import EuroLinux kernel-4.18.0-513.9.1.el8_9

This commit is contained in:
Andrew Lukoshko 2023-12-02 08:55:08 +00:00
parent 19b21fa491
commit f9b607962c
6 changed files with 144 additions and 28 deletions

2
.gitignore vendored
View File

@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
SOURCES/centossecurebootca2.cer SOURCES/centossecurebootca2.cer
SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
SOURCES/linux-4.18.0-513.5.1.el8_9.tar.xz SOURCES/linux-4.18.0-513.9.1.el8_9.tar.xz
SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot302.cer
SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot303.cer
SOURCES/redhatsecureboot501.cer SOURCES/redhatsecureboot501.cer

View File

@ -1,8 +1,8 @@
2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
1b80f3713df5b69a8f2db146d970264f3c0bd634 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 b7c81f7a4572b627bf2df9213d715e3e74c1c394 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
d23322be97d0641ecaf432900ace3c5ee7987c5b SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 26df1b50927ada39cecb1b9e86331fcbd0c21c65 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
b24e12fe467bffa371c13a72fda5e583189a2616 SOURCES/linux-4.18.0-513.5.1.el8_9.tar.xz b66c16f3dbd5a47089d5552283162e6b403b3919 SOURCES/linux-4.18.0-513.9.1.el8_9.tar.xz
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer

View File

@ -0,0 +1,12 @@
--- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700
@@ -147,7 +147,7 @@ void main(void)
/* Make sure we have all the proper CPU support */
if (validate_cpu()) {
- puts("This processor is not supported in this version of RHEL.\n");
+ puts("This processor is not supported in this version of EuroLinux.\n");
die();
}

View File

@ -0,0 +1,11 @@
--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700
@@ -900,7 +900,7 @@ static void rh_check_supported(void)
if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
!guest && is_kdump_kernel()) {
pr_crit("Detected single cpu native boot.\n");
- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
+ pr_crit("Important: In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported.");
}
/*

View File

@ -0,0 +1,12 @@
diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c
--- linux-4.18.0-477.27.1.el8_8/init/main.c 2023-08-31 16:01:50.000000000 +0200
+++ linux-4.18.0-477.27.1.el8_8p/init/main.c 2023-09-20 14:02:16.439638219 +0200
@@ -576,7 +576,7 @@
page_alloc_init();
pr_notice("Kernel command line: %s\n", boot_command_line);
- pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n");
+ pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n");
/* parameters may set static keys */
jump_label_init();
parse_early_param();

View File

@ -38,10 +38,10 @@
# define buildid .local # define buildid .local
%define rpmversion 4.18.0 %define rpmversion 4.18.0
%define pkgrelease 513.5.1.el8_9 %define pkgrelease 513.9.1.el8_9
# allow pkg_release to have configurable %%{?dist} tag # allow pkg_release to have configurable %%{?dist} tag
%define specrelease 513.5.1%{?dist} %define specrelease 513.9.1%{?dist}
%define pkg_release %{specrelease}%{?buildid} %define pkg_release %{specrelease}%{?buildid}
@ -323,6 +323,19 @@
%define kernel_prereq coreutils, systemd >= 203-2, /usr/bin/kernel-install %define kernel_prereq coreutils, systemd >= 203-2, /usr/bin/kernel-install
%define initrd_prereq dracut >= 027 %define initrd_prereq dracut >= 027
# EuroLinux override
# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
# we have to change this here
%define with_doc 1
%define with_kabichk 1
%define with_kernel_abi_whitelists 1
%global signkernel 0
%global signmodules 0
# End of EuroLinux override
Name: kernel%{?variant} Name: kernel%{?variant}
Group: System Environment/Kernel Group: System Environment/Kernel
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml
# empty final patch to facilitate testing of kernel patches # empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch Patch999999: linux-kernel-test.patch
Patch1000: debrand-rh-i686-cpu.patch
Patch1002: debrand-single-cpu.patch
Patch1003: debrand-specific-versions-of-hardware.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
%description %description
This is the package which provides the Linux %{name} for Red Hat Enterprise This is the package which provides the Linux %{name} for EuroLinux.
Linux. It is based on upstream Linux at version %{version} and maintains kABI It is based on upstream Linux at version %{version} and maintains kABI
compatibility of a set of approved symbols, however it is heavily modified with compatibility of a set of approved symbols, however it is heavily modified with
backports and fixes pulled from newer upstream Linux %{name} releases. This means backports and fixes pulled from newer upstream Linux %{name} releases. This means
this is not a %{version} kernel anymore: it includes several components which come this is not a %{version} kernel anymore: it includes several components which come
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
core. Some of the components/backports that may be pulled in are: changes like core. Some of the components/backports that may be pulled in are: changes like
updates to the core kernel (eg.: scheduler, cgroups, memory management, security updates to the core kernel (eg.: scheduler, cgroups, memory management, security
fixes and features), updates to block layer, supported filesystems, major driver fixes and features), updates to block layer, supported filesystems, major driver
updates for supported hardware in Red Hat Enterprise Linux, enhancements for updates for supported hardware in EuroLinux, enhancements for
enterprise customers, etc. enterprise customers, etc.
# #
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
%endif %endif
%package -n %{name}-abi-stablelists %package -n %{name}-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists Summary: The EuroLinux kernel ABI symbol stablelists
Group: System Environment/Kernel Group: System Environment/Kernel
AutoReqProv: no AutoReqProv: no
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release} Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
Provides: %{name}-abi-whitelists Provides: %{name}-abi-whitelists
%description -n %{name}-abi-stablelists %description -n %{name}-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise The kABI package contains information pertaining to the EuroLinux
Linux kernel ABI, including lists of kernel symbols that are needed by kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement. external Linux kernel modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base} %if %{with_kabidw_base}
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel Group: System Environment/Kernel
AutoReqProv: no AutoReqProv: no
%description kernel-kabidw-base-internal %description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise The package contains data describing the current ABI of the EuroLinux
Linux kernel, suitable for the kabi-dw tool. kernel, suitable for the kabi-dw tool.
%endif %endif
# #
@ -1068,9 +1084,9 @@ ApplyPatch()
exit 1 exit 1
fi fi
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
if [ "${patch:0:8}" != "patch-4." ] ; then if [ "${patch:0:9}" != "patch-4." ] ; then
echo "ERROR: Patch $patch not listed as a source patch in specfile" echo "ERROR: Patch $patch not listed as a source patch in specfile"
exit 1 #exit 1
fi fi
fi 2>/dev/null fi 2>/dev/null
case "$patch" in case "$patch" in
@ -1100,6 +1116,9 @@ mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
cd linux-%{KVERREL} cd linux-%{KVERREL}
ApplyOptionalPatch debrand-single-cpu.patch
#ApplyOptionalPatch debrand-rh_taint.patch
ApplyOptionalPatch debrand-rh-i686-cpu.patch
ApplyOptionalPatch linux-kernel-test.patch ApplyOptionalPatch linux-kernel-test.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
@ -1752,18 +1771,18 @@ BuildKernel() {
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer # install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%ifarch s390x ppc64le # %ifarch s390x ppc64le
if [ $DoModules -eq 1 ]; then # if [ $DoModules -eq 1 ]; then
if [ -x /usr/bin/rpm-sign ]; then # if [ -x /usr/bin/rpm-sign ]; then
install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} # install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
else # else
install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer # install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} # openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} # chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
fi # fi
fi # fi
%endif # %endif
%if %{with_ipaclones} %if %{with_ipaclones}
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p') MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
@ -2696,6 +2715,68 @@ fi
# #
# #
%changelog %changelog
* Thu Nov 30 2023 EuroLinux Autopatch <devel@euro-linux.com>
- Added Patch: debrand-rh-i686-cpu.patch
--> i686 info debrand
- Added Patch: debrand-single-cpu.patch
--> Single cpu debrand
- Added Patch: debrand-specific-versions-of-hardware.patch
--> Specific versions of hardware debrand
* Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
- ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}
- block: check_events: don't bother with events if unsupported (Ming Lei) [RHEL-15052 RHEL-2407]
- Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (Ming Lei) [RHEL-15052 RHEL-2407]
- Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (Ming Lei) [RHEL-15052 RHEL-2407]
- block: disk_events: introduce event flags (Ming Lei) [RHEL-15052 RHEL-2407]
- block: genhd: remove async_events field (Ming Lei) [RHEL-15052 RHEL-2407]
- net: virtio_net_hdr_to_skb: count transport header in UFO (Cindy Lu) [RHEL-16332 RHEL-6030]
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5764 RHEL-3656]
* Thu Nov 09 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.8.1.el8_9]
- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15159 RHEL-7930] {CVE-2023-1192}
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (Florian Westphal) [RHEL-12371 RHEL-5742]
- sched/rt: Fix bad task migration for rt tasks (Valentin Schneider) [RHEL-11682 RHEL-3872]
- bpf: Fix incorrect verifier pruning due to missing register precision taints (Artem Savkov) [RHEL-13049 RHEL-7534] {CVE-2023-2163}
* Thu Nov 02 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.7.1.el8_9]
- sched/fair: Block nohz tick_stop when cfs bandwidth in use (Phil Auld) [RHEL-12723 RHEL-2527]
- sched, cgroup: Restore meaning to hierarchical_quota (Phil Auld) [RHEL-12723 RHEL-2527]
- sched/fair: Hide unused init_cfs_bandwidth() stub (Phil Auld) [RHEL-12723 RHEL-2527]
* Thu Oct 26 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.6.1.el8_9]
- redhat: fix bug/zjira sort in the changelog (Patrick Talbert)
- CI: Remove unused kpet_tree_family (Nikolai Kondrashov)
- redhat: set default zstream brew target for 8.9 (Patrick Talbert)
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) [RHEL-12689 RHEL-11241]
- rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) [RHEL-12689 RHEL-11241]
- rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) [RHEL-12689 RHEL-11241]
- rbd: move rbd_dev_refresh() definition (Ilya Dryomov) [RHEL-12689 RHEL-11241]
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
- media: dvb_ca_en50221: fix a size write bug (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
- media: dvb_ca_en50221: avoid speculation from CA slot (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
- media: dvb-core: fix epoll() by calling poll_wait first (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
- media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl() (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
- iavf: schedule a request immediately after add/delete vlan (Petr Oros) [2240750 2231174]
- iavf: add iavf_schedule_aq_request() helper (Petr Oros) [2240750 2231174]
- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) [RHEL-6123 2229965]
- media: dvb-core: Fix use-after-free due on race condition at dvb_net (Dean Nelson) [RHEL-11248 RHEL-1842] {CVE-2022-45886}
- media: dvb_net: avoid speculation from net slot (Dean Nelson) [RHEL-11248 RHEL-1842] {CVE-2022-45886}
- mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() (Rafael Aquini) [RHEL-11588 RHEL-3652]
- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [RHEL-10393 RHEL-3379]
- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12295 RHEL-7185] {CVE-2023-3812}
- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-11331 RHEL-10997]
- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- media: dvbdev: fix refcnt bug (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- media: dvbdev: adopts refcnt to avoid UAF (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- media: dvbdev: fix error logic at dvb_register_device() (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- media: dvbdev: Fix memleak in dvb_register_device (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- media: media/dvb: Use kmemdup rather than duplicating its implementation (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- media: dvbdev: remove double-unlock (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
- bpf: Adjust insufficient default bpf_jit_limit (Viktor Malik) [2243011 2219567]
- bpf: Prevent increasing bpf_jit_limit above max (Viktor Malik) [2243011 2219567]
* Fri Sep 29 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.5.1.el8_9] * Fri Sep 29 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.5.1.el8_9]
- redhat: list Z-Jiras in the changelog before Y-Jiras (Herton R. Krzesinski) - redhat: list Z-Jiras in the changelog before Y-Jiras (Herton R. Krzesinski)
- Revert "mm, meminit: recalculate pcpu batch and high limits after init completes" (Chris von Recklinghausen) [RHEL-8539] - Revert "mm, meminit: recalculate pcpu batch and high limits after init completes" (Chris von Recklinghausen) [RHEL-8539]