forked from rpms/kernel
import EuroLinux 4.18.0-513.18.1.el8_9
This commit is contained in:
parent
567d198790
commit
5c12f03449
2
.gitignore
vendored
2
.gitignore
vendored
@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
|
||||
SOURCES/centossecurebootca2.cer
|
||||
SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
|
||||
SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
|
||||
SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz
|
||||
SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz
|
||||
SOURCES/redhatsecureboot302.cer
|
||||
SOURCES/redhatsecureboot303.cer
|
||||
SOURCES/redhatsecureboot501.cer
|
||||
|
@ -2,7 +2,7 @@
|
||||
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
|
||||
6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
|
||||
98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
|
||||
8e36f68bdc4846384ae9835f703e877318c66d1c SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz
|
||||
cb01896ee61636ccd11f3359e7d30d390802cc81 SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz
|
||||
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
|
||||
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
|
||||
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
|
||||
|
12
SOURCES/debrand-rh-i686-cpu.patch
Normal file
12
SOURCES/debrand-rh-i686-cpu.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700
|
||||
+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700
|
||||
@@ -147,7 +147,7 @@ void main(void)
|
||||
|
||||
/* Make sure we have all the proper CPU support */
|
||||
if (validate_cpu()) {
|
||||
- puts("This processor is not supported in this version of RHEL.\n");
|
||||
+ puts("This processor is not supported in this version of EuroLinux.\n");
|
||||
die();
|
||||
}
|
||||
|
||||
|
11
SOURCES/debrand-single-cpu.patch
Normal file
11
SOURCES/debrand-single-cpu.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700
|
||||
+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700
|
||||
@@ -900,7 +900,7 @@ static void rh_check_supported(void)
|
||||
if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
|
||||
!guest && is_kdump_kernel()) {
|
||||
pr_crit("Detected single cpu native boot.\n");
|
||||
- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
|
||||
+ pr_crit("Important: In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported.");
|
||||
}
|
||||
|
||||
/*
|
12
SOURCES/debrand-specific-versions-of-hardware.patch
Normal file
12
SOURCES/debrand-specific-versions-of-hardware.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c
|
||||
--- linux-4.18.0-477.27.1.el8_8/init/main.c 2023-08-31 16:01:50.000000000 +0200
|
||||
+++ linux-4.18.0-477.27.1.el8_8p/init/main.c 2023-09-20 14:02:16.439638219 +0200
|
||||
@@ -576,7 +576,7 @@
|
||||
page_alloc_init();
|
||||
|
||||
pr_notice("Kernel command line: %s\n", boot_command_line);
|
||||
- pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n");
|
||||
+ pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n");
|
||||
/* parameters may set static keys */
|
||||
jump_label_init();
|
||||
parse_early_param();
|
@ -38,10 +38,10 @@
|
||||
# define buildid .local
|
||||
|
||||
%define specversion 4.18.0
|
||||
%define pkgrelease 513.11.1.el8_9
|
||||
%define pkgrelease 513.18.1.el8_9
|
||||
|
||||
# allow pkg_release to have configurable %%{?dist} tag
|
||||
%define specrelease 513.11.1%{?dist}
|
||||
%define specrelease 513.18.1%{?dist}
|
||||
|
||||
%define pkg_release %{specrelease}%{?buildid}
|
||||
|
||||
@ -324,6 +324,19 @@
|
||||
%define initrd_prereq dracut >= 027
|
||||
|
||||
|
||||
# EuroLinux override
|
||||
# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
|
||||
# we have to change this here
|
||||
|
||||
%define with_doc 1
|
||||
%define with_kabichk 1
|
||||
%define with_kernel_abi_whitelists 1
|
||||
%global signkernel 0
|
||||
%global signmodules 0
|
||||
|
||||
# End of EuroLinux override
|
||||
|
||||
|
||||
Name: kernel%{?variant}
|
||||
Group: System Environment/Kernel
|
||||
License: GPLv2 and Redistributable, no modification permitted
|
||||
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml
|
||||
|
||||
# empty final patch to facilitate testing of kernel patches
|
||||
Patch999999: linux-kernel-test.patch
|
||||
Patch1000: debrand-rh-i686-cpu.patch
|
||||
Patch1002: debrand-single-cpu.patch
|
||||
Patch1003: debrand-specific-versions-of-hardware.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
||||
|
||||
%description
|
||||
This is the package which provides the Linux %{name} for Red Hat Enterprise
|
||||
Linux. It is based on upstream Linux at version %{version} and maintains kABI
|
||||
This is the package which provides the Linux %{name} for EuroLinux.
|
||||
It is based on upstream Linux at version %{version} and maintains kABI
|
||||
compatibility of a set of approved symbols, however it is heavily modified with
|
||||
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
||||
this is not a %{version} kernel anymore: it includes several components which come
|
||||
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
|
||||
core. Some of the components/backports that may be pulled in are: changes like
|
||||
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
||||
fixes and features), updates to block layer, supported filesystems, major driver
|
||||
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
|
||||
updates for supported hardware in EuroLinux, enhancements for
|
||||
enterprise customers, etc.
|
||||
|
||||
#
|
||||
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
||||
%endif
|
||||
|
||||
%package -n %{name}-abi-stablelists
|
||||
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
||||
Summary: The EuroLinux kernel ABI symbol stablelists
|
||||
Group: System Environment/Kernel
|
||||
AutoReqProv: no
|
||||
Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
|
||||
Provides: %{name}-abi-whitelists
|
||||
%description -n %{name}-abi-stablelists
|
||||
The kABI package contains information pertaining to the Red Hat Enterprise
|
||||
Linux kernel ABI, including lists of kernel symbols that are needed by
|
||||
The kABI package contains information pertaining to the EuroLinux
|
||||
kernel ABI, including lists of kernel symbols that are needed by
|
||||
external Linux kernel modules, and a yum plugin to aid enforcement.
|
||||
|
||||
%if %{with_kabidw_base}
|
||||
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
||||
Group: System Environment/Kernel
|
||||
AutoReqProv: no
|
||||
%description kernel-kabidw-base-internal
|
||||
The package contains data describing the current ABI of the Red Hat Enterprise
|
||||
Linux kernel, suitable for the kabi-dw tool.
|
||||
The package contains data describing the current ABI of the EuroLinux
|
||||
kernel, suitable for the kabi-dw tool.
|
||||
%endif
|
||||
|
||||
#
|
||||
@ -898,7 +914,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
||||
AutoReq: no\
|
||||
AutoProv: yes\
|
||||
%description %{?1:%{1}-}modules-internal\
|
||||
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
|
||||
This package provides kernel modules for the %{?2:%{2} }kernel package for EuroLinux internal usage.\
|
||||
%{nil}
|
||||
|
||||
#
|
||||
@ -1067,12 +1083,6 @@ ApplyPatch()
|
||||
if [ ! -f $RPM_SOURCE_DIR/$patch ]; then
|
||||
exit 1
|
||||
fi
|
||||
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
|
||||
if [ "${patch:0:8}" != "patch-4." ] ; then
|
||||
echo "ERROR: Patch $patch not listed as a source patch in specfile"
|
||||
exit 1
|
||||
fi
|
||||
fi 2>/dev/null
|
||||
case "$patch" in
|
||||
*.bz2) bunzip2 < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;;
|
||||
*.gz) gunzip < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;;
|
||||
@ -1100,6 +1110,9 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
|
||||
|
||||
cd linux-%{KVERREL}
|
||||
|
||||
ApplyOptionalPatch debrand-single-cpu.patch
|
||||
ApplyOptionalPatch debrand-specific-versions-of-hardware.patch
|
||||
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
||||
ApplyOptionalPatch linux-kernel-test.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
@ -1750,20 +1763,7 @@ BuildKernel() {
|
||||
# build a BLS config for this kernel
|
||||
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
||||
|
||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||
%ifarch s390x ppc64le
|
||||
if [ $DoModules -eq 1 ]; then
|
||||
if [ -x /usr/bin/rpm-sign ]; then
|
||||
install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
||||
else
|
||||
install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||
openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
||||
chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
||||
fi
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{with_ipaclones}
|
||||
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
|
||||
@ -2696,6 +2696,79 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Feb 20 2024 EuroLinux Autopatch <devel@euro-linux.com>
|
||||
- Added Patch: debrand-rh-i686-cpu.patch
|
||||
--> i686 info debrand
|
||||
- Added Patch: debrand-single-cpu.patch
|
||||
--> Single cpu debrand
|
||||
- Added Patch: debrand-specific-versions-of-hardware.patch
|
||||
--> Specific versions of hardware debrand
|
||||
|
||||
* Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]
|
||||
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
|
||||
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
|
||||
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
|
||||
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
|
||||
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
|
||||
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
|
||||
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
|
||||
- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007]
|
||||
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817}
|
||||
|
||||
* Thu Jan 25 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.17.1.el8_9]
|
||||
- redhat: rewrite genlog and support Y- tags (Jan Stancek)
|
||||
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606}
|
||||
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410]
|
||||
- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944]
|
||||
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128]
|
||||
|
||||
* Thu Jan 18 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.16.1.el8_9]
|
||||
- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
|
||||
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244]
|
||||
- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073}
|
||||
- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831]
|
||||
- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055]
|
||||
|
||||
* Thu Jan 11 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.15.1.el8_9]
|
||||
- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244]
|
||||
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244]
|
||||
- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
|
||||
- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
|
||||
- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
|
||||
- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
|
||||
|
||||
* Thu Jan 04 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.14.1.el8_9]
|
||||
- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19452 RHEL-6567] {CVE-2022-3545}
|
||||
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (David Marlin) [RHEL-18999 RHEL-1231] {CVE-2023-40283}
|
||||
- md/raid5: release batch_last before waiting for another stripe_head (Nigel Croxon) [RHEL-12284 RHEL-9875]
|
||||
|
||||
* Thu Dec 21 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.13.1.el8_9]
|
||||
- Fix double fget() in vhost_net_set_backend() (Jon Maloy) [RHEL-13212 RHEL-7162] {CVE-2023-1838}
|
||||
- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19462 RHEL-6429] {CVE-2023-2166}
|
||||
- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
|
||||
- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
|
||||
- net: fix net device address assign type (Michal Schmidt) [RHEL-17296 RHEL-6383]
|
||||
- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17296 RHEL-6383]
|
||||
- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
|
||||
- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
|
||||
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18583 RHEL-6655] {CVE-2022-41858}
|
||||
|
||||
* Thu Dec 14 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.12.1.el8_9]
|
||||
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
|
||||
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
|
||||
- net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
|
||||
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
|
||||
- net/tls: Remove the context from the list in tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
|
||||
- tls: Fix context leak on tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
|
||||
- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15187 RHEL-15188] {CVE-2023-45871}
|
||||
|
||||
* Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9]
|
||||
- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)
|
||||
- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]
|
||||
|
Loading…
Reference in New Issue
Block a user