diff --git a/kernel.spec b/kernel.spec index abf713e6e..64d748b30 100644 --- a/kernel.spec +++ b/kernel.spec @@ -12,7 +12,7 @@ # change below to w4T.xzdio): %define _binary_payload w3T.xzdio -%global distro_build 507 +%global distro_build 508 # Sign the x86_64 kernel for secure boot authentication %ifarch x86_64 aarch64 s390x ppc64le @@ -38,10 +38,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 507.el8 +%define pkgrelease 508.el8 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 507%{?dist} +%define specrelease 508%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2695,6 +2695,205 @@ fi # # %changelog +* Fri Aug 04 2023 Denys Vlasenko [4.18.0-508.el8] +- HID: betop: check shape of output reports (Desnes Nunes) [2212164] {CVE-2023-1073} +- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (Desnes Nunes) [2153575] {CVE-2022-45887} +- selinux: make labeled NFS work when mounted before policy load (Juraj Marcin) [1753646] +- Revert "xfs: expose the blockgc workqueue knobs publicly" (Bill O'Donnell) [2223260] +- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (Dean Nelson) [2215904] {CVE-2023-35824} +- media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (Dean Nelson) [2213142] {CVE-2023-31084} +- drm/ast: report connection status on Display Port. (Jocelyn Falempe) [2189645] +- drm/ast: Add BMC virtual connector (Jocelyn Falempe) [2189645] +- x86/cpu/amd: Add a Zenbleed fix (Waiman Long) [2226832] {CVE-2023-20593} +- x86/cpu/amd: Move the errata checking functionality up (Waiman Long) [2226832] {CVE-2023-20593} +- x86/amd: Cache debug register values in percpu variables (Waiman Long) [2226832] {CVE-2023-20593} +- x86/cpu: Restore AMD's DE_CFG MSR after resume (Waiman Long) [2226832] {CVE-2023-20593} +- x86/sev: Change snp_guest_issue_request()'s fw_err argument (John Allen) [2216284] +- virt/coco/sev-guest: Double-buffer messages (John Allen) [2216284] +- virt/coco/sev-guest: Add throttling awareness (John Allen) [2216284] +- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (John Allen) [2216284] +- virt/coco/sev-guest: Do some code style cleanups (John Allen) [2216284] +- virt/coco/sev-guest: Carve out the request issuing logic into a helper (John Allen) [2216284] +- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (John Allen) [2216284] +- virt/coco/sev-guest: Simplify extended guest request handling (John Allen) [2216284] +- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (John Allen) [2216284] +- virt/sev-guest: Return -EIO if certificate buffer is not large enough (John Allen) [2216284] +- x86/sev: Mark snp_abort() noreturn (John Allen) [2216284] +- s390/uv: Update query for secret-UVCs (Cédric Le Goater) [2111749] +- s390/uv: replace scnprintf with sysfs_emit (Cédric Le Goater) [2111749] +- s390: Add attestation query information (Cédric Le Goater) [2111749] +- s390/uvdevice: Add 'Lock Secret Store' UVC (Cédric Le Goater) [2111749] +- s390/uvdevice: Add 'List Secrets' UVC (Cédric Le Goater) [2111749] +- s390/uvdevice: Add 'Add Secret' UVC (Cédric Le Goater) [2111749] +- s390/uvdevice: Add info IOCTL (Cédric Le Goater) [2111749] +- s390/uv: Always export uv_info (Cédric Le Goater) [2111749] +- s390/kasan: support protvirt with 4-level paging (Cédric Le Goater) [2111749] +- s390/protvirt: support ultravisor without secure storage limit (Cédric Le Goater) [2111749] +- s390/protvirt: parse prot_virt option in the decompressor (Cédric Le Goater) [2111749] +- s390/mm: avoid trimming to MAX_ORDER (Cédric Le Goater) [2111749] +- net/mlx5e: TC, CT: Offload ct clear only once (Amir Tzin) [2159233] +- net/mlx5: DR, Fix wrong action data allocation in decap action (Amir Tzin) [2159233] +- net/mlx5: DR, Support SW created encap actions for FW table (Amir Tzin) [2159233] +- net/mlx5e: TC, Cleanup ct resources for nic flow (Amir Tzin) [2159233] +- net/mlx5e: TC, Add null pointer check for hardware miss support (Amir Tzin) [2159233] +- RDMA/mlx5: Fix affinity assignment (Amir Tzin) [2159233] +- RDMA/mlx5: Create an indirect flow table for steering anchor (Amir Tzin) [2159233] +- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (Amir Tzin) [2159233] +- net/mlx5: DR, Add missing mutex init/destroy in pattern manager (Amir Tzin) [2117777] +- net/mlx5: Read embedded cpu after init bit cleared (Amir Tzin) [2159233] +- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (Amir Tzin) [2159233] +- net/mlx5e: Don't attach netdev profile while handling internal error (Amir Tzin) [2159233] +- net/mlx5: Fix post parse infra to only parse every action once (Amir Tzin) [2159233] +- net/mlx5: fw_tracer, Fix event handling (Amir Tzin) [2159233] +- net/mlx5: SF, Drain health before removing device (Amir Tzin) [2159233] +- net/mlx5e: Consider internal buffers size in port buffer calculations (Amir Tzin) [2159233] +- net/mlx5e: Prevent encap offload when neigh update is running (Amir Tzin) [2159233] +- net/mlx5e: Extract remaining tunnel encap code to dedicated file (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove sample and ct limitation (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove mirror and ct limitation (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove tuple rewrite and ct limitation (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove multiple ct actions limitation (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove special handling of CT action (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove CT action reordering (Amir Tzin) [2159233] +- net/mlx5e: CT: Use per action stats (Amir Tzin) [2159233] +- net/mlx5e: TC, Move main flow attribute cleanup to helper func (Amir Tzin) [2159233] +- net/mlx5e: TC, Remove unused vf_tun variable (Amir Tzin) [2159233] +- net/mlx5e: Set default can_offload action (Amir Tzin) [2159233] +- net/mlx5: Devcom, serialize devcom registration (Amir Tzin) [2159233] +- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (Amir Tzin) [2159233] +- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (Amir Tzin) [2159233] +- net/mlx5e: Fix deadlock in tc route query code (Amir Tzin) [2159233] +- net/mlx5: Fix error message when failing to allocate device memory (Amir Tzin) [2159233] +- net/mlx5e: Use correct encap attribute during invalidation (Amir Tzin) [2159233] +- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (Amir Tzin) [2159233] +- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (Amir Tzin) [2159233] +- net/mlx5: Handle pairing of E-switch via uplink un/load APIs (Amir Tzin) [2159233] +- net/mlx5: Collect command failures data only for known commands (Amir Tzin) [2159233] +- net/mlx5e: do as little as possible in napi poll when budget is 0 (Amir Tzin) [2159233] +- net/mlx5: Use recovery timeout on sync reset flow (Amir Tzin) [2159233] +- net/mlx5: DR, Add memory statistics for domain object (Amir Tzin) [2117777] +- net/mlx5: DR, Add more info in domain dbg dump (Amir Tzin) [2117777] +- net/mlx5: DR, Calculate sync threshold of each pool according to its type (Amir Tzin) [2117777] +- net/mlx5: DR, Fix dumping of legacy modify_hdr in debug dump (Amir Tzin) [2117777] +- net/mlx5: DR, Enable patterns and arguments for supporting devices (Amir Tzin) [2117777] +- net/mlx5: DR, Add support for the pattern/arg parameters in debug dump (Amir Tzin) [2117777] +- net/mlx5: DR, Modify header action of size 1 optimization (Amir Tzin) [2117777] +- net/mlx5: DR, Support decap L3 action using pattern / arg mechanism (Amir Tzin) [2117777] +- net/mlx5: DR, Apply new accelerated modify action and decapl3 (Amir Tzin) [2117777] +- net/mlx5: DR, Add modify header argument pointer to actions attributes (Amir Tzin) [2117777] +- net/mlx5: DR, Add modify header arg pool mechanism (Amir Tzin) [2117777] +- net/mlx5: DR, Fix QP continuous allocation (Amir Tzin) [2117777] +- net/mlx5: DR, Read ICM memory into dedicated buffer (Amir Tzin) [2117777] +- net/mlx5: DR, Add support for writing modify header argument (Amir Tzin) [2117777] +- net/mlx5: DR, Add create/destroy for modify-header-argument general object (Amir Tzin) [2117777] +- net/mlx5: DR, Check for modify_header_argument device capabilities (Amir Tzin) [2117777] +- net/mlx5: DR, Split chunk allocation to HW-dependent ways (Amir Tzin) [2117777] +- net/mlx5: DR, Add cache for modify header pattern (Amir Tzin) [2117777] +- net/mlx5: DR, Move ACTION_CACHE_LINE_SIZE macro to header (Amir Tzin) [2117777] +- net/mlx5: DR, Add modify-header-pattern ICM pool (Amir Tzin) [2117777] +- net/mlx5: DR, Prepare sending new WQE type (Amir Tzin) [2117777] +- net/mlx5: Add new WQE for updating flow table (Amir Tzin) [2117777] +- net/mlx5: Add mlx5_ifc bits for modify header argument (Amir Tzin) [2117777] +- net/mlx5: DR, Set counter ID on the last STE for STEv1 TX (Amir Tzin) [2117777] +- net/mlx5e: TC, Remove redundant parse_attr argument (Amir Tzin) [2165908] +- net/mlx5e: Use a simpler comparison for uplink rep (Amir Tzin) [2165908] +- net/mlx5: Lag, Add single RDMA device in multiport mode (Amir Tzin) [2165908] +- net/mlx5: Lag, set different uplink vport metadata in multiport eswitch mode (Amir Tzin) [2165908] +- net/mlx5: E-Switch, rename bond update function to be reused (Amir Tzin) [2165908] +- net/mlx5e: TC, Add peer flow in mpesw mode (Amir Tzin) [2165908] +- net/mlx5: Lag, Control MultiPort E-Switch single FDB mode (Amir Tzin) [2165908] +- net/mlx5e: Add devlink fdb_large_groups parameter (Add missing Documentation) (Amir Tzin) [2165908] +- SUNRPC: Fix READ_PLUS crasher (Benjamin Coddington) [2218539] +- SUNRPC: Remove pointer type casts from xdr_get_next_encode_buffer() (Benjamin Coddington) [2218539] +- SUNRPC: Clean up xdr_get_next_encode_buffer() (Benjamin Coddington) [2218539] +- NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (Benjamin Coddington) [2218539] +- NFSv4.2: fix wrong shrinker_id (Benjamin Coddington) [2218539] +- svcrdma: Prevent page release when nothing was received (Benjamin Coddington) [2218539] +- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (Benjamin Coddington) [2218539] +- nfsd: fix double fget() bug in __write_ports_addfd() (Benjamin Coddington) [2218539] +- SUNRPC: Fix trace_svc_register() call site (Benjamin Coddington) [2218539] +- SUNRPC: remove the maximum number of retries in call_bind_status (Benjamin Coddington) [2218539] +- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (Benjamin Coddington) [2218539] +- NFSD: callback request does not use correct credential for AUTH_SYS (Benjamin Coddington) [2218539] +- sunrpc: only free unix grouplist after RCU settles (Benjamin Coddington) [2218539] +- nfsd: call op_release, even when op_func returns an error (Benjamin Coddington) [2218539] +- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (Benjamin Coddington) [2218539] +- SUNRPC: fix shutdown of NFS TCP client socket (Benjamin Coddington) [2218539] +- NFSv4: Fix hangs when recovering open state after a server reboot (Benjamin Coddington) [2218539] +- NFSD: Protect against filesystem freezing (Benjamin Coddington) [2218539] +- nfsd: fix race to check ls_layouts (Benjamin Coddington) [2218539] +- nfs4trace: fix state manager flag printing (Benjamin Coddington) [2218539] +- SUNRPC: ensure the matching upcall is in-flight upon downcall (Benjamin Coddington) [2218539] +- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (Benjamin Coddington) [2218539] +- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (Benjamin Coddington) [2218539] +- NFSv4.x: Fail client initialisation if state manager thread can't run (Benjamin Coddington) [2218539] +- SUNRPC: Fix missing release socket in rpc_sockname() (Benjamin Coddington) [2218539] +- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (Benjamin Coddington) [2218539] +- NFSD: Finish converting the NFSv3 GETACL result encoder (Benjamin Coddington) [2218539] +- NFSD: Finish converting the NFSv2 GETACL result encoder (Benjamin Coddington) [2218539] +- SUNRPC: Return true/false (not 1/0) from bool functions (Benjamin Coddington) [2218539] +- NFS: Fix an Oops in nfs_d_automount() (Benjamin Coddington) [2218539] +- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (Benjamin Coddington) [2218539] +- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (Benjamin Coddington) [2218539] +- NFSv4.2: Fix initialisation of struct nfs4_label (Benjamin Coddington) [2218539] +- NFSv4.2: Fix a memory stomp in decode_attr_security_label (Benjamin Coddington) [2218539] +- NFSv4.2: Always decode the security label (Benjamin Coddington) [2218539] +- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (Benjamin Coddington) [2218539] +- nfs4: Fix kmemleak when allocate slot failed (Benjamin Coddington) [2218539] +- NFSv4.2: Fixup CLONE dest file size for zero-length count (Benjamin Coddington) [2218539] +- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (Benjamin Coddington) [2218539] +- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Benjamin Coddington) [2218539] +- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Benjamin Coddington) [2218539] +- NFSv4: Fix a potential state reclaim deadlock (Benjamin Coddington) [2218539] +- NFSv4/pNFS: Always return layout stats on layout return for flexfiles (Benjamin Coddington) [2218539] +- NFSD: Fix handling of oversized NFSv4 COMPOUND requests (Benjamin Coddington) [2218539] +- nfsd: Fix a memory leak in an error handling path (Benjamin Coddington) [2218539] +- Revert "SUNRPC: Remove unreachable error condition" (Benjamin Coddington) [2218539] +- NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Benjamin Coddington) [2218539] +- SUNRPC: RPC level errors should set task->tk_rpc_status (Benjamin Coddington) [2218539] +- NFS: Fix another fsync() issue after a server reboot (Benjamin Coddington) [2218539] +- net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (Benjamin Coddington) [2218539] +- SUNRPC: Fix xdr_encode_bool() (Benjamin Coddington) [2218539] +- SUNRPC: Reinitialise the backchannel request buffers before reuse (Benjamin Coddington) [2218539] +- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (Benjamin Coddington) [2218539] +- sunrpc: fix expiry of auth creds (Benjamin Coddington) [2218539] +- pNFS/flexfiles: Report RDMA connection errors to the server (Benjamin Coddington) [2218539] +- Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" (Benjamin Coddington) [2218539] +- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Benjamin Coddington) [2218539] +- pNFS: Avoid a live lock condition in pnfs_update_layout() (Benjamin Coddington) [2218539] +- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Benjamin Coddington) [2218539] +- SUNRPC: Trap RDMA segment overflows (Benjamin Coddington) [2218539] +- nfsd: Fix null-ptr-deref in nfsd_fill_super() (Benjamin Coddington) [2218539] +- NFS: Further fixes to the writeback error handling (Benjamin Coddington) [2218539] +- NFS: clean up a needless assignment in nfs_file_write() (Benjamin Coddington) [2218539] +- NFS: remove redundant code in nfs_file_write() (Benjamin Coddington) [2218539] +- NFS: Add support for eager writes (Benjamin Coddington) [2218539] +- NFS: 'flags' field should be unsigned in struct nfs_server (Benjamin Coddington) [2218539] +- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Benjamin Coddington) [2218539] +- NFS: Memory allocation failures are not server fatal errors (Benjamin Coddington) [2218539] +- SUNRPC: Ensure that the gssproxy client can start in a connected state (Benjamin Coddington) [2218539] +- Revert "SUNRPC: Ensure gss-proxy connects on setup" (Benjamin Coddington) [2218539] +- SUNRPC: Ensure gss-proxy connects on setup (Benjamin Coddington) [2218539] +- NFSv4: Don't invalidate inode attributes on delegation return (Benjamin Coddington) [2218539] +- SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (Benjamin Coddington) [2218539] +- SUNRPC: Handle low memory situations in call_status() (Benjamin Coddington) [2218539] +- SUNRPC: Handle ENOMEM in call_transmit_status() (Benjamin Coddington) [2218539] +- SUNRPC: Fix the svc_deferred_event trace class (Benjamin Coddington) [2218539] +- NFSv4: fix open failure with O_ACCMODE flag (Benjamin Coddington) [2218539] +- NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (Benjamin Coddington) [2218539] +- NFSv4.1: Fix uninitialised variable in devicenotify (Benjamin Coddington) [2218539] +- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error (Benjamin Coddington) [2218539] +- NFS: remove unneeded check in decode_devicenotify_args() (Benjamin Coddington) [2218539] +- NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (Benjamin Coddington) [2218539] +- NFS: Do not report writeback errors in nfs_getattr() (Benjamin Coddington) [2218539] +- NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (Benjamin Coddington) [2218539] +- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Benjamin Coddington) [2218539] +- SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points (Benjamin Coddington) [2218539] +- SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point (Benjamin Coddington) [2218539] +- NFSD: Fix zero-length NFSv3 WRITEs (Benjamin Coddington) [2218539] +- NFS: Ensure the server has an up to date ctime before renaming (Benjamin Coddington) [2218539] +- NFS: Ensure the server has an up to date ctime before hardlinking (Benjamin Coddington) [2218539] + * Tue Aug 01 2023 Denys Vlasenko [4.18.0-507.el8] - Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return" (Benjamin Coddington) [2217658] - powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (Mamatha Inamdar) [2224883] diff --git a/sources b/sources index a6d6c5b20..860bfa70b 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-4.18.0-507.el8.tar.xz) = 36f19fea279f3c96fc9358353cad5a4e7e95f00c2337823b5950528c2ef09587d3f0f6bee845868559eaacf2fa71b5f69c81a37c2f88d00d539fdfbd9df2c110 -SHA512 (kernel-abi-stablelists-4.18.0-507.tar.bz2) = f81316ab80f7a51b09a8d587e399cd6419482ab9c07cec4a10af172fa35a1ad06757e8f7019b7e93f6a774a40dfed64aadff1a9bd060aeacafce00b76a50f0ad -SHA512 (kernel-kabi-dw-4.18.0-507.tar.bz2) = f7bbf94096acc33486535d9eece268c543c6a05d93ee262d64dc22b220f1cb3ff49b4cf091a5c748811c4229fdf674be4c816174575161b0ca5e457726595b32 +SHA512 (linux-4.18.0-508.el8.tar.xz) = 960b63c2e12f6dd64c1497923c8c4a75440008a7ab54a56d55ecd6638b936556bd723017df06967c7d4d62e1ff2d38fe5b5722abd3015c89f7d2991c42f6ce48 +SHA512 (kernel-abi-stablelists-4.18.0-508.tar.bz2) = e88a95d138b13c04cab15bc70e25608491330b5fb54f6234204c0001cac2c61df05a25329b1821fa4c677a2f128b9cbd36006f08ed9ff43a52ab55fd157cec02 +SHA512 (kernel-kabi-dw-4.18.0-508.tar.bz2) = f7bbf94096acc33486535d9eece268c543c6a05d93ee262d64dc22b220f1cb3ff49b4cf091a5c748811c4229fdf674be4c816174575161b0ca5e457726595b32