From 05095fa8175d9455e8e1b917494f2198a0ec7c79 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Jun 2022 04:30:21 -0400 Subject: [PATCH] import kernel-rt-5.14.0-70.17.1.rt21.89.el9_0 --- .gitignore | 2 +- .kernel-rt.metadata | 2 +- SOURCES/Makefile.rhelver | 4 +- SOURCES/kernel-rt-x86_64-debug-rhel.config | 4 +- SOURCES/kernel-rt-x86_64-rhel.config | 4 +- SOURCES/rpminspect.yaml | 6 ++ SPECS/kernel.spec | 71 ++++++++++++++++++++-- 7 files changed, 79 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index c6f3f8d..8cb0b57 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/linux-5.14.0-70.13.1.rt21.83.el9_0.tar.xz +SOURCES/linux-5.14.0-70.17.1.rt21.89.el9_0.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 544f552..0794052 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,3 +1,3 @@ -4f3edf73139d54a77d67e5a6879026ab127513d8 SOURCES/linux-5.14.0-70.13.1.rt21.83.el9_0.tar.xz +f12b3867244766e37484929648856e9535572a0c SOURCES/linux-5.14.0-70.17.1.rt21.89.el9_0.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 4d44446..b352f20 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 0 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 70.13.1 +RHEL_RELEASE = 70.17.1 # # ZSTREAM @@ -66,4 +66,4 @@ ifneq ("$(ZSTREAM)", "yes") endif endif -RTBUILD:=.83 +RTBUILD:=.89 diff --git a/SOURCES/kernel-rt-x86_64-debug-rhel.config b/SOURCES/kernel-rt-x86_64-debug-rhel.config index 0e63829..99a06c5 100644 --- a/SOURCES/kernel-rt-x86_64-debug-rhel.config +++ b/SOURCES/kernel-rt-x86_64-debug-rhel.config @@ -923,7 +923,7 @@ CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_SHA512_ARM64_CE=m # CONFIG_CRYPTO_SHA512_ARM64 is not set -CONFIG_CRYPTO_SHA512_SSSE3=m +CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_SM3 is not set @@ -941,7 +941,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-rt-x86_64-rhel.config b/SOURCES/kernel-rt-x86_64-rhel.config index ede9714..fa4d048 100644 --- a/SOURCES/kernel-rt-x86_64-rhel.config +++ b/SOURCES/kernel-rt-x86_64-rhel.config @@ -923,7 +923,7 @@ CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_SHA512_ARM64_CE=m # CONFIG_CRYPTO_SHA512_ARM64 is not set -CONFIG_CRYPTO_SHA512_SSSE3=m +CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_SM3 is not set @@ -941,7 +941,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/rpminspect.yaml b/SOURCES/rpminspect.yaml index 4b0bad7..db9d0ad 100644 --- a/SOURCES/rpminspect.yaml +++ b/SOURCES/rpminspect.yaml @@ -19,6 +19,12 @@ emptyrpm: - kernel-zfcpdump - kernel-zfcpdump-devel-matched - kernel-zfcpdump-modules + specname: match: prefix primary: filename + +patches: + ignore_list: + - linux-kernel-test.patch + - patch-5.14.0-redhat.patch diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 4c0c67d..253f927 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -121,13 +121,13 @@ Summary: The Linux kernel %define kversion 5.14 %define rpmversion 5.14.0 -%define pkgrelease 70.13.1.rt21.83.el9_0 +%define pkgrelease 70.17.1.rt21.89.el9_0 # This is needed to do merge window version magic %define patchlevel 14 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 70.13.1.rt21.83%{?buildid}%{?dist} +%define specrelease 70.17.1.rt21.89%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -705,7 +705,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.14.0-70.13.1.rt21.83.el9_0.tar.xz +Source0: linux-5.14.0-70.17.1.rt21.89.el9_0.tar.xz Source1: Makefile.rhelver @@ -1416,8 +1416,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.14.0-70.13.1.rt21.83.el9_0 -c -mv linux-5.14.0-70.13.1.rt21.83.el9_0 linux-%{KVERREL} +%setup -q -n kernel-5.14.0-70.17.1.rt21.89.el9_0 -c +mv linux-5.14.0-70.17.1.rt21.89.el9_0 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -2313,6 +2313,14 @@ popd # in the source tree. We installed them previously to $RPM_BUILD_ROOT/usr # but there's no way to tell the Makefile to take them from there. %{make} %{?_smp_mflags} headers_install + +# If we re building only tools without kernel, we need to generate config +# headers and prepare tree for modules building. The modules_prepare target +# will cover both. +if [ ! -f include/generated/autoconf.h ]; then + %{make} %{?_smp_mflags} modules_prepare +fi + %{make} %{?_smp_mflags} ARCH=$Arch V=1 M=samples/bpf/ # Prevent bpf selftests to build bpftool repeatedly: @@ -3074,7 +3082,58 @@ fi # # %changelog -* Thu Apr 14 2022 Luis Claudio R. Goncalves [5.14.0-70.13.1.rt21.83.el9_0] +* Tue Jun 14 2022 Luis Claudio R. Goncalves [5.14.0-70.17.1.rt21.89.el9_0] +- [rt] build kernel-rt-5.14.0-70.17.1.rt21.89.el9_0 [2089492] +- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092992] {CVE-2022-1966} +- thunderx nic: mark device as unmaintained (Íñigo Huguet) [2092638] +- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255] +- perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087965] {CVE-2022-1729} +- spec: Fix separate tools build (Jiri Olsa) [2090852] +- mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963] + +* Wed Jun 08 2022 Luis Claudio R. Goncalves [5.14.0-70.16.1.rt21.88.el9_0] +- [rt] build kernel-rt-5.14.0-70.16.1.rt21.88.el9_0 [2089492] +- dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187] + +* Mon Jun 06 2022 Luis Claudio R. Goncalves [5.14.0-70.15.1.rt21.87.el9_0] +- [rt] build kernel-rt-5.14.0-70.15.1.rt21.87.el9_0 [2089492] +- [redhat-rt] ensure scratch builds use the z-stream build target (Luis Claudio R. Goncalves) + +* Wed Jun 01 2022 Luis Claudio R. Goncalves [5.14.0-70.15.1.rt21.85.el9_0] +- [rt] build kernel-rt-5.14.0-70.15.1.rt21.85.el9_0 [2089492] +- CI: Use zstream builder image (Veronika Kabatova) +- tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- tcp: add small random increments to the source port (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087129 2064870] {CVE-2022-1012} +- Revert "netfilter: conntrack: tag conntracks picked up in local out hook" (Florian Westphal) [2085480 2061850] +- Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" (Florian Westphal) [2085480 2061850] +- redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi) +- redhat: fix make {distg-brew,distg-koji} (Andrea Claudi) +- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082952 2082953] {CVE-2022-27666} +- esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082952 2082953] {CVE-2022-27666} +- sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856] +- security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856] +- security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856] +- security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856] +- security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856] + +* Thu May 26 2022 Juri Lelli [5.14.0-70.14.1.rt21.85.el9_0] +- [rt] build kernel-rt-5.14.0-70.14.1.rt21.85.el9_0 [2089492] +- [redhat-rt] Update RTBZ for Batch1 (Juri Lelli) + +* Thu May 12 2022 Luis Claudio R. Goncalves [5.14.0-70.14.1.rt21.84.el9_0] +- [rt] build kernel-rt-5.14.0-70.14.1.rt21.84.el9_0 [2002474] +- PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074830] +- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074830] +- redhat: rpminspect: disable 'patches' check for known empty patch files (Herton R. Krzesinski) +- redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins (Vladis Dronov) [2072643] +- CI: Drop baseline runs (Veronika Kabatova) + +* Thu Apr 14 2022 Luis Claudio R. Goncalves [5.14.0-70.13.1.rt21.82.el9_0] - [rt] build kernel-rt-5.14.0-70.13.1.rt21.82.el9_0 [2002474] - redhat: disable uncommon media device infrastructure (Jarod Wilson) [2074598] - netfilter: nf_tables: unregister flowtable hooks on netns exit (Florian Westphal) [2056869]