diff --git a/.files b/.files
index 00c349b..428243e 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 6747e44..7b5f978 100644
--- a/.rev
+++ b/.rev
@@ -6194,4 +6194,12 @@ As this is a serious local privilege escalation, I would like to see a timely in
6.21066810
+
+ e128f4458ac225548504aaa62dff9732
+ 6.2.1
+
+ dimstar_suse
+ 6.2.1 & lockdown patches & gfx drivers cleanup
+ 1068171
+
diff --git a/config.tar.bz2 b/config.tar.bz2
index 08edf22..39bdccd 120000
--- a/config.tar.bz2
+++ b/config.tar.bz2
@@ -1 +1 @@
-/ipfs/bafybeigzj5byz3ibabpbjknecxxhg3xzbwvroa4ipdnehsuynh2cklmioq
\ No newline at end of file
+/ipfs/bafybeifn3dakaqsmqfezsvcvecwdm2yi6vwebtkzurr6v6ix47dqr6nduq
\ No newline at end of file
diff --git a/dtb-aarch64.changes b/dtb-aarch64.changes
index 42fd60e..5ac446e 100644
--- a/dtb-aarch64.changes
+++ b/dtb-aarch64.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/dtb-aarch64.spec b/dtb-aarch64.spec
index 80433ae..80f6af0 100644
--- a/dtb-aarch64.spec
+++ b/dtb-aarch64.spec
@@ -17,7 +17,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
%(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
Name: dtb-aarch64
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
diff --git a/dtb-armv6l.changes b/dtb-armv6l.changes
index 42fd60e..5ac446e 100644
--- a/dtb-armv6l.changes
+++ b/dtb-armv6l.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/dtb-armv6l.spec b/dtb-armv6l.spec
index 33c926c..e677a6d 100644
--- a/dtb-armv6l.spec
+++ b/dtb-armv6l.spec
@@ -17,7 +17,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
%(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
Name: dtb-armv6l
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
diff --git a/dtb-armv7l.changes b/dtb-armv7l.changes
index 42fd60e..5ac446e 100644
--- a/dtb-armv7l.changes
+++ b/dtb-armv7l.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/dtb-armv7l.spec b/dtb-armv7l.spec
index 44b692f..86db177 100644
--- a/dtb-armv7l.spec
+++ b/dtb-armv7l.spec
@@ -17,7 +17,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
%(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
Name: dtb-armv7l
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
diff --git a/dtb-riscv64.changes b/dtb-riscv64.changes
index 42fd60e..5ac446e 100644
--- a/dtb-riscv64.changes
+++ b/dtb-riscv64.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/dtb-riscv64.spec b/dtb-riscv64.spec
index aabf8d6..b027756 100644
--- a/dtb-riscv64.spec
+++ b/dtb-riscv64.spec
@@ -17,7 +17,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
%(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
Name: dtb-riscv64
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
diff --git a/kernel-64kb.changes b/kernel-64kb.changes
index 42fd60e..5ac446e 100644
--- a/kernel-64kb.changes
+++ b/kernel-64kb.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-64kb.spec b/kernel-64kb.spec
index 7b375a0..9a3c35b 100644
--- a/kernel-64kb.spec
+++ b/kernel-64kb.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-64kb
Summary: Kernel with 64kb PAGE_SIZE
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%obsolete_rebuilds %name
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
Source3: kernel-source.rpmlintrc
diff --git a/kernel-debug.changes b/kernel-debug.changes
index 42fd60e..5ac446e 100644
--- a/kernel-debug.changes
+++ b/kernel-debug.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-debug.spec b/kernel-debug.spec
index 2c2bdb2..0859322 100644
--- a/kernel-debug.spec
+++ b/kernel-debug.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-debug
Summary: A Debug Version of the Kernel
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%ifarch ppc64
Provides: kernel-kdump = 2.6.28
Obsoletes: kernel-kdump <= 2.6.28
diff --git a/kernel-default.changes b/kernel-default.changes
index 42fd60e..5ac446e 100644
--- a/kernel-default.changes
+++ b/kernel-default.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-default.spec b/kernel-default.spec
index a6e01aa..17c6f21 100644
--- a/kernel-default.spec
+++ b/kernel-default.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-default
Summary: The Standard Kernel
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%ifarch %ix86
Provides: kernel-smp = 2.6.17
Obsoletes: kernel-smp <= 2.6.17
diff --git a/kernel-docs.changes b/kernel-docs.changes
index 42fd60e..5ac446e 100644
--- a/kernel-docs.changes
+++ b/kernel-docs.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-docs.spec b/kernel-docs.spec
index aba812a..f1dd147 100644
--- a/kernel-docs.spec
+++ b/kernel-docs.spec
@@ -17,7 +17,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -31,9 +31,9 @@ Name: kernel-docs
Summary: Kernel Documentation
License: GPL-2.0-only
Group: Documentation/Man
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -67,7 +67,7 @@ BuildRequires: texlive-zapfding
%endif
URL: https://www.kernel.org/
Provides: %name = %version-%source_rel
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
diff --git a/kernel-kvmsmall.changes b/kernel-kvmsmall.changes
index 42fd60e..5ac446e 100644
--- a/kernel-kvmsmall.changes
+++ b/kernel-kvmsmall.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-kvmsmall.spec b/kernel-kvmsmall.spec
index d0a3b39..33cc01b 100644
--- a/kernel-kvmsmall.spec
+++ b/kernel-kvmsmall.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-kvmsmall
Summary: The Small Developer Kernel for KVM
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%obsolete_rebuilds %name
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
Source3: kernel-source.rpmlintrc
diff --git a/kernel-lpae.changes b/kernel-lpae.changes
index 42fd60e..5ac446e 100644
--- a/kernel-lpae.changes
+++ b/kernel-lpae.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-lpae.spec b/kernel-lpae.spec
index 184dd0a..3bc5bf6 100644
--- a/kernel-lpae.spec
+++ b/kernel-lpae.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-lpae
Summary: Kernel for LPAE enabled systems
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%obsolete_rebuilds %name
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
Source3: kernel-source.rpmlintrc
diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes
index 42fd60e..5ac446e 100644
--- a/kernel-obs-build.changes
+++ b/kernel-obs-build.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec
index 2058ecb..cf20c75 100644
--- a/kernel-obs-build.spec
+++ b/kernel-obs-build.spec
@@ -19,7 +19,7 @@
#!BuildIgnore: post-build-checks
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
@@ -45,7 +45,7 @@ BuildRequires: util-linux
%endif
%endif
%endif
-BuildRequires: kernel%kernel_flavor-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+BuildRequires: kernel%kernel_flavor-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%if 0%{?rhel_version}
BuildRequires: kernel
@@ -64,9 +64,9 @@ BuildRequires: dracut
Summary: package kernel and initrd for OBS VM builds
License: GPL-2.0-only
Group: SLES
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes
index 42fd60e..5ac446e 100644
--- a/kernel-obs-qa.changes
+++ b/kernel-obs-qa.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec
index 289f54d..b40dbfc 100644
--- a/kernel-obs-qa.spec
+++ b/kernel-obs-qa.spec
@@ -17,7 +17,7 @@
# needsrootforbuild
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -36,9 +36,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: Basic QA tests for the kernel
License: GPL-2.0-only
Group: SLES
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
diff --git a/kernel-pae.changes b/kernel-pae.changes
index 42fd60e..5ac446e 100644
--- a/kernel-pae.changes
+++ b/kernel-pae.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-pae.spec b/kernel-pae.spec
index 1e5fdd6..61fbcdf 100644
--- a/kernel-pae.spec
+++ b/kernel-pae.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-pae
Summary: Kernel with PAE Support
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%ifarch %ix86
Provides: kernel-bigsmp = 2.6.17
Obsoletes: kernel-bigsmp <= 2.6.17
diff --git a/kernel-source.changes b/kernel-source.changes
index 42fd60e..5ac446e 100644
--- a/kernel-source.changes
+++ b/kernel-source.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-source.spec b/kernel-source.spec
index 8f58533..355e581 100644
--- a/kernel-source.spec
+++ b/kernel-source.spec
@@ -17,7 +17,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
@@ -31,9 +31,9 @@
%endif
Name: kernel-source
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -50,7 +50,7 @@ BuildRequires: fdupes
BuildRequires: sed
Requires(post): coreutils sed
Provides: %name = %version-%source_rel
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
Provides: linux
Provides: multiversion(kernel)
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
diff --git a/kernel-syms.changes b/kernel-syms.changes
index 42fd60e..5ac446e 100644
--- a/kernel-syms.changes
+++ b/kernel-syms.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-syms.spec b/kernel-syms.spec
index 6fd6753..a7d40b6 100644
--- a/kernel-syms.spec
+++ b/kernel-syms.spec
@@ -24,10 +24,10 @@ Name: kernel-syms
Summary: Kernel Symbol Versions (modversions)
License: GPL-2.0-only
Group: Development/Sources
-Version: 6.2.0
+Version: 6.2.1
%if %using_buildservice
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -52,7 +52,7 @@ Requires: kernel-pae-devel = %version-%source_rel
%endif
Requires: pesign-obs-integration
Provides: %name = %version-%source_rel
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
Provides: multiversion(kernel)
Source: README.KSYMS
Requires: kernel-devel%variant = %version-%source_rel
diff --git a/kernel-vanilla.changes b/kernel-vanilla.changes
index 42fd60e..5ac446e 100644
--- a/kernel-vanilla.changes
+++ b/kernel-vanilla.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-vanilla.spec b/kernel-vanilla.spec
index ebd71d1..a7cfdd4 100644
--- a/kernel-vanilla.spec
+++ b/kernel-vanilla.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-vanilla
Summary: The Standard Kernel - without any SUSE patches
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%obsolete_rebuilds %name
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
Source3: kernel-source.rpmlintrc
diff --git a/kernel-zfcpdump.changes b/kernel-zfcpdump.changes
index 42fd60e..5ac446e 100644
--- a/kernel-zfcpdump.changes
+++ b/kernel-zfcpdump.changes
@@ -1,4 +1,90 @@
-------------------------------------------------------------------
+Mon Feb 27 12:39:20 CET 2023 - jslaby@suse.cz
+
+- Linux 6.2.1 (bsc#1012628).
+- bpf: add missing header file include (bsc#1012628).
+- randstruct: disable Clang 15 support (bsc#1012628).
+- ext4: Fix function prototype mismatch for ext4_feat_ktype
+ (bsc#1012628).
+- platform/x86: nvidia-wmi-ec-backlight: Add force module
+ parameter (bsc#1012628).
+- platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY
+ (bsc#1012628).
+- audit: update the mailing list in MAINTAINERS (bsc#1012628).
+- wifi: mwifiex: Add missing compatible string for SD8787
+ (bsc#1012628).
+- HID: mcp-2221: prevent UAF in delayed work (bsc#1012628).
+- x86/static_call: Add support for Jcc tail-calls (bsc#1012628).
+- x86/alternatives: Teach text_poke_bp() to patch Jcc.d32
+ instructions (bsc#1012628).
+- x86/alternatives: Introduce int3_emulate_jcc() (bsc#1012628).
+- uaccess: Add speculation barrier to copy_from_user()
+ (bsc#1012628).
+- commit 15796ef
+
+-------------------------------------------------------------------
+Fri Feb 24 15:32:06 CET 2023 - msuchanek@suse.de
+
+- Disable PS3 support
+ The PS3 hardware cannot be used with up-to-date firmware.
+- commit 484fa63
+
+-------------------------------------------------------------------
+Fri Feb 24 14:53:02 CET 2023 - tzimmermann@suse.com
+
+- uvesafb: Disable fbdev driver (boo#1208662)
+ A VESA-based driver. Dropped in favor of generic DRM drivers.
+- commit f0d0f1a
+
+-------------------------------------------------------------------
+Fri Feb 24 14:39:16 CET 2023 - tzimmermann@suse.com
+
+- ocfb: Disable fbdev driver (boo#1208660)
+ The OpenCores fbdev driver is for an old homebrew chip design. Probably
+ unused.
+- commit 00dd263
+
+-------------------------------------------------------------------
+Fri Feb 24 14:10:24 CET 2023 - tzimmermann@suse.com
+
+- udlfb: Disable fbdev driver (boo#1208658)
+ We've long shipped the DRM-based udl driver, which handles the same
+ devices.
+- commit 8a53173
+
+-------------------------------------------------------------------
+Fri Feb 24 13:16:18 CET 2023 - tzimmermann@suse.com
+
+- ssd1307fb: Replace with ssd130x (boo#1208656)
+ Replace fbdev's ssd1307fb driver with the new DRM-based driver
+ ssd130x. Adds support for SPI and Wayland-based userspace.
+- commit 1fe1b4c
+
+-------------------------------------------------------------------
+Fri Feb 24 10:30:43 CET 2023 - tzimmermann@suse.com
+
+- vfb: Disable fbdev driver (boo#1208646)
+ The vfb fbdev driver is backed by system memory and only relevant for
+ testing. Disable it. There is DRM's vkms, if a software-only driver is
+ required.
+- commit b1c9331
+
+-------------------------------------------------------------------
+Fri Feb 24 09:43:37 CET 2023 - tzimmermann@suse.com
+
+- Disable gxt4500 fbdev driver (boo#1208642)
+ The gxt4500 driver serves a 20yrs-old graphics hardware for
+ IBM RS/6000 system. Probably not in use any longer.
+- commit 5313a19
+
+-------------------------------------------------------------------
+Tue Feb 21 07:32:10 CET 2023 - jslaby@suse.cz
+
+- blacklist.conf: clean up
+ Remove the only (5.5) entry. It was needed only years ago.
+- commit de1e630
+
+-------------------------------------------------------------------
Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- Update to 6.2 final
@@ -6,6 +92,26 @@ Mon Feb 20 00:02:32 CET 2023 - mkubecek@suse.cz
- commit 28fe266
-------------------------------------------------------------------
+Sat Feb 18 08:02:26 CET 2023 - jlee@suse.com
+
+- arm64: lock down kernel in secure boot mode (jsc#SLE-15020, bsc#1198101).
+- efi: Lock down the kernel at the integrity level if booted in
+ secure boot mode (jsc#SLE-9870, bsc#1198101).
+- efi: Lock down the kernel if booted in secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- Update config files.
+ - The shim for openSUSE Tumbleweed needs to be reviewed by upstream
+ and signed by Microsoft. So we need to lockdown kernel on x86_64
+ and arm64 because EFI secure boot.
+ - We disable CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT in other
+ architectures.
+- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+ (jsc#SLE-9870, bsc#1198101).
+- security: lockdown: expose a hook to lock the kernel down
+ (jsc#SLE-9870, bsc#1198101).
+- commit a7d5b50
+
+-------------------------------------------------------------------
Thu Feb 16 18:56:58 CET 2023 - mkoutny@suse.com
- Update config files.
diff --git a/kernel-zfcpdump.spec b/kernel-zfcpdump.spec
index 4303243..a7dc7fd 100644
--- a/kernel-zfcpdump.spec
+++ b/kernel-zfcpdump.spec
@@ -18,7 +18,7 @@
%define srcversion 6.2
-%define patchversion 6.2.0
+%define patchversion 6.2.1
%define variant %{nil}
%define vanilla_only 0
%define compress_modules zstd
@@ -111,9 +111,9 @@ Name: kernel-zfcpdump
Summary: The IBM System Z zfcpdump Kernel
License: GPL-2.0-only
Group: System/Kernel
-Version: 6.2.0
+Version: 6.2.1
%if 0%{?is_kotd}
-Release: .g89e2785
+Release: .g69e0e95
%else
Release: 0
%endif
@@ -240,10 +240,10 @@ Conflicts: hyper-v < 4
Conflicts: libc.so.6()(64bit)
%endif
Provides: kernel = %version-%source_rel
-Provides: kernel-%build_flavor-base-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
-Provides: kernel-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: kernel-%build_flavor-base-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
+Provides: kernel-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
# END COMMON DEPS
-Provides: %name-srchash-89e27851f72a9025c71bfb1a4edc9748cfbed036
+Provides: %name-srchash-69e0e95118afe307ac9da57c2cc7f80673a41423
%obsolete_rebuilds %name
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz
Source3: kernel-source.rpmlintrc
diff --git a/patches.kernel.org.tar.bz2 b/patches.kernel.org.tar.bz2
index 4ef7b7a..b221994 120000
--- a/patches.kernel.org.tar.bz2
+++ b/patches.kernel.org.tar.bz2
@@ -1 +1 @@
-/ipfs/bafkreihodbkbydvmicvzri6mfl77wigsjzstd46nxn4zbn2nfxvxzcbclm
\ No newline at end of file
+/ipfs/bafkreifoyhoflnjsaq2hr7j4zplbn5rkixctvjc5koywfjmd3ruswpr4ga
\ No newline at end of file
diff --git a/patches.suse.tar.bz2 b/patches.suse.tar.bz2
index d5746f2..5f38a26 120000
--- a/patches.suse.tar.bz2
+++ b/patches.suse.tar.bz2
@@ -1 +1 @@
-/ipfs/bafkreidjx2yolvybbv6w3nzj2nvanprnot3vvssegtezess7xpw4qznfva
\ No newline at end of file
+/ipfs/bafkreiaorinpu6gh76fso44ybble3pcxsn6ou4j2syxfzivfrqv76orbhu
\ No newline at end of file
diff --git a/series.conf b/series.conf
index 8572179..38443a0 100644
--- a/series.conf
+++ b/series.conf
@@ -27,6 +27,19 @@
# DO NOT MODIFY THEM!
# Send separate patches upstream if you find a problem...
########################################################
+ patches.kernel.org/6.2.1-001-uaccess-Add-speculation-barrier-to-copy_from_us.patch
+ patches.kernel.org/6.2.1-002-x86-alternatives-Introduce-int3_emulate_jcc.patch
+ patches.kernel.org/6.2.1-003-x86-alternatives-Teach-text_poke_bp-to-patch-Jc.patch
+ patches.kernel.org/6.2.1-004-x86-static_call-Add-support-for-Jcc-tail-calls.patch
+ patches.kernel.org/6.2.1-005-HID-mcp-2221-prevent-UAF-in-delayed-work.patch
+ patches.kernel.org/6.2.1-006-wifi-mwifiex-Add-missing-compatible-string-for-.patch
+ patches.kernel.org/6.2.1-007-audit-update-the-mailing-list-in-MAINTAINERS.patch
+ patches.kernel.org/6.2.1-008-platform-x86-amd-pmf-Add-depends-on-CONFIG_POWE.patch
+ patches.kernel.org/6.2.1-009-platform-x86-nvidia-wmi-ec-backlight-Add-force-.patch
+ patches.kernel.org/6.2.1-010-ext4-Fix-function-prototype-mismatch-for-ext4_f.patch
+ patches.kernel.org/6.2.1-011-randstruct-disable-Clang-15-support.patch
+ patches.kernel.org/6.2.1-012-bpf-add-missing-header-file-include.patch
+ patches.kernel.org/6.2.1-013-Linux-6.2.1.patch
########################################################
# Build fixes that apply to the vanilla kernel too.
@@ -147,6 +160,14 @@
# Security
########################################################
+ # Bug 1198101 - VUL-0: shim: openSUSE tumbleweed not fully locked down? Add opensuse-cert-prompt back to openSUSE shim
+ # Lock down functions for secure boot
+ patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch
+ patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
+ patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch
+ patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch
+ patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
+
# crypto
########################################################
diff --git a/source-timestamp b/source-timestamp
index 0f5cd6e..dcd3ed2 100644
--- a/source-timestamp
+++ b/source-timestamp
@@ -1,3 +1,3 @@
-2023-02-20 06:22:59 +0000
-GIT Revision: 89e27851f72a9025c71bfb1a4edc9748cfbed036
+2023-02-27 11:39:51 +0000
+GIT Revision: 69e0e95118afe307ac9da57c2cc7f80673a41423
GIT Branch: stable
diff --git a/supported.conf b/supported.conf
index fcb2ffc..843e650 100644
--- a/supported.conf
+++ b/supported.conf
@@ -3443,8 +3443,8 @@
- drivers/video/fbdev/metronomefb
- drivers/video/fbdev/ocfb
- drivers/video/fbdev/smscufx
- drivers/video/fbdev/uvesafb
- drivers/video/fbdev/vfb
+- drivers/video/fbdev/uvesafb
+- drivers/video/fbdev/vfb
+base drivers/video/fbdev/xen-fbfront
- drivers/video/fbdev/xilinxfb
drivers/video/macmodes # Standard MacOS video modes