hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 qla4xxx: bring back deprecated PCI ids lpfc: bring back deprecated PCI ids be2iscsi: bring back deprecated PCI ids kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained Use AlmaLinux OS secure boot cert Debrand for AlmaLinux OS Add KVM support for ppc64le
2025-12-22 07:38:52 +00:00 · 2025-12-22 07:38:52 +00:00 · a9b9e964cd
commit a9b9e964cd
parent 7d21cac222 0d65f75330
5 changed files with 64 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-611.13.1.el9_7.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-611.13.1.el9_7.tar.bz2
-SOURCES/linux-5.14.0-611.13.1.el9_7.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-611.16.1.el9_7.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-611.16.1.el9_7.tar.bz2
+SOURCES/linux-5.14.0-611.16.1.el9_7.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509
--- a/.kernel.metadata
+++ b/.kernel.metadata
@ -1,6 +1,6 @@
-9e5df45479953a528f57f8717146c63bad358c2b SOURCES/kernel-abi-stablelists-5.14.0-611.13.1.el9_7.tar.bz2
-163e356b80c3c0b6c84ab86402ba385f20a43666 SOURCES/kernel-kabi-dw-5.14.0-611.13.1.el9_7.tar.bz2
-843af90a8e2fd626e5e36085af377c77b11dec6a SOURCES/linux-5.14.0-611.13.1.el9_7.tar.xz
+31e7f4937937748cabdb75462568d316ce8865af SOURCES/kernel-abi-stablelists-5.14.0-611.16.1.el9_7.tar.bz2
+3c2b435e3a907e78a8bd4ed79c8e00db196365b3 SOURCES/kernel-kabi-dw-5.14.0-611.16.1.el9_7.tar.bz2
+33089a9379d98a1f2d067344a45048ea32cb4939 SOURCES/linux-5.14.0-611.16.1.el9_7.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@ -12,7 +12,7 @@ RHEL_MINOR = 7
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 611.13.1
+RHEL_RELEASE = 611.16.1

 #
 # ZSTREAM
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@ -1,3 +1,30 @@
+* Sun Dec 07 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.16.1.el9_7]
+- CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129261] {CVE-2025-38499}
+- tls: wait for pending async decryptions if tls_strp_msg_hold fails (CKI Backport Bot) [RHEL-128860] {CVE-2025-40176}
+Resolves: RHEL-128860, RHEL-129261
+
+* Thu Dec 04 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.15.1.el9_7]
+- nbd: override creds to kernel when calling sock_{send,recv}msg() (Ming Lei) [RHEL-123845]
+- scsi: lpfc: avoid crashing in lpfc_nlp_get() if lpfc_nodelist was freed (Ewan D. Milne) [RHEL-127982]
+- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (Ewan D. Milne) [RHEL-127982]
+- crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Fix SNP panic notifier unregistration (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Fix dereferencing uninitialized error pointer (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Fix __sev_snp_shutdown_locked (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Move SEV/SNP Platform initialization to KVM (Lenny Szubowicz) [RHEL-70006]
+- KVM: SVM: Add support to initialize SEV/SNP functionality in KVM (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Add new SEV/SNP platform shutdown API (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Register SNP panic notifier only if SNP is enabled (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Reset TMR size at SNP Shutdown (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Abort doing SEV INIT if SNP INIT fails (Lenny Szubowicz) [RHEL-70006]
+Resolves: RHEL-123845, RHEL-127982, RHEL-70006
+
+* Tue Dec 02 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.14.1.el9_7]
+- iommufd: Fix race during abort for file descriptors (Eder Zulian) [RHEL-123786] {CVE-2025-39966}
+Resolves: RHEL-123786
+
 * Sat Nov 29 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.13.1.el9_7]
 - can: j1939: add missing calls in NETDEV_UNREGISTER notification handler (CKI Backport Bot) [RHEL-124105] {CVE-2025-39925}
 - can: j1939: implement NETDEV_UNREGISTER notification handler (CKI Backport Bot) [RHEL-124105] {CVE-2025-39925}
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 611.13.1
+%define pkgrelease 611.16.1
 %define kversion 5
-%define tarfile_release 5.14.0-611.13.1.el9_7
+%define tarfile_release 5.14.0-611.16.1.el9_7
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 611.13.1%{?buildid}%{?dist}
+%define specrelease 611.16.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-611.13.1.el9_7
+%define kabiversion 5.14.0-611.16.1.el9_7

 #
 # End of genspec.sh variables
@ -3768,7 +3768,7 @@ fi
 #
 #
 %changelog
-* Thu Dec 11 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.13.1
+* Mon Dec 22 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-611.16.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@ -3779,11 +3779,35 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
  unmaintained

-* Thu Dec 11 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.13.1
+* Mon Dec 22 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-611.16.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 - Add KVM support for ppc64le

+* Sun Dec 07 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.16.1.el9_7]
+- CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129261] {CVE-2025-38499}
+- tls: wait for pending async decryptions if tls_strp_msg_hold fails (CKI Backport Bot) [RHEL-128860] {CVE-2025-40176}
+
+* Thu Dec 04 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.15.1.el9_7]
+- nbd: override creds to kernel when calling sock_{send,recv}msg() (Ming Lei) [RHEL-123845]
+- scsi: lpfc: avoid crashing in lpfc_nlp_get() if lpfc_nodelist was freed (Ewan D. Milne) [RHEL-127982]
+- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (Ewan D. Milne) [RHEL-127982]
+- crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Fix SNP panic notifier unregistration (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Fix dereferencing uninitialized error pointer (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Fix __sev_snp_shutdown_locked (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Move SEV/SNP Platform initialization to KVM (Lenny Szubowicz) [RHEL-70006]
+- KVM: SVM: Add support to initialize SEV/SNP functionality in KVM (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Add new SEV/SNP platform shutdown API (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Register SNP panic notifier only if SNP is enabled (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Reset TMR size at SNP Shutdown (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown (Lenny Szubowicz) [RHEL-70006]
+- crypto: ccp - Abort doing SEV INIT if SNP INIT fails (Lenny Szubowicz) [RHEL-70006]
+
+* Tue Dec 02 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.14.1.el9_7]
+- iommufd: Fix race during abort for file descriptors (Eder Zulian) [RHEL-123786] {CVE-2025-39966}
+
 * Sat Nov 29 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.13.1.el9_7]
 - can: j1939: add missing calls in NETDEV_UNREGISTER notification handler (CKI Backport Bot) [RHEL-124105] {CVE-2025-39925}
 - can: j1939: implement NETDEV_UNREGISTER notification handler (CKI Backport Bot) [RHEL-124105] {CVE-2025-39925}