diff --git a/.gitignore b/.gitignore index 9e201ba15..befb9f572 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ SOURCES/kernel-abi-stablelists-4.18.0-348.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-348.tar.bz2 -SOURCES/linux-4.18.0-348.12.2.el8_5.tar.xz +SOURCES/linux-4.18.0-348.20.1.el8_5.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 91e41a502..4272fe9f5 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,5 +1,5 @@ 2d622b532a9ac503406373ef5fa5bea1192086d1 SOURCES/kernel-abi-stablelists-4.18.0-348.tar.bz2 109f15ce9699bfa93bd9dc4f8e88013ce341e0e7 SOURCES/kernel-kabi-dw-4.18.0-348.tar.bz2 -1d7adef0581dde87e580cbb1e59dc0e7cc077ccd SOURCES/linux-4.18.0-348.12.2.el8_5.tar.xz +c99d0884876479c3b07cb3e3773cad5884b12407 SOURCES/linux-4.18.0-348.20.1.el8_5.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 1fca93bac..31a360496 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -42,10 +42,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 348.12.2.el8_5 +%define pkgrelease 348.20.1.el8_5 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 348.12.2%{?dist} +%define specrelease 348.20.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2643,9 +2643,97 @@ fi # # %changelog -* Mon Jan 17 2022 Frantisek Hrbata [4.18.0-348.12.2.el8_5] +* Tue Mar 08 2022 Bruno Meneguele [4.18.0-348.20.1.el8_5] +- lib/iov_iter: initialize "flags" in new pipe_buffer (Jan Stancek) [2060874 2060875] {CVE-2022-0847} + +* Mon Feb 28 2022 Bruno Meneguele [4.18.0-348.19.1.el8_5] +- tipc: improve size validations for received domain records (Xin Long) [2048970 2048971] {CVE-2022-0435} +- smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2055824 2037811] +- security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] +- security: add sctp_assoc_established hook (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] +- security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] +- security: pass asoc to sctp_assoc_request and sctp_sk_clone (Bruno Meneguele) [2054112 2054117 2015525 2048251] +- net: sctp: Fix some typos (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] +- RDMA/bnxt_re: Fix stats counters (Selvin Xavier) [2049684 2001893] +- net: check skb sec_path when re-initializing slow_gro in gro_list_prepare (Xin Long) [2047427 2030476] +- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (David Arcari) [2036888 2003695] + +* Tue Feb 22 2022 Bruno Meneguele [4.18.0-348.18.1.el8_5] +- selftests: kvm: Check whether SIDA memop fails for normal guests (Thomas Huth) [2050806 2050807] {CVE-2022-0516} +- KVM: s390: Return error on SIDA memop on normal guest (Thomas Huth) [2050806 2050807] {CVE-2022-0516} +- iommu/amd: Remove iommu_init_ga() (Jerry Snitselaar) [2030854 1998265] +- iommu/amd: Relocate GAMSup check to early_enable_iommus (Jerry Snitselaar) [2030854 1998265] + +* Tue Feb 15 2022 Bruno Meneguele [4.18.0-348.17.1.el8_5] +- vfs: check dentry is still valid in get_link() (Ian Kent) [2052558 2014846] +- xfs: don't expose internal symlink metadata buffers to the vfs (Brian Foster) [2052558 2014846] +- CI: Use appropriate zstream builder (Veronika Kabatova) +- CI: Enable baseline realtime checks (Veronika Kabatova) +- CI: Rename pipelines to include release names (Veronika Kabatova) +- cgroup-v1: Require capabilities to set release_agent (Waiman Long) [2052166 2052167] {CVE-2022-0492} +- ice: Remove boolean vlan_promisc flag from function (Jonathan Toppins) [2051951 2030400] +- ceph: put the requests/sessions when it fails to alloc memory (Jeffrey Layton) [2053725 2017796] +- ceph: fix off by one bugs in unsafe_request_wait() (Jeffrey Layton) [2053725 2017796] +- ceph: flush the mdlog before waiting on unsafe reqs (Jeffrey Layton) [2053725 2017796] +- ceph: flush mdlog before umounting (Jeffrey Layton) [2053725 2017796] +- ceph: make iterate_sessions a global symbol (Jeffrey Layton) [2053725 2017796] +- ceph: make ceph_create_session_msg a global symbol (Jeffrey Layton) [2053725 2017796] +- xfs: check sb_meta_uuid for dabuf buffer recovery (Bill O'Donnell) [2049292 2020764] +- drm/i915: Flush TLBs before releasing backing store (Patrick Talbert) [2044328 2044329] {CVE-2022-0330} +- hugetlb: fix hugetlb cgroup refcounting during vma split (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings (Waiman Long) [2039015 2032811] +- mm/hugetlb: change hugetlb_reserve_pages() to type bool (Waiman Long) [2039015 2032811] +- hugetlb: fix an error code in hugetlb_reserve_pages() (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: fix offline of hugetlb cgroup with reservations (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: fix reservation accounting (Waiman Long) [2039015 2032811] +- mm/hugetlb: narrow the hugetlb_lock protection area during preparing huge page (Waiman Long) [2039015 2032811] +- mm/hugetlb: a page from buddy is not on any list (Waiman Long) [2039015 2032811] +- mm/hugetlb: not necessary to coalesce regions recursively (Waiman Long) [2039015 2032811] +- selftests/vm/write_to_hugetlbfs.c: fix unused variable warning (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: add hugetlb_cgroup reservation tests (Waiman Long) [2039015 2032811] +- hugetlb: support file_region coalescing again (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: support noreserve mappings (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: add accounting for shared mappings (Waiman Long) [2039015 2032811] +- hugetlb: disable region_add file_region coalescing (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: add reservation accounting for private mappings (Waiman Long) [2039015 2032811] +- mm/hugetlb_cgroup: fix hugetlb_cgroup migration (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: add interface for charge/uncharge hugetlb reservations (Waiman Long) [2039015 2032811] +- hugetlb_cgroup: add hugetlb_cgroup reservation counter (Waiman Long) [2039015 2032811] +- hugetlb: remove duplicated code (Waiman Long) [2039015 2032811] +- hugetlb: region_chg provides only cache entry (Waiman Long) [2039015 2032811] +- hugetlbfs: always use address space in inode for resv_map pointer (Waiman Long) [2039015 2032811] +- hugetlbfs: fix potential over/underflow setting node specific nr_hugepages (Waiman Long) [2039015 2032811] +- hugetlb: allow to free gigantic pages regardless of the configuration (Waiman Long) [2039015 2032811] +- powerpc/pseries: Fix update of LPAR security flavor after LPM (Steve Best) [2027448 1997294] + +* Tue Feb 08 2022 Bruno Meneguele [4.18.0-348.16.1.el8_5] +- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047601 2047602] {CVE-2022-22942} +- net: openvswitch: Fix ct_state nat flags for conns arriving from tc (Marcelo Ricardo Leitner) [2043548 2040334] +- net: openvswitch: Fix matching zone id for invalid conns arriving from tc (Marcelo Ricardo Leitner) [2043550 2040452] +- net/sched: flow_dissector: Fix matching on zone id for invalid conns (Marcelo Ricardo Leitner) [2043550 2040452] +- net/sched: Extend qdisc control block with tc control block (Marcelo Ricardo Leitner) [2043550 2040452] + +* Tue Feb 01 2022 Bruno Meneguele [4.18.0-348.15.1.el8_5] +- net/mlx5: DR, Use FW API when updating FW-owned flow table (Michal Schmidt) [2042663 2042651] +- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [2043237 1868572] +- drm/mgag200: Select clock in PLL update functions (Bruno Meneguele) [2034949 1953926] +- drm/i915: Fix HAS_LSPCON macro for platforms between GEN9 and GEN10 (Bruno Meneguele) [2027335 2005586] +- crypto: qat - power up 4xxx device (Vladis Dronov) [2016437 1960307] +- RDMA/core: Fix a double free in add_port error flow (Kamal Heib) [2038724 2008555] +- powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (Steve Best) [2018928 2007425] +- powerpc/dma: Fix dma_map_ops::get_required_mask (Steve Best) [2018928 2007425] + +* Wed Jan 26 2022 Frantisek Hrbata [4.18.0-348.14.1.el8_5] +- tcp: fix page frag corruption on page fault (Paolo Abeni) [2041529 1996074] +- net: fix sk_page_frag() recursion from memory reclaim (Paolo Abeni) [2041529 1996074] +- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (Thomas Huth) [2040769 2026230] +- redhat: set LC_ALL=C before sorting config content (Frantisek Hrbata) + +* Tue Jan 18 2022 Frantisek Hrbata [4.18.0-348.13.1.el8_5] - vfs: Out-of-bounds write of heap buffer in fs_context.c (Frantisek Hrbata) [2040585 2040586] {CVE-2022-0185} - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Bruno Meneguele) [2034864 2034865] {CVE-2021-4155} +- af_unix: fix garbage collect vs MSG_PEEK (Patrick Talbert) [2031974 2031975] {CVE-2021-0920} +- cgroup: verify that source is a string (Waiman Long) [2034608 2034609] {CVE-2021-4154} * Wed Jan 12 2022 Bruno Meneguele [4.18.0-348.12.1.el8_5] - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() (Guillaume Nault) [2021574 2016210]