import EuroLinux 4.18.0-513.18.1.el8_9

This commit is contained in:
eabdullin 2024-02-22 10:10:00 +03:00
parent 567d198790
commit 5c12f03449
6 changed files with 141 additions and 33 deletions

2
.gitignore vendored
View File

@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
SOURCES/centossecurebootca2.cer SOURCES/centossecurebootca2.cer
SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz
SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot302.cer
SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot303.cer
SOURCES/redhatsecureboot501.cer SOURCES/redhatsecureboot501.cer

View File

@ -2,7 +2,7 @@
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
8e36f68bdc4846384ae9835f703e877318c66d1c SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz cb01896ee61636ccd11f3359e7d30d390802cc81 SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer

View File

@ -0,0 +1,12 @@
--- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700
@@ -147,7 +147,7 @@ void main(void)
/* Make sure we have all the proper CPU support */
if (validate_cpu()) {
- puts("This processor is not supported in this version of RHEL.\n");
+ puts("This processor is not supported in this version of EuroLinux.\n");
die();
}

View File

@ -0,0 +1,11 @@
--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700
@@ -900,7 +900,7 @@ static void rh_check_supported(void)
if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
!guest && is_kdump_kernel()) {
pr_crit("Detected single cpu native boot.\n");
- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
+ pr_crit("Important: In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported.");
}
/*

View File

@ -0,0 +1,12 @@
diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c
--- linux-4.18.0-477.27.1.el8_8/init/main.c 2023-08-31 16:01:50.000000000 +0200
+++ linux-4.18.0-477.27.1.el8_8p/init/main.c 2023-09-20 14:02:16.439638219 +0200
@@ -576,7 +576,7 @@
page_alloc_init();
pr_notice("Kernel command line: %s\n", boot_command_line);
- pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n");
+ pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n");
/* parameters may set static keys */
jump_label_init();
parse_early_param();

View File

@ -38,10 +38,10 @@
# define buildid .local # define buildid .local
%define specversion 4.18.0 %define specversion 4.18.0
%define pkgrelease 513.11.1.el8_9 %define pkgrelease 513.18.1.el8_9
# allow pkg_release to have configurable %%{?dist} tag # allow pkg_release to have configurable %%{?dist} tag
%define specrelease 513.11.1%{?dist} %define specrelease 513.18.1%{?dist}
%define pkg_release %{specrelease}%{?buildid} %define pkg_release %{specrelease}%{?buildid}
@ -324,6 +324,19 @@
%define initrd_prereq dracut >= 027 %define initrd_prereq dracut >= 027
# EuroLinux override
# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
# we have to change this here
%define with_doc 1
%define with_kabichk 1
%define with_kernel_abi_whitelists 1
%global signkernel 0
%global signmodules 0
# End of EuroLinux override
Name: kernel%{?variant} Name: kernel%{?variant}
Group: System Environment/Kernel Group: System Environment/Kernel
License: GPLv2 and Redistributable, no modification permitted License: GPLv2 and Redistributable, no modification permitted
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml
# empty final patch to facilitate testing of kernel patches # empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch Patch999999: linux-kernel-test.patch
Patch1000: debrand-rh-i686-cpu.patch
Patch1002: debrand-single-cpu.patch
Patch1003: debrand-specific-versions-of-hardware.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
%description %description
This is the package which provides the Linux %{name} for Red Hat Enterprise This is the package which provides the Linux %{name} for EuroLinux.
Linux. It is based on upstream Linux at version %{version} and maintains kABI It is based on upstream Linux at version %{version} and maintains kABI
compatibility of a set of approved symbols, however it is heavily modified with compatibility of a set of approved symbols, however it is heavily modified with
backports and fixes pulled from newer upstream Linux %{name} releases. This means backports and fixes pulled from newer upstream Linux %{name} releases. This means
this is not a %{version} kernel anymore: it includes several components which come this is not a %{version} kernel anymore: it includes several components which come
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
core. Some of the components/backports that may be pulled in are: changes like core. Some of the components/backports that may be pulled in are: changes like
updates to the core kernel (eg.: scheduler, cgroups, memory management, security updates to the core kernel (eg.: scheduler, cgroups, memory management, security
fixes and features), updates to block layer, supported filesystems, major driver fixes and features), updates to block layer, supported filesystems, major driver
updates for supported hardware in Red Hat Enterprise Linux, enhancements for updates for supported hardware in EuroLinux, enhancements for
enterprise customers, etc. enterprise customers, etc.
# #
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
%endif %endif
%package -n %{name}-abi-stablelists %package -n %{name}-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists Summary: The EuroLinux kernel ABI symbol stablelists
Group: System Environment/Kernel Group: System Environment/Kernel
AutoReqProv: no AutoReqProv: no
Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release} Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
Provides: %{name}-abi-whitelists Provides: %{name}-abi-whitelists
%description -n %{name}-abi-stablelists %description -n %{name}-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise The kABI package contains information pertaining to the EuroLinux
Linux kernel ABI, including lists of kernel symbols that are needed by kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement. external Linux kernel modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base} %if %{with_kabidw_base}
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel Group: System Environment/Kernel
AutoReqProv: no AutoReqProv: no
%description kernel-kabidw-base-internal %description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise The package contains data describing the current ABI of the EuroLinux
Linux kernel, suitable for the kabi-dw tool. kernel, suitable for the kabi-dw tool.
%endif %endif
# #
@ -898,7 +914,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
AutoReq: no\ AutoReq: no\
AutoProv: yes\ AutoProv: yes\
%description %{?1:%{1}-}modules-internal\ %description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ This package provides kernel modules for the %{?2:%{2} }kernel package for EuroLinux internal usage.\
%{nil} %{nil}
# #
@ -1067,12 +1083,6 @@ ApplyPatch()
if [ ! -f $RPM_SOURCE_DIR/$patch ]; then if [ ! -f $RPM_SOURCE_DIR/$patch ]; then
exit 1 exit 1
fi fi
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
if [ "${patch:0:8}" != "patch-4." ] ; then
echo "ERROR: Patch $patch not listed as a source patch in specfile"
exit 1
fi
fi 2>/dev/null
case "$patch" in case "$patch" in
*.bz2) bunzip2 < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;; *.bz2) bunzip2 < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;;
*.gz) gunzip < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;; *.gz) gunzip < "$RPM_SOURCE_DIR/$patch" | $patch_command ${1+"$@"} ;;
@ -1100,6 +1110,9 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
cd linux-%{KVERREL} cd linux-%{KVERREL}
ApplyOptionalPatch debrand-single-cpu.patch
ApplyOptionalPatch debrand-specific-versions-of-hardware.patch
ApplyOptionalPatch debrand-rh-i686-cpu.patch
ApplyOptionalPatch linux-kernel-test.patch ApplyOptionalPatch linux-kernel-test.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
@ -1750,20 +1763,7 @@ BuildKernel() {
# build a BLS config for this kernel # build a BLS config for this kernel
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%ifarch s390x ppc64le
if [ $DoModules -eq 1 ]; then
if [ -x /usr/bin/rpm-sign ]; then
install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
else
install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
fi
fi
%endif
%if %{with_ipaclones} %if %{with_ipaclones}
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p') MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
@ -2696,6 +2696,79 @@ fi
# #
# #
%changelog %changelog
* Tue Feb 20 2024 EuroLinux Autopatch <devel@euro-linux.com>
- Added Patch: debrand-rh-i686-cpu.patch
--> i686 info debrand
- Added Patch: debrand-single-cpu.patch
--> Single cpu debrand
- Added Patch: debrand-specific-versions-of-hardware.patch
--> Specific versions of hardware debrand
* Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007]
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817}
* Thu Jan 25 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.17.1.el8_9]
- redhat: rewrite genlog and support Y- tags (Jan Stancek)
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606}
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410]
- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944]
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128]
* Thu Jan 18 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.16.1.el8_9]
- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142]
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244]
- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073}
- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831]
- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055]
* Thu Jan 11 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.15.1.el8_9]
- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244]
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244]
- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
* Thu Jan 04 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.14.1.el8_9]
- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19452 RHEL-6567] {CVE-2022-3545}
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (David Marlin) [RHEL-18999 RHEL-1231] {CVE-2023-40283}
- md/raid5: release batch_last before waiting for another stripe_head (Nigel Croxon) [RHEL-12284 RHEL-9875]
* Thu Dec 21 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.13.1.el8_9]
- Fix double fget() in vhost_net_set_backend() (Jon Maloy) [RHEL-13212 RHEL-7162] {CVE-2023-1838}
- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19462 RHEL-6429] {CVE-2023-2166}
- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
- net: fix net device address assign type (Michal Schmidt) [RHEL-17296 RHEL-6383]
- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17296 RHEL-6383]
- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18583 RHEL-6655] {CVE-2022-41858}
* Thu Dec 14 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.12.1.el8_9]
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
- net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
- net/tls: Remove the context from the list in tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
- tls: Fix context leak on tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15187 RHEL-15188] {CVE-2023-45871}
* Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9] * Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9]
- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko) - redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)
- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504] - blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]