From bc8e6d10d87ad422b7c3b5a43cea266a19945f0a Mon Sep 17 00:00:00 2001
From: Andy Fiddaman <illumos@fiddaman.net>
Date: Thu, 24 Aug 2023 12:30:48 +0000
Subject: [PATCH] Preparing for r151046q

---
 build/release/build.sh |  2 +-
 doc/ReleaseNotes.md    | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/build/release/build.sh b/build/release/build.sh
index 5da9faaf46..1c04a74728 100755
--- a/build/release/build.sh
+++ b/build/release/build.sh
@@ -25,7 +25,7 @@ DESC="OmniOS /etc/release and /etc/os-release files"
 set_arch 64
 
 # Update the following line with the current release suffix
-RELSUFFIX=n
+RELSUFFIX=q
 
 RELEASE=${RELVER}${RELSUFFIX}
 RELDATE="`date +%Y.%m.%d`"
diff --git a/doc/ReleaseNotes.md b/doc/ReleaseNotes.md
index cc6d6da67e..8c4a2543d5 100644
--- a/doc/ReleaseNotes.md
+++ b/doc/ReleaseNotes.md
@@ -4,6 +4,43 @@
 
 # Release Notes for OmniOSce v11 r151046
 
+## r151046q (2023-08-24)
+Weekly release for w/c 21st of August 2023.
+> This update requires a reboot
+
+### Security Fixes
+
+- bhyve: fully reset the fwctl state if the guest requests it
+  [CVE-2023-3494](https://www.cve.org/CVERecord?id=CVE-2023-3494).
+
+- Update Intel CPU microcode to 20230808. Contains mitigations for
+  [CVE-2022-40982](https://www.cve.org/CVERecord?id=CVE-2022-40982),
+  [CVE-2022-41804](https://www.cve.org/CVERecord?id=CVE-2022-41804),
+  [CVE-2023-23908](https://www.cve.org/CVERecord?id=CVE-2023-23908).
+
+- Update AMD CPU microcode to 20230808. Contains mitigations for
+  [CVE-2023-20569](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html).
+
+- `screen` has been updated to version 4.9.1 which includes a fix for
+  [CVE-2023-24626](https://www.cve.org/CVERecord?id=CVE-2023-24626). Note that
+  this exploit required that `screen` be installed set-uid, which it is not be
+  default on OmniOS.
+
+### Other Changes
+
+- bhyve: take more care around `VM_MAXCPU`. A priviliged user could trigger a
+  kernel panic.
+
+- LX: always set the `AT_SECURE` auxval to better emulate Linux and fix
+  problems with recent `dconf` [OS-8480](https://smartos.org/bugview/OS-8480).
+
+- The version of the nettle cryptography library bundled with chrony has been
+  updated.
+
+<br>
+
+---
+
 ## r151046n (2023-08-03)
 Weekly release for w/c 31st of July 2023.
 > This is a non-reboot update