diff --git a/.gitignore b/.gitignore index 49ee420a0..f38fa02be 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -SOURCES/kernel-abi-stablelists-5.14.0-427.35.1.el9_4.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-427.35.1.el9_4.tar.bz2 -SOURCES/linux-5.14.0-427.35.1.el9_4.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-427.37.1.el9_4.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-427.37.1.el9_4.tar.bz2 +SOURCES/linux-5.14.0-427.37.1.el9_4.tar.xz SOURCES/nvidiagpuoot001.x509 SOURCES/rheldup3.x509 SOURCES/rhelima.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 1a92c8cc6..9867acb28 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,4 +1,4 @@ -a9b3a7fe48a9cd65e5c222310c6be4de7fed2fb2 SOURCES/kernel-abi-stablelists-5.14.0-427.35.1.el9_4.tar.bz2 -6959196dd6f1c6e3efce688521d81fa71ecde373 SOURCES/kernel-kabi-dw-5.14.0-427.35.1.el9_4.tar.bz2 -7d681318edce705b8d77430ddc548bfc0c05f4bd SOURCES/linux-5.14.0-427.35.1.el9_4.tar.xz +4ab2a38d8cad4ee2d5798f6fe63e3090b20359c8 SOURCES/kernel-abi-stablelists-5.14.0-427.37.1.el9_4.tar.bz2 +d0c04162d4f2ab56e56e57851bef61f216830fc5 SOURCES/kernel-kabi-dw-5.14.0-427.37.1.el9_4.tar.bz2 +3b91b73d33a59707c315d99c5afdf6d0bb4e7594 SOURCES/linux-5.14.0-427.37.1.el9_4.tar.xz 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 4d9849cc2..be20bfe55 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 4 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 427.35.1 +RHEL_RELEASE = 427.37.1 # # ZSTREAM diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index d919389d7..af43ef0f7 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 427.35.1 +%define pkgrelease 427.37.1 %define kversion 5 -%define tarfile_release 5.14.0-427.35.1.el9_4 +%define tarfile_release 5.14.0-427.37.1.el9_4 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 427.35.1%{?buildid}%{?dist} +%define specrelease 427.37.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-427.35.1.el9_4 +%define kabiversion 5.14.0-427.37.1.el9_4 # # End of genspec.sh variables @@ -3736,6 +3736,81 @@ fi # # %changelog +* Fri Sep 13 2024 Scott Weaver [5.14.0-427.37.1.el9_4] +- ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CKI Backport Bot) [RHEL-42783] {CVE-2024-26947} +- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (Mamatha Inamdar) [RHEL-45537 RHEL-25055] +- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-40517 RHEL-39354] {CVE-2024-36016} +- smb: client: set correct id, uid and cruid for multiuser automounts (Jay Shin) [RHEL-47260 RHEL-31245] +- printk: printk.c: Disable per_console_kthreads on !CONFIG_PREEMPT_RT (Derek Barbosa) [RHEL-39064] +- uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-41275 RHEL-26233] {CVE-2023-52439} +- gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Steve Best) [RHEL-43192 RHEL-39849] {CVE-2024-36899} +- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51287 RHEL-51285] {CVE-2024-41071} +- Input: cyapa - add missing input core locking to suspend/resume functions (cki-backport-bot) [RHEL-44455] {CVE-2023-52884} +- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Limit number of driver warning messages (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Fix race condition in disconnect handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Fix race conditions in suspend/resume handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Fix partial packet errors on suspend/resume (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Add missing return code checks (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Remove unused pause frame queue (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Set flow control threshold to prevent packet loss (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Remove unused timer (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- lan78xx: Fix white space and style issues (Jamie Bainbridge) [RHEL-34928 RHEL-33332] +- sctp: fix association labeling in the duplicate COOKIE-ECHO case (CKI Backport Bot) [RHEL-56745 RHEL-48647] +- ice: xsk: fix txq interrupt mapping (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: improve updating ice_{t,r}x_ring::xsk_pool (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: toggle netif_carrier when setting up XSK pool (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: modify error handling when setting XSK pool in ndo_bpf (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: replace synchronize_rcu with synchronize_net (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: don't busy wait for Rx queue disable in ice_qp_dis() (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: respect netif readiness in AF_XDP ZC related ndo's (Petr Oros) [RHEL-52771 RHEL-15670] +- ice: remove af_xdp_zc_qps bitmap (Petr Oros) [RHEL-52771 RHEL-17486] +- ice: reorder disabling IRQ and NAPI in ice_qp_dis (Petr Oros) [RHEL-52771 RHEL-17486] +- ice: make ice_vsi_cfg_txq() static (Petr Oros) [RHEL-52771 RHEL-17486] +- ice: make ice_vsi_cfg_rxq() static (Petr Oros) [RHEL-52771 RHEL-17486] +- ice: make use of DEFINE_FLEX() for struct ice_aqc_add_tx_qgrp (Petr Oros) [RHEL-52771 RHEL-17486] +- xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL (Petr Oros) [RHEL-52771 RHEL-38863] +- ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Petr Oros) [RHEL-52771 RHEL-38863] +- intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Petr Oros) [RHEL-52771 RHEL-38863] +- ice: remove redundant xdp_rxq_info registration (Petr Oros) [RHEL-52771 RHEL-38863] +- ice: work on pre-XDP prog frag count (Petr Oros) [RHEL-52771 RHEL-38863] +- xsk: fix usage of multi-buffer BPF helpers for ZC XDP (Petr Oros) [RHEL-52771 RHEL-38863] +- xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags (Petr Oros) [RHEL-52771 RHEL-38863] +- xsk: recycle buffer in case Rx queue was full (Petr Oros) [RHEL-52771 RHEL-38863] +- overflow: add DEFINE_FLEX() for on-stack allocs (Petr Oros) [RHEL-52771 RHEL-30138] +- overflow: Add struct_size_t() helper (Petr Oros) [RHEL-52771 RHEL-30138] +- bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Felix Maurer) [RHEL-41479 RHEL-30107] {CVE-2024-35895} +- xfs: allow SECURE namespace xattrs to use reserved block pool (CKI Backport Bot) [RHEL-54443 RHEL-49806] +- platform/x86/intel-uncore-freq: Don't present root domain on error (David Arcari) [RHEL-43291 RHEL-38558] +- platform/x86/intel-uncore-freq: Increase minor number support (David Arcari) [RHEL-43291 RHEL-38558] +- platform/x86/intel-uncore-freq: Process read/write blocked feature status (David Arcari) [RHEL-43291 RHEL-38558] +- platform/x86/intel/tpmi: Move TPMI ID definition (Steve Best) [RHEL-43291 RHEL-35956] +- ice: fix VSI lists confusion when adding VLANs (CKI Backport Bot) [RHEL-57778 RHEL-20571] +- ice: fix accounting for filters shared by multiple VSIs (CKI Backport Bot) [RHEL-57778 RHEL-20571] +- ice: fix accounting if a VLAN already exists (CKI Backport Bot) [RHEL-57778 RHEL-17486] + +* Fri Sep 06 2024 Scott Weaver [5.14.0-427.36.1.el9_4] +- scsi: qla2xxx: Fix double free of fcport (Nilesh Javali) [RHEL-39547 RHEL-40034 RHEL-25184 RHEL-35020] {CVE-2024-26929} +- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Nilesh Javali) [RHEL-39547 RHEL-41325 RHEL-25184 RHEL-35016] {CVE-2024-26930} +- scsi: qla2xxx: Fix command flush on cable pull (Nilesh Javali) [RHEL-39547 RHEL-40029 RHEL-25184 RHEL-35012] {CVE-2024-26931} +- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Benjamin Coddington) [RHEL-53708 RHEL-53004] {CVE-2024-42246} +- ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-56275 RHEL-56084] +- wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52368] {CVE-2024-42225} +- cppc_cpufreq: Fix possible null pointer dereference (cki-backport-bot) [RHEL-44145] {CVE-2024-38573} +- ring-buffer: Fix a race between readers and resize checks (cki-backport-bot) [RHEL-43920] {CVE-2024-38601} +- fork: defer linking file vma until vma is fully initialized (Rafael Aquini) [RHEL-35617 RHEL-35022] {CVE-2024-27022} +- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CKI Backport Bot) [RHEL-48393 RHEL-48391] {CVE-2024-40984} +- KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (Maxim Levitsky) [RHEL-41345 RHEL-32430] {CVE-2024-26991} +- net/sched: act_mirred: don't override retval if we already lost the skb (Davide Caratti) [RHEL-42644 RHEL-31724] {CVE-2024-26739} +- net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability (Davide Caratti) [RHEL-42644 RHEL-32137] +- cpufreq: exit() callback is optional (cki-backport-bot) [RHEL-43848] {CVE-2024-38615} +- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} +- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} +- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} +- wifi: nl80211: Avoid address calculations via out of bounds array indexing (Jose Ignacio Tornos Martinez) [RHEL-46505 RHEL-34696] {CVE-2024-38562} + * Fri Aug 30 2024 Scott Weaver [5.14.0-427.35.1.el9_4] - usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619} - ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437]