Type: | BUG |
Severity: | NA |
Release Date: | 2020-11-26 |
conmon
[2.0.20-3]
- Add symlink for conmon under bin dir to satisfy latest podman
[2.0.20-2]
- Update for building OL8 RPMs.
[2.0.20-1]
- Added build scripts
conmon
[3:2.0.21-3]
- Define a epoch
[2.0.21-3]
- Provides symlink for /usr/bin/conmon
[2.0.21-2]
- Update for building OL8 RPMs.
[2.0.21-1]
- Added build scripts
coredns
[1.6.7-1]
- Added Oracle specific build files
cri-o
[1.18.3-4]
- Use conmon with epoch for OLCNE
[1.18.3-3]
- Update conmon to 2.0.21-3
[1.18.3-2]
- Pinned down the 2.0.21-1.el8 to avaid the conflict with 2.0.15-1.0.1.el7_8 (ol7_developer)
[1.18.3-1]
- Added Oracle Specifile Files for cri-o
cri-tools
[1.18.0-1]
- Added Oracle Specific Build Files for cri-tools
etcd
[3.4.3-1.0.4]
- bump version to support the release of ol8 image
[3.4.3-1.0.3]
- support building on ol8
[3.4.3-1.0.2]
- Address CVE-2020-16845
[3.4.3-1.0.1]
- Added Oracle specific build files
flannel
[0.10.0-2.1.12]
- Address CVE-2020-16845
[0.10.0-2.1.11]
- Resize flannel image
[0.10.0-2.1.10]
- Fix image location
[0.10.0-2.1.9]
flannel
[0.11.0-4]
- add ol8 support
[0.11.0-3]
- Added THIRD_PARTY_LICENSES.txt
[0.11.0-2]
- CVE-2019-16276 fix (bumpup golang to 1.12.10)
[0.11.0-1]
- Release of flannel-0.11.0-1
flannel
[0.12.0-1]
- Release of flannel-0.12.0-1
grafana
[6.7.4-1.0.4]
- bump version to support the release of ol8 image
[6.7.4-1.0.3]
- Add OL8 Build Template
[6.7.4-1.0.2]
- Address CVE-2020-16845
[6.7.4-1.0.1]
- Added Oracle Specific Build Files for grafana
helm
[3.3.4-1]
- Added Oracle Specific build Files
istio
istio-envoy
[1.7.3-1.0.1]
- Added Oracle specific files
istio-proxy
kata
[1.11.3-4]
- Use kernel-uek-container-5.4.17-2036.100.6.1
[1.11.3-3]
- Bump OL8 qemu-kvm-min
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Update to kata 1.11.3
kata-agent
[1.11.3-3]
- Fix kata-image build
[1.11.3-2]
- Added OL8 build changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-agent
kata-image
[1.11.3-3]
- Fix kata-image build
[1.11.3-2]
- Added OL8 build changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-image
kata-ksm-throttler
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-ksm-throttler
kata-proxy
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-proxy
kata-runtime
[1.11.3-3]
- DEFAULT_QEMU for OL8
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Files For kata-runtime
kata-shim
[1.11.3-2]
- Added OL8 changes
[1.11.3-1]
- Added Oracle Specific Build Files for kata-shim
kernel-uek-container
[5.4.17-2036.100.6.1.el8]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:
32040802] {CVE-2020-8694} {CVE-2020-8695}
[5.4.17-2036.100.6.el8]
- KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152}
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339]
- x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]
[5.4.17-2036.100.5.el8]
- uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114]
- uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}
- dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688]
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}
- nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181]
- KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433]
- cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221]
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}
- bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051]
- bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051]
- bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051]
- bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051]
- bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: Convert pr_
- bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051]
- bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051]
- bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051]
- bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051]
- bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051]
- bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051]
- bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051]
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051]
- bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051]
- bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051]
- bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051]
- bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051]
- bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051]
- bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051]
- bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051]
- bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051]
- bcache: dont export symbols (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051]
- bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051]
- bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051]
- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051]
- bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051]
- bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051]
- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969]
- PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596]
- kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906]
- kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906]
- x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906]
- x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906]
- block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023]
- block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023]
- dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023]
- dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}
kubernetes
[1.18.10-2]
- Patch Corefile correctly during coreDNS upgrade from older version
[1.18.10-1]
- Added Oracle specific build files for Kubernetes
kubernetes-cni
[0.8.0-2]
- Changes to support OL8 builds
[0.8.0-1]
- Added Oracle specific build files for Kubernetes CNI
kubernetes-cni-plugins
[0.8.7-1]
- Added Oracle specific build files for Kubernetes CNI Plugins
kubernetes-dashboard
[2.0.3-1]
- Added Oracle Specific Build Files for kubernetes-dashboard
libgcrypt
[1.8.5-4]
- add PBKDF2 selftest for FIPS POST
[1.8.5-3]
- new upstream version 1.8.5
- AES performance improvements backported from master branch
- FIPS module is implicit with kernel FIPS flag
- always run the FIPS selftests if FIPS module is installed
[1.8.3-4]
- improve the continuous FIPS entropy test
[1.8.3-3]
- add CMAC selftest for FIPS POST
- add continuous FIPS entropy test
- disable non-approved FIPS hashes in the enforced FIPS mode
[1.8.3-2]
- make only_urandom a default in non-presence of configuration file
- run the full FIPS selftests only when the library is called from
application
[1.8.3-1]
- new upstream version 1.8.3
[1.8.2-2]
- fix behavior when getrandom syscall is not present (#1542453)
[1.8.2-1]
- new upstream version 1.8.2
[1.8.1-3]
- do not try to access() /dev/urandom either if getrandom() works
[1.8.1-2]
- do not try to open /dev/urandom if getrandom() works (#1380866)
[1.8.1-1]
- new upstream version 1.8.1
[1.8.0-1]
- new upstream version 1.8.0
[1.7.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[1.7.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[1.7.8-1]
- new upstream version 1.7.8
[1.7.7-1]
- new upstream version 1.7.7
- GOST is now enabled
[1.7.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[1.7.6-1]
- new upstream version 1.7.6
[1.7.5-1]
- new upstream version 1.7.5
[1.7.3-1]
- new upstream version 1.7.3
[1.6.6-1]
- new upstream version with important security fix (CVE-2016-6316)
[1.6.5-1]
- new upstream version fixing low impact issue CVE-2015-7511
[1.6.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
[1.6.4-1]
- new upstream version
[1.6.3-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
[1.6.3-4]
- deinitialize the RNG after the selftest is run
[1.6.3-3]
- touch only urandom in the selftest and when /dev/random is
unavailable for example by SELinux confinement
- fix the RSA selftest key (p q swap) (#1204517)
[1.6.3-2]
- do not use strict aliasing for bufhelp functions (#1201219)
[1.6.3-1]
- new upstream version
[1.6.2-4]
- do not initialize secure memory during the selftest (#1195850)
[1.6.2-3]
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
[1.6.2-2]
- fix buildability of programs using gcrypt.h with -ansi (#1182200)
[1.6.2-1]
- new upstream version
[1.6.1-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
[1.6.1-6]
- fix license handling
[1.6.1-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
[1.6.1-4]
- Re-enable below algos, apply patch from upstream list to make
that code -fPIC friendly. (rhbz#1069792)
[1.6.1-3]
- Disable rijndael, cast5, camellia ARM assembly, as its non-PIC as
presently written, which results in .text relocations in the shared
library. (rhbz#1069792)
[1.6.1-2]
- drop the temporary compat shared library version
- fix the soname version in -use-fipscheck.patch
[1.6.1-1]
- new upstream version breaking ABI compatibility
- this release temporarily includes old compatibility .so
[1.5.3-3]
- add back the nistp521r1 EC curve
- fix a bug in the Whirlpool hash implementation
- speed up the PBKDF2 computation
[1.5.3-2]
- add cleared ECC support
[1.5.3-1]
- new upstream version fixing cache side-channel attack on RSA private keys
[1.5.2-3]
- silence false error detected by valgrind (#968288)
[1.5.2-2]
- silence strict aliasing warning in Rijndael
- apply UsrMove
- spec file cleanups
[1.5.2-1]
- new upstream version
[1.5.1-1]
- new upstream version
[1.5.0-11]
- use poll() instead of select() when gathering randomness (#913773)
[1.5.0-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
[1.5.0-9]
- allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)
[1.5.0-8]
- fix multilib conflict in libgcrypt-config
- fix minor memory leaks and other bugs found by Coverity scan
[1.5.0-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[1.5.0-5]
- Correctly rebuild the info documentation
[1.5.0-4]
- Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command
[1.5.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
[1.5.0-2]
- Rebuilt for rpm bug #728707
[1.5.0-1]
- new upstream version
[1.4.6-4]
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed
[1.4.6-3]
- Make the FIPS-186-3 DSA implementation CAVS testable
- add configurable source of RNG seed /etc/gcrypt/rngseed
in the FIPS mode (#700388)
[1.4.6-1]
- new upstream version with minor changes
[1.4.5-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
[1.4.5-6]
- fix a bug in the fips-186-3 dsa parameter generation code
[1.4.5-5]
- use /dev/urandom for seeding in the FIPS mode
- make the tests to pass in the FIPS mode also fixing
the FIPS-186-3 DSA keygen
[1.4.5-4]
- FTBFS libgcrypt-1.4.5-3.fc13: ImplicitDSOLinking (#564973)
[1.4.5-3]
- drop the S390 build workaround as it is no longer needed
- additional spec file cleanups for merge review (#226008)
[1.4.5-1]
- workaround for build on S390 (#548825)
- spec file cleanups
- upgrade to new minor upstream release
[1.4.4-8]
- fix warning when installed with --excludedocs (#515961)
[1.4.4-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[1.4.4-6]
- and now really apply the padlock patch
[1.4.4-5]
- fix VIA padlock RNG inline assembly call (#505724)
[1.4.4-4]
- with the integrity verification check the library needs to link to libdl
(#488702)
[1.4.4-3]
- add hmac FIPS integrity verification check
[1.4.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[1.4.4-1]
- update to 1.4.4
- do not abort when the fips mode kernel flag is inaccessible
due to permissions (#470219)
- hobble the library to drop the ECC support
[1.4.3-2]
- disable asm on sparc64
[1.4.3-1]
- update to 1.4.3
- own /etc/gcrypt
* Mon Sep 15 2008 Nalin Dahyabhai
- invoke make with %{?_smp_mflags} to build faster on multi-processor
systems (Steve Grubb)
[1.4.2-1]
- update to 1.4.2
[1.4.1-1]
- update to 1.4.1
- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced
by the configure script
[1.4.0-3]
- add patch from upstream to fix severe performance regression
in entropy gathering
[1.4.0-2]
- Autorebuild for GCC 4.3
[1.4.0-1]
- update to 1.4.0
[1.2.4-6]
- use ldconfig to build the soname symlink for packaging along with the
shared library (#334731)
[1.2.4-5]
- add missing gawk buildrequirement
- switch from explicitly specifying the /dev/random RNG to just verifying
that the non-LGPL ones were disabled by the configure script
[1.2.4-4]
- clarify license
- force use of the linux /dev/random RNG, to avoid accidentally falling back
to others which would affect the license of the resulting library
[1.2.4-3]
- disable static libraries (part of #249815)
[1.2.4-2]
- move libgcrypt shared library to /%{_lib} (#249815)
[1.2.4-1]
- update to 1.2.4
[1.2.3-2]
- make use of install-info more failsafe (Ville Skytta, #223705)
[1.2.3-1]
- update to 1.2.3
[1.2.2-3.1]
- rebuild
[1.2.2-3]
- Added missing buildreq pkgconfig
[1.2.2-2]
- remove file conflicts in libgcrypt-config by making the 64-bit version
think the libraries are in /usr/lib (which is wrong, but which it also
prunes from the suggest --libs output, so no harm done, hopefully)
[1.2.2-1.2.1]
- bump again for double-long bug on ppc(64)
[1.2.2-1.2]
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating
- rebuilt
[1.2.2-1]
- update to 1.2.2
[1.2.1-1]
- update to 1.2.1
* Fri Jul 30 2004 Florian La Roche
- another try to package the symlink
* Tue Jun 15 2004 Elliot Lee
- rebuilt
[1.2.0-1]
- update to official 1.2.0
[1.1.94-1]
- update to 1.1.94
* Tue Mar 02 2004 Elliot Lee
- rebuilt
* Sat Feb 21 2004 Florian La Roche
- add symlinks to shared libs at compile time
* Fri Feb 13 2004 Elliot Lee
- rebuilt
* Wed Jun 04 2003 Elliot Lee
- rebuilt
[1.1.12-1]
- upgrade to 1.1.12 (beta).
* Fri Jun 21 2002 Tim Powers
- automated rebuild
* Sun May 26 2002 Tim Powers
- automated rebuild
* Tue May 21 2002 Jeff Johnson
- update to 1.1.7
- change license to LGPL.
- include splint annotations patch.
- install info pages.
[1.1.6-1]
- update to 1.1.6
[1.1.5-1]
- fix the Source tag so that its a real URL
* Thu Dec 20 2001 Nalin Dahyabhai
- initial package
olcne-selinux
olcne
[1.2.0-3]
- Fix keepalived version pin down issue
[1.2.0-2]
- Fix an issue where removing nodes from a Kubernetes cluster would improperly edit the crio.conf file on the remaining nodes
[1.2.0-1]
- Add support for Oracle Linux 8
- Include Kubernetes 1.18.10
- Include Helm 3.3.4
- Include Istio 1.7.3
- Add support for SELinux enforcing mode
- Enable configuration of TLS parameters for Kubernetes and OLCNE Platform components
- Allow Kubernetes worker nodes to be deployed behind NAT
- Enable using FIPS-compliant OpenSSL cryptography when running in FIPS mode on Oracle Linux 8
prometheus
qemu-kvm
[15:4.2.1-3.el8]
- qemu-kvm.spec: Install block storage module RPMs by default
sgabios
[1:0.20170427git-3]
- Rebuild all virt packages to fix RHELs upgrade path
- Resolves: rhbz#1695587
(Ensure modular RPM upgrade path)
yq
[3.4.0-1]
- Added Oracle specific build files
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team