SUSE-RU-2026:22570-1: important: Recommended update for blog

SLE-UPDATES null at suse.de
Tue Jul 14 16:33:26 UTC 2026


# Recommended update for blog

Announcement ID: SUSE-RU-2026:22570-1  
Release Date: 2026-07-07T16:51:38Z  
Rating: important  
References:

  * bsc#1264176

  
Affected Products:

  * SUSE Linux Enterprise Server 16.0
  * SUSE Linux Enterprise Server for SAP applications 16.0

  
  
An update that has one fix can now be installed.

## Description:

This update for blog fixes the following issues:

  * Update to version 2.45:
    * Fix early boot LUKS prompt on s390x and resolve memory corruptions This update addresses several critical issues in the early boot phase, especially on s390x architectures, and hardens the daemon's architecture:
      * Initrd/Dracut: Properly include `systemd-ask-password-blog.path` in sysinit.target.wants during the initrd phase to ensure LUKS password prompts are captured early in the zipl phase.
      * Systemd Units: Drop restrictive `ConditionKernelCommandLine=!plymouth.enable=0` to prevent the agent from being disabled by standard mainframe boot parameters.
      * Memory Corruption: Fix a critical heap corruption by renaming the conflicting `alignof()` macro to `ALIGNED_SIZEOF()` and zeroing allocated memory for `struct request` (memset) to prevent reading uninitialized pointers.
      * Kernel Command Line: Improve `parse_cmdline()` to support boolean parameters without an explicit value (e.g., `blog.silent` defaults to `blog.silent=1`).
      * New Features: Introduce `blog.silent` to suppress console I/O and `blog.coldboot` to explicitly trigger the early coldstart password query.
      * Lifecycle: Switch `KillMode=none` to `KillMode=mixed` to comply with modern systemd process lifecycle management.
      * Fix: Passphrase prompt does not appear after installation with encryption enabled on s390x (bsc#1264176)
  * Update to version 2.44:
    * Harden blog and use shims units to handle plymouth
    * Disable coldstart requests via epoll
    * Avoid handling fd twice in epoll loop
  * Update to version 2.43:
    * Make sure that if blog is running it is identified as plymouth Latest also add conflicts to systemd-ask-password-console units in the systemd-ask-password-blog units:
      * This should avoid conflicting password agents asking the same question in s390x.
  * Update to version 2.42:
    * Fix possible memory leaks, eliminate type punning, and resolve I/O blocking:
      1. Memory Safety and Leak Resolution:
         * Implemented lcons_shutdown destructor to automatically purge the console list and close FDs on exit.
         * Fixed password buffer leak by using in closeIO, correctly matching the mmap allocation in shm_malloc.
         * Added cleanup for pwprompt in closeIO.
      2. Elimination of Dangerous Type Punning:
         * Replaced the unreliable address of the cons node pattern with a type-safe list_t lcons sentinel across the codebase.
         * Added **attribute**((may_alias)) to list_t in listing.h to prevent compiler strict aliasing optimizations from corrupting list traversals.
      3. I/O Responsiveness and Stability:
         * Removed tcdrain() from the high-frequency epoll_console_in path to eliminate daemon freezes during heavy output.
         * Updated consinitIO to ensure CON_SERIAL devices remain in O_NONBLOCK mode, preventing freezes on slow serial lines.
         * Extended the tcdrain skip-list in closeIO to include CON_SERIAL, ensuring a hang-free shutdown.
      4. Architectural Improvements:
         * Redesigned shm_malloc to use a tiered mapping strategy: prefers file-backed shared memory in /dev/shm with a graceful fallback to MAP_ANONYMOUS.
         * Optimized listing.h with always_inline attributes, __builtin_prefetch for cache efficiency, and list poisoning for safer debugging.
  * Update to version 2.41:
    * The **attribute**((noreturn)) for error() in libconsole.h added
    * The variable err with 0 initialized in thread_poll()
    * The variable cp.parity with {0} initialized in readpw()
    * feat(blogd): handle pending systemd password requests on coldstart
    * Initialize console pointer list as well
    * Check peer credentials before reading command
    * Make isinteger() string check usable for all architectures
    * Add some comments about warnings and translation for S390
  * Update to version 2.40:
    * Protect password data stream on 3270 console as well:
      * On S390 the 3270 console is also logged and the passwords, even if hidden on the 3270 console, would be logged as well.
  * Update to version 2.39:
    * New feature to protect passwords to be logged:
      * On S390 now blogd use for 3215 console the command #CP SPOOL CONSOLE STOP to stop logging the plain password at prompting for the password.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server for SAP applications 16.0  
    zypper in -t patch SUSE-SLES-16.0-1178=1

  * SUSE Linux Enterprise Server 16.0  
    zypper in -t patch SUSE-SLES-16.0-1178=1

## Package List:

  * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
    * blog-debugsource-2.45-160000.1.1
    * blog-debuginfo-2.45-160000.1.1
    * blog-devel-2.45-160000.1.1
    * libblogger2-debuginfo-2.45-160000.1.1
    * blog-plymouth-2.45-160000.1.1
    * libblogger2-2.45-160000.1.1
    * blog-2.45-160000.1.1
  * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
    * blog-debugsource-2.45-160000.1.1
    * blog-debuginfo-2.45-160000.1.1
    * blog-devel-2.45-160000.1.1
    * libblogger2-debuginfo-2.45-160000.1.1
    * blog-plymouth-2.45-160000.1.1
    * libblogger2-2.45-160000.1.1
    * blog-2.45-160000.1.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1264176

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260714/941df94e/attachment.htm>


More information about the sle-updates mailing list