422a171248
* Fri Dec 23 2022 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [5.14.0-224.rt14.225.el9] - [rt] build kernel-rt-5.14.0-224.rt14.225.el9 [2125474] - tls: strp: make sure the TCP skbs do not have overlapping data (Sabrina Dubroca) [2143700] - selftests: tls: handful of memrnd() and length checks (Sabrina Dubroca) [2143700] - selftests: tls: add a test for timeo vs lock (Sabrina Dubroca) [2143700] - selftests: tls: add test for NoPad getsockopt (Sabrina Dubroca) [2143700] - selftests: tls: add selftest variant for pad (Sabrina Dubroca) [2143700] - selftests: tls: skip cmsg_to_pipe tests with TLS=n (Sabrina Dubroca) [2143700] - selftests: tls: test for correct proto_ops (Sabrina Dubroca) [2143700] - selftests: tls: test splicing decrypted records (Sabrina Dubroca) [2143700] - selftests: tls: test splicing cmsgs (Sabrina Dubroca) [2143700] - tls: rx: react to strparser initialization errors (Sabrina Dubroca) [2143700] - net/tls: Use RCU API to access tls_ctx->netdev (Sabrina Dubroca) [2143700] - tls: rx: device: don't try to copy too much on detach (Sabrina Dubroca) [2143700] - tls: rx: device: bound the frag walk (Sabrina Dubroca) [2143700] - net/tls: Remove redundant workqueue flush before destroy (Sabrina Dubroca) [2143700] - net/tls: Multi-threaded calls to TX tls_dev_del (Sabrina Dubroca) [2143700] - net/tls: Perform immediate device ctx cleanup when possible (Sabrina Dubroca) [2143700] - tls: rx: fix the false positive warning (Sabrina Dubroca) [2143700] - tls: strp: rename and multithread the workqueue (Sabrina Dubroca) [2143700] - tls: rx: don't consider sock_rcvtimeo() cumulative (Sabrina Dubroca) [2143700] - tls: rx: Fix unsigned comparison with less than zero (Sabrina Dubroca) [2143700] - tls: rx: do not use the standard strparser (Sabrina Dubroca) [2143700] - tls: rx: device: add input CoW helper (Sabrina Dubroca) [2143700] - tcp: allow tls to decrypt directly from the tcp rcv queue (Sabrina Dubroca) [2143700] - tcp: avoid indirect calls to sock_rfree (Sabrina Dubroca) [2143700] - tls: rx: device: keep the zero copy status with offload (Sabrina Dubroca) [2143700] - tls: rx: don't free the output in case of zero-copy (Sabrina Dubroca) [2143700] - redhat/configs: enable CONFIG_DEBUG_NET for debug kernel (Sabrina Dubroca) [2143700] - net: add CONFIG_DEBUG_NET (Sabrina Dubroca) [2143700] - net: add include/net/net_debug.h (Sabrina Dubroca) [2143700] - tls: rx: factor SW handling out of tls_rx_one_record() (Sabrina Dubroca) [2143700] - tls: rx: wrap recv_pkt accesses in helpers (Sabrina Dubroca) [2143700] - net/tls: Remove the context from the list in tls_device_down (Sabrina Dubroca) [2143700] - tls: rx: release the sock lock on locking timeout (Sabrina Dubroca) [2143700] - tls: rx: decrypt into a fresh skb (Sabrina Dubroca) [2143700] - tls: rx: async: don't put async zc on the list (Sabrina Dubroca) [2143700] - tls: rx: async: hold onto the input skb (Sabrina Dubroca) [2143700] - tls: rx: async: adjust record geometry immediately (Sabrina Dubroca) [2143700] - tls: rx: return the decrypted skb via darg (Sabrina Dubroca) [2143700] - tls: rx: read the input skb from ctx->recv_pkt (Sabrina Dubroca) [2143700] - tls: rx: factor out device darg update (Sabrina Dubroca) [2143700] - tls: rx: remove the message decrypted tracking (Sabrina Dubroca) [2143700] - tls: rx: don't keep decrypted skbs on ctx->recv_pkt (Sabrina Dubroca) [2143700] - tls: rx: don't try to keep the skbs always on the list (Sabrina Dubroca) [2143700] - tls: rx: allow only one reader at a time (Sabrina Dubroca) [2143700] - net/tls: Fix race in TLS device down flow (Sabrina Dubroca) [2143700] - net/tls: Check for errors in tls_device_init (Sabrina Dubroca) [2143700] - tls: rx: fix the NoPad getsockopt (Sabrina Dubroca) [2143700] - tls: rx: add counter for NoPad violations (Sabrina Dubroca) [2143700] - tls: fix spelling of MIB (Sabrina Dubroca) [2143700] - tls: rx: make tls_wait_data() return an recvmsg retcode (Sabrina Dubroca) [2143700] - tls: create an internal header (Sabrina Dubroca) [2143700] - tls: rx: coalesce exit paths in tls_decrypt_sg() (Sabrina Dubroca) [2143700] - tls: rx: wrap decrypt params in a struct (Sabrina Dubroca) [2143700] - tls: rx: always allocate max possible aad size for decrypt (Sabrina Dubroca) [2143700] - strparser: pad sk_skb_cb to avoid straddling cachelines (Sabrina Dubroca) [2143700] - tls: rx: periodically flush socket backlog (Sabrina Dubroca) [2143700] - tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3 (Sabrina Dubroca) [2143700] - docs: tls: document the TLS_TX_ZEROCOPY_RO (Sabrina Dubroca) [2143700] - tls: rx: support optimistic decrypt to user buffer with TLS 1.3 (Sabrina Dubroca) [2143700] - tls: rx: don't include tail size in data_len (Sabrina Dubroca) [2143700] - Revert "tls: rx: move counting TlsDecryptErrors for sync" (Sabrina Dubroca) [2143700] - tls: Rename TLS_INFO_ZC_SENDFILE to TLS_INFO_ZC_TX (Sabrina Dubroca) [2143700] - net: tls: fix messing up lists when bpf enabled (Sabrina Dubroca) [2143700] - tls: Add opt-in zerocopy mode of sendfile() (Sabrina Dubroca) [2143700] - tls: Fix context leak on tls_device_down (Sabrina Dubroca) [2143700] - tls: Skip tls_append_frag on zero copy size (Sabrina Dubroca) [2143700] - net: tls: fix async vs NIC crypto offload (Sabrina Dubroca) [2143700] - tls: rx: only copy IV from the packet for TLS 1.2 (Sabrina Dubroca) [2143700] - tls: rx: use MAX_IV_SIZE for allocations (Sabrina Dubroca) [2143700] - tls: rx: use async as an in-out argument (Sabrina Dubroca) [2143700] - tls: rx: return the already-copied data on crypto error (Sabrina Dubroca) [2143700] - tls: rx: treat process_rx_list() errors as transient (Sabrina Dubroca) [2143700] - tls: rx: assume crypto always calls our callback (Sabrina Dubroca) [2143700] - tls: rx: don't handle TLS 1.3 in the async crypto callback (Sabrina Dubroca) [2143700] - tls: rx: move counting TlsDecryptErrors for sync (Sabrina Dubroca) [2143700] - tls: rx: reuse leave_on_list label for psock (Sabrina Dubroca) [2143700] - tls: rx: consistently use unlocked accessors for rx_list (Sabrina Dubroca) [2143700] - tls: rx: jump out for cases which need to leave skb on list (Sabrina Dubroca) [2143700] - tls: rx: clear ctx->recv_pkt earlier (Sabrina Dubroca) [2143700] - tls: rx: inline consuming the skb at the end of the loop (Sabrina Dubroca) [2143700] - tls: rx: pull most of zc check out of the loop (Sabrina Dubroca) [2143700] - tls: rx: don't track the async count (Sabrina Dubroca) [2143700] - tls: rx: don't handle async in tls_sw_advance_skb() (Sabrina Dubroca) [2143700] - tls: rx: factor out writing ContentType to cmsg (Sabrina Dubroca) [2143700] - tls: rx: simplify async wait (Sabrina Dubroca) [2143700] - tls: rx: wrap decryption arguments in a structure (Sabrina Dubroca) [2143700] - tls: rx: don't report text length from the bowels of decrypt (Sabrina Dubroca) [2143700] - tls: rx: drop unnecessary arguments from tls_setup_from_iter() (Sabrina Dubroca) [2143700] - tls: hw: rx: use return value of tls_device_decrypted() to carry status (Sabrina Dubroca) [2143700] - tls: rx: refactor decrypt_skb_update() (Sabrina Dubroca) [2143700] - tls: rx: don't issue wake ups when data is decrypted (Sabrina Dubroca) [2143700] - tls: rx: replace 'back' with 'offset' (Sabrina Dubroca) [2143700] - tls: rx: use a define for tag length (Sabrina Dubroca) [2143700] - tls: rx: init decrypted status in tls_read_size() (Sabrina Dubroca) [2143700] - tls: rx: don't store the decryption status in socket context (Sabrina Dubroca) [2143700] - tls: rx: don't store the record type in socket context (Sabrina Dubroca) [2143700] - tls: rx: drop pointless else after goto (Sabrina Dubroca) [2143700] - tls: rx: jump to a more appropriate label (Sabrina Dubroca) [2143700] - net/tls: optimize judgement processes in tls_set_device_offload() (Sabrina Dubroca) [2143700] - net/tls: remove unnecessary jump instructions in do_tls_setsockopt_conf() (Sabrina Dubroca) [2143700] - net/tls: Provide {__,}tls_driver_ctx() unconditionally (Sabrina Dubroca) [2143700] - net/tls: simplify the tls_set_sw_offload function (Sabrina Dubroca) [2143700] - net/tls: getsockopt supports complete algorithm list (Sabrina Dubroca) [2143700] - net/tls: tls_crypto_context add supported algorithms context (Sabrina Dubroca) [2143700] - net/tls: support SM4 CCM algorithm (Sabrina Dubroca) [2143700] - net/tls: support SM4 GCM/CCM algorithm (Sabrina Dubroca) [2143700] Resolves: rhbz#2125474 Signed-off-by: Luis Claudio R. Goncalves <lgoncalv@redhat.com>
70 lines
2.3 KiB
Makefile
70 lines
2.3 KiB
Makefile
RHEL_MAJOR = 9
|
|
RHEL_MINOR = 2
|
|
|
|
#
|
|
# RHEL_RELEASE
|
|
# -------------
|
|
#
|
|
# Represents build number in 'release' part of RPM's name-version-release.
|
|
# name is <package_name>, e.g. kernel
|
|
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
|
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
RHEL_RELEASE = 224
|
|
|
|
#
|
|
# ZSTREAM
|
|
# -------
|
|
#
|
|
# This variable controls whether we use zstream numbering or not for the
|
|
# package release. The zstream release keeps the build number of the last
|
|
# build done for ystream for the Beta milestone, and increments a second
|
|
# number for each build. The third number is used for branched builds
|
|
# (eg.: for builds with security fixes or hot fixes done outside of the
|
|
# batch release process).
|
|
#
|
|
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
|
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
|
# where X is the build number. With ZSTREAM set to "yes", we will have
|
|
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
|
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
|
# build number and Z will always be 1 except if you're doing a branched build
|
|
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
|
# number will be incremented instead of the Y).
|
|
#
|
|
ZSTREAM ?= no
|
|
|
|
#
|
|
# Early y+1 numbering
|
|
# --------------------
|
|
#
|
|
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
|
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
|
# is incremented with each build starting from 1. After merge from y,
|
|
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
|
#
|
|
# Example:
|
|
#
|
|
# rhel8.0 rhel-8.1
|
|
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
|
# kernel-4.18.0-58.2.el8
|
|
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
|
# kernel-4.18.0-60.el8
|
|
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
|
#
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
EARLY_YSTREAM ?= no
|
|
EARLY_YBUILD:=
|
|
EARLY_YRELEASE:=
|
|
ifneq ("$(ZSTREAM)", "yes")
|
|
ifeq ("$(EARLY_YSTREAM)","yes")
|
|
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
|
endif
|
|
endif
|
|
|
|
RTBUILD:=.225
|