From b4ad1bea8d1c9582ea8e4108e88b22dd5cddf139 Mon Sep 17 00:00:00 2001 From: jirislaby <> Date: Mar 02 2023 23:28:30 +0000 Subject: Update kernel-source to version 6.2.1 / rev 680 via SR 1068171 https://build.opensuse.org/request/show/1068171 by user jirislaby + dimstar_suse 6.2.1 & lockdown patches & gfx drivers cleanup --- diff --git a/.files b/.files index 00c349b..428243e 100644 Binary files a/.files and b/.files differ diff --git a/.rev b/.rev index 6747e44..7b5f978 100644 --- a/.rev +++ b/.rev @@ -6194,4 +6194,12 @@ As this is a serious local privilege escalation, I would like to see a timely in 6.2 1066810 + + e128f4458ac225548504aaa62dff9732 + 6.2.1 + + dimstar_suse + 6.2.1 & lockdown patches & gfx drivers cleanup + 1068171 + diff --git a/config.tar.bz2 b/config.tar.bz2 index 08edf22..39bdccd 120000 --- a/config.tar.bz2 +++ b/config.tar.bz2 @@ -1 +1 @@ -/ipfs/bafybeigzj5byz3ibabpbjknecxxhg3xzbwvroa4ipdnehsuynh2cklmioq \ No newline at end of file +/ipfs/bafybeifn3dakaqsmqfezsvcvecwdm2yi6vwebtkzurr6v6ix47dqr6nduq \ No newline at end of file diff --git a/dtb-aarch64.changes b/dtb-aarch64.changes index 42fd60e..5ac446e 100644 --- a/dtb-aarch64.changes +++ b/dtb-aarch64.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/dtb-aarch64.spec b/dtb-aarch64.spec index 80433ae..80f6af0 100644 --- a/dtb-aarch64.spec +++ b/dtb-aarch64.spec @@ -17,7 +17,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif diff --git a/dtb-armv6l.changes b/dtb-armv6l.changes index 42fd60e..5ac446e 100644 --- a/dtb-armv6l.changes +++ b/dtb-armv6l.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/dtb-armv6l.spec b/dtb-armv6l.spec index 33c926c..e677a6d 100644 --- a/dtb-armv6l.spec +++ b/dtb-armv6l.spec @@ -17,7 +17,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-armv6l -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif diff --git a/dtb-armv7l.changes b/dtb-armv7l.changes index 42fd60e..5ac446e 100644 --- a/dtb-armv7l.changes +++ b/dtb-armv7l.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/dtb-armv7l.spec b/dtb-armv7l.spec index 44b692f..86db177 100644 --- a/dtb-armv7l.spec +++ b/dtb-armv7l.spec @@ -17,7 +17,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-armv7l -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif diff --git a/dtb-riscv64.changes b/dtb-riscv64.changes index 42fd60e..5ac446e 100644 --- a/dtb-riscv64.changes +++ b/dtb-riscv64.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/dtb-riscv64.spec b/dtb-riscv64.spec index aabf8d6..b027756 100644 --- a/dtb-riscv64.spec +++ b/dtb-riscv64.spec @@ -17,7 +17,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-riscv64 -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif diff --git a/kernel-64kb.changes b/kernel-64kb.changes index 42fd60e..5ac446e 100644 --- a/kernel-64kb.changes +++ b/kernel-64kb.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-64kb.spec b/kernel-64kb.spec index 7b375a0..9a3c35b 100644 --- a/kernel-64kb.spec +++ b/kernel-64kb.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-64kb Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc diff --git a/kernel-debug.changes b/kernel-debug.changes index 42fd60e..5ac446e 100644 --- a/kernel-debug.changes +++ b/kernel-debug.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-debug.spec b/kernel-debug.spec index 2c2bdb2..0859322 100644 --- a/kernel-debug.spec +++ b/kernel-debug.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-debug Summary: A Debug Version of the Kernel License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 diff --git a/kernel-default.changes b/kernel-default.changes index 42fd60e..5ac446e 100644 --- a/kernel-default.changes +++ b/kernel-default.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-default.spec b/kernel-default.spec index a6e01aa..17c6f21 100644 --- a/kernel-default.spec +++ b/kernel-default.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-default Summary: The Standard Kernel License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 diff --git a/kernel-docs.changes b/kernel-docs.changes index 42fd60e..5ac446e 100644 --- a/kernel-docs.changes +++ b/kernel-docs.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-docs.spec b/kernel-docs.spec index aba812a..f1dd147 100644 --- a/kernel-docs.spec +++ b/kernel-docs.spec @@ -17,7 +17,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Name: kernel-docs Summary: Kernel Documentation License: GPL-2.0-only Group: Documentation/Man -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -67,7 +67,7 @@ BuildRequires: texlive-zapfding %endif URL: https://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz diff --git a/kernel-kvmsmall.changes b/kernel-kvmsmall.changes index 42fd60e..5ac446e 100644 --- a/kernel-kvmsmall.changes +++ b/kernel-kvmsmall.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-kvmsmall.spec b/kernel-kvmsmall.spec index d0a3b39..33cc01b 100644 --- a/kernel-kvmsmall.spec +++ b/kernel-kvmsmall.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-kvmsmall Summary: The Small Developer Kernel for KVM License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc diff --git a/kernel-lpae.changes b/kernel-lpae.changes index 42fd60e..5ac446e 100644 --- a/kernel-lpae.changes +++ b/kernel-lpae.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-lpae.spec b/kernel-lpae.spec index 184dd0a..3bc5bf6 100644 --- a/kernel-lpae.spec +++ b/kernel-lpae.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-lpae Summary: Kernel for LPAE enabled systems License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes index 42fd60e..5ac446e 100644 --- a/kernel-obs-build.changes +++ b/kernel-obs-build.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec index 2058ecb..cf20c75 100644 --- a/kernel-obs-build.spec +++ b/kernel-obs-build.spec @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 @@ -45,7 +45,7 @@ BuildRequires: util-linux %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +BuildRequires: kernel%kernel_flavor-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %if 0%{?rhel_version} BuildRequires: kernel @@ -64,9 +64,9 @@ BuildRequires: dracut Summary: package kernel and initrd for OBS VM builds License: GPL-2.0-only Group: SLES -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes index 42fd60e..5ac446e 100644 --- a/kernel-obs-qa.changes +++ b/kernel-obs-qa.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec index 289f54d..b40dbfc 100644 --- a/kernel-obs-qa.spec +++ b/kernel-obs-qa.spec @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Basic QA tests for the kernel License: GPL-2.0-only Group: SLES -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif diff --git a/kernel-pae.changes b/kernel-pae.changes index 42fd60e..5ac446e 100644 --- a/kernel-pae.changes +++ b/kernel-pae.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-pae.spec b/kernel-pae.spec index 1e5fdd6..61fbcdf 100644 --- a/kernel-pae.spec +++ b/kernel-pae.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-pae Summary: Kernel with PAE Support License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 diff --git a/kernel-source.changes b/kernel-source.changes index 42fd60e..5ac446e 100644 --- a/kernel-source.changes +++ b/kernel-source.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-source.spec b/kernel-source.spec index 8f58533..355e581 100644 --- a/kernel-source.spec +++ b/kernel-source.spec @@ -17,7 +17,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 @@ -31,9 +31,9 @@ %endif Name: kernel-source -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -50,7 +50,7 @@ BuildRequires: fdupes BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 Provides: linux Provides: multiversion(kernel) Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz diff --git a/kernel-syms.changes b/kernel-syms.changes index 42fd60e..5ac446e 100644 --- a/kernel-syms.changes +++ b/kernel-syms.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-syms.spec b/kernel-syms.spec index 6fd6753..a7d40b6 100644 --- a/kernel-syms.spec +++ b/kernel-syms.spec @@ -24,10 +24,10 @@ Name: kernel-syms Summary: Kernel Symbol Versions (modversions) License: GPL-2.0-only Group: Development/Sources -Version: 6.2.0 +Version: 6.2.1 %if %using_buildservice %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -52,7 +52,7 @@ Requires: kernel-pae-devel = %version-%source_rel %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel diff --git a/kernel-vanilla.changes b/kernel-vanilla.changes index 42fd60e..5ac446e 100644 --- a/kernel-vanilla.changes +++ b/kernel-vanilla.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-vanilla.spec b/kernel-vanilla.spec index ebd71d1..a7cfdd4 100644 --- a/kernel-vanilla.spec +++ b/kernel-vanilla.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-vanilla Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc diff --git a/kernel-zfcpdump.changes b/kernel-zfcpdump.changes index 42fd60e..5ac446e 100644 --- a/kernel-zfcpdump.changes +++ b/kernel-zfcpdump.changes @@ -1,4 +1,90 @@ ------------------------------------------------------------------- +Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz + +- Linux 6.2.1 (bsc#1012628). +- bpf: add missing header file include (bsc#1012628). +- randstruct: disable Clang 15 support (bsc#1012628). +- ext4: Fix function prototype mismatch for ext4_feat_ktype + (bsc#1012628). +- platform/x86: nvidia-wmi-ec-backlight: Add force module + parameter (bsc#1012628). +- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + (bsc#1012628). +- audit: update the mailing list in MAINTAINERS (bsc#1012628). +- wifi: mwifiex: Add missing compatible string for SD8787 + (bsc#1012628). +- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628). +- x86/static_call: Add support for Jcc tail-calls (bsc#1012628). +- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 + instructions (bsc#1012628). +- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628). +- uaccess: Add speculation barrier to copy_from_user() + (bsc#1012628). +- commit 15796ef + +------------------------------------------------------------------- +Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de + +- Disable PS3 support + The PS3 hardware cannot be used with up-to-date firmware. +- commit 484fa63 + +------------------------------------------------------------------- +Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com + +- uvesafb: Disable fbdev driver (boo#1208662) + A VESA-based driver. Dropped in favor of generic DRM drivers. +- commit f0d0f1a + +------------------------------------------------------------------- +Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com + +- ocfb: Disable fbdev driver (boo#1208660) + The OpenCores fbdev driver is for an old homebrew chip design. Probably + unused. +- commit 00dd263 + +------------------------------------------------------------------- +Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com + +- udlfb: Disable fbdev driver (boo#1208658) + We've long shipped the DRM-based udl driver, which handles the same + devices. +- commit 8a53173 + +------------------------------------------------------------------- +Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com + +- ssd1307fb: Replace with ssd130x (boo#1208656) + Replace fbdev's ssd1307fb driver with the new DRM-based driver + ssd130x. Adds support for SPI and Wayland-based userspace. +- commit 1fe1b4c + +------------------------------------------------------------------- +Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com + +- vfb: Disable fbdev driver (boo#1208646) + The vfb fbdev driver is backed by system memory and only relevant for + testing. Disable it. There is DRM's vkms, if a software-only driver is + required. +- commit b1c9331 + +------------------------------------------------------------------- +Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com + +- Disable gxt4500 fbdev driver (boo#1208642) + The gxt4500 driver serves a 20yrs-old graphics hardware for + IBM RS/6000 system. Probably not in use any longer. +- commit 5313a19 + +------------------------------------------------------------------- +Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz + +- blacklist.conf: clean up + Remove the only (5.5) entry. It was needed only years ago. +- commit de1e630 + +------------------------------------------------------------------- Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - Update to 6.2 final @@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz - commit 28fe266 ------------------------------------------------------------------- +Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com + +- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101). +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870, bsc#1198101). +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870, bsc#1198101). +- Update config files. + - The shim for openSUSE Tumbleweed needs to be reviewed by upstream + and signed by Microsoft. So we need to lockdown kernel on x86_64 + and arm64 because EFI secure boot. + - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other + architectures. +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870, bsc#1198101). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870, bsc#1198101). +- commit a7d5b50 + +------------------------------------------------------------------- Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com - Update config files. diff --git a/kernel-zfcpdump.spec b/kernel-zfcpdump.spec index 4303243..a7dc7fd 100644 --- a/kernel-zfcpdump.spec +++ b/kernel-zfcpdump.spec @@ -18,7 +18,7 @@ %define srcversion 6.2 -%define patchversion 6.2.0 +%define patchversion 6.2.1 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -111,9 +111,9 @@ Name: kernel-zfcpdump Summary: The IBM System Z zfcpdump Kernel License: GPL-2.0-only Group: System/Kernel -Version: 6.2.0 +Version: 6.2.1 %if 0%{?is_kotd} -Release: .g89e2785 +Release: .g69e0e95 %else Release: 0 %endif @@ -240,10 +240,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 -Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 +Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 # END COMMON DEPS -Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036 +Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc diff --git a/patches.kernel.org.tar.bz2 b/patches.kernel.org.tar.bz2 index 4ef7b7a..b221994 120000 --- a/patches.kernel.org.tar.bz2 +++ b/patches.kernel.org.tar.bz2 @@ -1 +1 @@ -/ipfs/bafkreihodbkbydvmicvzri6mfl77wigsjzstd46nxn4zbn2nfxvxzcbclm \ No newline at end of file +/ipfs/bafkreifoyhoflnjsaq2hr7j4zplbn5rkixctvjc5koywfjmd3ruswpr4ga \ No newline at end of file diff --git a/patches.suse.tar.bz2 b/patches.suse.tar.bz2 index d5746f2..5f38a26 120000 --- a/patches.suse.tar.bz2 +++ b/patches.suse.tar.bz2 @@ -1 +1 @@ -/ipfs/bafkreidjx2yolvybbv6w3nzj2nvanprnot3vvssegtezess7xpw4qznfva \ No newline at end of file +/ipfs/bafkreiaorinpu6gh76fso44ybble3pcxsn6ou4j2syxfzivfrqv76orbhu \ No newline at end of file diff --git a/series.conf b/series.conf index 8572179..38443a0 100644 --- a/series.conf +++ b/series.conf @@ -27,6 +27,19 @@ # DO NOT MODIFY THEM! # Send separate patches upstream if you find a problem... ######################################################## + patches.kernel.org/6.2.1-001-uaccess-Add-speculation-barrier-to-copy_from_us.patch + patches.kernel.org/6.2.1-002-x86-alternatives-Introduce-int3_emulate_jcc.patch + patches.kernel.org/6.2.1-003-x86-alternatives-Teach-text_poke_bp-to-patch-Jc.patch + patches.kernel.org/6.2.1-004-x86-static_call-Add-support-for-Jcc-tail-calls.patch + patches.kernel.org/6.2.1-005-HID-mcp-2221-prevent-UAF-in-delayed-work.patch + patches.kernel.org/6.2.1-006-wifi-mwifiex-Add-missing-compatible-string-for-.patch + patches.kernel.org/6.2.1-007-audit-update-the-mailing-list-in-MAINTAINERS.patch + patches.kernel.org/6.2.1-008-platform-x86-amd-pmf-Add-depends-on-CONFIG_POWE.patch + patches.kernel.org/6.2.1-009-platform-x86-nvidia-wmi-ec-backlight-Add-force-.patch + patches.kernel.org/6.2.1-010-ext4-Fix-function-prototype-mismatch-for-ext4_f.patch + patches.kernel.org/6.2.1-011-randstruct-disable-Clang-15-support.patch + patches.kernel.org/6.2.1-012-bpf-add-missing-header-file-include.patch + patches.kernel.org/6.2.1-013-Linux-6.2.1.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -147,6 +160,14 @@ # Security ######################################################## + # Bug 1198101 - VUL-0: shim: openSUSE tumbleweed not fully locked down? Add opensuse-cert-prompt back to openSUSE shim + # Lock down functions for secure boot + patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch + patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch + patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch + patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch + patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch + # crypto ######################################################## diff --git a/source-timestamp b/source-timestamp index 0f5cd6e..dcd3ed2 100644 --- a/source-timestamp +++ b/source-timestamp @@ -1,3 +1,3 @@ -2023-02-20 06:22:59 +0000 -GIT Revision: 89e27851f72a9025c71bfb1a4edc9748cfbed036 +2023-02-27 11:39:51 +0000 +GIT Revision: 69e0e95118afe307ac9da57c2cc7f80673a41423 GIT Branch: stable diff --git a/supported.conf b/supported.conf index fcb2ffc..843e650 100644 --- a/supported.conf +++ b/supported.conf @@ -3443,8 +3443,8 @@ - drivers/video/fbdev/metronomefb - drivers/video/fbdev/ocfb - drivers/video/fbdev/smscufx - drivers/video/fbdev/uvesafb - drivers/video/fbdev/vfb +- drivers/video/fbdev/uvesafb +- drivers/video/fbdev/vfb +base drivers/video/fbdev/xen-fbfront - drivers/video/fbdev/xilinxfb drivers/video/macmodes # Standard MacOS video modes