From 7ae93eae3b9db2da0d6be0bf0f78ed1dca818005 Mon Sep 17 00:00:00 2001 From: Eduard Abdullin Date: Tue, 13 Jan 2026 11:50:22 +0000 Subject: [PATCH] Debrand for AlmaLinux OS Use AlmaLinux OS secure boot cert Enable Btrfs support for all kernel variants hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 qla4xxx: bring back deprecated PCI ids lpfc: bring back deprecated PCI ids be2iscsi: bring back deprecated PCI ids kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained --- .gitignore | 6 ++--- Makefile.rhelver | 2 +- kernel.changelog | 52 +++++++++++++++++++++++++++++++++++++++++ kernel.spec | 60 ++++++++++++++++++++++++++++++++++++++++++------ sources | 6 ++--- 5 files changed, 112 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 7c9a3690c..153853066 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ fedoraimaca.x509 -kernel-abi-stablelists-6.12.0-124.21.1.el10_1.tar.xz -kernel-kabi-dw-6.12.0-124.21.1.el10_1.tar.xz -linux-6.12.0-124.21.1.el10_1.tar.xz +kernel-abi-stablelists-6.12.0-124.27.1.el10_1.tar.xz +kernel-kabi-dw-6.12.0-124.27.1.el10_1.tar.xz +linux-6.12.0-124.27.1.el10_1.tar.xz nvidiagpuoot001.x509 redhatsecureboot501.cer redhatsecureboot504.cer diff --git a/Makefile.rhelver b/Makefile.rhelver index 76c6c89c6..fdb3c98d5 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 1 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 124.21.1 +RHEL_RELEASE = 124.27.1 # # RHEL_REBASE_NUM diff --git a/kernel.changelog b/kernel.changelog index 4e00b19a3..9a34a2734 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,55 @@ +* Sat Dec 27 2025 CKI KWF Bot [6.12.0-124.27.1.el10_1] +- arm64: errata: Expand speculative SSBS workaround for Cortex-A720AE (Waiman Long) [RHEL-120684] +- arm64: cputype: Add Cortex-A720AE definitions (Waiman Long) [RHEL-120684] +- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Waiman Long) [RHEL-120684] +- arm64: Add support for HIP09 Spectre-BHB mitigation (Waiman Long) [RHEL-120684] +- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Waiman Long) [RHEL-120684] +- arm64: cputype: Add MIDR_CORTEX_A76AE (Waiman Long) [RHEL-120684] +- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Waiman Long) [RHEL-120684] +- kmem/tracing: add kmem name to kmem_cache_alloc tracepoint (Charles Haithcock) [RHEL-129882] +- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (Rafael Aquini) [RHEL-128383] +Resolves: RHEL-120684, RHEL-128383, RHEL-129882 + +* Tue Dec 23 2025 CKI KWF Bot [6.12.0-124.26.1.el10_1] +- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CKI Backport Bot) [RHEL-137150] {CVE-2025-68287} +- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CKI Backport Bot) [RHEL-134431] {CVE-2025-40277} +- net: phylink: add lock for serializing concurrent pl->phydev writes with resolver (CKI Backport Bot) [RHEL-129812] {CVE-2025-39905} +Resolves: RHEL-129812, RHEL-134431, RHEL-137150 + +* Sat Dec 20 2025 CKI KWF Bot [6.12.0-124.25.1.el10_1] +- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134010] {CVE-2025-40240} +- HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 (CKI Backport Bot) [RHEL-128281] +- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CKI Backport Bot) [RHEL-124610] {CVE-2025-39806} +- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-115287] +- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-115287] +- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-115287] +- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-115287] +Resolves: RHEL-115287, RHEL-124610, RHEL-128281, RHEL-134010 + +* Tue Dec 16 2025 CKI KWF Bot [6.12.0-124.24.1.el10_1] +- audit: fix out-of-bounds read in audit_compare_dname_path() (Richard Guy Briggs) [RHEL-119185] {CVE-2025-39840} +Resolves: RHEL-119185 + +* Sat Dec 13 2025 CKI KWF Bot [6.12.0-124.23.1.el10_1] +- redhat: use RELEASE_LOCALVERSION also for dist-get-tag (Jan Stancek) +- redhat: introduce RELEASE_LOCALVERSION variable (Jan Stancek) +- iommufd: Fix race during abort for file descriptors (Eder Zulian) [RHEL-123789] {CVE-2025-39966} +- smb: client: handle lack of IPC in dfs_cache_refresh() (Paulo Alcantara) [RHEL-126227] +- mm: slub: avoid wake up kswapd in set_track_prepare (Audra Mitchell) [RHEL-125522] {CVE-2025-39843} +- dpll: zl3073x: Increase maximum size of flash utility (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Implement devlink flash callback (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Add firmware loading functionality (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Add low-level flash functions (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Add functions to access hardware registers (Ivan Vecera) [RHEL-116157] +Resolves: RHEL-116157, RHEL-123789, RHEL-125522, RHEL-126227 + +* Sun Dec 07 2025 CKI KWF Bot [6.12.0-124.22.1.el10_1] +- ASoC: Intel: sof_sdw: Add quirks for Lenovo P1 and P16 (CKI Backport Bot) [RHEL-130550] +- tls: wait for pending async decryptions if tls_strp_msg_hold fails (CKI Backport Bot) [RHEL-128866] {CVE-2025-40176} +- sched/deadline: Fix RT task potential starvation when expiry time passed (CKI Backport Bot) [RHEL-124660] +Resolves: RHEL-124660, RHEL-128866, RHEL-130550 + * Thu Dec 04 2025 CKI KWF Bot [6.12.0-124.21.1.el10_1] - CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129282] {CVE-2025-38499} - net: tun: Update napi->skb after XDP process (CKI Backport Bot) [RHEL-122247] {CVE-2025-39984} diff --git a/kernel.spec b/kernel.spec index 40969cff9..7abdeea34 100644 --- a/kernel.spec +++ b/kernel.spec @@ -176,15 +176,15 @@ Summary: The Linux kernel %define specrpmversion 6.12.0 %define specversion 6.12.0 %define patchversion 6.12 -%define pkgrelease 124.21.1 +%define pkgrelease 124.27.1 %define kversion 6 -%define tarfile_release 6.12.0-124.21.1.el10_1 +%define tarfile_release 6.12.0-124.27.1.el10_1 # This is needed to do merge window version magic %define patchlevel 12 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 124.21.1%{?buildid}%{?dist} +%define specrelease 124.27.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.12.0-124.21.1.el10_1 +%define kabiversion 6.12.0-124.27.1.el10_1 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -4389,14 +4389,14 @@ fi\ # # %changelog -* Mon Dec 22 2025 Eduard Abdullin - 6.12.0-124.21.1 +* Tue Jan 13 2026 Eduard Abdullin - 6.12.0-124.27.1 - Debrand for AlmaLinux OS - Use AlmaLinux OS secure boot cert -* Mon Dec 22 2025 Neal Gompa - 6.12.0-124.21.1 +* Tue Jan 13 2026 Neal Gompa - 6.12.0-124.27.1 - Enable Btrfs support for all kernel variants -* Mon Dec 22 2025 Andrew Lukoshko - 6.12.0-124.21.1 +* Tue Jan 13 2026 Andrew Lukoshko - 6.12.0-124.27.1 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 @@ -4407,6 +4407,52 @@ fi\ - kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained +* Sat Dec 27 2025 CKI KWF Bot [6.12.0-124.27.1.el10_1] +- arm64: errata: Expand speculative SSBS workaround for Cortex-A720AE (Waiman Long) [RHEL-120684] +- arm64: cputype: Add Cortex-A720AE definitions (Waiman Long) [RHEL-120684] +- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Waiman Long) [RHEL-120684] +- arm64: Add support for HIP09 Spectre-BHB mitigation (Waiman Long) [RHEL-120684] +- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Waiman Long) [RHEL-120684] +- arm64: cputype: Add MIDR_CORTEX_A76AE (Waiman Long) [RHEL-120684] +- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Waiman Long) [RHEL-120684] +- kmem/tracing: add kmem name to kmem_cache_alloc tracepoint (Charles Haithcock) [RHEL-129882] +- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (Rafael Aquini) [RHEL-128383] + +* Tue Dec 23 2025 CKI KWF Bot [6.12.0-124.26.1.el10_1] +- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CKI Backport Bot) [RHEL-137150] {CVE-2025-68287} +- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CKI Backport Bot) [RHEL-134431] {CVE-2025-40277} +- net: phylink: add lock for serializing concurrent pl->phydev writes with resolver (CKI Backport Bot) [RHEL-129812] {CVE-2025-39905} + +* Sat Dec 20 2025 CKI KWF Bot [6.12.0-124.25.1.el10_1] +- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134010] {CVE-2025-40240} +- HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 (CKI Backport Bot) [RHEL-128281] +- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CKI Backport Bot) [RHEL-124610] {CVE-2025-39806} +- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-115287] +- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-115287] +- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-115287] +- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-115287] + +* Tue Dec 16 2025 CKI KWF Bot [6.12.0-124.24.1.el10_1] +- audit: fix out-of-bounds read in audit_compare_dname_path() (Richard Guy Briggs) [RHEL-119185] {CVE-2025-39840} + +* Sat Dec 13 2025 CKI KWF Bot [6.12.0-124.23.1.el10_1] +- redhat: use RELEASE_LOCALVERSION also for dist-get-tag (Jan Stancek) +- redhat: introduce RELEASE_LOCALVERSION variable (Jan Stancek) +- iommufd: Fix race during abort for file descriptors (Eder Zulian) [RHEL-123789] {CVE-2025-39966} +- smb: client: handle lack of IPC in dfs_cache_refresh() (Paulo Alcantara) [RHEL-126227] +- mm: slub: avoid wake up kswapd in set_track_prepare (Audra Mitchell) [RHEL-125522] {CVE-2025-39843} +- dpll: zl3073x: Increase maximum size of flash utility (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Implement devlink flash callback (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Add firmware loading functionality (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Add low-level flash functions (Ivan Vecera) [RHEL-116157] +- dpll: zl3073x: Add functions to access hardware registers (Ivan Vecera) [RHEL-116157] + +* Sun Dec 07 2025 CKI KWF Bot [6.12.0-124.22.1.el10_1] +- ASoC: Intel: sof_sdw: Add quirks for Lenovo P1 and P16 (CKI Backport Bot) [RHEL-130550] +- tls: wait for pending async decryptions if tls_strp_msg_hold fails (CKI Backport Bot) [RHEL-128866] {CVE-2025-40176} +- sched/deadline: Fix RT task potential starvation when expiry time passed (CKI Backport Bot) [RHEL-124660] + * Thu Dec 04 2025 CKI KWF Bot [6.12.0-124.21.1.el10_1] - CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129282] {CVE-2025-38499} - net: tun: Update napi->skb after XDP process (CKI Backport Bot) [RHEL-122247] {CVE-2025-39984} diff --git a/sources b/sources index 594acf092..0f115244c 100644 --- a/sources +++ b/sources @@ -1,7 +1,7 @@ SHA512 (fedoraimaca.x509) = e04809394f4472c17e86d7024dee34f03fb68e82a85502fd5b00535202c72e57626a8376b2cf991b7e1e46404aa5ab8d189ebf320e0dd37d49e7efbc925c7a2e -SHA512 (kernel-abi-stablelists-6.12.0-124.21.1.el10_1.tar.xz) = 1173a03e63aaed31c49470e25a5595e7c575e0f52e2f4e14494794499e14a032a89d6c8de63deac2c3ab3e620f001d63b86b04ed0dc0e46b8b0819b48ed3c456 -SHA512 (kernel-kabi-dw-6.12.0-124.21.1.el10_1.tar.xz) = 6168c461185a588a463a5bd543a2ae6744900a8c2d5288d0aa8d239f9fc2af9be1c26c8a0d32a8c0b5f4bb5c443a3d356d85721b652f20b16b1dab02ad80a411 -SHA512 (linux-6.12.0-124.21.1.el10_1.tar.xz) = a1d01f29f01f9fbf8cda36f37524cdc6af0f5ee16d210609e9639d650f2208cec0b64901e927dba24659606101c420b68cfa08586d978748d038b77273705869 +SHA512 (kernel-abi-stablelists-6.12.0-124.27.1.el10_1.tar.xz) = 1e21f4dac3a890b799cb7d5e893e0b392be25e64e80b0c10f925a1af527cddd91042e0b5564de3ef1937e8f75ef2c2e9651b229454b04de5c6dad17f110fdc26 +SHA512 (kernel-kabi-dw-6.12.0-124.27.1.el10_1.tar.xz) = 611ffbfcc3f0ba9d89bb19cdc24437419bdd21e0d4654c2685011ca27da5817a897a8a66edbcbb6d9146d5d612cf2f20c46ea1a7b95ee127ee08ebf35f1f4652 +SHA512 (linux-6.12.0-124.27.1.el10_1.tar.xz) = 637ca356263194a3e529e8d3adbd83149b68fa5003058f43547a90b309f5d29f2033dec32f8ecc137149bc74e59547b7630fc2fddd60fa11c6e68047aa66d8e0 SHA512 (nvidiagpuoot001.x509) = b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe SHA512 (redhatsecureboot501.cer) = eb2c2d342680d4c3453d3e4f30abdd1f6b0e98292e1be0410d0163afd01552a863b70ffaabeecd6e3981cd4d167198091a837c7d70f96a3a06de2d28b3355308 SHA512 (redhatsecureboot504.cer) = d6e9b54c378769bb934ead996c1003b495bde48a17d02c8880124f36a529ef799f1e3a97202f9536c71c0d2cefe20a3532053ab73ce798ba550934eedce23ff9