|
|
|
@ -38,10 +38,10 @@
|
|
|
|
|
# define buildid .local
|
|
|
|
|
|
|
|
|
|
%define rpmversion 4.18.0
|
|
|
|
|
%define pkgrelease 513.5.1.el8_9
|
|
|
|
|
%define pkgrelease 513.9.1.el8_9
|
|
|
|
|
|
|
|
|
|
# allow pkg_release to have configurable %%{?dist} tag
|
|
|
|
|
%define specrelease 513.5.1%{?dist}
|
|
|
|
|
%define specrelease 513.9.1%{?dist}
|
|
|
|
|
|
|
|
|
|
%define pkg_release %{specrelease}%{?buildid}
|
|
|
|
|
|
|
|
|
@ -323,6 +323,19 @@
|
|
|
|
|
%define kernel_prereq coreutils, systemd >= 203-2, /usr/bin/kernel-install
|
|
|
|
|
%define initrd_prereq dracut >= 027
|
|
|
|
|
|
|
|
|
|
# EuroLinux override
|
|
|
|
|
# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
|
|
|
|
|
# we have to change this here
|
|
|
|
|
|
|
|
|
|
%define with_doc 1
|
|
|
|
|
%define with_kabichk 1
|
|
|
|
|
%define with_kernel_abi_whitelists 1
|
|
|
|
|
%global signkernel 0
|
|
|
|
|
%global signmodules 0
|
|
|
|
|
|
|
|
|
|
# End of EuroLinux override
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Name: kernel%{?variant}
|
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml
|
|
|
|
|
|
|
|
|
|
# empty final patch to facilitate testing of kernel patches
|
|
|
|
|
Patch999999: linux-kernel-test.patch
|
|
|
|
|
Patch1000: debrand-rh-i686-cpu.patch
|
|
|
|
|
Patch1002: debrand-single-cpu.patch
|
|
|
|
|
Patch1003: debrand-specific-versions-of-hardware.patch
|
|
|
|
|
|
|
|
|
|
# END OF PATCH DEFINITIONS
|
|
|
|
|
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
This is the package which provides the Linux %{name} for Red Hat Enterprise
|
|
|
|
|
Linux. It is based on upstream Linux at version %{version} and maintains kABI
|
|
|
|
|
This is the package which provides the Linux %{name} for EuroLinux.
|
|
|
|
|
It is based on upstream Linux at version %{version} and maintains kABI
|
|
|
|
|
compatibility of a set of approved symbols, however it is heavily modified with
|
|
|
|
|
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
|
|
|
|
this is not a %{version} kernel anymore: it includes several components which come
|
|
|
|
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
|
|
|
|
|
core. Some of the components/backports that may be pulled in are: changes like
|
|
|
|
|
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
|
|
|
|
fixes and features), updates to block layer, supported filesystems, major driver
|
|
|
|
|
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
|
|
|
|
|
updates for supported hardware in EuroLinux, enhancements for
|
|
|
|
|
enterprise customers, etc.
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%package -n %{name}-abi-stablelists
|
|
|
|
|
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
|
|
|
|
Summary: The EuroLinux kernel ABI symbol stablelists
|
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
|
AutoReqProv: no
|
|
|
|
|
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
|
|
|
|
|
Provides: %{name}-abi-whitelists
|
|
|
|
|
%description -n %{name}-abi-stablelists
|
|
|
|
|
The kABI package contains information pertaining to the Red Hat Enterprise
|
|
|
|
|
Linux kernel ABI, including lists of kernel symbols that are needed by
|
|
|
|
|
The kABI package contains information pertaining to the EuroLinux
|
|
|
|
|
kernel ABI, including lists of kernel symbols that are needed by
|
|
|
|
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
|
|
|
|
|
|
|
|
|
%if %{with_kabidw_base}
|
|
|
|
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
|
AutoReqProv: no
|
|
|
|
|
%description kernel-kabidw-base-internal
|
|
|
|
|
The package contains data describing the current ABI of the Red Hat Enterprise
|
|
|
|
|
Linux kernel, suitable for the kabi-dw tool.
|
|
|
|
|
The package contains data describing the current ABI of the EuroLinux
|
|
|
|
|
kernel, suitable for the kabi-dw tool.
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
@ -1068,9 +1084,9 @@ ApplyPatch()
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
|
|
|
|
|
if [ "${patch:0:8}" != "patch-4." ] ; then
|
|
|
|
|
if [ "${patch:0:9}" != "patch-4." ] ; then
|
|
|
|
|
echo "ERROR: Patch $patch not listed as a source patch in specfile"
|
|
|
|
|
exit 1
|
|
|
|
|
#exit 1
|
|
|
|
|
fi
|
|
|
|
|
fi 2>/dev/null
|
|
|
|
|
case "$patch" in
|
|
|
|
@ -1100,6 +1116,9 @@ mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
|
|
|
|
|
|
|
|
|
|
cd linux-%{KVERREL}
|
|
|
|
|
|
|
|
|
|
ApplyOptionalPatch debrand-single-cpu.patch
|
|
|
|
|
#ApplyOptionalPatch debrand-rh_taint.patch
|
|
|
|
|
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
|
|
|
|
ApplyOptionalPatch linux-kernel-test.patch
|
|
|
|
|
|
|
|
|
|
# END OF PATCH APPLICATIONS
|
|
|
|
@ -1752,18 +1771,18 @@ BuildKernel() {
|
|
|
|
|
|
|
|
|
|
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
|
|
|
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
|
%ifarch s390x ppc64le
|
|
|
|
|
if [ $DoModules -eq 1 ]; then
|
|
|
|
|
if [ -x /usr/bin/rpm-sign ]; then
|
|
|
|
|
install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
|
else
|
|
|
|
|
install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
|
openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
|
chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
%endif
|
|
|
|
|
# install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
|
# %ifarch s390x ppc64le
|
|
|
|
|
# if [ $DoModules -eq 1 ]; then
|
|
|
|
|
# if [ -x /usr/bin/rpm-sign ]; then
|
|
|
|
|
# install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
|
# else
|
|
|
|
|
# install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
|
# openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
|
# chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
|
|
|
|
|
# fi
|
|
|
|
|
# fi
|
|
|
|
|
# %endif
|
|
|
|
|
|
|
|
|
|
%if %{with_ipaclones}
|
|
|
|
|
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
|
|
|
|
@ -2696,6 +2715,68 @@ fi
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
%changelog
|
|
|
|
|
* Thu Nov 30 2023 EuroLinux Autopatch <devel@euro-linux.com>
|
|
|
|
|
- Added Patch: debrand-rh-i686-cpu.patch
|
|
|
|
|
--> i686 info debrand
|
|
|
|
|
- Added Patch: debrand-single-cpu.patch
|
|
|
|
|
--> Single cpu debrand
|
|
|
|
|
- Added Patch: debrand-specific-versions-of-hardware.patch
|
|
|
|
|
--> Specific versions of hardware debrand
|
|
|
|
|
|
|
|
|
|
* Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
|
|
|
|
|
- ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
|
|
|
|
|
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}
|
|
|
|
|
- block: check_events: don't bother with events if unsupported (Ming Lei) [RHEL-15052 RHEL-2407]
|
|
|
|
|
- Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (Ming Lei) [RHEL-15052 RHEL-2407]
|
|
|
|
|
- Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (Ming Lei) [RHEL-15052 RHEL-2407]
|
|
|
|
|
- block: disk_events: introduce event flags (Ming Lei) [RHEL-15052 RHEL-2407]
|
|
|
|
|
- block: genhd: remove async_events field (Ming Lei) [RHEL-15052 RHEL-2407]
|
|
|
|
|
- net: virtio_net_hdr_to_skb: count transport header in UFO (Cindy Lu) [RHEL-16332 RHEL-6030]
|
|
|
|
|
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5764 RHEL-3656]
|
|
|
|
|
|
|
|
|
|
* Thu Nov 09 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.8.1.el8_9]
|
|
|
|
|
- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15159 RHEL-7930] {CVE-2023-1192}
|
|
|
|
|
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (Florian Westphal) [RHEL-12371 RHEL-5742]
|
|
|
|
|
- sched/rt: Fix bad task migration for rt tasks (Valentin Schneider) [RHEL-11682 RHEL-3872]
|
|
|
|
|
- bpf: Fix incorrect verifier pruning due to missing register precision taints (Artem Savkov) [RHEL-13049 RHEL-7534] {CVE-2023-2163}
|
|
|
|
|
|
|
|
|
|
* Thu Nov 02 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.7.1.el8_9]
|
|
|
|
|
- sched/fair: Block nohz tick_stop when cfs bandwidth in use (Phil Auld) [RHEL-12723 RHEL-2527]
|
|
|
|
|
- sched, cgroup: Restore meaning to hierarchical_quota (Phil Auld) [RHEL-12723 RHEL-2527]
|
|
|
|
|
- sched/fair: Hide unused init_cfs_bandwidth() stub (Phil Auld) [RHEL-12723 RHEL-2527]
|
|
|
|
|
|
|
|
|
|
* Thu Oct 26 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.6.1.el8_9]
|
|
|
|
|
- redhat: fix bug/zjira sort in the changelog (Patrick Talbert)
|
|
|
|
|
- CI: Remove unused kpet_tree_family (Nikolai Kondrashov)
|
|
|
|
|
- redhat: set default zstream brew target for 8.9 (Patrick Talbert)
|
|
|
|
|
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) [RHEL-12689 RHEL-11241]
|
|
|
|
|
- rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) [RHEL-12689 RHEL-11241]
|
|
|
|
|
- rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) [RHEL-12689 RHEL-11241]
|
|
|
|
|
- rbd: move rbd_dev_refresh() definition (Ilya Dryomov) [RHEL-12689 RHEL-11241]
|
|
|
|
|
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
|
|
|
|
|
- media: dvb_ca_en50221: fix a size write bug (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
|
|
|
|
|
- media: dvb_ca_en50221: avoid speculation from CA slot (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
|
|
|
|
|
- media: dvb-core: fix epoll() by calling poll_wait first (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
|
|
|
|
|
- media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl() (Dean Nelson) [RHEL-11279 RHEL-1784] {CVE-2022-45919}
|
|
|
|
|
- iavf: schedule a request immediately after add/delete vlan (Petr Oros) [2240750 2231174]
|
|
|
|
|
- iavf: add iavf_schedule_aq_request() helper (Petr Oros) [2240750 2231174]
|
|
|
|
|
- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) [RHEL-6123 2229965]
|
|
|
|
|
- media: dvb-core: Fix use-after-free due on race condition at dvb_net (Dean Nelson) [RHEL-11248 RHEL-1842] {CVE-2022-45886}
|
|
|
|
|
- media: dvb_net: avoid speculation from net slot (Dean Nelson) [RHEL-11248 RHEL-1842] {CVE-2022-45886}
|
|
|
|
|
- mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() (Rafael Aquini) [RHEL-11588 RHEL-3652]
|
|
|
|
|
- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [RHEL-10393 RHEL-3379]
|
|
|
|
|
- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12295 RHEL-7185] {CVE-2023-3812}
|
|
|
|
|
- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-11331 RHEL-10997]
|
|
|
|
|
- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- media: dvbdev: fix refcnt bug (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- media: dvbdev: adopts refcnt to avoid UAF (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- media: dvbdev: fix error logic at dvb_register_device() (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- media: dvbdev: Fix memleak in dvb_register_device (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- media: media/dvb: Use kmemdup rather than duplicating its implementation (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- media: dvbdev: remove double-unlock (Dean Nelson) [RHEL-11271 RHEL-1841] {CVE-2022-45884}
|
|
|
|
|
- bpf: Adjust insufficient default bpf_jit_limit (Viktor Malik) [2243011 2219567]
|
|
|
|
|
- bpf: Prevent increasing bpf_jit_limit above max (Viktor Malik) [2243011 2219567]
|
|
|
|
|
|
|
|
|
|
* Fri Sep 29 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.5.1.el8_9]
|
|
|
|
|
- redhat: list Z-Jiras in the changelog before Y-Jiras (Herton R. Krzesinski)
|
|
|
|
|
- Revert "mm, meminit: recalculate pcpu batch and high limits after init completes" (Chris von Recklinghausen) [RHEL-8539]
|
|
|
|
|