hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 qla4xxx: bring back deprecated PCI ids lpfc: bring back deprecated PCI ids be2iscsi: bring back deprecated PCI ids kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained NFSD: fix hang in nfsd4_shutdown_callback Use AlmaLinux OS secure boot cert Debrand for AlmaLinux OS Add KVM support for ppc64le
2025-09-04 08:23:07 +00:00 · 2025-09-04 08:23:07 +00:00 · 9a462ef014
commit 9a462ef014
parent b5b15b1989 3e8aa620af
5 changed files with 93 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-570.37.1.el9_6.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-570.37.1.el9_6.tar.bz2
-SOURCES/linux-5.14.0-570.37.1.el9_6.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-570.39.1.el9_6.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-570.39.1.el9_6.tar.bz2
+SOURCES/linux-5.14.0-570.39.1.el9_6.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509
--- a/.kernel.metadata
+++ b/.kernel.metadata
@ -1,6 +1,6 @@
-660b8d2816ee473ec550cd61535f9aa402fedf42 SOURCES/kernel-abi-stablelists-5.14.0-570.37.1.el9_6.tar.bz2
-038fbd2f9cabdc956d8a8742446db4c7e1ed07e2 SOURCES/kernel-kabi-dw-5.14.0-570.37.1.el9_6.tar.bz2
-06835b6da4fd3f6b8e2e3134b3a6c5b1942bdc0a SOURCES/linux-5.14.0-570.37.1.el9_6.tar.xz
+a1506ff1c517f8f5cf8d9a941427bd59a8b9aa6a SOURCES/kernel-abi-stablelists-5.14.0-570.39.1.el9_6.tar.bz2
+97b8e118566230b8685dbe1f354ab5a1cfa8e1e1 SOURCES/kernel-kabi-dw-5.14.0-570.39.1.el9_6.tar.bz2
+62d23933e173c6b3c78e911ace286bcd0dd549a5 SOURCES/linux-5.14.0-570.39.1.el9_6.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@ -12,7 +12,7 @@ RHEL_MINOR = 6
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 570.37.1
+RHEL_RELEASE = 570.39.1

 #
 # ZSTREAM
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@ -1,3 +1,44 @@
+* Sat Aug 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.39.1.el9_6]
+- xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CKI Backport Bot) [RHEL-109529] {CVE-2025-38500}
+- Merge: net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response [rhel-9.6.z] (Maxim Levitsky) [RHEL-58904]
+- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-102036]
+- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-102036]
+- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-102036]
+- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-102036]
+- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Thomas Huth) [RHEL-102036] {CVE-2025-37946}
+- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-102036] {CVE-2025-37974}
+- s390/pci: Fix potential double remove of hotplug slot (Thomas Huth) [RHEL-102036] {CVE-2024-56699}
+- s390/pci: remove hotplug slot when releasing the device (Thomas Huth) [RHEL-102036]
+- s390/pci: introduce lock to synchronize state of zpci_dev's (Thomas Huth) [RHEL-102036]
+- s390/pci: rename lock member in struct zpci_dev (Thomas Huth) [RHEL-102036]
+- net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107895]
+- i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105137]
+- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Mete Durlu) [RHEL-94815]
+- s390/pci: Fix handling of isolated VFs (CKI Backport Bot) [RHEL-85387]
+- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (CKI Backport Bot) [RHEL-85387]
+- s390/pci: Fix SR-IOV for PFs initially in standby (CKI Backport Bot) [RHEL-85387]
+- tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106651] {CVE-2025-38464}
+- Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-106415] {CVE-2025-22077}
+- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-106415]
+- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-106415]
+- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103555]
+Resolves: RHEL-102036, RHEL-103555, RHEL-105137, RHEL-106415, RHEL-106651, RHEL-107895, RHEL-109529, RHEL-58904, RHEL-85387, RHEL-94815
+
+* Wed Aug 20 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.38.1.el9_6]
+- net/sched: ets: use old 'nbands' while purging unused classes (CKI Backport Bot) [RHEL-107537] {CVE-2025-38350}
+- net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
+- net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107537] {CVE-2025-38107}
+- sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37953}
+- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93387] {CVE-2025-37798}
+- sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
+- sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
+- sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37932}
+- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-107630] {CVE-2025-37823}
+- i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CKI Backport Bot) [RHEL-106046] {CVE-2025-38200}
+- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-106003] {CVE-2025-38461}
+- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CKI Backport Bot) [RHEL-104273] {CVE-2025-38211}
+Resolves: RHEL-104273, RHEL-106003, RHEL-106046, RHEL-107537, RHEL-107630, RHEL-93387
+
 * Sat Aug 16 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.37.1.el9_6]
 - ice: fix eswitch code memory leak in reset scenario (CKI Backport Bot) [RHEL-108152] {CVE-2025-38417}
 - ftrace: Clean up hash direct_functions on register failures (Gregory Bell) [RHEL-105151]
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 570.37.1
+%define pkgrelease 570.39.1
 %define kversion 5
-%define tarfile_release 5.14.0-570.37.1.el9_6
+%define tarfile_release 5.14.0-570.39.1.el9_6
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 570.37.1%{?buildid}%{?dist}
+%define specrelease 570.39.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-570.37.1.el9_6
+%define kabiversion 5.14.0-570.39.1.el9_6

 #
 # End of genspec.sh variables
@ -3866,7 +3866,7 @@ fi
 #
 #
 %changelog
-* Tue Aug 26 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-570.37.1
+* Thu Sep 04 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-570.39.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@ -3878,11 +3878,50 @@ fi
  unmaintained
 - NFSD: fix hang in nfsd4_shutdown_callback

-* Tue Aug 26 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-570.37.1
+* Thu Sep 04 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-570.39.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 - Add KVM support for ppc64le

+* Sat Aug 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.39.1.el9_6]
+- xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CKI Backport Bot) [RHEL-109529] {CVE-2025-38500}
+- Merge: net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response [rhel-9.6.z] (Maxim Levitsky) [RHEL-58904]
+- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-102036]
+- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-102036]
+- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-102036]
+- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-102036]
+- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Thomas Huth) [RHEL-102036] {CVE-2025-37946}
+- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-102036] {CVE-2025-37974}
+- s390/pci: Fix potential double remove of hotplug slot (Thomas Huth) [RHEL-102036] {CVE-2024-56699}
+- s390/pci: remove hotplug slot when releasing the device (Thomas Huth) [RHEL-102036]
+- s390/pci: introduce lock to synchronize state of zpci_dev's (Thomas Huth) [RHEL-102036]
+- s390/pci: rename lock member in struct zpci_dev (Thomas Huth) [RHEL-102036]
+- net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107895]
+- i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105137]
+- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Mete Durlu) [RHEL-94815]
+- s390/pci: Fix handling of isolated VFs (CKI Backport Bot) [RHEL-85387]
+- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (CKI Backport Bot) [RHEL-85387]
+- s390/pci: Fix SR-IOV for PFs initially in standby (CKI Backport Bot) [RHEL-85387]
+- tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106651] {CVE-2025-38464}
+- Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-106415] {CVE-2025-22077}
+- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-106415]
+- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-106415]
+- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103555]
+
+* Wed Aug 20 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.38.1.el9_6]
+- net/sched: ets: use old 'nbands' while purging unused classes (CKI Backport Bot) [RHEL-107537] {CVE-2025-38350}
+- net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
+- net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107537] {CVE-2025-38107}
+- sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37953}
+- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93387] {CVE-2025-37798}
+- sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
+- sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
+- sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37932}
+- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-107630] {CVE-2025-37823}
+- i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CKI Backport Bot) [RHEL-106046] {CVE-2025-38200}
+- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-106003] {CVE-2025-38461}
+- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CKI Backport Bot) [RHEL-104273] {CVE-2025-38211}
+
 * Sat Aug 16 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.37.1.el9_6]
 - ice: fix eswitch code memory leak in reset scenario (CKI Backport Bot) [RHEL-108152] {CVE-2025-38417}
 - ftrace: Clean up hash direct_functions on register failures (Gregory Bell) [RHEL-105151]