Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firecracker for openSUSE:Factory checked in at 2026-04-16 19:28:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firecracker (Old) and /work/SRC/openSUSE:Factory/.firecracker.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firecracker" Thu Apr 16 19:28:00 2026 rev:22 rq:1347307 version:1.15.1 Changes: -------- --- /work/SRC/openSUSE:Factory/firecracker/firecracker.changes 2026-03-16 14:20:45.693837263 +0100 +++ /work/SRC/openSUSE:Factory/.firecracker.new.11940/firecracker.changes 2026-04-16 19:28:03.846944703 +0200 @@ -1,0 +2,40 @@ +Thu Apr 09 13:20:35 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.15.1: + * Fixed + - #5762: Cap virtio-rng per-request entropy to 64 KiB. + Previously, a guest could construct a descriptor chain that + caused Firecracker to allocate more host memory than the + guest actually provided, potentially leading to excessive + host memory consumption. + - #5818: Enforce the virtio device initialization sequence in + the PCI transport, matching the existing MMIO transport + behavior. The PCI transport now validates device status + transitions, rejects queue configuration writes outside the + FEATURES_OK to DRIVER_OK window, rejects feature negotiation + outside the DRIVER state, blocks re-initialization after a + failed reset, and sets DEVICE_NEEDS_RESET when device + activation fails. This fixes CVE-2026-5747. + - #5818: Reject device status writes that clear previously set + bits in the MMIO transport, except for reset. + - #5780: Fixed missing /sys/devices/system/cpu/cpu*/cache/* in + aarch64 guests when running on host kernels >= 6.3 with guest + kernels >= 6.1.156. + - #5793: Fixed virtio-mem plug/unplug skipping KVM slot updates + for memory blocks not aligned to a slot boundary. On plug, + this could leave hotplugged memory inaccessible to the guest. + On unplug, the guest could retain access to memory that + Firecracker considered freed. + - #5794: Bound balloon statistics descriptor length to prevent + a guest-controlled oversized descriptor from temporarily + stalling the VMM event loop. Only affects microVMs with + stats_polling_interval_s > 0. + - #5809: Fixed a bug on host Linux >= 5.16 for x86_64 guests + using the kvm-clock clock source causing the monotonic clock + to jump on restore by the wall-clock time elapsed since the + snapshot was taken. Users using kvm-clock that want to + explicitly advance the clock with KVM_CLOCK_REALTIME can opt + back in using the new clock_realtime flag in LoadSnapshot + API. + +------------------------------------------------------------------- Old: ---- firecracker-1.15.0.obscpio New: ---- firecracker-1.15.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firecracker.spec ++++++ --- /var/tmp/diff_new_pack.T2Wd4E/_old 2026-04-16 19:28:09.703186106 +0200 +++ /var/tmp/diff_new_pack.T2Wd4E/_new 2026-04-16 19:28:09.715186600 +0200 @@ -17,7 +17,7 @@ Name: firecracker -Version: 1.15.0 +Version: 1.15.1 Release: 0 Summary: Virtual Machine Monitor for creating microVMs License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.T2Wd4E/_old 2026-04-16 19:28:09.959196658 +0200 +++ /var/tmp/diff_new_pack.T2Wd4E/_new 2026-04-16 19:28:09.979197483 +0200 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/firecracker-microvm/firecracker.git</param> <param name="scm">git</param> - <param name="revision">v1.15.0</param> + <param name="revision">v1.15.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.T2Wd4E/_old 2026-04-16 19:28:10.127203584 +0200 +++ /var/tmp/diff_new_pack.T2Wd4E/_new 2026-04-16 19:28:10.163205068 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/firecracker-microvm/firecracker.git</param> - <param name="changesrevision">7db02adc28eaeb5f54a0d4a8c312e7e9954070b6</param></service></servicedata> + <param name="changesrevision">f82c0bd0f0a74015642a0d452880f3ad10147b14</param></service></servicedata> (No newline at EOF) ++++++ firecracker-1.15.0.obscpio -> firecracker-1.15.1.obscpio ++++++ ++++ 3497 lines of diff (skipped) ++++++ firecracker.obsinfo ++++++ --- /var/tmp/diff_new_pack.T2Wd4E/_old 2026-04-16 19:28:13.207330551 +0200 +++ /var/tmp/diff_new_pack.T2Wd4E/_new 2026-04-16 19:28:13.219331045 +0200 @@ -1,5 +1,5 @@ name: firecracker -version: 1.15.0 -mtime: 1773069327 -commit: 7db02adc28eaeb5f54a0d4a8c312e7e9954070b6 +version: 1.15.1 +mtime: 1775574122 +commit: f82c0bd0f0a74015642a0d452880f3ad10147b14 ++++++ vendor.tar.xz ++++++ /work/SRC/openSUSE:Factory/firecracker/vendor.tar.xz /work/SRC/openSUSE:Factory/.firecracker.new.11940/vendor.tar.xz differ: char 15, line 1
