diff --git a/.gitignore b/.gitignore index 10069becc..ea4902827 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -SOURCES/linux-4.18.0-553.36.1.el8_10.tar.xz +SOURCES/linux-4.18.0-553.37.1.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index c4d69f491..ec90926e9 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -df51cff5c8126dfe870be3afb36a4034169d61f2 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 +1f4f89b5b4bd3524972b94a4e23ab2bb75365ecf SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 618f2302d26295e300718d59e8551a0cdfc98022 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -0299b75ce8b241f8faeb6b265d7710b456876db7 SOURCES/linux-4.18.0-553.36.1.el8_10.tar.xz +b8f0276361a2dd1946eed22193b0419b3f3eb722 SOURCES/linux-4.18.0-553.37.1.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SOURCES/almalinuxsecurebootca0.cer b/SOURCES/almalinuxsecurebootca0.cer index 6a4e99b9e..d086cd53c 100644 Binary files a/SOURCES/almalinuxsecurebootca0.cer and b/SOURCES/almalinuxsecurebootca0.cer differ diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch deleted file mode 100644 index d39bf1a11..000000000 --- a/SOURCES/debrand-rh_taint.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/kernel/rh_taint.c 2020-10-16 10:41:51.000000000 -0500 -+++ b/kernel/rh_taint.c 2020-11-19 10:50:24.853039167 -0600 -@@ -2,12 +2,12 @@ - #include - - /* -- * The following functions are used by Red Hat to indicate to users that -- * hardware and drivers are unsupported, or have limited support in RHEL major -+ * The following functions are used by AlmaLinux to indicate to users that -+ * hardware and drivers are unsupported, or have limited support in AlmaLinux major - * and minor releases. These functions output loud warning messages to the end - * user and should be USED WITH CAUTION. - * -- * Any use of these functions _MUST_ be documented in the RHEL Release Notes, -+ * Any use of these functions _MUST_ be documented in the AlmaLinux Release Notes, - * and have approval of management. - */ - -@@ -16,15 +16,15 @@ - * @msg: Hardware name, class, or type - * - * Called to mark a device, class of devices, or types of devices as not having -- * support in any RHEL minor release. This does not TAINT the kernel. Red Hat -- * will not fix bugs against this hardware in this minor release. Red Hat may -+ * support in any AlmaLinux minor release. This does not TAINT the kernel. AlmaLinux -+ * will not fix bugs against this hardware in this minor release. AlmaLinux may - * declare support in a future major or minor update release. This cannot be - * used to mark drivers unsupported. - */ - void mark_hardware_unsupported(const char *msg) - { - /* Print one single message */ -- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); -+ pr_crit("Warning: %s - this hardware has not undergone testing by AlmaLinux and might not be certified.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_unsupported); - -@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported) - * Called to minimize the support status of a previously supported device in - * a minor release. This does not TAINT the kernel. Marking hardware - * deprecated is usually done in conjunction with the hardware vendor. Future -- * RHEL major releases may not include this driver. Driver updates and fixes -+ * AlmaLinux major releases may not include this driver. Driver updates and fixes - * for this device will be limited to critical issues in future minor releases. - */ - void mark_hardware_deprecated(const char *msg) - { -- pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); -+ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this AlmaLinux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact AlmaLinux Support or your device's hardware vendor for additional information.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_deprecated); - -@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated); - * - * Called to minimize the support status of a new driver. This does TAINT the - * kernel. Calling this function indicates that the driver or subsystem has -- * had limited testing and is not marked for full support within this RHEL -- * minor release. The next RHEL minor release may contain full support for -- * this driver. Red Hat does not guarantee that bugs reported against this -+ * had limited testing and is not marked for full support within this AlmaLinux -+ * minor release. The next AlmaLinux minor release may contain full support for -+ * this driver. AlmaLinux does not guarantee that bugs reported against this - * driver or subsystem will be resolved. - */ - void mark_tech_preview(const char *msg, struct module *mod) -@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview); - * mark_driver_unsupported - drivers that we know we don't want to support - * @name: the name of the driver - * -- * In some cases Red Hat has chosen to build a driver for internal QE -+ * In some cases AlmaLinux has chosen to build a driver for internal QE - * use. Use this function to mark those drivers as unsupported for - * customers. - */ - void mark_driver_unsupported(const char *name) - { -- pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", -+ pr_crit("Warning: %s - This driver has not undergone sufficient testing by AlmaLinux for this release and therefore cannot be used in production systems.\n", - name ? name : "kernel"); - } - EXPORT_SYMBOL(mark_driver_unsupported); diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 6ad9f94eb..e145fc639 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.36.1.el8_10 +%define pkgrelease 553.37.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.36.1%{?dist} +%define specrelease 553.37.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -347,6 +347,7 @@ Requires: rt-setup %endif %endif + # # List the packages used during the kernel build # @@ -456,6 +457,8 @@ Source11: almalinuxsecurebootca0.cer %define secureboot_key_0 %{SOURCE10} %define pesign_name_0 almalinuxsecurebootca0 + + Source17: mod-blacklist.sh Source18: mod-sign.sh Source19: mod-extra.list @@ -517,17 +520,18 @@ Source4000: gating.yaml # rpminspect config Source4001: rpminspect.yaml +# AlmaLinux Source Source9000: almalinux.pem +Source9001: almalinuxsecurebootca0.cer ## Patches needed for building this package # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +# AlmaLinux Patch Patch1000: debrand-single-cpu.patch Patch1002: debrand-rh-i686-cpu.patch - -# Bring back deprecated PCI ids #CFHack #CFHack2024 Patch2001: 0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch Patch2002: 0002-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch Patch2003: 0003-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch @@ -985,8 +989,8 @@ Provides: %{name}-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ Provides: installonlypkg(kernel)\ %if "%{?1}" == ""\ Provides: almalinux(kernel-sig-key) = 202303\ -Conflicts: shim-ia32 <= 15.6-1.el8.alma\ -Conflicts: shim-x64 <= 15.6-1.el8.alma\ +Conflicts: shim-ia32 < 15.8-4.el8_9.alma.2\ +Conflicts: shim-x64 < 15.8-4.el8_9.alma.2\ %endif\ %{expand:%%kernel_reqprovconf}\ %if %{?1:1} %{!?1:0} \ @@ -1100,9 +1104,11 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch +ApplyOptionalPatch linux-kernel-test.patch +# Applying AlmaLinux Patch +ApplyPatch debrand-single-cpu.patch +ApplyPatch debrand-rh-i686-cpu.patch ApplyPatch 0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch ApplyPatch 0002-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch ApplyPatch 0003-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch @@ -1112,8 +1118,6 @@ ApplyPatch 0006-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch ApplyPatch 0007-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch ApplyPatch 0008-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch -ApplyOptionalPatch linux-kernel-test.patch - # END OF PATCH APPLICATIONS # Any further pre-build tree manipulations happen here. @@ -2705,6 +2709,28 @@ fi # # %changelog +* Thu Feb 06 2025 Andrei Lukoshko - 4.18.0-553.37.1 +- hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 +- mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 +- megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 +- qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 +- qla4xxx: bring back deprecated PCI ids +- lpfc: bring back deprecated PCI ids +- be2iscsi: bring back deprecated PCI ids +- kernel/rh_messages.h: enable all disabled pci devices by moving to + unmaintained + +* Thu Feb 06 2025 Eduard Abdullin - 4.18.0-553.37.1 +- Use AlmaLinux OS secure boot cert +- Debrand for AlmaLinux OS + +* Fri Jan 17 2025 Denys Vlasenko [4.18.0-553.37.1.el8_10] +- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-71535] {CVE-2024-50275} +- scsi: core: Handle devices which return an unusually large VPD page count (Ewan D. Milne) [RHEL-34275] +- scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-34275] +- scsi: core: Consult supported VPD page list prior to fetching page (Ewan D. Milne) [RHEL-34275] +- NFSv4: Fix dropped lock for racing OPEN and delegation return (Benjamin Coddington) [RHEL-73889] + * Thu Jan 09 2025 Denys Vlasenko [4.18.0-553.36.1.el8_10] - cpufreq: intel_pstate: Support Emerald Rapids OOB mode (David Arcari) [RHEL-59649] - scsi: st: New session only when Unit Attention for new tape (John Meneghini) [RHEL-28790] @@ -4219,16 +4245,6 @@ fi - NFSv4.1: fix zero value filehandle in post open getattr (Scott Mayhew) [RHEL-7994] - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994] -* Wed Mar 13 2024 Andrew Lukoshko [4.18.0-544.el8] -- hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 -- mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 -- megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 -- qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 -- qla4xxx: bring back deprecated PCI ids -- lpfc: bring back deprecated PCI ids -- be2iscsi: bring back deprecated PCI ids -- kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained - * Thu Feb 22 2024 Denys Vlasenko [4.18.0-544.el8] - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-23386] {CVE-2021-33631} - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Charles Mirabile) [RHEL-24019]