metalefty/fedora-kernel
1
0
Fork 0
Code Issues Pull Requests Releases Activity

kernel-5.14.0-0.rc7.54

Browse Source 
* Mon Aug 23 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc7.54]
- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Herton R. Krzesinski) [1994849]
Resolves: rhbz#1994849

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes 2021-08-23 08:33:08 -05:00
parent e6db620870
commit fab840e687
No known key found for this signature in database
GPG Key ID: B8FA7924A4B1C140
6 changed files with 36 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.rhelver
View File

@ -12,7 +12,7 @@ RHEL_MINOR = 99
# #
# Use this spot to avoid future merge conflicts. # Use this spot to avoid future merge conflicts.
# Do not trim this comment. # Do not trim this comment.
RHEL_RELEASE = 50 RHEL_RELEASE = 54
# #
# Early y+1 numbering # Early y+1 numbering

66
kernel.spec
View File

@ -78,9 +78,9 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 0 to not build a separate debug kernel, but # Set debugbuildsenabled to 0 to not build a separate debug kernel, but
# to build the base kernel using the debug configuration. (Specifying # to build the base kernel using the debug configuration. (Specifying
# the --with-release option overrides this setting.) # the --with-release option overrides this setting.)
%define debugbuildsenabled 0 %define debugbuildsenabled 1
%global distro_build 0.rc6.20210820gitd992fe5318d8.50 %global distro_build 0.rc7.54
%if 0%{?fedora} %if 0%{?fedora}
%define secure_boot_arch x86_64 %define secure_boot_arch x86_64
@ -124,13 +124,13 @@ Summary: The Linux kernel
%define kversion 5.14 %define kversion 5.14
%define rpmversion 5.14.0 %define rpmversion 5.14.0
%define pkgrelease 0.rc6.20210820gitd992fe5318d8.50 %define pkgrelease 0.rc7.54
# This is needed to do merge window version magic # This is needed to do merge window version magic
%define patchlevel 14 %define patchlevel 14
# allow pkg_release to have configurable %%{?dist} tag # allow pkg_release to have configurable %%{?dist} tag
%define specrelease 0.rc6.20210820gitd992fe5318d8.50%{?buildid}%{?dist} %define specrelease 0.rc7.54%{?buildid}%{?dist}
%define pkg_release %{specrelease} %define pkg_release %{specrelease}
@ -671,7 +671,7 @@ BuildRequires: lld
# exact git commit you can run # exact git commit you can run
# #
# xzcat -qq ${TARBALL} | git get-tar-commit-id # xzcat -qq ${TARBALL} | git get-tar-commit-id
Source0: linux-5.14-rc6-125-gd992fe5318d8.tar.xz Source0: linux-5.14-rc7.tar.xz
Source1: Makefile.rhelver Source1: Makefile.rhelver
@ -690,26 +690,21 @@ Source9: x509.genkey.fedora
%if %{?released_kernel} %if %{?released_kernel}
Source10: redhatsecurebootca5.cer Source10: redhatsecurebootca5.cer
Source11: redhatsecurebootca1.cer Source11: redhatsecureboot501.cer
Source12: redhatsecureboot501.cer Source12: secureboot_s390.cer
Source13: redhatsecureboot301.cer Source13: secureboot_ppc.cer
Source14: secureboot_s390.cer
Source15: secureboot_ppc.cer
%define secureboot_ca_1 %{SOURCE10} %define secureboot_ca_0 %{SOURCE10}
%define secureboot_ca_0 %{SOURCE11}
%ifarch x86_64 aarch64 %ifarch x86_64 aarch64
%define secureboot_key_1 %{SOURCE12} %define secureboot_key_0 %{SOURCE11}
%define pesign_name_1 redhatsecureboot501 %define pesign_name_0 redhatsecureboot501
%define secureboot_key_0 %{SOURCE13}
%define pesign_name_0 redhatsecureboot301
%endif %endif
%ifarch s390x %ifarch s390x
%define secureboot_key_0 %{SOURCE14} %define secureboot_key_0 %{SOURCE12}
%define pesign_name_0 redhatsecureboot302 %define pesign_name_0 redhatsecureboot302
%endif %endif
%ifarch ppc64le %ifarch ppc64le
%define secureboot_key_0 %{SOURCE15} %define secureboot_key_0 %{SOURCE13}
%define pesign_name_0 redhatsecureboot303 %define pesign_name_0 redhatsecureboot303
%endif %endif
@ -717,16 +712,11 @@ Source15: secureboot_ppc.cer
%else %else
Source10: redhatsecurebootca4.cer Source10: redhatsecurebootca4.cer
Source11: redhatsecurebootca2.cer Source11: redhatsecureboot401.cer
Source12: redhatsecureboot401.cer
Source13: redhatsecureboot003.cer
%define secureboot_ca_1 %{SOURCE10} %define secureboot_ca_0 %{SOURCE10}
%define secureboot_ca_0 %{SOURCE11} %define secureboot_key_0 %{SOURCE11}
%define secureboot_key_1 %{SOURCE12} %define pesign_name_0 redhatsecureboot401
%define pesign_name_1 redhatsecureboot401
%define secureboot_key_0 %{SOURCE13}
%define pesign_name_0 redhatsecureboot003
# released_kernel # released_kernel
%endif %endif
@ -1357,8 +1347,8 @@ ApplyOptionalPatch()
fi fi
} }
%setup -q -n kernel-5.14-rc6-125-gd992fe5318d8 -c %setup -q -n kernel-5.14-rc7 -c
mv linux-5.14-rc6-125-gd992fe5318d8 linux-%{KVERREL} mv linux-5.14-rc7 linux-%{KVERREL}
cd linux-%{KVERREL} cd linux-%{KVERREL}
cp -a %{SOURCE1} . cp -a %{SOURCE1} .
@ -1630,9 +1620,7 @@ BuildKernel() {
fi fi
%ifarch x86_64 aarch64 %ifarch x86_64 aarch64
%pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
%pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
rm vmlinuz.tmp
%endif %endif
%ifarch s390x ppc64le %ifarch s390x ppc64le
if [ -x /usr/bin/rpm-sign ]; then if [ -x /usr/bin/rpm-sign ]; then
@ -2097,13 +2085,7 @@ BuildKernel() {
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%ifarch x86_64 aarch64 install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer
ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%else
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%endif
%ifarch s390x ppc64le %ifarch s390x ppc64le
if [ $DoModules -eq 1 ]; then if [ $DoModules -eq 1 ]; then
if [ -x /usr/bin/rpm-sign ]; then if [ -x /usr/bin/rpm-sign ]; then
@ -2952,6 +2934,12 @@ fi
# #
# #
%changelog %changelog
* Mon Aug 23 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc7.54]
- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Herton R. Krzesinski) [1994849]
* Sat Aug 21 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210821gitfa54d366a6e4.51]
- More Fedora config updates (Justin M. Forbes)
* Fri Aug 20 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210820gitd992fe5318d8.50] * Fri Aug 20 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210820gitd992fe5318d8.50]
- Fedora config updates for 5.14 (Justin M. Forbes) - Fedora config updates for 5.14 (Justin M. Forbes)

10
patch-5.14.0-redhat.patch
View File

@ -139,7 +139,7 @@ index 000000000000..effb81d04bfd
+ +
+endmenu +endmenu
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index c19d1638da25..5392d14f9646 100644 index 80aa85170d6b..3b0fcfb382a3 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@ -1405,7 +1405,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
if (data->f01_container->dev.driver) { if (data->f01_container->dev.driver) {
/* Driver already bound, so enable ATTN now. */ /* Driver already bound, so enable ATTN now. */
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 5419c4b9f27a..3bce0190f0cd 100644 index 63f0af10c403..195be16dbd39 100644
--- a/drivers/iommu/iommu.c --- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c
@@ -7,6 +7,7 @@ @@ -7,6 +7,7 @@
@ -1416,7 +1416,7 @@ index 5419c4b9f27a..3bce0190f0cd 100644
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/bug.h> #include <linux/bug.h>
#include <linux/types.h> #include <linux/types.h>
@@ -3036,6 +3037,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle) @@ -3039,6 +3040,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle)
} }
EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
@ -1743,10 +1743,10 @@ index 3a72352aa5cf..47b11f3c7fce 100644
struct pci_driver *drv; struct pci_driver *drv;
struct pci_dev *dev; struct pci_dev *dev;
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 6d74386eadc2..2333c1e4ae05 100644 index ab3de1551b50..7bc8ebb58d35 100644
--- a/drivers/pci/quirks.c --- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c
@@ -4230,6 +4230,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000, @@ -4231,6 +4231,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084, DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084,
quirk_bridge_cavm_thrx2_pcie_root); quirk_bridge_cavm_thrx2_pcie_root);

BIN
redhatsecureboot003.cer
View File

Binary file not shown.

BIN
redhatsecurebootca2.cer
View File

Binary file not shown.

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (linux-5.14-rc6-125-gd992fe5318d8.tar.xz) = 381645b7843d25375bb15c670c07a7c0ae7c4c5b944ab937ce93a88b148157956e04367d38ee6569b68b31a5d94aa32d6998a8cb568f77462688d9a89ec03ac0 SHA512 (linux-5.14-rc7.tar.xz) = 8682d0a9b88220c3707130150591c7d471d6b2d8d2ddb0c8940c6e59d23f9a4b1a5fcc8ccc5a5a5b68f47f449521b5347d6d979688e40960fdc342b36a9fb012
SHA512 (kernel-abi-stablelists-5.14.0-0.rc6.20210820gitd992fe5318d8.50.tar.bz2) = 8771756b6eca6465cde6f69205b993ceff4be30c53263736d83e4cfdff82a662d52532e1f6ef7e253014fa0f13148161eaa60bf5dcced6995e1f2e6bf95b74bb SHA512 (kernel-abi-stablelists-5.14.0-0.rc7.54.tar.bz2) = 67e2d05ce2c74e73f40bacb113630ade3be5f95207ea6c8aa1fa13ea7b875c53945458de6395d8ee7b0297f54deda8b8e61a727682cb33e7eeb0dfc1e1b7d998
SHA512 (kernel-kabi-dw-5.14.0-0.rc6.20210820gitd992fe5318d8.50.tar.bz2) = 1fb402c4172dc1912255c48bb8fe01823194bf0d0b272089b4e04deee5b2e559f81d28644dbfc1cb36e1991ac004ad207247a5eae480f6f80f06de287594e30d SHA512 (kernel-kabi-dw-5.14.0-0.rc7.54.tar.bz2) = fb3ae66655d42c9294899e6c8fe6b684f97c65dca527f863059f419f90a3bb84fc98c0ea69f7939e9b09e1ee54a59a12cd23304b8d55275bfdb24a9d1228f43d