diff --git a/Makefile.rhelver b/Makefile.rhelver index acae56662..a51a0b73c 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 2 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 130 +RHEL_RELEASE = 131 # # RHEL_REBASE_NUM diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config index 149230fc9..f9b717709 100644 --- a/kernel-aarch64-64k-debug-rhel.config +++ b/kernel-aarch64-64k-debug-rhel.config @@ -5460,6 +5460,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config index adddeb50c..841ebd0b9 100644 --- a/kernel-aarch64-64k-rhel.config +++ b/kernel-aarch64-64k-rhel.config @@ -5437,6 +5437,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 5678c2b7a..ddc385d0e 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -5456,6 +5456,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 2dde47d10..291c2d2b1 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -5433,6 +5433,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-rt-64k-debug-rhel.config b/kernel-aarch64-rt-64k-debug-rhel.config index 9fe409544..b044c61f1 100644 --- a/kernel-aarch64-rt-64k-debug-rhel.config +++ b/kernel-aarch64-rt-64k-debug-rhel.config @@ -5507,6 +5507,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-rt-64k-rhel.config b/kernel-aarch64-rt-64k-rhel.config index a564c1f25..76e0ad26b 100644 --- a/kernel-aarch64-rt-64k-rhel.config +++ b/kernel-aarch64-rt-64k-rhel.config @@ -5484,6 +5484,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config index cf9662829..e6e66657e 100644 --- a/kernel-aarch64-rt-debug-rhel.config +++ b/kernel-aarch64-rt-debug-rhel.config @@ -5503,6 +5503,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config index 537582583..a6c7c4756 100644 --- a/kernel-aarch64-rt-rhel.config +++ b/kernel-aarch64-rt-rhel.config @@ -5480,6 +5480,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index c5c7ddcef..9d3969d67 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -5011,6 +5011,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index d24b9f01c..1632acc4b 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -4990,6 +4990,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-riscv64-debug-rhel.config b/kernel-riscv64-debug-rhel.config index cd2eda028..81dc88223 100644 --- a/kernel-riscv64-debug-rhel.config +++ b/kernel-riscv64-debug-rhel.config @@ -4925,6 +4925,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-riscv64-rhel.config b/kernel-riscv64-rhel.config index a06a11de5..098364d93 100644 --- a/kernel-riscv64-rhel.config +++ b/kernel-riscv64-rhel.config @@ -4904,6 +4904,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index dda212cc5..b5df9f888 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -4950,6 +4950,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y # CONFIG_REALTEK_PHY is not set # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 8219d055a..0e835e665 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -4929,6 +4929,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y # CONFIG_REALTEK_PHY is not set # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 4743d4920..d9b0810a9 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -4941,6 +4941,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y # CONFIG_REALTEK_PHY is not set # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index a8c9f2f78..cb7a0e77d 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -5278,6 +5278,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index cca765ed3..f4a4fba0f 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -5256,6 +5256,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index f99f7beb1..44c0c4899 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -5325,6 +5325,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 0f392c79d..45d501037 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -5303,6 +5303,7 @@ CONFIG_RD_ZSTD=y # CONFIG_READABLE_ASM is not set # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_REALTEK_AUTOPM=y +CONFIG_REALTEK_PHY_HWMON=y CONFIG_REALTEK_PHY=m # CONFIG_REED_SOLOMON_TEST is not set # CONFIG_REGMAP_BUILD is not set diff --git a/kernel.changelog b/kernel.changelog index 8f6dd9acb..fea9c7e41 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,38 @@ +* Wed Sep 17 2025 Scott Weaver [6.12.0-131.el10] +- config: new config in drivers/phy (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: remove unsed RTL821x_PHYSR* macros (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: make HWMON support a user-visible Kconfig symbol (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: HWMON support for standalone versions of RTL8221B and RTL8251 (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: add hwmon support for temp sensor on RTL822x (Izabela Bakollari) [RHEL-106145] +- x86/hyperv: Fix kdump on Azure CVMs (Vitaly Kuznetsov) [RHEL-75576] +- cpupower: Improve Python binding's Makefile (John B. Wyatt IV) [RHEL-91191] +- cpupower: change binding's makefile to use -lcpupower (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: Add missing residency header changes in cpuidle.h to SWIG (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: Add header changes for cpufreq.h to SWIG bindings (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: Add install and uninstall options to bindings makefile (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: bindings: Add test to confirm cpu state is disabled (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: bindings: Improve disable c_state block (John B. Wyatt IV) [RHEL-91191] +- cxl: core/region - ignore interleave granularity when ways=1 (John W. Linville) [RHEL-107880] +- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112787] {CVE-2025-38352} +- netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [RHEL-106441] {CVE-2025-38472} +- netfilter: nf_tables: hide clash bit from userspace (Florian Westphal) [RHEL-106441] +- selftests: netfilter: conntrack_resize.sh: extend resize test (Florian Westphal) [RHEL-106441] +- redhat: Explicitly disable 'hostonly' mode on the dracut cmdline (Vitaly Kuznetsov) [RHEL-109610] +- redhat: Directly use 'ukify' for building the UKI (Vitaly Kuznetsov) [RHEL-109610] +- redhat: Add SBAT to the UKI unconditionally (Vitaly Kuznetsov) [RHEL-109610] +- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [RHEL-111072] {CVE-2025-38566} +- dpll: add reserved fields to dpll_device_ops and dpll_pin_ops structs (Ivan Vecera) [RHEL-111905] +- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110814] {CVE-2025-38571} +- i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105134] +- kselftests/mm: fix khugepaged build broken (Chunyu Hu) [RHEL-112084] +- iommu/virtio: Make instance lookup robust (Eric Auger) [RHEL-108207] +- enic: fix incorrect MTU comparison in enic_change_mtu() (CKI Backport Bot) [RHEL-108262] +- net/enic: Allow at least 8 RQs to always be used (CKI Backport Bot) [RHEL-108262] +- ixgbe: prevent from unwanted interface name changes (CKI Backport Bot) [RHEL-109604] +- devlink: let driver opt out of automatic phys_port_name generation (CKI Backport Bot) [RHEL-109604] +- redhat: set defaults for RHEL 10.1 (Julio Faracco) +Resolves: RHEL-106145, RHEL-75576, RHEL-91191 + * Mon Sep 15 2025 CKI KWF Bot [6.12.0-130.el10] - selftests/ftrace: Use readelf to find entry point in uprobe test (Anubhav Shelat) [RHEL-87219] - ublk selftests: add --no_ublk_fixed_fd for not using registered ublk char device (Ming Lei) [RHEL-106845] @@ -1096,6 +1131,28 @@ Resolves: RHEL-101827, RHEL-102692, RHEL-104142, RHEL-104442, RHEL-110366, RHEL- - redhat: bump RHEL_MINOR for 10.2 (Scott Weaver) Resolves: RHEL-102876, RHEL-104319, RHEL-104327, RHEL-105599, RHEL-105606, RHEL-95630 +* Mon Sep 08 2025 Julio Faracco [6.12.0-124.1.1.el10_1] +- cxl: core/region - ignore interleave granularity when ways=1 (John W. Linville) [RHEL-107880] +- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112787] {CVE-2025-38352} +- netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [RHEL-106441] {CVE-2025-38472} +- netfilter: nf_tables: hide clash bit from userspace (Florian Westphal) [RHEL-106441] +- selftests: netfilter: conntrack_resize.sh: extend resize test (Florian Westphal) [RHEL-106441] +- redhat: Explicitly disable 'hostonly' mode on the dracut cmdline (Vitaly Kuznetsov) [RHEL-109610] +- redhat: Directly use 'ukify' for building the UKI (Vitaly Kuznetsov) [RHEL-109610] +- redhat: Add SBAT to the UKI unconditionally (Vitaly Kuznetsov) [RHEL-109610] +- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [RHEL-111072] {CVE-2025-38566} +- dpll: add reserved fields to dpll_device_ops and dpll_pin_ops structs (Ivan Vecera) [RHEL-111905] +- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110814] {CVE-2025-38571} +- i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105134] +- kselftests/mm: fix khugepaged build broken (Chunyu Hu) [RHEL-112084] +- iommu/virtio: Make instance lookup robust (Eric Auger) [RHEL-108207] +- enic: fix incorrect MTU comparison in enic_change_mtu() (CKI Backport Bot) [RHEL-108262] +- net/enic: Allow at least 8 RQs to always be used (CKI Backport Bot) [RHEL-108262] +- ixgbe: prevent from unwanted interface name changes (CKI Backport Bot) [RHEL-109604] +- devlink: let driver opt out of automatic phys_port_name generation (CKI Backport Bot) [RHEL-109604] +- redhat: set defaults for RHEL 10.1 (Julio Faracco) +Resolves: RHEL-105134, RHEL-106441, RHEL-107880, RHEL-108207, RHEL-108262, RHEL-109604, RHEL-109610, RHEL-110814, RHEL-111072, RHEL-111905, RHEL-112084, RHEL-112787 + * Thu Aug 21 2025 CKI KWF Bot [6.12.0-124.el10] - ACPI: PRM: Reduce unnecessary printing to avoid user confusion (Frank Liang) [RHEL-107449] - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Meneghini) [RHEL-41234] diff --git a/kernel.spec b/kernel.spec index 46f6acc51..7cc915660 100644 --- a/kernel.spec +++ b/kernel.spec @@ -108,6 +108,17 @@ Summary: The Linux kernel %global signkernel 0 %endif +# RHEL/CentOS/Fedora specific .SBAT entries +%if 0%{?centos} +%global sbat_suffix centos +%else +%if 0%{?fedora} +%global sbat_suffix fedora +%else +%global sbat_suffix rhel +%endif +%endif + # Sign modules on all arches %global signmodules 1 @@ -165,15 +176,15 @@ Summary: The Linux kernel %define specrpmversion 6.12.0 %define specversion 6.12.0 %define patchversion 6.12 -%define pkgrelease 130 +%define pkgrelease 131 %define kversion 6 -%define tarfile_release 6.12.0-130.el10 +%define tarfile_release 6.12.0-131.el10 # This is needed to do merge window version magic %define patchlevel 12 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 130%{?buildid}%{?dist} +%define specrelease 131%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.12.0-130.el10 +%define kabiversion 6.12.0-131.el10 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -991,6 +1002,9 @@ Source77: partial-clang_lto-aarch64-debug-snip.config Source80: generate_all_configs.sh Source81: process_configs.sh +Source83: uki.sbat.template +Source84: uki-addons.sbat.template + Source86: dracut-virt.conf Source87: flavors @@ -1979,6 +1993,10 @@ rm -f localversion-next localversion-rt Documentation \ scripts/clang-tools 2> /dev/null +# SBAT data +sed -e s,@KVER,%{KVERREL}, -e s,@SBAT_SUFFIX,%{sbat_suffix}, %{SOURCE83} > uki.sbat +sed -e s,@KVER,%{KVERREL}, -e s,@SBAT_SUFFIX,%{sbat_suffix}, %{SOURCE84} > uki-addons.sbat + # only deal with configs if we are going to build for the arch %ifnarch %nobuildarches @@ -2739,41 +2757,30 @@ BuildKernel() { SBATsuffix="rhel" %endif %endif - SBAT=$(cat <<- EOF - linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com - EOF - ) - - ADDONS_SBAT=$(cat <<- EOF - sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md - kernel-uki-virt-addons.$SBATsuffix,1,Red Hat,kernel-uki-virt-addons,$KernelVer,mailto:secalert@redhat.com - EOF - ) - KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + KernelUnifiedInitrd="$KernelUnifiedImageDir/$InstallName-virt.img" mkdir -p $KernelUnifiedImageDir dracut --conf=%{SOURCE86} \ --confdir=$(mktemp -d) \ + --no-hostonly \ --verbose \ --kver "$KernelVer" \ --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ --logfile=$(mktemp) \ - --uefi \ -%if 0%{?rhel} && !0%{?eln} - --sbat "$SBAT" \ -%endif - --kernel-image $(realpath $KernelImage) \ - --kernel-cmdline 'console=tty0 console=ttyS0' \ - $KernelUnifiedImage + $KernelUnifiedInitrd + + ukify build --linux $(realpath $KernelImage) --initrd $KernelUnifiedInitrd \ + --sbat @uki.sbat --os-release @/etc/os-release --uname $KernelVer \ + --cmdline 'console=tty0 console=ttyS0' --output $KernelUnifiedImage + + rm -f $KernelUnifiedInitrd KernelAddonsDirOut="$KernelUnifiedImage.extra.d" mkdir -p $KernelAddonsDirOut - python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDirOut virt %{primary_target} %{_target_cpu} "$ADDONS_SBAT" + python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDirOut virt %{primary_target} %{_target_cpu} @uki-addons.sbat %if %{signkernel} %{log_msg "Sign the EFI UKI kernel"} @@ -4339,6 +4346,40 @@ fi\ # # %changelog +* Wed Sep 17 2025 Scott Weaver [6.12.0-131.el10] +- config: new config in drivers/phy (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: remove unsed RTL821x_PHYSR* macros (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: make HWMON support a user-visible Kconfig symbol (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: HWMON support for standalone versions of RTL8221B and RTL8251 (Izabela Bakollari) [RHEL-106145] +- net: phy: realtek: add hwmon support for temp sensor on RTL822x (Izabela Bakollari) [RHEL-106145] +- x86/hyperv: Fix kdump on Azure CVMs (Vitaly Kuznetsov) [RHEL-75576] +- cpupower: Improve Python binding's Makefile (John B. Wyatt IV) [RHEL-91191] +- cpupower: change binding's makefile to use -lcpupower (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: Add missing residency header changes in cpuidle.h to SWIG (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: Add header changes for cpufreq.h to SWIG bindings (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: Add install and uninstall options to bindings makefile (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: bindings: Add test to confirm cpu state is disabled (John B. Wyatt IV) [RHEL-91191] +- pm: cpupower: bindings: Improve disable c_state block (John B. Wyatt IV) [RHEL-91191] +- cxl: core/region - ignore interleave granularity when ways=1 (John W. Linville) [RHEL-107880] +- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112787] {CVE-2025-38352} +- netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [RHEL-106441] {CVE-2025-38472} +- netfilter: nf_tables: hide clash bit from userspace (Florian Westphal) [RHEL-106441] +- selftests: netfilter: conntrack_resize.sh: extend resize test (Florian Westphal) [RHEL-106441] +- redhat: Explicitly disable 'hostonly' mode on the dracut cmdline (Vitaly Kuznetsov) [RHEL-109610] +- redhat: Directly use 'ukify' for building the UKI (Vitaly Kuznetsov) [RHEL-109610] +- redhat: Add SBAT to the UKI unconditionally (Vitaly Kuznetsov) [RHEL-109610] +- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [RHEL-111072] {CVE-2025-38566} +- dpll: add reserved fields to dpll_device_ops and dpll_pin_ops structs (Ivan Vecera) [RHEL-111905] +- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110814] {CVE-2025-38571} +- i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105134] +- kselftests/mm: fix khugepaged build broken (Chunyu Hu) [RHEL-112084] +- iommu/virtio: Make instance lookup robust (Eric Auger) [RHEL-108207] +- enic: fix incorrect MTU comparison in enic_change_mtu() (CKI Backport Bot) [RHEL-108262] +- net/enic: Allow at least 8 RQs to always be used (CKI Backport Bot) [RHEL-108262] +- ixgbe: prevent from unwanted interface name changes (CKI Backport Bot) [RHEL-109604] +- devlink: let driver opt out of automatic phys_port_name generation (CKI Backport Bot) [RHEL-109604] +- redhat: set defaults for RHEL 10.1 (Julio Faracco) + * Mon Sep 15 2025 CKI KWF Bot [6.12.0-130.el10] - selftests/ftrace: Use readelf to find entry point in uprobe test (Anubhav Shelat) [RHEL-87219] - ublk selftests: add --no_ublk_fixed_fd for not using registered ublk char device (Ming Lei) [RHEL-106845] diff --git a/sources b/sources index aa0e613ef..3deb3266f 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.12.0-130.el10.tar.xz) = 2f0f9cb6b791b4df3c4c2fd27efa61629638c238ab5fd0d0df74b44f31647f3b7e5e9729ef81f46850d62a0453b4b50de39112c1f89010d55d9a7176e64d15fd -SHA512 (kernel-abi-stablelists-6.12.0-130.el10.tar.xz) = 8f1844b808c2a14c17ec544f2944cdd375be17cf8a4ef4f06f72bd874da1b5ef999ffc1e0602708d4a03e7f39b2a368e755cc439d0ea75a5a166c5255686df7a -SHA512 (kernel-kabi-dw-6.12.0-130.el10.tar.xz) = 0d24668aad41af9d5b7f05612f96e1816fafcb735a0e16b5a5bb6edd500ba37adaaa52001291171898503ea12f6ad79f0204e4aa44f64caa65e929a2f51acd65 +SHA512 (linux-6.12.0-131.el10.tar.xz) = 9c0aed2b7e5ffce2b716435e21bcd8a443dcb924a9e657ee3d1e5c7431244c88480cd66d9cd48298a161c85d74756886140f102bd778f6d3b7df9d3291d6e352 +SHA512 (kernel-abi-stablelists-6.12.0-131.el10.tar.xz) = 6467a9d57ff9b3c99a5dcb5a0ae005e2d5573b11f165802c21b2481fe2dfa8002933fa4dcd996e833b1cf0c2551bb2dd1ee25b68f57b83c36ad49e0a4633fe6e +SHA512 (kernel-kabi-dw-6.12.0-131.el10.tar.xz) = 9f27202676bcc6d1433bffc323c9e340cedf9a3bab6c27159576306b7ec139c290d27adfd4fd97d78d351ad5363907b5f31994dc727dc0fd40a50dcf28f2c5e0 diff --git a/uki-addons.sbat.template b/uki-addons.sbat.template new file mode 100644 index 000000000..b83d5cdb6 --- /dev/null +++ b/uki-addons.sbat.template @@ -0,0 +1,2 @@ +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md +kernel-uki-virt-addons.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt-addons,@KVER,mailto:secalert@redhat.com diff --git a/uki.sbat.template b/uki.sbat.template new file mode 100644 index 000000000..8d2530dff --- /dev/null +++ b/uki.sbat.template @@ -0,0 +1,2 @@ +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md +kernel-uki-virt.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt,@KVER,mailto:secalert@redhat.com