diff --git a/.gitignore b/.gitignore index 935876175..28eb6cf39 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -SOURCES/kernel-abi-stablelists-5.14.0-611.9.1.el9_7.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-611.9.1.el9_7.tar.bz2 -SOURCES/linux-5.14.0-611.9.1.el9_7.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-611.11.1.el9_7.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-611.11.1.el9_7.tar.bz2 +SOURCES/linux-5.14.0-611.11.1.el9_7.tar.xz SOURCES/nvidiagpuoot001.x509 SOURCES/olima1.x509 SOURCES/olimaca1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 3bb0488a1..c1d6b9a09 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,6 +1,6 @@ -80932c91094c1eb960fe0ce6a80d82af35e4f5af SOURCES/kernel-abi-stablelists-5.14.0-611.9.1.el9_7.tar.bz2 -88b33b037ebd091b82f91d4d23b5198e1a40dc09 SOURCES/kernel-kabi-dw-5.14.0-611.9.1.el9_7.tar.bz2 -0ebeddf4ed7c8c9a942ce2922bae115f03d601b9 SOURCES/linux-5.14.0-611.9.1.el9_7.tar.xz +2aaa40bfaee793fa4df6b75caa147355efc480e1 SOURCES/kernel-abi-stablelists-5.14.0-611.11.1.el9_7.tar.bz2 +f339878c31937f9c59a20cd6b166fbdf2420e599 SOURCES/kernel-kabi-dw-5.14.0-611.11.1.el9_7.tar.bz2 +016e35a8e71d18fef6341de8510918467f9063eb SOURCES/linux-5.14.0-611.11.1.el9_7.tar.xz 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 539e233e1..16279dd4e 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 7 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 611.9.1 +RHEL_RELEASE = 611.11.1 # # ZSTREAM diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog index f3ea02828..0d14f5e71 100644 --- a/SOURCES/kernel.changelog +++ b/SOURCES/kernel.changelog @@ -1,3 +1,27 @@ +* Tue Nov 25 2025 CKI KWF Bot [5.14.0-611.11.1.el9_7] +- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Antoine Tenart) [RHEL-120668] +- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Antoine Tenart) [RHEL-120668] {CVE-2025-39955} +- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Fix sparse errors (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Fix possible UAFs (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: hci_sync: fix set_local_name race condition (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: set_mesh: update LE scan interval and window (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Protect mgmt_pending list with its own lock (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- wifi: mt76: free pending offchannel tx frames on wcid cleanup (Jose Ignacio Tornos Martinez) [RHEL-123064] +- wifi: mt76: do not add non-sta wcid entries to the poll list (Jose Ignacio Tornos Martinez) [RHEL-123064] +- wifi: mt76: fix linked list corruption (Jose Ignacio Tornos Martinez) [RHEL-123064] {CVE-2025-39918} +Resolves: RHEL-120668, RHEL-122892, RHEL-123064 + +* Thu Nov 20 2025 CKI KWF Bot [5.14.0-611.10.1.el9_7] +- ice: ice_adapter: release xa entry on adapter allocation failure (CKI Backport Bot) [RHEL-128469] {CVE-2025-40185} +- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Eder Zulian) [RHEL-125478] {CVE-2025-40058} +- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123111] {CVE-2025-39898} +- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125604] {CVE-2025-38724} +- wifi: cfg80211: fix use-after-free in cmp_bss() (CKI Backport Bot) [RHEL-122874] {CVE-2025-39864} +- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (Jay Shin) [RHEL-116680] +Resolves: RHEL-116680, RHEL-122874, RHEL-123111, RHEL-125478, RHEL-125604, RHEL-128469 + * Sat Nov 15 2025 CKI KWF Bot [5.14.0-611.9.1.el9_7] - NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia) [RHEL-124651] - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia) [RHEL-124651] diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 63c0cdf42..63288f072 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 611.9.1 +%define pkgrelease 611.11.1 %define kversion 5 -%define tarfile_release 5.14.0-611.9.1.el9_7 +%define tarfile_release 5.14.0-611.11.1.el9_7 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 611.9.1%{?buildid}%{?dist} +%define specrelease 611.11.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-611.9.1.el9_7 +%define kabiversion 5.14.0-611.11.1.el9_7 # # End of genspec.sh variables @@ -3768,7 +3768,7 @@ fi # # %changelog -* Thu Nov 27 2025 Andrew Lukoshko - 5.14.0-611.9.1 +* Wed Dec 03 2025 Andrew Lukoshko - 5.14.0-611.11.1 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 @@ -3779,11 +3779,33 @@ fi - kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained -* Thu Nov 27 2025 Eduard Abdullin - 5.14.0-611.9.1 +* Wed Dec 03 2025 Eduard Abdullin - 5.14.0-611.11.1 - Use AlmaLinux OS secure boot cert - Debrand for AlmaLinux OS - Add KVM support for ppc64le +* Tue Nov 25 2025 CKI KWF Bot [5.14.0-611.11.1.el9_7] +- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Antoine Tenart) [RHEL-120668] +- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Antoine Tenart) [RHEL-120668] {CVE-2025-39955} +- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Fix sparse errors (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Fix possible UAFs (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: hci_sync: fix set_local_name race condition (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: set_mesh: update LE scan interval and window (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Protect mgmt_pending list with its own lock (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981} +- wifi: mt76: free pending offchannel tx frames on wcid cleanup (Jose Ignacio Tornos Martinez) [RHEL-123064] +- wifi: mt76: do not add non-sta wcid entries to the poll list (Jose Ignacio Tornos Martinez) [RHEL-123064] +- wifi: mt76: fix linked list corruption (Jose Ignacio Tornos Martinez) [RHEL-123064] {CVE-2025-39918} + +* Thu Nov 20 2025 CKI KWF Bot [5.14.0-611.10.1.el9_7] +- ice: ice_adapter: release xa entry on adapter allocation failure (CKI Backport Bot) [RHEL-128469] {CVE-2025-40185} +- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Eder Zulian) [RHEL-125478] {CVE-2025-40058} +- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123111] {CVE-2025-39898} +- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125604] {CVE-2025-38724} +- wifi: cfg80211: fix use-after-free in cmp_bss() (CKI Backport Bot) [RHEL-122874] {CVE-2025-39864} +- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (Jay Shin) [RHEL-116680] + * Sat Nov 15 2025 CKI KWF Bot [5.14.0-611.9.1.el9_7] - NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia) [RHEL-124651] - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia) [RHEL-124651]