Bugzilla – Bug 1184804
move kernel out of /boot
Last modified: 2023-01-18 16:46:23 UTC
One of the motivations for UsrMerge is to have all read-only parts of the operating system in /usr. The kernel packages install files in /boot though which isn't in line with that idea. Having the kernel installed via rpm in /boot also causes issues with eg snapshots if /boot is on a separate partition. So it make sense to store the rpm provided parts of the kernel packages where the rest of the OS is and manage /boot separately. Looking at Fedora they install files like vmlinuz that used to be named /boot/$name-$kver as (/usr)/lib/modules/$kver/$name instead. They include /boot/$name-$kver as %ghost.
As first step I'll move the files to /lib/modules/$kver/$name. The %post script will install the symlinks in /boot for now, just like it always did for eg /boot/vmlinuz. Before we can manage /boot outside of the kernel's %post suse-module-tools needs to be adjusted to search in /lib instead. Also, pesign-obs-integration needs adoptions.
Created attachment 848502 [details] patch Move kernel related read-only files from /boot to /lib/modules/%kernelrelease-%build_flavor The file names in /boot are included as %ghost links. The %post script creates symlinks for the kernel sysctl.conf System.map in %boot for now. Some tools require adjustments before we can drop those links.
What's the process to submit/discuss the patch?
Let's get the consensus at first on opensuse-kernel ML. As far as I read the thread, it wasn't convincing enough.
Who needs to be convinced? The discussion seems to have been derailed by the usual subjects. Any relevant concerns I should pay attention to?
Are you sure that majority of people agreed with this movement? Just ask there. There are lots of technical details and they must have been clarified before moving on. Basically Bugzilla is the place for reporting a bug. We may report some enhancements, but the basic design issue should have been discussed somewhere else beforehand.
For reference: Fedora change: https://src.fedoraproject.org/rpms/kernel/c/958df3c openSUSE kernel Mailinglist discussion: https://lists.opensuse.org/archives/list/kernel@lists.opensuse.org/thread/QWAZJHKGFI3Y6KQQCJ23IWQHL5YZRQ5P/
FTR the kernel packaging is shared between TW, Leap, SLE 15, and SLE 12 so that packaging fixes can be propagated across kernel versions. Consequently this move should be optional - either by rpm/config.conf as are many other options or by distribution version. Switching between the two is not difficult so long as a single rpm macro is defined at the start that controls the option throughout the spec file.
https://build.opensuse.org/request/show/901652 is in so the last revision of my patch should be ready to be merged: http://kerncvs.suse.de/gitweb/?p=kernel-source.git;a=commit;h=4f91341ea36f29d07c5493a7d88a89c1888ff28f It leaves the files where they are in older releases.
I think the changes to kernel-subpackage-spec are superfluous because the changes to kernel-subpackage-build already detect usrmerge. I did not get to building a TW kernel with this change reverted, though.
Depmod is called and it looks into /lib/modules. That's fine but requires the /lib -> usr/lib link as installed in the kernel-subpackage-spec
--- a/rpm/kernel-subpackage-build Alternative to the snippet in kernel-subpackage-spec would be something like +++ b/rpm/kernel-subpackage-build @@ -36,7 +36,7 @@ echo $USR/lib/modules/$KREL/modules.* | tr ' ' '\n' >> modules.flist tar -C / -cf- -T modules.flist | tar -C $RPM_BUILD_ROOT -xvf- -moderr="$(/usr/sbin/depmod -b $RPM_BUILD_ROOT -e -F /boot/System.map-$KREL $KREL 2>&1 > /dev/null)" +moderr="$(/usr/sbin/depmod -b $RPM_BUILD_ROOT/usr -e -F /boot/System.map-$KREL $KREL 2>&1 > /dev/null)" Do you prefer that?
Created attachment 850594 [details] additional fixup I tried with this additional patch. Simply moderr="$(/usr/sbin/depmod -b ${RPM_BUILD_ROOT}${USR} -e -F /boot/System.map-$KREL $KREL 2>&1 > /dev/null)" instead of creating the symlink should also work
Looks like Bugzilla doesn't like emoji :-) Do you want me to update my patch or do you want to apply your fix on top?
it's better if you update it
I get an error on i586 TW now: [ 95s] + /usr/lib/rpm/kernel/modflist kernel.flist modules modules.flist /lib/modules/5.13.0-rc7-3.g7895a48-default/modules.builtin [ 95s] Module usb-common built-in [ 95s] Module sd_mod built-in [ 95s] Module scsi_mod built-in [ 95s] Module virtio built-in [ 95s] Module xenblk missing [ 95s] Module xennet missing [ 95s] Module xen-.* missing [ 95s] Module autofs4 built-in [ 95s] Module ext4 built-in [ 95s] Module jbd2 built-in [ 95s] Module mbcache built-in [ 95s] Module asymmetric_keys built-in [ 95s] Module blake2b-256 missing [ 95s] Module sha256 missing [ 95s] Module xxhash64 missing [ 95s] Module crc32c missing [ 95s] + grep -v '^/usr/lib/modules' [ 95s] error: Bad exit status from /var/tmp/rpm-tmp.VDFIPe (%install)
wasn't the only issue :-( working on update
Created attachment 850632 [details] patch with fixed kernel-default-base
Thanks for the updated patch. With the new subpackaging script the module directory becomes disowned: --- kernel-old/kernel-default-base.x86_64/list 2021-06-30 18:25:46.281263400 +0200 +++ kernel-new/kernel-default-base.x86_64/list 2021-06-30 18:29:59.880841095 +0200 @@ -13,7 +13,6 @@ /etc/uefi /etc/uefi/certs /etc/uefi/certs/3559CCE2.crt -/lib/modules/@UNAME_R@-default /lib/modules/@UNAME_R@-default/kernel /lib/modules/@UNAME_R@-default/kernel/arch /lib/modules/@UNAME_R@-default/kernel/arch/x86 I think this is frowned upon. However, previously /lib/modules was not owned by the kernel either. Is there something else that owns the directory, should the kernel own it, or is this already handled in a better way?
Nevermind, filesystem owns /lib/modules, and the kernel needs to own /lib/modules/$(uname -r)
Created attachment 850705 [details] kernel-default-base owning modules dir
There are failures in kernel-obs-build now: > + dracut --host-only --no-hostonly-cmdline '--drivers=loop dm-crypt essiv dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth overlay' --force /tmp/initrd.kvm 5.12.13-1-default /boot/vmlinuz-5.13.0-4.gf094788-default > > Unknown arguments: /boot/vmlinuz-5.13.0-4.gf094788-default > > Usage: /usr/bin/dracut [OPTION]... [<initramfs> [<kernel-version>]] > > Version: 055+suse.106.g760b0c69-1.3 > > Creates initial ramdisk images for preloading modules > > -h, --help Display all options > > If a [LIST] has multiple arguments, then you have to put these in quotes. > > For example: > > # dracut --add-drivers "module1 module2" ... > > error: Bad exit status from /var/tmp/rpm-tmp.pGW3g8 (%build) See e.g.: https://build.suse.de/package/live_build_log/Devel:Kernel:master/kernel-obs-build/QA/x86_64
This appears to break installation-images: https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:E/installation-images:openSUSE/standard/x86_64 > [ 267s] theme=openSUSE libdeps=initrd image=initrd-base.xz tmpdir=initrd src=initrd filelist=initrd fs=cpio.xz bin/mk_image > [ 267s] creating solv file... > [ 267s] find: '/usr/src/packages/BUILD/installation-images-17.8/tmp/cache//kernel-default/rpm/boot': No such file or directory > [ 267s] Error: No kernel image identified! (Looking for "vmlinuz-".) > [ 267s] > [ 267s] Compilation failed in require at bin/mk_image line 7.
Created attachment 850893 [details] installation-images patch This fixes some of the issues in installation-images. But there are many occurrences of /lib/modules and /boot in there. (And they are only %ghosts now.)
(In reply to Jiri Slaby from comment #25) > Created attachment 850893 [details] > installation-images patch > > This fixes some of the issues in installation-images. But there are many > occurrences of /lib/modules and /boot in there. (And they are only %ghosts > now.) For example the build errors out with: > [ 205s] cp: cannot stat '/usr/src/packages/BUILD/installation-images-17.8/tmp/cache//kernel-default/rpm//boot/vmlinuz': No such file or directory > [ 205s] mk_image: failed to move /boot/vmlinuz to /loader/linux > [ 205s] in data/boot/boot.file_list line 11.
Another fallout: installing the master/stable kernel on Leap is broken with modules in /usr/lib now. I am going to revert the change in stable until the two issues gets resolved.
(In reply to Jiri Slaby from comment #27) > Another fallout: installing the master/stable kernel on Leap is broken with > modules in /usr/lib now. I am going to revert the change in stable until the > two issues gets resolved. And the culprit is: # ll /boot/initrd* lrwxrwxrwx 1 root root 32 Jul 12 08:22 initrd -> initrd-5.13.1-1.gbebf622-default -rw------- 1 root root 12074304 Jun 23 08:08 initrd-5.3.18-255.g819abd3-default That is: no initrd generated...
(In reply to Jiri Slaby from comment #27) > Another fallout: installing the master/stable kernel on Leap is broken with > modules in /usr/lib now. I am going to revert the change in stable until the > two issues gets resolved. Just to be sure: are you testing the kernel in OBS Kernel:stable, or in Kernel:stable:Backport? The repo for installable stable kernels on Leap systems is the latter one, and the former is only for TW systems.
(In reply to Takashi Iwai from comment #29) > Just to be sure: are you testing the kernel in OBS Kernel:stable, or in > Kernel:stable:Backport? The repo for installable stable kernels on Leap > systems is the latter one, and the former is only for TW systems. I installed the one from Kernel:stable as usual (following a report in Kernel:stable project comment). So, we should add some sort of dependence to Kernel:stable kernels. For example (untested): %if UsrMerge Requires: suse-release > 15 %endif Kernel:stable:Backport indeed works.
(In reply to Jiri Slaby from comment #30) > So, we should add some sort of dependence to > Kernel:stable kernels. For example (untested): > %if UsrMerge > Requires: suse-release > 15 > %endif A good idea, let's take something like this for avoiding the pitfalls.
(In reply to Takashi Iwai from comment #31) > (In reply to Jiri Slaby from comment #30) > > So, we should add some sort of dependence to > > Kernel:stable kernels. For example (untested): > > %if UsrMerge > > Requires: suse-release > 15 > > %endif > > A good idea, let's take something like this for avoiding the pitfalls. Sorry, there is no way to detect usrmerge. It has been asked for in the usrmerge thread and it was rejected. On Leap I see suse-release = 15.3-lp153.146.1 which is arguably > 15 On TW there is suse-release = 20210606-1005.1 so if you wanted a hack %if %usrmerged Requires: suse-release > 16 %endif might work
(In reply to Michal Suchanek from comment #32) > Sorry, there is no way to detect usrmerge. It has been asked for in the > usrmerge thread and it was rejected. Maybe it's time to reconsider? (I don't know the details, nor I know what msg/thread this was.) > On Leap I see > > suse-release = 15.3-lp153.146.1 > > which is arguably > 15 > > On TW there is > > suse-release = 20210606-1005.1 > > so if you wanted a hack > > %if %usrmerged > Requires: suse-release > 16 > %endif > > might work Yeah, that's weird. I'd assumed to do it the same thing we are doing for cross-distribution ifs where TW check is: %if 0%{?suse_version} > 1500 All this is mess :/. *-product could provide /usr/merged for usrmerged releases. And Kernel would just do the %if above and "Requires: /usr/merged" in it. BTW, it looks like (maybe) pesign-obs-integration is broken by this change too (bug 1188142). All this has to be resolved before I revert the revert I did in the morning...
(In reply to Jiri Slaby from comment #33) > (In reply to Michal Suchanek from comment #32) > > Sorry, there is no way to detect usrmerge. It has been asked for in the > > usrmerge thread and it was rejected. > > Maybe it's time to reconsider? (I don't know the details, nor I know what > msg/thread this was.) I also support for having some usable and reasonable rpm condition to check UsrMerge. e.g. we'd want to have a check in kernel-firmware package. Already it has bitten lots of people and reported as bugs.
TW snapshot 20210602 (suse-release 20210602.something) brought GCC11 and supposedly usrmerge was brought together TW snapshot 20210609 filesystem (15.5 -> 84.87) - > filesysetem 84.87 is usrmerged
SUSE-SU-2021:2408-1: An update that solves 5 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269 CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src): kernel-azure-5.3.18-18.58.1, kernel-source-azure-5.3.18-18.58.1, kernel-syms-azure-5.3.18-18.58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1184804) was mentioned in https://build.opensuse.org/request/show/907471 15.2 / kernel-source
SUSE-SU-2021:2438-1: An update that solves 5 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269 CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: Sources used: SUSE MicroOS 5.0 (src): kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): kernel-default-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.75.3, kernel-livepatch-SLE15-SP2_Update_17-1-5.3.3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src): kernel-default-5.3.18-24.75.3 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): kernel-docs-5.3.18-24.75.2, kernel-obs-build-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2, kernel-syms-5.3.18-24.75.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.75.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1076-1: An update that solves 5 vulnerabilities and has 24 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1176940,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188445 CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: Sources used: openSUSE Leap 15.2 (src): kernel-debug-5.3.18-lp152.84.1, kernel-default-5.3.18-lp152.84.1, kernel-default-base-5.3.18-lp152.84.1.lp152.8.38.1, kernel-docs-5.3.18-lp152.84.1, kernel-kvmsmall-5.3.18-lp152.84.1, kernel-obs-build-5.3.18-lp152.84.1, kernel-obs-qa-5.3.18-lp152.84.1, kernel-preempt-5.3.18-lp152.84.1, kernel-source-5.3.18-lp152.84.1, kernel-syms-5.3.18-lp152.84.1
(In reply to Takashi Iwai from comment #34) > (In reply to Jiri Slaby from comment #33) > > (In reply to Michal Suchanek from comment #32) > > > Sorry, there is no way to detect usrmerge. It has been asked for in the > > > usrmerge thread and it was rejected. > > > > Maybe it's time to reconsider? (I don't know the details, nor I know what > > msg/thread this was.) > > I also support for having some usable and reasonable rpm condition to check > UsrMerge. e.g. we'd want to have a check in kernel-firmware package. > Already it has bitten lots of people and reported as bugs. Factory is UsrMerged. So if you are using %suse_version in the spec file to check if a package is building for Factory you also know when it's usrmerged. Anyway different discussion. Feel free include me into kernel-firmware bugs related to usrmerge.
(In reply to Ludwig Nussel from comment #48) > (In reply to Takashi Iwai from comment #34) > > (In reply to Jiri Slaby from comment #33) > > > (In reply to Michal Suchanek from comment #32) > > > > Sorry, there is no way to detect usrmerge. It has been asked for in the > > > > usrmerge thread and it was rejected. > > > > > > Maybe it's time to reconsider? (I don't know the details, nor I know what > > > msg/thread this was.) > > > > I also support for having some usable and reasonable rpm condition to check > > UsrMerge. e.g. we'd want to have a check in kernel-firmware package. > > Already it has bitten lots of people and reported as bugs. > > Factory is UsrMerged. So if you are using %suse_version in the spec file to > check if a package is building for Factory you also know when it's > usrmerged. Anyway different discussion. Feel free include me into > kernel-firmware bugs related to usrmerge. Well, the point is how to detect and conflict if a package is for UsrMerge but the installed system isn't. People try to update a firmware package built for TW onto a Leap system like before, and it breaks suddenly now. Anyway, the kernel has already a check for such a case, and I copied a part of them to firmware packages, too.
(In reply to Takashi Iwai from comment #49) > (In reply to Ludwig Nussel from comment #48) > > (In reply to Takashi Iwai from comment #34) > > > (In reply to Jiri Slaby from comment #33) > > > > (In reply to Michal Suchanek from comment #32) > > > > > Sorry, there is no way to detect usrmerge. It has been asked for in the > > > > > usrmerge thread and it was rejected. > > > > > > > > Maybe it's time to reconsider? (I don't know the details, nor I know what > > > > msg/thread this was.) > > > > > > I also support for having some usable and reasonable rpm condition to check > > > UsrMerge. e.g. we'd want to have a check in kernel-firmware package. > > > Already it has bitten lots of people and reported as bugs. > > > > Factory is UsrMerged. So if you are using %suse_version in the spec file to > > check if a package is building for Factory you also know when it's > > usrmerged. Anyway different discussion. Feel free include me into > > kernel-firmware bugs related to usrmerge. > > Well, the point is how to detect and conflict if a package is for UsrMerge > but the installed system isn't. People try to update a firmware package > built for TW onto a Leap system like before, and it breaks suddenly now. Can happen with anything you take from TW. Packages are hardly strictly tied to a specific distro. > Anyway, the kernel has already a check for such a case, and I copied a part > of them to firmware packages, too. %if 0%{?suse_version} >= 1550 # make sure we have post-usrmerge filesystem package on TW Conflicts: filesystem < 84 %endif That might cause issues in the future. Assuming SLE16 would use version 16 for the filesystem package the above condition would cause a conflict. You may want to use Conflicts: filesystem <= 15
Cannot filesystem provide, say, 'usrmerge' and you Require or Conflict that instead of some number?
(In reply to Ludwig Nussel from comment #51) > (In reply to Takashi Iwai from comment #49) > > Well, the point is how to detect and conflict if a package is for UsrMerge > > but the installed system isn't. People try to update a firmware package > > built for TW onto a Leap system like before, and it breaks suddenly now. > > Can happen with anything you take from TW. Packages are hardly strictly tied > to a specific distro. But the kernel is different. We always advertised Kernel:* can be installed on any distro...
(In reply to Ludwig Nussel from comment #51) > (In reply to Takashi Iwai from comment #49) > > Anyway, the kernel has already a check for such a case, and I copied a part > > of them to firmware packages, too. > > %if 0%{?suse_version} >= 1550 > # make sure we have post-usrmerge filesystem package on TW > Conflicts: filesystem < 84 > %endif > > That might cause issues in the future. Assuming SLE16 would use version 16 > for the filesystem package the above condition would cause a conflict. You > may want to use > Conflicts: filesystem <= 15 It sounds like filesystem-15.0-11.3.2.x86_64 from 15.3 would fulfill this condition which is wrong. If anything it should be Conflicts: filesystem < 16 and in any case it assumes the future v16 which is not yet released is usrmerged. Although it's likely we just don't know at this point.
(In reply to Steffen Winterfeldt from comment #52) > Cannot filesystem provide, say, 'usrmerge' and you Require or Conflict that > instead of some number? Yes, that would be really helpful.
(In reply to Steffen Winterfeldt from comment #52) > Cannot filesystem provide, say, 'usrmerge' and you Require or Conflict that > instead of some number? Usually you do not require the filesystem package at all. So would have to use boolean deps ie something like Conflicts: (filesystem without usrmerge). No idea if that actually works, never tried.
(In reply to Jiri Slaby from comment #53) > (In reply to Ludwig Nussel from comment #51) > > (In reply to Takashi Iwai from comment #49) > > > Well, the point is how to detect and conflict if a package is for UsrMerge > > > but the installed system isn't. People try to update a firmware package > > > built for TW onto a Leap system like before, and it breaks suddenly now. > > > > Can happen with anything you take from TW. Packages are hardly strictly tied > > to a specific distro. > > But the kernel is different. We always advertised Kernel:* can be installed > on any distro... Well, in the case here you can. It's just not guaranteed that it works without adding some compat symlinks or install other adjusted userspace tooling. The safeguards discussed here ie conflicting with the filesystem package actually do prevent installation on older distros though (or cause severe havoc if someone tries to "fix" that by installing filesystem).
(In reply to Michal Suchanek from comment #54) > [..] > If anything it should be > > Conflicts: filesystem < 16 > > and in any case it assumes the future v16 which is not yet released is > usrmerged. Although it's likely we just don't know at this point. Ah, yes of course. Whatever the next version might be we have to assume it increases the major version by at least one :-)
This is an autogenerated message for OBS integration: This bug (1184804) was mentioned in https://build.opensuse.org/request/show/909804 Factory / pesign-obs-integration
SUSE-SU-2021:2599-1: An update that solves four vulnerabilities, contains three features and has 23 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188525 CVE References: CVE-2021-22555,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: SLE-17042,SLE-17043,SLE-17268 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-45.3, kernel-rt_debug-5.3.18-45.3, kernel-source-rt-5.3.18-45.3, kernel-syms-rt-5.3.18-45.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
The current solution breaks stagings as dimstars notes: <dimstar_suse> https://build.opensuse.org/project/monitor/openSUSE:Factory:Staging:K?arch_x86_64=1&defaults=0&repo_standard=1&unresolvable=1 <dimstar_suse> nothing provides suse-release > 20210602 needed by kernel-default, (got version 1-33.4 provided by MicroOS-release), (got version 1-33.4 provided by openSUSE-release) (In reply to Steffen Winterfeldt from comment #52) > Cannot filesystem provide, say, 'usrmerge' and you Require or Conflict that > instead of some number? So what about this?
(In reply to Jiri Slaby from comment #67) > (In reply to Steffen Winterfeldt from comment #52) > > Cannot filesystem provide, say, 'usrmerge' and you Require or Conflict that > > instead of some number? > > So what about this? It should not 'just require filesystem', I'd rather do something like: > Conflicts: (filesystem without usrmerge) # hoping zypp understands that or > Requires: (wilesystem with usrmerge if usrmerge) (both requring filesystem to add the capability to the provides) Alternatively, the Conflicts: filesystem < 16 would be sufficient for most cases (if a user takes a really old TW snapshot and tries to install the kernel; those would not be protected)
Hi, Sorry to disturb you. I came to this place from: https://build.opensuse.org/request/show/910116 To verify the fix I have to setup UsrMerge kernel, but was not successful with installing kernel-default from Kernel:stable. FYI using these commands from tumbleweed. > zypper addrepo https://download.opensuse.org/repositories/Kernel:stable/standard/Kernel:stable.repo > zypper refresh > zypper install kernel-default-5.13.8-1.1.g14162fe.x86_64 Please kindly advice me what I could have missed. Thanks in advanced.
SUSE-SU-2021:2599-2: An update that solves four vulnerabilities, contains three features and has 23 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188525 CVE References: CVE-2021-22555,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: SLE-17042,SLE-17043,SLE-17268 Sources used: SUSE MicroOS 5.0 (src): kernel-rt-5.3.18-45.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to Michael Chang from comment #69) > Hi, > > Sorry to disturb you. I came to this place from: > > https://build.opensuse.org/request/show/910116 > > To verify the fix I have to setup UsrMerge kernel, but was not successful > with installing kernel-default from Kernel:stable. FYI using these commands > from tumbleweed. > > > zypper addrepo https://download.opensuse.org/repositories/Kernel:stable/standard/Kernel:stable.repo > > zypper refresh > > zypper install kernel-default-5.13.8-1.1.g14162fe.x86_64 > > Please kindly advice me what I could have missed. Thanks in advanced. What's the error? If it's related to secure boot it probably needs https://build.opensuse.org/request/show/910151. Should get checked in any minute so I guess available Monday.
(In reply to Ludwig Nussel from comment #71) > (In reply to Michael Chang from comment #69) > What's the error? If it's related to secure boot it probably needs > https://build.opensuse.org/request/show/910151. Should get checked in any > minute so I guess available Monday. Thanks. Although I did run into the secure boot error on my test, the problem I wanted to check here was different. I installed kernel-default from Kernel:stable but didn't see the symlink /boot/$name-$kver to (/usr)/lib/modules/$kver/$name created as what is outline by the discussion on opensuse-kernel mailing list, subject "Getting the kernel out of /boot". Is it intended ? Should I use other repo to test that ? Thanks for the time and patience.
(In reply to Michael Chang from comment #72) > (In reply to Ludwig Nussel from comment #71) > > (In reply to Michael Chang from comment #69) > Is it intended ? Should I use other repo to test that ? Scratch that. I have installed the kernel-default from Kernel:Head and that works for me to have a UsrMerge (/boot to /usr/..) to test.
AFAIK Kernel:stable doesn't have the usrmerge change anymore so should actually work
openSUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1
SUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2646-1: An update that solves four vulnerabilities and has 38 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1185902,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src): kernel-azure-5.3.18-18.61.1, kernel-source-azure-5.3.18-18.61.1, kernel-syms-azure-5.3.18-18.61.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2643-1: An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1153720,1170511,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185032,1185308,1185377,1185791,1185995,1186206,1186482,1186672,1187038,1187050,1187215,1187476,1187585,1187846,1188026,1188062,1188101,1188116,1188273,1188274,1188405,1188620,1188750,1188838,1188842,1188876,1188885,1188973 CVE References: CVE-2020-0429,CVE-2020-36385,CVE-2020-36386,CVE-2021-22543,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: SLE-10538 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP5 (src): kernel-rt-4.12.14-10.54.1, kernel-rt_debug-4.12.14-10.54.1, kernel-source-rt-4.12.14-10.54.1, kernel-syms-rt-4.12.14-10.54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2647-1: An update that solves 5 vulnerabilities and has 25 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185377,1186206,1186482,1186483,1186672,1187038,1187476,1187846,1188026,1188101,1188405,1188620,1188750,1188838,1188876,1188885,1188973 CVE References: CVE-2020-0429,CVE-2020-36386,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): kernel-default-4.12.14-122.83.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): kernel-docs-4.12.14-122.83.1, kernel-obs-build-4.12.14-122.83.1 SUSE Linux Enterprise Server 12-SP5 (src): kernel-default-4.12.14-122.83.1, kernel-source-4.12.14-122.83.1, kernel-syms-4.12.14-122.83.1 SUSE Linux Enterprise Live Patching 12-SP5 (src): kernel-default-4.12.14-122.83.1, kgraft-patch-SLE12-SP5_Update_22-1-8.3.1 SUSE Linux Enterprise High Availability 12-SP5 (src): kernel-default-4.12.14-122.83.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2644-1: An update that solves 5 vulnerabilities and has 25 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185377,1186206,1186482,1186483,1186672,1187038,1187476,1187846,1188026,1188101,1188405,1188620,1188750,1188838,1188876,1188885,1188973 CVE References: CVE-2020-0429,CVE-2020-36386,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): kernel-azure-4.12.14-16.68.1, kernel-source-azure-4.12.14-16.68.1, kernel-syms-azure-4.12.14-16.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Jiri, the fixes for pesign-obs-integration and installation-images are in. Worth giving revert of b6ab3ded319fca797d007c541a190a308f940cf7 a try.
(In reply to Ludwig Nussel from comment #81) > Jiri, the fixes for pesign-obs-integration and installation-images are in. > Worth giving revert of b6ab3ded319fca797d007c541a190a308f940cf7 a try. OK, great: https://build.opensuse.org/request/show/911374
openSUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-59.19.1, kernel-64kb-5.3.18-59.19.1, kernel-debug-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-docs-5.3.18-59.19.1, kernel-kvmsmall-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-obs-qa-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1
SUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-59.19.1, kernel-livepatch-SLE15-SP3_Update_5-1-7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-59.19.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-59.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
sr#911374 declined with this comment "Needs changes in mkinitrd first" by Fabian.
dracut is in the works, please restage
(In reply to Jiri Slaby from comment #85) > sr#911374 declined with this comment "Needs changes in mkinitrd first" by > Fabian. Not actually declined, just moved out of the staging to let the other packages into TW. [Donnerstag, 12. August 2021] [10:14:11 CEST] <lnussel> yast seems to call mkinitrd always so wonder why the other dvds don't fail [Donnerstag, 12. August 2021] [10:14:15 CEST] <lnussel> ah [Donnerstag, 12. August 2021] [10:14:30 CEST] <lnussel> in that case all will fail [Donnerstag, 12. August 2021] [10:14:56 CEST] <lnussel> mkinitrd was meant to be dropped though, does anyone know a bug number [Donnerstag, 12. August 2021] [10:15:10 CEST] <fvogt> IIRC there was a jira ticket... [Donnerstag, 12. August 2021] [10:41:25 CEST] <lnussel> found it but looks like the work is stalled [Donnerstag, 12. August 2021] [10:41:29 CEST] <lnussel> so will have to fix mkinitrd
So now in microos openqa test: > Failed to open file '/boot/sysctl.conf-5.13.9-1-default', ignoring: Permission denied See: https://openqa.opensuse.org/tests/1876405#step/journal_check/23 Maybe "usrmerged kernel needs selinux policy adjustments?"
(In reply to Jiri Slaby from comment #88) > So now in microos openqa test: > > Failed to open file '/boot/sysctl.conf-5.13.9-1-default', ignoring: Permission denied > > See: > https://openqa.opensuse.org/tests/1876405#step/journal_check/23 > > Maybe "usrmerged kernel needs selinux policy adjustments?" > Aug 17 02:16:53.091395 localhost kernel: audit: type=1400 audit(1629166613.084:3): avc: denied { search } for pid=457 comm="systemd-sysctl" name="modules" dev="vda2" ino=833 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir permissive=0 > Aug 17 02:16:53.090940 localhost systemd[1]: Mounting FUSE Control File System... > Aug 17 02:16:53.095085 localhost systemd-sysctl[457]: Failed to open file '/boot/sysctl.conf-5.13.9-1-default', ignoring: Permission denied
Would have been be too easy if that worked :-) Doesn't happen in my test system even though labels of sysctl files vary widely: l -Z /usr/lib/systemd/systemd-sysctl /lib/modules/*/sysctl.conf /usr/lib/sysctl.d/* /etc/sysctl.conf* -rw-r--r--. 1 root root system_u:object_r:system_conf_t:s0 196 Jul 27 10:23 /etc/sysctl.conf -rw-r--r--. 1 root root system_u:object_r:modules_object_t:s0 377 Aug 14 10:23 /lib/modules/5.13.10-2.g1f711ff-kvmsmall/sysctl.conf -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 2171 Jul 27 10:23 /usr/lib/sysctl.d/50-default.conf -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 252 Jul 27 10:23 /usr/lib/sysctl.d/51-network.conf -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 22 May 18 12:14 /usr/lib/sysctl.d/90-kubeadm.conf lrwxrwxrwx. 1 root root system_u:object_r:lib_t:s0 24 Aug 4 22:52 /usr/lib/sysctl.d/99-sysctl.conf -> ../../../etc/sysctl.conf -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 387 Jul 26 12:52 /usr/lib/sysctl.d/README -rwxr-xr-x. 1 root root system_u:object_r:systemd_sysctl_exec_t:s0 22832 Aug 4 22:52 /usr/lib/systemd/systemd-sysctl* Will investigate. Maybe microos loads the policy already in initrd.
is unclear to me why the issue is not reported in audit.log on regular TW, only in a microos install. The failure happens always. Anyway, the policy could be fixed indeed: allow systemd_sysctl_t modules_object_t:dir search; *shrug* However I wonder why we have that file at all though. If it ships with the kernel ie is tied to it wouldn't it make more sense to just compile those defaults into the kernel in the first place? Also, maybe the reason for those settings are worth revisiting. For example the shm limits were increased upstream some years ago, maybe it's no longer required to override? https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=060028bac94bf60a65415d1d55a359c3a17d5c31 vm.dirty_ratio also seems to default to 20 anyway.
If there is a sysctl knob for something we don't patch the kernel but rather ship a configuration file that sets the value - regardless of changing upstream, and sometimes differently in different products, too. The only case when patching the default makes sense is when the default causes a bug/security problem and it needs to be changed from the time the kernel boots to avoid the issue.
(In reply to Michal Suchanek from comment #92) > If there is a sysctl knob for something we don't patch the kernel but rather > ship a configuration file that sets the value - regardless of changing > upstream, and sometimes differently in different products, too. I'd agree if the sysctl file was separate from the kernel ie you could reuse the same binary kernel with different settings (like a branding). That's not the case here though. The sysctl.conf ships with the kernel package and it's not a config file either. So it's just like a built in default except that it needs extra hacks in userspace. The config also has the disadvantage that you do not notice when the upstream default changes while a patch would fail to apply, forcing to rethink the setting :-)
SUSE-SU-2021:2756-1: An update that solves four vulnerabilities and has 37 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE MicroOS 5.0 (src): kernel-default-5.3.18-24.78.1, kernel-default-base-5.3.18-24.78.1.9.36.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): kernel-default-5.3.18-24.78.1, kernel-preempt-5.3.18-24.78.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.78.1, kernel-livepatch-SLE15-SP2_Update_18-1-5.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src): kernel-default-5.3.18-24.78.1 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): kernel-docs-5.3.18-24.78.1, kernel-obs-build-5.3.18-24.78.1, kernel-preempt-5.3.18-24.78.1, kernel-source-5.3.18-24.78.1, kernel-syms-5.3.18-24.78.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): kernel-default-5.3.18-24.78.1, kernel-default-base-5.3.18-24.78.1.9.36.1, kernel-preempt-5.3.18-24.78.1, kernel-source-5.3.18-24.78.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.78.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to Ludwig Nussel from comment #93) > (In reply to Michal Suchanek from comment #92) > > If there is a sysctl knob for something we don't patch the kernel but rather > > ship a configuration file that sets the value - regardless of changing > > upstream, and sometimes differently in different products, too. > > I'd agree if the sysctl file was separate from the kernel ie you could reuse > the same binary kernel with different settings (like a branding). Why couldn't you? The sysctl service can collect settings from multiple files. It makes sense to ship different defaults for -default and -rt kernel, and it makes sense to ship different defaults with product branding or other presets packages as well. > That's not > the case here though. The sysctl.conf ships with the kernel package and it's > not a config file either. So it's just like a built in default except that > it needs extra hacks in userspace. What extra hacks does it need? > The config also has the disadvantage that > you do not notice when the upstream default changes while a patch would fail > to apply, forcing to rethink the setting :-) The upstream default changing and rethinking the settings are two completely separate things. There not being a patch (one in -default and different one in -rt at that) that fails to apply when the default changes as well as when unrelated code changes is a feature. Also every time some setting changes we get a bug report inquiring about the change.
(In reply to Jiri Slaby from comment #67) > The current solution breaks stagings as dimstars notes: > <dimstar_suse> nothing provides suse-release > 20210602 needed by > kernel-default, (got version 1-33.4 provided by MicroOS-release), (got > version 1-33.4 provided by openSUSE-release) We are looping. This commit: commit 913f755c87eeb930ad7b37aeb06742188009fea5 (origin/users/lnussel/packaging/for-next) Author: Ludwig Nussel <ludwig.nussel@suse.de> Date: Mon Aug 9 13:13:03 2021 +0200 Fix filesystem requirement and suse-release requires added Conflicts: suse-release < 16 But MicroOS-release provides suse-release == 1... So Staging:G currently: kernel-default conflicts with MicroOS-release Commenting this out once again :(.
(In reply to Michal Suchanek from comment #95) > The sysctl service can collect settings from multiple files. It makes sense > to ship different defaults for -default and -rt kernel, and it makes sense > to ship different defaults with product branding or other presets packages > as well. What you say it correct but unrelated to the sysctl file in each of those kernel packages IMO :-) rt and default are compiled with different configs already so with that mechanism you can also adjust the defaults for those sysctls. No external run time parsed file would needed to achieve different defaults for different flavors. Looking at "kernel.hung_task_timeout_secs = 0" that our kernels ship as sysctl file for example. That one actually is a kconfig option "CONFIG_DEFAULT_HUNG_TASK_TIMEOUT". Is there a benefit from setting that via sysctl rather than just setting the kconfig option to our default? Product branding on the other hand is not kernel specific. It would place drop-ins into /usr/lib/sysctl.d/. No kernel version or flavor involved. In fact the current mechanism specifically loads exactly one file that is /boot/sysctl.conf-%v and that one is owned by each individual kernel package. So there is no way to add any kernel version or flavor specific sysctl setting via extra package. > > That's not > > the case here though. The sysctl.conf ships with the kernel package and it's > > not a config file either. So it's just like a built in default except that > > it needs extra hacks in userspace. > > What extra hacks does it need? # cat /usr/lib/systemd/system/systemd-sysctl.service.d/50-kernel-uname_r.conf [Unit] RequiresMountsFor=/boot [Service] ExecStartPre=-/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-%v Added by suse-module-tools. So has to make an extra call of systemd-sysctl before the normal one. Reminds me that if that is crucial for the operation of the SUSE kernel, make sure it gets ported to Shanzhai products... :-/ Anyway, selinux policy change on the way, pending package maintainer review.
(In reply to Jiri Slaby from comment #96) > (In reply to Jiri Slaby from comment #67) > > The current solution breaks stagings as dimstars notes: > > <dimstar_suse> nothing provides suse-release > 20210602 needed by > > kernel-default, (got version 1-33.4 provided by MicroOS-release), (got > > version 1-33.4 provided by openSUSE-release) > > We are looping. This commit: > commit 913f755c87eeb930ad7b37aeb06742188009fea5 > (origin/users/lnussel/packaging/for-next) > Author: Ludwig Nussel <ludwig.nussel@suse.de> > Date: Mon Aug 9 13:13:03 2021 +0200 > > Fix filesystem requirement and suse-release requires > > > added > Conflicts: suse-release < 16 > > But MicroOS-release provides suse-release == 1... So Staging:G currently: > kernel-default conflicts with MicroOS-release > > Commenting this out once again :(. But then the previous code would not have worked either. So can't have any relation to suse-release then. Hold on. Have to clarify intentions of microos-release.
And I reverted UsrMerge for now too. When such a kernel submission is accepted (contains 4 stable releases and 1 CVE fix), I will revert the revert and we will try again. Hopefully, the selinux issue will be fixed in the meantime.
It's a staging specific problem
(In reply to Ludwig Nussel from comment #98) > But then the previous code would not have worked either. So can't have any > relation to suse-release then. Hold on. Have to clarify intentions of > microos-release. It indeed did not, I commented that in stable: https://github.com/SUSE/kernel-source/commit/967c6a8bfc85bc78dbcbb220e21cd9f1bb06f573#diff-93ffe7363053e66f7a48c65692989ab870fc78cfefeff633295f6830f3ce1f35
(In reply to Ludwig Nussel from comment #97) > (In reply to Michal Suchanek from comment #95) > > The sysctl service can collect settings from multiple files. It makes sense > > to ship different defaults for -default and -rt kernel, and it makes sense > > to ship different defaults with product branding or other presets packages > > as well. > > What you say it correct but unrelated to the sysctl file in each of those > kernel packages IMO :-) > rt and default are compiled with different configs already so with that > mechanism you can also adjust the defaults for those sysctls. No external The upstream mechanism provided for that purpose are the sysctl settings which we are using. Patching the kernel to change the defaults is a maintenanace nightmare, and completely avoidable one because the sysctl settings exist. > run time parsed file would needed to achieve different defaults for > different flavors. Looking at "kernel.hung_task_timeout_secs = 0" that our > kernels ship as sysctl file for example. That one actually is a kconfig > option "CONFIG_DEFAULT_HUNG_TASK_TIMEOUT". Is there a benefit from setting And many others aren't. > that via sysctl rather than just setting the kconfig option to our default? > > Product branding on the other hand is not kernel specific. It would place > drop-ins into /usr/lib/sysctl.d/. No kernel version or flavor involved. In > fact the current mechanism specifically loads exactly one file that is > /boot/sysctl.conf-%v and that one is owned by each individual kernel > package. So there is no way to add any kernel version or flavor specific > sysctl setting via extra package. The file provided by kernel is tracked in git per kernel version and flavor. You could surely write a service that applies sysctl settings per kernel flavor but nobody cared to write one. Sure, if the file was in some specific location for decades and then you say "shoo, nothing should be here anymore" then that requires some adjustment to the consumers of that file. However, the reason for those changes is the filesystem restructuring, not this sysctl file.
(In reply to Michal Suchanek from comment #102) > (In reply to Ludwig Nussel from comment #97) > > run time parsed file would needed to achieve different defaults for > > different flavors. Looking at "kernel.hung_task_timeout_secs = 0" that our > > kernels ship as sysctl file for example. That one actually is a kconfig > > option "CONFIG_DEFAULT_HUNG_TASK_TIMEOUT". Is there a benefit from setting > > And many others aren't. > > > that via sysctl rather than just setting the kconfig option to our default? Didn't answer my question though :-) I'm asking for the advantages of the sysctl method because of kconfig is actually equivalent or even better (because it avoids an external mechanism) then maybe it's worth introducing kconfig settings [upstream] for the other options too. > > Product branding on the other hand is not kernel specific. It would place > > drop-ins into /usr/lib/sysctl.d/. No kernel version or flavor involved. In > > fact the current mechanism specifically loads exactly one file that is > > /boot/sysctl.conf-%v and that one is owned by each individual kernel > > package. So there is no way to add any kernel version or flavor specific > > sysctl setting via extra package. > > The file provided by kernel is tracked in git per kernel version and flavor. > > You could surely write a service that applies sysctl settings per kernel > flavor but nobody cared to write one. > > Sure, if the file was in some specific location for decades and then you say > "shoo, nothing should be here anymore" then that requires some adjustment to > the consumers of that file. However, the reason for those changes is the > filesystem restructuring, not this sysctl file. You lost me here. From my PoV in the process of moving files around we discovered some old concept (per kernel sysctl file) and settings that are potentially outdated. I guess I shall file a separate bug for evaluating the settings to see what's actually left.
This is an autogenerated message for OBS integration: This bug (1184804) was mentioned in https://build.opensuse.org/request/show/913055 Factory / suse-module-tools
Now resubmitted UsrMerged kernel in sr#913265.
(In reply to Jiri Slaby from comment #105) > Now resubmitted UsrMerged kernel in sr#913265. ACcepted. Can we close this now?
closing. Thanks everyone for your patience!
We need a small follow-up fix for split /usr. Overlooked that use case :/ http://kerncvs.suse.de/gitweb/?p=kernel-source.git;a=patch;h=c7b3d74f219f3b3c8113f76a20766752a1e15767
Ah, and we still need to sort out the "Conflicts:". stable differs from master: -Conflicts: suse-release < 16 +# FIXME: microos in stagings provides only release 1 +#Conflicts: suse-release < 16
IMO that code should be just removed from master too. The conflicts with filesystem is good enough already. As long as the master branch isn't intended to be submitted through staging it doesn't matter though.
This is an autogenerated message for OBS integration: This bug (1184804) was mentioned in https://build.opensuse.org/request/show/923361 15.2 / kernel-source
SUSE-SU-2021:3338-1: An update that solves 6 vulnerabilities and has 54 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-38.25.2, kernel-source-azure-5.3.18-38.25.2, kernel-syms-azure-5.3.18-38.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3338-1: An update that solves 6 vulnerabilities and has 54 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-38.25.2, kernel-source-azure-5.3.18-38.25.2, kernel-syms-azure-5.3.18-38.25.1
SUSE-SU-2021:3339-1: An update that solves 6 vulnerabilities and has 44 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: SUSE MicroOS 5.0 (src): kernel-rt-5.3.18-54.1 SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-54.1, kernel-rt_debug-5.3.18-54.1, kernel-source-rt-5.3.18-54.1, kernel-syms-rt-5.3.18-54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3337-1: An update that solves 6 vulnerabilities and has 44 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src): kernel-azure-5.3.18-18.69.1, kernel-source-azure-5.3.18-18.69.1, kernel-syms-azure-5.3.18-18.69.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3387-1: An update that solves 7 vulnerabilities and has 53 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3759,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-59.27.1, kernel-64kb-5.3.18-59.27.1, kernel-debug-5.3.18-59.27.1, kernel-default-5.3.18-59.27.1, kernel-default-base-5.3.18-59.27.1.18.15.1, kernel-docs-5.3.18-59.27.1, kernel-kvmsmall-5.3.18-59.27.1, kernel-obs-build-5.3.18-59.27.1, kernel-obs-qa-5.3.18-59.27.1, kernel-preempt-5.3.18-59.27.1, kernel-source-5.3.18-59.27.1, kernel-syms-5.3.18-59.27.1, kernel-zfcpdump-5.3.18-59.27.1
SUSE-SU-2021:3387-1: An update that solves 7 vulnerabilities and has 53 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3759,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: SUSE MicroOS 5.1 (src): kernel-default-5.3.18-59.27.1, kernel-default-base-5.3.18-59.27.1.18.15.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-59.27.1, kernel-preempt-5.3.18-59.27.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-59.27.1, kernel-livepatch-SLE15-SP3_Update_7-1-7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-59.27.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-59.27.1, kernel-obs-build-5.3.18-59.27.1, kernel-preempt-5.3.18-59.27.1, kernel-source-5.3.18-59.27.1, kernel-syms-5.3.18-59.27.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-59.27.1, kernel-default-5.3.18-59.27.1, kernel-default-base-5.3.18-59.27.1.18.15.1, kernel-preempt-5.3.18-59.27.1, kernel-source-5.3.18-59.27.1, kernel-zfcpdump-5.3.18-59.27.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-59.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3415-1: An update that solves 18 vulnerabilities and has 119 fixes is now available. Category: security (important) Bug References: 1065729,1124431,1127650,1135481,1148868,1152489,1154353,1159886,1167032,1167773,1168202,1170774,1171420,1171688,1173746,1174003,1175543,1176447,1176940,1177028,1177399,1178134,1180141,1180347,1181006,1181972,1184114,1184439,1184611,1184804,1185302,1185550,1185675,1185677,1185726,1185762,1185898,1187211,1187455,1187591,1187619,1188067,1188172,1188270,1188412,1188418,1188439,1188616,1188651,1188694,1188700,1188878,1188924,1188983,1188985,1188986,1189153,1189225,1189257,1189262,1189297,1189301,1189399,1189400,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1189884,1190022,1190023,1190025,1190062,1190115,1190117,1190131,1190138,1190159,1190181,1190358,1190406,1190412,1190413,1190428,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,859220 CVE References: CVE-2020-12770,CVE-2020-3702,CVE-2021-34556,CVE-2021-35477,CVE-2021-3653,CVE-2021-3656,CVE-2021-3669,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-3759,CVE-2021-3764,CVE-2021-38160,CVE-2021-38198,CVE-2021-40490 JIRA References: Sources used: SUSE MicroOS 5.1 (src): kernel-rt-5.3.18-57.1 SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-57.1, kernel-rt_debug-5.3.18-57.1, kernel-source-rt-5.3.18-57.1, kernel-syms-rt-5.3.18-57.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3447-1: An update that solves 6 vulnerabilities and has 44 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: SUSE MicroOS 5.0 (src): kernel-default-5.3.18-24.86.2, kernel-default-base-5.3.18-24.86.2.9.40.2, kmod-25-6.10.1, perl-Bootloader-0.931-3.5.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): kernel-default-5.3.18-24.86.2, kernel-preempt-5.3.18-24.86.2 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.86.2, kernel-livepatch-SLE15-SP2_Update_20-1-5.3.2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src): kernel-default-5.3.18-24.86.2 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): kernel-docs-5.3.18-24.86.2, kernel-obs-build-5.3.18-24.86.2, kernel-preempt-5.3.18-24.86.2, kernel-source-5.3.18-24.86.2, kernel-syms-5.3.18-24.86.1, perl-Bootloader-0.931-3.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): kernel-default-5.3.18-24.86.2, kernel-default-base-5.3.18-24.86.2.9.40.2, kernel-preempt-5.3.18-24.86.2, kernel-source-5.3.18-24.86.2, kmod-25-6.10.1, perl-Bootloader-0.931-3.5.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.86.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3447-1: An update that solves 6 vulnerabilities and has 44 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: openSUSE Leap 15.3 (src): kmod-25-6.10.1
openSUSE-SU-2021:1357-1: An update that solves 6 vulnerabilities and has 43 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: openSUSE Leap 15.2 (src): kernel-debug-5.3.18-lp152.95.1, kernel-default-5.3.18-lp152.95.1, kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1, kernel-docs-5.3.18-lp152.95.1, kernel-kvmsmall-5.3.18-lp152.95.1, kernel-obs-build-5.3.18-lp152.95.1, kernel-obs-qa-5.3.18-lp152.95.1, kernel-preempt-5.3.18-lp152.95.1, kernel-source-5.3.18-lp152.95.1, kernel-syms-5.3.18-lp152.95.1
openSUSE-SU-2021:1365-1: An update that solves 6 vulnerabilities and has 44 fixes is now available. Category: security (important) Bug References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292 CVE References: CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 JIRA References: Sources used: openSUSE Leap 15.2 (src): kmod-25-lp152.8.3.1, kmod-testsuite-25-lp152.8.3.2
openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available. Category: security (important) Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802 CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739 JIRA References: SLE-22573 Sources used: openSUSE Leap 15.3 (src): kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available. Category: security (important) Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802 CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739 JIRA References: SLE-22573 Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2 SUSE Linux Enterprise Module for Live Patching 15-SP1 (src): kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2 SUSE Linux Enterprise High Availability 15-SP1 (src): kernel-default-4.12.14-197.102.2 SUSE Enterprise Storage 6 (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2 SUSE CaaS Platform 4.0 (src): kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802 CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1 SUSE Linux Enterprise Server 15-LTSS (src): kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-150.78.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3972-1: An update that solves 40 vulnerabilities and has 47 fixes is now available. Category: security (important) Bug References: 1087082,1100416,1108488,1129735,1129898,1133374,1153720,1171420,1176724,1176931,1180624,1181854,1181855,1183050,1183861,1184673,1184804,1185377,1185677,1185726,1185727,1185758,1185973,1186063,1186482,1186483,1186672,1188026,1188172,1188563,1188601,1188613,1188838,1188842,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189400,1189418,1189420,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190118,1190159,1190276,1190349,1190350,1190351,1190432,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191318,1191529,1191530,1191628,1191660,1191790,1191801,1191813,1191961,1192036,1192045,1192048,1192267,1192379,1192400,1192444,1192549,1192775,1192781,1192802 CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2 SUSE OpenStack Cloud 9 (src): kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2 SUSE Linux Enterprise Server for SAP 12-SP4 (src): kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2 SUSE Linux Enterprise Server 12-SP4-LTSS (src): kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2 SUSE Linux Enterprise Live Patching 12-SP4 (src): kernel-default-4.12.14-95.83.2, kgraft-patch-SLE12-SP4_Update_23-1-6.3.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.83.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0068-1: An update that solves 16 vulnerabilities and has 26 fixes is now available. Category: security (important) Bug References: 1114648,1124431,1167162,1169514,1172073,1179599,1183678,1183897,1184804,1185727,1185762,1187167,1189126,1189158,1189305,1189841,1190317,1190358,1190428,1191229,1191384,1191731,1191876,1192032,1192145,1192267,1192740,1192845,1192847,1192866,1192877,1192946,1192974,1193231,1193306,1193318,1193440,1193442,1193575,1193731,1194087,1194094 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-4002,CVE-2021-43975,CVE-2021-43976,CVE-2021-45485,CVE-2021-45486 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): kernel-default-4.12.14-122.106.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): kernel-docs-4.12.14-122.106.1, kernel-obs-build-4.12.14-122.106.1 SUSE Linux Enterprise Server 12-SP5 (src): kernel-default-4.12.14-122.106.1, kernel-source-4.12.14-122.106.1, kernel-syms-4.12.14-122.106.1 SUSE Linux Enterprise Live Patching 12-SP5 (src): kernel-default-4.12.14-122.106.1, kgraft-patch-SLE12-SP5_Update_27-1-8.3.1 SUSE Linux Enterprise High Availability 12-SP5 (src): kernel-default-4.12.14-122.106.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0080-1: An update that solves 18 vulnerabilities and has 28 fixes is now available. Category: security (important) Bug References: 1114648,1124431,1167162,1169514,1172073,1179599,1183678,1183897,1184804,1185727,1185762,1187167,1189126,1189158,1189305,1189841,1190317,1190358,1190428,1191229,1191384,1191731,1191876,1192032,1192145,1192267,1192740,1192845,1192847,1192866,1192877,1192946,1192974,1192987,1193231,1193306,1193318,1193440,1193442,1193575,1193669,1193727,1193731,1194001,1194087,1194094 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-43975,CVE-2021-43976,CVE-2021-45485,CVE-2021-45486 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): kernel-azure-4.12.14-16.85.1, kernel-source-azure-4.12.14-16.85.1, kernel-syms-azure-4.12.14-16.85.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0090-1: An update that solves 15 vulnerabilities, contains one feature and has 18 fixes is now available. Category: security (important) Bug References: 1114648,1124431,1167162,1179599,1183678,1183897,1184804,1185727,1185762,1187167,1189126,1189305,1189841,1190358,1191229,1191384,1192032,1192145,1192267,1192740,1192845,1192847,1192877,1192946,1192974,1193231,1193306,1193318,1193440,1193442,1193731,1194087,1194094 CVE References: CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-4002,CVE-2021-43975,CVE-2021-43976,CVE-2021-45485,CVE-2021-45486 JIRA References: SLE-17288 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP5 (src): kernel-rt-4.12.14-10.73.1, kernel-rt_debug-4.12.14-10.73.1, kernel-source-rt-4.12.14-10.73.1, kernel-syms-rt-4.12.14-10.73.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0366-1: An update that solves 27 vulnerabilities and has 23 fixes is now available. Category: security (critical) Bug References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 JIRA References: Sources used: openSUSE Leap 15.4 (src): kernel-debug-4.12.14-197.105.1, kernel-default-4.12.14-197.105.1, kernel-kvmsmall-4.12.14-197.105.1, kernel-vanilla-4.12.14-197.105.1, kernel-zfcpdump-4.12.14-197.105.1 openSUSE Leap 15.3 (src): kernel-debug-4.12.14-197.105.1, kernel-default-4.12.14-197.105.1, kernel-kvmsmall-4.12.14-197.105.1, kernel-vanilla-4.12.14-197.105.1, kernel-zfcpdump-4.12.14-197.105.1
SUSE-SU-2022:0367-1: An update that solves 27 vulnerabilities and has 23 fixes is now available. Category: security (critical) Bug References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193506,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1 SUSE Linux Enterprise Server 15-LTSS (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1, kernel-zfcpdump-4.12.14-150.83.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-150.83.1, kernel-livepatch-SLE15_Update_27-1-1.5.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-150.83.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0366-1: An update that solves 27 vulnerabilities and has 23 fixes is now available. Category: security (critical) Bug References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1, kernel-zfcpdump-4.12.14-197.105.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise Module for Live Patching 15-SP1 (src): kernel-default-4.12.14-197.105.1, kernel-livepatch-SLE15-SP1_Update_28-1-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise High Availability 15-SP1 (src): kernel-default-4.12.14-197.105.1 SUSE Enterprise Storage 6 (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE CaaS Platform 4.0 (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0371-1: An update that solves 27 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 1071995,1124431,1167162,1169514,1172073,1177101,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193507,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE OpenStack Cloud 9 (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE Linux Enterprise Live Patching 12-SP4 (src): kernel-default-4.12.14-95.88.1, kgraft-patch-SLE12-SP4_Update_24-1-6.5.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.88.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.