kernel-5.14.0-490.el9
* Fri Aug 02 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-490.el9]
- redhat/dracut-virt.conf: add systemd-veritysetup module (Emanuele Giuseppe Esposito) [RHEL-45168]
- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) [RHEL-45160]
- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) [RHEL-45159]
- gcc-plugins/stackleak: Avoid .head.text section (Bandan Das) [RHEL-39439]
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (Bandan Das) [RHEL-39439]
- x86/sev: Move early startup code into .head.text section (Bandan Das) [RHEL-39439]
- x86/sme: Move early SME kernel encryption handling into .head.text (Bandan Das) [RHEL-39439]
- x86/sev: Do the C-bit verification only on the BSP (Bandan Das) [RHEL-39439]
- x86/sev: Fix kernel crash due to late update to read-only ghcb_version (Bandan Das) [RHEL-39439]
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48140] {CVE-2024-40959}
- eeprom: at24: fix memory corruption race condition (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Use dev_err_probe for nvmem register failure (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Add support for 24c1025 EEPROM (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: remove struct at24_client (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- at24: Support probing while in non-zero ACPI D state (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47652] {CVE-2024-39501}
- drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47652] {CVE-2024-39501}
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47892] {CVE-2024-40927}
- PCI: pciehp: Retain Power Indicator bits for userspace indicators (Myron Stowe) [RHEL-41181]
- sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-50682]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44297] {CVE-2024-38538}
- hugetlb: force allocating surplus hugepages on mempolicy allowed nodes (Aristeu Rozanski) [RHEL-38605]
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47558] {CVE-2024-40904}
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (CKI Backport Bot) [RHEL-47535] {CVE-2024-40901}
- vmxnet3: update to version 9 (Izabela Bakollari) [RHEL-50675]
- vmxnet3: add command to allow disabling of offloads (Izabela Bakollari) [RHEL-50675]
- vmxnet3: add latency measurement support in vmxnet3 (Izabela Bakollari) [RHEL-50675]
- vmxnet3: prepare for version 9 changes (Izabela Bakollari) [RHEL-50675]
- vmxnet3: disable rx data ring on dma allocation failure (Izabela Bakollari) [RHEL-50675]
- vmxnet3: Fix missing reserved tailroom (Izabela Bakollari) [RHEL-50675]
- maple_tree: fix mas_empty_area_rev() null pointer dereference (Aristeu Rozanski) [RHEL-39862] {CVE-2024-36891}
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-50366]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-50366]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-50366]
- scsi: qedf: Set qed_slowpath_params to zero before use (John Meneghini) [RHEL-25193]
- scsi: qedf: Wait for stag work during unload (John Meneghini) [RHEL-25193]
- scsi: qedf: Don't process stag work during unload and recovery (John Meneghini) [RHEL-25193]
- scsi: qedf: Use FC rport as argument for qedf_initiate_tmf() (John Meneghini) [RHEL-25193]
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41185] {CVE-2024-36971}
- net: annotate data-races around sk->sk_dst_pending_confirm (Xin Long) [RHEL-41185]
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39719] {CVE-2024-36025}
- igb: Remove redundant runtime resume for ethtool_ops (Corinna Vinschen) [RHEL-17487]
- net: intel: implement modern PM ops declarations (Corinna Vinschen) [RHEL-17487]
- igb: simplify pci ops declaration (Corinna Vinschen) [RHEL-17487]
- igb: Fix missing time sync events (Corinna Vinschen) [RHEL-17487]
- intel: make module parameters readable in sys filesystem (Corinna Vinschen) [RHEL-17487 RHEL-25998]
- net: adopt skb_network_offset() and similar helpers (Corinna Vinschen) [RHEL-17487]
- igb: extend PTP timestamp adjustments to i211 (Corinna Vinschen) [RHEL-17487]
- net: intel: igb: Use linkmode helpers for EEE (Corinna Vinschen) [RHEL-17487]
- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-17487 RHEL-38454] {CVE-2024-36010}
- intel: legacy: field get conversion (Corinna Vinschen) [RHEL-17487]
- intel: legacy: field prep conversion (Corinna Vinschen) [RHEL-17487]
- intel: add bit macro includes where needed (Corinna Vinschen) [RHEL-17487]
- igb: Use FIELD_GET() to extract Link Width (Corinna Vinschen) [RHEL-17487]
- netdevsim: fix rtnetlink.sh selftest (CKI Backport Bot) [RHEL-50016]
- selinux: avoid dereference of garbage after mount failure (Ondrej Mosnacek) [RHEL-37187] {CVE-2024-35904}
- calipso: fix memory leak in netlbl_calipso_add_pass() (Ondrej Mosnacek) [RHEL-37044] {CVE-2023-52698}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51242] {CVE-2024-41065}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44414] {CVE-2024-37356}
- tty: add the option to have a tty reject a new ldisc (John W. Linville) [RHEL-48254] {CVE-2024-40966}
- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37024] {CVE-2024-35847}
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43714] {CVE-2024-38619}
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38285] {CVE-2023-52811}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) [RHEL-37650]
- scsi: mpi3mr: Driver version update to 8.8.1.0.50 (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Update MPI Headers to revision 31 (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Debug ability improvements (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Set the WriteSame Divert Capability in the IOCInit MPI Request (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Clear ioctl blocking flag for an unresponsive controller (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Set MPI request flags appropriately (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Block devices are not removed even when VDs are offlined (Ewan D. Milne) [RHEL-30580]
- x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (Waiman Long) [RHEL-31230]
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (Waiman Long) [RHEL-31230]
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (Waiman Long) [RHEL-31230]
- redhat/configs: Rename x86 CPU mitigations config entries (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY => CONFIG_MITIGATION_IBRS_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY => CONFIG_MITIGATION_UNRET_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_SLS => CONFIG_MITIGATION_SLS (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY => CONFIG_MITIGATION_IBPB_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE (Waiman Long) [RHEL-31230]
- kbuild: use objtool-args-y to clean up objtool arguments (Waiman Long) [RHEL-31230]
- kbuild: do not create *.prelink.o for Clang LTO or IBT (Waiman Long) [RHEL-31230]
- kbuild: replace $(linked-object) with CONFIG options (Waiman Long) [RHEL-31230]
Resolves: RHEL-17487, RHEL-25193, RHEL-25998, RHEL-30580, RHEL-31230, RHEL-37020, RHEL-37024, RHEL-37044, RHEL-37187, RHEL-37650, RHEL-38285, RHEL-38454, RHEL-38605, RHEL-39439, RHEL-39719, RHEL-39862, RHEL-41181, RHEL-41185, RHEL-43714, RHEL-44155, RHEL-44297, RHEL-44414, RHEL-45159, RHEL-45160, RHEL-45168, RHEL-47535, RHEL-47558, RHEL-47652, RHEL-47892, RHEL-48140, RHEL-48254, RHEL-50016, RHEL-50366, RHEL-50675, RHEL-50682, RHEL-51242, RHEL-37025, RHEL-38286, RHEL-39720, RHEL-39863, RHEL-37021, RHEL-44156, RHEL-38455, RHEL-44298, RHEL-43715, RHEL-37045, RHEL-37188, RHEL-41186, RHEL-47536, RHEL-47559, RHEL-47893, RHEL-48141, RHEL-47653, RHEL-48255, RHEL-44415
Signed-off-by: Scott Weaver <scweaver@redhat.com>
2024-08-02 15:47:19 +00:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
#
|
|
|
|
|
# This script inspects a given json proving a list of addons, and
|
|
|
|
|
# creates an addon for each key/value pair matching the given uki, distro and
|
|
|
|
|
# arch provided in input.
|
|
|
|
|
#
|
|
|
|
|
# Usage: python uki_create_addons.py input_json out_dir uki distro arch
|
|
|
|
|
#
|
|
|
|
|
# This tool requires the systemd-ukify and systemd-boot packages.
|
|
|
|
|
#
|
|
|
|
|
# Addon file
|
|
|
|
|
#-----------
|
|
|
|
|
# Each addon terminates with .addon
|
|
|
|
|
# Each addon contains only two types of lines:
|
|
|
|
|
# Lines beginning with '#' are description and thus ignored
|
|
|
|
|
# All other lines are command line to be added.
|
|
|
|
|
# The name of the end resulting addon is taken from the json hierarchy.
|
|
|
|
|
# For example, and addon in json['virt']['rhel']['x86_64']['hello.addon'] will
|
|
|
|
|
# result in an UKI addon file generated in out_dir called
|
|
|
|
|
# hello-virt.rhel.x86_64.addon.efi
|
|
|
|
|
#
|
|
|
|
|
# The common key, present in any sub-dict in the provided json (except the leaf dict)
|
|
|
|
|
# is used as place for default addons when the same addon is not defined deep
|
|
|
|
|
# in the hierarchy. For example, if we define test.addon (text: 'test1\n') in
|
|
|
|
|
# json['common']['test.addon'] = ['test1\n'] and another test.addon (text: test2) in
|
|
|
|
|
# json['virt']['common']['test.addon'] = ['test2'], any other uki except virt
|
|
|
|
|
# will have a test.addon.efi with text "test1", and virt will have a
|
|
|
|
|
# test.addon.efi with "test2"
|
|
|
|
|
#
|
|
|
|
|
# sbat.conf
|
|
|
|
|
#----------
|
|
|
|
|
# This dict is containing the sbat string for *all* addons being created.
|
|
|
|
|
# This dict is optional, but when used has to be put in a sub-dict with
|
|
|
|
|
# { 'sbat' : { 'sbat.conf' : ['your text here'] }}
|
|
|
|
|
# It follows the same syntax as the addon files, meaning '#' is comment and
|
|
|
|
|
# the rest is taken as sbat string and feed to ukify.
|
|
|
|
|
|
|
|
|
|
import os
|
|
|
|
|
import sys
|
|
|
|
|
import json
|
|
|
|
|
import collections
|
|
|
|
|
import subprocess
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UKIFY_PATH = '/usr/lib/systemd/ukify'
|
|
|
|
|
|
|
|
|
|
def usage(err):
|
|
|
|
|
print(f'Usage: {os.path.basename(__file__)} input_json output_dir uki distro arch')
|
|
|
|
|
print(f'Error:{err}')
|
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
|
|
def check_clean_arguments(input_json, out_dir):
|
|
|
|
|
# Remove end '/'
|
|
|
|
|
if out_dir[-1:] == '/':
|
|
|
|
|
out_dir = out_dir[:-1]
|
|
|
|
|
if not os.path.isfile(input_json):
|
|
|
|
|
usage(f'input_json {input_json} is not a file, or does not exist!')
|
|
|
|
|
if not os.path.isdir(out_dir):
|
|
|
|
|
usage(f'out_dir_dir {out_dir} is not a dir, or does not exist!')
|
|
|
|
|
return out_dir
|
|
|
|
|
|
|
|
|
|
UKICmdlineAddon = collections.namedtuple('UKICmdlineAddon', ['name', 'cmdline'])
|
|
|
|
|
uki_addons_list = []
|
|
|
|
|
uki_addons = {}
|
|
|
|
|
addon_sbat_string = None
|
|
|
|
|
|
|
|
|
|
def parse_lines(lines, rstrip=True):
|
|
|
|
|
cmdline = ''
|
|
|
|
|
for l in lines:
|
|
|
|
|
l = l.lstrip()
|
|
|
|
|
if not l:
|
|
|
|
|
continue
|
|
|
|
|
if l[0] == '#':
|
|
|
|
|
continue
|
|
|
|
|
# rstrip is used only for addons cmdline, not sbat.conf, as it replaces
|
|
|
|
|
# return lines with spaces.
|
|
|
|
|
if rstrip:
|
|
|
|
|
l = l.rstrip() + ' '
|
|
|
|
|
cmdline += l
|
|
|
|
|
if cmdline == '':
|
|
|
|
|
return ''
|
|
|
|
|
return cmdline
|
|
|
|
|
|
|
|
|
|
def parse_all_addons(in_obj):
|
|
|
|
|
global addon_sbat_string
|
|
|
|
|
|
|
|
|
|
for el in in_obj.keys():
|
|
|
|
|
# addon found: copy it in our global dict uki_addons
|
|
|
|
|
if el.endswith('.addon'):
|
|
|
|
|
uki_addons[el] = in_obj[el]
|
|
|
|
|
|
|
|
|
|
if 'sbat' in in_obj and 'sbat.conf' in in_obj['sbat']:
|
|
|
|
|
# sbat.conf found: override sbat with the most specific one found
|
|
|
|
|
addon_sbat_string = parse_lines(in_obj['sbat']['sbat.conf'], rstrip=False)
|
|
|
|
|
|
|
|
|
|
def recursively_find_addons(in_obj, folder_list):
|
|
|
|
|
# end of recursion, leaf directory. Search all addons here
|
|
|
|
|
if len(folder_list) == 0:
|
|
|
|
|
parse_all_addons(in_obj)
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
# first, check for common folder
|
|
|
|
|
if 'common' in in_obj:
|
|
|
|
|
parse_all_addons(in_obj['common'])
|
|
|
|
|
|
|
|
|
|
# second, check if there is a match with the searched folder
|
|
|
|
|
if folder_list[0] in in_obj:
|
|
|
|
|
folder_next = in_obj[folder_list[0]]
|
|
|
|
|
folder_list = folder_list[1:]
|
|
|
|
|
recursively_find_addons(folder_next, folder_list)
|
|
|
|
|
|
|
|
|
|
def parse_in_json(in_json, uki_name, distro, arch):
|
|
|
|
|
with open(in_json, 'r') as f:
|
|
|
|
|
in_obj = json.load(f)
|
|
|
|
|
recursively_find_addons(in_obj, [uki_name, distro, arch])
|
|
|
|
|
|
|
|
|
|
for addon_name, cmdline in uki_addons.items():
|
|
|
|
|
addon_name = addon_name.replace(".addon","")
|
|
|
|
|
addon_full_name = f'{addon_name}-{uki_name}.{distro}.{arch}.addon.efi'
|
|
|
|
|
cmdline = parse_lines(cmdline).rstrip()
|
|
|
|
|
if cmdline:
|
|
|
|
|
uki_addons_list.append(UKICmdlineAddon(addon_full_name, cmdline))
|
|
|
|
|
|
|
|
|
|
def create_addons(out_dir):
|
|
|
|
|
for uki_addon in uki_addons_list:
|
|
|
|
|
out_path = os.path.join(out_dir, uki_addon.name)
|
|
|
|
|
cmd = [
|
|
|
|
|
f'{UKIFY_PATH}', 'build',
|
kernel-5.14.0-535.el9
* Wed Nov 27 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-535.el9]
- redhat: create 'crashkernel=' addons for UKI (Vitaly Kuznetsov) [RHEL-33051]
- redhat: avoid superfluous quotes in UKI cmdline addones (Vitaly Kuznetsov) [RHEL-33051]
- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y (Baoquan He) [RHEL-39727]
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66855] {CVE-2024-50251}
- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66836] {CVE-2024-50226}
- fs/netfs/fscache_cookie: add missing "n_accesses" check (CKI Backport Bot) [RHEL-57214] {CVE-2024-45000}
- ACPI: sysfs: validate return type of _STR method (CKI Backport Bot) [RHEL-63262] {CVE-2024-49860}
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CKI Backport Bot) [RHEL-65117] {CVE-2024-50073}
- ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-64453] {CVE-2024-49935}
- ext4: avoid use-after-free in ext4_ext_show_leaf() (CKI Backport Bot) [RHEL-64591] {CVE-2024-49889}
- kthread: unpark only parked kthread (Radostin Stoyanov) [RHEL-63788] {CVE-2024-50019}
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66968] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66968] {CVE-2024-50192}
- selftests: fib_nexthops: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365]
- selftests: router_mpath_nh_res: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365]
- selftests: router_mpath_nh: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365]
- selftests: router_mpath: Sleep after MZ (Ivan Vecera) [RHEL-68365]
- net: nexthop: Increase weight to u16 (Ivan Vecera) [RHEL-68365]
- net: nexthop: Add flag to assert that NHGRP reserved fields are zero (Ivan Vecera) [RHEL-68365]
- mm, slub: avoid zeroing kmalloc redzone (Waiman Long) [RHEL-64035] {CVE-2024-49885}
- mm/slub: avoid zeroing outside-object freepointer for single free (Waiman Long) [RHEL-64035]
- slub, kasan: improve interaction of KASAN and slub_debug poisoning (Waiman Long) [RHEL-64035]
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CKI Backport Bot) [RHEL-64518] {CVE-2024-49959}
- page_pool: export page_pool_disable_direct_recycling() (Felix Maurer) [RHEL-57765]
- page_pool: fix &page_pool_params kdoc issues (Felix Maurer) [RHEL-57765]
- xsk: use generic DMA sync shortcut instead of a custom one (Felix Maurer) [RHEL-57765]
- page_pool: check for DMA sync shortcut earlier (Felix Maurer) [RHEL-57765]
- page_pool: don't use driver-set flags field directly (Felix Maurer) [RHEL-57765]
- page_pool: make sure frag API fields don't span between cachelines (Felix Maurer) [RHEL-57765]
- page_pool: add DMA-sync-for-CPU inline helper (Felix Maurer) [RHEL-57765]
- page_pool: constify some read-only function arguments (Felix Maurer) [RHEL-57765]
- page_pool: try direct bulk recycling (Felix Maurer) [RHEL-57765]
- page_pool: check for PP direct cache locality later (Felix Maurer) [RHEL-57765]
- net: page_pool: factor out page_pool recycle check (Felix Maurer) [RHEL-57765]
- net: page_pool: fix recycle stats for system page_pool allocator (Felix Maurer) [RHEL-57765]
- page_pool: disable direct recycling based on pool->cpuid on destroy (Felix Maurer) [RHEL-57765]
- scsi: lpfc: Update lpfc version to 14.4.0.5 (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Support loopback tests with VMID enabled (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Remove trailing space after \n newline (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update lpfc version to 14.4.0.4 (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update PRLO handling in direct attached topology (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Remove redundant vport assignment when building an abort request (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update lpfc version to 14.4.0.3 (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (Dick Kennedy) [RHEL-53595]
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (CKI Backport Bot) [RHEL-54875] {CVE-2024-43820}
- ACPI: PRM: Clean up guid type in struct prm_handler_info (Mark Langsdorf) [RHEL-66520] {CVE-2024-50141}
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (CKI Backport Bot) [RHEL-66520] {CVE-2024-50141}
- ext4: force disable fscrypt feature (Brian Foster) [RHEL-41061]
- exfat: fix memory leak in exfat_load_bitmap() (CKI Backport Bot) [RHEL-63633] {CVE-2024-50013}
- nbd: fix race between timeout and normal completion (Ming Lei) [RHEL-55992]
- nfsd: map the EBADMSG to nfserr_io to avoid warning (Olga Kornievskaia) [RHEL-63586] {CVE-2024-49875}
- bpf: Use nla_ok() instead of checking nla_len directly (Petr Oros) [RHEL-57755]
- devlink: use kvzalloc() to allocate devlink instance resources (Petr Oros) [RHEL-57755]
- Documentation: Add documentation for eswitch attribute (Petr Oros) [RHEL-57755]
- devlink: fix port new reply cmd type (Petr Oros) [RHEL-57755]
- tools: ynl: add header guards for nlctrl (Petr Oros) [RHEL-57755]
- devlink: Add comments to use netlink gen tool (Petr Oros) [RHEL-57755]
- net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID (Petr Oros) [RHEL-57755]
- netlink: specs: support generating code for genl socket priv (Petr Oros) [RHEL-57755]
- tools: ynl: remove trailing semicolon (Petr Oros) [RHEL-57755]
- netlink: specs: support unterminated-ok (Petr Oros) [RHEL-57755]
- tools: ynl-gen: support using pre-defined values in attr checks (Petr Oros) [RHEL-57755]
- ynl: samples: fix recycling rate calculation (Petr Oros) [RHEL-57755]
- tools: ynl: Fix spelling mistake "Constructred" -> "Constructed" (Petr Oros) [RHEL-57755]
- doc/netlink/specs: Add spec for nlctrl netlink family (Petr Oros) [RHEL-57755]
- doc/netlink: Allow empty enum-name in ynl specs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add nest-type-value decoding (Petr Oros) [RHEL-57755]
- tools/net/ynl: Fix c codegen for array-nest (Petr Oros) [RHEL-57755]
- tools/net/ynl: Fix extack decoding for netlink-raw (Petr Oros) [RHEL-57755]
- tools: ynl: check for overflow of constructed messages (Petr Oros) [RHEL-57755]
- tools: ynl: add --dbg-small-recv for easier kernel testing (Petr Oros) [RHEL-57755]
- tools: ynl: support debug printing messages (Petr Oros) [RHEL-57755]
- tools: ynl: allow setting recv() size (Petr Oros) [RHEL-57755]
- tools: ynl: move the new line in NlMsg __repr__ (Petr Oros) [RHEL-57755]
- tools: ynl: remove __pycache__ during clean (Petr Oros) [RHEL-57755]
- tools: ynl: add distclean to .PHONY in all makefiles (Petr Oros) [RHEL-57755]
- tools: ynl: rename make hardclean -> distclean (Petr Oros) [RHEL-57755]
- genetlink: fit NLMSG_DONE into same read() as families (Petr Oros) [RHEL-57755]
- netdev: let netlink core handle -EMSGSIZE errors (Petr Oros) [RHEL-57755]
- netlink: handle EMSGSIZE errors in the core (Petr Oros) [RHEL-57755]
- tools: ynl: use MSG_DONTWAIT for getting notifications (Petr Oros) [RHEL-57755]
- tools: ynl: remove the libmnl dependency (Petr Oros) [RHEL-57755]
- tools: ynl: stop using mnl socket helpers (Petr Oros) [RHEL-57755]
- tools: ynl: switch away from MNL_CB_* (Petr Oros) [RHEL-57755]
- tools: ynl: switch away from mnl_cb_t (Petr Oros) [RHEL-57755]
- tools: ynl: stop using mnl_cb_run2() (Petr Oros) [RHEL-57755]
- tools: ynl: use ynl_sock_read_msgs() for ACK handling (Petr Oros) [RHEL-57755]
- tools: ynl: wrap recv() + mnl_cb_run2() into a single helper (Petr Oros) [RHEL-57755]
- tools: ynl-gen: remove unused parse code (Petr Oros) [RHEL-57755]
- tools: ynl: make yarg the first member of struct ynl_dump_state (Petr Oros) [RHEL-57755]
- tools: ynl: create local ARRAY_SIZE() helper (Petr Oros) [RHEL-57755]
- tools: ynl: create local nlmsg access helpers (Petr Oros) [RHEL-57755]
- tools: ynl: create local for_each helpers (Petr Oros) [RHEL-57755]
- tools: ynl: create local attribute helpers (Petr Oros) [RHEL-57755]
- tools: ynl: give up on libmnl for auto-ints (Petr Oros) [RHEL-57755]
- tools: ynl: protect from old OvS headers (Petr Oros) [RHEL-57755]
- tools: ynl: fix header guards (Petr Oros) [RHEL-57755]
- genetlink: make info in GENL_REQ_ATTR_CHECK() const (Petr Oros) [RHEL-57755]
- tools: ynl: allow user to pass enum string instead of scalar value (Petr Oros) [RHEL-57755]
- tools: ynl: process all scalar types encoding in single elif statement (Petr Oros) [RHEL-57755]
- tools: ynl: allow user to specify flag attr with bool values (Petr Oros) [RHEL-57755]
- tools: ynl: don't access uninitialized attr_space variable (Petr Oros) [RHEL-57755]
- tools: ynl: add support for encoding multi-attr (Petr Oros) [RHEL-57755]
- doc: netlink: specs: tc: add multi-attr to tc-taprio-sched-entry (Petr Oros) [RHEL-57755]
- tools: ynl: correct typo and docstring (Petr Oros) [RHEL-57755]
- Documentation: Fix counter name of mlx5 vnic reporter (Petr Oros) [RHEL-57755]
- net: make dev_unreg_count global (Petr Oros) [RHEL-57755]
- tools: ynl: auto-gen for all genetlink families (Petr Oros) [RHEL-57755]
- tools: ynl: generate code for ovs families (Petr Oros) [RHEL-57755]
- tools: ynl: include dpll and mptcp_pm in C codegen (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add type info to struct members in generated docs (Petr Oros) [RHEL-57755]
- doc/netlink: Describe nested structs in netlink raw docs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add support for nested structs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Move formatted_string method out of NlAttr (Petr Oros) [RHEL-57755]
- tools/net/ynl: Rename _fixed_header_size() to _struct_size() (Petr Oros) [RHEL-57755]
- tools/net/ynl: Combine struct decoding logic in ynl (Petr Oros) [RHEL-57755]
- tools/net/ynl: Encode default values for binary blobs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add support for encoding sub-messages (Petr Oros) [RHEL-57755]
- tools/net/ynl: Refactor fixed header encoding into separate method (Petr Oros) [RHEL-57755]
- doc/netlink: Describe sub-message selector resolution (Petr Oros) [RHEL-57755]
- tools/net/ynl: Support sub-messages in nested attribute spaces (Petr Oros) [RHEL-57755]
- netlink: Return unsigned value for nla_len() (Petr Oros) [RHEL-57755]
- tools: ynl: move private definitions to a separate header (Petr Oros) [RHEL-57755]
- tools: ynl: remove generated user space code from git (Petr Oros) [RHEL-57755]
- ice: document RDMA devlink parameters (Petr Oros) [RHEL-57755]
- tracing: devlink: Use static array for string in devlink_trap_report event (Petr Oros) [RHEL-57755]
- net: get rid of rtnl_lock_unregistering() (Petr Oros) [RHEL-57755]
- netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage. (Michal Schmidt) [RHEL-59089]
- locking/local_lock: Add local nested BH locking infrastructure. (Michal Schmidt) [RHEL-59089]
- locking/local_lock: Introduce guard definition for local_lock. (Michal Schmidt) [RHEL-59089]
- vhost_vdpa: assign irq bypass producer token correctly (Cindy Lu) [RHEL-63364] {CVE-2024-47748}
- nfsd: call cache_put if xdr_reserve_space returns NULL (Olga Kornievskaia) [RHEL-63382] {CVE-2024-47737}
Resolves: RHEL-33051, RHEL-39727, RHEL-41061, RHEL-53595, RHEL-54875, RHEL-55992, RHEL-57214, RHEL-57755, RHEL-57765, RHEL-59089, RHEL-63262, RHEL-63364, RHEL-63382, RHEL-63586, RHEL-63633, RHEL-63788, RHEL-64035, RHEL-64453, RHEL-64518, RHEL-64591, RHEL-65117, RHEL-66520, RHEL-66836, RHEL-66855, RHEL-66968, RHEL-68365
Signed-off-by: Rado Vrbovsky <rvrbovsk@redhat.com>
2024-11-27 14:54:41 +00:00
|
|
|
'--cmdline', uki_addon.cmdline,
|
|
|
|
|
'--output', out_path]
|
kernel-5.14.0-490.el9
* Fri Aug 02 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-490.el9]
- redhat/dracut-virt.conf: add systemd-veritysetup module (Emanuele Giuseppe Esposito) [RHEL-45168]
- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) [RHEL-45160]
- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) [RHEL-45159]
- gcc-plugins/stackleak: Avoid .head.text section (Bandan Das) [RHEL-39439]
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (Bandan Das) [RHEL-39439]
- x86/sev: Move early startup code into .head.text section (Bandan Das) [RHEL-39439]
- x86/sme: Move early SME kernel encryption handling into .head.text (Bandan Das) [RHEL-39439]
- x86/sev: Do the C-bit verification only on the BSP (Bandan Das) [RHEL-39439]
- x86/sev: Fix kernel crash due to late update to read-only ghcb_version (Bandan Das) [RHEL-39439]
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48140] {CVE-2024-40959}
- eeprom: at24: fix memory corruption race condition (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Use dev_err_probe for nvmem register failure (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Add support for 24c1025 EEPROM (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: remove struct at24_client (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- at24: Support probing while in non-zero ACPI D state (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47652] {CVE-2024-39501}
- drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47652] {CVE-2024-39501}
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47892] {CVE-2024-40927}
- PCI: pciehp: Retain Power Indicator bits for userspace indicators (Myron Stowe) [RHEL-41181]
- sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-50682]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44297] {CVE-2024-38538}
- hugetlb: force allocating surplus hugepages on mempolicy allowed nodes (Aristeu Rozanski) [RHEL-38605]
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47558] {CVE-2024-40904}
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (CKI Backport Bot) [RHEL-47535] {CVE-2024-40901}
- vmxnet3: update to version 9 (Izabela Bakollari) [RHEL-50675]
- vmxnet3: add command to allow disabling of offloads (Izabela Bakollari) [RHEL-50675]
- vmxnet3: add latency measurement support in vmxnet3 (Izabela Bakollari) [RHEL-50675]
- vmxnet3: prepare for version 9 changes (Izabela Bakollari) [RHEL-50675]
- vmxnet3: disable rx data ring on dma allocation failure (Izabela Bakollari) [RHEL-50675]
- vmxnet3: Fix missing reserved tailroom (Izabela Bakollari) [RHEL-50675]
- maple_tree: fix mas_empty_area_rev() null pointer dereference (Aristeu Rozanski) [RHEL-39862] {CVE-2024-36891}
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-50366]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-50366]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-50366]
- scsi: qedf: Set qed_slowpath_params to zero before use (John Meneghini) [RHEL-25193]
- scsi: qedf: Wait for stag work during unload (John Meneghini) [RHEL-25193]
- scsi: qedf: Don't process stag work during unload and recovery (John Meneghini) [RHEL-25193]
- scsi: qedf: Use FC rport as argument for qedf_initiate_tmf() (John Meneghini) [RHEL-25193]
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41185] {CVE-2024-36971}
- net: annotate data-races around sk->sk_dst_pending_confirm (Xin Long) [RHEL-41185]
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39719] {CVE-2024-36025}
- igb: Remove redundant runtime resume for ethtool_ops (Corinna Vinschen) [RHEL-17487]
- net: intel: implement modern PM ops declarations (Corinna Vinschen) [RHEL-17487]
- igb: simplify pci ops declaration (Corinna Vinschen) [RHEL-17487]
- igb: Fix missing time sync events (Corinna Vinschen) [RHEL-17487]
- intel: make module parameters readable in sys filesystem (Corinna Vinschen) [RHEL-17487 RHEL-25998]
- net: adopt skb_network_offset() and similar helpers (Corinna Vinschen) [RHEL-17487]
- igb: extend PTP timestamp adjustments to i211 (Corinna Vinschen) [RHEL-17487]
- net: intel: igb: Use linkmode helpers for EEE (Corinna Vinschen) [RHEL-17487]
- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-17487 RHEL-38454] {CVE-2024-36010}
- intel: legacy: field get conversion (Corinna Vinschen) [RHEL-17487]
- intel: legacy: field prep conversion (Corinna Vinschen) [RHEL-17487]
- intel: add bit macro includes where needed (Corinna Vinschen) [RHEL-17487]
- igb: Use FIELD_GET() to extract Link Width (Corinna Vinschen) [RHEL-17487]
- netdevsim: fix rtnetlink.sh selftest (CKI Backport Bot) [RHEL-50016]
- selinux: avoid dereference of garbage after mount failure (Ondrej Mosnacek) [RHEL-37187] {CVE-2024-35904}
- calipso: fix memory leak in netlbl_calipso_add_pass() (Ondrej Mosnacek) [RHEL-37044] {CVE-2023-52698}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51242] {CVE-2024-41065}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44414] {CVE-2024-37356}
- tty: add the option to have a tty reject a new ldisc (John W. Linville) [RHEL-48254] {CVE-2024-40966}
- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37024] {CVE-2024-35847}
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43714] {CVE-2024-38619}
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38285] {CVE-2023-52811}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) [RHEL-37650]
- scsi: mpi3mr: Driver version update to 8.8.1.0.50 (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Update MPI Headers to revision 31 (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Debug ability improvements (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Set the WriteSame Divert Capability in the IOCInit MPI Request (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Clear ioctl blocking flag for an unresponsive controller (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Set MPI request flags appropriately (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Block devices are not removed even when VDs are offlined (Ewan D. Milne) [RHEL-30580]
- x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (Waiman Long) [RHEL-31230]
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (Waiman Long) [RHEL-31230]
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (Waiman Long) [RHEL-31230]
- redhat/configs: Rename x86 CPU mitigations config entries (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY => CONFIG_MITIGATION_IBRS_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY => CONFIG_MITIGATION_UNRET_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_SLS => CONFIG_MITIGATION_SLS (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY => CONFIG_MITIGATION_IBPB_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE (Waiman Long) [RHEL-31230]
- kbuild: use objtool-args-y to clean up objtool arguments (Waiman Long) [RHEL-31230]
- kbuild: do not create *.prelink.o for Clang LTO or IBT (Waiman Long) [RHEL-31230]
- kbuild: replace $(linked-object) with CONFIG options (Waiman Long) [RHEL-31230]
Resolves: RHEL-17487, RHEL-25193, RHEL-25998, RHEL-30580, RHEL-31230, RHEL-37020, RHEL-37024, RHEL-37044, RHEL-37187, RHEL-37650, RHEL-38285, RHEL-38454, RHEL-38605, RHEL-39439, RHEL-39719, RHEL-39862, RHEL-41181, RHEL-41185, RHEL-43714, RHEL-44155, RHEL-44297, RHEL-44414, RHEL-45159, RHEL-45160, RHEL-45168, RHEL-47535, RHEL-47558, RHEL-47652, RHEL-47892, RHEL-48140, RHEL-48254, RHEL-50016, RHEL-50366, RHEL-50675, RHEL-50682, RHEL-51242, RHEL-37025, RHEL-38286, RHEL-39720, RHEL-39863, RHEL-37021, RHEL-44156, RHEL-38455, RHEL-44298, RHEL-43715, RHEL-37045, RHEL-37188, RHEL-41186, RHEL-47536, RHEL-47559, RHEL-47893, RHEL-48141, RHEL-47653, RHEL-48255, RHEL-44415
Signed-off-by: Scott Weaver <scweaver@redhat.com>
2024-08-02 15:47:19 +00:00
|
|
|
if addon_sbat_string:
|
kernel-5.14.0-535.el9
* Wed Nov 27 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-535.el9]
- redhat: create 'crashkernel=' addons for UKI (Vitaly Kuznetsov) [RHEL-33051]
- redhat: avoid superfluous quotes in UKI cmdline addones (Vitaly Kuznetsov) [RHEL-33051]
- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y (Baoquan He) [RHEL-39727]
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66855] {CVE-2024-50251}
- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66836] {CVE-2024-50226}
- fs/netfs/fscache_cookie: add missing "n_accesses" check (CKI Backport Bot) [RHEL-57214] {CVE-2024-45000}
- ACPI: sysfs: validate return type of _STR method (CKI Backport Bot) [RHEL-63262] {CVE-2024-49860}
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CKI Backport Bot) [RHEL-65117] {CVE-2024-50073}
- ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-64453] {CVE-2024-49935}
- ext4: avoid use-after-free in ext4_ext_show_leaf() (CKI Backport Bot) [RHEL-64591] {CVE-2024-49889}
- kthread: unpark only parked kthread (Radostin Stoyanov) [RHEL-63788] {CVE-2024-50019}
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66968] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66968] {CVE-2024-50192}
- selftests: fib_nexthops: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365]
- selftests: router_mpath_nh_res: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365]
- selftests: router_mpath_nh: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365]
- selftests: router_mpath: Sleep after MZ (Ivan Vecera) [RHEL-68365]
- net: nexthop: Increase weight to u16 (Ivan Vecera) [RHEL-68365]
- net: nexthop: Add flag to assert that NHGRP reserved fields are zero (Ivan Vecera) [RHEL-68365]
- mm, slub: avoid zeroing kmalloc redzone (Waiman Long) [RHEL-64035] {CVE-2024-49885}
- mm/slub: avoid zeroing outside-object freepointer for single free (Waiman Long) [RHEL-64035]
- slub, kasan: improve interaction of KASAN and slub_debug poisoning (Waiman Long) [RHEL-64035]
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CKI Backport Bot) [RHEL-64518] {CVE-2024-49959}
- page_pool: export page_pool_disable_direct_recycling() (Felix Maurer) [RHEL-57765]
- page_pool: fix &page_pool_params kdoc issues (Felix Maurer) [RHEL-57765]
- xsk: use generic DMA sync shortcut instead of a custom one (Felix Maurer) [RHEL-57765]
- page_pool: check for DMA sync shortcut earlier (Felix Maurer) [RHEL-57765]
- page_pool: don't use driver-set flags field directly (Felix Maurer) [RHEL-57765]
- page_pool: make sure frag API fields don't span between cachelines (Felix Maurer) [RHEL-57765]
- page_pool: add DMA-sync-for-CPU inline helper (Felix Maurer) [RHEL-57765]
- page_pool: constify some read-only function arguments (Felix Maurer) [RHEL-57765]
- page_pool: try direct bulk recycling (Felix Maurer) [RHEL-57765]
- page_pool: check for PP direct cache locality later (Felix Maurer) [RHEL-57765]
- net: page_pool: factor out page_pool recycle check (Felix Maurer) [RHEL-57765]
- net: page_pool: fix recycle stats for system page_pool allocator (Felix Maurer) [RHEL-57765]
- page_pool: disable direct recycling based on pool->cpuid on destroy (Felix Maurer) [RHEL-57765]
- scsi: lpfc: Update lpfc version to 14.4.0.5 (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Support loopback tests with VMID enabled (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Remove trailing space after \n newline (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update lpfc version to 14.4.0.4 (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update PRLO handling in direct attached topology (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Remove redundant vport assignment when building an abort request (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Update lpfc version to 14.4.0.3 (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (Dick Kennedy) [RHEL-53595]
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (Dick Kennedy) [RHEL-53595]
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (CKI Backport Bot) [RHEL-54875] {CVE-2024-43820}
- ACPI: PRM: Clean up guid type in struct prm_handler_info (Mark Langsdorf) [RHEL-66520] {CVE-2024-50141}
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (CKI Backport Bot) [RHEL-66520] {CVE-2024-50141}
- ext4: force disable fscrypt feature (Brian Foster) [RHEL-41061]
- exfat: fix memory leak in exfat_load_bitmap() (CKI Backport Bot) [RHEL-63633] {CVE-2024-50013}
- nbd: fix race between timeout and normal completion (Ming Lei) [RHEL-55992]
- nfsd: map the EBADMSG to nfserr_io to avoid warning (Olga Kornievskaia) [RHEL-63586] {CVE-2024-49875}
- bpf: Use nla_ok() instead of checking nla_len directly (Petr Oros) [RHEL-57755]
- devlink: use kvzalloc() to allocate devlink instance resources (Petr Oros) [RHEL-57755]
- Documentation: Add documentation for eswitch attribute (Petr Oros) [RHEL-57755]
- devlink: fix port new reply cmd type (Petr Oros) [RHEL-57755]
- tools: ynl: add header guards for nlctrl (Petr Oros) [RHEL-57755]
- devlink: Add comments to use netlink gen tool (Petr Oros) [RHEL-57755]
- net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID (Petr Oros) [RHEL-57755]
- netlink: specs: support generating code for genl socket priv (Petr Oros) [RHEL-57755]
- tools: ynl: remove trailing semicolon (Petr Oros) [RHEL-57755]
- netlink: specs: support unterminated-ok (Petr Oros) [RHEL-57755]
- tools: ynl-gen: support using pre-defined values in attr checks (Petr Oros) [RHEL-57755]
- ynl: samples: fix recycling rate calculation (Petr Oros) [RHEL-57755]
- tools: ynl: Fix spelling mistake "Constructred" -> "Constructed" (Petr Oros) [RHEL-57755]
- doc/netlink/specs: Add spec for nlctrl netlink family (Petr Oros) [RHEL-57755]
- doc/netlink: Allow empty enum-name in ynl specs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add nest-type-value decoding (Petr Oros) [RHEL-57755]
- tools/net/ynl: Fix c codegen for array-nest (Petr Oros) [RHEL-57755]
- tools/net/ynl: Fix extack decoding for netlink-raw (Petr Oros) [RHEL-57755]
- tools: ynl: check for overflow of constructed messages (Petr Oros) [RHEL-57755]
- tools: ynl: add --dbg-small-recv for easier kernel testing (Petr Oros) [RHEL-57755]
- tools: ynl: support debug printing messages (Petr Oros) [RHEL-57755]
- tools: ynl: allow setting recv() size (Petr Oros) [RHEL-57755]
- tools: ynl: move the new line in NlMsg __repr__ (Petr Oros) [RHEL-57755]
- tools: ynl: remove __pycache__ during clean (Petr Oros) [RHEL-57755]
- tools: ynl: add distclean to .PHONY in all makefiles (Petr Oros) [RHEL-57755]
- tools: ynl: rename make hardclean -> distclean (Petr Oros) [RHEL-57755]
- genetlink: fit NLMSG_DONE into same read() as families (Petr Oros) [RHEL-57755]
- netdev: let netlink core handle -EMSGSIZE errors (Petr Oros) [RHEL-57755]
- netlink: handle EMSGSIZE errors in the core (Petr Oros) [RHEL-57755]
- tools: ynl: use MSG_DONTWAIT for getting notifications (Petr Oros) [RHEL-57755]
- tools: ynl: remove the libmnl dependency (Petr Oros) [RHEL-57755]
- tools: ynl: stop using mnl socket helpers (Petr Oros) [RHEL-57755]
- tools: ynl: switch away from MNL_CB_* (Petr Oros) [RHEL-57755]
- tools: ynl: switch away from mnl_cb_t (Petr Oros) [RHEL-57755]
- tools: ynl: stop using mnl_cb_run2() (Petr Oros) [RHEL-57755]
- tools: ynl: use ynl_sock_read_msgs() for ACK handling (Petr Oros) [RHEL-57755]
- tools: ynl: wrap recv() + mnl_cb_run2() into a single helper (Petr Oros) [RHEL-57755]
- tools: ynl-gen: remove unused parse code (Petr Oros) [RHEL-57755]
- tools: ynl: make yarg the first member of struct ynl_dump_state (Petr Oros) [RHEL-57755]
- tools: ynl: create local ARRAY_SIZE() helper (Petr Oros) [RHEL-57755]
- tools: ynl: create local nlmsg access helpers (Petr Oros) [RHEL-57755]
- tools: ynl: create local for_each helpers (Petr Oros) [RHEL-57755]
- tools: ynl: create local attribute helpers (Petr Oros) [RHEL-57755]
- tools: ynl: give up on libmnl for auto-ints (Petr Oros) [RHEL-57755]
- tools: ynl: protect from old OvS headers (Petr Oros) [RHEL-57755]
- tools: ynl: fix header guards (Petr Oros) [RHEL-57755]
- genetlink: make info in GENL_REQ_ATTR_CHECK() const (Petr Oros) [RHEL-57755]
- tools: ynl: allow user to pass enum string instead of scalar value (Petr Oros) [RHEL-57755]
- tools: ynl: process all scalar types encoding in single elif statement (Petr Oros) [RHEL-57755]
- tools: ynl: allow user to specify flag attr with bool values (Petr Oros) [RHEL-57755]
- tools: ynl: don't access uninitialized attr_space variable (Petr Oros) [RHEL-57755]
- tools: ynl: add support for encoding multi-attr (Petr Oros) [RHEL-57755]
- doc: netlink: specs: tc: add multi-attr to tc-taprio-sched-entry (Petr Oros) [RHEL-57755]
- tools: ynl: correct typo and docstring (Petr Oros) [RHEL-57755]
- Documentation: Fix counter name of mlx5 vnic reporter (Petr Oros) [RHEL-57755]
- net: make dev_unreg_count global (Petr Oros) [RHEL-57755]
- tools: ynl: auto-gen for all genetlink families (Petr Oros) [RHEL-57755]
- tools: ynl: generate code for ovs families (Petr Oros) [RHEL-57755]
- tools: ynl: include dpll and mptcp_pm in C codegen (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add type info to struct members in generated docs (Petr Oros) [RHEL-57755]
- doc/netlink: Describe nested structs in netlink raw docs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add support for nested structs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Move formatted_string method out of NlAttr (Petr Oros) [RHEL-57755]
- tools/net/ynl: Rename _fixed_header_size() to _struct_size() (Petr Oros) [RHEL-57755]
- tools/net/ynl: Combine struct decoding logic in ynl (Petr Oros) [RHEL-57755]
- tools/net/ynl: Encode default values for binary blobs (Petr Oros) [RHEL-57755]
- tools/net/ynl: Add support for encoding sub-messages (Petr Oros) [RHEL-57755]
- tools/net/ynl: Refactor fixed header encoding into separate method (Petr Oros) [RHEL-57755]
- doc/netlink: Describe sub-message selector resolution (Petr Oros) [RHEL-57755]
- tools/net/ynl: Support sub-messages in nested attribute spaces (Petr Oros) [RHEL-57755]
- netlink: Return unsigned value for nla_len() (Petr Oros) [RHEL-57755]
- tools: ynl: move private definitions to a separate header (Petr Oros) [RHEL-57755]
- tools: ynl: remove generated user space code from git (Petr Oros) [RHEL-57755]
- ice: document RDMA devlink parameters (Petr Oros) [RHEL-57755]
- tracing: devlink: Use static array for string in devlink_trap_report event (Petr Oros) [RHEL-57755]
- net: get rid of rtnl_lock_unregistering() (Petr Oros) [RHEL-57755]
- netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage. (Michal Schmidt) [RHEL-59089]
- locking/local_lock: Add local nested BH locking infrastructure. (Michal Schmidt) [RHEL-59089]
- locking/local_lock: Introduce guard definition for local_lock. (Michal Schmidt) [RHEL-59089]
- vhost_vdpa: assign irq bypass producer token correctly (Cindy Lu) [RHEL-63364] {CVE-2024-47748}
- nfsd: call cache_put if xdr_reserve_space returns NULL (Olga Kornievskaia) [RHEL-63382] {CVE-2024-47737}
Resolves: RHEL-33051, RHEL-39727, RHEL-41061, RHEL-53595, RHEL-54875, RHEL-55992, RHEL-57214, RHEL-57755, RHEL-57765, RHEL-59089, RHEL-63262, RHEL-63364, RHEL-63382, RHEL-63586, RHEL-63633, RHEL-63788, RHEL-64035, RHEL-64453, RHEL-64518, RHEL-64591, RHEL-65117, RHEL-66520, RHEL-66836, RHEL-66855, RHEL-66968, RHEL-68365
Signed-off-by: Rado Vrbovsky <rvrbovsk@redhat.com>
2024-11-27 14:54:41 +00:00
|
|
|
cmd.extend(['--sbat', addon_sbat_string.rstrip()])
|
kernel-5.14.0-490.el9
* Fri Aug 02 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-490.el9]
- redhat/dracut-virt.conf: add systemd-veritysetup module (Emanuele Giuseppe Esposito) [RHEL-45168]
- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) [RHEL-45160]
- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) [RHEL-45159]
- gcc-plugins/stackleak: Avoid .head.text section (Bandan Das) [RHEL-39439]
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (Bandan Das) [RHEL-39439]
- x86/sev: Move early startup code into .head.text section (Bandan Das) [RHEL-39439]
- x86/sme: Move early SME kernel encryption handling into .head.text (Bandan Das) [RHEL-39439]
- x86/sev: Do the C-bit verification only on the BSP (Bandan Das) [RHEL-39439]
- x86/sev: Fix kernel crash due to late update to read-only ghcb_version (Bandan Das) [RHEL-39439]
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48140] {CVE-2024-40959}
- eeprom: at24: fix memory corruption race condition (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Use dev_err_probe for nvmem register failure (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: Add support for 24c1025 EEPROM (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- eeprom: at24: remove struct at24_client (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- at24: Support probing while in non-zero ACPI D state (Mark Salter) [RHEL-37020] {CVE-2024-35848}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47652] {CVE-2024-39501}
- drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47652] {CVE-2024-39501}
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47892] {CVE-2024-40927}
- PCI: pciehp: Retain Power Indicator bits for userspace indicators (Myron Stowe) [RHEL-41181]
- sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-50682]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44297] {CVE-2024-38538}
- hugetlb: force allocating surplus hugepages on mempolicy allowed nodes (Aristeu Rozanski) [RHEL-38605]
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47558] {CVE-2024-40904}
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (CKI Backport Bot) [RHEL-47535] {CVE-2024-40901}
- vmxnet3: update to version 9 (Izabela Bakollari) [RHEL-50675]
- vmxnet3: add command to allow disabling of offloads (Izabela Bakollari) [RHEL-50675]
- vmxnet3: add latency measurement support in vmxnet3 (Izabela Bakollari) [RHEL-50675]
- vmxnet3: prepare for version 9 changes (Izabela Bakollari) [RHEL-50675]
- vmxnet3: disable rx data ring on dma allocation failure (Izabela Bakollari) [RHEL-50675]
- vmxnet3: Fix missing reserved tailroom (Izabela Bakollari) [RHEL-50675]
- maple_tree: fix mas_empty_area_rev() null pointer dereference (Aristeu Rozanski) [RHEL-39862] {CVE-2024-36891}
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-50366]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-50366]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-50366]
- scsi: qedf: Set qed_slowpath_params to zero before use (John Meneghini) [RHEL-25193]
- scsi: qedf: Wait for stag work during unload (John Meneghini) [RHEL-25193]
- scsi: qedf: Don't process stag work during unload and recovery (John Meneghini) [RHEL-25193]
- scsi: qedf: Use FC rport as argument for qedf_initiate_tmf() (John Meneghini) [RHEL-25193]
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41185] {CVE-2024-36971}
- net: annotate data-races around sk->sk_dst_pending_confirm (Xin Long) [RHEL-41185]
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39719] {CVE-2024-36025}
- igb: Remove redundant runtime resume for ethtool_ops (Corinna Vinschen) [RHEL-17487]
- net: intel: implement modern PM ops declarations (Corinna Vinschen) [RHEL-17487]
- igb: simplify pci ops declaration (Corinna Vinschen) [RHEL-17487]
- igb: Fix missing time sync events (Corinna Vinschen) [RHEL-17487]
- intel: make module parameters readable in sys filesystem (Corinna Vinschen) [RHEL-17487 RHEL-25998]
- net: adopt skb_network_offset() and similar helpers (Corinna Vinschen) [RHEL-17487]
- igb: extend PTP timestamp adjustments to i211 (Corinna Vinschen) [RHEL-17487]
- net: intel: igb: Use linkmode helpers for EEE (Corinna Vinschen) [RHEL-17487]
- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-17487 RHEL-38454] {CVE-2024-36010}
- intel: legacy: field get conversion (Corinna Vinschen) [RHEL-17487]
- intel: legacy: field prep conversion (Corinna Vinschen) [RHEL-17487]
- intel: add bit macro includes where needed (Corinna Vinschen) [RHEL-17487]
- igb: Use FIELD_GET() to extract Link Width (Corinna Vinschen) [RHEL-17487]
- netdevsim: fix rtnetlink.sh selftest (CKI Backport Bot) [RHEL-50016]
- selinux: avoid dereference of garbage after mount failure (Ondrej Mosnacek) [RHEL-37187] {CVE-2024-35904}
- calipso: fix memory leak in netlbl_calipso_add_pass() (Ondrej Mosnacek) [RHEL-37044] {CVE-2023-52698}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51242] {CVE-2024-41065}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44414] {CVE-2024-37356}
- tty: add the option to have a tty reject a new ldisc (John W. Linville) [RHEL-48254] {CVE-2024-40966}
- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37024] {CVE-2024-35847}
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43714] {CVE-2024-38619}
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38285] {CVE-2023-52811}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44155] {CVE-2024-38570}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) [RHEL-37650]
- scsi: mpi3mr: Driver version update to 8.8.1.0.50 (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Update MPI Headers to revision 31 (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Debug ability improvements (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Set the WriteSame Divert Capability in the IOCInit MPI Request (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Clear ioctl blocking flag for an unresponsive controller (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Set MPI request flags appropriately (Ewan D. Milne) [RHEL-30580]
- scsi: mpi3mr: Block devices are not removed even when VDs are offlined (Ewan D. Milne) [RHEL-30580]
- x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (Waiman Long) [RHEL-31230]
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (Waiman Long) [RHEL-31230]
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (Waiman Long) [RHEL-31230]
- redhat/configs: Rename x86 CPU mitigations config entries (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY => CONFIG_MITIGATION_IBRS_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY => CONFIG_MITIGATION_UNRET_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_SLS => CONFIG_MITIGATION_SLS (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY => CONFIG_MITIGATION_IBPB_ENTRY (Waiman Long) [RHEL-31230]
- x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE (Waiman Long) [RHEL-31230]
- kbuild: use objtool-args-y to clean up objtool arguments (Waiman Long) [RHEL-31230]
- kbuild: do not create *.prelink.o for Clang LTO or IBT (Waiman Long) [RHEL-31230]
- kbuild: replace $(linked-object) with CONFIG options (Waiman Long) [RHEL-31230]
Resolves: RHEL-17487, RHEL-25193, RHEL-25998, RHEL-30580, RHEL-31230, RHEL-37020, RHEL-37024, RHEL-37044, RHEL-37187, RHEL-37650, RHEL-38285, RHEL-38454, RHEL-38605, RHEL-39439, RHEL-39719, RHEL-39862, RHEL-41181, RHEL-41185, RHEL-43714, RHEL-44155, RHEL-44297, RHEL-44414, RHEL-45159, RHEL-45160, RHEL-45168, RHEL-47535, RHEL-47558, RHEL-47652, RHEL-47892, RHEL-48140, RHEL-48254, RHEL-50016, RHEL-50366, RHEL-50675, RHEL-50682, RHEL-51242, RHEL-37025, RHEL-38286, RHEL-39720, RHEL-39863, RHEL-37021, RHEL-44156, RHEL-38455, RHEL-44298, RHEL-43715, RHEL-37045, RHEL-37188, RHEL-41186, RHEL-47536, RHEL-47559, RHEL-47893, RHEL-48141, RHEL-47653, RHEL-48255, RHEL-44415
Signed-off-by: Scott Weaver <scweaver@redhat.com>
2024-08-02 15:47:19 +00:00
|
|
|
|
|
|
|
|
subprocess.check_call(cmd, text=True)
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
argc = len(sys.argv) - 1
|
|
|
|
|
if argc != 5:
|
|
|
|
|
usage('too few or too many parameters!')
|
|
|
|
|
|
|
|
|
|
input_json = sys.argv[1]
|
|
|
|
|
out_dir = sys.argv[2]
|
|
|
|
|
uki_name = sys.argv[3]
|
|
|
|
|
distro = sys.argv[4]
|
|
|
|
|
arch = sys.argv[5]
|
|
|
|
|
|
|
|
|
|
out_dir = check_clean_arguments(input_json, out_dir)
|
|
|
|
|
parse_in_json(input_json, uki_name, distro, arch)
|
|
|
|
|
create_addons(out_dir)
|
|
|
|
|
|
|
|
|
|
|