rpms/kernel
9
2
Fork 6
Code Issues Pull Requests Releases Activity

hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

Browse Source 
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024

megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024

qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024

qla4xxx: bring back deprecated PCI ids

lpfc: bring back deprecated PCI ids

be2iscsi: bring back deprecated PCI ids

kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained

Use AlmaLinux OS secure boot cert

Debrand for AlmaLinux OS

Add KVM support for ppc64le
This commit is contained in:
Andrew Lukoshko 2026-01-22 11:19:27 +00:00 committed by root
commit 770ab861d5
5 changed files with 136 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -1,6 +1,6 @@
SOURCES/kernel-abi-stablelists-5.14.0-611.20.1.el9_7.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-611.20.1.el9_7.tar.bz2
SOURCES/linux-5.14.0-611.20.1.el9_7.tar.xz
SOURCES/kernel-abi-stablelists-5.14.0-611.24.1.el9_7.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-611.24.1.el9_7.tar.bz2
SOURCES/linux-5.14.0-611.24.1.el9_7.tar.xz
SOURCES/nvidiagpuoot001.x509
SOURCES/olima1.x509
SOURCES/olimaca1.x509

6
.kernel.metadata
View File

@ -1,6 +1,6 @@
1e30289092b81ba717ae5e7f571e1e45bf6c9fe8 SOURCES/kernel-abi-stablelists-5.14.0-611.20.1.el9_7.tar.bz2
070fdef7e39adf3321eb25910d3da5b3eccb36ec SOURCES/kernel-kabi-dw-5.14.0-611.20.1.el9_7.tar.bz2
650b2127d6afd5fbed75f4c69c1dff313a99e32f SOURCES/linux-5.14.0-611.20.1.el9_7.tar.xz
9e58f9a6113ab01923ba02acaff63b7de1d8ccf0 SOURCES/kernel-abi-stablelists-5.14.0-611.24.1.el9_7.tar.bz2
c3610b2f194974a2a575ec35b0c17336dba19542 SOURCES/kernel-kabi-dw-5.14.0-611.24.1.el9_7.tar.bz2
1568c0459f000363b10345c6dfa4af7e700b026b SOURCES/linux-5.14.0-611.24.1.el9_7.tar.xz
4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509

2
SOURCES/Makefile.rhelver
View File

@ -12,7 +12,7 @@ RHEL_MINOR = 7
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 611.20.1
RHEL_RELEASE = 611.24.1
#
# ZSTREAM

62
SOURCES/kernel.changelog
View File

@ -1,3 +1,65 @@
* Sat Jan 10 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.24.1.el9_7]
- gitlab-ci: use rhel9.7 builder image (Michael Hofmann)
- smb: client: let recv_done verify data_offset, data_length and remaining_data_length (Paulo Alcantara) [RHEL-131388] {CVE-2025-39933}
- tty: n_tty: Fix buffer offsets when lookahead is used (Radostin Stoyanov) [RHEL-130039]
Resolves: RHEL-130039, RHEL-131388
* Thu Jan 08 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.23.1.el9_7]
- book3s64/hash: Remove kfence support temporarily (Mamatha Inamdar) [RHEL-135574]
- xfs: rework datasync tracking and execution (CKI Backport Bot) [RHEL-135714]
- xfs: rearrange code in xfs_inode_item_precommit (CKI Backport Bot) [RHEL-135714]
- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-116121]
- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-116121]
- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-116121]
- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-116121]
- ipv4/route: avoid unused-but-set-variable warning (Guillaume Nault) [RHEL-116121]
- arm64: errata: Expand speculative SSBS workaround for Cortex-A720AE (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Cortex-A720AE definitions (Waiman Long) [RHEL-130734]
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Waiman Long) [RHEL-130734]
- arm64: Add support for HIP09 Spectre-BHB mitigation (Waiman Long) [RHEL-130734]
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Waiman Long) [RHEL-130734]
- arm64: cputype: Add MIDR_CORTEX_A76AE (Waiman Long) [RHEL-130734]
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Waiman Long) [RHEL-130734]
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (Waiman Long) [RHEL-130734]
- arm64: errata: Expand speculative SSBS workaround once more (Waiman Long) [RHEL-130734]
- arm64: errata: Expand speculative SSBS workaround (again) (Waiman Long) [RHEL-130734]
- tools headers arm64: Sync arm64's cputype.h with the kernel sources (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Neoverse-N3 definitions (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Cortex-A725 definitions (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Cortex-X1C definitions (Waiman Long) [RHEL-130734]
- drm/xe: Make dma-fences compliant with the safe access rules (Mika Penttilä) [RHEL-122263] {CVE-2025-38703}
Resolves: RHEL-116121, RHEL-122263, RHEL-130734, RHEL-135574, RHEL-135714
* Wed Jan 07 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.22.1.el9_7]
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CKI Backport Bot) [RHEL-137400] {CVE-2025-68285}
Resolves: RHEL-137400
* Thu Jan 01 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.21.1.el9_7]
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CKI Backport Bot) [RHEL-137147] {CVE-2025-68287}
- redhat: conflict with unsupported shim on x86/aarch64 (9.7.z) (Li Tian) [RHEL-135775]
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CKI Backport Bot) [RHEL-134428] {CVE-2025-40277}
- perf tools: Don't set attr.exclude_guest by default (Michael Petlan) [RHEL-131726]
- smb: client: fix refcount leak in smb2_set_path_attr (Paulo Alcantara) [RHEL-127422]
- smb: client: fix potential UAF in smb2_close_cached_fid() (Paulo Alcantara) [RHEL-127422]
- smb: client: fix potential cfid UAF in smb2_query_info_compound (Paulo Alcantara) [RHEL-127422]
- smb: client: Fix refcount leak for cifs_sb_tlink (Paulo Alcantara) [RHEL-127422]
- cifs: parse_dfs_referrals: prevent oob on malformed input (Paulo Alcantara) [RHEL-127422]
- smb: client: remove cfids_invalidation_worker (Paulo Alcantara) [RHEL-127422]
- smb client: fix bug with newly created file in cached dir (Paulo Alcantara) [RHEL-127422]
- smb: client: short-circuit negative lookups when parent dir is fully cached (Paulo Alcantara) [RHEL-127422]
- smb: client: short-circuit in open_cached_dir_by_dentry() if !dentry (Paulo Alcantara) [RHEL-127422]
- smb: client: remove pointless cfid->has_lease check (Paulo Alcantara) [RHEL-127422]
- smb: client: remove unused fid_lock (Paulo Alcantara) [RHEL-127422]
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (Paulo Alcantara) [RHEL-127422]
- smb: client: ensure open_cached_dir_by_dentry() only returns valid cfid (Paulo Alcantara) [RHEL-127422]
- smb: client: account smb directory cache usage and per-tcon totals (Paulo Alcantara) [RHEL-127422]
- smb: client: add drop_dir_cache module parameter to invalidate cached dirents (Paulo Alcantara) [RHEL-127422]
- smb: client: show lease state as R/H/W (or NONE) in open_files (Paulo Alcantara) [RHEL-127422]
- smb: client: show negotiated cipher in DebugData (Paulo Alcantara) [RHEL-127422]
- smb: client: add new tracepoint to trace lease break notification (Paulo Alcantara) [RHEL-127422]
- smb: client: Fix NULL pointer dereference in cifs_debug_dirs_proc_show() (Paulo Alcantara) [RHEL-127422]
Resolves: RHEL-127422, RHEL-131726, RHEL-134428, RHEL-135775, RHEL-137147
* Sat Dec 20 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.20.1.el9_7]
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CKI Backport Bot) [RHEL-124607] {CVE-2025-39806}
- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134001] {CVE-2025-40240}

73
SPECS/kernel.spec
View File

@ -165,15 +165,15 @@ Summary: The Linux kernel
# define buildid .local
%define specversion 5.14.0
%define patchversion 5.14
%define pkgrelease 611.20.1
%define pkgrelease 611.24.1
%define kversion 5
%define tarfile_release 5.14.0-611.20.1.el9_7
%define tarfile_release 5.14.0-611.24.1.el9_7
# This is needed to do merge window version magic
%define patchlevel 14
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 611.20.1%{?buildid}%{?dist}
%define specrelease 611.24.1%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 5.14.0-611.20.1.el9_7
%define kabiversion 5.14.0-611.24.1.el9_7
#
# End of genspec.sh variables
@ -984,6 +984,9 @@ Recommends: linux-firmware\
Requires(preun): systemd >= 200\
Conflicts: xfsprogs < 4.3.0-1\
Conflicts: xorg-x11-drv-vmmouse < 13.0.99\
%ifarch x86_64 aarch64\
Conflicts: shim < 15.8-1\
%endif\
%{expand:%%{?kernel%{?1:_%{1}}_conflicts:Conflicts: %%{kernel%{?1:_%{1}}_conflicts}}}\
%{expand:%%{?kernel%{?1:_%{1}}_obsoletes:Obsoletes: %%{kernel%{?1:_%{1}}_obsoletes}}}\
%{expand:%%{?kernel%{?1:_%{1}}_provides:Provides: %%{kernel%{?1:_%{1}}_provides}}}\
@ -3768,7 +3771,7 @@ fi
#
#
%changelog
* Wed Jan 14 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.20.1
* Thu Jan 22 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.24.1
- hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
- mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
- megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@ -3779,11 +3782,69 @@ fi
- kernel/rh_messages.h: enable all disabled pci devices by moving to
unmaintained
* Wed Jan 14 2026 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.20.1
* Thu Jan 22 2026 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.24.1
- Use AlmaLinux OS secure boot cert
- Debrand for AlmaLinux OS
- Add KVM support for ppc64le
* Sat Jan 10 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.24.1.el9_7]
- gitlab-ci: use rhel9.7 builder image (Michael Hofmann)
- smb: client: let recv_done verify data_offset, data_length and remaining_data_length (Paulo Alcantara) [RHEL-131388] {CVE-2025-39933}
- tty: n_tty: Fix buffer offsets when lookahead is used (Radostin Stoyanov) [RHEL-130039]
* Thu Jan 08 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.23.1.el9_7]
- book3s64/hash: Remove kfence support temporarily (Mamatha Inamdar) [RHEL-135574]
- xfs: rework datasync tracking and execution (CKI Backport Bot) [RHEL-135714]
- xfs: rearrange code in xfs_inode_item_precommit (CKI Backport Bot) [RHEL-135714]
- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-116121]
- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-116121]
- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-116121]
- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-116121]
- ipv4/route: avoid unused-but-set-variable warning (Guillaume Nault) [RHEL-116121]
- arm64: errata: Expand speculative SSBS workaround for Cortex-A720AE (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Cortex-A720AE definitions (Waiman Long) [RHEL-130734]
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Waiman Long) [RHEL-130734]
- arm64: Add support for HIP09 Spectre-BHB mitigation (Waiman Long) [RHEL-130734]
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Waiman Long) [RHEL-130734]
- arm64: cputype: Add MIDR_CORTEX_A76AE (Waiman Long) [RHEL-130734]
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Waiman Long) [RHEL-130734]
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (Waiman Long) [RHEL-130734]
- arm64: errata: Expand speculative SSBS workaround once more (Waiman Long) [RHEL-130734]
- arm64: errata: Expand speculative SSBS workaround (again) (Waiman Long) [RHEL-130734]
- tools headers arm64: Sync arm64's cputype.h with the kernel sources (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Neoverse-N3 definitions (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Cortex-A725 definitions (Waiman Long) [RHEL-130734]
- arm64: cputype: Add Cortex-X1C definitions (Waiman Long) [RHEL-130734]
- drm/xe: Make dma-fences compliant with the safe access rules (Mika Penttilä) [RHEL-122263] {CVE-2025-38703}
* Wed Jan 07 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.22.1.el9_7]
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CKI Backport Bot) [RHEL-137400] {CVE-2025-68285}
* Thu Jan 01 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.21.1.el9_7]
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CKI Backport Bot) [RHEL-137147] {CVE-2025-68287}
- redhat: conflict with unsupported shim on x86/aarch64 (9.7.z) (Li Tian) [RHEL-135775]
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CKI Backport Bot) [RHEL-134428] {CVE-2025-40277}
- perf tools: Don't set attr.exclude_guest by default (Michael Petlan) [RHEL-131726]
- smb: client: fix refcount leak in smb2_set_path_attr (Paulo Alcantara) [RHEL-127422]
- smb: client: fix potential UAF in smb2_close_cached_fid() (Paulo Alcantara) [RHEL-127422]
- smb: client: fix potential cfid UAF in smb2_query_info_compound (Paulo Alcantara) [RHEL-127422]
- smb: client: Fix refcount leak for cifs_sb_tlink (Paulo Alcantara) [RHEL-127422]
- cifs: parse_dfs_referrals: prevent oob on malformed input (Paulo Alcantara) [RHEL-127422]
- smb: client: remove cfids_invalidation_worker (Paulo Alcantara) [RHEL-127422]
- smb client: fix bug with newly created file in cached dir (Paulo Alcantara) [RHEL-127422]
- smb: client: short-circuit negative lookups when parent dir is fully cached (Paulo Alcantara) [RHEL-127422]
- smb: client: short-circuit in open_cached_dir_by_dentry() if !dentry (Paulo Alcantara) [RHEL-127422]
- smb: client: remove pointless cfid->has_lease check (Paulo Alcantara) [RHEL-127422]
- smb: client: remove unused fid_lock (Paulo Alcantara) [RHEL-127422]
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (Paulo Alcantara) [RHEL-127422]
- smb: client: ensure open_cached_dir_by_dentry() only returns valid cfid (Paulo Alcantara) [RHEL-127422]
- smb: client: account smb directory cache usage and per-tcon totals (Paulo Alcantara) [RHEL-127422]
- smb: client: add drop_dir_cache module parameter to invalidate cached dirents (Paulo Alcantara) [RHEL-127422]
- smb: client: show lease state as R/H/W (or NONE) in open_files (Paulo Alcantara) [RHEL-127422]
- smb: client: show negotiated cipher in DebugData (Paulo Alcantara) [RHEL-127422]
- smb: client: add new tracepoint to trace lease break notification (Paulo Alcantara) [RHEL-127422]
- smb: client: Fix NULL pointer dereference in cifs_debug_dirs_proc_show() (Paulo Alcantara) [RHEL-127422]
* Sat Dec 20 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.20.1.el9_7]
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CKI Backport Bot) [RHEL-124607] {CVE-2025-39806}
- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134001] {CVE-2025-40240}