diff --git a/.gitignore b/.gitignore index 28acd4f..0ee73c8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.82.1.rt7.423.el8_10.tar.xz +SOURCES/linux-4.18.0-553.83.1.rt7.424.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index ae7bd6e..f5c4c73 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -f4bc7409c492efca59b68af1ff9c0da4aca4c77d SOURCES/linux-4.18.0-553.82.1.rt7.423.el8_10.tar.xz +d6cfb3e2c14b7dcca5f3c6b2bcc0ef21085f2872 SOURCES/linux-4.18.0-553.83.1.rt7.424.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SOURCES/kernel-rt-x86_64-debug.config b/SOURCES/kernel-rt-x86_64-debug.config index f12a012..0d19b93 100644 --- a/SOURCES/kernel-rt-x86_64-debug.config +++ b/SOURCES/kernel-rt-x86_64-debug.config @@ -4007,6 +4007,7 @@ CONFIG_MISDN_L1OIP=m CONFIG_MISDN_NETJET=m CONFIG_MISDN_SPEEDFAX=m CONFIG_MISDN_W6692=m +CONFIG_MITIGATION_VMSCAPE=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_INFINIBAND=m diff --git a/SOURCES/kernel-rt-x86_64.config b/SOURCES/kernel-rt-x86_64.config index d9f4382..680c377 100644 --- a/SOURCES/kernel-rt-x86_64.config +++ b/SOURCES/kernel-rt-x86_64.config @@ -4007,6 +4007,7 @@ CONFIG_MISDN_L1OIP=m CONFIG_MISDN_NETJET=m CONFIG_MISDN_SPEEDFAX=m CONFIG_MISDN_W6692=m +CONFIG_MITIGATION_VMSCAPE=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_INFINIBAND=m diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 1968fbe..bc20cb0 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.82.1.rt7.423.el8_10 +%define pkgrelease 553.83.1.rt7.424.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.82.1.rt7.423%{?dist} +%define specrelease 553.83.1.rt7.424%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .423 +%global rtbuild .424 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2708,6 +2708,29 @@ fi # # %changelog +* Thu Oct 30 2025 Denys Vlasenko [4.18.0-553.83.1.rt7.424.el8_10] +- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367} +- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285] +- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781] +- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781] +- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781] +- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781] +- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781] +- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757] +- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215] +- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215] +- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215] +- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611] +- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} +- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} + * Thu Oct 23 2025 Alexandra Hájková [4.18.0-553.82.1.rt7.423.el8_10] - smb: client: fix missing timestamp updates after utime(2) (Paulo Alcantara) [RHEL-109431] - cifs: fix leak of iface for primary channel (Paulo Alcantara) [RHEL-109546]