|
|
@ -37,11 +37,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
# define buildid .local
|
|
|
|
# define buildid .local
|
|
|
|
|
|
|
|
|
|
|
|
%define rpmversion 4.18.0
|
|
|
|
%define specversion 4.18.0
|
|
|
|
%define pkgrelease 513.9.1.el8_9
|
|
|
|
%define pkgrelease 513.11.1.el8_9
|
|
|
|
|
|
|
|
|
|
|
|
# allow pkg_release to have configurable %%{?dist} tag
|
|
|
|
# allow pkg_release to have configurable %%{?dist} tag
|
|
|
|
%define specrelease 513.9.1%{?dist}
|
|
|
|
%define specrelease 513.11.1%{?dist}
|
|
|
|
|
|
|
|
|
|
|
|
%define pkg_release %{specrelease}%{?buildid}
|
|
|
|
%define pkg_release %{specrelease}%{?buildid}
|
|
|
|
|
|
|
|
|
|
|
@ -324,11 +324,24 @@
|
|
|
|
%define initrd_prereq dracut >= 027
|
|
|
|
%define initrd_prereq dracut >= 027
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# EuroLinux override
|
|
|
|
|
|
|
|
# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
|
|
|
|
|
|
|
|
# we have to change this here
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%define with_doc 1
|
|
|
|
|
|
|
|
%define with_kabichk 1
|
|
|
|
|
|
|
|
%define with_kernel_abi_whitelists 1
|
|
|
|
|
|
|
|
%global signkernel 0
|
|
|
|
|
|
|
|
%global signmodules 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# End of EuroLinux override
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Name: kernel%{?variant}
|
|
|
|
Name: kernel%{?variant}
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
License: GPLv2 and Redistributable, no modification permitted
|
|
|
|
License: GPLv2 and Redistributable, no modification permitted
|
|
|
|
URL: http://www.kernel.org/
|
|
|
|
URL: http://www.kernel.org/
|
|
|
|
Version: %{rpmversion}
|
|
|
|
Version: %{specversion}
|
|
|
|
Release: %{pkg_release}
|
|
|
|
Release: %{pkg_release}
|
|
|
|
Summary: The Linux kernel, based on version %{version}, heavily modified with backports
|
|
|
|
Summary: The Linux kernel, based on version %{version}, heavily modified with backports
|
|
|
|
%if %{with_realtime}
|
|
|
|
%if %{with_realtime}
|
|
|
@ -435,7 +448,7 @@ BuildRequires: xmlto
|
|
|
|
BuildRequires: asciidoc
|
|
|
|
BuildRequires: asciidoc
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz
|
|
|
|
Source0: linux-%{specversion}-%{pkgrelease}.tar.xz
|
|
|
|
|
|
|
|
|
|
|
|
Source9: x509.genkey
|
|
|
|
Source9: x509.genkey
|
|
|
|
|
|
|
|
|
|
|
@ -522,8 +535,8 @@ Source211: Module.kabi_dup_ppc64le
|
|
|
|
Source212: Module.kabi_dup_s390x
|
|
|
|
Source212: Module.kabi_dup_s390x
|
|
|
|
Source213: Module.kabi_dup_x86_64
|
|
|
|
Source213: Module.kabi_dup_x86_64
|
|
|
|
|
|
|
|
|
|
|
|
Source300: kernel-abi-stablelists-%{rpmversion}-%{distro_build}.tar.bz2
|
|
|
|
Source300: kernel-abi-stablelists-%{specversion}-%{distro_build}.tar.bz2
|
|
|
|
Source301: kernel-kabi-dw-%{rpmversion}-%{distro_build}.tar.bz2
|
|
|
|
Source301: kernel-kabi-dw-%{specversion}-%{distro_build}.tar.bz2
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_realtime}
|
|
|
|
%if %{with_realtime}
|
|
|
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml
|
|
|
|
|
|
|
|
|
|
|
|
# empty final patch to facilitate testing of kernel patches
|
|
|
|
# empty final patch to facilitate testing of kernel patches
|
|
|
|
Patch999999: linux-kernel-test.patch
|
|
|
|
Patch999999: linux-kernel-test.patch
|
|
|
|
|
|
|
|
Patch1000: debrand-rh-i686-cpu.patch
|
|
|
|
|
|
|
|
Patch1002: debrand-single-cpu.patch
|
|
|
|
|
|
|
|
Patch1003: debrand-specific-versions-of-hardware.patch
|
|
|
|
|
|
|
|
|
|
|
|
# END OF PATCH DEFINITIONS
|
|
|
|
# END OF PATCH DEFINITIONS
|
|
|
|
|
|
|
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
|
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
%description
|
|
|
|
This is the package which provides the Linux %{name} for Red Hat Enterprise
|
|
|
|
This is the package which provides the Linux %{name} for EuroLinux.
|
|
|
|
Linux. It is based on upstream Linux at version %{version} and maintains kABI
|
|
|
|
It is based on upstream Linux at version %{version} and maintains kABI
|
|
|
|
compatibility of a set of approved symbols, however it is heavily modified with
|
|
|
|
compatibility of a set of approved symbols, however it is heavily modified with
|
|
|
|
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
|
|
|
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
|
|
|
this is not a %{version} kernel anymore: it includes several components which come
|
|
|
|
this is not a %{version} kernel anymore: it includes several components which come
|
|
|
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
|
|
|
|
core. Some of the components/backports that may be pulled in are: changes like
|
|
|
|
core. Some of the components/backports that may be pulled in are: changes like
|
|
|
|
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
|
|
|
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
|
|
|
fixes and features), updates to block layer, supported filesystems, major driver
|
|
|
|
fixes and features), updates to block layer, supported filesystems, major driver
|
|
|
|
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
|
|
|
|
updates for supported hardware in EuroLinux, enhancements for
|
|
|
|
enterprise customers, etc.
|
|
|
|
enterprise customers, etc.
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
@ -569,8 +585,8 @@ enterprise customers, etc.
|
|
|
|
# macros defined above.
|
|
|
|
# macros defined above.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
%define kernel_reqprovconf \
|
|
|
|
%define kernel_reqprovconf \
|
|
|
|
Provides: %{name} = %{rpmversion}-%{pkg_release}\
|
|
|
|
Provides: %{name} = %{specversion}-%{pkg_release}\
|
|
|
|
Provides: %{name}-%{_target_cpu} = %{rpmversion}-%{pkg_release}%{?1:+%{1}}\
|
|
|
|
Provides: %{name}-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:+%{1}}\
|
|
|
|
Provides: kernel-drm-nouveau = 16\
|
|
|
|
Provides: kernel-drm-nouveau = 16\
|
|
|
|
Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
|
|
|
Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
|
|
|
Requires(pre): %{kernel_prereq}\
|
|
|
|
Requires(pre): %{kernel_prereq}\
|
|
|
@ -613,8 +629,8 @@ Group: Development/System
|
|
|
|
Obsoletes: glibc-kernheaders < 3.0-46
|
|
|
|
Obsoletes: glibc-kernheaders < 3.0-46
|
|
|
|
Provides: glibc-kernheaders = 3.0-46
|
|
|
|
Provides: glibc-kernheaders = 3.0-46
|
|
|
|
%if "0%{?variant}"
|
|
|
|
%if "0%{?variant}"
|
|
|
|
Obsoletes: kernel-headers < %{rpmversion}-%{pkg_release}
|
|
|
|
Obsoletes: kernel-headers < %{specversion}-%{pkg_release}
|
|
|
|
Provides: kernel-headers = %{rpmversion}-%{pkg_release}
|
|
|
|
Provides: kernel-headers = %{specversion}-%{pkg_release}
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
%description headers
|
|
|
|
%description headers
|
|
|
|
Kernel-headers includes the C header files that specify the interface
|
|
|
|
Kernel-headers includes the C header files that specify the interface
|
|
|
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
%package -n %{name}-abi-stablelists
|
|
|
|
%package -n %{name}-abi-stablelists
|
|
|
|
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
|
|
|
Summary: The EuroLinux kernel ABI symbol stablelists
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
AutoReqProv: no
|
|
|
|
AutoReqProv: no
|
|
|
|
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
|
|
|
|
Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
|
|
|
|
Provides: %{name}-abi-whitelists
|
|
|
|
Provides: %{name}-abi-whitelists
|
|
|
|
%description -n %{name}-abi-stablelists
|
|
|
|
%description -n %{name}-abi-stablelists
|
|
|
|
The kABI package contains information pertaining to the Red Hat Enterprise
|
|
|
|
The kABI package contains information pertaining to the EuroLinux
|
|
|
|
Linux kernel ABI, including lists of kernel symbols that are needed by
|
|
|
|
kernel ABI, including lists of kernel symbols that are needed by
|
|
|
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
|
|
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_kabidw_base}
|
|
|
|
%if %{with_kabidw_base}
|
|
|
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
AutoReqProv: no
|
|
|
|
AutoReqProv: no
|
|
|
|
%description kernel-kabidw-base-internal
|
|
|
|
%description kernel-kabidw-base-internal
|
|
|
|
The package contains data describing the current ABI of the Red Hat Enterprise
|
|
|
|
The package contains data describing the current ABI of the EuroLinux
|
|
|
|
Linux kernel, suitable for the kabi-dw tool.
|
|
|
|
kernel, suitable for the kabi-dw tool.
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
@ -898,7 +914,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
|
|
|
AutoReq: no\
|
|
|
|
AutoReq: no\
|
|
|
|
AutoProv: yes\
|
|
|
|
AutoProv: yes\
|
|
|
|
%description %{?1:%{1}-}modules-internal\
|
|
|
|
%description %{?1:%{1}-}modules-internal\
|
|
|
|
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
|
|
|
|
This package provides kernel modules for the %{?2:%{2} }kernel package for EuroLinux internal usage.\
|
|
|
|
%{nil}
|
|
|
|
%{nil}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
@ -1070,7 +1086,7 @@ ApplyPatch()
|
|
|
|
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
|
|
|
|
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
|
|
|
|
if [ "${patch:0:8}" != "patch-4." ] ; then
|
|
|
|
if [ "${patch:0:8}" != "patch-4." ] ; then
|
|
|
|
echo "ERROR: Patch $patch not listed as a source patch in specfile"
|
|
|
|
echo "ERROR: Patch $patch not listed as a source patch in specfile"
|
|
|
|
exit 1
|
|
|
|
# exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi 2>/dev/null
|
|
|
|
fi 2>/dev/null
|
|
|
|
case "$patch" in
|
|
|
|
case "$patch" in
|
|
|
@ -1095,11 +1111,14 @@ ApplyOptionalPatch()
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
%setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c
|
|
|
|
%setup -q -n %{name}-%{specversion}-%{pkgrelease} -c
|
|
|
|
mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
|
|
|
|
mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
|
|
|
|
|
|
|
|
|
|
|
|
cd linux-%{KVERREL}
|
|
|
|
cd linux-%{KVERREL}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ApplyOptionalPatch debrand-single-cpu.patch
|
|
|
|
|
|
|
|
#ApplyOptionalPatch debrand-rh_taint.patch
|
|
|
|
|
|
|
|
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
|
|
|
ApplyOptionalPatch linux-kernel-test.patch
|
|
|
|
ApplyOptionalPatch linux-kernel-test.patch
|
|
|
|
|
|
|
|
|
|
|
|
# END OF PATCH APPLICATIONS
|
|
|
|
# END OF PATCH APPLICATIONS
|
|
|
@ -1184,7 +1203,7 @@ done
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
cp %{SOURCE42} .
|
|
|
|
cp %{SOURCE42} .
|
|
|
|
./process_configs.sh -w -c %{name} %{rpmversion} %{?cross_opts}
|
|
|
|
./process_configs.sh -w -c %{name} %{specversion} %{?cross_opts}
|
|
|
|
|
|
|
|
|
|
|
|
# end of kernel config
|
|
|
|
# end of kernel config
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
@ -1750,20 +1769,20 @@ BuildKernel() {
|
|
|
|
# build a BLS config for this kernel
|
|
|
|
# build a BLS config for this kernel
|
|
|
|
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
|
|
|
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
|
|
|
|
|
|
|
|
|
|
|
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
|
|
|
# # EuroLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
|
|
|
# mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
|
|
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
# install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
%ifarch s390x ppc64le
|
|
|
|
# %ifarch s390x ppc64le
|
|
|
|
if [ $DoModules -eq 1 ]; then
|
|
|
|
# if [ $DoModules -eq 1 ]; then
|
|
|
|
if [ -x /usr/bin/rpm-sign ]; then
|
|
|
|
# if [ -x /usr/bin/rpm-sign ]; then
|
|
|
|
install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
# install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
else
|
|
|
|
# else
|
|
|
|
install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
# install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
# openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
# chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
fi
|
|
|
|
# fi
|
|
|
|
fi
|
|
|
|
# fi
|
|
|
|
%endif
|
|
|
|
# %endif
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_ipaclones}
|
|
|
|
%if %{with_ipaclones}
|
|
|
|
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
|
|
|
|
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
|
|
|
@ -1990,7 +2009,7 @@ find Documentation -type d | xargs chmod u+w
|
|
|
|
cd linux-%{KVERREL}
|
|
|
|
cd linux-%{KVERREL}
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_doc}
|
|
|
|
%if %{with_doc}
|
|
|
|
docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}
|
|
|
|
docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}
|
|
|
|
|
|
|
|
|
|
|
|
# copy the source over
|
|
|
|
# copy the source over
|
|
|
|
mkdir -p $docdir
|
|
|
|
mkdir -p $docdir
|
|
|
@ -2467,9 +2486,9 @@ fi
|
|
|
|
%if %{with_doc}
|
|
|
|
%if %{with_doc}
|
|
|
|
%files doc
|
|
|
|
%files doc
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation/*
|
|
|
|
%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation/*
|
|
|
|
%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation
|
|
|
|
%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation
|
|
|
|
%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}
|
|
|
|
%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_perf}
|
|
|
|
%if %{with_perf}
|
|
|
@ -2696,6 +2715,125 @@ fi
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
%changelog
|
|
|
|
%changelog
|
|
|
|
|
|
|
|
* Fri Jan 12 2024 EuroLinux Autopatch <devel@euro-linux.com>
|
|
|
|
|
|
|
|
- Added Patch: debrand-rh-i686-cpu.patch
|
|
|
|
|
|
|
|
--> i686 info debrand
|
|
|
|
|
|
|
|
- Added Patch: debrand-single-cpu.patch
|
|
|
|
|
|
|
|
--> Single cpu debrand
|
|
|
|
|
|
|
|
- Added Patch: debrand-specific-versions-of-hardware.patch
|
|
|
|
|
|
|
|
--> Specific versions of hardware debrand
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9]
|
|
|
|
|
|
|
|
- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)
|
|
|
|
|
|
|
|
- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]
|
|
|
|
|
|
|
|
- KVM: x86: Add SBPB support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- KVM: x86: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/CPU/AMD: Remove amd_get_topology_early() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Add IBPB (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/microcode/AMD: Load late on both threads too (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86/returnthunk: Allow different return thunks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- x86: Sanitize linker script (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- objtool: Fix .return_sites generation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
|
|
|
|
|
|
|
|
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Nov 24 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.10.1.el8_9]
|
|
|
|
|
|
|
|
- pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (Scott Mayhew) [RHEL-16407 RHEL-4969]
|
|
|
|
|
|
|
|
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
|
|
|
|
|
|
|
|
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
|
|
|
|
|
|
|
|
- KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Peter Xu) [RHEL-15121 RHEL-7210]
|
|
|
|
|
|
|
|
- netfilter: conntrack: Fix gre tunneling over ipv6 (Florian Westphal) [RHEL-15259 RHEL-12497]
|
|
|
|
|
|
|
|
- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8443 RHEL-8444] {CVE-2023-42753}
|
|
|
|
|
|
|
|
- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-15096 RHEL-15023]
|
|
|
|
|
|
|
|
- redhat: change builder image to rhel-8.9 (Michael Hofmann)
|
|
|
|
|
|
|
|
- net: openvswitch: add support for l4 symmetric hashing (Antoine Tenart) [RHEL-12746 RHEL-10498]
|
|
|
|
|
|
|
|
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16388 RHEL-2574] {CVE-2023-4622}
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
|
|
|
|
* Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
|
|
|
|
- ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
|
|
|
|
- ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
|
|
|
|
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}
|
|
|
|
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}
|
|
|
|