import CS git kernel-4.18.0-553.139.1.el8_10
This commit is contained in:
parent
5bdbf03a1e
commit
b2a966913a
2
.gitignore
vendored
2
.gitignore
vendored
@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
|
||||
SOURCES/centossecurebootca2.cer
|
||||
SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
|
||||
SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
|
||||
SOURCES/linux-4.18.0-553.137.1.el8_10.tar.xz
|
||||
SOURCES/linux-4.18.0-553.139.1.el8_10.tar.xz
|
||||
SOURCES/redhatsecureboot302.cer
|
||||
SOURCES/redhatsecureboot303.cer
|
||||
SOURCES/redhatsecureboot501.cer
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
|
||||
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
|
||||
bb7d4bbbd1393e2b627aab61aaa91391ad242d4c SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
|
||||
fe101aded575c0f2888b021e9575ff8bf2b2bcbd SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
|
||||
7d1942313819f9a71a4d327c7a71758d2114f901 SOURCES/linux-4.18.0-553.137.1.el8_10.tar.xz
|
||||
01f536d6c4d739d91dccb30d23ed66059f7b6863 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
|
||||
37a0c01e60bb7aa700be883e371fadf0f3043dba SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
|
||||
8025202b3e62117a3a5c189c12f8b9c103e68058 SOURCES/linux-4.18.0-553.139.1.el8_10.tar.xz
|
||||
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
|
||||
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
|
||||
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
|
||||
|
||||
@ -3230,6 +3230,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||
CONFIG_EFI=y
|
||||
CONFIG_EFIVAR_FS=y
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_EFI_STUB=y
|
||||
CONFIG_EFI_VARS=y
|
||||
CONFIG_EFI_VARS_PSTORE=y
|
||||
|
||||
@ -3259,6 +3259,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||
CONFIG_EFI=y
|
||||
CONFIG_EFIVAR_FS=y
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_EFI_STUB=y
|
||||
CONFIG_EFI_VARS=y
|
||||
CONFIG_EFI_VARS_PSTORE=y
|
||||
|
||||
@ -2900,6 +2900,7 @@ CONFIG_EEPROM_AT24=m
|
||||
CONFIG_EEPROM_LEGACY=m
|
||||
CONFIG_EEPROM_MAX6875=m
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_ENABLE_MUST_CHECK=y
|
||||
CONFIG_ENCLOSURE_SERVICES=m
|
||||
CONFIG_ENCRYPTED_KEYS=y
|
||||
|
||||
@ -2926,6 +2926,7 @@ CONFIG_EEPROM_AT24=m
|
||||
CONFIG_EEPROM_LEGACY=m
|
||||
CONFIG_EEPROM_MAX6875=m
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_ENABLE_MUST_CHECK=y
|
||||
CONFIG_ENCLOSURE_SERVICES=m
|
||||
CONFIG_ENCRYPTED_KEYS=y
|
||||
|
||||
@ -3006,6 +3006,7 @@ CONFIG_EDAC_GHES=y
|
||||
CONFIG_EDAC_LEGACY_SYSFS=y
|
||||
CONFIG_EDAC_PND2=m
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_ENABLE_MUST_CHECK=y
|
||||
CONFIG_ENCLOSURE_SERVICES=m
|
||||
CONFIG_ENCRYPTED_KEYS=m
|
||||
|
||||
@ -3175,6 +3175,7 @@ CONFIG_EDAC_GHES=y
|
||||
CONFIG_EDAC_LEGACY_SYSFS=y
|
||||
CONFIG_EDAC_PND2=m
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_ELF_CORE=y
|
||||
CONFIG_ENABLE_MUST_CHECK=y
|
||||
CONFIG_ENCLOSURE_SERVICES=y
|
||||
|
||||
@ -3034,6 +3034,7 @@ CONFIG_EDAC_GHES=y
|
||||
CONFIG_EDAC_LEGACY_SYSFS=y
|
||||
CONFIG_EDAC_PND2=m
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_ENABLE_MUST_CHECK=y
|
||||
CONFIG_ENCLOSURE_SERVICES=m
|
||||
CONFIG_ENCRYPTED_KEYS=m
|
||||
|
||||
@ -3012,6 +3012,7 @@ CONFIG_EFI_MIXED=y
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_RCI2_TABLE=y
|
||||
CONFIG_EFI_RUNTIME_MAP=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_EFI_STUB=y
|
||||
CONFIG_EFI_VARS=y
|
||||
CONFIG_EFI_VARS_PSTORE=y
|
||||
|
||||
@ -3040,6 +3040,7 @@ CONFIG_EFI_MIXED=y
|
||||
CONFIG_EFI_PARTITION=y
|
||||
CONFIG_EFI_RCI2_TABLE=y
|
||||
CONFIG_EFI_RUNTIME_MAP=y
|
||||
CONFIG_EFI_SBAT_FILE=""
|
||||
CONFIG_EFI_STUB=y
|
||||
CONFIG_EFI_VARS=y
|
||||
CONFIG_EFI_VARS_PSTORE=y
|
||||
|
||||
2
SOURCES/kernel.sbat.template
Normal file
2
SOURCES/kernel.sbat.template
Normal file
@ -0,0 +1,2 @@
|
||||
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
|
||||
kernel.@SBAT_SUFFIX,1,Red Hat,kernel-core,@KVER,mailto:secalert@redhat.com
|
||||
@ -21,6 +21,17 @@
|
||||
%global signkernel 0
|
||||
%endif
|
||||
|
||||
# RHEL/CentOS/Fedora specific .SBAT entries
|
||||
%if 0%{?centos}
|
||||
%global sbat_suffix centos
|
||||
%else
|
||||
%if 0%{?fedora}
|
||||
%global sbat_suffix fedora
|
||||
%else
|
||||
%global sbat_suffix rhel
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# Sign modules on all arches
|
||||
%global signmodules 1
|
||||
|
||||
@ -38,10 +49,10 @@
|
||||
# define buildid .local
|
||||
|
||||
%define specversion 4.18.0
|
||||
%define pkgrelease 553.137.1.el8_10
|
||||
%define pkgrelease 553.139.1.el8_10
|
||||
|
||||
# allow pkg_release to have configurable %%{?dist} tag
|
||||
%define specrelease 553.137.1%{?dist}
|
||||
%define specrelease 553.139.1%{?dist}
|
||||
|
||||
%define pkg_release %{specrelease}%{?buildid}
|
||||
|
||||
@ -483,6 +494,7 @@ Source17: mod-blacklist.sh
|
||||
Source18: mod-sign.sh
|
||||
Source19: mod-extra.list
|
||||
Source80: parallel_xz.sh
|
||||
Source85: kernel.sbat.template
|
||||
Source90: filter-x86_64.sh
|
||||
Source93: filter-aarch64.sh
|
||||
Source96: filter-ppc64le.sh
|
||||
@ -1142,6 +1154,9 @@ pathfix.py -i %{__python3} -p -n \
|
||||
|
||||
%define make make %{?cross_opts} HOSTCFLAGS="%{?build_hostcflags}" HOSTLDFLAGS="%{?build_hostldflags}"
|
||||
|
||||
# SBAT data
|
||||
sed -e s,@KVER,%{KVERREL}, -e s,@SBAT_SUFFIX,%{sbat_suffix}, %{SOURCE85} > kernel.sbat
|
||||
|
||||
# only deal with configs if we are going to build for the arch
|
||||
%ifnarch %nobuildarches
|
||||
|
||||
@ -1184,6 +1199,7 @@ cat secureboot.pem >> ../certs/rhel.pem
|
||||
%endif
|
||||
for i in *.config; do
|
||||
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
|
||||
sed -i 's@CONFIG_EFI_SBAT_FILE=""@CONFIG_EFI_SBAT_FILE="kernel.sbat"@' $i
|
||||
done
|
||||
%endif
|
||||
%endif
|
||||
@ -2707,6 +2723,21 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Jun 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.139.1.el8_10]
|
||||
- NFS: improve "Server wrote zero bytes" error (Olga Kornievskaia) [RHEL-147665]
|
||||
|
||||
* Wed Jun 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.138.1.el8_10]
|
||||
- redhat: Temporary stop adding 'kernel' component to SBAT (Thomas Huth) [RHEL-182788]
|
||||
- redhat: Switch to implicit enablement of CONFIG_EFI_SBAT_FILE (Thomas Huth) [RHEL-182788]
|
||||
- redhat: Add SBAT information to Linux kernel (Thomas Huth) [RHEL-182788]
|
||||
- x86/boot: Handle relative CONFIG_EFI_SBAT_FILE file paths (Thomas Huth) [RHEL-182788]
|
||||
- x86/efi: Implement support for embedding SBAT data for x86 (Thomas Huth) [RHEL-182788]
|
||||
- redhat: Add Kconfig switch for embedding SBAT section (Thomas Huth) [RHEL-182788]
|
||||
- gfs2: Fix use-after-free in iomap inline data write path (Andrew Price) [RHEL-179596] {CVE-2026-45984}
|
||||
- gfs2: Add metapath_dibh helper (Andrew Price) [RHEL-179596] {CVE-2026-45984}
|
||||
- RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path (CKI Backport Bot) [RHEL-179963] {CVE-2026-46189}
|
||||
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CKI Backport Bot) [RHEL-165556] {CVE-2026-23216}
|
||||
|
||||
* Fri Jun 19 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.137.1.el8_10]
|
||||
- selinux: RHEL-only hotfix for execmem regression (Ondrej Mosnacek) [RHEL-179435] {CVE-2026-46054}
|
||||
- selinux: fix overlayfs mmap() and mprotect() access checks (Ondrej Mosnacek) [RHEL-179435] {CVE-2026-46054}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user