forked from rpms/kernel
kernel-5.14.0-413.el9
* Fri Jan 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-413.el9] - scsi: core: Always send batch on reset or error handling command (Ewan D. Milne) [RHEL-19730] - ovl: Add an alternative type of whiteout (Alexander Larsson) [RHEL-21350] - ovl: Support escaped overlay.* xattrs (Alexander Larsson) [RHEL-21350] - ovl: Add OVL_XATTR_TRUSTED/USER_PREFIX_LEN macros (Alexander Larsson) [RHEL-21350] - ovl: Move xattr support to new xattrs.c file (Alexander Larsson) [RHEL-21350] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-22142] - s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22159] - Revert "nvme-fabrics: parse nvme connect Linux error codes" (Ewan D. Milne) [RHEL-21545] - Revert "x86/fpu/xstate: Fix PKRU covert channel" (Martin McConnell) [RHEL-21573] - net: Remove acked SYN flag from packet in the transmit queue correctly (Paolo Abeni) [RHEL-21432] - tcp: do not accept ACK of bytes we never sent (Paolo Abeni) [RHEL-21432] - net: do not leave an empty skb in write queue (Paolo Abeni) [RHEL-21432] - tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) [RHEL-21432] - redhat: Use dracut instead of objcopy for adding SBAT information to UKI (Vitaly Kuznetsov) - kexec: do syscore_shutdown() in kernel_kexec (Baoquan He) [RHEL-19654] - powerpc/vas: Limit open window failure messages in log bufffer (Mamatha Inamdar) [RHEL-14975] Resolves: RHEL-14975, RHEL-19153, RHEL-19159, RHEL-19165, RHEL-19654, RHEL-19730, RHEL-21350, RHEL-21432, RHEL-21545, RHEL-21573, RHEL-22142, RHEL-22159, RHEL-19162, RHEL-19156, RHEL-19150 Signed-off-by: Scott Weaver <scweaver@redhat.com>
This commit is contained in:
parent
afb6495e05
commit
16d159fd9e
@ -12,7 +12,7 @@ RHEL_MINOR = 4
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
RHEL_RELEASE = 412
|
||||
RHEL_RELEASE = 413
|
||||
|
||||
#
|
||||
# ZSTREAM
|
||||
|
74
kernel.spec
74
kernel.spec
@ -165,15 +165,15 @@ Summary: The Linux kernel
|
||||
# define buildid .local
|
||||
%define specversion 5.14.0
|
||||
%define patchversion 5.14
|
||||
%define pkgrelease 412
|
||||
%define pkgrelease 413
|
||||
%define kversion 5
|
||||
%define tarfile_release 5.14.0-412.el9
|
||||
%define tarfile_release 5.14.0-413.el9
|
||||
# This is needed to do merge window version magic
|
||||
%define patchlevel 14
|
||||
# This allows pkg_release to have configurable %%{?dist} tag
|
||||
%define specrelease 412%{?buildid}%{?dist}
|
||||
%define specrelease 413%{?buildid}%{?dist}
|
||||
# This defines the kabi tarball version
|
||||
%define kabiversion 5.14.0-412.el9
|
||||
%define kabiversion 5.14.0-413.el9
|
||||
|
||||
#
|
||||
# End of genspec.sh variables
|
||||
@ -776,7 +776,7 @@ BuildRequires: lld
|
||||
%endif
|
||||
|
||||
%if %{efiuki}
|
||||
BuildRequires: dracut
|
||||
BuildRequires: dracut >= 057-51.git20231114.el9
|
||||
# For dracut UEFI uki binaries
|
||||
BuildRequires: binutils
|
||||
# For the initrd
|
||||
@ -2429,7 +2429,20 @@ BuildKernel() {
|
||||
%if %{efiuki}
|
||||
if [ "$Variant" != "rt" ] && [ "$Variant" != "rt-debug" ]; then
|
||||
popd
|
||||
|
||||
|
||||
# RHEL/CentOS specific .SBAT entries
|
||||
%if 0%{?centos}
|
||||
SBATsuffix="centos"
|
||||
%else
|
||||
SBATsuffix="rhel"
|
||||
%endif
|
||||
SBAT=$(cat <<- EOF
|
||||
linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
|
||||
linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
|
||||
kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com
|
||||
EOF
|
||||
)
|
||||
|
||||
KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer"
|
||||
KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi"
|
||||
|
||||
@ -2442,36 +2455,11 @@ BuildKernel() {
|
||||
--kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \
|
||||
--logfile=$(mktemp) \
|
||||
--uefi \
|
||||
--sbat "$SBAT" \
|
||||
--kernel-image $(realpath $KernelImage) \
|
||||
--kernel-cmdline 'console=tty0 console=ttyS0' \
|
||||
$KernelUnifiedImage
|
||||
|
||||
# Add RH specific .SBAT entries
|
||||
# First, we need to save the original .sbat from UKI
|
||||
objcopy -O binary --only-section=.sbat $KernelUnifiedImage $KernelUnifiedImage.sbat
|
||||
# Remove all trailing zero bytes from the file
|
||||
sed -i 's/\x0.*$//' $KernelUnifiedImage.sbat
|
||||
# Add RHEL/CentOS specific entries
|
||||
%if 0%{?centos}
|
||||
SBATsuffix="centos"
|
||||
%else
|
||||
SBATsuffix="rhel"
|
||||
%endif
|
||||
echo "linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat
|
||||
echo "linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat
|
||||
echo "kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat
|
||||
# Remove the original .sbat section
|
||||
objcopy --remove-section .sbat $KernelUnifiedImage
|
||||
# Get the end of the last section
|
||||
sbat_offt=$(objdump -h $KernelUnifiedImage | gawk 'NF==7 {size=strtonum("0x"$3); offset=strtonum("0x"$4)} END {print size + offset}')
|
||||
# Align start of the new section to 512b
|
||||
sbat_align=512
|
||||
sbat_offt=$((sbat_offt + "$sbat_align" - sbat_offt % "$sbat_align"))
|
||||
# Add the new .sbat section
|
||||
objcopy -v --add-section .sbat=$KernelUnifiedImage.sbat --set-section-alignment .sbat=$sbat_align \
|
||||
--change-section-vma .sbat=$sbat_offt $KernelUnifiedImage
|
||||
rm -f $KernelUnifiedImage.sbat
|
||||
|
||||
%if %{signkernel}
|
||||
|
||||
%if 0%{?centos}
|
||||
@ -3739,6 +3727,28 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Jan 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-413.el9]
|
||||
- scsi: core: Always send batch on reset or error handling command (Ewan D. Milne) [RHEL-19730]
|
||||
- ovl: Add an alternative type of whiteout (Alexander Larsson) [RHEL-21350]
|
||||
- ovl: Support escaped overlay.* xattrs (Alexander Larsson) [RHEL-21350]
|
||||
- ovl: Add OVL_XATTR_TRUSTED/USER_PREFIX_LEN macros (Alexander Larsson) [RHEL-21350]
|
||||
- ovl: Move xattr support to new xattrs.c file (Alexander Larsson) [RHEL-21350]
|
||||
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
|
||||
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
|
||||
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
|
||||
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
|
||||
- idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-22142]
|
||||
- s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22159]
|
||||
- Revert "nvme-fabrics: parse nvme connect Linux error codes" (Ewan D. Milne) [RHEL-21545]
|
||||
- Revert "x86/fpu/xstate: Fix PKRU covert channel" (Martin McConnell) [RHEL-21573]
|
||||
- net: Remove acked SYN flag from packet in the transmit queue correctly (Paolo Abeni) [RHEL-21432]
|
||||
- tcp: do not accept ACK of bytes we never sent (Paolo Abeni) [RHEL-21432]
|
||||
- net: do not leave an empty skb in write queue (Paolo Abeni) [RHEL-21432]
|
||||
- tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) [RHEL-21432]
|
||||
- redhat: Use dracut instead of objcopy for adding SBAT information to UKI (Vitaly Kuznetsov)
|
||||
- kexec: do syscore_shutdown() in kernel_kexec (Baoquan He) [RHEL-19654]
|
||||
- powerpc/vas: Limit open window failure messages in log bufffer (Mamatha Inamdar) [RHEL-14975]
|
||||
|
||||
* Wed Jan 24 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-412.el9]
|
||||
- ACPI: APEI: rename ghes_init() with an "acpi_" prefix (Mark Langsdorf) [RHEL-4625]
|
||||
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (Mark Langsdorf) [RHEL-4625]
|
||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (linux-5.14.0-412.el9.tar.xz) = 85efcfff4476301e0dd40acf477b889e853600f0f408d2070ad3b5391636e75167ad163f6c422d1180f39f7fb4fa119c3b2d0083461b12ba17e2803b1e9c1948
|
||||
SHA512 (kernel-abi-stablelists-5.14.0-412.el9.tar.bz2) = 3e54493df26f49d17189a5b83bd855a7ee786a71aa55f06cf1e72bd6bfe4ab99f967c27b5ba3b4ab194ebd5055c3f8a9699f55217e643e81eb5dc05f8445b1c9
|
||||
SHA512 (kernel-kabi-dw-5.14.0-412.el9.tar.bz2) = cc089669bd539ff1dbcded8169b10429ce90a97a72c3b01654841f87cf4af8cdd84392775428bf245b27be01416e3308475e04946f666dc19273bffe50255730
|
||||
SHA512 (linux-5.14.0-413.el9.tar.xz) = 0a9bd31e8f68e01ae75e71755db5ced05133735ab84e0082f1c80433218ae1f529d833362e30e5781663840ea41d55ac4231bb6ef43b7c97ddbbf36cbcd588b7
|
||||
SHA512 (kernel-abi-stablelists-5.14.0-413.el9.tar.bz2) = f8514e3b2c908d3ec70cc8edd466be49a7f78ddd46a973a566a27a809f2fb9828d8c1b47e5a6de4155e9abf85359770a0e9dca6b4342e182124e9f32fcc3a950
|
||||
SHA512 (kernel-kabi-dw-5.14.0-413.el9.tar.bz2) = c60fb41fb37c7df0bebab3ec453637ac5ad93c9f90cbd6a6c3390c0e1be9ff2cb4dc290ef1aefecea95293e3f7681bb3166cace22d66ce588b922b2e03426e9a
|
||||
|
Loading…
Reference in New Issue
Block a user