Das erste Kernel-Update für openSUSE 12.1 ist draußen und behebt unzählige Fehler und schließt einige Sicherheitslecks. Es beinhaltet zugleich alle 9 Patchlevel-Versionen vom Upstream, dass noch viele weitere Fehler behebt. Besonders fällt im nachfolgenden ChangeLog aus der RPM auf, dass eine ganze Reihe von Patches zum Dateisystem btrfs enthalten sind.

Das Kernel-Update kann über YaST2 oder per zypper eingespielt werden:

zypper up

Die offizielle Ankündigung zum Kernel-Update werde ich an dieser Stelle nachreichen.

Ein Auszug der Changelog aus der RPM:

• patches.fixes/drm-radeon-kms-fix-i2c-masks.patch: Add git commit ID.
• ALSA: hda/realtek – Skip invalid digital out pins (bnc#727348)
• ALSA: hda – Add missing static ADC tables for ALC269 quirks.
• patches.fixes/hfs-fix-hfs_find_init-sb-ext_tree-null-ptr-oops.patch: hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops (CVE-2011-2203 bnc#699709)
• X86: Solve Dell Latitudes do not reboot on x86_64 more generally.
• sunrpc: wake up SOFTCONN tasks when a connection error happens (bnc#679059)
• Linux 3.1.1.
• Update config files.
• Refresh patches.fixes/scsi-dh-queuedata-accessors.
• Refresh patches.suse/staging-hv-staging-next-20110829-0327-Staging-hv-storvsc-Add-the-contents-of-hyperv_sto.patch.
• Delete patches.drivers/alsa-hda-0002-Keep-EAPD-turned-on-for-old-Conexant-chips.
• Delete patches.drivers/alsa-hda-0003-Fix-ADC-input-amp-handling-for-Cx20549.
• Delete patches.drivers/alsa-hda-0004-Add-missing-static-ADC-tables-for-ALC269-qu.
• Delete patches.drivers/alsa-hda-0005-realtek-Skip-invalid-digital-out-pins.
• Delete patches.fixes/drm-radeon-kms-fix-i2c-masks.patch.
• Delete patches.suse/staging-hv-staging-next-20111001-0058-staging-hv-fix-a-kernel-warning-in-netvsc_linkstat.patch.
• Delete patches.suse/staging-hv-staging-next-20111001-0129-Staging-hv-Add-support-for-2-TB-LUN-in-storage-dr.patch.
• Add package descriptions for ARM kernels
• Update Patch-mainline headers.
• ARM: Dont generalize the target. On ARM we can not build generic kernels that work through different generations, such as armv5 and armv7. So we better list them explicitly and not export an rpm that wouldn’t even work on the respective architecture :).
• ARM: Use zImage, not vmlinux. On ARM we use the arch/arm/boot/zImage file similar to x86 to boot systems. Put that into the rpm as vmlinuz instead of the vmlinux ELF binary.
• Linux 3.1.2.
• drm/radeon/kms: fix up gpio i2c mask bits for r4xx (bnc#691052).
• ARM: create uImage, not zImage, so we can boot with u-boot
• patches.fixes/drm-radeon-kms-fix-up-gpio-i2c-mask-bits-for-r4xx.patch: Add missing git-commit.
• rpm/kernel-binary.spec.in: Do not have a separate make invocation for s390 and the rest.
• rpm/try-disable-staging-driver: Script to disable failing staging driver and restart make.
• Linux 3.1.3.
• intel_idle: Fix kvm -cpu host Null pointer enter function issue (bnc#726296)
• Build the kotd against 12.1, not Factory.
• rpm/kernel-binary.spec.in: Ignore staging failures only in vanilla only branches.
• Fix kernel-source spec to give ownership of the /usr/src/linux link to kernel-devel. kernel-source depends on kernel-devel, so this is correct.
• Linux 3.1.4.
• rpm/kernel-binary.spec.in: Make the -base package conflict with the main one.
• mm: Ensure that pfn_valid is called once per pageblock when reserving pageblocks (bnc#731261, bnc#730731)
• Import 12.1 GA kabi files.
• kabi/severities: Ignore changes to usb, nfs and some drivers for now.
• kabi: fix jiffies_to_clock_t breakage.
• Fix typo: Base package should not conflict with itself but with main package.
• Use GPL-2.0 as license tag (from http://spdx.org/licenses/) Only have one licenses line per file, the rest was just duplicated.
• rpm/kernel-binary.spec.in: Do not package the vmlinux image in the devel package.
• Adjust kernel-source.rpmlintrc for Linux 3.x
• Use versioned provides/obsoletes.
• Do not show rpmlint warnings.
• No self-obsoletions.
• Linux 3.1.5.
• Delete patches.fixes/drm-radeon-kms-fix-up-gpio-i2c-mask-bits-for-r4xx.patch.
• x86, x2apic: Enable the bios request for x2apic optout.
• Revert „USB: fix ehci alignment error“.
• kabi/severities: Check drivers/usb again
• Silence warning about dangling symlink and vdsos
• Silence missing defattr warning.
• batman-adv: Only write requested number of byte to user buffer (bnc#736149 CVE-2011-4604)
• batman-adv: bat_socket_read missing checks (bnc#736149 CVE-2011-4604)
• rpm/kernel-source.spec.in, rpm/mkspec: Fix linux tarball URL
• rpm/kernel-source.spec.in, rpm/mkspec: Fix tarball URL for -rcX and do not generate any URL for linux-next and vanilla snapshots.
• btrfs: Introduce btrfs_get_maps_dev() (bnc#672923)
• vfs: allow /proc/pid/maps to return a custom device (bnc#672923)
• Btrfs: make lzo the default compression scheme (FATE#306586)
• btrfs: add new ioctl to determine size of compressed file (FATE#306586).
• Sector Size check during Mount (bnc#724620)
• Btrfs: rewrite btrfs_trim_block_group() (FATE#306586).
• btrfs: allow cross-subvolume file clone (bnc#698540)
• Btrfs: fix leaked space in truncate (FATE#306586).
• Btrfs: fix how we do delalloc reservations and how we free reservations on error (FATE#306586).
• Btrfs: deal with enospc from dirtying inodes properly (FATE#306586).
• Btrfs: fix num_workers_starting bug and other bugs in async thread (FATE#306586).
• Btrfs: add allocator tracepoints (FATE#306586).
• Btrfs: fix btrfs_end_bio to deal with write errors to a single mirror (FATE#306586).
• Btrfs: drop spin lock when memory alloc fails (FATE#306586).
• Btrfs: check if the to-be-added device is writable (FATE#306586).
• Btrfs: try cluster but don’t advance in search list (FATE#306586).
• Btrfs: try to allocate from cluster even at LOOP_NO_EMPTY_SIZE (FATE#306586).
• Btrfs: fix meta data raid-repair merge problem (FATE#306586).
• Btrfs: skip allocation attempt from empty cluster (FATE#306586).
• Btrfs: skip block groups without enough space for a cluster (FATE#306586).
• Btrfs: start search for new cluster at the beginning (FATE#306586).
• Btrfs: reset cluster’s max_size when creating bitmap (FATE#306586).
• Btrfs: initialize new bitmaps‘ list (FATE#306586).
• Btrfs: fix oops when calling statfs on readonly device (FATE#306586).
• Btrfs: Don’t error on resizing FS to same size (FATE#306586).
• Btrfs: fix deadlock on metadata reservation when evicting a inode (FATE#306586).
• btrfs scrub: handle -ENOMEM from init_ipath() (FATE#306586).
• Btrfs: remove free-space-cache.c WARN during log replay (FATE#306586).
• Btrfs: sectorsize align offsets in fiemap (FATE#306586).
• Btrfs: clear pages dirty for io and set them extent mapped (FATE#306586).
• Btrfs: wait on caching if we’re loading the free space cache (FATE#306586).
• Btrfs: prefix resize related printks with btrfs: (FATE#306586).
• btrfs: fix stat blocks accounting (FATE#306586).
• Btrfs: avoid unnecessary bitmap search for cluster setup (FATE#306586).
• Btrfs: fix to search one more bitmap for cluster setup (FATE#306586).
• btrfs: mirror_num should be int, not u64 (FATE#306586).
• btrfs: Fix up 32/64-bit compatibility for new ioctls (FATE#306586).
• Btrfs: fix barrier flushes (FATE#306586).
• Btrfs: fix tree corruption after multi-thread snapshots and inode_cache flush (FATE#306586).
• btrfs: rename the option to nospace_cache (FATE#306586).
• Btrfs: handle bio_add_page failure gracefully in scrub (FATE#306586).
• Btrfs: fix deadlock caused by the race between relocation (FATE#306586).
• Btrfs: only map pages if we know we need them when reading the space cache (FATE#306586).
• Btrfs: fix orphan backref nodes (FATE#306586).
• Btrfs: Abstract similar code for btrfs_block_rsv_add{, _noflush} (FATE#306586).
• Btrfs: fix unreleased path in btrfs_orphan_cleanup() (FATE#306586).
• Btrfs: fix no reserved space for writing out inode cache (FATE#306586).
• Btrfs: fix nocow when deleting the item (FATE#306586).
• Btrfs: tweak the delayed inode reservations again (FATE#306586).
• Btrfs: rework error handling in btrfs_mount() (FATE#306586).
• Btrfs: close devices on all error paths in open_ctree() (FATE#306586).
• Btrfs: avoid null dereference and leaks when bailing from open_ctree() (FATE#306586).
• Btrfs: fix subvol_name leak on error in btrfs_mount() (FATE#306586)
• Btrfs: fix memory leak in btrfs_parse_early_options() (FATE#306586).
• Btrfs: fix our reservations for updating an inode when completing io (FATE#306586).
• Btrfs: fix oops on NULL trans handle in btrfs_truncate (FATE#306586).
• btrfs: fix double-free ‚tree_root‘ in ‚btrfs_mount()‘ (FATE#306586).
• Btrfs: check for a null fs root when writing to the backup root log (FATE#306586).
• Btrfs: fix race during transaction joins (FATE#306586).
• Btrfs: fix a potential btrfs_bio leak on scrub fixups (FATE#306586).
• Btrfs: stop leaking btrfs_bios on readahead (FATE#306586).
• Btrfs: stop the readahead threads on failed mount (FATE#306586).
• Btrfs: fix extent_buffer leak in the metadata IO error handling (FATE#306586).
• Btrfs: fix the new inspection ioctls for 32 bit compat (FATE#306586).
• btrfs: integrating raid-repair and scrub-fixup-nodatasum (FATE#306586).
• btrfs: Moved repair code from inode.c to extent_io.c (FATE#306586).
• btrfs: Put mirror_num in bi_bdev (FATE#306586).
• btrfs: Do not use bio->bi_bdev after submission (FATE#306586).
• btrfs: btrfs_multi_bio replaced with btrfs_bio (FATE#306586).
• btrfs: new ioctls to do logical->inode and inode->path resolving (FATE#306586).
• btrfs scrub: add fixup code for errors on nodatasum files (FATE#306586).
• btrfs scrub: use int for mirror_num, not u64 (FATE#306586).
• btrfs: add mirror_num to extent_read_full_page (FATE#306586).
• btrfs scrub: bugfix: mirror_num off by one (FATE#306586).
• btrfs scrub: print paths of corrupted files (FATE#306586).
• btrfs scrub: added unverified_errors (FATE#306586).
• btrfs: added helper functions to iterate backrefs (FATE#306586).
• btrfs: use readahead API for scrub (FATE#306586).
• btrfs: hooks for readahead (FATE#306586).
• btrfs: initial readahead code and prototypes (FATE#306586).
• btrfs: state information for readahead (FATE#306586).
• btrfs: add READAHEAD extent buffer flag (FATE#306586).
• btrfs: add an extra wait mode to read_extent_buffer_pages (FATE#306586).
• Btrfs: fix delayed insertion reservation (FATE#306586).
• Btrfs: ClearPageError during writepage and clean_tree_block (FATE#306586).
• Btrfs: be smarter about committing the transaction in reserve_metadata_bytes (FATE#306586).
• Btrfs: make a delayed_block_rsv for the delayed item insertion (FATE#306586).
• Btrfs: add a log of past tree roots (FATE#306586).
• btrfs: separate superblock items out of fs_info (FATE#306586).
• Btrfs: use the global reserve when truncating the free space cache inode (FATE#306586).
• Btrfs: release metadata from global reserve if we have to fallback for unlink (FATE#306586).
• Btrfs: make sure to flush queued bios if write_cache_pages waits (FATE#306586).
• Btrfs: fix extent pinning bugs in the tree log (FATE#306586).
• Btrfs: make sure btrfs_remove_free_space doesn’t leak EAGAIN (FATE#306586).
• Btrfs: don’t wait as long for more batches during SSD log commit (FATE#306586).
• btrfs: ratelimit WARN_ON in use_block_rsv (FATE#306586).
• btrfs: do not allow mounting non-subvolumes via subvol option (FATE#306586).
• Btrfs: close all bdevs on mount failure (FATE#306586).
• Btrfs: fix a bug when opening seed devices (FATE#306586).
• btrfs: fix oops on failure path (FATE#306586).
• Btrfs: fix race between multi-task space allocation and caching space (FATE#306586).
• Btrfs: fix return value of btrfs_get_acl() (FATE#306586).
• Btrfs: pass the correct root to lookup_free_space_inode() (FATE#306586).
• Btrfs: do not set EXTENT_DIRTY along with EXTENT_DELALLOC (FATE#306586).
• Btrfs: fix direct-io vs nodatacow (FATE#306586).
• Btrfs: remove BUG_ON() in compress_file_range() (FATE#306586).
• Btrfs: fix array bound checking (FATE#306586).
• btrfs: return EINVAL if start > total_bytes in fitrim ioctl (FATE#306586).
• Btrfs: honor extent thresh during defragmentation (FATE#306586).
• btrfs: trivial fix, a potential memory leak in btrfs_parse_early_options() (FATE#306586).
• Btrfs: fix wrong max_to_defrag in btrfs_defrag_file() (FATE#306586).
• Btrfs: use i_size_read() in btrfs_defrag_file() (FATE#306586).
• Btrfs: fix defragmentation regression (FATE#306586).
• btrfs: fix memory leak in btrfs_defrag_file (FATE#306586).
• btrfs: check file extent backref offset underflow (FATE#306586).
• Btrfs: don’t flush the cache inode before writing it (FATE#306586).
• Btrfs: if we have a lot of pinned space, commit the transaction (FATE#306586).
• Btrfs: seperate out btrfs_block_rsv_check out into 2 different functions (FATE#306586).
• Btrfs: reserve some space for an orphan item when unlinking (FATE#306586).
• Btrfs: release trans metadata bytes before flushing delayed refs (FATE#306586).
• Btrfs: allow shrink_delalloc flush the needed reclaimed pages (FATE#306586).
• Btrfs: wait for ordered extents if we’re in trouble when shrinking delalloc (FATE#306586).
• Btrfs: don’t check bytes_pinned to determine if we should commit the transaction (FATE#306586).
• Btrfs: fix regression in re-setting a large xattr (FATE#306586).
• Btrfs: fix the amount of space reserved for unlink (FATE#306586).
• Btrfs: wait for ordered extents if we didn’t reclaim enough (FATE#306586).
• Btrfs: inline checksums into the disk free space cache (FATE#306586).
• Btrfs: take overflow into account in reserving space (FATE#306586).
• Btrfs: check the return value of filemap_write_and_wait in the space cache (FATE#306586).
• Btrfs: add a io_ctl struct and helpers for dealing with the space cache (FATE#306586).
• Btrfs: don’t skip writing out a empty block groups cache (FATE#306586).
• Btrfs: introduce mount option no_space_cache (FATE#306586).
• Btrfs: only inherit btrfs specific flags when creating files (FATE#306586).
• Btrfs: allow us to overcommit our enospc reservations (FATE#306586).
• Btrfs: break out of orphan cleanup if we can’t make progress (FATE#306586).
• Btrfs: use the global reserve as a backup for deleting inodes (FATE#306586).
• Btrfs: stop using write_one_page (FATE#306586).
• Btrfs: introduce convert_extent_bit (FATE#306586).
• Btrfs: check unused against how much space we actually want (FATE#306586).
• Btrfs: fix orphan cleanup regression (FATE#306586).
• Btrfs: use the inode’s mapping mask for allocating pages (FATE#306586).
• Btrfs: delay iput when deleting a block group (FATE#306586).
• Btrfs: make sure to unset trans->block_rsv before running delayed refs (FATE#306586).
• Btrfs: stop passing a trans handle all around the reservation code (FATE#306586).
• Btrfs: don’t get the block_rsv in btrfs_free_tree_block (FATE#306586).
• Btrfs: use the transactions block_rsv for the csum root (FATE#306586).
• Btrfs: handle enospc accounting for free space inodes (FATE#306586).
• Btrfs: put the block group cache after we commit the super (FATE#306586).
• Btrfs: set truncate block rsv’s size (FATE#306586).
• Btrfs: don’t increase the block_rsv’s size when emergency allocating space (FATE#306586).
• Btrfs: fix space leak when we fail to make an allocation (FATE#306586).
• Btrfs: fix call to btrfs_search_slot in free space cache (FATE#306586).
• Btrfs: allow callers to specify if flushing can occur for btrfs_block_rsv_check (FATE#306586).
• Btrfs: reduce the amount of space needed for truncates (FATE#306586).
• Btrfs: only reserve space in fallocate if we have to do a preallocate (FATE#306586).
• Btrfs: kill btrfs_truncate_reserve_metadata (FATE#306586).
• Btrfs: optimize how we account for space in truncate (FATE#306586).
• Btrfs: don’t try to commit in btrfs_block_rsv_check (FATE#306586).
• Btrfs: kill unused parts of block_rsv (FATE#306586).
• Btrfs: ratelimit the generation printk for the free space cache (FATE#306586).
• Btrfs: fix how we reserve space for deleting inodes (FATE#306586).
• Btrfs: use d_obtain_alias when mounting subvol/subvolid (FATE#306586).
• Btrfs: kill reserved_bytes in inode (FATE#306586).
• Btrfs: move stuff around in btrfs_inode to get better packing (FATE#306586).
• Linux 3.1.6.
• Revert „clocksource: Avoid selecting mult values that might overflow when adjusted“.
• Revert „inet: add a redirect generation id in inetpeer“.
• Delete patches.fixes/hfs-fix-hfs_find_init-sb-ext_tree-null-ptr-oops.patch.
• Delete patches.fixes/mm-Ensure-that-pfn_valid-is-called-once-per-pagebloc.patch.
• net: Add a flow_cache_flush_deferred function (bnc#737624)
• btrfs: use correct device for maps (bnc#672923).
• Delete patches.suse/0001-vfs-allow-proc-pid-maps-to-return-a-custom-device.patch.
• Delete patches.suse/0002-btrfs-Introduce-btrfs_get_maps_dev.patch.
• Linux 3.1.7.
• Update Xen patches to 3.1.7.
• patches.xen/1124-x86-undo-limit-pages.patch: x86: undo_limit_pages() must reset page count.
• patches.xen/1126-netback-invalidation-index.patch: netback: use correct index for invalidation in netbk_tx_check_mop().
• patches.xen/1134-blktap-locking.patch: blktap: fix locking (again) (bnc#724734)
• patches.xen/1135-blktap-map-once.patch: blktap: ensure mmap() is called only once per region.
• Delete patches.xen/xencons-tty_mutex.patch.
• staging: hv: hv_mouse: use KBUILD_MODNAME as drivername.
• Staging: hv: storvsc: Cleanup error handling in the probe function.
• Staging: hv: storvsc: Fix a bug in create_bounce_buffer() (bnc#724616)
• Staging: hv: storvsc: Fix checkpatch warnings.
• Staging: hv: storvsc: Fix error handling storvsc_host_reset().
• Staging: hv: storvsc: Fixup the error when processing SET_WINDOW command.
• Staging: hv: storvsc: Get rid of an unnecessary forward declaration.
• Staging: hv: storvsc: Implement per device memory pools.
• Staging: hv: storvsc: remove last usage of DPRINT_WARN.
• Staging: hv: storvsc: Support hot add of scsi disks.
• Staging: hv: storvsc: Support hot-removing of scsi devices.
• Staging: hv: storvsc: Upgrade the vmstor protocol version.
• Staging: hv: storvsc: Use mempools to allocate struct storvsc_cmd_request.
• Staging: hv: storvsc: Use the accessor function shost_priv().
• Staging: hv: storvsc: use the macro KBUILD_MODNAME.
• Staging: hv: storvsc: Use the unlocked version queuecommand.
• Staging: hv: storvsc: Cleanup storvsc_device_alloc() (bnc#724616)
• Staging: hv: storvsc: Disable clustering (bnc#724616)
• Staging: hv: storvsc: Fix a bug in copy_from_bounce_buffer() (bnc#724616)
• Staging: hv: storvsc: Fix a bug in storvsc_command_completion() (bnc#724616)
• Refresh patches.suse/staging-hv-storvsc-module-name.patch.
• Linux 3.1.8.
• Refresh patches.kabi/revert-inet-add-a-redirect-generation-id-in-inetpeer.patch.
• Delete patches.fixes/net-Add-a-flow_cache_flush_deferred-function.patch.
• Reintroduce removed blk_init_allocated_queue_node.
• ALSA: hda – Return the error from get_wcaps_type() for invalid NIDs (bnc#740118)
• Linux 3.1.9.
• kABI: struct urb fixup.
• Delete patches.fixes/reiserfs-force-inode-evictions-before-umount-to-avoid-crash.
• kABI: struct inet_peer fixup.
• Refresh patches.kabi/revert-clocksource-Avoid-selecting-mult-values-that-.patch.
• Delete patches.kabi/revert-inet-add-a-redirect-generation-id-in-inetpeer.patch.
• fsnotify: don’t BUG in fsnotify_destroy_mark() (bnc#689860)
• patches.fixes/proc-enable-writing-to-proc-pid-mem-revert.patch: proc: enable writing to /proc/pid/mem (bnc#742279 CVE-2012-0056)
• Fix auto-mic of ALC268 static quirks (bnc#742322)
• rpm/kernel-binary.spec.in: Remove the conflict between the main and base package again (bnc#743608)

Die folgenden Kernel-Changelogs sind die offiziellen Berichte zu den Änderungen von 3.1.1 bis einschließlich 3.1.9 vom Upstream kernel.org:
ChangeLog-3.1.1
ChangeLog-3.1.2
ChangeLog-3.1.3
ChangeLog-3.1.4
ChangeLog-3.1.5
ChangeLog-3.1.6
ChangeLog-3.1.7
ChangeLog-3.1.8
ChangeLog-3.1.9

Hinweis für Besitzer einer AMD-Grafikkarte, die AMD Catalyst auf ihrem openSUSE-System installiert haben:
Das fglrx-Kernelmodul muss nicht manuell gebaut werden. Dies geschieht nach einem Neustart vollautomatisch.

Weitere Informationen: openSUSE – proprietären Grafik-Treiber AMD Catalyst 12.1 als RPM installieren

Das dritte Kernel-Update für openSUSE 11.4 ist draußen und bringt hauptsächlich Fehlerbereinigungen mit sich und schließt einige Sicherheitslecks. Dies wird von meiner Seite aus voraussichtlich die letzte Kernel-Update-Mitteilung für openSUSE 11.4 sein. Bei der nächsten Kernel-Update-Mitteilung wird der Fokus auf openSUSE 12.1 ausgerichtet.

Das Kernel-Update kann über YaST2 oder per zypper eingespielt werden:

zypper up

Die offizielle Ankündigung zum Kernel-Update werde ich an dieser Stelle nachreichen.

Ein Auszug der Changelog aus der RPM:

• x86, mtrr: lock stop machine during MTRR rendezvous sequence (bnc#672008)
• Delete patches.arch/mtrr_stop_machine_quick_fix.patch
• patches.fixes/validate-size-of-efi-guid-partition-entries.patch: Validate size of EFI GUID partition entries (bnc#692784, CVE-2011-1776)
• patches.xen/1098-blkfront-cdrom-ioctl-check.patch: blkfront: avoid NULL de-reference in CDROM ioctl handling.
• Refresh other Xen patches.
• USB: OHCI: fix another regression for NVIDIA controllers (bnc#682204)
• cifs: fix possible memory corruption in CIFSFindNext (bnc#714001)
• TTY: pty, fix pty counting (bnc#711203)
• Refresh patches.fixes/pty-fix-pty-counting.patch
• cifs: always do is_path_accessible check in cifs_mount (bnc#718028)
• Update patches.fixes/cifs-always-do-is_path_accessible-check-in-cifs_moun.patch (bnc#718028, CVE-2011-3363)
• patches.fixes/ksm-fix-null-pointer-dereference-in-scan_get_next_rmap_item.patch ksm: fix NULL pointer dereference in scan_get_next_rmap_item (bnc#697901, CVE-2011-2183)
• Config cleanups. CONFIG_OLPC should be enabled only for i386 non PAE
• Provide memory controller swap extension.Keep the feature disabled by default. Use swapaccount=1 kernel boot parameter for enabling it.
• patches.fixes/fuse-check-size-of-fuse_notify_inval_entry-message.patch: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (bnc#716901, CVE-2011-3353)
• perf: Fix software event overflow (bnc#712366, CVE-2011-2918)
• memsw: remove noswapaccount kernel parameter (bnc#719450)
• cifs: add fallback in is_path_accessible for old servers (bnc#718028)
• novfs: fix off-by-one allocation error (bnc#669378, bnc#719710)
• novfs: fix some kmalloc/kfree issues (bnc#669378, bnc#719710)
• novfs: fix some DirCache locking issues (bnc#669378, bnc#719710)
• ext4: Fix max file size and logical block counting of extent format file (bnc#706374)
• drm/radeon/kms: Fix I2C mask definitions (bnc#712023)
• Include patches.fixes/drm-radeon-kms-fix-i2c-masks.patch, forgotten in previous commit.
• ACPICA: Fix issues/fault with automatic „serialized“ method support (bnc#678097)
• novfs: Unable to change password in the Novell Client for Linux (bnc#713229)
• novfs: last modification time not reliable (bnc#642896)
• novfs: unlink directory after unmap (bnc#649625)
• fs: novfs: Fix exit handlers on local_unlink (bnc#649625)
• novfs: „Unable to save Login Script“ appears when trying to save a user login script (bnc#638985)
• fs: novfs: Limit check for datacopy between user and kernel space.
• novfs: Fix checking of login id (bnc#626119)
• novfs: Set the sticky bit for the novfs mountpoint (bnc#686412)
• Ecryptfs: Add mount option to check uid of device being mounted = expect uid (bnc#711539, CVE-2011-1833)

Hinweis für Besitzer einer AMD/ATI-Grafikkarte, die AMD Catalyst auf ihrem openSUSE-System installiert haben:
Man muss nicht mehr manuell ein neues fglrx-Kernelmodul bauen. Dies geschieht nach einem Neustart vollautomatisch.

Weitere Informationen: openSUSE – proprietären Grafik-Treiber ATI Catalyst 11.10 als RPM installieren

Das zweite Kernel-Update für openSUSE 11.4 ist draußen und bringt hauptsächlich Fehlerbereinigungen mit sich und schließt einige Sicherheitslecks.

Das Kernel-Update kann über YaST2 oder per zypper eingespielt werden:

zypper up

Die offizielle Ankündigung zum Kernel-Update werde ich an dieser Stelle nachreichen.

Ein Auszug der Changelog aus der RPM:

• NET: cdc-phonet, fix stop-queue handling bnc#689583)
• btrfs: return EXDEV when linking from different subvolumes (bnc#679545)
• fs/partitions/ldm.c: fix oops caused by corrupted partition table (CVE-2011-1017 bnc#674648)
• Update Xen patches to 2.6.37.6.
  Refresh other Xen patches.
  – patches.xen/1074-xenbus_conn-type.patch
  – patches.xen/1079-hvm-kdump-reset.patch
• Update patches.fixes/prevent-rt_sigqueueinfo-from-spoofing-fix.patch (bnc#681826 CVE-2011-1182)
• deal with races in /proc/*/{syscall,stack,personality} (bnc#674982 CVE-2011-1020)
• auxv: require the target to be tracable (or yourself) (bnc#674982 CVE-2011-1020)
• close race in /proc/*/environ (bnc#674982 CVE-2011-1020)
• report errors in /proc/*/*map* sanely (bnc#674982 CVE-2011-1020)
• pagemap: close races with suid execve (bnc#674982 CVE-2011-1020)
• Delete patches.suse/mm-devzero-optimisation.patch: patch is no longer needed because we have zero page.
• Delete patches.fixes/aggressive-zone-reclaim.patch: because the patch is very workload specific and can lead to unexpected reclaims in parallel node local workloads.
• Delete patches.suse/files-slab-rcu.patch.
• cifs: check for private_data before trying to put it (bnc#692497)
• fs/partitions/ldm.c: fix oops caused by corrupted partition table (CVE-2011-1017 bnc#674648)
• memcg: allocate memory cgroup structures in local nodes (bnc#692502 bnc#669889)
• mm: add alloc_pages_exact_nid() (bnc#692502 bnc#669889)
• Build the kotd against 11.4
• eeepc-laptop: Use ACPI handle to identify rfkill port (bnc#595586)
• proc: fix oops on invalid /proc//maps access (bnc#693382)
• proc: do proper range check on readdir offset (bnc#688432)
• next_pidmap: fix overflow condition (bnc#688432)
• net: ip_expire() must revalidate route (bnc#694498 CVE-2011-1927)
• mm: Fix assertion mapping->nrpages == 0 in end_writeback() (bnc#693013 bnc#666423)
• Refresh patches.xen/tmem.
• vfs: Pass setxattr(2) flags properly (bnc#677827)
• README.BRANCH: This is 11.4.
• workqueue: fix deadlock in worker_maybe_bind_and_lock() (bnc#672008 bnc#661979)
• ALSA: fix hda AZX_DCAPS_NO_TCSEL quirk check in driver_caps (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda – Reorganize controller quriks with bit flags (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda – Use LPIB for ATI/AMD chipsets as default (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda – Enable snoop bit for AMD controllers (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda – Enable sync_write workaround for AMD generically (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda – ALSA HD Audio patch for Intel Panther Point DeviceIDs (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda: Prevent writing ICH6_PCIREG_TCSEL on AMD systems (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• ALSA: hda – Add support for VMware controller (bnc#700250 bnc#700251 bnc#700253 bnc#700254 bnc#700256 bnc#700257)
• Fix bug numbers in previous commits
• inotify: fix double free/corruption of stuct user (bnc#655693 CVE-2011-1479)
• x86, mtrr: lock stop machine during MTRR rendezvous sequence (bnc#697859)
• cifs: set ra_pages in backing_dev_info (bnc#699123)
• Fix for buffer overflow in ldm_frag_add not sufficient (bnc#698221, CVE-2011-1017, CVE-2011-2182)
• Refresh other Xen patches (bnc#687368)
  – patches.xen/1080-blkfront-xenbus-gather-format.patch
  – patches.xen/1081-blkback-resize-transaction-end.patch
  – patches.xen/1089-blkback-barrier-check.patch
  – patches.xen/1090-blktap-locking.patch
  – patches.xen/1091-xenbus-dev-no-BUG.patch
• vm: fix vm_pgoff wrap in stack expansion (bnc#702285 CVE-2011-2496)
• mm: avoid wrapping vm_pgoff in mremap() (bnc#702285 CVE-2011-2496)
• oom: use pte pages in OOM score (bnc#702579 CVE-2011-2498)
• TTY: ldisc, do not close until there are readers (bnc#698247 bnc#693374)
• Blacklist Traxdata CDR4120 and IOMEGA Zip drive to avoid lock ups (bnc#681840)
• Fix invalid color overrides in bootsplash consoles (bnc#584493)
• Hide new tk_rebind_retry from kABI checker (bnc#702013)
• NLM: Don’t hang forever on NLM unlock requests (bnc#702013 CVE-2011-2491)
• Remove patches.arch/x86_agpgart-g33-stoeln-fix-2.patch. Since calculation of available gtt entries is done differently oops fixed by this patch should no longer occur.
• ext4: init timer earlier to avoid a kernel panic in __save_error_info (bnc#701998)
• nfsd4: fix oops on lock failure (bnc#704788)
• agp: fix arbitrary kernel memory writes (bnc#693043 CVE-2011-2022)
• Update patches.fixes/agp-fix-arbitrary-kernel-memory-write.patch (bnc#693043, bnc#689797, CVE-2011-2022, CVE-2011-1745)
• taskstats: don’t allow duplicate entries in listener mode (CVE-2011-2484 bnc#703153)
• proc: restrict access to /proc/PID/io (CVE-2011-2495 bnc#703155)
• nfsd4: Fix filp leak (bnc#704788)

Hinweis für Besitzer einer ATI-Grafikkarte, die ATI Catalyst auf ihrem openSUSE-System installiert haben:
Man muss nicht mehr manuell ein neues fglrx-Kernelmodul bauen. Dies geschieht nach einem Neustart vollautomatisch.

Weitere Informationen: openSUSE – proprietären Grafik-Treiber ATI Catalyst 11.7 als RPM installieren

Das erste Kernel-Update für openSUSE 11.4 ist draußen und bringt eine Menge Fehlerbereinigungen mit sich.

Das Kernel-Update kann über YaST2 oder per zypper eingespielt werden:

zypper up

Die offizielle Ankündigung von Marcus Meissner zum Kernel-Update:
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00008.html

Ein Auszug der Changelog aus der RPM:

• xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 (CVE-2011-0711 bnc#672524)
• ath9k: Fix ath9k prevents CPU to enter C3 states (bnc#667793)
• Refresh: patches.fixes/revert-tpm_tis-Use-timeouts-returned-from-TPM.patch.
• Delete: patches.fixes/0001-Revert-ath9k-use-per-device-struct-for-pm_qos_-opera.patch.
• Delete: patches.fixes/0002-Revert-ath9k-Remove-pm_qos-request-after-hw-unregist.patch.
• Delete: patches.fixes/0003-Revert-ath9k-Fix-a-DMA-latency-issue-for-Intel-Pinet.patch. These patches went upstream, update.
• ALSA: hda – Add a generic fixup callback for Realtek codecs (bnc#679016)
• ALSA: hda – Fix missing EAPD for Acer 4930G (bnc#679016)
• ALSA: HDA: Realtek ALC88x: Do not over-initialize speakers and hp that are primary outputs (bnc#679016)
• ALSA: HDA: Fixup unnecessary volume control index on Realtek ALC88x (bnc#679016)
• ALSA: HDA: Fix volume control naming for surround speakers on Realtek auto-parser (bnc#679016)
• ALSA: HDA: Enable surround and subwoofer on Lenovo Ideapad Y530 (bnc#679016)
• ALSA: hda – Add support for multiple headphone/speaker controls for Realtek (bnc#679016)
• ALSA: hda – 4930g add internal lfe slider (bnc#679016)
• ALSA: hda – Fix unable to record issue on ASUS N82JV (bnc#679016)
• ALSA: hda – switch lfe with side in mixer for 4930g (bnc#679016)
• ALSA: HDA: Fix automute on Thinkpad L412/L512 (bnc#679016)
• ALSA: HDA: Add SKU ignore for another Thinkpad Edge 14 (bnc#679016)
• ALSA: hda – Apply Sony VAIO hweq fixup only once (bnc#679016)
• ALSA: hda – Fix ALC275 enable hardware EQ for SONY VAIO (bnc#679016)
• ALSA: hda – Fix EAPD on Lenovo NB ALC269 to low (bnc#679016)
• Update to 2.6.37.4:
  obsoletes:
  • patches.fixes/ath9k-Fix-ath9k-prevents-CPU-to-enter-C3-states.patch.
  • patches.fixes/media-DiB7000M-add-pid-filtering.patch.
• SoN: netvm: Remove duplicated initialization in net/ipv4/route.c (bnc#678970)
• SoN: nfs: Use page_file_offset during page writeback (bnc#677738)
• SoN: nfs: Convert nfs_mark_request_dirty() to use page_file_mapping() (bnc#677738)
• netvm: Do not mark requests for swapfile writes as dirty or kswapd fails to free the page (bnc#678472)
• SoN: collapse: mm: Report the low watermark correctly (bnc#678497)
• Fix cookie decoding problem in NFS (bnc#678123)
• Make selection of ‚readdir-plus‘ adapt to usage patterns (bnc#678123)
• NET: cdc-phonet, handle empty phonet header (bnc#673992)
• HID: add support for Skycable 0x3f07 wireless presenter (bnc#681297)
• Refresh: patches.fixes/hid-add-support-for-Skycable-0x3f07-wireless-present.patch. fix build due to error in backport
• Fix almost-infinite slab cache growing (bnc#554081)
• Update to 2.6.37.5:
  obsoletes: patches.drivers/alsa-hda-0017-Realtek-ALC88x-Do-not-over-initialize-speakers.
  Refresh: patches.fixes/hid-add-support-for-Skycable-0x3f07-wireless-present.patch.
• PM / Hibernate: Reduce autotuned default image size (bnc#648742)
• xfs: zero proper structure size for geometry calls (bnc#672505)
• ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl (bnc#680816)
• sound/oss/opl3: validate voice and channel indexes (bnc#681999)
• sound/oss: remove offset from load_patch callbacks (bnc#681999)
• kabi/severities: ignore OSS kABI
• Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code (bnc#681826 CVE-2011-1020)
• ALSA: hda – Fix SPDIF out regression on ALC889 (bnc#679588)
• Update patches.kernel.org/patch-2.6.37.4-5 (Add a bug reference) (bnc#558740)
• page_cgroup: reduce allocation overhead for page_cgroup array for CONFIG_SPARSEMEM (bnc#669889)
• Update to 2.6.37.6:
  obsoletes: patches.fixes/prevent-rt_sigqueueinfo-from-spoofing.patch.
  Refresh: patches.xen/tmem.
  Refresh: patches.xen/xen-dcdbas.
• ALSA: hda – Increase the default buffer size (bnc#682725)
• ALSA: hda – Fix pin-config of Gigabyte mobo (bnc#677256)
• gro: reset skb_iif on reuse (bnc#682965 CVE-2011-1478)
• gro: Reset dev pointer on reuse (bnc#682965 CVE-2011-1478)
• Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo (bnc#681826)
• nfs: Create a memory reserve for nfs_page_cache (bnc#678466)
• netvm: Reduce the size of the routing reserves and be careful of dst_alloc() (bnc#678466)
• mm: Add mem_reserve_kmem_cache_add helper (bnc#678466)
• ips: use interruptible waits in ips-monitor (bnc#680932)
• sched, autogroup: fix CONFIG_RT_GROUP_SCHED sched_setscheduler() failure (bnc#680510)
• drm/radeon/kms: check AA resolve registers on r300 (bnc#674693 CVE-2011-1016)
• reiserfs: Force inode evictions before umount to avoid crash (bnc#610598 bnc#680073 bnc#684112)
• Delete patches.fixes/reiserfs-xattr-crash-fix.
• rose: Add length checks to CALL_REQUEST parsing (bnc#681175)
• ROSE: prevent heap corruption with bad facilities (bnc#681175)
• Revert „x86: Cleanup highmap after brk is concluded“ (bnc#684248)
• staging: hv: use sync_bitops when interacting with the hypervisor.
• staging: hv: Fix GARP not sent after Quick Migration.
• Platform: add Samsung Laptop platform driver (bnc#681076)
• Delete: patches.drivers/staging-samsung-laptop-add-support-for-lots-of-laptops.patch.
• irda: validate peer name and attribute lengths (bnc#681497)
• drivers/leds/leds-lp5523.c: world-writable engine* sysfs files (bnc#673934)
• drivers/leds/leds-lp5521.c: world-writable sysfs engine* files (bnc#673934)
• mfd: ab8500: world-writable debugfs register-* files (bnc#673934)
• scsi_transport_iscsi: make priv_sess file writeable only by root (bnc#673934)
• mfd: ab3500: world-writable debugfs register-* files (bnc#673934)
• drivers/misc/ep93xx_pwm.c: world-writable sysfs files (bnc#673934)
• mfd: ab3100: world-writable debugfs *_priv files (bnc#673934)
• UBIFS: restrict world-writable debugfs files (bnc#673934)
• scsi: aic94xx: world-writable sysfs update_bios file. (bnc#673934)
• rivers/rtc/rtc-ds1511.c: world-writable sysfs nvram file (bnc#673934)
• video: sn9c102: world-wirtable sysfs files (bnc#673934)
• fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops (bnc#687113 CVE-2011-1577)
• char/tpm: Fix unitialized usage of data buffer (bnc#680040 CVE-2011-1160)
• bonding: Incorrect TX queue offset (bnc#687116 CVE-2011-1581)
• libata: DVR-216D can’t do SETXFER DVD-RW DVR-216D (bnc#679143)
• libata: DVR-212D can’t do SETXFER DVD-RW DVR-212D. (bnc#679143)
• Update reference module symbol versions.
• patches.kernel.org/revert-x86-Cleanup-highmap-after-brk-is-concluded.patch: Move to patches.arch where it belongs.
• ethtool: guard against compat.h.
• SoN: fix kABI breakage.
• Revert „block: add @force_kblockd to __blk_run_queue()“.
• Revert „block: blk-flush shouldn’t call directly into q->request_fn() __blk_run_queue()“.
• Revert „mm: prevent concurrent unmap_mapping_range() on the same inode“.
• DRM: revert drm_device num_crtcs change.
• Block: export lost functions.
• FUSE: fuse_req kABI guard.
• MD: mddev_s kABI guard.
• Revert „Fix over-zealous flush_disk when changing device size.“.
• block: revert __blk_run_queue prototype change.
• Delete: patches.kabi/blk-revert-add-force_kblockd-to-__blk_run_queue.patch.
• Delete: patches.kabi/blk-revert-blk-flush-shouldn-t-call-directly-into-.patch.
• block: revert __invalidate_device prototype change.
• Delete: patches.kabi/revert-Fix-over-zealous-flush_disk-when-changing-dev.patch.
• KABI: Re-export shrink_dcache_for_umount_subtree.
• Updated Patch-mainline for patches.fixes/libata-dvr-216d-can-t-do-setxfer-dvd-rw-dvr-216d.
• ext4: mark multi-page IO complete on mapping failure (bnc#679898)
• mm: prevent concurrent unmap_mapping_range() on the same inode.
• Refresh: patches.kabi/revert-mm-prevent-concurrent-unmap_mapping_range-on-.patch.
• xt4: fix ext4_da_block_invalidatepages() to handle page range properly (bnc#679898)
• i2c-algo-bit: Call pre/post_xfer for bit_test (bnc#669937 freedesktop#36221)
• Revert „net/sunrpc: Use static const char arrays“ (bnc#668880)
• bridge: fix 802.3ad bonding (bnc#685469)
• Revert „- sched, autogroup: fix CONFIG_RT_GROUP_SCHED sched_setscheduler() failure (bnc#680510).“ This reverts commit e4e6f9738a1ac4837777f6480268c6cb56722d0c. This patch modified struct autogroup, which caused massive kABI changes.
• sched, autogroup: fix CONFIG_RT_GROUP_SCHED sched_setscheduler() failure (bnc#680510) The change is safe other than needing kABI guards.
• kABI: Guard changes to struct autogroup (bnc#680510)
• Enabled patches.kabi/sched-autogroup-fix-rt-group-sched.
• xen/i386: Add missing END for spurious_interrupt_bug.

Die folgenden Kernel-Changelogs sind die offiziellen Berichte zu den Änderungen von 2.6.37.2 bis einschließlich 2.6.37.6 vom Upstream kernel.org:
ChangeLog-2.6.37.2
ChangeLog-2.6.37.3
ChangeLog-2.6.37.4
ChangeLog-2.6.37.5
ChangeLog-2.6.37.6

Hinweis für Besitzer einer ATI-Grafikkarte, die ATI Catalyst auf ihrem openSUSE-System installiert haben:
Man muss nicht mehr manuell ein neues fglrx-Kernelmodul bauen. Dies geschieht nach einem Neustart vollautomatisch.

Weitere Informationen: openSUSE – proprietären Grafik-Treiber ATI Catalyst 11.3 als RPM installieren

Frohes neues Jahr wünsche ich allen Lesern. Es wird für die openSUSE-Community wie auch für die openSUSE-User ein spannendes Jahr. Noch nie war die openSUSE-Community so aktiv wie heute und viele interessante Projekte sind am Start wie z.B. openSUSE Tumbleweed (Rolling-Release) oder auch openSUSE Evergreen (LTS = Long Term Support). Unsere Distribution (wohl eher unsere Community) sticht so langsam die anderen Distributionen (Communities) aus, weil wir dann das größtmögliche Angebot haben. Wie sagen wir so schön: Konkurrenz belebt das Geschäft.

[UPDATE 05.01.2011]
Bitte aufmerksam den unten genannten Hinweis an die ATI-Benutzer durchlesen, die per makerpm-ati-Skript auf die ATI Catalyst 10.12 aktualisiert haben.
[/UPDATE 05.01.2011]

Zurück zum Thema:
Ein neuer Kernel mit der Version 2.6.34.7-0.7 ist im Update-Repo verfügbar.

Das Kernel-Update kann über YaST2 oder per zypper eingespielt werden:

zypper up

Die offizielle Ankündigung von Marcus Meissner zum Kernel-Update:
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html

Ein Auszug der Changelog aus der RPM:

• patches.fixes/hpet-unmap-unused-I-O-space.patch: hpet: unmap unused I/O space (bnc#629908 bnc#629901).
• patches.fixes/net-Limit-socket-I-O-iovec-total-length.patch: net: Limit socket I/O iovec total length to INT_MAX (bnc#650128).
• patches.fixes/tcp-Fix-4GB-writes-on-64-bit.patch: tcp: Fix >4GB writes on 64-bit (bnc#650128).
• patches.fixes/aio-check-for-multiplication-overflow-in-do_io_submit: aio: check for multiplication overflow in do_io_submit (bnc#642302 CVE-2010-3067).
• patches.fixes/sctp-do-not-reset-the-packet-during-sctp_packet_config: sctp: Do not reset the packet during sctp_packet_config() (bnc#641983 CVE-2010-3432).
• patches.fixes/ipc-initialize-structure-memory-to-zero-for-compat-functions: ipc: initialize structure memory to zero for compat functions (bnc#642314 CVE-2010-4073).
• patches.fixes/ipc-shm-fix-information-leak-to-userland: ipc: shm: fix information leak to userland (bnc#642314 CVE-2010-4072).
• patches.fixes/sys_semctl-fix-kernel-stack-leakage: sys_semctl: fix kernel stack leakage (bnc#642314 CVE-2010-4083).
• patches.fixes/drivers-video-via-ioctl-c-prevent-reading-uninitialized-stack-memory: drivers/video/via/ioctl.c: prevent reading uninitialized stack memory (bnc#642313 CVE-2010-4082).
• patches.fixes/v4l-dvb-ivtvfb-prevent-reading-uninitialized-stack-memory: V4L/DVB: ivtvfb: prevent reading uninitialized stack memory (bnc#642313 CVE-2010-4082).
• patches.fixes/alsa-sound-pci-rme9652-prevent-reading-uninitialized-stack-memory: ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory (bnc#642312 CVE-2010-4080 CVE-2010-4081).
• patches.fixes/drivers-video-sis-sis_main-c-prevent-reading-uninitialized-stack-memory: drivers/video/sis/sis_main.c: prevent reading uninitialized stack memory (bnc#642311 CVE-2010-4078).
• patches.fixes/fix-pktcdvd-ioctl-dev_minor-range-check: Fix pktcdvd ioctl dev_minor range check (bnc#642486 CVE-2010-3437).
• patches.fixes/alsa-prevent-heap-corruption-in-snd_ctl_new: ALSA: prevent heap corruption in snd_ctl_new() (bnc#642484 CVE-2010-3442).
• patches.fixes/novfs-unlink-oops: novfs: Fix for the issue of kernel dumps core on restart (bnc#641811).
• patches.fixes/net-clear-heap-allocation-for-ethtool_grxclsrlall: net: clear heap allocation for ETHTOOL_GRXCLSRLALL (bnc#649187 CVE-2010-3861).
• patches.fixes/avoid-pgoff-overflow-in-remap_file_pages: Avoid pgoff overflow in remap_file_pages (bnc#645659).
• patches.fixes/kvm-move-dr-register-access-handling-into-generic-code: KVM: move DR register access handling into generic code (bnc#628591 CVE-2010-0435).
• patches.fixes/drm-i915-unset-cursor-if-out-of-bounds-upon-mode-change-v4: drm/i915: Unset cursor if out-of-bounds upon mode change (v4) (bnc#547887).
• patches.fixes/rt2x00-Fix-channel-configuration-for-RF3052.patch: rt2x00: Fix channel configuration for RF3052 (bnc#584028).
• patches.fixes/rt2x00-Fix-max-TX-power-settings.patch: rt2x00: Fix max TX power settings (bnc#584028).
• patches.fixes/rt2x00-Let-RF-chipset-decide-the-RF-channel-switch-m.patch: rt2x00: Let RF chipset decide the RF channel switch method to use in rt2800 (bnc#584028).
• patches.fixes/rt2x00-rt2800-use-tx_power2-in-rt2800_config_channel.patch: rt2x00: rt2800: use tx_power2 in rt2800_config_channel_rf3xxx (bnc#584028).
• patches.kabi/rt2x00-channel_info.patch: revert „rt2x00: Fix max TX power settings“ kabi breakage (bnc#584028).
• patches.fixes/tty-restore-tty_ldisc_wait_idle.patch: TTY: restore tty_ldisc_wait_idle (bnc#642043).
• patches.fixes/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data: bio: take care not overflow page count when mapping/copying user data (CVE-2010-4162 bnc#652945).
• patches.fixes/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov: block: check for proper length of iov entries in blk_rq_map_user_iov() (CVE-2010-4163 bnc#652945).
• patches.fixes/block-limit-vec-count-in-bio_kmalloc-and-bio_alloc_map_data: block: limit vec count in bio_kmalloc() and bio_alloc_map_data() (bnc#652945).
• patches.fixes/block-take-care-not-to-overflow-when-calculating-total-iov-length: block: take care not to overflow when calculating total iov length (bnc#652945).
• patches.fixes/filter-make-sure-filters-dont-read-uninitialized-memory: filter: make sure filters dont read uninitialized memory (CVE-2010-4158 bnc#652563).
• patches.fixes/net-optimize-berkeley-packet-filter-bpf-processing: net: optimize Berkeley Packet Filter (BPF) processing.
• patches.fixes/can-bcm-fix-minor-heap-overflow: can-bcm: fix minor heap overflow (CVE-2010-3874 bnc#651218).
• patches.fixes/perf_events-fix-perf_counter_mmap-hook-in-mprotect: perf_events: Fix perf_counter_mmap() hook in mprotect() (CVE-2010-4169 bnc#653930).
• patches.fixes/rds-integer-overflow-in-rds-cmsg-handling: rds: Integer overflow in RDS cmsg handling (CVE-2010-4175 bnc#654581).
• patches.fixes/rds-integer-overflow-in-rds-cmsg-handling: Refresh.
• patches.fixes/x25-prevent-crashing-when-parsing-bad-x-25-facilities: x25: Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164 bnc#653260).
• patches.fixes/tcp-increase-tcp_maxseg-socket-option-minimum: tcp: Increase TCP_MAXSEG socket option minimum (CVE-2010-4165 bnc#653258).
• patches.fixes/scsi-gdth-integer-overflow-in-ioctl: gdth: integer overflow in ioctl (CVE-2010-4157 bnc#652940).
• patches.fixes/net-truncate-recvfrom-and-sendto-length-to-int_max: net: Truncate recvfrom and sendto length to INT_MAX (CVE-2010-4160 bnc#652939).
• patches.fixes/powernowk8-fix: Fix invalid pointer deref when powernow-k8 fails to initialise (bnc#655215).
• patches.xen/1045-netback-sched-list-remove.patch: netback: take net_schedule_list_lock when removing entry from net_schedule_list.
• patches.xen/1050-evtchn-cpu-clear.patch: evtchn: clear secondary CPUs‘ cpu_evtchn_mask[] after restore (bnc#651626).
• Refresh other Xen patches.
• patches.fixes/do_exit-make-sure-that-we-run-with-get_fs-user_ds: do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258 bnc#657350).
• patches.kernel.org/drm-radeon-kms-register-an-i2c-adapter-name-for-the-dp-aux-bus.patch: drm/radeon/kms: register an i2c adapter name for the dp aux bus.
• patches.kernel.org/hwmon-lm85-01-use-right-freq-table-for-ADT7468.patch: hwmon: (lm85) Fix ADT7468 frequency table.
• patches.kernel.org/i2c-pca-platform-change-device-name-of-request_irq.patch: i2c-pca-platform: Change device name of request_irq.
• patches.suse/bootsplash-scaler: Refresh. Fix crash when bootsplash animation is used (bnc#646908)
• patches.fixes/ACPI-debugfs-custom_method-open-to-non-root.patch: ACPI: debugfs custom_method open to non-root (bnc#659076).
• patches.fixes/drm-radeon-kms-fix-gtt-MC-base-alignment.patch: drm/radeon/kms: fix gtt MC base alignment on rs4xx/rs690/rs740 asics (bnc#655839).

Hinweis für Besitzer einer ATI-Grafikkarte, die ATI Catalyst auf ihrem openSUSE-System installiert haben:
Wer das von mir geschriebene Rebuild-Skript über das makerpm-ati-Skript installiert hat, braucht kein neues fglrx-Kernelmodul manuell bauen. Dies geschieht nach einem Neustart vollautomatisch.

[UPDATE 05.01.2011]
Der oben genannte Hinweis zum Rebuild-Skript gilt bedauerlicherweise nur, wenn man ATI Catalyst 10.12 über das makerpm-ati-Skript neu installiert hat.

Falls man ATI Catalyst 10.12 per makerpm-ati-Skript aktualisiert hat, sollte man vor dem Kernel-Update das Skript in der Konsole als root aktivieren:

chkconfig -a boot.fglrxrebuild

Leider hat sich die Information einer nachträglichen Aktivierung des Init-Rebuild-Skript per RPM-Update als falsch herausgestellt und gilt daher bedauerlicherweise nur bei einer Neuinstallation bzw. Reinstallation.
[/UPDATE 05.01.2011]

Für alle anderen muss nach dem Kernelupdate der Rechner neugestartet werden. Dann bootet man in den Runlevel 3 und loggt sich als root ein. Anschließend den fglrx-Kernelmodul neu bauen lassen:

fglrx-kernel-build.sh

Danach mittels reboot neustarten.

Weitere Informationen: openSUSE 11.3 – proprietären Grafik-Treiber ATI Catalyst 10.12 als RPM installieren