From 8287ea7af60acc234bd40b0558db4f593a325fb5 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Mon, 8 Apr 2024 13:52:40 +0000 Subject: [PATCH 1/2] import EuroLinux kernel-4.18.0-513.24.1.el8_9 --- .gitignore | 2 +- .kernel.metadata | 6 +- SOURCES/debrand-rh-i686-cpu.patch | 12 + SOURCES/debrand-single-cpu.patch | 11 + ...ebrand-specific-versions-of-hardware.patch | 12 + SPECS/kernel.spec | 240 +++++++++++++++--- 6 files changed, 248 insertions(+), 35 deletions(-) create mode 100644 SOURCES/debrand-rh-i686-cpu.patch create mode 100644 SOURCES/debrand-single-cpu.patch create mode 100644 SOURCES/debrand-specific-versions-of-hardware.patch diff --git a/.gitignore b/.gitignore index a5880dd..5e20144 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 -SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz +SOURCES/linux-4.18.0-513.24.1.el8_9.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index 34e7605..1f63a32 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 -98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 -cb01896ee61636ccd11f3359e7d30d390802cc81 SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz +c7f830cea6081a930009b1f964e7f9b70c47eeb3 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 +15094c92ff5c01bb04f3f9052561a774df6502c4 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 +6a87768e60e51e5c1d227082dcbdd3ed5c98ce8e SOURCES/linux-4.18.0-513.24.1.el8_9.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch new file mode 100644 index 0000000..d064ea0 --- /dev/null +++ b/SOURCES/debrand-rh-i686-cpu.patch @@ -0,0 +1,12 @@ +--- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700 ++++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700 +@@ -147,7 +147,7 @@ void main(void) + + /* Make sure we have all the proper CPU support */ + if (validate_cpu()) { +- puts("This processor is not supported in this version of RHEL.\n"); ++ puts("This processor is not supported in this version of EuroLinux.\n"); + die(); + } + + diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch new file mode 100644 index 0000000..c84dfcd --- /dev/null +++ b/SOURCES/debrand-single-cpu.patch @@ -0,0 +1,11 @@ +--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 ++++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 +@@ -900,7 +900,7 @@ static void rh_check_supported(void) + if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && + !guest && is_kdump_kernel()) { + pr_crit("Detected single cpu native boot.\n"); +- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); ++ pr_crit("Important: In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported."); + } + + /* diff --git a/SOURCES/debrand-specific-versions-of-hardware.patch b/SOURCES/debrand-specific-versions-of-hardware.patch new file mode 100644 index 0000000..25a43ba --- /dev/null +++ b/SOURCES/debrand-specific-versions-of-hardware.patch @@ -0,0 +1,12 @@ +diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c +--- linux-4.18.0-477.27.1.el8_8/init/main.c 2023-08-31 16:01:50.000000000 +0200 ++++ linux-4.18.0-477.27.1.el8_8p/init/main.c 2023-09-20 14:02:16.439638219 +0200 +@@ -576,7 +576,7 @@ + page_alloc_init(); + + pr_notice("Kernel command line: %s\n", boot_command_line); +- pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n"); ++ pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n"); + /* parameters may set static keys */ + jump_label_init(); + parse_early_param(); diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index e3afa14..e6cbd13 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 513.18.1.el8_9 +%define pkgrelease 513.24.1.el8_9 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 513.18.1%{?dist} +%define specrelease 513.24.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -53,6 +53,7 @@ # architecture allows it. All should default to 1 (enabled) and be flipped to # 0 (disabled) by later arch-specific checks. +%define _with_kabidupchk 1 %define _with_kabidupchk 1 # The following build options are enabled by default. # Use either --without in your rpmbuild command or force values @@ -324,6 +325,19 @@ %define initrd_prereq dracut >= 027 +# EuroLinux override +# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast +# we have to change this here + +%define with_doc 1 +%define with_kabichk 1 +%define with_kernel_abi_whitelists 1 +%global signkernel 0 +%global signmodules 0 + +# End of EuroLinux override + + Name: kernel%{?variant} Group: System Environment/Kernel License: GPLv2 and Redistributable, no modification permitted @@ -544,14 +558,17 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: debrand-rh-i686-cpu.patch +Patch1002: debrand-single-cpu.patch +Patch1003: debrand-specific-versions-of-hardware.patch # END OF PATCH DEFINITIONS BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for Red Hat Enterprise -Linux. It is based on upstream Linux at version %{version} and maintains kABI +This is the package which provides the Linux %{name} for EuroLinux. +It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means this is not a %{version} kernel anymore: it includes several components which come @@ -559,7 +576,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in Red Hat Enterprise Linux, enhancements for +updates for supported hardware in EuroLinux, enhancements for enterprise customers, etc. # @@ -807,14 +824,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-stablelists -Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists +Summary: The EuroLinux kernel ABI symbol stablelists Group: System Environment/Kernel AutoReqProv: no Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release} Provides: %{name}-abi-whitelists %description -n %{name}-abi-stablelists -The kABI package contains information pertaining to the Red Hat Enterprise -Linux kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the EuroLinux +kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -823,8 +840,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the Red Hat Enterprise -Linux kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the EuroLinux +kernel, suitable for the kabi-dw tool. %endif # @@ -898,7 +915,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for EuroLinux internal usage.\ %{nil} # @@ -1067,12 +1084,6 @@ ApplyPatch() if [ ! -f $RPM_SOURCE_DIR/$patch ]; then exit 1 fi - if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then - if [ "${patch:0:8}" != "patch-4." ] ; then - echo "ERROR: Patch $patch not listed as a source patch in specfile" - exit 1 - fi - fi 2>/dev/null case "$patch" in *.bz2) bunzip2 < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;; *.gz) gunzip < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;; @@ -1100,6 +1111,9 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} +ApplyOptionalPatch debrand-single-cpu.patch +ApplyOptionalPatch debrand-specific-versions-of-hardware.patch +ApplyOptionalPatch debrand-rh-i686-cpu.patch ApplyOptionalPatch linux-kernel-test.patch # END OF PATCH APPLICATIONS @@ -1750,20 +1764,7 @@ BuildKernel() { # build a BLS config for this kernel %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" - # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel - mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer - install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer - %ifarch s390x ppc64le - if [ $DoModules -eq 1 ]; then - if [ -x /usr/bin/rpm-sign ]; then - install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} - else - install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer - openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} - chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} - fi - fi - %endif + mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer %if %{with_ipaclones} MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p') @@ -2696,6 +2697,183 @@ fi # # %changelog +* Wed Apr 03 2024 EuroLinux Autopatch +- Added Patch: debrand-rh-i686-cpu.patch +--> i686 info debrand +- Added Patch: debrand-single-cpu.patch +--> Single cpu debrand +- Added Patch: debrand-specific-versions-of-hardware.patch +--> Specific versions of hardware debrand + +* Thu Mar 14 2024 Lucas Zampieri [4.18.0-513.24.1.el8_9] +- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-27496 RHEL-21760] +- ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-27496 RHEL-21760] +- ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-27496 RHEL-21760] + +* Thu Mar 07 2024 Patrick Talbert [4.18.0-513.23.1.el8_9] +- scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26139 RHEL-25747] +- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-26331 RHEL-23386] {CVE-2021-33631} +- serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: expand "custom" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: extract port ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop ISA support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} + +* Thu Feb 29 2024 Patrick Talbert [4.18.0-513.22.1.el8_9] +- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-25811 RHEL-11194] +- smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-25719 RHEL-22312] +- ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-20909 RHEL-16412] +- KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-23063 RHEL-7558] +- x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-23063 RHEL-7558] +- dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] +- dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-26101 RHEL-22232] +- dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] + +* Thu Feb 22 2024 Patrick Talbert [4.18.0-513.21.1.el8_9] +- rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-24204 RHEL-21941] +- drm/amdgpu: Fix potential fence use-after-free v2 (Jorge San Emeterio) [RHEL-24479 RHEL-22504] {CVE-2023-51042} +- perf: Fix perf_event_validate_size() lockdep splat (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} +- perf: Fix perf_event_validate_size() (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} +- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-22077 RHEL-21685] {CVE-2024-0565} +- ibmveth: Remove condition to recompute TCP header checksum. (Mamatha Inamdar) [RHEL-20822 RHEL-12553] + +* Thu Feb 15 2024 Patrick Talbert [4.18.0-513.20.1.el8_9] +- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-22766 RHEL-3179] {CVE-2022-38096} +- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21055 RHEL-21054] + +* Thu Feb 08 2024 Patrick Talbert [4.18.0-513.19.1.el8_9] +- libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-21394 RHEL-20390] +- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24010 RHEL-23506] {CVE-2024-1086} + * Thu Feb 01 2024 Patrick Talbert [4.18.0-513.18.1.el8_9] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646} - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} From a99463995f32964ed45f2fc1b06a01bac234efed Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Mon, 8 Apr 2024 14:52:46 +0000 Subject: [PATCH 2/2] Revert EuroLinux modifications --- SOURCES/debrand-rh-i686-cpu.patch | 12 ---- SOURCES/debrand-single-cpu.patch | 11 ---- ...ebrand-specific-versions-of-hardware.patch | 12 ---- SPECS/kernel.spec | 66 ++++++++----------- 4 files changed, 29 insertions(+), 72 deletions(-) delete mode 100644 SOURCES/debrand-rh-i686-cpu.patch delete mode 100644 SOURCES/debrand-single-cpu.patch delete mode 100644 SOURCES/debrand-specific-versions-of-hardware.patch diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch deleted file mode 100644 index d064ea0..0000000 --- a/SOURCES/debrand-rh-i686-cpu.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700 -@@ -147,7 +147,7 @@ void main(void) - - /* Make sure we have all the proper CPU support */ - if (validate_cpu()) { -- puts("This processor is not supported in this version of RHEL.\n"); -+ puts("This processor is not supported in this version of EuroLinux.\n"); - die(); - } - - diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch deleted file mode 100644 index c84dfcd..0000000 --- a/SOURCES/debrand-single-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 -@@ -900,7 +900,7 @@ static void rh_check_supported(void) - if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !guest && is_kdump_kernel()) { - pr_crit("Detected single cpu native boot.\n"); -- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported."); - } - - /* diff --git a/SOURCES/debrand-specific-versions-of-hardware.patch b/SOURCES/debrand-specific-versions-of-hardware.patch deleted file mode 100644 index 25a43ba..0000000 --- a/SOURCES/debrand-specific-versions-of-hardware.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c ---- linux-4.18.0-477.27.1.el8_8/init/main.c 2023-08-31 16:01:50.000000000 +0200 -+++ linux-4.18.0-477.27.1.el8_8p/init/main.c 2023-09-20 14:02:16.439638219 +0200 -@@ -576,7 +576,7 @@ - page_alloc_init(); - - pr_notice("Kernel command line: %s\n", boot_command_line); -- pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n"); -+ pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n"); - /* parameters may set static keys */ - jump_label_init(); - parse_early_param(); diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index e6cbd13..88fc7ed 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -325,19 +325,6 @@ %define initrd_prereq dracut >= 027 -# EuroLinux override -# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast -# we have to change this here - -%define with_doc 1 -%define with_kabichk 1 -%define with_kernel_abi_whitelists 1 -%global signkernel 0 -%global signmodules 0 - -# End of EuroLinux override - - Name: kernel%{?variant} Group: System Environment/Kernel License: GPLv2 and Redistributable, no modification permitted @@ -558,17 +545,14 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: debrand-rh-i686-cpu.patch -Patch1002: debrand-single-cpu.patch -Patch1003: debrand-specific-versions-of-hardware.patch # END OF PATCH DEFINITIONS BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for EuroLinux. -It is based on upstream Linux at version %{version} and maintains kABI +This is the package which provides the Linux %{name} for Red Hat Enterprise +Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means this is not a %{version} kernel anymore: it includes several components which come @@ -576,7 +560,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in EuroLinux, enhancements for +updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc. # @@ -824,14 +808,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-stablelists -Summary: The EuroLinux kernel ABI symbol stablelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists Group: System Environment/Kernel AutoReqProv: no Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release} Provides: %{name}-abi-whitelists %description -n %{name}-abi-stablelists -The kABI package contains information pertaining to the EuroLinux -kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the Red Hat Enterprise +Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -840,8 +824,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the EuroLinux -kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the Red Hat Enterprise +Linux kernel, suitable for the kabi-dw tool. %endif # @@ -915,7 +899,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for EuroLinux internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ %{nil} # @@ -1084,6 +1068,12 @@ ApplyPatch() if [ ! -f $RPM_SOURCE_DIR/$patch ]; then exit 1 fi + if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then + if [ "${patch:0:8}" != "patch-4." ] ; then + echo "ERROR: Patch $patch not listed as a source patch in specfile" + exit 1 + fi + fi 2>/dev/null case "$patch" in *.bz2) bunzip2 < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;; *.gz) gunzip < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;; @@ -1111,9 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-specific-versions-of-hardware.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch ApplyOptionalPatch linux-kernel-test.patch # END OF PATCH APPLICATIONS @@ -1764,7 +1751,20 @@ BuildKernel() { # build a BLS config for this kernel %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" - mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer + # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel + mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer + install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + %ifarch s390x ppc64le + if [ $DoModules -eq 1 ]; then + if [ -x /usr/bin/rpm-sign ]; then + install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + else + install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + fi + fi + %endif %if %{with_ipaclones} MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p') @@ -2697,14 +2697,6 @@ fi # # %changelog -* Wed Apr 03 2024 EuroLinux Autopatch -- Added Patch: debrand-rh-i686-cpu.patch ---> i686 info debrand -- Added Patch: debrand-single-cpu.patch ---> Single cpu debrand -- Added Patch: debrand-specific-versions-of-hardware.patch ---> Specific versions of hardware debrand - * Thu Mar 14 2024 Lucas Zampieri [4.18.0-513.24.1.el8_9] - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-27496 RHEL-21760] - ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-27496 RHEL-21760]