Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opa-fm for openSUSE:Factory checked
in at 2021-11-17 01:13:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/opa-fm (Old)
and /work/SRC/openSUSE:Factory/.opa-fm.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opa-fm"
Wed Nov 17 01:13:52 2021 rev:17 rq:931618 version:10.11.0.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/opa-fm/opa-fm.changes 2021-05-18
18:27:40.742640837 +0200
+++ /work/SRC/openSUSE:Factory/.opa-fm.new.1890/opa-fm.changes 2021-11-17
01:14:49.102184809 +0100
@@ -1,0 +2,16 @@
+Mon Nov 15 19:07:26 UTC 2021 - Nicolas Morey-Chaisemartin
<nmoreychaisemar...@suse.com>
+
+- Update to 10.11.0.2.1 (jsc#SLE-20578)
+ - gcc11 fixes
+- Drop patches merged upstream:
+ - opa-fm-force-code-symbols-to-be-loaded.patch
+ - opa-fm-fix-multiple-definitions.patch
+
+
+-------------------------------------------------------------------
+Fri Oct 15 07:25:35 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * opa-fm-harden-systemd-service.patch
+
+-------------------------------------------------------------------
Old:
----
opa-fm-10.11.0.0.574.0.6133b2fe5b39.tar.gz
opa-fm-fix-multiple-definitions.patch
opa-fm-force-code-symbols-to-be-loaded.patch
New:
----
opa-fm-10.11.0.2.1.0.5d1f7ee32920.tar.gz
opa-fm-harden-systemd-service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ opa-fm.spec ++++++
--- /var/tmp/diff_new_pack.fcTeof/_old 2021-11-17 01:14:49.634185009 +0100
+++ /var/tmp/diff_new_pack.fcTeof/_new 2021-11-17 01:14:49.634185009 +0100
@@ -16,13 +16,13 @@
#
-%define git_ver .0.6133b2fe5b39
+%define git_ver .0.5d1f7ee32920
%define pseudo_opt %{_prefix}/lib/opa-fm
%define opasysconfdir %{_sysconfdir}/opa-fm/
%define opavarlibdir %{_localstatedir}/usr/lib/opa-fm/
Name: opa-fm
-Version: 10.11.0.0.574
+Version: 10.11.0.2.1
Release: 0
Summary: Intel Omni-Path Fabric Management Software
License: BSD-3-Clause
@@ -32,8 +32,7 @@
Source1: %{name}-rpmlintrc
Patch1: opa-fm-Fallback-to-custom-vendor-if-os_vendor-fails.patch
Patch2: opa-fm-use-RPM_OPT_FLAGS.patch
-Patch3: opa-fm-force-code-symbols-to-be-loaded.patch
-Patch4: opa-fm-fix-multiple-definitions.patch
+Patch5: opa-fm-harden-systemd-service.patch
BuildRequires: gcc-c++
BuildRequires: infiniband-diags-devel
BuildRequires: libexpat-devel
@@ -57,8 +56,7 @@
%setup -q -n %{name}-%{version}%{git_ver}
%patch1
%patch2
-%patch3
-%patch4
+%patch5
%build
export RPM_OPT_FLAGS
++++++ _service ++++++
--- /var/tmp/diff_new_pack.fcTeof/_old 2021-11-17 01:14:49.662185019 +0100
+++ /var/tmp/diff_new_pack.fcTeof/_new 2021-11-17 01:14:49.662185019 +0100
@@ -8,7 +8,7 @@
<param name="versionformat">@PARENT_TAG@.@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
- <param name="revision">6133b2fe5b39b605c0d695bce37cdfa498a4d477</param>
+ <param name="revision">5d1f7ee32920b1b429e2f7699762514af47d9717</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">opa-fm*.tar</param>
++++++ opa-fm-10.11.0.0.574.0.6133b2fe5b39.tar.gz ->
opa-fm-10.11.0.2.1.0.5d1f7ee32920.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/Makefile.linux
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/Makefile.linux
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/Makefile.linux 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/Makefile.linux 2021-05-17
17:03:40.000000000 +0200
@@ -290,9 +290,7 @@
mkdir $$dir/stage.rpm; \
cp -r -L $(GLOBAL_BIN_DIR)/* $$dir/stage.rpm/ ; \
cd $$dir/stage.rpm ; \
- find . -print| $(PREP); \
- $(PATCH_VERSION) -n `$(CONVERT_RELEASETAG) $(RELEASE_TAG)`
$(RELEASE_TAG) sm fe; \
- $(PATCH_BRAND) "$(BUILD_BRAND)" sm fe;
+ find . -print| $(PREP);
cd $(PROJ_STAGE_DIR) && $(PATCH_VERSION) -m % -n
`$(CONVERT_RELEASETAG) $(RELEASE_TAG)` $(RELEASE_TAG) INSTALL
cd $(PROJ_STAGE_DIR) && $(PATCH_BRAND) -m % "$(BUILD_BRAND)" INSTALL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/build.env
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/build.env
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/build.env 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/build.env 2021-05-17
17:03:40.000000000 +0200
@@ -1,6 +1,6 @@
# Adjust the environment variables if necessary
export PRODUCT=VIEO_HOST
-export RELEASE_TAG=10_11_0_0_574
+export RELEASE_TAG=10_11_0_2_1
export BUILD_CONFIG=${BUILD_CONFIG:-"release"}
export BUILD_WITH_STACK=OPENIB
export LDENVFS=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/build_label
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/build_label
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/build_label 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/build_label 2021-05-17
17:03:40.000000000 +0200
@@ -1 +1 @@
-Build of VIEO_HOST 03/29/21 23:41 Tag: VIEO_HOST_LINUX_opa-10_11_10_11_0_0_574
+Build of VIEO_HOST 05/12/21 15:30 Tag: VIEO_HOST_LINUX_opa-10_11_10_11_0_2_1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/pm/include/pm_topology.h
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/pm/include/pm_topology.h
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/pm/include/pm_topology.h
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/pm/include/pm_topology.h
2021-05-17 17:03:40.000000000 +0200
@@ -1551,7 +1551,7 @@
// compute theoretical limits for each rate
//extern void PM_InitLswfToMBps(void);
// ideally should be static, extern due to split of sweep.c and calc.c
-uint32 s_StaticRateToMBps[IB_STATIC_RATE_MAX+1];
+extern uint32 s_StaticRateToMBps[IB_STATIC_RATE_MAX+1];
// This group of functions accept an index into the pmportp->Groups[]
// caller should search for appropriate entry in array to act on
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/pm/pm/pm.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/pm/pm/pm.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/pm/pm/pm.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/pm/pm/pm.c 2021-05-17
17:03:40.000000000 +0200
@@ -126,9 +126,6 @@
#define SID_ASCII_FORMAT "%02x%02x%02x%02x%02x%02x%02x%02x"
static IB_SERVICE_RECORD pmServRer;
-#ifndef __VXWORKS__
-static char msgbuf[256];
-#endif
#if 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/include/sa_l.h
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/include/sa_l.h
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/include/sa_l.h
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/include/sa_l.h
2021-05-17 17:03:40.000000000 +0200
@@ -314,7 +314,7 @@
Status_t sa_Authenticate_Access(uint32_t, STL_LID, STL_LID, STL_LID);
Status_t sa_Compare_Node_Port_PKeys(Node_t*, Port_t*);
Status_t sa_Compare_Port_PKeys(Port_t*, Port_t*);
-uint32_t saDebugPerf; // control SA performance messages; default is off
+extern uint32_t saDebugPerf; // control SA performance messages; default
is off
Status_t sa_data_offset(uint16_t class, uint16_t type);
Status_t sa_create_template_mask(uint16_t, uint64_t);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/include/sm_l.h
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/include/sm_l.h
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/include/sm_l.h
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/include/sm_l.h
2021-05-17 17:03:40.000000000 +0200
@@ -1127,9 +1127,21 @@
uint32_t index; /* Used by OOB mgmt interface to track
record */
} McMember_t;
-#define MCMEMBER_STATE_FULL_MEMBER 0x01
-#define MCMEMBER_STATE_NON_MEMBER 0x02
-#define MCMEMBER_STATE_SENDONLY_MEMBER 0x04
+#define MCMEMBER_STATE_FULL_MEMBER 0x01
+#define MCMEMBER_STATE_NON_MEMBER 0x02
+#define MCMEMBER_STATE_SENDONLY_NON_MEMBER 0x04
+#define MCMEMBER_STATE_SENDONLY_FULL_MEMBER 0x08
+
+#define IS_MCMEMBER_STATE_FULL_MEMBER(mcMember) \
+ (((mcMember)->state & MCMEMBER_STATE_FULL_MEMBER) || \
+ ((mcMember)->state & MCMEMBER_STATE_SENDONLY_FULL_MEMBER))
+
+#define IS_MCMEMBER_RECORD_JOIN_FULL_MEMBER(mcmp) \
+ (((mcmp)->JoinFullMember) || ((mcmp)->JoinSendOnlyFullMember))
+
+#define IS_MCMEMBER_RECORD_JOIN_SEND_ONLY(mcMember) \
+ (((mcMember)->record.JoinSendOnlyNonMember) || \
+ ((mcMember)->record.JoinSendOnlyFullMember))
typedef enum {
McGroupBehaviorStrict = 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sa/sa_McMemberRecord.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sa/sa_McMemberRecord.c
---
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sa/sa_McMemberRecord.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sa/sa_McMemberRecord.c
2021-05-17 17:03:40.000000000 +0200
@@ -358,7 +358,6 @@
mcmp->Reserved = 0;
mcmp->Reserved2 = 0;
mcmp->Reserved3 = 0;
- mcmp->Reserved4 = 0;
mcmp->Reserved5 = 0;
mGid[0] = mcmp->RID.MGID.Type.Global.SubnetPrefix;
@@ -763,7 +762,7 @@
goto done;
}
- if (!(mcmp->JoinFullMember)) {
+ if (!(IS_MCMEMBER_RECORD_JOIN_FULL_MEMBER(mcmp))) {
maip->base.status = MAD_STATUS_SA_REQ_INVALID;
IB_LOG_ERROR_FMT_VF( vfp, "sa_McMemberRecord_Set",
"Join state of 0x%.2X not full member "
"for NULL GID CREATE request from %s Port
%d, PortGUID "FMT_U64", LID 0x%.8X, returning status 0x%.4X",
@@ -890,7 +889,7 @@
}
}
- if (!(mcmp->JoinFullMember)) {
+ if (!(IS_MCMEMBER_RECORD_JOIN_FULL_MEMBER(mcmp))) {
maip->base.status = MAD_STATUS_SA_REQ_INVALID;
IB_LOG_ERROR_FMT_VF( vfp,
"sa_McMemberRecord_Set", "Join state of 0x%.2X not full member "
"for NEW MGID of "FMT_GID" for
CREATE request from %s Port %d, PortGUID "FMT_U64", "
@@ -1147,7 +1146,7 @@
if (!(mcMember = sm_find_multicast_member(mcGroup,
mcmp->RID.PortGID))) {
McMember_Create(mcGroup, mcMember);
- if (mcmp->JoinFullMember) {
+ if (IS_MCMEMBER_RECORD_JOIN_FULL_MEMBER(mcmp)) {
mcGroup->members_full++;
}
/* new member: sync the group change with standby SMs */
@@ -1155,9 +1154,10 @@
} else {
mcmp->JoinFullMember |= mcMember->state &
MCMEMBER_STATE_FULL_MEMBER;
mcmp->JoinNonMember |= mcMember->state &
MCMEMBER_STATE_NON_MEMBER;
- mcmp->JoinSendOnlyMember |= mcMember->state &
MCMEMBER_STATE_SENDONLY_MEMBER;
- if (!(mcMember->state &
MCMEMBER_STATE_FULL_MEMBER)) { /* If we were not a full member */
- if (mcmp->JoinFullMember) { /* but
are a full member now */
+ mcmp->JoinSendOnlyNonMember |= mcMember->state
& MCMEMBER_STATE_SENDONLY_NON_MEMBER;
+ mcmp->JoinSendOnlyFullMember |= mcMember->state
& MCMEMBER_STATE_SENDONLY_FULL_MEMBER;
+ if (!(IS_MCMEMBER_STATE_FULL_MEMBER(mcMember)))
{ /* If we were not a full member */
+ if
(IS_MCMEMBER_RECORD_JOIN_FULL_MEMBER(mcmp)) { /* but are a full member
now */
mcGroup->members_full++;
}
}
@@ -1334,7 +1334,6 @@
mcmp->Reserved = 0;
mcmp->Reserved2 = 0;
mcmp->Reserved3 = 0;
- mcmp->Reserved4 = 0;
mcmp->Reserved5 = 0;
/* setup return data if successfull */
@@ -1492,7 +1491,7 @@
joinstate = mcMember->state & ~STL_MCMRECORD_GETJOINSTATE(mcmp);
if (joinstate == 0) {
// Delete the multicast member and decrement full member
count if needed
- if (mcMember->state & MCMEMBER_STATE_FULL_MEMBER) {
+ if (IS_MCMEMBER_STATE_FULL_MEMBER(mcMember)) {
IB_LOG_VERBOSE_FMT_VF( vfp, "sa_McMemberRecord_Delete",
"full mcMember "FMT_U64" left multicast group "
"GID "FMT_GID,
mcMember->portGuid, mcastGid[0],
mcastGid[1]);
@@ -1505,8 +1504,8 @@
McMember_Delete(mcGroup, mcMember);
} else {
/* decrement the number of full members in group if member is removing
full membership */
- if (mcMember->state & MCMEMBER_STATE_FULL_MEMBER &&
- mcmp->JoinFullMember) {
+ if ((mcMember->state & MCMEMBER_STATE_FULL_MEMBER &&
mcmp->JoinFullMember) ||
+ (mcMember->state & MCMEMBER_STATE_SENDONLY_FULL_MEMBER &&
mcmp->JoinSendOnlyFullMember)) {
IB_LOG_VERBOSE_FMT_VF( vfp, "sa_McMemberRecord_Delete",
"full mcMember "FMT_U64" downgrading membership in
multicast group "
"GID "FMT_GID,
@@ -1625,7 +1624,6 @@
mcMemQuery.Reserved = 0;
mcMemQuery.Reserved2 = 0;
mcMemQuery.Reserved3 = 0;
- mcMemQuery.Reserved4 = 0;
mcMemQuery.Reserved5 = 0;
//
@@ -1697,7 +1695,8 @@
data -= sizeof(STL_MCMEMBER_RECORD) +
bytes;
BSWAPCOPY_STL_MCMEMBER_RECORD((STL_MCMEMBER_RECORD*)data, &mcMemTemp);
memset(&mcMemTemp.RID.PortGID, 0,
sizeof(mcMemTemp.RID.PortGID));
- mcMemTemp.JoinSendOnlyMember = 0;
+ mcMemTemp.JoinSendOnlyFullMember = 0;
+ mcMemTemp.JoinSendOnlyNonMember = 0;
mcMemTemp.JoinNonMember = 0;
mcMemTemp.JoinFullMember = 0;
mcMemTemp.ProxyJoin = 0;
@@ -1834,10 +1833,10 @@
converted.u1.s.HopLimit = mcmp->record.HopLimit;
converted.Scope = mcmp->record.Scope;
converted.JoinFullMember = mcmp->record.JoinFullMember;
- converted.JoinSendOnlyMember =
mcmp->record.JoinSendOnlyMember;
+ converted.JoinSendOnlyNonMember =
mcmp->record.JoinSendOnlyNonMember;
+ converted.JoinSendOnlyFullMember =
mcmp->record.JoinSendOnlyFullMember;
converted.JoinNonMember = mcmp->record.JoinNonMember;
converted.ProxyJoin = mcmp->record.ProxyJoin;
- converted.Reserved = 0;
converted.Reserved2 = 0;
converted.Reserved3[0] = 0;
converted.Reserved3[1] = 0;
@@ -1851,7 +1850,8 @@
BSWAPCOPY_IB_MCMEMBER_RECORD((IB_MCMEMBER_RECORD*)data, &mcMemTemp);
memset(&mcMemTemp.RID.PortGID, 0,
sizeof(mcMemTemp.RID.PortGID));
mcMemTemp.JoinFullMember = 0;
- mcMemTemp.JoinSendOnlyMember = 0;
+ mcMemTemp.JoinSendOnlyNonMember = 0;
+ mcMemTemp.JoinSendOnlyFullMember = 0;
mcMemTemp.JoinNonMember = 0;
mcMemTemp.ProxyJoin = 0;
BSWAPCOPY_IB_MCMEMBER_RECORD(&mcMemTemp, (IB_MCMEMBER_RECORD*)data);
@@ -2032,7 +2032,8 @@
mcmp->Scope = mcGroup->scope;
mcmp->JoinFullMember = mcMember->state & MCMEMBER_STATE_FULL_MEMBER;
mcmp->JoinNonMember = mcMember->state & MCMEMBER_STATE_NON_MEMBER;
- mcmp->JoinSendOnlyMember = mcMember->state &
MCMEMBER_STATE_SENDONLY_MEMBER;
+ mcmp->JoinSendOnlyNonMember = mcMember->state &
MCMEMBER_STATE_SENDONLY_NON_MEMBER;
+ mcmp->JoinSendOnlyFullMember = mcMember->state &
MCMEMBER_STATE_SENDONLY_FULL_MEMBER;
mcmp->ProxyJoin = mcMember->proxy;
emptyBroadcastGroup = 1;
@@ -2361,7 +2362,8 @@
mcmp->Scope = mcGroup->scope;
mcmp->JoinFullMember = mcMember->state & MCMEMBER_STATE_FULL_MEMBER;
mcmp->JoinNonMember = mcMember->state & MCMEMBER_STATE_NON_MEMBER;
- mcmp->JoinSendOnlyMember = mcMember->state &
MCMEMBER_STATE_SENDONLY_MEMBER;
+ mcmp->JoinSendOnlyNonMember = mcMember->state &
MCMEMBER_STATE_SENDONLY_NON_MEMBER;
+ mcmp->JoinSendOnlyFullMember = mcMember->state &
MCMEMBER_STATE_SENDONLY_FULL_MEMBER;
mcmp->ProxyJoin = mcMember->proxy;
emptyBroadcastGroup = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sa/sa_main.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sa/sa_main.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sa/sa_main.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sa/sa_main.c
2021-05-17 17:03:40.000000000 +0200
@@ -341,6 +341,7 @@
STL_SA_CAPABILITY2_MFTTOP_SUPPORT |
STL_SA_CAPABILITY2_FULL_PORTINFO |
STL_SA_CAPABILITY2_EXT_SUPPORT |
+ STL_SA_CAPABILITY2_SENDONLY_FULL_MEM_SUPPORT |
STL_SA_CAPABILITY2_DGDTRECORD_SUPPORT;
saClassPortInfo.u1.s.RespTimeValue = sm_config.sa_resp_time_n2;
saClassPortInfo.u3.s.RedirectQP = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_dbsync_util.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_dbsync_util.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_dbsync_util.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_dbsync_util.c
2021-05-17 17:03:40.000000000 +0200
@@ -1117,7 +1117,7 @@
// delete this member
mcmp = mcMember->next;
- if (!(mcMember->state & MCMEMBER_STATE_FULL_MEMBER)) {
+ if (!(IS_MCMEMBER_STATE_FULL_MEMBER(mcMember))) {
IB_LOG_INFO_FMT(__func__, "Non full mcMember
"FMT_U64" of multicast group "
"GID "FMT_U64":"FMT_U64" is no longer in
fabric",
mcMember->portGuid, mcastGid[0],
mcastGid[1]);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_main.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_main.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_main.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_main.c
2021-05-17 17:03:40.000000000 +0200
@@ -120,7 +120,6 @@
uint64_t topology_sema_runTime=0;
uint32_t sm_def_mc_group;
extern uint32_t smDebugPerf; // control SM performance messages;
default is off
-extern uint32_t saDebugPerf; // control SA performance messages;
default is off
extern uint32_t saDebugRmpp; // control SA RMPP INFO debug
messages; default is off
extern uint32_t sm_debug; // SM debug; default is off
extern uint32_t saRmppCheckSum; // control checksum of SA RMPP
responses; default is off;
@@ -223,7 +222,7 @@
SmMcastMlidShare_t sm_mls_config;
SMMcastDefGrpCfg_t sm_mdg_config;
-uint32_t xml_trace = 0;
+static uint32_t xml_trace = 0;
extern uint32_t pm_conf_start;
extern uint32_t bm_conf_start;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_multicast.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_multicast.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_multicast.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_multicast.c
2021-05-17 17:03:40.000000000 +0200
@@ -613,7 +613,8 @@
mcmp->Scope = mcGroup->scope;
mcmp->JoinFullMember = mcMember->state & MCMEMBER_STATE_FULL_MEMBER;
mcmp->JoinNonMember = 0;
- mcmp->JoinSendOnlyMember = 0;
+ mcmp->JoinSendOnlyNonMember = 0;
+ mcmp->JoinSendOnlyFullMember = 0;
mcmp->ProxyJoin = mcMember->proxy;
return VSTATUS_OK;
@@ -909,7 +910,7 @@
if ((mcMember->record.JoinNonMember) ||
(mcMember->record.JoinFullMember)) {
nodep->mft[offset][Mft_Position(portp->portno)]
|= Mft_PortmaskBit(portp->portno);
- } else if (mcMember->record.JoinSendOnlyMember) {
+ } else if (IS_MCMEMBER_RECORD_JOIN_SEND_ONLY(mcMember))
{
// mark this switch as having a send only
broadcast group member so we do not prune
nodep->hasSendOnlyMember = 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_topology.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_topology.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_topology.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_topology.c
2021-05-17 17:03:40.000000000 +0200
@@ -2741,7 +2741,7 @@
portguid = mcMember->portGuid;
/* Found it, now we must remove it */
- if (!(mcMember->state & MCMEMBER_STATE_FULL_MEMBER)) {
+ if (!(IS_MCMEMBER_STATE_FULL_MEMBER(mcMember))) {
IB_LOG_INFO_FMT(__func__, "Non full mcMember "FMT_U64" of
multicast group "
"GID "FMT_GID" is no longer in fabric", portguid,
mcastGid[0], mcastGid[1]);
} else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_utility.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_utility.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Esm/ib/src/smi/sm/sm_utility.c
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Esm/ib/src/smi/sm/sm_utility.c
2021-05-17 17:03:40.000000000 +0200
@@ -86,7 +86,7 @@
#endif
extern Lock_t tid_lock;
-uint32_t sm_instance;
+extern uint32_t sm_instance;
//#define TRACK_SEARCHES
uint32_t sm_node_guid_cnt = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbAccess/Common/Inc/ib_sa_records.h
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbAccess/Common/Inc/ib_sa_records.h
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbAccess/Common/Inc/ib_sa_records.h
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbAccess/Common/Inc/ib_sa_records.h
2021-05-17 17:03:40.000000000 +0200
@@ -536,15 +536,15 @@
} u1;
#if CPU_BE
uint8 Scope:4;
- uint8 Reserved:1;
- uint8 JoinSendOnlyMember:1;
+ uint8 JoinSendOnlyFullMember:1;
+ uint8 JoinSendOnlyNonMember:1;
uint8 JoinNonMember:1;
uint8 JoinFullMember:1;
#else
uint8 JoinFullMember:1;
uint8 JoinNonMember:1;
- uint8 JoinSendOnlyMember:1;
- uint8 Reserved:1;
+ uint8 JoinSendOnlyNonMember:1;
+ uint8 JoinSendOnlyFullMember:1;
uint8 Scope:4;
#endif
#if CPU_BE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbAccess/Common/Inc/stl_sa_priv.h
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbAccess/Common/Inc/stl_sa_priv.h
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbAccess/Common/Inc/stl_sa_priv.h
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbAccess/Common/Inc/stl_sa_priv.h
2021-05-17 17:03:40.000000000 +0200
@@ -351,7 +351,8 @@
Dest->HopLimit = Src->u1.s.HopLimit;
Dest->Scope = Src->Scope;
Dest->JoinFullMember = Src->JoinFullMember;
- Dest->JoinSendOnlyMember = Src->JoinSendOnlyMember;
+ Dest->JoinSendOnlyNonMember = Src->JoinSendOnlyNonMember;
+ Dest->JoinSendOnlyFullMember = Src->JoinSendOnlyFullMember;
Dest->JoinNonMember = Src->JoinNonMember;
Dest->ProxyJoin = Src->ProxyJoin;
}
@@ -376,10 +377,10 @@
Dest->u1.s.HopLimit = Src->HopLimit;
Dest->Scope = Src->Scope;
Dest->JoinFullMember = Src->JoinFullMember;
- Dest->JoinSendOnlyMember = Src->JoinSendOnlyMember;
+ Dest->JoinSendOnlyNonMember = Src->JoinSendOnlyNonMember;
+ Dest->JoinSendOnlyFullMember = Src->JoinSendOnlyFullMember;
Dest->JoinNonMember = Src->JoinNonMember;
Dest->ProxyJoin = Src->ProxyJoin;
- Dest->Reserved = 0;
Dest->Reserved2 = 0;
Dest->Reserved3[0] = 0;
Dest->Reserved3[1] = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbAccess/Common/Inc/stl_sa_types.h
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbAccess/Common/Inc/stl_sa_types.h
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbAccess/Common/Inc/stl_sa_types.h
2021-04-13 17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbAccess/Common/Inc/stl_sa_types.h
2021-05-17 17:03:40.000000000 +0200
@@ -154,12 +154,13 @@
#define STL_SA_CAPABILITY_PA_SERVICES_SUPPORT 0x8000
/* 32 bit values, lower 27 bits are capabilities*/
-#define STL_SA_CAPABILITY2_QOS_SUPPORT 0x0000002
-#define STL_SA_CAPABILITY2_MFTTOP_SUPPORT 0x0000008
-#define STL_SA_CAPABILITY2_FULL_PORTINFO 0x0000040
-#define STL_SA_CAPABILITY2_EXT_SUPPORT 0x0000080
-#define STL_SA_CAPABILITY2_DGDTRECORD_SUPPORT 0x1000000
-#define STL_SA_CAPABILITY2_SWCOSTRECORD_SUPPORT 0x2000000
+#define STL_SA_CAPABILITY2_QOS_SUPPORT 0x0000002
+#define STL_SA_CAPABILITY2_MFTTOP_SUPPORT 0x0000008
+#define STL_SA_CAPABILITY2_FULL_PORTINFO 0x0000040
+#define STL_SA_CAPABILITY2_EXT_SUPPORT 0x0000080
+#define STL_SA_CAPABILITY2_SENDONLY_FULL_MEM_SUPPORT 0x0001000
+#define STL_SA_CAPABILITY2_DGDTRECORD_SUPPORT 0x1000000
+#define STL_SA_CAPABILITY2_SWCOSTRECORD_SUPPORT 0x2000000
/* SA Capmask Bits to return on IB SA ClassPortInfo */
#define IB_SA_CAPABILITY_MASK(capmask) (capmask & \
@@ -201,11 +202,12 @@
if (!cmask) {
snprintf(buf, 80, "-");
} else {
- snprintf(buf, 80, "%s%s%s%s%s%s",
+ snprintf(buf, 80, "%s%s%s%s%s%s%s",
(cmask & STL_SA_CAPABILITY2_QOS_SUPPORT) ? "QoS " : "",
(cmask & STL_SA_CAPABILITY2_MFTTOP_SUPPORT) ? "MFTTop "
: "",
(cmask & STL_SA_CAPABILITY2_FULL_PORTINFO) ?
"FullPortInfo " : "",
(cmask & STL_SA_CAPABILITY2_EXT_SUPPORT) ? "ExtSpeed "
: "",
+ (cmask & STL_SA_CAPABILITY2_SENDONLY_FULL_MEM_SUPPORT)
? "SendOnlyFullMember " : "",
(cmask & STL_SA_CAPABILITY2_DGDTRECORD_SUPPORT) ?
"DG/DT " : "",
(cmask & STL_SA_CAPABILITY2_SWCOSTRECORD_SUPPORT) ?
"SwCost " : "");
}
@@ -722,8 +724,8 @@
/* 48 bytes */
IB_BITFIELD5(uint8,
Scope:4,
- Reserved4:1,
- JoinSendOnlyMember:1, // NOTE: Treat these 4 JoinStates
as 1 attr.
+ JoinSendOnlyFullMember:1,
+ JoinSendOnlyNonMember:1, // NOTE: Treat these 4
JoinStates as 1 attr.
JoinNonMember:1,
JoinFullMember:1);
@@ -774,7 +776,8 @@
|
STL_MCMEMBER_COMPONENTMASK_JNSTATE \
|
STL_MCMEMBER_COMPONENTMASK_PORTGID )
-#define STL_MCMRECORD_GETJOINSTATE(REC) (
(REC)->JoinSendOnlyMember \
+#define STL_MCMRECORD_GETJOINSTATE(REC) (
(REC)->JoinSendOnlyFullMember \
+ | (REC)->JoinSendOnlyNonMember \
| (REC)->JoinNonMember \
| (REC)->JoinFullMember )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbPrint/sa.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbPrint/sa.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbPrint/sa.c 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbPrint/sa.c 2021-05-17
17:03:40.000000000 +0200
@@ -277,13 +277,14 @@
indent, "",
pMcMemberRecord->RID.MGID.AsReg64s.H,
pMcMemberRecord->RID.MGID.AsReg64s.L);
- PrintFunc(dest, "%*sPortGid: 0x%016"PRIx64":0x%016"PRIx64" Membership:
%s%s%s\n",
+ PrintFunc(dest, "%*sPortGid: 0x%016"PRIx64":0x%016"PRIx64" Membership:
%s%s%s%s\n",
indent, "",
pMcMemberRecord->RID.PortGID.Type.Global.SubnetPrefix,
pMcMemberRecord->RID.PortGID.Type.Global.InterfaceID,
pMcMemberRecord->JoinFullMember?"Full ":"",
pMcMemberRecord->JoinNonMember?"Non ":"",
- pMcMemberRecord->JoinSendOnlyMember?"Sendonly
":"");
+
pMcMemberRecord->JoinSendOnlyNonMember?"SendonlyNon ":"",
+
pMcMemberRecord->JoinSendOnlyFullMember?"SendonlyFull ":"");
FormatTimeoutMult(buf, pMcMemberRecord->PktLifeTime);
PrintFunc(dest, "%*sMLID: 0x%08x PKey: 0x%04x Mtu: %5s Rate: %4s
PktLifeTime: %s\n",
indent, "",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbPrint/stl_sa.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbPrint/stl_sa.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/IbPrint/stl_sa.c 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/IbPrint/stl_sa.c 2021-05-17
17:03:40.000000000 +0200
@@ -232,12 +232,13 @@
pMcMemberRecord->RID.MGID.AsReg64s.L);
PrintFunc(dest,
"%*sPortGid: 0x%016" PRIx64 ":0x%016" PRIx64
- " Membership: %s%s%s\n", indent, "",
+ " Membership: %s%s%s%s\n", indent, "",
pMcMemberRecord->RID.PortGID.Type.Global.SubnetPrefix,
pMcMemberRecord->RID.PortGID.Type.Global.InterfaceID,
pMcMemberRecord->JoinFullMember ? "Full " : "",
pMcMemberRecord->JoinNonMember ? "Non " : "",
- pMcMemberRecord->JoinSendOnlyMember ? "Sendonly " :
"");
+ pMcMemberRecord->JoinSendOnlyNonMember ? "SendonlyNon
" : "",
+ pMcMemberRecord->JoinSendOnlyFullMember ?
"SendonlyFull " : "");
FormatTimeoutMult(buf, pMcMemberRecord->PktLifeTime);
PrintFunc(dest,
"%*sMLID: 0x%08x PKey: 0x%04x Mtu: %5s Rate: %4s
PktLifeTime: %s\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Topology/snapshot.c
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Topology/snapshot.c
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/Topology/snapshot.c 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/Topology/snapshot.c 2021-05-17
17:03:40.000000000 +0200
@@ -2516,7 +2516,8 @@
// no preexisting membership info
mcmemberp->MemberInfo.JoinFullMember=0;
mcmemberp->MemberInfo.JoinNonMember=0;
- mcmemberp->MemberInfo.JoinSendOnlyMember=0;
+ mcmemberp->MemberInfo.JoinSendOnlyNonMember=0;
+ mcmemberp->MemberInfo.JoinSendOnlyFullMember=0;
return mcmemberp;
}
@@ -2604,7 +2605,9 @@
value = value >> 1;
mcmemberp->MemberInfo.JoinNonMember = value & 1;
value = value >> 1;
- mcmemberp->MemberInfo.JoinSendOnlyMember = value & 1;
+ mcmemberp->MemberInfo.JoinSendOnlyNonMember = value & 1;
+ value = value >> 1;
+ mcmemberp->MemberInfo.JoinSendOnlyFullMember = value & 1;
}
return;
@@ -2681,7 +2684,8 @@
McMemberData *pMcMemberRecord = (McMemberData *)data;
uint8 Memberstatus;
- Memberstatus = (pMcMemberRecord->MemberInfo.JoinSendOnlyMember<<2 |
+ Memberstatus = (pMcMemberRecord->MemberInfo.JoinSendOnlyFullMember<<3 |
+
pMcMemberRecord->MemberInfo.JoinSendOnlyNonMember<<2 |
pMcMemberRecord->MemberInfo.JoinNonMember<<1 |
pMcMemberRecord->MemberInfo.JoinFullMember);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/opa-fm.spec.in
new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/opa-fm.spec.in
--- old/opa-fm-10.11.0.0.574.0.6133b2fe5b39/opa-fm.spec.in 2021-04-13
17:02:57.000000000 +0200
+++ new/opa-fm-10.11.0.2.1.0.5d1f7ee32920/opa-fm.spec.in 2021-05-17
17:03:40.000000000 +0200
@@ -29,8 +29,8 @@
#[ICS VERSION STRING: unknown]
Name: opa-fm
-Version: 10.10.3.0
-Release: 11%{?dist}
+Version: 10.11.0.2
+Release: 1%{?dist}
%if 0%{?rhel}
Epoch: 1
%endif
++++++ opa-fm-harden-systemd-service.patch ++++++
commit 9ee6db9866c42c00cd1f15c0a1f68f5d1a6c933d
Author: Nicolas Morey-Chaisemartin <nmoreychaisemar...@suse.com>
Date: Tue Nov 2 16:20:47 2021 +0100
opa-fm: harden systemd service
Fixes: bsc#1181400
Signed-off-by: Nicolas Morey-Chaisemartin <nmoreychaisemar...@suse.com>
diff --git Esm/ib/src/linux/startup/opafm.service
Esm/ib/src/linux/startup/opafm.service
index d4c40b0675e1..3bf5568f9ebf 100755
--- Esm/ib/src/linux/startup/opafm.service
+++ Esm/ib/src/linux/startup/opafm.service
@@ -34,6 +34,17 @@ Description=OPA Fabric Manager
After=rdma.service network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
User=root
Type=forking
ExecStart=/usr/lib/opa-fm/bin/opafmd -D
