From 16d159fd9e9da2d415f7f2f7d3854acadd8c1183 Mon Sep 17 00:00:00 2001 From: Scott Weaver Date: Fri, 26 Jan 2024 14:08:43 -0500 Subject: [PATCH] kernel-5.14.0-413.el9 * Fri Jan 26 2024 Scott Weaver [5.14.0-413.el9] - scsi: core: Always send batch on reset or error handling command (Ewan D. Milne) [RHEL-19730] - ovl: Add an alternative type of whiteout (Alexander Larsson) [RHEL-21350] - ovl: Support escaped overlay.* xattrs (Alexander Larsson) [RHEL-21350] - ovl: Add OVL_XATTR_TRUSTED/USER_PREFIX_LEN macros (Alexander Larsson) [RHEL-21350] - ovl: Move xattr support to new xattrs.c file (Alexander Larsson) [RHEL-21350] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-22142] - s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22159] - Revert "nvme-fabrics: parse nvme connect Linux error codes" (Ewan D. Milne) [RHEL-21545] - Revert "x86/fpu/xstate: Fix PKRU covert channel" (Martin McConnell) [RHEL-21573] - net: Remove acked SYN flag from packet in the transmit queue correctly (Paolo Abeni) [RHEL-21432] - tcp: do not accept ACK of bytes we never sent (Paolo Abeni) [RHEL-21432] - net: do not leave an empty skb in write queue (Paolo Abeni) [RHEL-21432] - tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) [RHEL-21432] - redhat: Use dracut instead of objcopy for adding SBAT information to UKI (Vitaly Kuznetsov) - kexec: do syscore_shutdown() in kernel_kexec (Baoquan He) [RHEL-19654] - powerpc/vas: Limit open window failure messages in log bufffer (Mamatha Inamdar) [RHEL-14975] Resolves: RHEL-14975, RHEL-19153, RHEL-19159, RHEL-19165, RHEL-19654, RHEL-19730, RHEL-21350, RHEL-21432, RHEL-21545, RHEL-21573, RHEL-22142, RHEL-22159, RHEL-19162, RHEL-19156, RHEL-19150 Signed-off-by: Scott Weaver --- Makefile.rhelver | 2 +- kernel.spec | 74 +++++++++++++++++++++++++++--------------------- sources | 6 ++-- 3 files changed, 46 insertions(+), 36 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index 3fa75e7..1904688 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 4 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 412 +RHEL_RELEASE = 413 # # ZSTREAM diff --git a/kernel.spec b/kernel.spec index f3dc8f4..449cb78 100755 --- a/kernel.spec +++ b/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 412 +%define pkgrelease 413 %define kversion 5 -%define tarfile_release 5.14.0-412.el9 +%define tarfile_release 5.14.0-413.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 412%{?buildid}%{?dist} +%define specrelease 413%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-412.el9 +%define kabiversion 5.14.0-413.el9 # # End of genspec.sh variables @@ -776,7 +776,7 @@ BuildRequires: lld %endif %if %{efiuki} -BuildRequires: dracut +BuildRequires: dracut >= 057-51.git20231114.el9 # For dracut UEFI uki binaries BuildRequires: binutils # For the initrd @@ -2429,7 +2429,20 @@ BuildKernel() { %if %{efiuki} if [ "$Variant" != "rt" ] && [ "$Variant" != "rt-debug" ]; then popd - + + # RHEL/CentOS specific .SBAT entries +%if 0%{?centos} + SBATsuffix="centos" +%else + SBATsuffix="rhel" +%endif + SBAT=$(cat <<- EOF + linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com + linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com + kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com + EOF + ) + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" @@ -2442,36 +2455,11 @@ BuildKernel() { --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ --logfile=$(mktemp) \ --uefi \ + --sbat "$SBAT" \ --kernel-image $(realpath $KernelImage) \ --kernel-cmdline 'console=tty0 console=ttyS0' \ $KernelUnifiedImage - # Add RH specific .SBAT entries - # First, we need to save the original .sbat from UKI - objcopy -O binary --only-section=.sbat $KernelUnifiedImage $KernelUnifiedImage.sbat - # Remove all trailing zero bytes from the file - sed -i 's/\x0.*$//' $KernelUnifiedImage.sbat - # Add RHEL/CentOS specific entries -%if 0%{?centos} - SBATsuffix="centos" -%else - SBATsuffix="rhel" -%endif - echo "linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat - echo "linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat - echo "kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com" >> $KernelUnifiedImage.sbat - # Remove the original .sbat section - objcopy --remove-section .sbat $KernelUnifiedImage - # Get the end of the last section - sbat_offt=$(objdump -h $KernelUnifiedImage | gawk 'NF==7 {size=strtonum("0x"$3); offset=strtonum("0x"$4)} END {print size + offset}') - # Align start of the new section to 512b - sbat_align=512 - sbat_offt=$((sbat_offt + "$sbat_align" - sbat_offt % "$sbat_align")) - # Add the new .sbat section - objcopy -v --add-section .sbat=$KernelUnifiedImage.sbat --set-section-alignment .sbat=$sbat_align \ - --change-section-vma .sbat=$sbat_offt $KernelUnifiedImage - rm -f $KernelUnifiedImage.sbat - %if %{signkernel} %if 0%{?centos} @@ -3739,6 +3727,28 @@ fi # # %changelog +* Fri Jan 26 2024 Scott Weaver [5.14.0-413.el9] +- scsi: core: Always send batch on reset or error handling command (Ewan D. Milne) [RHEL-19730] +- ovl: Add an alternative type of whiteout (Alexander Larsson) [RHEL-21350] +- ovl: Support escaped overlay.* xattrs (Alexander Larsson) [RHEL-21350] +- ovl: Add OVL_XATTR_TRUSTED/USER_PREFIX_LEN macros (Alexander Larsson) [RHEL-21350] +- ovl: Move xattr support to new xattrs.c file (Alexander Larsson) [RHEL-21350] +- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} +- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} +- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} +- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19153 RHEL-19159 RHEL-19165 RHEL-19162 RHEL-19156 RHEL-19150] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} +- idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-22142] +- s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22159] +- Revert "nvme-fabrics: parse nvme connect Linux error codes" (Ewan D. Milne) [RHEL-21545] +- Revert "x86/fpu/xstate: Fix PKRU covert channel" (Martin McConnell) [RHEL-21573] +- net: Remove acked SYN flag from packet in the transmit queue correctly (Paolo Abeni) [RHEL-21432] +- tcp: do not accept ACK of bytes we never sent (Paolo Abeni) [RHEL-21432] +- net: do not leave an empty skb in write queue (Paolo Abeni) [RHEL-21432] +- tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) [RHEL-21432] +- redhat: Use dracut instead of objcopy for adding SBAT information to UKI (Vitaly Kuznetsov) +- kexec: do syscore_shutdown() in kernel_kexec (Baoquan He) [RHEL-19654] +- powerpc/vas: Limit open window failure messages in log bufffer (Mamatha Inamdar) [RHEL-14975] + * Wed Jan 24 2024 Scott Weaver [5.14.0-412.el9] - ACPI: APEI: rename ghes_init() with an "acpi_" prefix (Mark Langsdorf) [RHEL-4625] - ACPI: APEI: explicit init of HEST and GHES in apci_init() (Mark Langsdorf) [RHEL-4625] diff --git a/sources b/sources index d1c59e1..29b1ba5 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-412.el9.tar.xz) = 85efcfff4476301e0dd40acf477b889e853600f0f408d2070ad3b5391636e75167ad163f6c422d1180f39f7fb4fa119c3b2d0083461b12ba17e2803b1e9c1948 -SHA512 (kernel-abi-stablelists-5.14.0-412.el9.tar.bz2) = 3e54493df26f49d17189a5b83bd855a7ee786a71aa55f06cf1e72bd6bfe4ab99f967c27b5ba3b4ab194ebd5055c3f8a9699f55217e643e81eb5dc05f8445b1c9 -SHA512 (kernel-kabi-dw-5.14.0-412.el9.tar.bz2) = cc089669bd539ff1dbcded8169b10429ce90a97a72c3b01654841f87cf4af8cdd84392775428bf245b27be01416e3308475e04946f666dc19273bffe50255730 +SHA512 (linux-5.14.0-413.el9.tar.xz) = 0a9bd31e8f68e01ae75e71755db5ced05133735ab84e0082f1c80433218ae1f529d833362e30e5781663840ea41d55ac4231bb6ef43b7c97ddbbf36cbcd588b7 +SHA512 (kernel-abi-stablelists-5.14.0-413.el9.tar.bz2) = f8514e3b2c908d3ec70cc8edd466be49a7f78ddd46a973a566a27a809f2fb9828d8c1b47e5a6de4155e9abf85359770a0e9dca6b4342e182124e9f32fcc3a950 +SHA512 (kernel-kabi-dw-5.14.0-413.el9.tar.bz2) = c60fb41fb37c7df0bebab3ec453637ac5ad93c9f90cbd6a6c3390c0e1be9ff2cb4dc290ef1aefecea95293e3f7681bb3166cace22d66ce588b922b2e03426e9a