kernel-6.11.0-0.rc5.20240827git3e9bff3bbe13.44
* Tue Aug 27 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.3e9bff3bbe13.44] - Linux v6.11.0-0.rc5.3e9bff3bbe13 Resolves: RHEL-49398 Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
17565722aa
commit
7e878ba500
@ -12,7 +12,7 @@ RHEL_MINOR = 99
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
RHEL_RELEASE = 43
|
||||
RHEL_RELEASE = 44
|
||||
|
||||
#
|
||||
# RHEL_REBASE_NUM
|
||||
|
@ -1,9 +1,21 @@
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/f0422a4f19781da4d37e9d95c8df8eae5db72d0c
|
||||
f0422a4f19781da4d37e9d95c8df8eae5db72d0c Revert "pidfd: prevent creation of pidfds for kthreads"
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/b0c8e7622950ce4bd430980be9a93e56bda43672
|
||||
b0c8e7622950ce4bd430980be9a93e56bda43672 crypto: akcipher - Disable signing and decryption
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/a09122a7a65c8e9f1a0982f6a9c768bf040f6df9
|
||||
a09122a7a65c8e9f1a0982f6a9c768bf040f6df9 crypto: dh - implement FIPS PCT
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/a9c9a82dfe33e40861d7d0a13ae9fe50a5b49c12
|
||||
a9c9a82dfe33e40861d7d0a13ae9fe50a5b49c12 crypto: ecdh - disallow plain "ecdh" usage in FIPS mode
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/135f5f0257aaf5fc358eb35665b88f78cfa9882d
|
||||
135f5f0257aaf5fc358eb35665b88f78cfa9882d crypto: seqiv - flag instantiations as FIPS compliant
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/6425c2e128af3870617dd29da8110e7fa17b9ba9
|
||||
6425c2e128af3870617dd29da8110e7fa17b9ba9 not upstream: Disable vdso getrandom when FIPS is enabled
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/ecb1311a2f2e5baf8cd394850d03d33e18c8ba41
|
||||
ecb1311a2f2e5baf8cd394850d03d33e18c8ba41 [kernel] bpf: set default value for bpf_jit_harden
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/6ae23a2899f457adcbd4e081dec7a49a62b5ec87
|
||||
6ae23a2899f457adcbd4e081dec7a49a62b5ec87 Add support to rh_waived cmdline boot parameter
|
||||
|
||||
|
@ -2132,7 +2132,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_BMAN_TEST is not set
|
||||
CONFIG_FSL_DPAA2_ETH_DCB=y
|
||||
@ -4282,8 +4282,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2116,7 +2116,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_BMAN_TEST is not set
|
||||
CONFIG_FSL_DPAA2_ETH_DCB=y
|
||||
@ -4261,8 +4261,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2129,7 +2129,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_BMAN_TEST is not set
|
||||
CONFIG_FSL_DPAA2_ETH_DCB=y
|
||||
@ -4279,8 +4279,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2113,7 +2113,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_BMAN_TEST is not set
|
||||
CONFIG_FSL_DPAA2_ETH_DCB=y
|
||||
@ -4258,8 +4258,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2167,7 +2167,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_BMAN_TEST is not set
|
||||
CONFIG_FSL_DPAA2_ETH_DCB=y
|
||||
@ -4319,8 +4319,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2151,7 +2151,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_BMAN_TEST is not set
|
||||
CONFIG_FSL_DPAA2_ETH_DCB=y
|
||||
@ -4298,8 +4298,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -1883,7 +1883,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -3927,8 +3927,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -1867,7 +1867,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -3907,8 +3907,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -1886,7 +1886,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -3907,8 +3907,7 @@ CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
# CONFIG_NETIUCV is not set
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -1870,7 +1870,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -3887,8 +3887,7 @@ CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
# CONFIG_NETIUCV is not set
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -3897,7 +3897,6 @@ CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
# CONFIG_NETIUCV is not set
|
||||
# CONFIG_NET_KEY is not set
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2015,7 +2015,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -4144,8 +4144,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -1999,7 +1999,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -4124,8 +4124,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2053,7 +2053,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -4184,8 +4184,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -2037,7 +2037,7 @@ CONFIG_FRONTSWAP=y
|
||||
CONFIG_FSCACHE_STATS=y
|
||||
CONFIG_FSCACHE=y
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_FS_ENCRYPTION is not set
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
# CONFIG_FSI is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_FSL_ENETC_IERB is not set
|
||||
@ -4164,8 +4164,7 @@ CONFIG_NET_IPGRE_DEMUX=m
|
||||
CONFIG_NET_IPGRE=m
|
||||
CONFIG_NET_IPIP=m
|
||||
CONFIG_NET_IPVTI=m
|
||||
CONFIG_NET_KEY=m
|
||||
CONFIG_NET_KEY_MIGRATE=y
|
||||
# CONFIG_NET_KEY is not set
|
||||
# CONFIG_NETKIT is not set
|
||||
CONFIG_NET_L3_MASTER_DEV=y
|
||||
CONFIG_NETLABEL=y
|
||||
|
@ -1,7 +1,16 @@
|
||||
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
|
||||
- Revert "pidfd: prevent creation of pidfds for kthreads" (Christian Brauner)
|
||||
* Tue Aug 27 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.3e9bff3bbe13.44]
|
||||
- Linux v6.11.0-0.rc5.3e9bff3bbe13
|
||||
Resolves: RHEL-49398
|
||||
|
||||
* Mon Aug 26 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
|
||||
- Add weakdep support to the kernel spec (Justin M. Forbes)
|
||||
Resolves:
|
||||
- redhat: configs: disable PF_KEY in RHEL (Sabrina Dubroca)
|
||||
- crypto: akcipher - Disable signing and decryption (Vladis Dronov) [RHEL-54183] {CVE-2023-6240}
|
||||
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-54183]
|
||||
- crypto: ecdh - disallow plain "ecdh" usage in FIPS mode (Vladis Dronov) [RHEL-54183]
|
||||
- crypto: seqiv - flag instantiations as FIPS compliant (Vladis Dronov) [RHEL-54183]
|
||||
- [kernel] bpf: set default value for bpf_jit_harden (Artem Savkov) [RHEL-51896]
|
||||
Resolves: RHEL-51896, RHEL-54183
|
||||
|
||||
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.42]
|
||||
- Linux v6.11.0-0.rc5
|
||||
|
18
kernel.spec
18
kernel.spec
@ -163,13 +163,13 @@ Summary: The Linux kernel
|
||||
%define specrpmversion 6.11.0
|
||||
%define specversion 6.11.0
|
||||
%define patchversion 6.11
|
||||
%define pkgrelease 0.rc5.43
|
||||
%define pkgrelease 0.rc5.20240827git3e9bff3bbe13.44
|
||||
%define kversion 6
|
||||
%define tarfile_release 6.11-rc5
|
||||
%define tarfile_release 6.11-rc5-15-g3e9bff3bbe13
|
||||
# This is needed to do merge window version magic
|
||||
%define patchlevel 11
|
||||
# This allows pkg_release to have configurable %%{?dist} tag
|
||||
%define specrelease 0.rc5.43%{?buildid}%{?dist}
|
||||
%define specrelease 0.rc5.20240827git3e9bff3bbe13.44%{?buildid}%{?dist}
|
||||
# This defines the kabi tarball version
|
||||
%define kabiversion 6.11.0
|
||||
|
||||
@ -4098,9 +4098,17 @@ fi\
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
|
||||
- Revert "pidfd: prevent creation of pidfds for kthreads" (Christian Brauner)
|
||||
* Tue Aug 27 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.3e9bff3bbe13.44]
|
||||
- Linux v6.11.0-0.rc5.3e9bff3bbe13
|
||||
|
||||
* Mon Aug 26 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
|
||||
- Add weakdep support to the kernel spec (Justin M. Forbes)
|
||||
- redhat: configs: disable PF_KEY in RHEL (Sabrina Dubroca)
|
||||
- crypto: akcipher - Disable signing and decryption (Vladis Dronov) [RHEL-54183] {CVE-2023-6240}
|
||||
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-54183]
|
||||
- crypto: ecdh - disallow plain "ecdh" usage in FIPS mode (Vladis Dronov) [RHEL-54183]
|
||||
- crypto: seqiv - flag instantiations as FIPS compliant (Vladis Dronov) [RHEL-54183]
|
||||
- [kernel] bpf: set default value for bpf_jit_harden (Artem Savkov) [RHEL-51896]
|
||||
|
||||
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.42]
|
||||
- Linux v6.11.0-0.rc5
|
||||
|
@ -11,8 +11,12 @@
|
||||
arch/x86/kernel/cpu/common.c | 1 +
|
||||
arch/x86/kernel/setup.c | 98 +++-
|
||||
certs/extract-cert.c | 25 +-
|
||||
crypto/akcipher.c | 6 +-
|
||||
crypto/dh.c | 25 +
|
||||
crypto/drbg.c | 18 +-
|
||||
crypto/rng.c | 149 +++++-
|
||||
crypto/seqiv.c | 15 +-
|
||||
crypto/testmgr.c | 4 +-
|
||||
drivers/acpi/apei/hest.c | 8 +
|
||||
drivers/acpi/irq.c | 17 +-
|
||||
drivers/acpi/scan.c | 9 +
|
||||
@ -48,7 +52,7 @@
|
||||
fs/afs/main.c | 3 +
|
||||
fs/erofs/super.c | 9 +
|
||||
fs/ext4/super.c | 11 +
|
||||
include/linux/crypto.h | 1 +
|
||||
include/linux/crypto.h | 3 +
|
||||
include/linux/efi.h | 22 +-
|
||||
include/linux/kernel.h | 16 +
|
||||
include/linux/lsm_hook_defs.h | 2 +
|
||||
@ -63,8 +67,8 @@
|
||||
include/linux/security.h | 5 +
|
||||
init/main.c | 3 +
|
||||
kernel/Makefile | 1 +
|
||||
kernel/bpf/core.c | 5 +
|
||||
kernel/bpf/syscall.c | 23 +
|
||||
kernel/fork.c | 25 +-
|
||||
kernel/module/main.c | 13 +
|
||||
kernel/module/signing.c | 9 +-
|
||||
kernel/panic.c | 13 +
|
||||
@ -79,7 +83,7 @@
|
||||
security/lockdown/Kconfig | 13 +
|
||||
security/lockdown/lockdown.c | 1 +
|
||||
security/security.c | 12 +
|
||||
81 files changed, 2688 insertions(+), 280 deletions(-)
|
||||
85 files changed, 2734 insertions(+), 266 deletions(-)
|
||||
|
||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||
index 09126bb8cc9f..ee2984e46c06 100644
|
||||
@ -501,6 +505,67 @@ index 70e9ec89d87d..f5fb74916cee 100644
|
||||
} else {
|
||||
BIO *b;
|
||||
X509 *x509;
|
||||
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
|
||||
index e0ff5f4dda6d..098a52ded759 100644
|
||||
--- a/crypto/akcipher.c
|
||||
+++ b/crypto/akcipher.c
|
||||
@@ -126,14 +126,12 @@ int crypto_register_akcipher(struct akcipher_alg *alg)
|
||||
{
|
||||
struct crypto_alg *base = &alg->base;
|
||||
|
||||
- if (!alg->sign)
|
||||
- alg->sign = akcipher_default_op;
|
||||
+ alg->sign = akcipher_default_op;
|
||||
if (!alg->verify)
|
||||
alg->verify = akcipher_default_op;
|
||||
if (!alg->encrypt)
|
||||
alg->encrypt = akcipher_default_op;
|
||||
- if (!alg->decrypt)
|
||||
- alg->decrypt = akcipher_default_op;
|
||||
+ alg->decrypt = akcipher_default_op;
|
||||
if (!alg->set_priv_key)
|
||||
alg->set_priv_key = akcipher_default_set_key;
|
||||
|
||||
diff --git a/crypto/dh.c b/crypto/dh.c
|
||||
index 68d11d66c0b5..6e3e515b2452 100644
|
||||
--- a/crypto/dh.c
|
||||
+++ b/crypto/dh.c
|
||||
@@ -227,10 +227,35 @@ static int dh_compute_value(struct kpp_request *req)
|
||||
|
||||
/* SP800-56A rev 3 5.6.2.1.3 key check */
|
||||
} else {
|
||||
+ MPI val_pct;
|
||||
+
|
||||
if (dh_is_pubkey_valid(ctx, val)) {
|
||||
ret = -EAGAIN;
|
||||
goto err_free_val;
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * SP800-56Arev3, 5.6.2.1.4: ("Owner Assurance
|
||||
+ * of Pair-wise Consistency"): recompute the
|
||||
+ * public key and check if the results match.
|
||||
+ */
|
||||
+ val_pct = mpi_alloc(0);
|
||||
+ if (!val_pct) {
|
||||
+ ret = -ENOMEM;
|
||||
+ goto err_free_val;
|
||||
+ }
|
||||
+
|
||||
+ ret = _compute_val(ctx, base, val_pct);
|
||||
+ if (ret) {
|
||||
+ mpi_free(val_pct);
|
||||
+ goto err_free_val;
|
||||
+ }
|
||||
+
|
||||
+ if (mpi_cmp(val, val_pct) != 0) {
|
||||
+ fips_fail_notify();
|
||||
+ panic("dh: pair-wise consistency test failed\n");
|
||||
+ }
|
||||
+ mpi_free(val_pct);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/crypto/drbg.c b/crypto/drbg.c
|
||||
index 3addce90930c..730b03de596a 100644
|
||||
--- a/crypto/drbg.c
|
||||
@ -775,6 +840,67 @@ index 9d8804e46422..5ccb0485ff4b 100644
|
||||
+
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_DESCRIPTION("Random Number Generator");
|
||||
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
|
||||
index 17e11d51ddc3..9c136a3b6267 100644
|
||||
--- a/crypto/seqiv.c
|
||||
+++ b/crypto/seqiv.c
|
||||
@@ -132,6 +132,19 @@ static int seqiv_aead_decrypt(struct aead_request *req)
|
||||
return crypto_aead_decrypt(subreq);
|
||||
}
|
||||
|
||||
+static int aead_init_seqiv(struct crypto_aead *aead)
|
||||
+{
|
||||
+ int err;
|
||||
+
|
||||
+ err = aead_init_geniv(aead);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ crypto_aead_set_flags(aead, CRYPTO_TFM_FIPS_COMPLIANCE);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
|
||||
{
|
||||
struct aead_instance *inst;
|
||||
@@ -149,7 +162,7 @@ static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
|
||||
inst->alg.encrypt = seqiv_aead_encrypt;
|
||||
inst->alg.decrypt = seqiv_aead_decrypt;
|
||||
|
||||
- inst->alg.init = aead_init_geniv;
|
||||
+ inst->alg.init = aead_init_seqiv;
|
||||
inst->alg.exit = aead_exit_geniv;
|
||||
|
||||
inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
|
||||
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
|
||||
index f02cb075bd68..669e306f1cb2 100644
|
||||
--- a/crypto/testmgr.c
|
||||
+++ b/crypto/testmgr.c
|
||||
@@ -4216,7 +4216,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
|
||||
* Don't invoke (decrypt or sign) test which require a private key
|
||||
* for vectors with only a public key.
|
||||
*/
|
||||
- if (vecs->public_key_vec) {
|
||||
+ if (1 || vecs->public_key_vec) {
|
||||
err = 0;
|
||||
goto free_all;
|
||||
}
|
||||
@@ -5093,14 +5093,12 @@ static const struct alg_test_desc alg_test_descs[] = {
|
||||
}, {
|
||||
.alg = "ecdh-nist-p256",
|
||||
.test = alg_test_kpp,
|
||||
- .fips_allowed = 1,
|
||||
.suite = {
|
||||
.kpp = __VECS(ecdh_p256_tv_template)
|
||||
}
|
||||
}, {
|
||||
.alg = "ecdh-nist-p384",
|
||||
.test = alg_test_kpp,
|
||||
- .fips_allowed = 1,
|
||||
.suite = {
|
||||
.kpp = __VECS(ecdh_p384_tv_template)
|
||||
}
|
||||
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
|
||||
index 20d757687e3d..90a13f20f052 100644
|
||||
--- a/drivers/acpi/apei/hest.c
|
||||
@ -2390,14 +2516,16 @@ index e72145c4ae5a..7522b976a836 100644
|
||||
err = ext4_register_sysfs(sb);
|
||||
if (err)
|
||||
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
|
||||
index b164da5e129e..59021b8609a7 100644
|
||||
index b164da5e129e..cd78d16ee5d6 100644
|
||||
--- a/include/linux/crypto.h
|
||||
+++ b/include/linux/crypto.h
|
||||
@@ -133,6 +133,7 @@
|
||||
@@ -133,6 +133,9 @@
|
||||
#define CRYPTO_TFM_REQ_FORBID_WEAK_KEYS 0x00000100
|
||||
#define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200
|
||||
#define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400
|
||||
+#define CRYPTO_TFM_REQ_NEED_RESEED 0x00000800
|
||||
+
|
||||
+#define CRYPTO_TFM_FIPS_COMPLIANCE 0x80000000
|
||||
|
||||
/*
|
||||
* Miscellaneous stuff.
|
||||
@ -3281,6 +3409,23 @@ index 3c13240dfc9f..dc6723d84302 100644
|
||||
obj-$(CONFIG_USERMODE_DRIVER) += usermode_driver.o
|
||||
obj-$(CONFIG_MULTIUSER) += groups.o
|
||||
obj-$(CONFIG_VHOST_TASK) += vhost_task.o
|
||||
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
|
||||
index 7ee62e38faf0..63817aceb71f 100644
|
||||
--- a/kernel/bpf/core.c
|
||||
+++ b/kernel/bpf/core.c
|
||||
@@ -566,7 +566,12 @@ void bpf_prog_kallsyms_del_all(struct bpf_prog *fp)
|
||||
/* All BPF JIT sysctl knobs here. */
|
||||
int bpf_jit_enable __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
|
||||
int bpf_jit_kallsyms __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
|
||||
+#ifdef CONFIG_RHEL_DIFFERENCES
|
||||
+/* RHEL-only: set it to 1 by default */
|
||||
+int bpf_jit_harden __read_mostly = 1;
|
||||
+#else
|
||||
int bpf_jit_harden __read_mostly;
|
||||
+#endif /* CONFIG_RHEL_DIFFERENCES */
|
||||
long bpf_jit_limit __read_mostly;
|
||||
long bpf_jit_limit_max __read_mostly;
|
||||
|
||||
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
|
||||
index bf6c5f685ea2..649f2fccaddd 100644
|
||||
--- a/kernel/bpf/syscall.c
|
||||
@ -3329,50 +3474,6 @@ index bf6c5f685ea2..649f2fccaddd 100644
|
||||
*(int *)table->data = unpriv_enable;
|
||||
}
|
||||
|
||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
||||
index 18bdc87209d0..cc760491f201 100644
|
||||
--- a/kernel/fork.c
|
||||
+++ b/kernel/fork.c
|
||||
@@ -2053,23 +2053,10 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re
|
||||
*/
|
||||
int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret)
|
||||
{
|
||||
- if (!pid)
|
||||
- return -EINVAL;
|
||||
-
|
||||
- scoped_guard(rcu) {
|
||||
- struct task_struct *tsk;
|
||||
-
|
||||
- if (flags & PIDFD_THREAD)
|
||||
- tsk = pid_task(pid, PIDTYPE_PID);
|
||||
- else
|
||||
- tsk = pid_task(pid, PIDTYPE_TGID);
|
||||
- if (!tsk)
|
||||
- return -EINVAL;
|
||||
+ bool thread = flags & PIDFD_THREAD;
|
||||
|
||||
- /* Don't create pidfds for kernel threads for now. */
|
||||
- if (tsk->flags & PF_KTHREAD)
|
||||
- return -EINVAL;
|
||||
- }
|
||||
+ if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID))
|
||||
+ return -EINVAL;
|
||||
|
||||
return __pidfd_prepare(pid, flags, ret);
|
||||
}
|
||||
@@ -2416,12 +2403,6 @@ __latent_entropy struct task_struct *copy_process(
|
||||
if (clone_flags & CLONE_PIDFD) {
|
||||
int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0;
|
||||
|
||||
- /* Don't create pidfds for kernel threads for now. */
|
||||
- if (args->kthread) {
|
||||
- retval = -EINVAL;
|
||||
- goto bad_fork_free_pid;
|
||||
- }
|
||||
-
|
||||
/* Note that no task has been attached to @pid yet. */
|
||||
retval = __pidfd_prepare(pid, flags, &pidfile);
|
||||
if (retval < 0)
|
||||
diff --git a/kernel/module/main.c b/kernel/module/main.c
|
||||
index 71396e297499..29e469418075 100644
|
||||
--- a/kernel/module/main.c
|
||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (linux-6.11-rc5.tar.xz) = ff448b1f89c72e7f6b55049cd7cc090971b8fd138f37797ea75b2294aa47f6e625874b2bc5958d57f1c3535d3926374bafb15661e42dad34bb41692f0e0d016b
|
||||
SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = f1335e684c694ca921a702c6e13dc7cf6184294db2b8671161b6689d483722cd7c2970bb74df7c2da55b5f9c80e9144adf0a7d6f7b7225022b2f368ec821da50
|
||||
SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = ccd65f0cbf5f967b6a49f1d8e596e065f389177bd496715d5dd2bb8b7b735dcdeb1d4eff1cf55a62d1aaa92bcf98c9a7bc4f931e0ec2c09eba63acd573581e04
|
||||
SHA512 (linux-6.11-rc5-15-g3e9bff3bbe13.tar.xz) = ae746f6c59c27274d79861d16a9cbea3db179eeda2b5979622f91a8e1c49cb8acc5149171d6e9d43878f7b0dc2b418dc8c3b39fa8c076bdb73616ed8dad92832
|
||||
SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = 2c203d38dc30d67f52015828f8754eac49964d3c1996d0b667b87aa7aff20ed2fa5fae19a90b253d488bb54d5f9bd8200ae305879b6b5b9d41acb98fefd8c1f4
|
||||
SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = 115ed2d2d87324b30eb4c078719913a80b3992ba9e3ac9df4711712b3de12a8f46732a468e8a5acd1c86983426d5a09d1df94c5cda27575a08f3622f4d7e5bc9
|
||||
|
Loading…
Reference in New Issue
Block a user