Merge remote-tracking branch 'alma-origin/c9' into HEAD

This commit is contained in:
Stepan Oksanichenko 2022-06-28 10:58:48 +00:00
commit 8afe38421a
13 changed files with 76 additions and 24 deletions

6
.gitignore vendored
View File

@ -1,5 +1,5 @@
SOURCES/kernel-abi-stablelists-5.14.0-70.13.1.el9_0.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-70.13.1.el9_0.tar.bz2
SOURCES/linux-5.14.0-70.13.1.el9_0.tar.xz
SOURCES/kernel-abi-stablelists-5.14.0-70.17.1.el9_0.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-70.17.1.el9_0.tar.bz2
SOURCES/linux-5.14.0-70.17.1.el9_0.tar.xz
SOURCES/rheldup3.x509
SOURCES/rhelkpatch1.x509

View File

@ -1,5 +1,5 @@
c1197ace1d0f19538e93b665dc04950908d34880 SOURCES/kernel-abi-stablelists-5.14.0-70.13.1.el9_0.tar.bz2
206afe247796a98d6b1f57f4bdabb2d57836e928 SOURCES/kernel-kabi-dw-5.14.0-70.13.1.el9_0.tar.bz2
7101b2671a4efc2fd6049b207a717c0c4cf54580 SOURCES/linux-5.14.0-70.13.1.el9_0.tar.xz
a99a235c21b77ecf630199ff7bed5e1e828937e5 SOURCES/kernel-abi-stablelists-5.14.0-70.17.1.el9_0.tar.bz2
dac015c65e7c965a6af4fa8793a6eeecfd5fdb38 SOURCES/kernel-kabi-dw-5.14.0-70.17.1.el9_0.tar.bz2
bd558333aae402f4cbc05d79f044ebff4377453b SOURCES/linux-5.14.0-70.17.1.el9_0.tar.xz
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509

View File

@ -12,7 +12,7 @@ RHEL_MINOR = 0
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 70.13.1
RHEL_RELEASE = 70.17.1
#
# ZSTREAM

View File

@ -1014,7 +1014,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -1014,7 +1014,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -862,7 +862,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -862,7 +862,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -849,7 +849,7 @@ CONFIG_CRYPTO_SHA3_512_S390=m
CONFIG_CRYPTO_SHA3=y
CONFIG_CRYPTO_SHA512_ARM64_CE=m
# CONFIG_CRYPTO_SHA512_ARM64 is not set
CONFIG_CRYPTO_SHA512_S390=m
CONFIG_CRYPTO_SHA512_S390=y
CONFIG_CRYPTO_SHA512=y
# CONFIG_CRYPTO_SM2 is not set
# CONFIG_CRYPTO_SM3 is not set
@ -864,7 +864,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -849,7 +849,7 @@ CONFIG_CRYPTO_SHA3_512_S390=m
CONFIG_CRYPTO_SHA3=y
CONFIG_CRYPTO_SHA512_ARM64_CE=m
# CONFIG_CRYPTO_SHA512_ARM64 is not set
CONFIG_CRYPTO_SHA512_S390=m
CONFIG_CRYPTO_SHA512_S390=y
CONFIG_CRYPTO_SHA512=y
# CONFIG_CRYPTO_SM2 is not set
# CONFIG_CRYPTO_SM3 is not set
@ -864,7 +864,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -905,7 +905,7 @@ CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA3=y
CONFIG_CRYPTO_SHA512_ARM64_CE=m
# CONFIG_CRYPTO_SHA512_ARM64 is not set
CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=y
CONFIG_CRYPTO_SHA512=y
# CONFIG_CRYPTO_SM2 is not set
# CONFIG_CRYPTO_SM3 is not set
@ -923,7 +923,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -905,7 +905,7 @@ CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA3=y
CONFIG_CRYPTO_SHA512_ARM64_CE=m
# CONFIG_CRYPTO_SHA512_ARM64 is not set
CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=y
CONFIG_CRYPTO_SHA512=y
# CONFIG_CRYPTO_SM2 is not set
# CONFIG_CRYPTO_SM3 is not set
@ -923,7 +923,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_XCBC=m

View File

@ -19,3 +19,8 @@ emptyrpm:
- kernel-zfcpdump
- kernel-zfcpdump-devel-matched
- kernel-zfcpdump-modules
patches:
ignore_list:
- linux-kernel-test.patch
- patch-5.14.0-redhat.patch

View File

@ -121,13 +121,13 @@ Summary: The Linux kernel
%define kversion 5.14
%define rpmversion 5.14.0
%define pkgrelease 70.13.1.el9_0
%define pkgrelease 70.17.1.el9_0
# This is needed to do merge window version magic
%define patchlevel 14
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 70.13.1%{?buildid}%{?dist}
%define specrelease 70.17.1%{?buildid}%{?dist}
%define pkg_release %{specrelease}
@ -677,7 +677,7 @@ BuildRequires: lld
# exact git commit you can run
#
# xzcat -qq ${TARBALL} | git get-tar-commit-id
Source0: linux-5.14.0-70.13.1.el9_0.tar.xz
Source0: linux-5.14.0-70.17.1.el9_0.tar.xz
Source1: Makefile.rhelver
@ -1333,8 +1333,8 @@ ApplyOptionalPatch()
fi
}
%setup -q -n kernel-5.14.0-70.13.1.el9_0 -c
mv linux-5.14.0-70.13.1.el9_0 linux-%{KVERREL}
%setup -q -n kernel-5.14.0-70.17.1.el9_0 -c
mv linux-5.14.0-70.17.1.el9_0 linux-%{KVERREL}
cd linux-%{KVERREL}
cp -a %{SOURCE1} .
@ -2204,6 +2204,14 @@ popd
# in the source tree. We installed them previously to $RPM_BUILD_ROOT/usr
# but there's no way to tell the Makefile to take them from there.
%{make} %{?_smp_mflags} headers_install
# If we re building only tools without kernel, we need to generate config
# headers and prepare tree for modules building. The modules_prepare target
# will cover both.
if [ ! -f include/generated/autoconf.h ]; then
%{make} %{?_smp_mflags} modules_prepare
fi
%{make} %{?_smp_mflags} ARCH=$Arch V=1 M=samples/bpf/
# Prevent bpf selftests to build bpftool repeatedly:
@ -2933,6 +2941,45 @@ fi
#
#
%changelog
* Tue Jun 14 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.17.1.el9_0]
- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966}
- thunderx nic: mark device as unmaintained (Íñigo Huguet) [2092638 2060285]
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255 2067770]
- perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087963 2087964] {CVE-2022-1729}
- spec: Fix separate tools build (Jiri Olsa) [2090852 2054579]
- mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963 2033500]
* Wed Jun 08 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.16.1.el9_0]
- dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187 2081778]
* Wed Jun 01 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.15.1.el9_0]
- CI: Use zstream builder image (Veronika Kabatova)
- tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- tcp: add small random increments to the source port (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
- Revert "netfilter: conntrack: tag conntracks picked up in local out hook" (Florian Westphal) [2085480 2061850]
- Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" (Florian Westphal) [2085480 2061850]
- redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi)
- redhat: fix make {distg-brew,distg-koji} (Andrea Claudi)
- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666}
- esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666}
- sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856]
- security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856]
- security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856]
- security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856]
- security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856]
* Wed May 11 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.14.1.el9_0]
- PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074830 2068432]
- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074830 2068432]
- redhat: rpminspect: disable 'patches' check for known empty patch files (Herton R. Krzesinski)
- redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins (Vladis Dronov) [2072643 2070624]
- CI: Drop baseline runs (Veronika Kabatova)
* Thu Apr 14 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.13.1.el9_0]
- redhat: disable uncommon media device infrastructure (Jarod Wilson) [2074598]
- netfilter: nf_tables: unregister flowtable hooks on netns exit (Florian Westphal) [2056869]