From 182f10835d07e05aeb921ddc171dd133c38fd60a Mon Sep 17 00:00:00 2001
From: "Herton R. Krzesinski" <herton@redhat.com>
Date: Tue, 20 Dec 2022 18:20:10 +0000
Subject: [PATCH] kernel-5.14.0-219.el9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Tue Dec 20 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-219.el9]
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (David Arcari) [2119067] {CVE-2022-2873}
- redhat/configs: Enable CONFIG_CRYPTO_CURVE25519 (Prarit Bhargava) [2030750]
- x86/fpu: Drop fpregs lock before inheriting FPU permissions (Valentin Schneider) [2153181]
- vmxnet3: use correct intrConf reference when using extended queues (Izabela Bakollari) [2150922]
- vmxnet3: correctly report encapsulated LRO packet (Izabela Bakollari) [2150922]
- net: move from strlcpy with unused retval to strscpy (Izabela Bakollari) [2150922]
- vmxnet3: Implement ethtool's get_channels command (Izabela Bakollari) [2150922]
- vmxnet3: Record queue number to incoming packets (Izabela Bakollari) [2150922]
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Mamatha Inamdar) [2095499]
- kernfs: remove redundant kernfs_rwsem declaration. (Luis Claudio R. Goncalves) [2152737]
- kernfs: fix potential NULL dereference in __kernfs_remove (Luis Claudio R. Goncalves) [2152737]
- kernfs: fix NULL dereferencing in kernfs_remove (Luis Claudio R. Goncalves) [2152737]
- kernfs: prevent early freeing of root node (Luis Claudio R. Goncalves) [2152737]
- kernfs: switch global kernfs_rwsem lock to per-fs lock (Luis Claudio R. Goncalves) [2152737]
- tracing: Use a copy of the va_list for __assign_vstr() (Íñigo Huguet) [2143357]
- tracing/events: Add __vstring() and __assign_vstr() helper macros (Íñigo Huguet) [2143357]
- kunit/memcpy: Avoid pathological compile-time string size (Josef Oskera) [2139493]
- mips: boot/compressed: use __NO_FORTIFY (Josef Oskera) [2139493]
- fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (Josef Oskera) [2139493]
- string: Introduce strtomem() and strtomem_pad() (Josef Oskera) [2139493]
- fortify: Provide a memcpy trap door for sharp corners (Josef Oskera) [2139493]
- fortify: Add Clang support (Josef Oskera) [2139493]
- fortify: Make sure strlen() may still be used as a constant expression (Josef Oskera) [2139493]
- fortify: Use __diagnose_as() for better diagnostic coverage (Josef Oskera) [2139493]
- fortify: Make pointer arguments const (Josef Oskera) [2139493]
- Compiler Attributes: Add __diagnose_as for Clang (Josef Oskera) [2139493]
- Compiler Attributes: Add __overloadable for Clang (Josef Oskera) [2139493]
- fortify: Update compile-time tests for Clang 14 (Josef Oskera) [2139493]
- fortify: Replace open-coded __gnu_inline attribute (Josef Oskera) [2139493]
- fortify: Detect struct member overflows in memset() at compile-time (Josef Oskera) [2139493]
- fortify: Detect struct member overflows in memmove() at compile-time (Josef Oskera) [2139493]
- fortify: Detect struct member overflows in memcpy() at compile-time (Josef Oskera) [2139493]
- Compiler Attributes: Add __pass_object_size for Clang (Josef Oskera) [2139493]
- lib/string_helpers: Introduce kasprintf_strarray() (Josef Oskera) [2139493]
- string: uninline memcpy_and_pad (Josef Oskera) [2139493]
- fortify: strlen: Avoid shadowing previous locals (Josef Oskera) [2139493]
- fortify: Add compile-time FORTIFY_SOURCE tests (Josef Oskera) [2139493]
- fortify: Allow strlen() and strnlen() to pass compile-time known lengths (Josef Oskera) [2139493]
- fortify: Prepare to improve strnlen() and strlen() warnings (Josef Oskera) [2139493]
- fortify: Fix dropped strcpy() compile-time write overflow check (Josef Oskera) [2139493]
- fortify: Explicitly disable Clang support (Josef Oskera) [2139493]
- fortify: Move remaining fortify helpers into fortify-string.h (Josef Oskera) [2139493]
- lib/string: Move helper functions out of string.c (Josef Oskera) [2139493]
- Redo missing uapi/linux/stddef.h: Add include guards (Patrick Talbert) [2132632]
Resolves: rhbz#2119067, rhbz#2030750, rhbz#2153181, rhbz#2150922, rhbz#2095499, rhbz#2152737, rhbz#2143357, rhbz#2139493, rhbz#2132632

Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 Makefile.rhelver                 |  2 +-
 kernel-aarch64-debug-rhel.config |  2 +-
 kernel-aarch64-rhel.config       |  2 +-
 kernel-ppc64le-debug-rhel.config |  2 +-
 kernel-ppc64le-rhel.config       |  2 +-
 kernel-s390x-debug-rhel.config   |  2 +-
 kernel-s390x-rhel.config         |  2 +-
 kernel-x86_64-debug-rhel.config  |  2 +-
 kernel-x86_64-rhel.config        |  2 +-
 kernel.spec                      | 54 +++++++++++++++++++++++++++++---
 sources                          |  6 ++--
 11 files changed, 62 insertions(+), 16 deletions(-)

diff --git a/Makefile.rhelver b/Makefile.rhelver
index 4341d13..88c4cff 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 2
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 218
+RHEL_RELEASE = 219
 
 #
 # ZSTREAM
diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config
index ac06c11..66e9968 100644
--- a/kernel-aarch64-debug-rhel.config
+++ b/kernel-aarch64-debug-rhel.config
@@ -973,7 +973,7 @@ CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=m
 # CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set
diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config
index 24e5b25..fd7c967 100644
--- a/kernel-aarch64-rhel.config
+++ b/kernel-aarch64-rhel.config
@@ -973,7 +973,7 @@ CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=m
 # CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set
diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config
index 200477f..b7b9f8e 100644
--- a/kernel-ppc64le-debug-rhel.config
+++ b/kernel-ppc64le-debug-rhel.config
@@ -792,7 +792,7 @@ CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=m
 # CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set
diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config
index 54cff35..d2faf1c 100644
--- a/kernel-ppc64le-rhel.config
+++ b/kernel-ppc64le-rhel.config
@@ -792,7 +792,7 @@ CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=m
 # CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set
diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config
index 6f425e1..9384f93 100644
--- a/kernel-s390x-debug-rhel.config
+++ b/kernel-s390x-debug-rhel.config
@@ -796,7 +796,7 @@ CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=m
 CONFIG_CRYPTO_DES_S390=m
diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config
index c888620..7ef22b5 100644
--- a/kernel-s390x-rhel.config
+++ b/kernel-s390x-rhel.config
@@ -796,7 +796,7 @@ CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=m
 CONFIG_CRYPTO_DES_S390=m
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config
index 8dafd64..3c1d814 100644
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@@ -839,7 +839,7 @@ CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_CURVE25519_X86=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES3_EDE_X86_64=m
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index 1d13d85..d67b51d 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -839,7 +839,7 @@ CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
 CONFIG_CRYPTO_CRYPTD=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_CTS=y
-# CONFIG_CRYPTO_CURVE25519 is not set
+CONFIG_CRYPTO_CURVE25519=m
 CONFIG_CRYPTO_CURVE25519_X86=m
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES3_EDE_X86_64=m
diff --git a/kernel.spec b/kernel.spec
index d61b7ef..b095f72 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -119,15 +119,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 218
+%define pkgrelease 219
 %define kversion 5
-%define tarfile_release 5.14.0-218.el9
+%define tarfile_release 5.14.0-219.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 218%{?buildid}%{?dist}
+%define specrelease 219%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-218.el9
+%define kabiversion 5.14.0-219.el9
 
 #
 # End of genspec.sh variables
@@ -3106,6 +3106,52 @@ fi
 #
 #
 %changelog
+* Tue Dec 20 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-219.el9]
+- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (David Arcari) [2119067] {CVE-2022-2873}
+- redhat/configs: Enable CONFIG_CRYPTO_CURVE25519 (Prarit Bhargava) [2030750]
+- x86/fpu: Drop fpregs lock before inheriting FPU permissions (Valentin Schneider) [2153181]
+- vmxnet3: use correct intrConf reference when using extended queues (Izabela Bakollari) [2150922]
+- vmxnet3: correctly report encapsulated LRO packet (Izabela Bakollari) [2150922]
+- net: move from strlcpy with unused retval to strscpy (Izabela Bakollari) [2150922]
+- vmxnet3: Implement ethtool's get_channels command (Izabela Bakollari) [2150922]
+- vmxnet3: Record queue number to incoming packets (Izabela Bakollari) [2150922]
+- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Mamatha Inamdar) [2095499]
+- kernfs: remove redundant kernfs_rwsem declaration. (Luis Claudio R. Goncalves) [2152737]
+- kernfs: fix potential NULL dereference in __kernfs_remove (Luis Claudio R. Goncalves) [2152737]
+- kernfs: fix NULL dereferencing in kernfs_remove (Luis Claudio R. Goncalves) [2152737]
+- kernfs: prevent early freeing of root node (Luis Claudio R. Goncalves) [2152737]
+- kernfs: switch global kernfs_rwsem lock to per-fs lock (Luis Claudio R. Goncalves) [2152737]
+- tracing: Use a copy of the va_list for __assign_vstr() (Íñigo Huguet) [2143357]
+- tracing/events: Add __vstring() and __assign_vstr() helper macros (Íñigo Huguet) [2143357]
+- kunit/memcpy: Avoid pathological compile-time string size (Josef Oskera) [2139493]
+- mips: boot/compressed: use __NO_FORTIFY (Josef Oskera) [2139493]
+- fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (Josef Oskera) [2139493]
+- string: Introduce strtomem() and strtomem_pad() (Josef Oskera) [2139493]
+- fortify: Provide a memcpy trap door for sharp corners (Josef Oskera) [2139493]
+- fortify: Add Clang support (Josef Oskera) [2139493]
+- fortify: Make sure strlen() may still be used as a constant expression (Josef Oskera) [2139493]
+- fortify: Use __diagnose_as() for better diagnostic coverage (Josef Oskera) [2139493]
+- fortify: Make pointer arguments const (Josef Oskera) [2139493]
+- Compiler Attributes: Add __diagnose_as for Clang (Josef Oskera) [2139493]
+- Compiler Attributes: Add __overloadable for Clang (Josef Oskera) [2139493]
+- fortify: Update compile-time tests for Clang 14 (Josef Oskera) [2139493]
+- fortify: Replace open-coded __gnu_inline attribute (Josef Oskera) [2139493]
+- fortify: Detect struct member overflows in memset() at compile-time (Josef Oskera) [2139493]
+- fortify: Detect struct member overflows in memmove() at compile-time (Josef Oskera) [2139493]
+- fortify: Detect struct member overflows in memcpy() at compile-time (Josef Oskera) [2139493]
+- Compiler Attributes: Add __pass_object_size for Clang (Josef Oskera) [2139493]
+- lib/string_helpers: Introduce kasprintf_strarray() (Josef Oskera) [2139493]
+- string: uninline memcpy_and_pad (Josef Oskera) [2139493]
+- fortify: strlen: Avoid shadowing previous locals (Josef Oskera) [2139493]
+- fortify: Add compile-time FORTIFY_SOURCE tests (Josef Oskera) [2139493]
+- fortify: Allow strlen() and strnlen() to pass compile-time known lengths (Josef Oskera) [2139493]
+- fortify: Prepare to improve strnlen() and strlen() warnings (Josef Oskera) [2139493]
+- fortify: Fix dropped strcpy() compile-time write overflow check (Josef Oskera) [2139493]
+- fortify: Explicitly disable Clang support (Josef Oskera) [2139493]
+- fortify: Move remaining fortify helpers into fortify-string.h (Josef Oskera) [2139493]
+- lib/string: Move helper functions out of string.c (Josef Oskera) [2139493]
+- Redo missing uapi/linux/stddef.h: Add include guards (Patrick Talbert) [2132632]
+
 * Mon Dec 19 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-218.el9]
 - arm64: tegra: Mark BPMP channels as no-memory-wc (Al Stone) [2129151]
 - dt-bindings: misc: Convert Tegra MISC to json-schema (Al Stone) [2129151]
diff --git a/sources b/sources
index 1b063fd..9c7f33a 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-218.el9.tar.xz) = f6844c57d2e6fd1014c4dfb143582a1be73656a59bd6a875b70eaa9a3b5c3875eac5f74e43878f03d3cca88c1998ae5301b2a8afda37a0d43128d7de75ae3db3
-SHA512 (kernel-abi-stablelists-5.14.0-218.el9.tar.bz2) = 211e87d6f5e4bac22dbf1a8b5caafd24f5dc8540d41a8e12695ac1c242c8e70de0a76d7acc9020830bd485e041909d0d869dd3fe37283f59d81ff025961b27c6
-SHA512 (kernel-kabi-dw-5.14.0-218.el9.tar.bz2) = e8908c8bb6fe71f11cdb4758a60f9536f9d6ae72470b7bd4992279d7f2cc719b4a6a61143975d3a59bb43334c7c47861b88b9338fa5b0d576f360c8dd2ab76f9
+SHA512 (linux-5.14.0-219.el9.tar.xz) = ab0dfabc9fd61656b1e6f269ceb0426c70f1bb641f6313011370bd9bb2a0aaa677bef8f040d8e9127992d2c1d8e4fbdfa8cef843dcaaecda0097f276eaca43e7
+SHA512 (kernel-abi-stablelists-5.14.0-219.el9.tar.bz2) = fb31190eeb57409d21b9f33acafa17a9ba16dced31bd85f3b684025844dadd0faed50a6430c899b93934a60c4335a0835ec1581ed81fd91b0f830c5d5ba12202
+SHA512 (kernel-kabi-dw-5.14.0-219.el9.tar.bz2) = cf3d7a69133f1cd79662c8ddd5b33416e42fd6c02084dd0ee50bb3f6e5daf4ed274c9a5b6402f408e3035cd9c57d00ea2ad538ac5fd69a95c33bfd375e9afb6e