diff --git a/.gitignore b/.gitignore index 348b8fb63..105ff739f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -SOURCES/kernel-abi-stablelists-5.14.0-611.30.1.el9_7.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-611.30.1.el9_7.tar.bz2 -SOURCES/linux-5.14.0-611.30.1.el9_7.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-611.34.1.el9_7.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-611.34.1.el9_7.tar.bz2 +SOURCES/linux-5.14.0-611.34.1.el9_7.tar.xz SOURCES/nvidiagpuoot001.x509 SOURCES/olima1.x509 SOURCES/olimaca1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 30f1c985d..60bce5e62 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,6 +1,6 @@ -40a33215f3219cf1805059712587a479900af57b SOURCES/kernel-abi-stablelists-5.14.0-611.30.1.el9_7.tar.bz2 -b798bb2cabb08f43d60107a82700e71373dd72f5 SOURCES/kernel-kabi-dw-5.14.0-611.30.1.el9_7.tar.bz2 -52afe54cbd876ae20218f10dfa859013446ad881 SOURCES/linux-5.14.0-611.30.1.el9_7.tar.xz +5ab939eea09cfa5db98090517935d36150bc47d0 SOURCES/kernel-abi-stablelists-5.14.0-611.34.1.el9_7.tar.bz2 +5301e72f2e3cdd7c3e8823c483b691edfef16053 SOURCES/kernel-kabi-dw-5.14.0-611.34.1.el9_7.tar.bz2 +50a0d5932c2f138f6c62d43a6742d46cd0a8cc0b SOURCES/linux-5.14.0-611.34.1.el9_7.tar.xz 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index f1119ce4e..cd2d0ea68 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 7 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 611.30.1 +RHEL_RELEASE = 611.34.1 # # ZSTREAM diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog index 71b99a8b0..12ee34f06 100644 --- a/SOURCES/kernel.changelog +++ b/SOURCES/kernel.changelog @@ -1,3 +1,32 @@ +* Sat Feb 07 2026 CKI KWF Bot [5.14.0-611.34.1.el9_7] +- scsi: storvsc: Process unsupported MODE_SENSE_10 (Li Tian) [RHEL-145183] +- smb: client: Add tracepoint for krb5 auth (Paulo Alcantara) [RHEL-127498] +- smb: client: improve error message when creating SMB session (Paulo Alcantara) [RHEL-127498] +- smb: client: relax session and tcon reconnect attempts (Paulo Alcantara) [RHEL-127498] +- cifs: #include cifsglob.h before trace.h to allow structs in tracepoints (Paulo Alcantara) [RHEL-127498] +- smc: Fix use-after-free in __pnet_find_base_ndev(). (Mete Durlu) [RHEL-126890] {CVE-2025-40064} +Resolves: RHEL-126890, RHEL-127498, RHEL-145183 + +* Thu Feb 05 2026 CKI KWF Bot [5.14.0-611.33.1.el9_7] +- i40e: avoid redundant VF link state updates (CKI Backport Bot) [RHEL-141877] +- x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT (Paolo Bonzini) [RHEL-128030] +- x86/sev: Evict cache lines during SNP memory validation (Paolo Bonzini) [RHEL-128030] +- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Myron Stowe) [RHEL-132891] {CVE-2023-53034} +- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137683] {CVE-2025-40304} +- crypto: iaa - Optimize rebalance_wq_table() (Jay Shin) [RHEL-137272] +- fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136942] {CVE-2025-40322} +- bpf: Do not audit capability check in do_jit() (Jay Shin) [RHEL-135137] +Resolves: RHEL-128030, RHEL-132891, RHEL-135137, RHEL-136942, RHEL-137272, RHEL-137683, RHEL-141877 + +* Tue Feb 03 2026 CKI KWF Bot [5.14.0-611.32.1.el9_7] +- svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142790] {CVE-2025-68811} +- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CKI Backport Bot) [RHEL-140260] {CVE-2025-68349} +Resolves: RHEL-140260, RHEL-142790 + +* Sat Jan 31 2026 CKI KWF Bot [5.14.0-611.31.1.el9_7] +- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CKI Backport Bot) [RHEL-144332] {CVE-2026-22998} +Resolves: RHEL-144332 + * Thu Jan 29 2026 CKI KWF Bot [5.14.0-611.30.1.el9_7] - io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137329] {CVE-2025-38730} - io_uring/kbuf: add io_kbuf_commit() helper (Jeff Moyer) [RHEL-137329] diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index b3eed73e9..3b316897f 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 611.30.1 +%define pkgrelease 611.34.1 %define kversion 5 -%define tarfile_release 5.14.0-611.30.1.el9_7 +%define tarfile_release 5.14.0-611.34.1.el9_7 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 611.30.1%{?buildid}%{?dist} +%define specrelease 611.34.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-611.30.1.el9_7 +%define kabiversion 5.14.0-611.34.1.el9_7 # # End of genspec.sh variables @@ -3771,7 +3771,7 @@ fi # # %changelog -* Wed Feb 11 2026 Andrew Lukoshko - 5.14.0-611.30.1 +* Wed Feb 18 2026 Andrew Lukoshko - 5.14.0-611.34.1 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 @@ -3782,11 +3782,36 @@ fi - kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained -* Wed Feb 11 2026 Eduard Abdullin - 5.14.0-611.30.1 +* Wed Feb 18 2026 Eduard Abdullin - 5.14.0-611.34.1 - Use AlmaLinux OS secure boot cert - Debrand for AlmaLinux OS - Add KVM support for ppc64le +* Sat Feb 07 2026 CKI KWF Bot [5.14.0-611.34.1.el9_7] +- scsi: storvsc: Process unsupported MODE_SENSE_10 (Li Tian) [RHEL-145183] +- smb: client: Add tracepoint for krb5 auth (Paulo Alcantara) [RHEL-127498] +- smb: client: improve error message when creating SMB session (Paulo Alcantara) [RHEL-127498] +- smb: client: relax session and tcon reconnect attempts (Paulo Alcantara) [RHEL-127498] +- cifs: #include cifsglob.h before trace.h to allow structs in tracepoints (Paulo Alcantara) [RHEL-127498] +- smc: Fix use-after-free in __pnet_find_base_ndev(). (Mete Durlu) [RHEL-126890] {CVE-2025-40064} + +* Thu Feb 05 2026 CKI KWF Bot [5.14.0-611.33.1.el9_7] +- i40e: avoid redundant VF link state updates (CKI Backport Bot) [RHEL-141877] +- x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT (Paolo Bonzini) [RHEL-128030] +- x86/sev: Evict cache lines during SNP memory validation (Paolo Bonzini) [RHEL-128030] +- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Myron Stowe) [RHEL-132891] {CVE-2023-53034} +- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137683] {CVE-2025-40304} +- crypto: iaa - Optimize rebalance_wq_table() (Jay Shin) [RHEL-137272] +- fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136942] {CVE-2025-40322} +- bpf: Do not audit capability check in do_jit() (Jay Shin) [RHEL-135137] + +* Tue Feb 03 2026 CKI KWF Bot [5.14.0-611.32.1.el9_7] +- svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142790] {CVE-2025-68811} +- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CKI Backport Bot) [RHEL-140260] {CVE-2025-68349} + +* Sat Jan 31 2026 CKI KWF Bot [5.14.0-611.31.1.el9_7] +- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CKI Backport Bot) [RHEL-144332] {CVE-2026-22998} + * Thu Jan 29 2026 CKI KWF Bot [5.14.0-611.30.1.el9_7] - io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137329] {CVE-2025-38730} - io_uring/kbuf: add io_kbuf_commit() helper (Jeff Moyer) [RHEL-137329]