SUSE-IU-2024:446-1: Security update of suse/sle-micro/rt-5.5
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat May 25 07:01:23 UTC 2024
SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:446-1
Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.3 , suse/sle-micro/rt-5.5:latest
Image Release : 4.5.3
Severity : important
Type : security
References : 1082216 1082233 1141539 1177529 1190576 1192145 1192837 1193629
1196869 1200313 1201308 1201489 1203906 1203935 1204614 1207361
1211592 1213573 1213638 1217408 1218560 1218562 1218917 1219104
1219126 1219141 1219169 1219170 1219264 1220342 1220492 1220569
1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084
1221088 1221162 1221299 1221612 1221617 1221632 1221645 1221791
1221825 1222011 1222051 1222247 1222266 1222294 1222307 1222357
1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430
1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520
1222536 1222549 1222550 1222557 1222559 1222585 1222586 1222596
1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632
1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678
1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721
1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781
1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798
1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222866
1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888
1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030
1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051
1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066
1223067 1223068 1223076 1223078 1223111 1223115 1223118 1223187
1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323
1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479
1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499
1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513
1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525
1223536 1223539 1223574 1223595 1223598 1223634 1223640 1223643
1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661
1223663 1223664 1223668 1223686 1223693 1223705 1223714 1223735
1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824
1223827 1223834 1223875 1223876 1223877 1223878 1223879 1223894
1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934
1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956
1223957 1223960 1223962 1223963 1223964 CVE-2018-6798 CVE-2018-6913
CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184
CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191
CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196
CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201
CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206
CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212
CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218
CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636
CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642
CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650
CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655
CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660
CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671
CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687
CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694
CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701
CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-52488
CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590
CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620
CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652
CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307
CVE-2024-23848 CVE-2024-23850 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656
CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680
CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688
CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704
CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736
CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745
CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760
CVE-2024-267600 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766
CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776
CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792
CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816
CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833
CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853
CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862
CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879
CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885
CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897
CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927
CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956
CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970
CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013
CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041
CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389
-----------------------------------------------------------------
The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1663-1
Released: Wed May 15 21:08:37 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1141539,1177529,1190576,1192145,1192837,1193629,1196869,1200313,1201308,1201489,1203906,1203935,1204614,1207361,1211592,1213573,1217408,1218562,1218917,1219104,1219126,1219141,1219169,1219170,1219264,1220342,1220492,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1
222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223536,1223539,1223574,1223595,1223598,1223634,1223640,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,122392
9,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-2021-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-486
58,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024
-26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024-26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-267600,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901
,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,CVE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389
The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- README.BRANCH: Correct email address for Petr Tesarik
- README.BRANCH: Remove copy of branch name
- Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes).
- Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
- Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes).
- Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
- Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
- Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes).
- dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes).
- iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- s390: Fixed kernel backtrack (bsc#1141539 git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1769-1
Released: Thu May 23 16:26:19 2024
Summary: Recommended update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher
Type: recommended
Severity: important
References: 1218560
This update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher fixes the following issues:
Changes in SLE-Micro:
- Update to version 2.0.4:
* [v2.0.x] Hostname backports (#1371)
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
* Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258)
Changes in SLE-Micro-base:
- Update to version 2.0.4:
* [v2.0.x] Hostname backports (#1371)
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
- Update to version 2.0.3:
* Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258)
Changes in SLE-Micro-kvm:
- Update to version 2.0.4:
* [v2.0.x] Hostname backports (#1371)
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
- Update to version 2.0.3:
* Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258)
Changes in SLE-Micro-rt:
- Update to version 2.0.4:
* [v2.0.x] Hostname backports (#1371)
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
- Update to version 2.0.3:
* Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258)
Changes in build-iso:
- Update to version 2.0.4:
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
- Update to version 2.0.3
Changes in build-iso-base:
- Update to version 2.0.4:
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
- Update to version 2.0.3
Changes in elemental:
- Update to version 2.0.4:
* [v2.0.x] Hostname backports (#1371)
* Fix kvm and rt dockerfile arguments
* Make sure no variables in /etc/os-release are duplicated
- Update to version 2.0.3:
* Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258)
Changes in elemental-channel-image:
- Adapt Dockerfile to pull explicitly elemental-register instead
of the newer 1.5 version of it
- Add v2.0.2 image to channel
Changes in elemental-channel1.5-image:
- Add v2.0.2 image to channel
- Remove `for Rancher` suffix
- Channel adapted to 'suse/sle-micro' images
Changes in elemental-operator1.5:
- Update to version 1.5.1:
* Repurpose v1.5.x branch for SLE Micro 5.5
* Micro rename (#684)
* elemental-operator registration cleanups (#689)
* Sanitize elemental-operator dependencies (#690)
* github actions: add airgap script test
* [Airgap] minor: fix debug message
* [Airgap] add script tests
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
* Bump docker/login-action from 3.0.0 to 3.1.0
* Bump docker/build-push-action from 5.2.0 to 5.3.0
* Add extension to seedimage url (#682)
* registration: allow dots in machineInventory names
* registration: decouple replacing data-labels from sanitizing strings
* registration: move sanitize code in sanitizeString()
* Fix ManagedOSImage cloudConfig (#671)
* New name is elemental-rootfs
* Use /run/elemental and elemental- services (#675)
* Update github.com/golang/protobuf
* Run make vendor
* Bump google.golang.org/protobuf from 1.31.0 to 1.33.0
* Bump docker/build-push-action from 5.1.0 to 5.2.0
* [Airgap] fix channel.json extraction (#669)
* [Airgap] fix 'channel.image'/'channel.repository' value in 'next steps' (#665)
* Align DrainSpec to system-upgrade-controller defaults (#668)
* operator/Dockerfile: tag IMAGE_REPO with :latest
* seedimage: add tag to IMG_REPO
* Dockerfile: SLE_VERSION -> SLEMICRO_VERSION
* operator: switch to toolbox for ALP
* seedimage: switch labelprefix to com.suse.elemental
* seedimage: Switch to toolbox for ALP
* Drain nodes by default on upgrade (#660)
* [Airgap] fix missing return code value
* [Airgap] Use bash test syntax
* [Airgap] make the script work with both legacy and newer charts
* [Airgap] fix the airgap script
- Update to version 1.5.0:
* Enable ManagedOSImage updates (#658)
* Review omitempty flag on API json converter
* charts: backport changes from Rancher Marketplace chart (#652)
* Make snapshotter configurable (#651)
* [Airgap] fix the airgap script (#654)
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
* [Airgap] add support to Hauler in the airgap script (#647)
* Fix channel synchronization
* Bump docker/metadata-action from 4.1.1 to 5.5.1
* Requeue reconcile loop for ongoing synchronizations
* elemental-register: collect OS data for MachineInventories annotations (#642)
* Bump go to 1.22 (#643)
* Make channel sync more robust (#638)
* Makefile/setup-full-cluster: build seedimage-builder image too (#639)
* Makefile: fix commit date for local builds (#631)
* Requeue after 1 second in case of failures
* Recover on syncer pod creation failures
* Bump docker/build-push-action from 3.2.0 to 5.1.0
* Bump docker/setup-buildx-action from 2.2.1 to 3.0.0
* Bump golangci/golangci-lint-action from 3 to 4
* Bump github/codeql-action from 2 to 3
* Update system-upgrade-controller test version (#630)
* Add dev baseimage build (#619)
* Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628)
* Use go 1.20
* Use rancher/yip v1.4.10
* Use go.mod ginkgo version
* SeedImage builder arguments in wrong order
* Use newer xorriso (#624)
* Bump codecov/codecov-action from 3 to 4
* Bump docker/login-action from 2.1.0 to 3.0.0
* Bump actions/dependency-review-action from 2 to 4
* Update actions/labeler config
* Make linter happy
* Bump actions/labeler from 4 to 5
* README: drop legacy docs (#616)
* Add dependabot config for actions
* Bump github actions
* Do not adopt machineinventories undergoing deletion/reset (#605)
* Update seedimage build-disk command
* Fix inversed reset options (#604)
* Print system architecture (#603)
* hostname: set the hostname on the newer location too
* Charts/Makefile: fix default OS channel repo name (#594)
* Add hostname to system-data
* Add elemental-seedimage-hooks package (#592)
* Restrict package arch to x86_64 and aarch64
* Update copyright year (2024)
* Update copyright year (2024)
* Change raw SeedImage deploy-command
* Add target platform validation test
* Add kubebuilder example and validation
* Add TargetPlatform to SeedImageSpec
* Fix default values in questions.yaml file
* Bump golang.org/x/crypto to 0.17.0
* Add disable-boot-entry flag to reset command
* Always pull channel image on channel sync
* Fix channel sync bug
* Avoid repeating package name in summary
* Make summary start with a capital letter
* Unify all chart files under .obs/charfile
* Add warning if both device and device-selector set
* Add grub package to seedimage built in OBS (#568)
* Fix device-selector logic (#571)
* Add missing questions.yaml file
* Implement picking dynamic installation device (#561)
* Build raw disk images in SeedImage (#557)
* charts: fix annotations (#566)
* ci: fix SeedImage builder used image
* Bump github.com/docker/docker from 20.10.24+incompatible to 24.0.7+incompatible (#560)
* Update google.golang.org/grpc to v1.56.3
* Keep old output-name
* Add slem4r images in channel (#544)
* Bring your own SeedImage builder (#542)
- Update to version 1.4.3:
* registration: allow dots in machineInventory names
* registration: decouple replacing data-labels from sanitizing strings
* registration: move sanitize code in sanitizeString()
* V1.4.x fix channel synchronization (#683)
* linter: fix copyright dates
* Make linter happy
- Update to version 1.4.2:
* Fix inversed reset options (#604)
* Add hostname to system-data
* Fix default values in questions.yaml file
- ExclusiveArch x86_64 and aarch64 (bsc#1218560)
- Update to version 1.4.1
* Always pull channel image on channel sync
* Fix channel sync bug
* Avoid repeating package name in summary
* Make summary start with a capital letter
- Update to version 1.4.0+git20231129.c7f1dc1:
* Add slem4r images in channel (#544)
* Unify all chart files under .obs/charfile
- Update to version 1.4.0+git20231127.55a37d4:
* Add warning if both device and device-selector set
* Fix device-selector logic (#571)
* Implement picking dynamic installation device (#561)
* Add missing questions.yaml file
* charts: fix annotations (#566)
* Make sure to not overlap with the already existing channel and use RT for tests
* Remove use of images from quay.io
* Prevent installing if previous CRDs are pending to be removed
* elemental-airgap: allow to just create the channel (#548)
* bump go to 1.20 or later
* Bump dependencies (#540)
* ci: bump k8s and Rancher Manager versions
* Use helm/kind-action to install kind
* ci: fix action versions used
* Disable local plan for elemental-system-agent
* Improve error management
* Patch already existing versions on channel sync
* Improve update events filtering to actually ignore status updates
* Add some improvements
* Run all syncers in a pod
* Fix e2e workflow
* elemental-airgap: fix skipping http/https URLs
* Use the proper format for command arguments
* Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent'
* elemental-airgap: fix automatic image channel name (#521)
* register: add no-toolkit unit tests
* register: add os.unmanaged inventory annotation
* register: add no-toolkit option
* make verify: stay on mockgen v0.2.0 (#523)
* elemental-airgap: add support to OS images (#518)
* Small refactor to centralize registration config checks
* Ensure Elemental registration data includes the registration URL
* Remove --debug flag from helm pull
* Attempt to use charts from PR project in e2e tests
* Publish OBS charts to gh-pages
* elemental-airgap: allow to pass dev | staging | stable as argument
* elemental-airgap: pick the operator chart as an argument
* elemental-airgap: add script to help airgap deployment
* Apply a regex on tags to match the same criteria as in OBS
* Charts: fix OBS build
* Publish all OBS repositories on PRs
* Fix repository url
* Charts: always use camelCase for values (#507)
* Revert not-needed marker fix
* Set default spec.config.elemental.reset block for MachineRegistration
* Use elemental-register-reset service (#502)
* Use OBS PR builds for the e2e tests
* Build and publish charts for OBS/IBS artifacts in gh-pages
- Update to version 1.3.2+git20230824.c90c1c8:
* Disable service triggers on staging (#498)
* Add CAPI cluster role to helm chart (#500)
* Charts: sync OBS charts
* tests: fix e2e workflow
* tests: fix chart workflow
* Makefile: add the REGISTRY_URL var
* Charts: add registry templating for custom airgap
* Charts: add README
* Charts: enforce templating on the channel resource
* Charts: update rancher annotations
* Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#442)
* Fixed a typo in the version string for elemental-teal-channel in helm chart (#495)
* Implement remote machines reset (#489)
* Remove custom default config-dir on installation media
* Remove SLE Micro reference from elemental-operator images
* Include crds chart in OBS workflow
* Update OBS workflow to the new project setup
* Make SLE Micro version from image references dynamic (#480)
* Recreate service account token secret if missing
* Adds ca-certificates and ca-certificates-mozilla in operator image
* Adapt .spec file to non-SUSE distributions (#482)
* Improve re-registration (#479)
* Do not make use of ServiceAccount.Secrets list
* Fix elemental managed label value to match backup operator expectations
* Make explicit elemental-operator image is under l3 support
* Add CONTRIBUTING.md (#472)
* Handle mkdir error
* Create registration config directory if not exist
* Persist registration state
* Omit confusing debug message
* Fix error formatting
* Handle MsgUpdate response on client side
* Remove unnecessary MsgUpdate payload. Rely on authentication data instead
* Handle sendUpdate error
* Do not terminate serveLoop on MsgUpdate
* - Check protocol version before sending MsgUpdate - Use MsgUpdate to notify registration update only
* Charts: add a new chart to host the pre-hook migration template
* Charts: add template checking crds installation
* Prevent registration update if MachineInventory is not found
* Do not retry registration when on installed system and using randomized TPM seed
* Do not retry registration when not on live system
* Check for live registration config when no arguments passed
* operator: copy cloud-config file not its link (#468)
* Update README installation section (#465)
* SeedImage: manage updates of builder Pod under deletion
* SeedImage: add ResourcesNotCreatedYet Ready condition
* SeedImage: reset download URL on Pod deletion
* SeedImage: allow the controller full control on configmaps
* SeedImage: isolate all the config map logic in a separate function
* SeedImage: on retriggerBuild delete owned SeedImage resources
* SeedImage: drop redundant set of retriggerBuild
* The job was missing a templated name for the serviceaccount to be fully consistent
* Update charts/crds/Chart.yaml
* Update .obs/chartfile/crds/Chart.yaml
* Add upgrade hook
* Include channel as part of the installation
* Adapt tests and Makefile
* Split chart into crds chart and operator chart
* websocket/trivial: messages: annotate version of introduction
* register client: make linter happy
* register client: annotate auth method used for registration
* register client: rework getHostMacAddr()
* register client: add 'mac' and 'sys-uuid' Plain Auth
* register client: set TPM as default authentication method
* operator: enable plain auth
* operator: add plain auth
* elemental api: add fields to support plain authentication
* Bump rancher and k8s for e2e tests (#449)
* OBS PR workflow: set the right project to disable images repo
* Fix OBS PR workflow
* goreleaser: fix releases CI (#444)
* Chart: add logo and Rancher display-name annotation (#440)
* Add channel hook-failed delete policy
* Include display name field on ManagedOSVersions
* Add ISO type in ManagedOSVersions
* SeedImage: add to the github release workflow
* Fix template
* Include elemental-teal-channel by default on chart install
* Merge default command and image in containersSpec
* Add tests for containerized base ISO and utilities
* Pull iso as a container
* SeedImage extended API: drop debug log
* SeedImage: extended api doesn't expect the iso name anymore
* SeedImage: inject MachineRegistration and date in the built iso name
* httpfy: allow to serve single file
* SeedImage: pass whole SeedImage reference to fillBuildImagePod
* SeedImage: add more seedimage_controller tests
* Utils: generalize IsPodOwned func to IsObecjtOwned() and add tests
* SeedImage: make the linter happy...
* SeedImage: controller logic for the pod cleanup/retrigger
* SeedImage: add image timeout and retrigger fields
* httpfy: add timeout parameter
* Use config map in seedimage pod (#423)
* SeedImage: check OwnerReference in controller tests
* SeedImage: retrieve MachineRegistration just once
* SeedImage: set OwnerReferences
* Add seedimage-builder into the OBS workflow
* Feat: add CODEOWNERS
* OBS: build ssl default certificates in SeedImage build image
* Update default values file in OBS
* SeedImage: set build image PullPolicy from the operator chart
* unit-tests: cover MAC and Used Memory in labels test
* unit-tests/trivial: move server.go test to the new server_test.go file
* OBS: use SeedImage build image from OBS for the chart
* Bump github.com/docker/docker from 20.10.22+incompatible to 20.10.24+incompatible (#410)
* Update to go 1.19 (#408)
* SeedImage: add Dockerfile for OBS build
* httpfy: support automated building
* Build elemental-operator image from scratch
* Prevent a nil pointer dereference panic error
* Fix event filters
* Prevent retriggering a reconcile on ownership setup
* Do not start error messages with capital letters
* Extend unit tests for inventory and selector resources
* Adapt unit tests to new condition states
* Selector and inventory cleanup
* Ensure optimistic locking is set on machine selectors
* Adapt info and debug logging for the inventory and selector controllers
* Read machine inventory only once on selector reconcile
* Sets a validation process for Machine Inventory adoption
* Enble cache for MachineInventorySelector resources
* SeedImage: update OBS build recipes
* SeedImage: busybox base64 decodes with -d only
* SeedImage: pass the build image from the operator chart
* SeedImage: build image for the builder pod
* Add cloud-config support to seedImage (#399)
* SeedImage: fix registration yaml name (#394)
* operator: ensure elemental finalizers are removed if present (#393)
* SeedImage: move sync status with running pod to new func
* operator: allow seedimage download from the extended API
* SeedImage: add DownloadToken in the Status
* operator: return http 401 error on registration auth failure
* operator: report error on unrecognized auth websocket connections
* operator: drop build-image api (#389)
* unit-tests: ensure resources cleanup (#390)
* SeedImage: drop finalizer tests
* SeedImage: check conditions and return early when needed
* SeedImage: add more tests
* Adapt tests to drop finalizers
* Stop using finalizers if not extrictly needed
* operator: add SeedImage CRD (#377)
* Prevent MachineInventorySelector from being cached
* Set object not found as a debug message
* Update logs to not use info with custom depth
* operator: use opensuse nginx to serve build-img ISO (#369)
* Use variadic arguments in klog instead of slices
* operator: register the host IP in MachineInventory annotations (#350)
* Unify logging
* operator: labels minor improvements (#363)
* build-image API: add build job with single pod lifecycle (#362)
* Turn MachineInventoryRef into LocalObjectReference (#359)
* Remove branch filter on tag events (#361)
* Update actions/download-artifact to v3.0.2
* Filter inventory list with a labelSelector and not with a labels map (#358)
* Move system-data labels to templating
* operator: let build-image API GET to return the image URL (#351)
* register client: isolate TPM auth code (#346)
* operator: fix label name (#348)
* operator: fix MachineInventory search during registration (#342)
* operator: always use software UUID as default machine name (#340)
* Set default elemental-operator USER
* operator: add support to old register clients (#338)
* Lints
* Update wharfie to 0.5.3
* register client: allow to register against lower version operators (#332)
* Replace action engineerd/setup-kind (#328)
* Copyright date-range 2022 - 2023 (#327)
* Use go 1.18
* operator: expose build-image API (#315)
* Fix node-labels regression
* Do not store cpu info if not available (#321)
* docs: add ref to the official docs in the chart readme (#316)
* linter: fix go-header check (#319)
* unit-tests: disable parallelization (#312)
* Change tar-file layout in elemental-support
* Add default config-dir value (#313)
* Re-add config-dir install flag (#309)
* Return registration errors to client (#301)
* Properly sanitize extra system data (#307)
* Improve unit tests (#308)
* Derive TPM seed from system UUID (#297)
* Add disable-boot-entry flag in install structure (#302)
* Fetch commit and date from obsinfo file (#300)
* operator: add back debug logs for logrus (registration) (#299)
* [tpm] Set a random seed if emulated tpm seed is set to -1 (#282)
* Include _helmignore file (#295)
* Add OBS build repcipes into the repository (#294)
* Drop legacy catalog for tests (#291)
* Kubebuilder: fix MachineRegistration search during registration (#280) (#293)
* Send full system data on registration (#276)
* Bump rancher version in e2e tests (#290)
* Set default syncTime when not provided (#289)
* Remove invalid conditions from objects (#284)
* operator: don't try to patch an empty MachineInventory (#274)
* Backport minor fixes (#271)
* Merge all main logic in one file (#270)
* [controller_runtime] add registration protocol version (#266)
* Kubebuilder: Remove unused code (#267)
* [controller_runtime] operator/registration: switch to Kubebuilder client (#256)
* Refactor ManagedOsImage e2e tests (#263)
* Add a rate limiter to managedosversionchannel reconciler (#260)
* Refactor MachineRegistration e2e tests (#253)
* Drop requeuer, not needed anymore (#255)
* Improve syncer (#252)
* New syncer logic (#245)
* Fix make verify (#248)
* controller: add Secret name reference to the ServiceAccount (#247)
* Kubebuilder: Add 'verify' workflow (#244)
* Add remaining controllers (#232)
* Kubebuilder: Add machine inventory selector controller (#224)
* Kubebuilder: Add remaining API types (#225)
* Kubebuilder: Add machine inventory controller (#221)
* Kubebuilder: Add machine registration controller (#206)
* Kubebuilder: Run new code and generate RBAC (#203)
* Kubebuilder: Add make tasks for different tools (#194)
* Add kubebuilder API definitions (#184)
* Change yaml-marshalling of node-labels file (#287)
* Remove yaml typo (#286)
* Add helm labels and annotations to all crds (#281)
* Set helm labels on CRDs (#277)
* Change the helm chart oci reference to be aligned with other elemental images (#268)
* Add version commands/flags for all binaries (#262)
* Use custom names in upgrade objects (#254)
* Several improvements to the support command (#258)
* Also trigger Dev rebuild on tag push (#249)
* Propagate inventory labels to node on bootstrap plan (#243)
* Add codeql + escape user input before processing (#237)
* Create dependency-review.yml (#236)
* Bump golangci action (#234)
* Stop elemental-system-agent when the node is ready (#231)
* Fix docker and gorelease jobs (#230)
* operator: improve logging of the MachineRegistration controller
* operator: move ServiceAccount creation to a separate func
* operator: drop duplicated import
* operator: enforce ServiceAccount's Secret link
* operator: create ServiceAccounts before their Secrets
* operator: unit-tests: add coverage for unauthenticatedResponse() (#217)
* coverity: make patch status informational (#219)
* tests: Add k8s 1.24 and default to rancher 2.6.9 (#220)
* tests: use latest url for rancher charts (#218)
* Elemental Operator: manage empty config in MachineRegistrations (#213)
* Label other objects created by elemental-operator (#216)
* Only read yaml files included in the given directories (#215)
* Label secrets managed by elemental-operator (#212)
* Allow custom config files for elemental-cli (#210)
* Collect operator logs after running tests (#204)
* Audit and update elemental-operator RBAC ClusterRole (#196)
* Add config for e2e tests (#201)
* Add OBS workflow to update elemental-operator package (#200)
* Add vendor for obs integration (#198)
* release: enhance release pipeline (#195)
* operator: drop duplicated import of elemental APIs (#199)
* Disable CGO under arm for register binaries + restore SBOM (#193)
* Revert 'Add sbom to releases and attach to containers' (#191)
* Add elemental GlobalRole for Rancher UI (#187)
* Add reasons for conditions (#185)
* lint: dont overshadow var (#172)
- elemental-register needs lvm2 for running blkdeactivate.
- Update to version 0.6.0+git20220923.ffdff84:
* Add v0.6.0 changelog (#182)
- Update to version 0.6.0+git20220923.f022acb:
* unit-tests: add support to Secrets in registraion's OnChange()
* operator: log the creation of a new registration token
* operator: explicitly add Secrets to registration ServiceAccounts
* operator: return error when the ServiceAccount has no secrets
- Update to version 0.5.0+git20220922.17d9d21:
* support command improvements (#173)
- make elemental-support a sub-package
- disable chart building, was not packaged
- Update to version 0.5.0+git20220912.846c610:
* Add sbom to releases and attach to containers (#160)
* Use BCI Golang image to build image
* register: fix CGO build in Dockerfile
* register: build it with CGO (#169)
* tests(registration): More unit tests (#167)
* Rework client to accept a ClientInterface (#166)
* tests(inventory): Add unit tests for inventory methods (#164)
* register/operator: drop MachineInventory labels passed from the client
* unit-tests: check default machine name
* go mod tidy
* operator: change default MachineInventory name
* Add simple changelog (#158)
- Update to version 0.5.0+git20220902.3d28c5d:
* Configure custom smbios data (#157)
- Update to version 0.4.4+git20220902.64f4703:
* operator: ensure inventory.Labels is not nil before adding labels
- Update to version 0.4.4+git20220901.75792d6:
* Add extra labels with smbios data (#155)
* Fix secretname for the apiService (#153)
* unit-tests: add websocket coverage
* operator: add unit-test for mergeInventoryLabels()
* operator/register: drop unused code
* operator/register: rework the registration protocol
* websocket: add helper functions
* register: set a timeout for retrieving the installation config
* drop unused labels on bootstrap (#154)
* Fix missing cosign and run command (#151)
* Enable deploying operator replicas (#150)
* register: take control of the registration process
* bump github.com/rancher-sandbox/go-tpm
* fix linter: cyclomatic complexity of ServeHTTP is 16
* operator: move websocket management logic out of the tpm package
* minor: drop duplicated logging
* operator/http: check websocket upgrade header in HTTP connections
- Update to version 0.4.3+git20220831.7e58679:
* Add image signing to push jobs (#148)
* Add local plan to rancher-system-agent to stop elemental-system-agent (#146)
- Update to version 0.4.3+git20220822.f0bd8f4:
* log: report elemental installation completion
* Fix e2e discovery tests (#138)
- Update to version 0.4.3+git20220812.72971ff:
* Backwards compatibility for smbios headers (#137)
* Only decode some smbios data (#134)
* Drop uneeded files and add extra label (#135)
* Split header into 7Kb of data (#133)
* Add auto labeler (#125)
* Remove default value for flag and expand description (#126)
* [chart] only add default-registry if specified (#128)
* Store binary artifacts on PR/master (#127)
* [tests] fix nginx deploy url (#129)
* Bundle support bin with register (#124)
- build elemental-operator without CGO_ENABLED (doesn't need tpm)
- Update to version 0.4.2+git20220805.5b64a77:
* Set the proper namespace (#117)
- Update to version 0.4.2+git20220805.485ff21:
* Add CAs to docker artifact (#120)
- Update to version 0.4.2+git20220804.76f61f5:
* Store all registration data on installation (#116)
- Update to version 0.4.2+git20220803.6d730d3:
* Set fixed hostname and make it persistent (#106)
- Update to version 0.4.2+git20220803.f4ba471:
* Add 'support' to 'make build' (#111)
- Update to version 0.4.2+git20220803.10d3621:
* Add a elemental-support binary (#109)
- Update to version 0.4.2+git20220802.f243498:
* Add missing register command to bootstrap (#104)
* Couple of tests for config mapstructure (#102)
- Update to version 0.4.2+git20220801.ea7884e:
* Produce 2 binaries instead of one (#99)
* Push master merges to elemental-operator-ci (#100)
* operator: pass all the registration fields on unauthenticated query
- Update to version 0.4.2+git20220801.846d313:
* Add missing mapstructure annotations to config (#101)
* operator: drop duplicated MachineInventory init code
- Update to version 0.4.2+git20220729.6b52b44
- Bump to v0.4.2
- Update to version 0.4.1+git20220729.6b52b44:
* Set a fixed name config for rke/k3s deployments (#97)
- Update to version 0.4.1+git20220728.896efee:
* mend
* Drop unneeded code
- Update to version 0.4.1+git20220728.38929d2:
* Update elemental api resources for upgrades (#95)
- Update to version 0.4.1+git20220728.b5c35b9:
* operator: fix adding machineInventoryLabels after initial registration
- Update to version 0.4.1+git20220727.68b87dd:
* Drop setting a custom providerID (#91)
- Update to version 0.4.0+git20220727.3241cfd:
* Bump rancher version (#89)
- Update to version 0.4.0+git20220722.ea618ea:
* elemental-operator register: keep system CAs when passing a custom CA
* elemental-operator register: add some more logging
* add github.com/sanity-io/litter module
* ensure all the structs include proper yaml labels
* Add a target to setup a clean cluster (#79)
* [register] Check for path error before doing anything (#80)
* Make /oem/registration the default configuration dir (#81)
* Add README to elemetal-operator helm chart (#56)
* Store registration yaml in installed system (#71)
* Fix 'make unit-tests'
- Update to version 0.3.0+git20220722.f2ab68c:
* [register] Check for path error before doing anything (#80)
- Update to version 0.3.0+git20220722.cf20bc6:
* Make /oem/registration the default configuration dir (#81)
- Update to version 0.3.0+git20220722.9b9844b:
* Add README to elemetal-operator helm chart (#56)
- Update to version 0.3.0+git20220721.52c3cbb:
* Store registration yaml in installed system (#71)
- Remove elemental-operator.service, as this is now executed
as part of the cloud-config shipped with elemental.
See https://github.com/rancher/elemental/pull/178
- Update to version 0.3.0+git20220721.e15e76e:
* Fix 'make unit-tests'
* Do note fetch cloud-config on unauthenticated registartion calls (#67)
* Change the default machine name to include the UUID
- read config from /run/initramfs/live
- Update to version 0.3.0+git20220720.90791e4:
* Update MachineRegistration example
- Update to version 0.3.0+git20220720.79d957e:
* Adds support for cloud-config data in machine registration (#61)
- Update to version 0.2.1+git20220719.489d40f:
* review elemental installer env vars (#59)
- Run elemental-operator.service after cos-setup-network.service
is completely done. Add back a dependency with multi-user.target
to ensure it is pulled by some target at boot.
- Run elemental-operator.service after mutli-user.target to ensure
it is executed after all boot services are ready
- only run in live mode
- Update to version 0.2.1+git20220718.3530dc5:
* ensure install struct includes proper yaml labels (#57)
- Update to version 0.2.1+git20220718.6e2f20f:
* Pass debug flag to elemental client if requested (#58)
- Update to version 0.2.1+git20220715.2381ebc:
* Do not attempt to install in already installed systems (#55)
* Some fixes for the release pipelines (#53)
- Update to 0.2.0
- Update to version 0.1.1+git20220715.618d3c4:
* Log the version, commit and commit date on start (#43)
- Update to version 0.1.1+git20220715.bd811be:
* Remove obsolete logic from former ros-installer (#45)
- pass COMMITDATE to build
- Update to version 0.1.1+git20220714.a05a2db:
* elemental-operator register: enable local plans
- Update to version 0.1.1+git20220714.602178c:
* elemental-operator register: allow cacert passed as file or data (#44)
* Makefile: fix make build-docker (#41)
- On behalf of commit 62bac1d (#38) `elemental install` is called
within the `elemental-operator register` command, so the unit
file only needs to call `elemental-operator register`
- drop elemental-installer and -chart subpackages
- add elemental-operator.service file
- build with TPM emulation
- Update to version 0.1.1+git20220713.adfff7c:
* Some register fixes (#40)
* elemental-operator register: add elemental cli call (#38)
* Fix building the operator/installer with emulatedTPM (#39)
* Return a Config.Config in MachineInventory (#35)
* Use cacert from rancher and use serverl-url from rancher (#36)
- Update to version 0.1.1+git20220713.bcfe4d0:
* Add test for chart values (#31)
- Update to version 0.1.1+git20220712.14d4d95:
* Share installation configuration structures (#24)
* bump github.com/docker/distribution to 2.8.1 (#29)
* Bump image-spec to 1.0.2 (#28)
* Bump system-agent to 0.2.8 (#17)
* update testhelpers
* Update go.sum
* [ci] Up the go version and restore the proper cache
* Fix go.sum
* [test] Remove focus
* [lint] ignore generated files
- Update to version 0.1.1+git20220707.39177e8:
* Rename RancherOS to Elemental in installer logic
* Merge elemental installer (#20)
* renamed to elemental-operator and switched to system agent
* Fix wrong key in example full reference
* Rename rancheros->elemental in README
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
- Update to version 0.1.1+git20220707.1d97f14:
* Merge elemental installer (#20)
* renamed to elemental-operator and switched to system agent
* Fix wrong key in example full reference
* Rename rancheros->elemental in README
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
* Be sure to not push same env multiple times
- Update to version 0.0.0+git20220707.0c6dcff:
* Adapat Dockerfile and golreleaser to keep releasing and building elemental-operator as they used to
* Update .github/workflows/unit-tests.yaml
* Update Makefile
- Update to version 0.0.0+git20220707.4b69306:
* Adding installer unit tests
* Add elemental-installer
* Move main into a cmd/operator package
- Update to version 0.0.0+git20220704.211ad46:
* renamed to elemental-operator and switched to system agent
* Fix wrong key in example full reference
* Rename elemental->elemental in README
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
* Be sure to not push same env multiple times
* Update pkg/controllers/inventory/inventory.go
- adapt machine-registration.yaml and create-cluster.yaml to system-agent
- Update to version 0.1.0+git20220622.84e703a:
* added registration command and support for using elemental as a cluster api infrastructure provider
* wip
* renamed to elemental-operator and switched to system agent
- Update to version 0.1.0+git20220603.19a5e9e:
* Fix wrong key in example full reference
* Rename elemental->elemental in README
- rename binary to elemental-operator
- Update to version 0.1.0+git20220420.6e6aa51:
- Update to version 0.1.0+git20220525.9e1d451:
* rename pathes to 'elemental'
* rename files to 'elemental'
* rename directories to 'elemental'
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
* Be sure to not push same env multiple times
* Update pkg/controllers/inventory/inventory.go
- renamed the api spec in the sample .yaml files
- Update to version 0.1.0+git20220525.9e1d451:
* rename pathes to 'elemental'
* rename files to 'elemental'
* rename directories to 'elemental'
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
* Be sure to not push same env multiple times
* Update pkg/controllers/inventory/inventory.go
- Update to version 0.1.0+git20220420.6e6aa51:
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
* Be sure to not push same env multiple times
* Update pkg/controllers/inventory/inventory.go
* Rework
* Add events on errors
* e2e-ci: add some missing check on errors
- Update to version 0.1.0+git20220518.f916493:
* rename to elemental-operator
- update default kubernetesVersion to 1.22.7
- Update machine-registration.yaml
* add hostname
* put 'install' section below 'elemental'
- Update to version 0.1.0+git20220420.6e6aa51:
* tests: Use helpers from testlib
* tests: Add upgrades e2e test
* ci: detect when deployments are already there
* Update missing policy rule
* Sort env to avoid updating same bundle
* Be sure to not push same env multiple times
* Update pkg/controllers/inventory/inventory.go
* Rework
* Add events on errors
- Update to version 0.1.0-alpha23+git20220408.cd4553f:
* e2e-ci: add some missing check on errors
* Bump ele-testhelpers version
* e2e-ci: move some functions to ele-testhelpers
* Update README
* Do not make kube calls blocking
* Test env metadata injection
* Correctly annotate env vars from metadata
* Adapt tests, add test cases
* Respect upgradeContainerSpec from ManagedOSVersion
* Do allocate the event recorder once in the syncer
* Refactor out recorder boilerplate
* Collect errors when syncing
* Refactor out requeuer to not be blocking
* Add test for event broadcasting
* Set appropriate rules for broadcasting events
* go gen
* Record invalid specs back to the VersionChannel
* Build general event interface from raw k8s into client
* Add reconciler
* Wrong obs workflow name :facepalm:
* Add OBS workflow to trigger rpm build
* Use operator image for wait and display hook
* CLI fixups
* Allow to specify a mountpath
* Add requeue mechanism
* Disable mounting SA token by default on sync pod
* Implement Custom syncer
* Lower the ticker for testing
* Set the default update to 60m
* Add sync-interval flag
* Add owner reference on ManagedOSVersion
* Bump rancher version used in tests
* Don't watch over specific namespaces
* Add make target to test local changes in kind
* Enhance tests
* Allow to set a bridge ip
* Allow to selectively sync user-defined namespaces
* Add MachineOSVersionChannel JSON tests
* Implement JSON syncer logic
* Very basic sync service logic
* ManagedOSVersionChannel sync service
* Add ManagedOSVersionChannel and skeleton for sync service
- Initial version 0.1.0~alpha23
Changes in elemental-operator1.5-crds-helm:
- Update to version 1.5.1:
* Sanitize elemental-operator dependencies (#690)
* Fix ManagedOSImage cloudConfig (#671)
* Align DrainSpec to system-upgrade-controller defaults (#668)
* Drain nodes by default on upgrade (#660)
- Update to version 1.5.0:
* Make snapshotter configurable (#651)
* Make channel sync more robust (#638)
* Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628)
* Add kubebuilder example and validation
* Add TargetPlatform to SeedImageSpec
* Add disable-boot-entry flag to reset command
- Update to version 1.4.3
- Update to version 1.4.2
- Update to version 1.4.1
- Update to version 1.4.0+git20231128.a867d93:
* Unify all chart files under .obs/charfile
- Update to version 1.3.2+git20230824.c90c1c8:
* Charts: sync OBS charts
* Update .obs/chartfile/crds/Chart.yaml
* Adapt tests and Makefile
* Split chart into crds chart and operator chart
- Update to version 0.5.0+git20220902.3d28c5d:
* Configure custom smbios data (#157)
- Update to version v0.4.4:
* Fix secretname for the apiService (#153)
* Enable deploying operator replicas (#150)
- Update to version 0.4.3+git20220822.f0bd8f4:
* log: report elemental installation completion
* Fix e2e discovery tests (#138)
- Update to version v0.4.3:
* Remove default value for flag and expand description (#126)
* [chart] only add default-registry if specified (#128)
* Set the proper namespace (#117)
- Bump to v0.4.2
- Bump to v0.4.1
- Update to version v0.4.0:
* Add README to elemetal-operator helm chart (#56)
- Update Chart.yaml to the right elemental-operator version
- Update to elemental-operator v0.3.0
- Improve Makefile to get image tag from github
- Update Makefile and build elemental-operator.tar
- Bump version to 0.2.1
- Bump elemental-operator tag image to 0.2.1-10.1
- Bump elemental-operator tag image to 0.2.0-9.1
- Update _helmignore file
- Update Makefile and fix build issues
- Add _helmignore file
- Update to version 0.1.1+git2022-07-13.adfff7c:
* Use cacert from rancher and use serverl-url from rancher (#36)
- Update image repository in values-overwrite.yaml
- Initial commit for elemental-operator helm chart
Changes in elemental-operator1.5-helm:
- Update to version 1.5.1
- Update to version 1.5.0:
* Enable ManagedOSImage updates (#658)
* charts: backport changes from Rancher Marketplace chart (#652)
* Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628)
* Fix default values in questions.yaml file
* Unify all chart files under .obs/charfile
* charts: fix annotations (#566)
* Add slem4r images in channel (#544)
* Charts: fix OBS build
* Charts: sync OBS charts
* Fixed a typo in the version string for elemental-teal-channel in helm chart (#495)
- Update to version 1.4.3
- Update to version 1.4.2
* Fix default values in questions.yaml file
- Update to version 1.4.1
- Update to version 1.4.0+git20231129.c7f1dc1:
* Add slem4r images in channel (#544)
- Update to version 1.4.0+git20231128.a867d93:
* Unify all chart files under .obs/charfile
* charts: fix annotations (#566)
* Charts: fix OBS build
- Update to version 1.3.2+git20230824.c90c1c8:
* Charts: sync OBS charts
* Fixed a typo in the version string for elemental-teal-channel in helm chart (#495)
* Remove SLE Micro reference from elemental-operator images
* Make SLE Micro version from image references dynamic (#480)
* Adapt tests and Makefile
* Split chart into crds chart and operator chart
- Update to version 0.5.0+git20220902.3d28c5d:
* Configure custom smbios data (#157)
- Update to version v0.4.4:
* Fix secretname for the apiService (#153)
* Enable deploying operator replicas (#150)
- Update to version 0.4.3+git20220822.f0bd8f4:
* log: report elemental installation completion
* Fix e2e discovery tests (#138)
- Update to version v0.4.3:
* Remove default value for flag and expand description (#126)
* [chart] only add default-registry if specified (#128)
* Set the proper namespace (#117)
- Bump to v0.4.2
- Bump to v0.4.1
- Update to version v0.4.0:
* Add README to elemetal-operator helm chart (#56)
- Update Chart.yaml to the right elemental-operator version
- Update to elemental-operator v0.3.0
- Improve Makefile to get image tag from github
- Update Makefile and build elemental-operator.tar
- Bump version to 0.2.1
- Bump elemental-operator tag image to 0.2.1-10.1
- Bump elemental-operator tag image to 0.2.0-9.1
- Update _helmignore file
- Update Makefile and fix build issues
- Add _helmignore file
- Update to version 0.1.1+git2022-07-13.adfff7c:
* Use cacert from rancher and use serverl-url from rancher (#36)
- Update image repository in values-overwrite.yaml
- Initial commit for elemental-operator helm chart
Changes in elemental-rt-channel-image:
- Adapt the Dockerfile to explicitly pull elemental-register (v1.4)
instead of the newer 1.5 variant of it.
- Fix RT URLs and use import channel.json file
from previous build stage
- Only build for x86_64
- Add SLE Micro RT v2.0.2 to channel
Changes in elemental-rt-channel1.5-image:
- Fix RT URLs and use import channel.json file
from previous build stage
- Only build for x86_64
- Add SLE Micro RT v2.0.2 to channel
- Adapt channel to the new 'suse/sle-micro' images
Changes in elemental-toolkit:
- Update to version 1.1.5:
* [v1.1.x] Move recovery hostname to cloud-config-defaults (#2047)
- Update to version 1.1.4:
* Add default rootfs settings
* Install podman in example Dockerfiles (#1959)
- Update to version 1.1.2:
* Remove unused method
* Update copyright year (2024)
* Update workflow to trigger for go.mod
* Bump moby at v25.0.1
* Bump docker at v23.0.8
* Bump go-git at v5.11.0
* Bump containerd at v1.7.12
Changes in operator-image1.5:
- Update to version 1.5.1:
* Repurpose v1.5.x branch for SLE Micro 5.5
- Update to version 1.5.0:
* Micro rename (#684)
* operator/Dockerfile: tag IMAGE_REPO with :latest
- Update to version 1.4.3
- Update to version 1.4.2
- Update to version 1.4.1
- Adding a changes file
Changes in seedimage-builder:
- Update to version 1.4.3
Changes in seedimage-builder1.5:
- Update to version 1.5.1:
* Repurpose v1.5.x branch for SLE Micro 5.5
- Update to version 1.5.0:
* Micro rename (#684)
* seedimage: add tag to IMG_REPO
* seedimage: switch labelprefix to com.suse.elemental
* seedimage: Switch to toolbox for ALP
* Add elemental-seedimage-hooks package (#592)
* Add grub package to seedimage built in OBS (#568)
* Build raw disk images in SeedImage (#557)
- Update to version 1.4.3
- Update to version 1.4.2
- Update to version 1.4.1
- Adding changes file
The following package changes have been done:
- perl-base-5.26.1-150300.17.17.1 updated
- coreutils-8.32-150400.9.6.1 updated
- systemd-presets-branding-SLE-Micro-for-Rancher-20230814-150500.3.3.1 updated
- elemental-register1.5-1.5.1-150500.1.3.1 added
- elemental-support1.5-1.5.1-150500.1.3.1 added
- elemental-updater-2.0.4-150500.4.3.1 updated
- elemental-toolkit-1.1.5-150500.3.3.1 updated
- elemental-2.0.4-150500.4.3.1 updated
- perl-5.26.1-150300.17.17.1 updated
- kernel-rt-5.14.21-150500.13.52.1 updated
- container:suse-sle-micro-5.5-latest-2.0.4-5.5.2 updated
- elemental-register-1.4.3-150500.3.3.3 removed
- elemental-support-1.4.3-150500.3.3.3 removed
More information about the sle-container-updates
mailing list