kernel-5.14.0-413.el9

* Fri Jan 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-413.el9] - scsi: core: Always send batch on reset or error handling command (Ewan D. Milne) [RHEL-19730] - ovl: Add an alternative type of whiteout (Alexander Larsson) [RHEL-21350] - ovl: Support escaped overlay.* xattrs (Alexander Larsson) [RHEL-21350] - ovl: Add OVL_XATTR_TRUSTED/USER_PREFIX_LEN macros (Alexander Larsson) [RHEL-21350] - ovl: Move xattr support to new xattrs.c file (Alexander Larsson) [RHEL-21350] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-22142] - s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22159] - Revert "nvme-fabrics: parse nvme connect Linux error codes" (Ewan D. Milne) [RHEL-21545] - Revert "x86/fpu/xstate: Fix PKRU covert channel" (Martin McConnell) [RHEL-21573] - net: Remove acked SYN flag from packet in the transmit queue correctly (Paolo Abeni) [RHEL-21432] - tcp: do not accept ACK of bytes we never sent (Paolo Abeni) [RHEL-21432] - net: do not leave an empty skb in write queue (Paolo Abeni) [RHEL-21432] - tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) [RHEL-21432] - redhat: Use dracut instead of objcopy for adding SBAT information to UKI (Vitaly Kuznetsov) - kexec: do syscore_shutdown() in kernel_kexec (Baoquan He) [RHEL-19654] - powerpc/vas: Limit open window failure messages in log bufffer (Mamatha Inamdar) [RHEL-14975] Resolves: RHEL-14975, RHEL-19153, RHEL-19159, RHEL-19165, RHEL-19654, RHEL-19730, RHEL-21350, RHEL-21432, RHEL-21545, RHEL-21573, RHEL-22142, RHEL-22159, RHEL-19162, RHEL-19156, RHEL-19150 Signed-off-by: Scott Weaver <scweaver@redhat.com>
2024-01-26 14:08:43 -05:00 · 2024-01-26 14:08:43 -05:00 · 16d159fd9e
parent afb6495e05
commit 16d159fd9e
3 changed files with 46 additions and 36 deletions
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@ -12,7 +12,7 @@ RHEL_MINOR = 4
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 412
+RHEL_RELEASE = 413

 #
 # ZSTREAM
--- a/kernel.spec
+++ b/kernel.spec
@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 412
+%define pkgrelease 413
 %define kversion 5
-%define tarfile_release 5.14.0-412.el9
+%define tarfile_release 5.14.0-413.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 412%{?buildid}%{?dist}
+%define specrelease 413%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-412.el9
+%define kabiversion 5.14.0-413.el9

 #
 # End of genspec.sh variables
@ -776,7 +776,7 @@ BuildRequires: lld
 %endif

 %if %{efiuki}
-BuildRequires: dracut
+BuildRequires: dracut >= 057-51.git20231114.el9
 # For dracut UEFI uki binaries
 BuildRequires: binutils
 # For the initrd
@ -2429,7 +2429,20 @@ BuildKernel() {
 %if %{efiuki}
    if [ "$Variant" != "rt" ] && [ "$Variant" != "rt-debug" ]; then
        popd
-    
+
+        # RHEL/CentOS specific .SBAT entries
+%if 0%{?centos}
+        SBATsuffix="centos"
+%else
+        SBATsuffix="rhel"
+%endif
+        SBAT=$(cat <<- EOF
+	linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
+	linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
+	kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com
+	EOF
+	)
+
        KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer"
        KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi"
    
@ -2442,36 +2455,11 @@ BuildKernel() {
               --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \
               --logfile=$(mktemp) \
               --uefi \
+               --sbat "$SBAT" \
               --kernel-image $(realpath $KernelImage) \
               --kernel-cmdline 'console=tty0 console=ttyS0' \
    	   $KernelUnifiedImage

-        # Add RH specific .SBAT entries
-        # First, we need to save the original .sbat from UKI
-        objcopy -O binary --only-section=.sbat $KernelUnifiedImage $KernelUnifiedImage.sbat
-        # Remove all trailing zero bytes from the file
-        sed -i 's/\x0.*$//' $KernelUnifiedImage.sbat
-        # Add RHEL/CentOS specific entries
-%if 0%{?centos}
-        SBATsuffix="centos"
-%else
-        SBATsuffix="rhel"
-%endif
-        echo "linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat
-        echo "linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat
-        echo "kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat
-        # Remove the original .sbat section
-        objcopy --remove-section .sbat $KernelUnifiedImage
-        # Get the end of the last section
-        sbat_offt=$(objdump -h $KernelUnifiedImage | gawk 'NF==7 {size=strtonum("0x"$3); offset=strtonum("0x"$4)} END {print size + offset}')
-        # Align start of the new section to 512b
-        sbat_align=512
-        sbat_offt=$((sbat_offt + "$sbat_align" - sbat_offt % "$sbat_align"))
-        # Add the new .sbat section
-        objcopy -v --add-section .sbat=$KernelUnifiedImage.sbat --set-section-alignment .sbat=$sbat_align \
-                --change-section-vma .sbat=$sbat_offt $KernelUnifiedImage
-        rm -f $KernelUnifiedImage.sbat
-
 %if %{signkernel}

 %if 0%{?centos}
@ -3739,6 +3727,28 @@ fi
 #
 #
 %changelog
+* Fri Jan 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-413.el9]
+- scsi: core: Always send batch on reset or error handling command (Ewan D. Milne) [RHEL-19730]
+- ovl: Add an alternative type of whiteout (Alexander Larsson) [RHEL-21350]
+- ovl: Support escaped overlay.* xattrs (Alexander Larsson) [RHEL-21350]
+- ovl: Add OVL_XATTR_TRUSTED/USER_PREFIX_LEN macros (Alexander Larsson) [RHEL-21350]
+- ovl: Move xattr support to new xattrs.c file (Alexander Larsson) [RHEL-21350]
+- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
+- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
+- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
+- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
+- idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-22142]
+- s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22159]
+- Revert "nvme-fabrics: parse nvme connect Linux error codes" (Ewan D. Milne) [RHEL-21545]
+- Revert "x86/fpu/xstate: Fix PKRU covert channel" (Martin McConnell) [RHEL-21573]
+- net: Remove acked SYN flag from packet in the transmit queue correctly (Paolo Abeni) [RHEL-21432]
+- tcp: do not accept ACK of bytes we never sent (Paolo Abeni) [RHEL-21432]
+- net: do not leave an empty skb in write queue (Paolo Abeni) [RHEL-21432]
+- tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) [RHEL-21432]
+- redhat: Use dracut instead of objcopy for adding SBAT information to UKI (Vitaly Kuznetsov)
+- kexec: do syscore_shutdown() in kernel_kexec (Baoquan He) [RHEL-19654]
+- powerpc/vas: Limit open window failure messages in log bufffer (Mamatha Inamdar) [RHEL-14975]
+
 * Wed Jan 24 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-412.el9]
 - ACPI: APEI: rename ghes_init() with an "acpi_" prefix (Mark Langsdorf) [RHEL-4625]
 - ACPI: APEI: explicit init of HEST and GHES in apci_init() (Mark Langsdorf) [RHEL-4625]
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-412.el9.tar.xz) = 85efcfff4476301e0dd40acf477b889e853600f0f408d2070ad3b5391636e75167ad163f6c422d1180f39f7fb4fa119c3b2d0083461b12ba17e2803b1e9c1948
-SHA512 (kernel-abi-stablelists-5.14.0-412.el9.tar.bz2) = 3e54493df26f49d17189a5b83bd855a7ee786a71aa55f06cf1e72bd6bfe4ab99f967c27b5ba3b4ab194ebd5055c3f8a9699f55217e643e81eb5dc05f8445b1c9
-SHA512 (kernel-kabi-dw-5.14.0-412.el9.tar.bz2) = cc089669bd539ff1dbcded8169b10429ce90a97a72c3b01654841f87cf4af8cdd84392775428bf245b27be01416e3308475e04946f666dc19273bffe50255730
+SHA512 (linux-5.14.0-413.el9.tar.xz) = 0a9bd31e8f68e01ae75e71755db5ced05133735ab84e0082f1c80433218ae1f529d833362e30e5781663840ea41d55ac4231bb6ef43b7c97ddbbf36cbcd588b7
+SHA512 (kernel-abi-stablelists-5.14.0-413.el9.tar.bz2) = f8514e3b2c908d3ec70cc8edd466be49a7f78ddd46a973a566a27a809f2fb9828d8c1b47e5a6de4155e9abf85359770a0e9dca6b4342e182124e9f32fcc3a950
+SHA512 (kernel-kabi-dw-5.14.0-413.el9.tar.bz2) = c60fb41fb37c7df0bebab3ec453637ac5ad93c9f90cbd6a6c3390c0e1be9ff2cb4dc290ef1aefecea95293e3f7681bb3166cace22d66ce588b922b2e03426e9a