diff --git a/Makefile.rhelver b/Makefile.rhelver index e77f2b5..624e156 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 3 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 358 +RHEL_RELEASE = 359 # # ZSTREAM diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config index 1baf169..686644c 100644 --- a/kernel-aarch64-64k-debug-rhel.config +++ b/kernel-aarch64-64k-debug-rhel.config @@ -3523,7 +3523,11 @@ CONFIG_MTD_RAW_NAND=m # CONFIG_MTD_ROM is not set # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SPI_NAND is not set -# CONFIG_MTD_SPI_NOR is not set +CONFIG_MTD_SPI_NOR=m +# CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set +CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y +# CONFIG_MTD_SPI_NOR_SWP_KEEP is not set +# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set # CONFIG_MTD_SST25L is not set # CONFIG_MTD_SWAP is not set # CONFIG_MTD_TESTS is not set @@ -5890,12 +5894,13 @@ CONFIG_SPI_FSL_QUADSPI=m # CONFIG_SPI_FSL_SPI is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_HISI_KUNPENG is not set +# CONFIG_SPI_HISI_SFC is not set # CONFIG_SPI_HISI_SFC_V3XX is not set CONFIG_SPI_IMX=m # CONFIG_SPI_LANTIQ_SSC is not set # CONFIG_SPI_LOOPBACK_TEST is not set CONFIG_SPI_MASTER=y -# CONFIG_SPI_MEM is not set +CONFIG_SPI_MEM=y # CONFIG_SPI_MUX is not set # CONFIG_SPI_MXIC is not set CONFIG_SPI_NXP_FLEXSPI=m @@ -5909,7 +5914,7 @@ CONFIG_SPI_QUP=y # CONFIG_SPI_SIFIVE is not set # CONFIG_SPI_SLAVE is not set # CONFIG_SPI_SPIDEV is not set -# CONFIG_SPI_TEGRA114 is not set +CONFIG_SPI_TEGRA114=m # CONFIG_SPI_TEGRA20_SFLASH is not set # CONFIG_SPI_TEGRA20_SLINK is not set CONFIG_SPI_TEGRA210_QUAD=m diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config index f934c1a..e0b25a6 100644 --- a/kernel-aarch64-64k-rhel.config +++ b/kernel-aarch64-64k-rhel.config @@ -3502,7 +3502,11 @@ CONFIG_MTD_RAW_NAND=m # CONFIG_MTD_ROM is not set # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SPI_NAND is not set -# CONFIG_MTD_SPI_NOR is not set +CONFIG_MTD_SPI_NOR=m +# CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set +CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y +# CONFIG_MTD_SPI_NOR_SWP_KEEP is not set +# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set # CONFIG_MTD_SST25L is not set # CONFIG_MTD_SWAP is not set # CONFIG_MTD_TESTS is not set @@ -5866,12 +5870,13 @@ CONFIG_SPI_FSL_QUADSPI=m # CONFIG_SPI_FSL_SPI is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_HISI_KUNPENG is not set +# CONFIG_SPI_HISI_SFC is not set # CONFIG_SPI_HISI_SFC_V3XX is not set CONFIG_SPI_IMX=m # CONFIG_SPI_LANTIQ_SSC is not set # CONFIG_SPI_LOOPBACK_TEST is not set CONFIG_SPI_MASTER=y -# CONFIG_SPI_MEM is not set +CONFIG_SPI_MEM=y # CONFIG_SPI_MUX is not set # CONFIG_SPI_MXIC is not set CONFIG_SPI_NXP_FLEXSPI=m @@ -5885,7 +5890,7 @@ CONFIG_SPI_QUP=y # CONFIG_SPI_SIFIVE is not set # CONFIG_SPI_SLAVE is not set # CONFIG_SPI_SPIDEV is not set -# CONFIG_SPI_TEGRA114 is not set +CONFIG_SPI_TEGRA114=m # CONFIG_SPI_TEGRA20_SFLASH is not set # CONFIG_SPI_TEGRA20_SLINK is not set CONFIG_SPI_TEGRA210_QUAD=m diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 71c2891..4cff270 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -3520,7 +3520,11 @@ CONFIG_MTD_RAW_NAND=m # CONFIG_MTD_ROM is not set # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SPI_NAND is not set -# CONFIG_MTD_SPI_NOR is not set +CONFIG_MTD_SPI_NOR=m +# CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set +CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y +# CONFIG_MTD_SPI_NOR_SWP_KEEP is not set +# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set # CONFIG_MTD_SST25L is not set # CONFIG_MTD_SWAP is not set # CONFIG_MTD_TESTS is not set @@ -5887,12 +5891,13 @@ CONFIG_SPI_FSL_QUADSPI=m # CONFIG_SPI_FSL_SPI is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_HISI_KUNPENG is not set +# CONFIG_SPI_HISI_SFC is not set # CONFIG_SPI_HISI_SFC_V3XX is not set CONFIG_SPI_IMX=m # CONFIG_SPI_LANTIQ_SSC is not set # CONFIG_SPI_LOOPBACK_TEST is not set CONFIG_SPI_MASTER=y -# CONFIG_SPI_MEM is not set +CONFIG_SPI_MEM=y # CONFIG_SPI_MUX is not set # CONFIG_SPI_MXIC is not set CONFIG_SPI_NXP_FLEXSPI=m @@ -5906,7 +5911,7 @@ CONFIG_SPI_QUP=y # CONFIG_SPI_SIFIVE is not set # CONFIG_SPI_SLAVE is not set # CONFIG_SPI_SPIDEV is not set -# CONFIG_SPI_TEGRA114 is not set +CONFIG_SPI_TEGRA114=m # CONFIG_SPI_TEGRA20_SFLASH is not set # CONFIG_SPI_TEGRA20_SLINK is not set CONFIG_SPI_TEGRA210_QUAD=m diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 9359a79..90c7719 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -3499,7 +3499,11 @@ CONFIG_MTD_RAW_NAND=m # CONFIG_MTD_ROM is not set # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SPI_NAND is not set -# CONFIG_MTD_SPI_NOR is not set +CONFIG_MTD_SPI_NOR=m +# CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set +CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y +# CONFIG_MTD_SPI_NOR_SWP_KEEP is not set +# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set # CONFIG_MTD_SST25L is not set # CONFIG_MTD_SWAP is not set # CONFIG_MTD_TESTS is not set @@ -5863,12 +5867,13 @@ CONFIG_SPI_FSL_QUADSPI=m # CONFIG_SPI_FSL_SPI is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_HISI_KUNPENG is not set +# CONFIG_SPI_HISI_SFC is not set # CONFIG_SPI_HISI_SFC_V3XX is not set CONFIG_SPI_IMX=m # CONFIG_SPI_LANTIQ_SSC is not set # CONFIG_SPI_LOOPBACK_TEST is not set CONFIG_SPI_MASTER=y -# CONFIG_SPI_MEM is not set +CONFIG_SPI_MEM=y # CONFIG_SPI_MUX is not set # CONFIG_SPI_MXIC is not set CONFIG_SPI_NXP_FLEXSPI=m @@ -5882,7 +5887,7 @@ CONFIG_SPI_QUP=y # CONFIG_SPI_SIFIVE is not set # CONFIG_SPI_SLAVE is not set # CONFIG_SPI_SPIDEV is not set -# CONFIG_SPI_TEGRA114 is not set +CONFIG_SPI_TEGRA114=m # CONFIG_SPI_TEGRA20_SFLASH is not set # CONFIG_SPI_TEGRA20_SLINK is not set CONFIG_SPI_TEGRA210_QUAD=m diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config index 7820f86..8cdb112 100644 --- a/kernel-aarch64-rt-debug-rhel.config +++ b/kernel-aarch64-rt-debug-rhel.config @@ -3591,7 +3591,11 @@ CONFIG_MTD_RAW_NAND=m # CONFIG_MTD_ROM is not set # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SPI_NAND is not set -# CONFIG_MTD_SPI_NOR is not set +CONFIG_MTD_SPI_NOR=m +# CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set +CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y +# CONFIG_MTD_SPI_NOR_SWP_KEEP is not set +# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set # CONFIG_MTD_SST25L is not set # CONFIG_MTD_SWAP is not set # CONFIG_MTD_TESTS is not set @@ -5985,12 +5989,13 @@ CONFIG_SPI_FSL_QUADSPI=m # CONFIG_SPI_FSL_SPI is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_HISI_KUNPENG is not set +# CONFIG_SPI_HISI_SFC is not set # CONFIG_SPI_HISI_SFC_V3XX is not set CONFIG_SPI_IMX=m # CONFIG_SPI_LANTIQ_SSC is not set # CONFIG_SPI_LOOPBACK_TEST is not set CONFIG_SPI_MASTER=y -# CONFIG_SPI_MEM is not set +CONFIG_SPI_MEM=y # CONFIG_SPI_MUX is not set # CONFIG_SPI_MXIC is not set CONFIG_SPI_NXP_FLEXSPI=m @@ -6004,7 +6009,7 @@ CONFIG_SPI_QUP=y # CONFIG_SPI_SIFIVE is not set # CONFIG_SPI_SLAVE is not set # CONFIG_SPI_SPIDEV is not set -# CONFIG_SPI_TEGRA114 is not set +CONFIG_SPI_TEGRA114=m # CONFIG_SPI_TEGRA20_SFLASH is not set # CONFIG_SPI_TEGRA20_SLINK is not set CONFIG_SPI_TEGRA210_QUAD=m diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config index f2d8e96..a1e1678 100644 --- a/kernel-aarch64-rt-rhel.config +++ b/kernel-aarch64-rt-rhel.config @@ -3570,7 +3570,11 @@ CONFIG_MTD_RAW_NAND=m # CONFIG_MTD_ROM is not set # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SPI_NAND is not set -# CONFIG_MTD_SPI_NOR is not set +CONFIG_MTD_SPI_NOR=m +# CONFIG_MTD_SPI_NOR_SWP_DISABLE is not set +CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y +# CONFIG_MTD_SPI_NOR_SWP_KEEP is not set +# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set # CONFIG_MTD_SST25L is not set # CONFIG_MTD_SWAP is not set # CONFIG_MTD_TESTS is not set @@ -5961,12 +5965,13 @@ CONFIG_SPI_FSL_QUADSPI=m # CONFIG_SPI_FSL_SPI is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_HISI_KUNPENG is not set +# CONFIG_SPI_HISI_SFC is not set # CONFIG_SPI_HISI_SFC_V3XX is not set CONFIG_SPI_IMX=m # CONFIG_SPI_LANTIQ_SSC is not set # CONFIG_SPI_LOOPBACK_TEST is not set CONFIG_SPI_MASTER=y -# CONFIG_SPI_MEM is not set +CONFIG_SPI_MEM=y # CONFIG_SPI_MUX is not set # CONFIG_SPI_MXIC is not set CONFIG_SPI_NXP_FLEXSPI=m @@ -5980,7 +5985,7 @@ CONFIG_SPI_QUP=y # CONFIG_SPI_SIFIVE is not set # CONFIG_SPI_SLAVE is not set # CONFIG_SPI_SPIDEV is not set -# CONFIG_SPI_TEGRA114 is not set +CONFIG_SPI_TEGRA114=m # CONFIG_SPI_TEGRA20_SFLASH is not set # CONFIG_SPI_TEGRA20_SLINK is not set CONFIG_SPI_TEGRA210_QUAD=m diff --git a/kernel.spec b/kernel.spec index fd18298..5b7674e 100755 --- a/kernel.spec +++ b/kernel.spec @@ -161,15 +161,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 358 +%define pkgrelease 359 %define kversion 5 -%define tarfile_release 5.14.0-358.el9 +%define tarfile_release 5.14.0-359.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 358%{?buildid}%{?dist} +%define specrelease 359%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-358.el9 +%define kabiversion 5.14.0-359.el9 # # End of genspec.sh variables @@ -904,6 +904,17 @@ Source86: mod-kvm.list Source100: rheldup3.x509 Source101: rhelkpatch1.x509 +Source102: rhelimaca1.x509 +Source103: rhelima.x509 +Source104: rhelima_centos.x509 + +%if 0%{?centos} +%define ima_signing_cert %{SOURCE104} +%else +%define ima_signing_cert %{SOURCE103} +%endif + +%define ima_cert_name ima.cer Source150: dracut-virt.conf # Remove this when https://bugzilla.redhat.com/show_bug.cgi?id=2225009 gets resolved @@ -1763,7 +1774,8 @@ done %if %{signkernel}%{signmodules} openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem -cat rheldup3.pem rhelkpatch1.pem > ../certs/rhel.pem +openssl x509 -inform der -in %{SOURCE102} -out rhelimaca1.pem +cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem > ../certs/rhel.pem %if %{signkernel} %ifarch s390x ppc64le openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem @@ -2575,6 +2587,11 @@ BuildKernel() { %endif %endif +%if 0%{?rhel} + # Red Hat IMA code-signing cert, which is used to authenticate package files + install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name} +%endif + %if %{signmodules} if [ $DoModules -eq 1 ]; then # Save the signing keys so we can sign the modules in __modsign_install_post @@ -3738,6 +3755,24 @@ fi # # %changelog +* Tue Aug 22 2023 Jan Stancek [5.14.0-359.el9] +- vxlan: fix GRO with VXLAN-GPE (Jiri Benc) [2209627] +- vxlan: generalize vxlan_parse_gpe_hdr and remove unused args (Jiri Benc) [2209627] +- vxlan: calculate correct header length for GPE (Jiri Benc) [2209627] +- redhat/configs: turn on the framework for SPI NOR for ARM (Steve Best) [2223027] +- dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (Benjamin Marzinski) [2159623] +- selftests: mptcp: join: fix 'implicit EP' test (Andrea Claudi) [2109139] +- selftests: mptcp: join: fix 'delete and re-add' test (Andrea Claudi) [2109139] +- net: tap_open(): set sk_uid from current_fsuid() (Laszlo Ersek) [2229506] {CVE-2023-4194} +- net: tun_chr_open(): set sk_uid from current_fsuid() (Laszlo Ersek) [2229506] {CVE-2023-4194} +- scsi: storvsc: Remove errant duplicate code (Cathy Avery) [2224931] +- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (Cathy Avery) [2224931] +- net/mlx5: Register a unique thermal zone per device (Mohammad Kabat) [2210257] +- net/mlx5: Implement thermal zone (Mohammad Kabat) [2210257] +- redhat/configs: enable Tegra114 SPI controller (Mark Salter) [2232430] +- redhat: add IMA certificates (Coiby Xu) [1870705] +- locking: 9.3 KRTS JiraReadiness exercise (John B. Wyatt IV) [RHEL-981] + * Fri Aug 18 2023 Jan Stancek [5.14.0-358.el9] - KVM: SEV: remove ghcb variable declarations (Vitaly Kuznetsov) [2213808] - KVM: SEV: only access GHCB fields once (Vitaly Kuznetsov) [2213808] {CVE-2023-4155} diff --git a/rhelima.x509 b/rhelima.x509 new file mode 100644 index 0000000..a286bfb Binary files /dev/null and b/rhelima.x509 differ diff --git a/rhelima_centos.x509 b/rhelima_centos.x509 new file mode 100644 index 0000000..691678f Binary files /dev/null and b/rhelima_centos.x509 differ diff --git a/rhelimaca1.x509 b/rhelimaca1.x509 new file mode 100644 index 0000000..b550150 Binary files /dev/null and b/rhelimaca1.x509 differ diff --git a/sources b/sources index f0f1294..1f9b17b 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-358.el9.tar.xz) = bc0321ed801b4c354c337641819a32cbb2a60127a4af73844865ed6a45a20193420c40016fc40618204da3e62df2f9bb03c299d7a3b5cbeeca5eb98769f7b250 -SHA512 (kernel-abi-stablelists-5.14.0-358.el9.tar.bz2) = 2a3584f7985c62012a6b89ebeb6709789b777e6f861810d01d4a0f9a0781505a67f6ff0b032ebbd0cec52bc1d68e6f41095bd74ffe4c0acf788cf09f3d221fc1 -SHA512 (kernel-kabi-dw-5.14.0-358.el9.tar.bz2) = 119e820407c58c1868a04aa69c969a881bd672f0f7111a8b382a7369bc89e57667faab180be0b4932dbfbfeb25267787c56fb155dba1ccb244922a7a130d187b +SHA512 (linux-5.14.0-359.el9.tar.xz) = 6890482d0e5d19e497a2ede527ee1ffd4bb71b58ccfbb6347ca942a7acbcade5668ed0f36b46a307ead9b95604b46e8ff7bde5927190134221982fd765e30f1b +SHA512 (kernel-abi-stablelists-5.14.0-359.el9.tar.bz2) = 7415edacadada7ffaae1744a8de4b5b647a334037011b1e533fee63e1d691883f6e9d9b62505bde761570cbfa27943817b961cb038d43eda6ca327f179d18cf4 +SHA512 (kernel-kabi-dw-5.14.0-359.el9.tar.bz2) = 119e820407c58c1868a04aa69c969a881bd672f0f7111a8b382a7369bc89e57667faab180be0b4932dbfbfeb25267787c56fb155dba1ccb244922a7a130d187b