import EuroLinux kernel-4.18.0-513.9.1.el8_9

2023-12-02 08:55:08 +00:00 · 2023-12-02 08:55:08 +00:00 · f9b607962c
commit f9b607962c
parent 19b21fa491
6 changed files with 144 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
-SOURCES/linux-4.18.0-513.5.1.el8_9.tar.xz
+SOURCES/linux-4.18.0-513.9.1.el8_9.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
--- a/.kernel.metadata
+++ b/.kernel.metadata
@ -1,8 +1,8 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-1b80f3713df5b69a8f2db146d970264f3c0bd634 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
-d23322be97d0641ecaf432900ace3c5ee7987c5b SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
-b24e12fe467bffa371c13a72fda5e583189a2616 SOURCES/linux-4.18.0-513.5.1.el8_9.tar.xz
+b7c81f7a4572b627bf2df9213d715e3e74c1c394 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
+26df1b50927ada39cecb1b9e86331fcbd0c21c65 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
+b66c16f3dbd5a47089d5552283162e6b403b3919 SOURCES/linux-4.18.0-513.9.1.el8_9.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
--- a/SOURCES/debrand-rh-i686-cpu.patch
+++ b/SOURCES/debrand-rh-i686-cpu.patch
@ -0,0 +1,12 @@
+--- a/arch/x86/boot/main.c	2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/boot/main.c	2019-05-25 14:31:21.043272496 -0700
+@@ -147,7 +147,7 @@ void main(void)
+ 
+ 	/* Make sure we have all the proper CPU support */
+ 	if (validate_cpu()) {
+-		puts("This processor is not supported in this version of RHEL.\n");
+		puts("This processor is not supported in this version of EuroLinux.\n");
+ 		die();
+ 	}
+ 
+
--- a/SOURCES/debrand-single-cpu.patch
+++ b/SOURCES/debrand-single-cpu.patch
@ -0,0 +1,11 @@
+--- a/arch/x86/kernel/setup.c	2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/kernel/setup.c	2019-05-27 08:35:54.580595314 -0700
+@@ -900,7 +900,7 @@ static void rh_check_supported(void)
+ 	if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
+ 	    !guest && is_kdump_kernel()) {
+ 		pr_crit("Detected single cpu native boot.\n");
+-		pr_crit("Important:  In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
+		pr_crit("Important:  In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported.");
+ 	}
+ 
+ 	/*
--- a/SOURCES/debrand-specific-versions-of-hardware.patch
+++ b/SOURCES/debrand-specific-versions-of-hardware.patch
@ -0,0 +1,12 @@
+diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c
+--- linux-4.18.0-477.27.1.el8_8/init/main.c	2023-08-31 16:01:50.000000000 +0200
+++ linux-4.18.0-477.27.1.el8_8p/init/main.c	2023-09-20 14:02:16.439638219 +0200
+@@ -576,7 +576,7 @@
+ 	page_alloc_init();
+ 
+ 	pr_notice("Kernel command line: %s\n", boot_command_line);
+-	pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n");
+	pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n");
+ 	/* parameters may set static keys */
+ 	jump_label_init();
+ 	parse_early_param();
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@ -38,10 +38,10 @@
 # define buildid .local

 %define rpmversion 4.18.0
-%define pkgrelease 513.5.1.el8_9
+%define pkgrelease 513.9.1.el8_9

 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 513.5.1%{?dist}
+%define specrelease 513.9.1%{?dist}

 %define pkg_release %{specrelease}%{?buildid}

@ -323,6 +323,19 @@
 %define kernel_prereq  coreutils, systemd >= 203-2, /usr/bin/kernel-install
 %define initrd_prereq  dracut >= 027

+# EuroLinux override
+# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
+# we have to change this here
+
+%define with_doc 1
+%define with_kabichk 1
+%define with_kernel_abi_whitelists 1
+%global signkernel 0
+%global signmodules 0
+
+# End of EuroLinux override
+
+

 Name: kernel%{?variant}
 Group: System Environment/Kernel
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml

 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
+Patch1000:	debrand-rh-i686-cpu.patch
+Patch1002:	debrand-single-cpu.patch
+Patch1003:	debrand-specific-versions-of-hardware.patch

 # END OF PATCH DEFINITIONS

 BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root

 %description
-This is the package which provides the Linux %{name} for Red Hat Enterprise
-Linux. It is based on upstream Linux at version %{version} and maintains kABI
+This is the package which provides the Linux %{name} for EuroLinux.
+It is based on upstream Linux at version %{version} and maintains kABI
 compatibility of a set of approved symbols, however it is heavily modified with
 backports and fixes pulled from newer upstream Linux %{name} releases. This means
 this is not a %{version} kernel anymore: it includes several components which come
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
 core. Some of the components/backports that may be pulled in are: changes like
 updates to the core kernel (eg.: scheduler, cgroups, memory management, security
 fixes and features), updates to block layer, supported filesystems, major driver
-updates for supported hardware in Red Hat Enterprise Linux, enhancements for
+updates for supported hardware in EuroLinux, enhancements for
 enterprise customers, etc.

 #
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 %endif

 %package -n %{name}-abi-stablelists
-Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
+Summary: The EuroLinux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
 Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
-The kABI package contains information pertaining to the Red Hat Enterprise
-Linux kernel ABI, including lists of kernel symbols that are needed by
+The kABI package contains information pertaining to the EuroLinux
+kernel ABI, including lists of kernel symbols that are needed by
 external Linux kernel modules, and a yum plugin to aid enforcement.

 %if %{with_kabidw_base}
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
 Group: System Environment/Kernel
 AutoReqProv: no
 %description kernel-kabidw-base-internal
-The package contains data describing the current ABI of the Red Hat Enterprise
-Linux kernel, suitable for the kabi-dw tool.
+The package contains data describing the current ABI of the EuroLinux 
+kernel, suitable for the kabi-dw tool.
 %endif

 #
@ -1068,9 +1084,9 @@ ApplyPatch()
    exit 1
  fi
  if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
-    if [ "${patch:0:8}" != "patch-4." ] ; then
+    if [ "${patch:0:9}" != "patch-4." ] ; then
      echo "ERROR: Patch  $patch  not listed as a source patch in specfile"
-      exit 1
+      #exit 1
    fi
  fi 2>/dev/null
  case "$patch" in
@ -1100,6 +1116,9 @@ mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}

 cd linux-%{KVERREL}

+ApplyOptionalPatch debrand-single-cpu.patch
+#ApplyOptionalPatch debrand-rh_taint.patch
+ApplyOptionalPatch debrand-rh-i686-cpu.patch
 ApplyOptionalPatch linux-kernel-test.patch

 # END OF PATCH APPLICATIONS
@ -1752,18 +1771,18 @@ BuildKernel() {

    # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
    mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
-    install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
-    %ifarch s390x ppc64le
-    if [ $DoModules -eq 1 ]; then
-	if [ -x /usr/bin/rpm-sign ]; then
-	    install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
-	else
-	    install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
-	    openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
-	    chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
-	fi
-    fi
-    %endif
+#    install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
+#    %ifarch s390x ppc64le
+#    if [ $DoModules -eq 1 ]; then
+#	if [ -x /usr/bin/rpm-sign ]; then
+#	    install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
+#	else
+#	    install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
+#	    openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
+#	    chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
+#	fi
+#    fi
+#    %endif

 %if %{with_ipaclones}
    MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
@ -2696,6 +2715,68 @@ fi
 #
 #
 %changelog
+* Thu Nov 30 2023 EuroLinux Autopatch <devel@euro-linux.com>
+- Added Patch: debrand-rh-i686-cpu.patch
+-->  i686 info debrand
+- Added Patch: debrand-single-cpu.patch
+-->  Single cpu debrand
+- Added Patch: debrand-specific-versions-of-hardware.patch
+-->  Specific versions of hardware debrand
+
+* Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
+- ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
+- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}
+- block: check_events: don't bother with events if unsupported (Ming Lei) [RHEL-15052 RHEL-2407]
+- Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (Ming Lei) [RHEL-15052 RHEL-2407]
+- Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (Ming Lei) [RHEL-15052 RHEL-2407]
+- block: disk_events: introduce event flags (Ming Lei) [RHEL-15052 RHEL-2407]
+- block: genhd: remove async_events field (Ming Lei) [RHEL-15052 RHEL-2407]
+- net: virtio_net_hdr_to_skb: count transport header in UFO (Cindy Lu) [RHEL-16332 RHEL-6030]
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5764 RHEL-3656]
+
+* Thu Nov 09 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.8.1.el8_9]
+- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15159 RHEL-7930] {CVE-2023-1192}
+- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (Florian Westphal) [RHEL-12371 RHEL-5742]
+- sched/rt: Fix bad task migration for rt tasks (Valentin Schneider) [RHEL-11682 RHEL-3872]
+- bpf: Fix incorrect verifier pruning due to missing register precision taints (Artem Savkov) [RHEL-13049 RHEL-7534] {CVE-2023-2163}
+
+* Thu Nov 02 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.7.1.el8_9]
+- sched/fair: Block nohz tick_stop when cfs bandwidth in use (Phil Auld) [RHEL-12723 RHEL-2527]
+- sched, cgroup: Restore meaning to hierarchical_quota (Phil Auld) [RHEL-12723 RHEL-2527]
+- sched/fair: Hide unused init_cfs_bandwidth() stub (Phil Auld) [RHEL-12723 RHEL-2527]
+
+* Thu Oct 26 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.6.1.el8_9]
+- redhat: fix bug/zjira sort in the changelog (Patrick Talbert)
+- CI: Remove unused kpet_tree_family (Nikolai Kondrashov)
+- redhat: set default zstream brew target for 8.9 (Patrick Talbert)
+- rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) [RHEL-12689 RHEL-11241]
+- rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) [RHEL-12689 RHEL-11241]
+- rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) [RHEL-12689 RHEL-11241]
+- rbd: move rbd_dev_refresh() definition (Ilya Dryomov) [RHEL-12689 RHEL-11241]
+- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
+- media: dvb_ca_en50221: fix a size write bug (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
+- media: dvb_ca_en50221: avoid speculation from CA slot (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
+- media: dvb-core: fix epoll() by calling poll_wait first (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
+- media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl() (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
+- iavf: schedule a request immediately after add/delete vlan (Petr Oros) [2240750 2231174]
+- iavf: add iavf_schedule_aq_request() helper (Petr Oros) [2240750 2231174]
+- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) [RHEL-6123 2229965]
+- media: dvb-core: Fix use-after-free due on race condition at dvb_net (Dean Nelson) [RHEL-11248 RHEL-1842] {CVE-2022-45886}
+- media: dvb_net: avoid speculation from net slot (Dean Nelson) [RHEL-11248 RHEL-1842] {CVE-2022-45886}
+- mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() (Rafael Aquini) [RHEL-11588 RHEL-3652]
+- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [RHEL-10393 RHEL-3379]
+- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12295 RHEL-7185] {CVE-2023-3812}
+- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-11331 RHEL-10997]
+- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- media: dvbdev: fix refcnt bug (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- media: dvbdev: adopts refcnt to avoid UAF (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- media: dvbdev: fix error logic at dvb_register_device() (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- media: dvbdev: Fix memleak in dvb_register_device (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- media: media/dvb: Use kmemdup rather than duplicating its implementation (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- media: dvbdev: remove double-unlock (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
+- bpf: Adjust insufficient default bpf_jit_limit (Viktor Malik) [2243011 2219567]
+- bpf: Prevent increasing bpf_jit_limit above max (Viktor Malik) [2243011 2219567]
+
 * Fri Sep 29 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.5.1.el8_9]
 - redhat: list Z-Jiras in the changelog before Y-Jiras (Herton R. Krzesinski)
 - Revert "mm, meminit: recalculate pcpu batch and high limits after init completes" (Chris von Recklinghausen) [RHEL-8539]