diff --git a/.gitignore b/.gitignore index 0ec6f6444..49ee420a0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,7 @@ -SOURCES/kernel-abi-stablelists-5.14.0-427.33.1.el9_4.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-427.33.1.el9_4.tar.bz2 -SOURCES/linux-5.14.0-427.33.1.el9_4.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-427.35.1.el9_4.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-427.35.1.el9_4.tar.bz2 +SOURCES/linux-5.14.0-427.35.1.el9_4.tar.xz SOURCES/nvidiagpuoot001.x509 -SOURCES/olima1.x509 -SOURCES/olimaca1.x509 SOURCES/rheldup3.x509 SOURCES/rhelima.x509 SOURCES/rhelima_centos.x509 diff --git a/.kernel.metadata b/.kernel.metadata index e45e566b6..1a92c8cc6 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,4 +1,4 @@ -68bf97bf6568121d55c8dc33ed7b072b43560ddf SOURCES/kernel-abi-stablelists-5.14.0-427.33.1.el9_4.tar.bz2 -eb5e4688ec329e5f7272a7160a534a27c3462b18 SOURCES/kernel-kabi-dw-5.14.0-427.33.1.el9_4.tar.bz2 -85c884a438f0466bf166e150b6d5484f4cb97068 SOURCES/linux-5.14.0-427.33.1.el9_4.tar.xz +a9b3a7fe48a9cd65e5c222310c6be4de7fed2fb2 SOURCES/kernel-abi-stablelists-5.14.0-427.35.1.el9_4.tar.bz2 +6959196dd6f1c6e3efce688521d81fa71ecde373 SOURCES/kernel-kabi-dw-5.14.0-427.35.1.el9_4.tar.bz2 +7d681318edce705b8d77430ddc548bfc0c05f4bd SOURCES/linux-5.14.0-427.35.1.el9_4.tar.xz 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 562e0a1eb..4d9849cc2 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 4 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 427.33.1 +RHEL_RELEASE = 427.35.1 # # ZSTREAM diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 501345f52..d919389d7 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 427.33.1 +%define pkgrelease 427.35.1 %define kversion 5 -%define tarfile_release 5.14.0-427.33.1.el9_4 +%define tarfile_release 5.14.0-427.35.1.el9_4 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 427.33.1%{?buildid}%{?dist} +%define specrelease 427.35.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-427.33.1.el9_4 +%define kabiversion 5.14.0-427.35.1.el9_4 # # End of genspec.sh variables @@ -3736,6 +3736,55 @@ fi # # %changelog +* Fri Aug 30 2024 Scott Weaver [5.14.0-427.35.1.el9_4] +- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619} +- ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437] +- ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437] +- mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131} +- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102} +- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720} +- net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883} +- nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073} +- kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956] +- kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956] +- kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956] +- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956] +- kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956] +- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927} +- Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886} +- xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082} +- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875] +- nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629} +- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727] +- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727] +- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979} +- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463} +- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697] +- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697] +- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697] + +* Thu Aug 22 2024 Scott Weaver [5.14.0-427.34.1.el9_4] +- mm: prevent derefencing NULL ptr in pfn_section_valid() (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055} +- mm, kmsan: fix infinite recursion due to RCU critical section (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055} +- ppp: reject claimed-as-LCP but actually malformed packets (CKI Backport Bot) [RHEL-51061 RHEL-51059] {CVE-2024-41044} +- x86: stop playing stack games in profile_pc() (CKI Backport Bot) [RHEL-51651] {CVE-2024-42096} +- PCI/MSI: Fix UAF in msi_capability_init (CKI Backport Bot) [RHEL-51438] {CVE-2024-41096} +- iommufd: Fix missing update of domains_itree after splitting iopt_area (Jerry Snitselaar) [RHEL-42518 RHEL-28780] {CVE-2023-52801} +- mm: cachestat: fix folio read-after-free in cache walk (Nico Pache) [RHEL-41739 RHEL-5619] {CVE-2024-26630} +- regmap: maple: Fix cache corruption in regcache_maple_drop() (Jaroslav Kysela) [RHEL-43179 RHEL-39706] {CVE-2024-36019} +- mm: cachestat: fix two shmem bugs (Nico Pache) [RHEL-36912] {CVE-2024-35797} +- kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (Steve Best) [RHEL-42778 RHEL-34985] {CVE-2024-26946} +- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-43132 RHEL-37467] {CVE-2024-36000} +- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366] +- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366] +- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52675 RHEL-50366] +- gpio: tegra186: Fix tegra186_gpio_is_accessible() check (Charles Mirabile) [RHEL-49347 RHEL-32452] +- net/sched: Fix UAF when resolving a clash (CKI Backport Bot) [RHEL-51022 RHEL-51020] {CVE-2024-41040} +- KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Maxim Levitsky) [RHEL-41462 RHEL-32430] {CVE-2024-35791} +- cxl/region: Fix memregion leaks in devm_cxl_add_region() (John W. Linville) [RHEL-47965 RHEL-23582] {CVE-2024-40936} +- x86/coco: Require seeding RNG with RDRAND on CoCo systems (Lenny Szubowicz) [RHEL-42986 RHEL-37269] {CVE-2024-35875} +- scsi: qedf: Ensure the copied buf is NUL terminated (cki-backport-bot) [RHEL-44203] {CVE-2024-38559} + * Fri Aug 16 2024 Scott Weaver [5.14.0-427.33.1.el9_4] - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44287] {CVE-2024-38540} - netfilter: flowtable: validate pppoe header (Florian Westphal) [RHEL-44430 RHEL-33469] {CVE-2024-27016}