Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2015-11-17 14:19:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes 2015-11-06 00:04:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes 2015-11-17 14:19:32.000000000 +0100 @@ -1,0 +2,55 @@ +Thu Nov 12 18:25:54 CET 2015 - ti...@suse.de + +- Clear CONFIG_FW_LOADER_USER_HELPER_FALLBACK in vanilla configs (boo#944661) + armv7hl/vanilla still contains it because of boo#951260 +- commit 18c4504 + +------------------------------------------------------------------- +Wed Nov 11 12:33:59 CET 2015 - ti...@suse.de + +- Refresh tags in patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont. +- commit 9005e93 + +------------------------------------------------------------------- +Wed Nov 11 12:33:32 CET 2015 - ti...@suse.de + +- ALSA: hda - Fix lost 4k BDL boundary workaround (bnc#814440). +- commit 05bd5d3 + +------------------------------------------------------------------- +Tue Nov 10 11:19:14 CET 2015 - jbeul...@suse.com + +- Refresh Xen patches: + - Several fixes for Dom0 use of PV flavor. + - Interrupt setup fix for Xen flavor. +- supported.conf: blktap.ko is unsupported. +- commit 52f9791 + +------------------------------------------------------------------- +Fri Nov 6 21:52:16 CET 2015 - je...@suse.com + +- patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task: fix incomplete backport +- commit 1e85ded + +------------------------------------------------------------------- +Fri Nov 6 21:33:46 CET 2015 - je...@suse.com + +- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit + another task (bsc#921949). +- commit d7c44a5 + +------------------------------------------------------------------- +Fri Nov 6 20:39:54 CET 2015 - ti...@suse.de + +- Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled + (boo#883192). +- commit 8e60887 + +------------------------------------------------------------------- +Tue Nov 3 18:42:12 CET 2015 - jbeul...@suse.com + +- Update Xen patches to 4.3-final and c/s 1298. +- Update Xen config files. +- commit 2b74ad8 + +------------------------------------------------------------------- kernel-default.changes: same change kernel-docs.changes: same change kernel-ec2.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa-xen.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-pv.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-xen.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -29,7 +29,7 @@ Group: Documentation/Man Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif ++++++ kernel-ec2.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -47,7 +47,7 @@ Group: SLES Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif kernel-obs-qa-xen.spec: same change kernel-obs-qa.spec: same change ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif kernel-pv.spec: same change ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -32,7 +32,7 @@ Group: Development/Sources Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -27,7 +27,7 @@ Version: 4.3.0 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:41.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:41.000000000 +0100 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.3.0 %if 0%{?is_kotd} -Release: <RELEASE>.g7b374a4 +Release: <RELEASE>.g734b32c %else Release: 0 %endif kernel-xen.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/vanilla new/config/arm64/vanilla --- old/config/arm64/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/arm64/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1457,7 +1457,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv6hl/vanilla new/config/armv6hl/vanilla --- old/config/armv6hl/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/armv6hl/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1547,7 +1547,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/ec2 new/config/i386/ec2 --- old/config/i386/ec2 2015-11-02 15:00:23.000000000 +0100 +++ new/config/i386/ec2 2015-11-12 18:27:31.000000000 +0100 @@ -1698,7 +1698,7 @@ # Microsoft Hyper-V guest support # CONFIG_XEN=y -CONFIG_XEN_INTERFACE_VERSION=0x00040500 +CONFIG_XEN_INTERFACE_VERSION=0x00040600 # # XEN @@ -1714,19 +1714,21 @@ CONFIG_XEN_KEYBOARD=y # CONFIG_XEN_DISABLE_SERIAL is not set CONFIG_XEN_NR_GUEST_DEVICES=64 -# CONFIG_XEN_COMPAT_030002_AND_LATER is not set -CONFIG_XEN_COMPAT_030004_AND_LATER=y -# CONFIG_XEN_COMPAT_030100_AND_LATER is not set -# CONFIG_XEN_COMPAT_030200_AND_LATER is not set -# CONFIG_XEN_COMPAT_030300_AND_LATER is not set -# CONFIG_XEN_COMPAT_030400_AND_LATER is not set +CONFIG_XEN_COMPAT_3x=y # CONFIG_XEN_COMPAT_040000_AND_LATER is not set # CONFIG_XEN_COMPAT_040100_AND_LATER is not set # CONFIG_XEN_COMPAT_040200_AND_LATER is not set # CONFIG_XEN_COMPAT_040300_AND_LATER is not set # CONFIG_XEN_COMPAT_040400_AND_LATER is not set # CONFIG_XEN_COMPAT_040500_AND_LATER is not set +# CONFIG_XEN_COMPAT_040600_AND_LATER is not set # CONFIG_XEN_COMPAT_LATEST_ONLY is not set +# CONFIG_XEN_COMPAT_030002_AND_LATER is not set +CONFIG_XEN_COMPAT_030004_AND_LATER=y +# CONFIG_XEN_COMPAT_030100_AND_LATER is not set +# CONFIG_XEN_COMPAT_030200_AND_LATER is not set +# CONFIG_XEN_COMPAT_030300_AND_LATER is not set +# CONFIG_XEN_COMPAT_030400_AND_LATER is not set CONFIG_XEN_COMPAT=0x030004 CONFIG_HAVE_IRQ_IGNORE_UNHANDLED=y CONFIG_ARCH_HAS_WALK_MEMORY=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/vanilla new/config/i386/vanilla --- old/config/i386/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/i386/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1729,7 +1729,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/xen new/config/i386/xen --- old/config/i386/xen 2015-11-02 15:00:23.000000000 +0100 +++ new/config/i386/xen 2015-11-12 18:27:31.000000000 +0100 @@ -5732,7 +5732,7 @@ # Microsoft Hyper-V guest support # CONFIG_XEN=y -CONFIG_XEN_INTERFACE_VERSION=0x00040500 +CONFIG_XEN_INTERFACE_VERSION=0x00040600 # # XEN @@ -5766,18 +5766,14 @@ CONFIG_XEN_KEYBOARD=y # CONFIG_XEN_DISABLE_SERIAL is not set CONFIG_XEN_NR_GUEST_DEVICES=256 -# CONFIG_XEN_COMPAT_030002_AND_LATER is not set -# CONFIG_XEN_COMPAT_030004_AND_LATER is not set -# CONFIG_XEN_COMPAT_030100_AND_LATER is not set -# CONFIG_XEN_COMPAT_030200_AND_LATER is not set -# CONFIG_XEN_COMPAT_030300_AND_LATER is not set -# CONFIG_XEN_COMPAT_030400_AND_LATER is not set +# CONFIG_XEN_COMPAT_3x is not set # CONFIG_XEN_COMPAT_040000_AND_LATER is not set CONFIG_XEN_COMPAT_040100_AND_LATER=y # CONFIG_XEN_COMPAT_040200_AND_LATER is not set # CONFIG_XEN_COMPAT_040300_AND_LATER is not set # CONFIG_XEN_COMPAT_040400_AND_LATER is not set # CONFIG_XEN_COMPAT_040500_AND_LATER is not set +# CONFIG_XEN_COMPAT_040600_AND_LATER is not set # CONFIG_XEN_COMPAT_LATEST_ONLY is not set CONFIG_XEN_COMPAT=0x040100 CONFIG_XEN_VCPU_INFO_PLACEMENT=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc/vanilla new/config/ppc/vanilla --- old/config/ppc/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/ppc/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1415,7 +1415,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/vanilla new/config/ppc64/vanilla --- old/config/ppc64/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/ppc64/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1448,7 +1448,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/vanilla new/config/ppc64le/vanilla --- old/config/ppc64le/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/ppc64le/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1393,7 +1393,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/vanilla new/config/s390x/vanilla --- old/config/s390x/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/s390x/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1157,8 +1157,7 @@ CONFIG_FW_LOADER=y # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" -CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_ALLOW_DEV_COREDUMP=y # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/ec2 new/config/x86_64/ec2 --- old/config/x86_64/ec2 2015-11-02 15:00:23.000000000 +0100 +++ new/config/x86_64/ec2 2015-11-12 18:27:31.000000000 +0100 @@ -1686,7 +1686,7 @@ # Microsoft Hyper-V guest support # CONFIG_XEN=y -CONFIG_XEN_INTERFACE_VERSION=0x00040500 +CONFIG_XEN_INTERFACE_VERSION=0x00040600 # # XEN @@ -1702,19 +1702,21 @@ CONFIG_XEN_KEYBOARD=y # CONFIG_XEN_DISABLE_SERIAL is not set CONFIG_XEN_NR_GUEST_DEVICES=64 -# CONFIG_XEN_COMPAT_030002_AND_LATER is not set -CONFIG_XEN_COMPAT_030004_AND_LATER=y -# CONFIG_XEN_COMPAT_030100_AND_LATER is not set -# CONFIG_XEN_COMPAT_030200_AND_LATER is not set -# CONFIG_XEN_COMPAT_030300_AND_LATER is not set -# CONFIG_XEN_COMPAT_030400_AND_LATER is not set +CONFIG_XEN_COMPAT_3x=y # CONFIG_XEN_COMPAT_040000_AND_LATER is not set # CONFIG_XEN_COMPAT_040100_AND_LATER is not set # CONFIG_XEN_COMPAT_040200_AND_LATER is not set # CONFIG_XEN_COMPAT_040300_AND_LATER is not set # CONFIG_XEN_COMPAT_040400_AND_LATER is not set # CONFIG_XEN_COMPAT_040500_AND_LATER is not set +# CONFIG_XEN_COMPAT_040600_AND_LATER is not set # CONFIG_XEN_COMPAT_LATEST_ONLY is not set +# CONFIG_XEN_COMPAT_030002_AND_LATER is not set +CONFIG_XEN_COMPAT_030004_AND_LATER=y +# CONFIG_XEN_COMPAT_030100_AND_LATER is not set +# CONFIG_XEN_COMPAT_030200_AND_LATER is not set +# CONFIG_XEN_COMPAT_030300_AND_LATER is not set +# CONFIG_XEN_COMPAT_030400_AND_LATER is not set CONFIG_XEN_COMPAT=0x030004 CONFIG_HAVE_IRQ_IGNORE_UNHANDLED=y CONFIG_ARCH_HAS_WALK_MEMORY=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/vanilla new/config/x86_64/vanilla --- old/config/x86_64/vanilla 2015-11-02 15:00:23.000000000 +0100 +++ new/config/x86_64/vanilla 2015-11-12 18:27:31.000000000 +0100 @@ -1703,7 +1703,7 @@ # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/xen new/config/x86_64/xen --- old/config/x86_64/xen 2015-11-02 15:00:23.000000000 +0100 +++ new/config/x86_64/xen 2015-11-12 18:27:31.000000000 +0100 @@ -5671,7 +5671,7 @@ # Microsoft Hyper-V guest support # CONFIG_XEN=y -CONFIG_XEN_INTERFACE_VERSION=0x00040500 +CONFIG_XEN_INTERFACE_VERSION=0x00040600 # # XEN @@ -5705,18 +5705,14 @@ CONFIG_XEN_KEYBOARD=y # CONFIG_XEN_DISABLE_SERIAL is not set CONFIG_XEN_NR_GUEST_DEVICES=2048 -# CONFIG_XEN_COMPAT_030002_AND_LATER is not set -# CONFIG_XEN_COMPAT_030004_AND_LATER is not set -# CONFIG_XEN_COMPAT_030100_AND_LATER is not set -# CONFIG_XEN_COMPAT_030200_AND_LATER is not set -# CONFIG_XEN_COMPAT_030300_AND_LATER is not set -# CONFIG_XEN_COMPAT_030400_AND_LATER is not set +# CONFIG_XEN_COMPAT_3x is not set # CONFIG_XEN_COMPAT_040000_AND_LATER is not set CONFIG_XEN_COMPAT_040100_AND_LATER=y # CONFIG_XEN_COMPAT_040200_AND_LATER is not set # CONFIG_XEN_COMPAT_040300_AND_LATER is not set # CONFIG_XEN_COMPAT_040400_AND_LATER is not set # CONFIG_XEN_COMPAT_040500_AND_LATER is not set +# CONFIG_XEN_COMPAT_040600_AND_LATER is not set # CONFIG_XEN_COMPAT_LATEST_ONLY is not set CONFIG_XEN_COMPAT=0x040100 CONFIG_XEN_VCPU_INFO_PLACEMENT=y ++++++ patches.apparmor.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task new/patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task --- old/patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task 2015-11-06 21:52:16.000000000 +0100 @@ -0,0 +1,45 @@ +From: Jeff Mahoney <je...@suse.com> +Subject: apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another + task +References: bsc#921949 +Patch-mainline: Submitted, appar...@lists.ubuntu.com 6 Nov 2015 + +While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit +on another task. The only other example of a AppArmor mediating access to +another, already running, task (ignoring fork+exec) is ptrace. + +The AppArmor model for ptrace is that one of the following must be true: +1) The tracer is unconfined +2) The tracer is in complain mode +3) The tracer and tracee are confined by the same profile +4) The tracer is confined but has SYS_CAP_PTRACE + +1), 2, and 3) are already true for setrlimit. + +We can match the ptrace model just by allowing CAP_SYS_RESOURCE. + +We still test the values of the rlimit since it can always be overriden +using a value that means unlimited for a particular resource. + +Signed-off-by: Jeff Mahoney <je...@suse.com> +--- + security/apparmor/resource.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/security/apparmor/resource.c ++++ b/security/apparmor/resource.c +@@ -101,9 +101,11 @@ int aa_task_setrlimit(struct aa_profile + /* TODO: extend resource control to handle other (non current) + * profiles. AppArmor rules currently have the implicit assumption + * that the task is setting the resource of a task confined with +- * the same profile. ++ * the same profile or that the task setting the resource of another ++ * task has CAP_SYS_RESOURCE. + */ +- if (profile != task_profile || ++ if ((profile != task_profile && ++ aa_capable(profile, CAP_SYS_RESOURCE, 1)) || + (profile->rlimits.mask & (1 << resource) && + new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) + error = -EACCES; + ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont new/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont --- old/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont 2015-11-02 15:56:47.000000000 +0100 +++ new/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont 2015-11-11 12:33:59.000000000 +0100 @@ -3,8 +3,7 @@ Date: Tue, 27 Oct 2015 14:21:51 +0100 Subject: [PATCH] ALSA: hda - Disable 64bit address for Creative HDA controllers Git-commit: cadd16ea33a938d49aee99edd4758cc76048b399 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -Patch-mainline: Queued in subsystem maintainer repository +Patch-mainline: v4.4-rc1 References: bnc#814440 We've had many reports that some Creative sound cards with CA0132 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Fix-lost-4k-BDL-boundary-workaround new/patches.drivers/ALSA-hda-Fix-lost-4k-BDL-boundary-workaround --- old/patches.drivers/ALSA-hda-Fix-lost-4k-BDL-boundary-workaround 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/ALSA-hda-Fix-lost-4k-BDL-boundary-workaround 2015-11-11 12:33:59.000000000 +0100 @@ -0,0 +1,36 @@ +From de1ab6af5c3d92c0a031083962a7ff270cf301b7 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <ti...@suse.de> +Date: Mon, 2 Nov 2015 17:35:34 +0100 +Subject: [PATCH] ALSA: hda - Fix lost 4k BDL boundary workaround +Git-commit: de1ab6af5c3d92c0a031083962a7ff270cf301b7 +Patch-mainline: v4.4-rc1 +References: bnc#814440 + +During the migration to HDA core code, we lost the workaround for 4k +BDL boundary. The flag exists in the new hdac_bus, but it's never +set. This resulted in the sudden sound stall on some controllers that +require this workaround like Creative Recon3D. + +This patch fixes the issue by setting the flag for such controllers +properly. + +Fixes: ccc98865aa44 ('ALSA: hda - Migrate more hdac_stream codes') +Cc: <sta...@vger.kernel.org> # v4.2+ +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + sound/pci/hda/hda_controller.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/pci/hda/hda_controller.c ++++ b/sound/pci/hda/hda_controller.c +@@ -1060,6 +1060,9 @@ int azx_bus_init(struct azx *chip, const + bus->needs_damn_long_delay = 1; + } + ++ if (chip->driver_caps & AZX_DCAPS_4K_BDLE_BOUNDARY) ++ bus->core.align_bdle_4k = true; ++ + /* AMD chipsets often cause the communication stalls upon certain + * sequence like the pin-detection. It seems that forcing the synced + * access works around the stall. Grrr... ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/Input-elantech-add-Fujitsu-Lifebook-U745-to-force-cr new/patches.fixes/Input-elantech-add-Fujitsu-Lifebook-U745-to-force-cr --- old/patches.fixes/Input-elantech-add-Fujitsu-Lifebook-U745-to-force-cr 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/Input-elantech-add-Fujitsu-Lifebook-U745-to-force-cr 2015-11-06 20:39:54.000000000 +0100 @@ -0,0 +1,35 @@ +From: Takashi Iwai <ti...@suse.de> +Date: Fri, 6 Nov 2015 20:01:25 +0100 +Subject: [PATCH] Input: elantech - add Fujitsu Lifebook U745 to force + crc_enabled +Patch-mainline: Submitted, Fri, 6 Nov 2015 20:01:25 +0100, linux-input ML +References: boo#883192 +Message-id: <1446836485-1006-1-git-send-email-ti...@suse.de> + +Another Lifebook machine that needs the same quirk as other similar +models to make the driver working. + +Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=883192 +Cc: <sta...@vger.kernel.org> +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + drivers/input/mouse/elantech.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/input/mouse/elantech.c ++++ b/drivers/input/mouse/elantech.c +@@ -1520,6 +1520,13 @@ static const struct dmi_system_id elante + DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E544"), + }, + }, ++ { ++ /* Fujitsu LIFEBOOK U745 does not work with crc_enabled == 0 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK U745"), ++ }, ++ }, + #endif + { } + }; ++++++ patches.xen.tar.bz2 ++++++ ++++ 22106 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:44.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:44.000000000 +0100 @@ -393,11 +393,13 @@ ######################################################## # patches.suse/SUSE-bootsplash # patches.suse/SUSE-bootsplash-mgadrmfb-workaround + patches.fixes/Input-elantech-add-Fujitsu-Lifebook-U745-to-force-cr ########################################################## # Sound ########################################################## patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont + patches.drivers/ALSA-hda-Fix-lost-4k-BDL-boundary-workaround ######################################################## # Char / serial @@ -451,6 +453,7 @@ patches.apparmor/apparmor-compatibility-patch-for-v5-network-control # patches.apparmor/apparmor-profiles-seq_file patches.apparmor/apparmor-temporary-work-around-for-bug-while-unloadi + patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task ######################################################## # Address space layout randomization @@ -593,7 +596,7 @@ patches.xen/xen3-patch-4.0 patches.xen/xen3-patch-4.1 patches.xen/xen3-patch-4.2 - patches.xen/xen3-patch-4.3-rc5 + patches.xen/xen3-patch-4.3 # ports of other patches patches.xen/xen3-stack-unwind ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:44.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:44.000000000 +0100 @@ -1,3 +1,3 @@ -2015-11-02 16:35:09 +0100 -GIT Revision: 7b374a4af8a6bf8109b917f5c839dcd85b607ec0 +2015-11-14 17:19:19 +0100 +GIT Revision: 734b32cf0922caa8e74d631ca38a9a342ba72fcc GIT Branch: stable ++++++ supported.conf ++++++ --- /var/tmp/diff_new_pack.6lB8xN/_old 2015-11-17 14:19:44.000000000 +0100 +++ /var/tmp/diff_new_pack.6lB8xN/_new 2015-11-17 14:19:44.000000000 +0100 @@ -1868,7 +1868,7 @@ drivers/xen/blkback/blkbk # Xen block device backend drivers/xen/blkback/blkback-pagemap +base drivers/xen/blkfront/xenblk # Xen block device frontend - drivers/xen/blktap/blktap +- drivers/xen/blktap/blktap drivers/xen/blktap2/blktap2 drivers/xen/blktap2-new/xen-blktap drivers/xen/core/domctl