File kernel-livepatch-SLE15_Update_8.changes of Package kernel-livepatch-SLE15_Update_8.13002

Tue Oct 22 11:36:48 CEST 2019 -

- Bump up the version number in spec file
- commit 7ae3e26

Mon Oct 21 15:01:12 CEST 2019 -

- Fix for CVE-2019-10220 ("Samba servers can inject relative paths in directory entry lists")
  Live patch for CVE-2019-10220. Upstream commit 8a23eb804ca4 ("Make
  filldir[64]() verify the directory entry filename is valid").
  KLP: CVE-2019-10220
  References: bsc#1153108 CVE-2019-10220
- commit 2ee5f29

Thu Oct 17 13:02:58 CEST 2019 -

- Fix for CVE-2019-17133 ("cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow")
  Live patch for CVE-2019-17133. Upstream commit 4ac2813cc867 ("cfg80211:
  wext: avoid copying malformed SSIDs").
  KLP: CVE-2019-17133
  References: bsc#1153161 CVE-2019-17133
- commit 92a5a5c

Mon Sep 30 17:50:37 CEST 2019 -

- Bump up the version number in spec file
- commit 7bb8279

Thu Sep 26 12:42:29 CEST 2019 -

- Fix for CVE-2019-14835 ("vhost/vhost_net kernel buffer overflow leads to guest to host kernel escape")
  Live patch for CVE-2019-14835. Upstream commit 060423bfdee3 ("vhost: make
  sure log_num < in_num").
  KLP: CVE-2019-14835
  References: bsc#1151021 CVE-2019-14835
- commit 650dc45

Sat Sep  7 18:53:16 CEST 2019 -

- uname_patch: convert to the syscall stub wrapper macros from klp_syscalls.h
  In order to make the live patch to the newuname() syscall work on
  kernels >= 4.17 again, convert it to the KLP_SYSCALL_*() wrapper macros
  provided by klp_syscalls.h.
  References: bsc#1149841
- commit b5af38e

Sat Sep  7 18:53:15 CEST 2019 -

- Provide wrapper macros for syscall naming
  Live patching syscall stubs is a common task, for example any live patch
  package modifies the newuname syscall.
  For the actual definitions of the live patched syscall stubs, the
  __SYSCALL_DEFINEx() name can always be (and often has been) used like e.g.
  __SYSCALL_DEFINEx(3, _klp_timer_create, const clockid_t, which_clock,
                    struct sigevent __user *, timer_event_spec,
                    timer_t __user *, created_timer_id)
    /* New implementation */
  Up to kernel 4.16, this used to define a function named
  "SyS_klp_timer_create" which could then be used to live patch the
  However, beginning with kernel version 4.17, resp. upstream commits
  - fa697140f9a2 ("syscalls/x86: Use 'struct pt_regs' based syscall calling
                   convention for 64-bit syscalls")
  - e145242ea0df ("syscalls/core, syscalls/x86: Clean up syscall stub
                   naming convention")
  - d5a00528b58c ("syscalls/core, syscalls/x86: Rename struct pt_regs-based
                   sys_*() to __x64_sys_*()"),
  things became more complex:
   - The naming of the resulting stubs now varies across architecture.
   - Some architectures (x86_64, s390x) instantiate an additional
   compat stub for syscalls sharing a common implementation between 32 and
   64 bits. (The 32 bit entry code used to convert from the 32 bit ABI to
   64 bit and simply call the 64 bit syscall stub afterwards. That's
   handled by the new 32 bit stubs now.)
   - The stubs' signatures have changed: each argument used to get mapped
   to either long or long long, but on x86_64, the stubs are now receiving
   a single struct pt_regs only -- it's their responsibility to extract
   the arguments as appropriate.
  In order to not require each and every live patch touching syscalls to
  include an insane amount of ifdeffery, provide a set of #defines hiding it:
  1.) KLP_SYSCALL_SYM(name) expands to the syscall stub name for 64 bits
    as defined by _SYSCALL_DEFINEx(x, _name, ...).
  2.) If the architeture requires 32bit specific stubs for syscalls sharing
    a common implementation between 32 and 64bits, the
  3.) If KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS is defined, then
    KLP_SYSCALL_COMPAT_STUB_SYM(name) expands to the syscall stub name
    for 32 bits as defined by _SYSCALL_DEFINEx(x, _name, ...).
  4.) For syscalls not sharing a common implementation between 32 and
    64 bits, i.e. those defined by COMPAT_SYSCALL_DEFINEx(),
    the macro KLP_COMPAT_SYSCALL_SYM(name) expands to the stub name
    defined as defined by COMPAT_SYSCALL_DEFINEx(x, _name, ...).
  5.) Finally, for hiding differences between the signatures,
    provide the macro KLP_SYSCALL_DECLx(x, sym, ...) which
    expands to a declaration of sym, with the x arguments either
    mapped to long resp. long long each, or collapsed to a single
    struct pt_regs argument as appropriate for the architecture.
  Note that these macros are defined as appropriate on kernels before and
  after 4.17, so that live patch code can be shared.
  References: bsc#1149841
- commit da7b9a5

Sat Aug 24 19:06:03 CEST 2019 -

- scripts/ add -I flag for toplevel directory to ccflags-y
  Since upstream commit 58156ba4468f ("kbuild: skip 'addtree' and 'flags'
  magic for external module build") Kbuild won't add an -I flag for an
  external module's toplevel source directory to the compilation flags
  This results in compilation errors like the following:
  uname_patch/livepatch_uname.c:36:10: fatal error: klp_convert.h: No such
                                                    file or directory
  #include "klp_convert.h"
  Fix this by appending '-I$(obj)' to ccflags-y within the Makefile created
  by scripts/ Note that "$(obj)" is set to the current
  source directory before the Makefile is sourced by Kbuild.
- commit b30a48e

Thu Jul 11 11:11:08 CEST 2019 -

- Bump up the version number in spec file
- commit c051038

Wed Jul 10 10:50:23 CEST 2019 -

- Fix regression bsc#1140747 ("applications tcp socket get stuck")
  The fix for CVE-2019-11478 ("SACK Slowness / extensive resource usage")
  can cause TCP connection stalls for applications having setup very low
  SO_SNDBUF values. Fix this by applying stable-4.4.y commit 46c7b5d6f2a5
  ("tcp: refine memory limit test in tcp_fragment()") to the live patch
  mitigating this CVE.
  Fixes: 88aa201882bf ('Fix for CVE-2019-11477 and CVE-2019-11478 ("multiple
                      remote denial of service issues (SACK Panic)")')
  References: bsc#1140747 bsc#1137597 CVE-2019-11478
- commit 99f0e78

Tue Jul  9 16:04:54 CEST 2019 -

- bsc#1137597: fill in upstream commit ids
  At the time the live patch for CVE-2019-11477 and CVE-2019-11478 ("multiple
  remote denial of service issues (SACK Panic)") was being prepared, the
  issue had been under embargo and no upstream commits published. Add their
  ids to the live patch's file header comment.
  References: bsc#1137597 CVE-2019-11477 CVE-2019-11478
- commit 2ebe80d

Tue Jun 18 11:10:46 CEST 2019 -

- bsc#1136446: get rid of unwanted dependency on cfg80211.ko
  The fix for bsc#1136446, CVE-2019-3846 ("Heap Overflow in
  mwifiex_update_bss_desc_with_ie function of Marvell Wifi Driver in Linux
  kernel") introduced a dependency on cfg80211.ko from the live patch module
  by mistake. It isn't a serious problem, but not really nice either. Fix it
  Fixes: f7c197c9011b ('Fix for CVE-2019-3846 ("Heap Overflow in
                      mwifiex_update_bss_desc_with_ie function of Marvell
                      Wifi Driver in Linux kernel")')
  References: bsc#1136446
- commit 1df459a

Tue Jun 18 08:22:55 CEST 2019 -

- Bump up the version number in spec file
- commit a3f98af

Sun Jun 16 15:25:55 CEST 2019 -

- Fix for CVE-2019-3846 ("Heap Overflow in mwifiex_update_bss_desc_with_ie function of Marvell Wifi Driver in Linux kernel")
  Live patch for CVE-2019-3846 as well as the related heap overflow handled
  in bsc#1136935 which hasn't got a unique CVE number assigned yet.
  Upstream commits
  13ec7f10b87f ("mwifiex: Fix possible buffer overflows at parsing bss
  685c9b7750bf ("mwifiex: Abort at too short BSS descriptor element")
  69ae4f6aac15 ("mwifiex: Fix heap overflow in
  KLP: CVE-2019-3846
  References: bsc#1136446 bsc#1136935 CVE-2019-3846
- commit f7c197c

Tue Jun 11 15:22:58 CEST 2019 -

- Fix for CVE-2019-11477 and CVE-2019-11478 ("multiple remote denial of service issues (SACK Panic)")
  Live patch for CVE-2019-11477 and CVE-2019-11478. No upstream commits yet.
  KLP: CVE-2019-11477 CVE-2019-11478
  References: bsc#1137597 CVE-2019-11477 CVE-2019-11478
- commit 88aa201

Tue Jun 11 10:30:27 CEST 2019 -

- Fix for CVE-2019-11487 ("The Linux kernel [...] allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists")
  Live patch for CVE-2019-11487. Upstream commits
  f958d7b528 ("mm: make page ref count overflow check tighter and more
  88b1a17dfc ("mm: add 'try_get_page()' helper function")
  8fde12ca79 ("mm: prevent get_user_pages() from overflowing page
  15fab63e1e ("fs: prevent page refcount overflow in pipe_buf_get")
  KLP: CVE-2019-11487
  References: bsc#1133191 CVE-2019-11487
- commit 9b0bb93

Fri May 31 14:55:07 CEST 2019 -

- Fix for CVE-2019-11085 ("insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation")
  Live patch for CVE-2019-11085. Upstream commit 51b00d8509dc ("drm/i915/gvt:
  Fix mmap range check").
  KLP: CVE-2019-11085
  References: bsc#1135280 CVE-2019-11085
- commit 210f9e7

Tue Mar 12 10:58:37 CET 2019 -

- Bump up the version number in spec file
- commit c5eb27c

Fri Mar  8 12:57:46 CET 2019 -

- Fix for CVE-2019-9213 ("mm: enforce min addr even if capable() in expand_downwards()")
  Live patch for CVE-2019-9213. Upstream commit 0a1d52994d44 ("mm: enforce
  min addr even if capable() in expand_downwards()").
  KLP: CVE-2019-9213
  References: bsc#1128378 CVE-2019-9213
- commit 85c79e2

Thu Mar  7 15:23:42 CET 2019 -

- livepatch_main.c: Adaptation to a new livepatch API
  The atomic replace patch set among others removed the two-stage API.
  There is no (un)registration step needed now. SLES backport defines
  KLP_NOREG_API macro to easily distinguish whether the kernel provides
  the old or the new API. Use it and change the module init and exit
  functions accordingly.
- commit 060163b

Wed Mar  6 14:47:25 CET 2019 -

- Fix for CVE-2019-8912 ("af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr")
  Live patch for CVE-2019-8912. Upstream commit 9060cb719e61 ("net: crypto set sk
  to NULL when af_alg_release.").
  KLP: CVE-2019-8912
  References: bsc#1126284 CVE-2019-8912
- commit f0e6112

Tue Feb 26 12:07:38 CET 2019 -

- Fix for CVE-2019-7221 ("KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer")
  Live patch for CVE-2019-7221. Upstream commit ecec76885bcf ("KVM: nVMX:
  unconditionally cancel preemption timer in free_nested (CVE-2019-7221)").
  KLP: CVE-2019-7221
  References: bsc#1124734 CVE-2019-7221
- commit cd5e015

Wed Feb 13 16:58:35 CET 2019 -

- Fix for CVE-2019-6974 ("KVM: potential use-after-free via kvm_ioctl_create_device()")
  Live patch for CVE-2019-6974. Upstream commit cfa39381173d ("kvm: fix
  kvm_ioctl_create_device() reference counting (CVE-2019-6974)").
  KLP: CVE-2019-6974
  References: bsc#1124729 CVE-2019-6974
- commit f9bf16e

Thu Feb  7 14:13:00 CET 2019 -

- uname_patch: Use klp-convert macros and rely on klp-convert where
- commit 4c9eb70

Wed Feb  6 14:12:44 CET 2019 -

- Define macros to switch easily between klp-convert and kallsyms
  Kallsyms trick does not have to be used for resolving undefined symbols
  when klp-convert is available. It would be great though to share live
  patches sources between both modes of operation.
  Define macros to help with the task. Their definitions depend on
  whether USE_KLP_CONVERT macro is defined. script is
  responsible to decide.
- commit e3a42b7

Wed Feb  6 10:53:44 CET 2019 -

- Use klp-convert where provided
  klp-convert tool converts undefined symbols in a live patch kernel module
  to special relocation records which are resolved by the kernel. It
  allows to omit kallsyms tricks.
  Wire it to the spec file and let script decide if it is to be
  used depending on a codestream. SLE15-SP1 is supported currently.
- commit 3efd330

Fri Jan 18 13:34:58 CET 2019 -

- Update IBS_PROJECT to correct maintenance incident after initial submission
- commit ad5f528

Thu Jan 17 09:48:08 CET 2019 -

- New branch for SLE15_Update_8
- commit 470f704

Tue Dec 11 11:27:23 CET 2018 -

- uname_patch: don't hold uts_sem while accessing userspace memory
  Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while
  accessing userspace memory").
- commit d4e00de

Wed Aug  8 15:08:00 CEST 2018 -

- Provide common kallsyms wrapper API
  With bsc#1103203, the need for disambiguating between a multiply
  defined symbol arose. This is something the kallsyms_lookup_name() based
  code snippet we used to copy&paste to every individual CVE fix can't
  Implement a proper wrapper API for doing the kallsyms lookups.
- commit bd113d8

Wed Jul 11 13:55:14 CEST 2018 -

- provide KLP_SHADOW_ID() helper macro
  In analogy to the KGR_SHADOW_ID() macro, introduce KLP_SHADOW_ID() for
  the construction of unique shadow variable id's.
- commit d8d2d59

Sun Jul  8 13:02:18 CEST 2018 -

- scripts/ implement conditional inclusion
  Currently, subpatches provide a patched_funcs.csv file describing what
  needs to be patched. inspects those to assemble one
  global klp_patch structure.
  The current format for these patched_funcs.csv's is
  obj old_func(,sympos) newfun
  However, sometimes subpatches depend on some kernel configuration values
  like CONFIG_X86_64 and functions shall get patched only if the target
  kernel configuration matches.
  Extends the patched_funcs.csv format to
  obj old_func(,sympos) newfun (cpp condition)
  where everything coming after 'newfun' is taken to be a CPP condition to be
  used for conditional inclusion. In case there's no condition specified,
  assign that entry the same semantics as if a '1' had been given.
  Make guard the corresponding klp_func entries with #if
  Furthermore, let it guard the enclosing klp_object instances by or'ing
  together all its klp_funcs' conditions.
  For the sake of better readability, omit redundant #if pragmas as well as
  condition clauses. In particular,
- if a function entry hasn't got any condition explicitly specified,
  there won't be any #if pragma, neither at the klp_func nor at the
  klp_object level,
- if multiple function entries for an object are protected by the same
  condition, it'll be or'ed in at the klp_object level only once,
- if all of an object's functions share the same condition, no #if pragmas
  will be emitted at the klp_func level because they would only duplicate
  what's already there for the enclosing object and
- multiple subsequent function entries sharing the same condition get
- commit 56f0729

Sun Jul  8 13:02:17 CEST 2018 -

- scripts/ allow spaces as patched_funcs.csv separators
  Currently there's one single cut(1) usage which requires that (single) tabs
  are used as field separators for the patched_funcs.csv.
  As the rest of the code can deal with sequences of any whitespace already,
  this imposes an unnecessary restriction on the format.
  Substitute that cut(1) usage by a sed(1) invocation as appropriate.
- commit 9852661

Mon Jun  4 15:20:08 CEST 2018 -

- livepatch_main.c: Set .replace to true
- commit 643f04c

Mon May 14 08:30:00 CEST 2018 -

- scrips/ add support for assembly files
- commit cf2464a

Wed Dec  6 14:40:14 CET 2017 -

- Revert "shadow variables: introduce upstream patch"
  This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78.
- commit a27c66a

Wed Dec  6 14:37:09 CET 2017 -

- Revert "shadow variables: drop EXPORT_SYMBOL()s"
  This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e.
- commit 40d0ba6

Wed Dec  6 14:37:06 CET 2017 -

- Revert "shadow variables: share shadow data among KGraft modules"
  This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f.
- commit d184b38

Wed Dec  6 14:36:56 CET 2017 -

- Revert "shadow variables: add KGR_SHADOW_ID helper"
  This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c.
- commit 22d6153

Wed Dec  6 12:18:06 CET 2017 -

- rpm/ Use SUSE:SLE-15:GA project
- commit ff32fc9

Wed Dec  6 12:14:17 CET 2017 -

- Revert "scripts: Generate ExclusiveArch in spec file dynamically"
  This reverts commit 95ed856ea8f99b4e48d7d324278b3628d2ac2fa2.
  SLE15 will support ppc64le arch from the beginning.
- commit 92e9bdb

Tue Dec  5 16:42:04 CET 2017 -

- uname_patch: fix UNAME26 for 4.0
  Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for
- commit 5988feb

Mon Dec  4 15:25:24 CET 2017 -

- Revert "Add compat.h to deal with changes of KGR_PATCH macro"
  This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709.
  All currently supported kernels (that is, everything since
  SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop
  compat, because we don't need it anymore.
- commit 11e3220

Thu Nov 30 15:15:20 CET 2017 -

- scripts: Generate ExclusiveArch in spec file dynamically
  ppc64le architecture kernel support is not present in all currently
  supported branches. It may cause problem for the maintenance team.
  Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for
  SLE12-SP3 and 'x86_64' for the rest.
- commit 95ed856

Thu Nov 16 14:27:46 CET 2017 -

- rpm/kgraft-patch.spec: Add ppc64le as a supported arch
  ppc64le is about to be supported in Live Patching product. Add it to
  ExclusiveArch tag.
- commit 8437c94

Thu Nov 16 14:26:35 CET 2017 -

- rpm/kgraft-patch.spec: Remove s390x from supported archs
  s390x is not supported in Live Patching product. Remove it from
- commit f9614f2

Tue Oct 31 10:34:53 CET 2017 -

- livepatch_main.c: klp_patch_init(): fix error handling
  In case either of the invocations of klp_register_patch() or
  klp_enable_patch() fails, anything which has been setup by the prior
  per-(sub-)patch initialiation code, i.e. the expansion of
  @@KLP_PATCHES_INIT_CALLS@@, won't get undone.
  Fix this.
  Also make klp_patch_init() look more like the common 'goto err' idiom
  and adjust scripts/ accordingly.
  Fix for commit 7e20201cdcb8 ("kGraft to livepatch migration. API
- commit 6552b44

Tue Oct 31 10:34:52 CET 2017 -

- scripts/ generate klp_object array
  The KLP API doesn't take a flat list of to be patched functions
  like KGraft did, but introduces an intermediate layer: struct
  Each klp_patch instance is supposed to reference an array of
  klp_object's which in turn provide an array of klp_func's each.
  To facilitate merging, we want to generate this list of klp_object's
  automatically, exactly like we did for the flat function list with KGraft.
  For each klp_patch instance, there must be at most one klp_object entry
  referring to the same object.
  Hence care must be taken not to add an entry for the same object twice
  in case two different (sub-)patches both patch some functions therein.
  Require from each (sub-)patch to provide the list of to be patched
  symbols in a file named SUBPATCH/patched_funcs.csv with each line
  conforming to the
  obj old_func(,sympos) new_func
  Make scripts/ generate an klp_object array initializer based on
  this and let it expand the @@KLP_PATCHES_OBJS@@ tag within livepatch_main.c
  Do not replace the now obsolete @@KLP_PATCHES_FUNCS@@ anymore.
  Add and remove the @@KLP_PATCHES_OBJS@@ and @@KLP_PATCHES_FUNCS@@
  markers to and from livepatch_main.c respectively.
  [ mb: amend copy&paste error ($newfun at the end of uname klp_func[]) ]
- commit 0fe721b

Thu Oct 26 13:54:06 CEST 2017 -

- kGraft to livepatch migration. External rename.
  External rename and thus final step of kGraft -> upstream livepatch
  migration. kgraft-patch* modules are now livepatch* and live in
  /lib/modules/$(uname -r)/livepatch.
  References: fate#323682
  [ mb: changelog ]
- commit f842fd5

Thu Oct  5 12:12:29 CEST 2017 -

- shadow variables: add KGR_SHADOW_ID helper
  As shadow variables are supposed to be shared among different KGraft
  modules their id's must be compile time constants.
  Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform
  manner based on the bsc# number and a local id.
- commit 237c8f3

Thu Oct  5 12:12:28 CEST 2017 -

- shadow variables: share shadow data among KGraft modules
  As it stands, each KGraft module maintains its own set of shadow variable
  management structures and thus, shadow variables are not sharable between
  livepatch modules.
  This behaviour is different from the upstream implementation and, as
  pointed out by Miroslav Benes, it also opens up an opportunity for a small
  window where the system might become vulnerable again during transition as
  we stack new livepatches on top.
  Let all KGraft patches share the shadow data.
  Sharing is implemented by moving the management structures from a KGraft
  module's .data to dynamically allocated memory. Each KGraft module will
  have specifically named pointers, 'kgr_shadow_hash12' and
  'kgr_shadow_lock12', referencing them.
  Upon initialization, a KGraft module will discover already existing such
  shadow data by kallsyms-searching all loaded modules for these pointer
  symbols. If none is found, a new instance is allocated. The newly
  introduced kgr_shadow_init() implementing this is idempotent and can thus
  be called from the bsc# subpatches' initializers if needed.
  Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct
  another kallsyms search and deallocate the shadow data in case there are
  no more users. kgr_shadow_cleanup() is also idempotent.
  Initialization and teardown of the common shadow data is serialized with
  the module_mutex which has to be taken for the kallsyms search anyway.
- commit 8e1e705

Thu Oct  5 12:12:27 CEST 2017 -

- shadow variables: drop EXPORT_SYMBOL()s
  The shadow variable API will only ever get used by the KGraft module itself
  and thus, there's no need for exporting it.
  Drop all EXPORT_SYMBOL annotations.
- commit ac6cfeb

Thu Oct  5 12:12:26 CEST 2017 -

- shadow variables: introduce upstream patch
  Joe Lawrence posted the sixth version of his shadow variable patch [1]
  implementing the association of additional out-of-band data members to
  existing structure instances from livepatches.
  Jiri Kosina has applied this to his
  git:// for-4.15/shadow-variables
  tree and thus, it's queued up and close to getting merged.
  The plan is to eventually backport this shadow variable support to SLE
  kernels, but we also want to have it usable from KGraft modules by now.
  Port the implementation to the kraft-patches module.
   - dump shadow.c in it's current upstream state as it is after commits
     439e7271dc2b ("livepatch: introduce shadow variable API")
     5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to
     19205da6a0da ("livepatch: Small shadow variable documentation fixes")
   - add a shadow.h header and declare the newly introduced functions there
   - and incorporate the new files into the KGraft module's build system.
    ("[PATCH v6] livepatch: introduce shadow variable API")
- commit e899c4f

Wed Jul 12 11:14:40 CEST 2017 -

- kGraft to livepatch migration. API change.
  Change from kGraft API to livepatch API.
  Note: error handling in _init() function is broken and fixed later.
  Automatic generation of klp_objects is not present at all. Added later.
  References: fate#323682
  [ mb: changelog, patch split, whitespace errors ]
- commit 7e20201

Wed Jul 12 11:08:57 CEST 2017 -

- kGraft to livepatch migration. Internal rename.
  Internal rename in preparation for kGraft -> upstream livepatch
  migration. External module naming stays the same. API is not touched
  References: fate#323682
  [ mb: changelog edit ]
- commit 28a04a2

Tue Jun 13 15:54:27 CEST 2017 -

- scripts/ register subpatch sources in rpm spec
  In order to reduce the manual merging work upon addition of new
  (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c
  dynamically") introduced the helper. It discovers
  those and tweaks the main entry point, kgr_patch_main.c, as needed.
  However, a remaining manual merging task is to list a (sub)patch's source
  archive in rpm/kgraft-patch.spec and to %setup it.
  Make scripts/ do this.
  placeholders in rpm/kgraft-patch.spec
- and make scripts/ expand those within a spec file
  to be given as an additional command line argument.
  Finally, adjust scripts/ accordingly.
- commit 9eafc8a

Tue Jun 13 15:51:42 CEST 2017 -

- scripts/ don't add ','s to @@KGR_PATCHES_FUNCS@@ expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@
  placeholder by concatenating all available patches' KGR_PATCH_<XY>_FUNCS
  together, separating them by commas.
  The KGR_PATCH_<XY>_FUNCS are CPP macros supposed to be provided by each
  patch. If one of these happens to be empty, the preprocessed expansion
  will contain two consecutive commas which gcc doesn't like in array
  Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require
  the individual KGR_PATCH_<XY>_FUNCS macros to already contain trailing
  ones as needed.
  Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically")
- commit ba41416

Wed Jun  7 12:05:41 CEST 2017 -

- scripts: create kgr_patch_main.c dynamically
  The kgraft-patches repository has got many branches, each corresponding
  to a supported codestream. Each of those carries a potentially different
  set of live (sub)patches which are controlled through the entry points in
  kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch
  based on the pristine master is a pita due to conflicts.
  Since all (sub)patches stick to certain conventions already, the required
  modifications of the merging-hotspot kgr_patch_main.c are quite mechanic.
  Let a script do the work.
- insert some special @@-embraced placeholders at the few places depending
  on the actual set of (sub)patches,
- let discover the available (sub)patches by searching
  for directories
- and let replace those placeholders in
  Finally, add a invocation to
  This procedure requires that a SUBPATCH located in directory SUBPATCH/
  adheres to the following conventions:
- It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header.
- This header must provide declarations for kgr_patch_SUBPATCH_init()
  and kgr_patch_SUBPATCH_cleanup().
- This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro.
  It should expand to a comma separated list of KGR_PATCH*() entries,
  each corresponding to a function the subpatch wants to replace.
  [mbenes: fixed typos, empty line removed]
- commit 4e8dc88

Mon Apr 24 16:00:54 CEST 2017 -

- Replace $(PWD) with $(CURDIR) in Makefile
  CURDIR is an internal variable of make and more suitable.
- commit 03bf1d5

Wed Apr 19 14:02:27 CEST 2017 -

- Create Makefile automatically
  Introduce scripts/ script to automatically create a
  makefile. The scripts is called from or could be called
- commit 1af6c29

Mon Oct 24 13:26:09 CEST 2016 -

- Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project
- commit bdc7598

Tue May 10 15:43:59 CEST 2016 -

- Add compat.h to deal with changes of KGR_PATCH macro
  Sympos patch set for kGraft redefined KGR_PATCH macro and added two new
  ones. Add new compat.h which contains macro magic so that all kGraft
  patches would work on both old and new kernels with the patch set
- commit 4186bef

Fri May  6 17:01:17 CEST 2016 -

- Fix the number of parameters of KGR_PATCH macro
  New kernels contain kGraft's sympos patch set which changed number of
  paramaters of KGR_PATCH macro and introduced new macros. Fix it in
  master so it will be ok for new branches.
- commit 78cf676

Tue Sep  1 13:00:23 CEST 2015 -

- Include the RPM version number in the module name
- commit 8fa02c6

Wed Aug 26 11:29:44 CEST 2015 -

- Remove forgotten debug option in the Makefile
- commit 9c24ab8

Mon Aug 17 13:42:04 CEST 2015 -

- Add license and copyright notices
- commit d42d3aa

Wed Jul 15 15:58:35 CEST 2015 -

- Remove immediate flag
  Fake signal was merged to kGraft and immediate feature removed. Remove
  it in kGraft patches from now on too.
- commit c767ad2

Wed May 20 16:32:17 CEST 2015 -

- Set immediate flag to false
  Using immediate set to true can lead to BUGs and oopses when
  downgrading, reverting or applying replace_all patches. There is no way
  how to find out if there is a process in the old code which is being
  removed. The module would be put, removed and the process will crash.
  The consistency model guarantees that there is no one in the old code
  when the finalization ends. Thus use it for all case to be safe.
- commit 830e1a3

Tue May 12 15:48:07 CEST 2015 -

- Fix description in rpm spec file
  Spec file description mentions initial kGraft patch which is only true
  for real initial patch. Make it more neutral.
  References: bsc#930408
- commit a55e023

Wed Apr  1 15:36:24 CEST 2015 -

- Generate archives names automatically in
- commit 1f34f18

Wed Apr  1 13:39:26 CEST 2015 -

- Automatically generate .changes file from git log
  Also add comments to script to distinguish between sections.
- commit 212a7ae

Thu Mar 26 14:24:21 CET 2015 -

- Revert "Require exact kernel version in the patch"
  This needs to be done differently, so that modprobe --force works as
  References: bnc#920615
  This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a.
- commit bc88dd7

Wed Mar 25 13:10:24 CET 2015 -

- Require exact kernel version in the patch
  References: bnc#920615
- commit c62c11a

Tue Mar 24 12:15:41 CET 2015 -

- Add the git commit and branch to the package description
  References: bnc#920633
- commit 1ff4e48

Wed Nov 26 10:09:14 CET 2014 -

- Set immediate flag for the initial patch
  Setting immediate to true will simplify installation of the initial patch and
  possibly also of the further updates.
  References: bnc#907150
- commit 391b810

Tue Nov 25 16:26:40 CET 2014 -

- Add .replace_all set to true
  Add .replace_all flag set to true even to the initial patch. Thus we will not
  forget to add that later. Also .immediate is there as a comment.
- commit 933e15e

Mon Nov 24 15:02:33 CET 2014 -

- Drop the hardcoded kernel release string
  The updated kgraft-devel macros set this during build time, so we do not
  need to know the kernel release string beforehand. As a name suffix for
  the source packages, let's use SLE12_Test in the master branch and
  SLE12_Update_<n> in the update branches.
- commit 65f7a25

Fri Nov 21 15:48:48 CET 2014 -

- Check that we are building against the set kernel version
- commit 689e44a

Wed Nov 12 04:11:14 CET 2014 -

- Mark the module as supported
  References: bnc#904970
- commit 6249314

Tue Nov 11 17:11:28 CET 2014 -

- Build the test packages against Devel:kGraft:SLE12
- commit c952fbb

Thu Nov  6 13:55:43 CET 2014 -

- Add top git commit hash to uname -v
  Add top git commit hash to version part of uname. This makes the identification
  of current patch level easy (even in crash: p kgr_tag).
  References: fate#317769
- commit 54c9595

Tue Nov  4 16:23:50 CET 2014 -

- Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@
  We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to
  sysfs tree. @@RELEASE@@ changes with each new version of package.
- commit 51fd9dd

Mon Nov  3 17:27:24 CET 2014 -

- Add a source-timestamp file with the git commit hash and branch
  This is required by the bs-upload-kernel script to upload packages to
  the BS. It can also be used by the specfile in the future.
- commit feab4f1

Mon Nov  3 16:56:31 CET 2014 -

- Initial commit
- commit 600de9d

Mon Nov  3 14:59:46 CET 2014 -

- Add script
  This tells the automatic builder which IBS project to use.
- commit aa7f1cb