diff --git a/.gitignore b/.gitignore index cc341d1..1900185 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.139.1.rt7.480.el8_10.tar.xz +SOURCES/linux-4.18.0-553.140.1.rt7.481.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 0737c1b..5f240a0 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -a14407c76c0b9d7b8400e25f6e92493cff2b3e4c SOURCES/linux-4.18.0-553.139.1.rt7.480.el8_10.tar.xz +ef75d8f65398c6e87a4e2a8c37dfcd86dd65c07a SOURCES/linux-4.18.0-553.140.1.rt7.481.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SOURCES/kernel-rt-aarch64-debug.config b/SOURCES/kernel-rt-aarch64-debug.config index 5a47844..7643f82 100644 --- a/SOURCES/kernel-rt-aarch64-debug.config +++ b/SOURCES/kernel-rt-aarch64-debug.config @@ -2532,6 +2532,7 @@ CONFIG_ARM64_CRYPTO=y CONFIG_ARM64_E0PD=y CONFIG_ARM64_ERRATUM_1024718=y CONFIG_ARM64_ERRATUM_1542419=y +CONFIG_ARM64_ERRATUM_4118414=y CONFIG_ARM64_ERRATUM_819472=y CONFIG_ARM64_ERRATUM_824069=y CONFIG_ARM64_ERRATUM_826319=y diff --git a/SOURCES/kernel-rt-aarch64.config b/SOURCES/kernel-rt-aarch64.config index fef5265..74b7875 100644 --- a/SOURCES/kernel-rt-aarch64.config +++ b/SOURCES/kernel-rt-aarch64.config @@ -2604,6 +2604,7 @@ CONFIG_ARM64_CRYPTO=y CONFIG_ARM64_E0PD=y CONFIG_ARM64_ERRATUM_1024718=y CONFIG_ARM64_ERRATUM_1542419=y +CONFIG_ARM64_ERRATUM_4118414=y CONFIG_ARM64_ERRATUM_819472=y CONFIG_ARM64_ERRATUM_824069=y CONFIG_ARM64_ERRATUM_826319=y diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index a7e0e5c..31cc135 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -49,10 +49,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.139.1.rt7.480.el8_10 +%define pkgrelease 553.140.1.rt7.481.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.139.1.rt7.480%{?dist} +%define specrelease 553.140.1.rt7.481%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -159,7 +159,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .480 +%global rtbuild .481 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2727,7 +2727,7 @@ fi # # %changelog -* Tue Jul 07 2026 Andrei Lukoshko - 4.18.0-553.139.1.rt7.480 +* Tue Jul 07 2026 Andrei Lukoshko - 4.18.0-553.140.1.rt7.481 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 @@ -2738,10 +2738,41 @@ fi - kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained -* Tue Jul 07 2026 Eduard Abdullin - 4.18.0-553.139.1.rt7.480 +* Tue Jul 07 2026 Eduard Abdullin - 4.18.0-553.140.1.rt7.481 - Use AlmaLinux OS secure boot cert - Debrand for AlmaLinux OS +* Thu Jul 02 2026 CKI KWF Bot [4.18.0-553.140.1.rt7.481.el8_10] +- Enable workaround for ARM64 ERRATUM 4118414 (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: errata: Mitigate TLBI errata on Microsoft Azure Cobalt 100 CPU (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Add part number for Arm Cortex-A78AE (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add NVIDIA Olympus definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add C1-Premium definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add C1-Ultra definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add C1-Pro definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-A720AE definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Neoverse-N3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-A725 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-A720 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Add Cortex-715 CPU part definition (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Neoverse-V3AE definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add MIDR_CORTEX_A76AE (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X1C definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X925 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Neoverse-V3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X4 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Add Neoverse-V2 part (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- tcp: fix potential race in tcp_v6_syn_recv_sock() (Antoine Tenart) [RHEL-174237] {CVE-2026-43198} +- procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CKI Backport Bot) [RHEL-181898] {CVE-2026-46259} +- drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CKI Backport Bot) [RHEL-179907] {CVE-2026-46209} +- sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CKI Backport Bot) [RHEL-179857] {CVE-2026-46227} +- netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (CKI Backport Bot) [RHEL-179736] {CVE-2026-43450} +- vfs: validate inode i_link before use in get_link() (Ian Kent) [RHEL-152759] + * Mon Jun 29 2026 CKI KWF Bot [4.18.0-553.139.1.rt7.480.el8_10] - NFS: improve "Server wrote zero bytes" error (Olga Kornievskaia) [RHEL-147665]