diff --git a/.gitignore b/.gitignore index 6eb0d25db..1786c1abb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ -SOURCES/kernel-abi-stablelists-5.14.0-70.13.1.el9_0.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-70.13.1.el9_0.tar.bz2 -SOURCES/linux-5.14.0-70.13.1.el9_0.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-70.17.1.el9_0.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-70.17.1.el9_0.tar.bz2 +SOURCES/linux-5.14.0-70.17.1.el9_0.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index d0f671570..dd63a7635 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,5 +1,5 @@ -c1197ace1d0f19538e93b665dc04950908d34880 SOURCES/kernel-abi-stablelists-5.14.0-70.13.1.el9_0.tar.bz2 -206afe247796a98d6b1f57f4bdabb2d57836e928 SOURCES/kernel-kabi-dw-5.14.0-70.13.1.el9_0.tar.bz2 -7101b2671a4efc2fd6049b207a717c0c4cf54580 SOURCES/linux-5.14.0-70.13.1.el9_0.tar.xz +a99a235c21b77ecf630199ff7bed5e1e828937e5 SOURCES/kernel-abi-stablelists-5.14.0-70.17.1.el9_0.tar.bz2 +dac015c65e7c965a6af4fa8793a6eeecfd5fdb38 SOURCES/kernel-kabi-dw-5.14.0-70.17.1.el9_0.tar.bz2 +bd558333aae402f4cbc05d79f044ebff4377453b SOURCES/linux-5.14.0-70.17.1.el9_0.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 047f5539d..698f9f603 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 0 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 70.13.1 +RHEL_RELEASE = 70.17.1 # # ZSTREAM diff --git a/SOURCES/kernel-aarch64-debug-rhel.config b/SOURCES/kernel-aarch64-debug-rhel.config index de04da041..f95263638 100644 --- a/SOURCES/kernel-aarch64-debug-rhel.config +++ b/SOURCES/kernel-aarch64-debug-rhel.config @@ -1014,7 +1014,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-aarch64-rhel.config b/SOURCES/kernel-aarch64-rhel.config index f849d27f9..037187b7a 100644 --- a/SOURCES/kernel-aarch64-rhel.config +++ b/SOURCES/kernel-aarch64-rhel.config @@ -1014,7 +1014,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-ppc64le-debug-rhel.config b/SOURCES/kernel-ppc64le-debug-rhel.config index bf6788f1c..4e60336dd 100644 --- a/SOURCES/kernel-ppc64le-debug-rhel.config +++ b/SOURCES/kernel-ppc64le-debug-rhel.config @@ -862,7 +862,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-ppc64le-rhel.config b/SOURCES/kernel-ppc64le-rhel.config index 5aef4d3ae..63d58931d 100644 --- a/SOURCES/kernel-ppc64le-rhel.config +++ b/SOURCES/kernel-ppc64le-rhel.config @@ -862,7 +862,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-s390x-debug-rhel.config b/SOURCES/kernel-s390x-debug-rhel.config index ee42e1a89..b24f3d03e 100644 --- a/SOURCES/kernel-s390x-debug-rhel.config +++ b/SOURCES/kernel-s390x-debug-rhel.config @@ -849,7 +849,7 @@ CONFIG_CRYPTO_SHA3_512_S390=m CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_SHA512_ARM64_CE=m # CONFIG_CRYPTO_SHA512_ARM64 is not set -CONFIG_CRYPTO_SHA512_S390=m +CONFIG_CRYPTO_SHA512_S390=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_SM3 is not set @@ -864,7 +864,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-s390x-rhel.config b/SOURCES/kernel-s390x-rhel.config index b251f15f7..c7d68f0bc 100644 --- a/SOURCES/kernel-s390x-rhel.config +++ b/SOURCES/kernel-s390x-rhel.config @@ -849,7 +849,7 @@ CONFIG_CRYPTO_SHA3_512_S390=m CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_SHA512_ARM64_CE=m # CONFIG_CRYPTO_SHA512_ARM64 is not set -CONFIG_CRYPTO_SHA512_S390=m +CONFIG_CRYPTO_SHA512_S390=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_SM3 is not set @@ -864,7 +864,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index 7fb0ee648..5648d2d9f 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -905,7 +905,7 @@ CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_SHA512_ARM64_CE=m # CONFIG_CRYPTO_SHA512_ARM64 is not set -CONFIG_CRYPTO_SHA512_SSSE3=m +CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_SM3 is not set @@ -923,7 +923,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index 44403c7a2..02a4b4316 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -905,7 +905,7 @@ CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA3=y CONFIG_CRYPTO_SHA512_ARM64_CE=m # CONFIG_CRYPTO_SHA512_ARM64 is not set -CONFIG_CRYPTO_SHA512_SSSE3=m +CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_SM3 is not set @@ -923,7 +923,7 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_USER=m +CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_VMAC=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_XCBC=m diff --git a/SOURCES/rpminspect.yaml b/SOURCES/rpminspect.yaml index 4c059887f..727e877fe 100644 --- a/SOURCES/rpminspect.yaml +++ b/SOURCES/rpminspect.yaml @@ -19,3 +19,8 @@ emptyrpm: - kernel-zfcpdump - kernel-zfcpdump-devel-matched - kernel-zfcpdump-modules + +patches: + ignore_list: + - linux-kernel-test.patch + - patch-5.14.0-redhat.patch diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 23ead7348..d0ee320d6 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -121,13 +121,13 @@ Summary: The Linux kernel %define kversion 5.14 %define rpmversion 5.14.0 -%define pkgrelease 70.13.1.el9_0 +%define pkgrelease 70.17.1.el9_0 # This is needed to do merge window version magic %define patchlevel 14 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 70.13.1%{?buildid}%{?dist} +%define specrelease 70.17.1%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -677,7 +677,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.14.0-70.13.1.el9_0.tar.xz +Source0: linux-5.14.0-70.17.1.el9_0.tar.xz Source1: Makefile.rhelver @@ -1345,8 +1345,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.14.0-70.13.1.el9_0 -c -mv linux-5.14.0-70.13.1.el9_0 linux-%{KVERREL} +%setup -q -n kernel-5.14.0-70.17.1.el9_0 -c +mv linux-5.14.0-70.17.1.el9_0 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -2216,6 +2216,14 @@ popd # in the source tree. We installed them previously to $RPM_BUILD_ROOT/usr # but there's no way to tell the Makefile to take them from there. %{make} %{?_smp_mflags} headers_install + +# If we re building only tools without kernel, we need to generate config +# headers and prepare tree for modules building. The modules_prepare target +# will cover both. +if [ ! -f include/generated/autoconf.h ]; then + %{make} %{?_smp_mflags} modules_prepare +fi + %{make} %{?_smp_mflags} ARCH=$Arch V=1 M=samples/bpf/ # Prevent bpf selftests to build bpftool repeatedly: @@ -2945,6 +2953,45 @@ fi # # %changelog +* Tue Jun 14 2022 Herton R. Krzesinski [5.14.0-70.17.1.el9_0] +- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966} +- thunderx nic: mark device as unmaintained (Íñigo Huguet) [2092638 2060285] +- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255 2067770] +- perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087963 2087964] {CVE-2022-1729} +- spec: Fix separate tools build (Jiri Olsa) [2090852 2054579] +- mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963 2033500] + +* Wed Jun 08 2022 Herton R. Krzesinski [5.14.0-70.16.1.el9_0] +- dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187 2081778] + +* Wed Jun 01 2022 Herton R. Krzesinski [5.14.0-70.15.1.el9_0] +- CI: Use zstream builder image (Veronika Kabatova) +- tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- tcp: add small random increments to the source port (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} +- Revert "netfilter: conntrack: tag conntracks picked up in local out hook" (Florian Westphal) [2085480 2061850] +- Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" (Florian Westphal) [2085480 2061850] +- redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi) +- redhat: fix make {distg-brew,distg-koji} (Andrea Claudi) +- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} +- esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} +- sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856] +- security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856] +- security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856] +- security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856] +- security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856] + +* Wed May 11 2022 Herton R. Krzesinski [5.14.0-70.14.1.el9_0] +- PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074830 2068432] +- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074830 2068432] +- redhat: rpminspect: disable 'patches' check for known empty patch files (Herton R. Krzesinski) +- redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins (Vladis Dronov) [2072643 2070624] +- CI: Drop baseline runs (Veronika Kabatova) + * Thu Apr 14 2022 Herton R. Krzesinski [5.14.0-70.13.1.el9_0] - redhat: disable uncommon media device infrastructure (Jarod Wilson) [2074598] - netfilter: nf_tables: unregister flowtable hooks on netns exit (Florian Westphal) [2056869]