hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 qla4xxx: bring back deprecated PCI ids lpfc: bring back deprecated PCI ids be2iscsi: bring back deprecated PCI ids kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained NFSD: fix hang in nfsd4_shutdown_callback Use AlmaLinux OS secure boot cert Debrand for AlmaLinux OS Add KVM support for ppc64le
2025-08-06 14:06:15 +00:00 · 2025-08-06 14:06:15 +00:00 · 58daf93a57
commit 58daf93a57
parent a141683e15 2fd663d3b0
6 changed files with 118 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,9 +1,7 @@
-SOURCES/kernel-abi-stablelists-5.14.0-570.30.1.el9_6.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-570.30.1.el9_6.tar.bz2
-SOURCES/linux-5.14.0-570.30.1.el9_6.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-570.32.1.el9_6.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-570.32.1.el9_6.tar.bz2
+SOURCES/linux-5.14.0-570.32.1.el9_6.tar.xz
 SOURCES/nvidiagpuoot001.x509
-SOURCES/olima1.x509
-SOURCES/olimaca1.x509
 SOURCES/rheldup3.x509
 SOURCES/rhelima.x509
 SOURCES/rhelima_centos.x509
--- a/.kernel.metadata
+++ b/.kernel.metadata
@ -1,9 +1,7 @@
-bd055e645afd241ba1d20dc1b3616f71fef342ed SOURCES/kernel-abi-stablelists-5.14.0-570.30.1.el9_6.tar.bz2
-b36f8123a1f4f332d799bf62a97fce7a2c35531c SOURCES/kernel-kabi-dw-5.14.0-570.30.1.el9_6.tar.bz2
-406a2a0cc1ced265faffecf9cc33fff45c0f2e43 SOURCES/linux-5.14.0-570.30.1.el9_6.tar.xz
+7998fa30415656d00a05bae0f3044fcfd550d81d SOURCES/kernel-abi-stablelists-5.14.0-570.32.1.el9_6.tar.bz2
+2a916ddd87e94cec130b092d8c508c7af2b96b07 SOURCES/kernel-kabi-dw-5.14.0-570.32.1.el9_6.tar.bz2
+29cdf4fe7164805e5e70f264a689f9ff428b7c3f SOURCES/linux-5.14.0-570.32.1.el9_6.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
-706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
-6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509
 61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@ -12,7 +12,7 @@ RHEL_MINOR = 6
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 570.30.1
+RHEL_RELEASE = 570.32.1

 #
 # ZSTREAM
--- a/SOURCES/b86dbf455d75ce54314efc826364259b8a87a8d0.patch
+++ b/SOURCES/b86dbf455d75ce54314efc826364259b8a87a8d0.patch
@ -0,0 +1,54 @@
+From b86dbf455d75ce54314efc826364259b8a87a8d0 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <okorniev@redhat.com>
+Date: Mon, 3 Mar 2025 12:09:08 -0500
+Subject: [PATCH] NFSD: fix hang in nfsd4_shutdown_callback
+
+JIRA: https://issues.redhat.com/browse/RHEL-81291
+CVE: CVE-2025-21795
+
+commit 036ac2778f7b28885814c6fbc07e156ad1624d03
+Author: Dai Ngo <dai.ngo@oracle.com>
+Date:   Thu Jan 30 11:01:27 2025 -0800
+
+    NFSD: fix hang in nfsd4_shutdown_callback
+
+    If nfs4_client is in courtesy state then there is no point to send
+    the callback. This causes nfsd4_shutdown_callback to hang since
+    cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP
+    notifies NFSD that the connection was dropped.
+
+    This patch modifies nfsd4_run_cb_work to skip the RPC call if
+    nfs4_client is in courtesy state.
+
+    Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
+    Fixes: 66af25799940 ("NFSD: add courteous server support for thread with only delegation")
+    Cc: stable@vger.kernel.org
+    Reviewed-by: Jeff Layton <jlayton@kernel.org>
+    Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+
+Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
+---
+ fs/nfsd/nfs4callback.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
+index 0d7cc2f9a8e07..d8eed853d528d 100644
+--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
+@@ -1480,8 +1480,11 @@ nfsd4_run_cb_work(struct work_struct *work)
+ 		nfsd4_process_cb_update(cb);
+ 
+ 	clnt = clp->cl_cb_client;
+-	if (!clnt) {
+-		/* Callback channel broken, or client killed; give up: */
+	if (!clnt || clp->cl_state == NFSD4_COURTESY) {
+		/*
+		 * Callback channel broken, client killed or
+		 * nfs4_client in courtesy state; give up.
+		 */
+ 		nfsd41_destroy_cb(cb);
+ 		return;
+ 	}
+-- 
+GitLab
+
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@ -1,3 +1,29 @@
+* Mon Jul 28 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.32.1.el9_6]
+- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Davide Caratti) [RHEL-97522] {CVE-2025-38001 CVE-2025-37890}
+- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Davide Caratti) [RHEL-97522] {CVE-2025-38000}
+- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Davide Caratti) [RHEL-97522] {CVE-2025-37890}
+- sch_hfsc: make hfsc_qlen_notify() idempotent (Ivan Vecera) [RHEL-97522]
+- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98847] {CVE-2025-21928}
+- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CKI Backport Bot) [RHEL-98871] {CVE-2025-21929}
+Resolves: RHEL-97522, RHEL-98847, RHEL-98871
+
+* Sat Jul 26 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.31.1.el9_6]
+- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (David Marlin) [RHEL-95324] {CVE-2025-37918}
+- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Desnes Nunes) [RHEL-99029] {CVE-2025-22020}
+- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (John W. Linville) [RHEL-97499] {CVE-2022-49788}
+- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103087]
+- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103087] {CVE-2025-38052}
+- md/raid1: Add check for missing source disk in process_checks() (CKI Backport Bot) [RHEL-97439]
+- net/sched: fix use-after-free in taprio_dev_notifier (CKI Backport Bot) [RHEL-101317] {CVE-2025-38087}
+- padata: avoid UAF for reorder_work (Rafael Aquini) [RHEL-97031] {CVE-2025-21727 CVE-2025-21726}
+- padata: fix UAF in padata_reorder (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- padata: add pd get/put refcnt helper (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- padata: fix sysfs store callback check (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- padata: Clean up in padata_do_multithreaded() (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- platform/x86: dell_rbu: Fix list usage (David Arcari) [RHEL-100908]
+- cifs: Fix integer overflow while processing closetimeo mount option (CKI Backport Bot) [RHEL-87900] {CVE-2025-21962}
+Resolves: RHEL-100908, RHEL-101317, RHEL-103087, RHEL-87900, RHEL-95324, RHEL-97031, RHEL-97439, RHEL-97499, RHEL-99029
+
 * Thu Jul 24 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.30.1.el9_6]
 - net_sched: hfsc: Fix a UAF vulnerability in class handling (Davide Caratti) [RHEL-95853] {CVE-2025-37797}
 Resolves: RHEL-95853
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 570.30.1
+%define pkgrelease 570.32.1
 %define kversion 5
-%define tarfile_release 5.14.0-570.30.1.el9_6
+%define tarfile_release 5.14.0-570.32.1.el9_6
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 570.30.1%{?buildid}%{?dist}
+%define specrelease 570.32.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-570.30.1.el9_6
+%define kabiversion 5.14.0-570.32.1.el9_6

 #
 # End of genspec.sh variables
@ -3863,7 +3863,7 @@ fi
 #
 #
 %changelog
-* Wed Jul 30 2025 Andrei Lukoshko <alukoshko@almalinux.org> - 5.14.0-570.30.1
+* Wed Aug 06 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-570.32.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@ -3873,12 +3873,37 @@ fi
 - be2iscsi: bring back deprecated PCI ids
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
  unmaintained
+- NFSD: fix hang in nfsd4_shutdown_callback

-* Wed Jul 30 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-570.30.1
+* Wed Aug 06 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-570.32.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 - Add KVM support for ppc64le

+* Mon Jul 28 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.32.1.el9_6]
+- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Davide Caratti) [RHEL-97522] {CVE-2025-38001 CVE-2025-37890}
+- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Davide Caratti) [RHEL-97522] {CVE-2025-38000}
+- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Davide Caratti) [RHEL-97522] {CVE-2025-37890}
+- sch_hfsc: make hfsc_qlen_notify() idempotent (Ivan Vecera) [RHEL-97522]
+- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98847] {CVE-2025-21928}
+- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CKI Backport Bot) [RHEL-98871] {CVE-2025-21929}
+
+* Sat Jul 26 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.31.1.el9_6]
+- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (David Marlin) [RHEL-95324] {CVE-2025-37918}
+- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Desnes Nunes) [RHEL-99029] {CVE-2025-22020}
+- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (John W. Linville) [RHEL-97499] {CVE-2022-49788}
+- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103087]
+- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103087] {CVE-2025-38052}
+- md/raid1: Add check for missing source disk in process_checks() (CKI Backport Bot) [RHEL-97439]
+- net/sched: fix use-after-free in taprio_dev_notifier (CKI Backport Bot) [RHEL-101317] {CVE-2025-38087}
+- padata: avoid UAF for reorder_work (Rafael Aquini) [RHEL-97031] {CVE-2025-21727 CVE-2025-21726}
+- padata: fix UAF in padata_reorder (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- padata: add pd get/put refcnt helper (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- padata: fix sysfs store callback check (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- padata: Clean up in padata_do_multithreaded() (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
+- platform/x86: dell_rbu: Fix list usage (David Arcari) [RHEL-100908]
+- cifs: Fix integer overflow while processing closetimeo mount option (CKI Backport Bot) [RHEL-87900] {CVE-2025-21962}
+
 * Thu Jul 24 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.30.1.el9_6]
 - net_sched: hfsc: Fix a UAF vulnerability in class handling (Davide Caratti) [RHEL-95853] {CVE-2025-37797}