diff --git a/.gitignore b/.gitignore index 1786c1abb..e829bb605 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ -SOURCES/kernel-abi-stablelists-5.14.0-70.17.1.el9_0.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-70.17.1.el9_0.tar.bz2 -SOURCES/linux-5.14.0-70.17.1.el9_0.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-70.22.1.el9_0.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-70.22.1.el9_0.tar.bz2 +SOURCES/linux-5.14.0-70.22.1.el9_0.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index dd63a7635..8d230e81d 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,5 +1,5 @@ -a99a235c21b77ecf630199ff7bed5e1e828937e5 SOURCES/kernel-abi-stablelists-5.14.0-70.17.1.el9_0.tar.bz2 -dac015c65e7c965a6af4fa8793a6eeecfd5fdb38 SOURCES/kernel-kabi-dw-5.14.0-70.17.1.el9_0.tar.bz2 -bd558333aae402f4cbc05d79f044ebff4377453b SOURCES/linux-5.14.0-70.17.1.el9_0.tar.xz +37bc0d1622cba71f670671aa4c090607e74eb896 SOURCES/kernel-abi-stablelists-5.14.0-70.22.1.el9_0.tar.bz2 +c9e4e74e5627beaa934cfd699b8eb15f7b65ea4c SOURCES/kernel-kabi-dw-5.14.0-70.22.1.el9_0.tar.bz2 +bc7cb80d410b8a872727af56fa493549bf21b411 SOURCES/linux-5.14.0-70.22.1.el9_0.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 698f9f603..3b72e3106 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 0 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 70.17.1 +RHEL_RELEASE = 70.22.1 # # ZSTREAM diff --git a/SOURCES/kernel-aarch64-debug-rhel.config b/SOURCES/kernel-aarch64-debug-rhel.config index f95263638..b86fc7abf 100644 --- a/SOURCES/kernel-aarch64-debug-rhel.config +++ b/SOURCES/kernel-aarch64-debug-rhel.config @@ -955,6 +955,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-aarch64-rhel.config b/SOURCES/kernel-aarch64-rhel.config index 037187b7a..8af8c013f 100644 --- a/SOURCES/kernel-aarch64-rhel.config +++ b/SOURCES/kernel-aarch64-rhel.config @@ -955,6 +955,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-ppc64le-debug-rhel.config b/SOURCES/kernel-ppc64le-debug-rhel.config index 4e60336dd..2a6b15c4c 100644 --- a/SOURCES/kernel-ppc64le-debug-rhel.config +++ b/SOURCES/kernel-ppc64le-debug-rhel.config @@ -808,6 +808,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-ppc64le-rhel.config b/SOURCES/kernel-ppc64le-rhel.config index 63d58931d..92be4f2f2 100644 --- a/SOURCES/kernel-ppc64le-rhel.config +++ b/SOURCES/kernel-ppc64le-rhel.config @@ -808,6 +808,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-s390x-debug-rhel.config b/SOURCES/kernel-s390x-debug-rhel.config index b24f3d03e..5d85b2eee 100644 --- a/SOURCES/kernel-s390x-debug-rhel.config +++ b/SOURCES/kernel-s390x-debug-rhel.config @@ -805,6 +805,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-s390x-rhel.config b/SOURCES/kernel-s390x-rhel.config index c7d68f0bc..5c85e3c87 100644 --- a/SOURCES/kernel-s390x-rhel.config +++ b/SOURCES/kernel-s390x-rhel.config @@ -805,6 +805,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-s390x-zfcpdump-rhel.config b/SOURCES/kernel-s390x-zfcpdump-rhel.config index 4a3d00669..a24676a85 100644 --- a/SOURCES/kernel-s390x-zfcpdump-rhel.config +++ b/SOURCES/kernel-s390x-zfcpdump-rhel.config @@ -810,6 +810,8 @@ CONFIG_CRYPTO_ECHAINIV=y # CONFIG_CRYPTO_ECRDSA is not set # CONFIG_CRYPTO_ESSIV is not set CONFIG_CRYPTO_FCRYPT=y +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index 5648d2d9f..1e65267c0 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -858,6 +858,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y @@ -1087,6 +1089,7 @@ CONFIG_DMA_ENGINE=y # CONFIG_DMARD09 is not set # CONFIG_DMARD10 is not set # CONFIG_DMA_RESTRICTED_POOL is not set +CONFIG_DMAR_UNITS_SUPPORTED=1024 CONFIG_DMATEST=m CONFIG_DM_CACHE=m CONFIG_DM_CACHE_SMQ=m diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index 02a4b4316..b224b2296 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -858,6 +858,8 @@ CONFIG_CRYPTO_ECHAINIV=m # CONFIG_CRYPTO_ECRDSA is not set CONFIG_CRYPTO_ESSIV=m CONFIG_CRYPTO_FCRYPT=m +# CONFIG_CRYPTO_FIPS_CUSTOM_VERSION is not set +CONFIG_CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GF128MUL=y @@ -1079,6 +1081,7 @@ CONFIG_DMA_ENGINE=y # CONFIG_DMARD09 is not set # CONFIG_DMARD10 is not set # CONFIG_DMA_RESTRICTED_POOL is not set +CONFIG_DMAR_UNITS_SUPPORTED=1024 CONFIG_DMATEST=m CONFIG_DM_CACHE=m CONFIG_DM_CACHE_SMQ=m diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index d0ee320d6..380d39868 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -121,13 +121,13 @@ Summary: The Linux kernel %define kversion 5.14 %define rpmversion 5.14.0 -%define pkgrelease 70.17.1.el9_0 +%define pkgrelease 70.22.1.el9_0 # This is needed to do merge window version magic %define patchlevel 14 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 70.17.1%{?buildid}%{?dist} +%define specrelease 70.22.1%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -677,7 +677,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.14.0-70.17.1.el9_0.tar.xz +Source0: linux-5.14.0-70.22.1.el9_0.tar.xz Source1: Makefile.rhelver @@ -1345,8 +1345,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.14.0-70.17.1.el9_0 -c -mv linux-5.14.0-70.17.1.el9_0 linux-%{KVERREL} +%setup -q -n kernel-5.14.0-70.22.1.el9_0 -c +mv linux-5.14.0-70.22.1.el9_0 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -1445,6 +1445,13 @@ done %endif %endif +# Adjust FIPS module name for RHEL +%if 0%{?rhel} +for i in *.config; do + sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i +done +%endif + cp %{SOURCE81} . OPTS="" %if %{with_configchecks} @@ -2953,6 +2960,59 @@ fi # # %changelog +* Tue Aug 02 2022 Herton R. Krzesinski [5.14.0-70.22.1.el9_0] +- PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (Myron Stowe) [2109974 2084146] +- PCI: vmd: Assign VMD IRQ domain before enumeration (Myron Stowe) [2109974 2084146] +- rhel config: Set DMAR_UNITS_SUPPORTED (Jerry Snitselaar) [2105326 2094984] +- iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2105326 2094984] + +* Tue Jul 26 2022 Herton R. Krzesinski [5.14.0-70.21.1.el9_0] +- ibmvnic: fix race between xmit and reset (Gustavo Walbon) [2103085 2061556] +- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2098251 2095440] +- scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2098251 2095440] + +* Tue Jul 19 2022 Herton R. Krzesinski [5.14.0-70.20.1.el9_0] +- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ming Lei) [2106024 2066297] {CVE-2022-0494} +- ahci: Add a generic 'controller2' RAID id (Tomas Henzl) [2099740 2078880] +- ahci: remove duplicated PCI device IDs (Tomas Henzl) [2099740 2042790] +- gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2097306 2082193] +- gfs2: buffered write prefaulting (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Variable rename (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2097306 2082193] +- iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2097306 2082193] +- iomap: iomap_write_failed fix (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2097306 2082193] +- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2097306 2082193] +- fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Make use of list_is_first (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2097306 2082193] +- gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2097306 2082193] +- gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2097306 2082193] +- gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2097306 2082193] +- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2097306 2082193] + +* Wed Jul 13 2022 Herton R. Krzesinski [5.14.0-70.19.1.el9_0] +- KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2100903 2074832] +- powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092248 2055566] +- powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092248 2055566] +- powerpc/64s/hash: Make hash faults work in NMI context (Desnes A. Nunes do Rosario) [2092253 2062762] + +* Tue Jul 05 2022 Herton R. Krzesinski [5.14.0-70.18.1.el9_0] +- NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) [2101858 2086367] +- NFSv4 only print the label when its queried (Benjamin Coddington) [2101854 2057327] +- crypto: fips - make proc files report fips module name and version (Simo Sorce) [2093384 2080499] +- net: sched: fix use-after-free in tc_new_tfilter() (Ivan Vecera) [2071707 2090410] {CVE-2022-1055} + * Tue Jun 14 2022 Herton R. Krzesinski [5.14.0-70.17.1.el9_0] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966} - thunderx nic: mark device as unmaintained (Íñigo Huguet) [2092638 2060285]