introduced a regression. Use the fix from SLE11-SP4 kernels. SLE12 kernels went upstream way. - commit 9f25d7b ------------------------------------------------------------------- Thu Jun 22 14:49:04 CEST 2017 - nstange@suse.de - Fix for CVE-2017-2636 ("tty: n_hdlc: get rid of racy n_hdlc.tbuf") Live patch for CVE-2017-2636. Upstream commit 82f2341c94d2 ("tty: n_hdlc: get rid of racy n_hdlc.tbuf"). [ mb: based on a slightly different patch by Nicolai. No data structure changes involved. ] Fixes: CVE-2017-2636 References: bsc#1027575 CVE-2017-2636 - commit 82063c8 ------------------------------------------------------------------- Thu Jun 22 14:20:30 CEST 2017 - mbenes@suse.cz - Fix for CVE-2017-1000364 (stack gap guard page too small) Live patch for CVE-2017-1000364. SLE12 commit d14041c8b67b14a658572849b0ec7a9cb9c0acd3. Fixes: CVE-2017-1000364 References: bsc#1039496 CVE-2017-1000364 - commit e61b850 ------------------------------------------------------------------- Thu Jun 15 17:54:18 CEST 2017 - nstange@suse.de - Fix for CVE-2017-9242 ("Incorrect overwrite check in __ip6_append_data()") Live patch for CVE-2017-9242. Upstream commit 232cd35d0804 ("ipv6: fix out of bound writes in __ip6_append_data()"). Fixes: CVE-2017-9242 References: bsc#1042892 CVE-2017-9242 - commit fdc6b12 ------------------------------------------------------------------- Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: register subpatch sources in rpm spec In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. - commit 9eafc8a ------------------------------------------------------------------- Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@ register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH__FUNCS together, separating them by commas. The KGR_PATCH__FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH__FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") - commit ba41416 ------------------------------------------------------------------- Mon Jun 12 17:09:37 CEST 2017 - nstange@suse.de - bsc#1031660: prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1031660.h must define KGR_PATCH_BSC1031660_FUNCS. Define KGR_PATCH_BSC1031660_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit edecbb8 ------------------------------------------------------------------- Mon Jun 12 15:26:55 CEST 2017 - nstange@suse.de - bsc#1030575: prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1030575.h must define KGR_PATCH_BSC1030575_FUNCS. Define KGR_PATCH_BSC1030575_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit fd76914 ------------------------------------------------------------------- Mon Jun 12 15:23:59 CEST 2017 - nstange@suse.de - bsc#1025013: prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1025013.h must declare kgr_patch_bsc1025013_cleanup() and define KGR_PATCH_BSC1025013_FUNCS. Add an empty kgr_patch_bsc1025013_cleanup() implementation. Define KGR_PATCH_BSC1025013_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit 309ae17 ------------------------------------------------------------------- Mon Jun 12 15:19:48 CEST 2017 - nstange@suse.de - bsc#1017589: prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1017589.h must declare kgr_patch_bsc1017589_cleanup() and define KGR_PATCH_BSC1017589_FUNCS. Add an empty kgr_patch_bsc1017589_cleanup() implementation. Define KGR_PATCH_BSC1017589_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit 7657aea ------------------------------------------------------------------- Mon Jun 12 15:14:35 CEST 2017 - nstange@suse.de - bsc#1014271: prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1014271.h must declare kgr_patch_bsc1014271_cleanup() and define KGR_PATCH_BSC1014271_FUNCS. Add an empty kgr_patch_bsc1014271_cleanup() implementation. Define KGR_PATCH_BSC1014271_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit 0b51cc0 ------------------------------------------------------------------- Mon Jun 12 15:09:21 CEST 2017 - nstange@suse.de - bsc#1013543: prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1013543.h must define KGR_PATCH_BSC1013543_FUNCS. Define KGR_PATCH_BSC1013543_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit 4702972 ------------------------------------------------------------------- Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de - scripts: create kgr_patch_main.c dynamically The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. [mbenes: fixed typos, empty line removed] - commit 4e8dc88 ------------------------------------------------------------------- Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz - Replace $(PWD) with $(CURDIR) in Makefile CURDIR is an internal variable of make and more suitable. - commit 03bf1d5 ------------------------------------------------------------------- Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz - Create Makefile automatically Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. - commit 1af6c29 ------------------------------------------------------------------- Mon Apr 10 16:45:31 CEST 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 150e1b7 ------------------------------------------------------------------- Mon Apr 10 11:47:36 CEST 2017 - mbenes@suse.cz - bsc#1030575: Update to upstream version - commit 99544fe ------------------------------------------------------------------- Fri Apr 7 10:20:14 CEST 2017 - mbenes@suse.cz - Fix for CVE-2017-7308 (packet_set_ring function in net/packet/af_packet.c vulnerable) Live patch for CVE-2017-7308. Upstream commits 2b6867c2ce76 ("net/packet: fix overflow in check for priv area size"), 8f8d28e4d6d8 ("net/packet: fix overflow in check for tp_frame_nr") and bcc5364bdcfe ("net/packet: fix overflow in check for tp_reserve"). Fixes: CVE-2017-7308 References: bsc#1031660 CVE-2017-7308 - commit afb0827 ------------------------------------------------------------------- Fri Mar 31 13:51:36 CEST 2017 - mbenes@suse.cz - bsc#1030575: Add references - commit dcfb9c8 ------------------------------------------------------------------- Fri Mar 24 14:29:02 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 43d1146 ------------------------------------------------------------------- Fri Mar 24 12:39:20 CET 2017 - mbenes@suse.cz - Fix for CVE-2017-7184 (xfrm kernel heap out-of-bounds access) Live patch for CVE-2017-7184. Fixes: CVE-2017-7184 References: bsc#1030575 CVE-2017-7184 - commit 223a98c ------------------------------------------------------------------- Wed Mar 8 09:39:07 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 39f371b ------------------------------------------------------------------- Tue Feb 14 11:12:42 CET 2017 - mbenes@suse.cz - Fix for CVE-2017-5970 (ipv4: keep skb->dst around in presence of IP options) Live patch for CVE-2017-5970. Upstream commit 34b2cef20f19 ("ipv4: keep skb->dst around in presence of IP options"). Fixes: CVE-2017-5970 References: bsc#1025013 CVE-2017-5970 - commit bdfc97a ------------------------------------------------------------------- Fri Dec 30 15:28:38 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9806 (double free in netlink_dump) Live patch for CVE-2016-9806. Upstream commit 92964c79b357 ("netlink: Fix dump skb leak/double free"). Fixes: CVE-2016-9806 References: bsc#1017589 CVE-2016-9806 - commit 7d09b50 ------------------------------------------------------------------- Fri Dec 30 12:51:07 CET 2016 - mbenes@suse.cz - Bump up the version number in spec file - commit 16148b0 ------------------------------------------------------------------- Thu Dec 22 17:15:25 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9794 (ALSA: use-after-free in,kill_fasync) Live patch for CVE-2016-9794. Upstream commit 3aa02cb664c5 ("ALSA: pcm : Call kill_fasync() in stream lock"). Fixes: CVE-2016-9794 References: bsc#1013543 CVE-2016-9794 - commit fbd84a7 ------------------------------------------------------------------- Tue Dec 13 14:47:06 CET 2016 - mbenes@suse.cz - Fix for CVE-2016-9576 (Use-after-free in SCSI Generic driver) Live patch for CVE-2016-9576. Based on SLE12(-SP1) commit b3017e878b1b ("splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (CVE-2016-9576, bsc#1013604)."). Fixes: CVE-2016-9576 References: bsc#1014271 CVE-2016-9576 - commit debf04f ------------------------------------------------------------------- Mon Dec 5 08:29:42 CET 2016 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit 39f8a94 ------------------------------------------------------------------- Fri Dec 2 08:26:13 CET 2016 - mbenes@suse.cz - New branch for SLE12_Update_17 - commit caa389f ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb