2c4d844352
7 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Patrick Talbert
|
29dd6805c8 |
kernel-5.14.0-97.el9
* Mon May 23 2022 Patrick Talbert <ptalbert@redhat.com> [5.14.0-97.el9] - tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2064868] {CVE-2022-1012} - tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2064868] {CVE-2022-1012} - tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2064868] {CVE-2022-1012} - tcp: add small random increments to the source port (Guillaume Nault) [2064868] {CVE-2022-1012} - tcp: resalt the secret every 10 seconds (Guillaume Nault) [2064868] {CVE-2022-1012} - tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2064868] {CVE-2022-1012} - secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2064868] {CVE-2022-1012} - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082951] {CVE-2022-27666} - esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082951] {CVE-2022-27666} - cifs: truncate the inode and mapping when we simulate fcollapse (Ronnie Sahlberg) [1997367] - bpf: Fix renaming task_getsecid_subj->current_getsecid_subj. (Ondrej Mosnacek) [2083580] - selinux: use correct type for context length (Ondrej Mosnacek) [2083580] - selinux: drop return statement at end of void functions (Ondrej Mosnacek) [2083580] - selinux: parse contexts for mount options early (Ondrej Mosnacek) [2083580] - selinux: various sparse fixes (Ondrej Mosnacek) [2083580] - selinux: try to use preparsed sid before calling parse_sid() (Ondrej Mosnacek) [2083580] - selinux: Fix selinux_sb_mnt_opts_compat() (Ondrej Mosnacek) [2083580] - LSM: general protection fault in legacy_parse_param (Ondrej Mosnacek) [2083580] - selinux: fix a type cast problem in cred_init_security() (Ondrej Mosnacek) [2083580] - selinux: drop unused macro (Ondrej Mosnacek) [2083580] - selinux: simplify cred_init_security (Ondrej Mosnacek) [2083580] - selinux: do not discard const qualifier in cast (Ondrej Mosnacek) [2083580] - selinux: drop unused parameter of avtab_insert_node (Ondrej Mosnacek) [2083580] - selinux: drop cast to same type (Ondrej Mosnacek) [2083580] - selinux: enclose macro arguments in parenthesis (Ondrej Mosnacek) [2083580] - selinux: declare name parameter of hash_eval const (Ondrej Mosnacek) [2083580] - selinux: declare path parameters of _genfs_sid const (Ondrej Mosnacek) [2083580] - selinux: check return value of sel_make_avc_files (Ondrej Mosnacek) [2083580] - selinux: access superblock_security_struct in LSM blob way (Ondrej Mosnacek) [2083580] - selinux: fix misuse of mutex_is_locked() (Ondrej Mosnacek) [2050966 2083580] - selinux: minor tweaks to selinux_add_opt() (Ondrej Mosnacek) [2083580] - selinux: fix potential memleak in selinux_add_opt() (Ondrej Mosnacek) [2083580] - security,selinux: remove security_add_mnt_opt() (Ondrej Mosnacek) [2083580] - selinux: Use struct_size() helper in kmalloc() (Ondrej Mosnacek) [2083580] - lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() (Ondrej Mosnacek) [2083580] - selinux: initialize proto variable in selinux_ip_postroute_compat() (Ondrej Mosnacek) [2083580] - selinux: fix sleeping function called from invalid context (Ondrej Mosnacek) [2083580] - selinux: fix a sock regression in selinux_ip_postroute_compat() (Ondrej Mosnacek) [2083580] - LSM: Avoid warnings about potentially unused hook variables (Ondrej Mosnacek) [2083580] - selinux: fix all of the W=1 build warnings (Ondrej Mosnacek) [2083580] - selinux: make better use of the nf_hook_state passed to the NF hooks (Ondrej Mosnacek) [2083580] - selinux: fix race condition when computing ocontext SIDs (Ondrej Mosnacek) [2083580] - selinux: remove unneeded ipv6 hook wrappers (Ondrej Mosnacek) [2083580] - security: remove unneeded subdir-$(CONFIG_...) (Ondrej Mosnacek) [2083580] - selinux: return early for possible NULL audit buffers (Ondrej Mosnacek) [2083580] - quota: make dquot_quota_sync return errors from ->sync_fs (Lukas Czerner) [2083053] - redhat: Enable VM kselftests (Nico Pache) [2081818] - selftests/vm: Makefile: s/TARGETS/VMTARGETS/g (Joel Savitz) [2081818] - redhat: Enable HMM test to be used by the kselftest test suite (Nico Pache) [2081818] - redhat: enable CONFIG_TEST_VMALLOC for vm selftests (Nico Pache) [2081818] - net: bridge: switchdev: check br_vlan_group() return value (Ivan Vecera) [2081601] - net: bridge: mst: Restrict info size queries to bridge ports (Ivan Vecera) [2081601] - net: bridge: mst: prevent NULL deref in br_mst_info_size() (Ivan Vecera) [2081601] - selftests: forwarding: Use same VRF for port and VLAN upper (Ivan Vecera) [2081601] - selftests: forwarding: Disable learning before link up (Ivan Vecera) [2081601] - net: bridge: mst: Add helper to query a port's MST state (Ivan Vecera) [2081601] - net: bridge: mst: Add helper to check if MST is enabled (Ivan Vecera) [2081601] - net: bridge: mst: Add helper to map an MSTI to a VID set (Ivan Vecera) [2081601] - net: bridge: mst: Notify switchdev drivers of MST state changes (Ivan Vecera) [2081601] - net: bridge: mst: Notify switchdev drivers of VLAN MSTI migrations (Ivan Vecera) [2081601] - net: bridge: mst: Notify switchdev drivers of MST mode changes (Ivan Vecera) [2081601] - net: bridge: mst: Support setting and reporting MST port states (Ivan Vecera) [2081601] - net: bridge: mst: Allow changing a VLAN's MSTI (Ivan Vecera) [2081601] - net: bridge: mst: Multiple Spanning Tree (MST) mode (Ivan Vecera) [2081601] - net: switchdev: remove lag_mod_cb from switchdev_handle_fdb_event_to_device (Ivan Vecera) [2081601] - selftests: forwarding: tests of locked port feature (Ivan Vecera) [2081601] - net: bridge: Add support for offloading of locked port flag (Ivan Vecera) [2081601] - net: bridge: Add support for bridge port in locked mode (Ivan Vecera) [2081601] - net: switchdev: avoid infinite recursion from LAG to bridge with port object handler (Ivan Vecera) [2081601] - bridge: switch br_net_exit to batch mode (Ivan Vecera) [2081601] - net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled (Ivan Vecera) [2081601] - net: switchdev: introduce switchdev_handle_port_obj_{add,del} for foreign interfaces (Ivan Vecera) [2081601] - net: switchdev: rename switchdev_lower_dev_find to switchdev_lower_dev_find_rcu (Ivan Vecera) [2081601] - net: bridge: switchdev: replay all VLAN groups (Ivan Vecera) [2081601] - net: bridge: make nbp_switchdev_unsync_objs() follow reverse order of sync() (Ivan Vecera) [2081601] - net: bridge: switchdev: differentiate new VLANs from changed ones (Ivan Vecera) [2081601] - net: bridge: vlan: notify switchdev only when something changed (Ivan Vecera) [2081601] - net: bridge: vlan: make __vlan_add_flags react only to PVID and UNTAGGED (Ivan Vecera) [2081601] - net: bridge: vlan: don't notify to switchdev master VLANs without BRENTRY flag (Ivan Vecera) [2081601] - net: bridge: vlan: check early for lack of BRENTRY flag in br_vlan_add_existing (Ivan Vecera) [2081601] - net: bridge: vlan: check for errors from __vlan_del in __vlan_flush (Ivan Vecera) [2081601] - net/switchdev: use struct_size over open coded arithmetic (Ivan Vecera) [2081601] - net: bridge: vlan: fix memory leak in __allowed_ingress (Ivan Vecera) [2081601] - net: bridge: vlan: fix single net device option dumping (Ivan Vecera) [2081601] - net: bridge: Get SIOCGIFBR/SIOCSIFBR ioctl working in compat mode (Ivan Vecera) [2081601] - bridge: use __set_bit in __br_vlan_set_default_pvid (Ivan Vecera) [2081601] - net: bridge: Allow base 16 inputs in sysfs (Ivan Vecera) [2081601] - net/bridge: replace simple_strtoul to kstrtol (Ivan Vecera) [2081601] - net: bridge: Slightly optimize 'find_portno()' (Ivan Vecera) [2081601] - net: bridge: switchdev: fix shim definition for br_switchdev_mdb_notify (Ivan Vecera) [2081601] - net: bridge: switchdev: consistent function naming (Ivan Vecera) [2081601] - net: bridge: mdb: move all switchdev logic to br_switchdev.c (Ivan Vecera) [2081601] - net: bridge: split out the switchdev portion of br_mdb_notify (Ivan Vecera) [2081601] - net: bridge: move br_vlan_replay to br_switchdev.c (Ivan Vecera) [2081601] - net: bridge: provide shim definition for br_vlan_flags (Ivan Vecera) [2081601] - net: switchdev: merge switchdev_handle_fdb_{add,del}_to_device (Ivan Vecera) [2081601] - net: bridge: create a common function for populating switchdev FDB entries (Ivan Vecera) [2081601] - net: bridge: move br_fdb_replay inside br_switchdev.c (Ivan Vecera) [2081601] - net: bridge: reduce indentation level in fdb_create (Ivan Vecera) [2081601] - net: bridge: rename br_fdb_insert to br_fdb_add_local (Ivan Vecera) [2081601] - net: bridge: rename fdb_insert to fdb_add_local (Ivan Vecera) [2081601] - net: bridge: remove fdb_insert forward declaration (Ivan Vecera) [2081601] - net: bridge: remove fdb_notify forward declaration (Ivan Vecera) [2081601] - scsi: ses: Fix unsigned comparison with less than zero (Tomas Henzl) [2065658] - scsi: ses: Retry failed Send/Receive Diagnostic commands (Tomas Henzl) [2065658] - redhat/configs: enable GUP_TEST in debug kernel (Joel Savitz) [2079631] Resolves: rhbz#2064868, rhbz#2082951, rhbz#1997367, rhbz#2083580, rhbz#2050966, rhbz#2083053, rhbz#2081818, rhbz#2081601, rhbz#2065658, rhbz#2079631 Signed-off-by: Patrick Talbert <ptalbert@redhat.com> |
||
Patrick Talbert
|
002af5cc9d |
kernel-5.14.0-80.el9
* Thu Apr 21 2022 Patrick Talbert <ptalbert@redhat.com> [5.14.0-80.el9] - redhat: disable uncommon media device infrastructure (Jarod Wilson) [2074598] - netfilter: nf_tables: unregister flowtable hooks on netns exit (Florian Westphal) [2056869] - netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056869] {CVE-2022-25636} - netfilter: nf_tables: validate registers coming from userspace. (Phil Sutter) [2065350] {CVE-2022-1015} - scsi: qedi: Fix failed disconnect handling (Chris Leech) [2071524] - scsi: iscsi: Fix unbound endpoint error handling (Chris Leech) [2071524] - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (Chris Leech) [2071524] - scsi: iscsi: Fix endpoint reuse regression (Chris Leech) [2071524] - scsi: iscsi: Release endpoint ID when its freed (Chris Leech) [2071524] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2071524] - Revert "scsi: iscsi: Fix offload conn cleanup when iscsid restarts" (Chris Leech) [2071524] - scsi: iscsi: Speed up session unblocking and removal (Chris Leech) [2071524] - scsi: iscsi: Fix recovery and unblocking race (Chris Leech) [2071524] - scsi: qedi: Fix cmd_cleanup_cmpl counter mismatch issue (Chris Leech) [2071524] - scsi: iscsi: Unblock session then wake up error handler (Chris Leech) [2071524] - scsi: iscsi: Fix set_param() handling (Chris Leech) [2071524] - scsi: iscsi: Fix iscsi_task use after free (Chris Leech) [2071524] - scsi: iscsi: Adjust iface sysfs attr detection (Chris Leech) [2071524] - scsi: qedi: Add support for fastpath doorbell recovery (Chris Leech) [2071524] - redhat: Enable KASAN on all ELN debug kernels (Nico Pache) [1995251] - sched/topology: Remove redundant variable and fix incorrect type in build_sched_domains (Phil Auld) [2065198] - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (Phil Auld) [2065198] - sched/fair: Improve consistency of allowed NUMA balance calculations (Phil Auld) [2065198] - redhat/configs: Enable CONFIG_RCU_SCALE_TEST & CONFIG_RCU_REF_SCALE_TEST (Waiman Long) [2070740] - thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL (David Arcari) [2039995] - thermal: int340x: Use struct_group() for memcpy() region (David Arcari) [2039995] - thermal: int340x: Limit Kconfig to 64-bit (David Arcari) [2039995] - thermal: int340x: fix build on 32-bit targets (David Arcari) [2039995 2040066] - thermal/drivers/int340x: processor_thermal: Suppot 64 bit RFIM responses (David Arcari) [2039995 2040066] - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (David Arcari) [2039995] - thermal: int340x: delete bogus length check (David Arcari) [2039995] - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (David Arcari) [2039995] - thermal/drivers/int340x: Use IMOK independently (David Arcari) [2039995] - stddef: Introduce struct_group() helper macro (David Arcari) [2039995] - gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2031240] - gfs2: Make use of list_is_first (Andreas Gruenbacher) [2031240] - gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2031240] - gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2031240] - gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2031240] - gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2031240] - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2031240] Resolves: rhbz#2040066, rhbz#1995251, rhbz#2070740, rhbz#2031240, rhbz#2039995, rhbz#2065198 Signed-off-by: Patrick Talbert <ptalbert@redhat.com> |
||
Herton R. Krzesinski
|
71e48f8409 |
kernel-5.14.0-62.el9
* Wed Feb 16 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-62.el9] - ibmvnic: remove unused defines (Diego Domingos) [2047921] - ibmvnic: Update driver return codes (Diego Domingos) [2047921] - powerpc/fadump: opt out from freeing pages on cma activation failure (Diego Domingos) [2040289] - mm/cma: provide option to opt out from exposing pages on activation failure (Diego Domingos) [2040289] - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (Vitaly Kuznetsov) [2052908] - rcu: Tighten rcu_advance_cbs_nowake() checks (Daniel Vacek) [2026991] - redhat/configs: Disable CONFIG_MACINTOSH_DRIVERS (Prarit Bhargava) [2053028] - ibmvnic: remove unused ->wait_capability (Diego Domingos) [2047928] - ibmvnic: don't spin in tasklet (Diego Domingos) [2047928] - ibmvnic: init ->running_cap_crqs early (Diego Domingos) [2047928] - ibmvnic: Allow extra failures before disabling (Diego Domingos) [2047928] - s390/pv: fix the forcing of the swiotlb (Thomas Huth) [2051581] - scsi: vmw_pvscsi: Set residual data length conditionally (Cathy Avery) [2048178] - selinux: fix double free of cond_list on error paths (Ondrej Mosnacek) [2052439] - selinux: fix NULL-pointer dereference when hashtab allocation fails (Ondrej Mosnacek) [2052436] - isdn: cpai: check ctr->cnr to avoid array index out of bound (Chris von Recklinghausen) [2016492] {CVE-2021-43389} - mm/hwpoison: fix unpoison_memory() (Aristeu Rozanski) [1972220] - mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE (Aristeu Rozanski) [1972220] - mm/hwpoison: mf_mutex for soft offline and unpoison (Aristeu Rozanski) [1972220] - mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() (Aristeu Rozanski) [1972220] - mm, hwpoison: fix condition in free hugetlb page path (Aristeu Rozanski) [1972220] - filemap: remove PageHWPoison check from next_uptodate_page() (Aristeu Rozanski) [1972220] - mm: hwpoison: handle non-anonymous THP correctly (Aristeu Rozanski) [1972220] - mm: hwpoison: refactor refcount check handling (Aristeu Rozanski) [1972220] - mm: filemap: coding style cleanup for filemap_map_pmd() (Aristeu Rozanski) [1972220] - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) [2031648] - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) [2006606] - redhat/configs: Enable CONFIG_TEST_BPF (Viktor Malik) [2035168] - ext4: fix potential NULL pointer dereference in ext4_fill_super() (Lukas Czerner) [2051466] - netfilter: ipset: Emit deprecation warning at set creation time (Phil Sutter) [2048194] - redhat: move CONFIG_ARM64_MTE to aarch64 config directory (Herton R. Krzesinski) - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (Waiman Long) [1996015] - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (Waiman Long) [1996015] - net ticp:fix a kernel-infoleak in __tipc_sendmsg() (Xin Long) [2050039] - tipc: discard MSG_CRYPTO msgs when key_exchange_enabled is not set (Xin Long) [2050039] - tipc: delete the unlikely branch in tipc_aead_encrypt (Xin Long) [2050039] - blktrace: switch trace spinlock to a raw spinlock (Wander Lairson Costa) [2047971] - NFSv4.1: handle NFS4ERR_NOSPC by CREATE_SESSION (Steve Dickson) [2027447] - igb: fix deadlock caused by taking RTNL in RPM resume path (Corinna Vinschen) [2040312] - igb: Fix removal of unicast MAC filters of VFs (Corinna Vinschen) [2040312] - igb: fix netpoll exit with traffic (Corinna Vinschen) [2040312] - igb: unbreak I2C bit-banging on i350 (Corinna Vinschen) [2040312] - igb: Avoid memcpy() over-reading of ETH_SS_STATS (Corinna Vinschen) [2040312] - igb: Add counter to i21x doublecheck (Corinna Vinschen) [2040312] - net: create netdev->dev_addr assignment helpers (Josef Oskera) [2030720] Resolves: rhbz#1972220, rhbz#1996015, rhbz#2006606, rhbz#2016492, rhbz#2026991, rhbz#2027447, rhbz#2030720, rhbz#2031648, rhbz#2035168, rhbz#2040289, rhbz#2040312, rhbz#2047921, rhbz#2047928, rhbz#2047971, rhbz#2048178, rhbz#2048194, rhbz#2050039, rhbz#2051466, rhbz#2051581, rhbz#2052436, rhbz#2052439, rhbz#2052908, rhbz#2053028 Signed-off-by: Herton R. Krzesinski <herton@redhat.com> |
||
Herton R. Krzesinski
|
506bbf5517 |
kernel-5.14.0-61.el9
* Wed Feb 16 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-61.el9] - Enable KUNIT tests for redhat kernel-modules-internal (Nico Pache) [2048326] - kasan: test: fix compatibility with FORTIFY_SOURCE (Nico Pache) [2048326] - kasan: test: silence intentional read overflow warnings (Nico Pache) [2048326] - kasan: test: bypass __alloc_size checks (Nico Pache) [2048326] - mm/damon/vaddr-test: split a test function having >1024 bytes frame size (Nico Pache) [2048326] - lib: Introduce CONFIG_MEMCPY_KUNIT_TEST (Nico Pache) [2048326] - nvme-rdma: fix possible use-after-free in transport error_recovery work (Chris Leech) [1994618 2033414] - nvme-tcp: fix possible use-after-free in transport error_recovery work (Chris Leech) [1994618 2033414] - nvme: fix a possible use-after-free in controller reset during load (Chris Leech) [1994618 2033414] - redhat/configs: enable CONFIG_CMA on aarch64 as tech-preview (David Hildenbrand) [2043141] - redhat/configs: simplify CONFIG_CMA_AREAS (David Hildenbrand) [2043141] - redhat/configs: simplify CONFIG_CMA_DEBUG (David Hildenbrand) [2043141] - redhat/configs: simplify CONFIG_CMA_DEBUGFS (David Hildenbrand) [2043141] - bpf: Fix kernel address leakage in atomic fetch (Jiri Olsa) [2046636] {CVE-2021-4203} - IB/rdmavt: Validate remote_addr during loopback atomic tests (Kamal Heib) [2032114] - [s390] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Mete Durlu) [2049016] - [s390] s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (Mete Durlu) [2048979] - [s390] s390/cpumf: Support for CPU Measurement Facility CSVN 7 (Mete Durlu) [2048979] - net: openvswitch: Fix ct_state nat flags for conns arriving from tc (Antoine Tenart) [2045048] - net: openvswitch: Fix matching zone id for invalid conns arriving from tc (Antoine Tenart) [2045048] - net/sched: flow_dissector: Fix matching on zone id for invalid conns (Antoine Tenart) [2045048] - net/sched: Extend qdisc control block with tc control block (Antoine Tenart) [2045048] - openvswitch: fix sparse warning incorrect type (Antoine Tenart) [2045048] - openvswitch: fix alignment issues (Antoine Tenart) [2045048] - openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Antoine Tenart) [2045048] - openvswitch: Introduce per-cpu upcall dispatch (Antoine Tenart) [2045048] - netfilter: fix regression in looped (broad|multi)cast's MAC handling (Florian Westphal) [2044272] - selftests: nft_concat_range: add test for reload with no element add/del (Florian Westphal) [2044272] - selftests: netfilter: Add correctness test for mac,net set type (Florian Westphal) [2044272] - netfilter: conntrack: don't increment invalid counter on NF_REPEAT (Florian Westphal) [2044272] - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (Florian Westphal) [2044272] - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Florian Westphal) [2044272] - netfilter: bridge: add support for pppoe filtering (Florian Westphal) [2044272] - netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() (Florian Westphal) [2044272] - netfilter: conntrack: annotate data-races around ct->timeout (Florian Westphal) [2044272] - netfilter: nft_exthdr: break evaluation if setting TCP option fails (Florian Westphal) [2044272] - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (Florian Westphal) [2044272] - tracing: Tag trace_percpu_buffer as a percpu pointer (Jerome Marchand) [2035164] - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Jerome Marchand) [2035164] - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (Chris von Recklinghausen) [2035768] {CVE-2021-4197} - selftests: cgroup: Test open-time credential usage for migration checks (Chris von Recklinghausen) [2035768] {CVE-2021-4197} - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (Chris von Recklinghausen) [2035768] {CVE-2021-4197} - cgroup: Use open-time cgroup namespace for process migration perm checks (Chris von Recklinghausen) [2035768] {CVE-2021-4197} - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (Chris von Recklinghausen) [2035768] {CVE-2021-4197} - cgroup: Use open-time credentials for process migraton perm checks (Chris von Recklinghausen) [2035768] {CVE-2021-4197} - x86/sched: Decrease further the priorities of SMT siblings (Prarit Bhargava) [1971926] Resolves: rhbz#1971926, rhbz#1994618, rhbz#2032114, rhbz#2033414, rhbz#2035164, rhbz#2035768, rhbz#2043141, rhbz#2044272, rhbz#2045048, rhbz#2046636, rhbz#2048326, rhbz#2048979, rhbz#2049016 Signed-off-by: Herton R. Krzesinski <herton@redhat.com> |
||
Herton R. Krzesinski
|
819faa16a9 |
kernel-5.12.0-0.rc8.193.el9
* Thu Apr 22 2021 Herton R. Krzesinski <herton@redhat.com> [5.12.0-0.rc8.193] - v5.12-rc8-1-g7af08140979a rebase - Replace /usr/libexec/platform-python with /usr/bin/python3 (David Ward) - Turn off ADI_AXI_ADC and AD9467 which now require CONFIG_OF (Justin M. Forbes) - Export ark infrastructure files (Don Zickus) - docs: Update docs to reflect newer workflow. (Don Zickus) - Use upstream/master for merge-base with fallback to master (Don Zickus) - Fedora: Turn off the SND_INTEL_BYT_PREFER_SOF option (Hans de Goede) - filter-modules.sh.fedora: clean up "netprots" (Paul Bolle) - filter-modules.sh.fedora: clean up "scsidrvs" (Paul Bolle) - filter-*.sh.fedora: clean up "ethdrvs" (Paul Bolle) - filter-*.sh.fedora: clean up "driverdirs" (Paul Bolle) - filter-*.sh.fedora: remove incorrect entries (Paul Bolle) - filter-*.sh.fedora: clean up "singlemods" (Paul Bolle) - filter-modules.sh.fedora: drop unused list "iiodrvs" (Paul Bolle) - Update mod-internal to fix depmod issue (Nico Pache) - Turn on CONFIG_VDPA_SIM_NET (rhbz 1942343) (Justin M. Forbes) - New configs in drivers/power (Fedora Kernel Team) - Turn on CONFIG_NOUVEAU_DEBUG_PUSH for debug configs (Justin M. Forbes) - Turn off KFENCE sampling by default for Fedora (Justin M. Forbes) - Fedora config updates round 2 (Justin M. Forbes) - New configs in drivers/soc (Jeremy Cline) - filter-modules.sh: Fix copy/paste error 'input' (Paul Bolle) - Update module filtering for 5.12 kernels (Justin M. Forbes) - Fix genlog.py to ensure that comments retain "%%" characters. (Mark Mielke) - New configs in drivers/leds (Fedora Kernel Team) - Limit CONFIG_USB_CDNS_SUPPORT to x86_64 and arm in Fedora (David Ward) - Fedora: Enable CHARGER_GPIO on aarch64 too (Peter Robinson) - Fedora config updates (Justin M. Forbes) - wireguard: mark as Tech Preview (Hangbin Liu) [1613522] - configs: enable CONFIG_WIREGUARD in ARK (Hangbin Liu) [1613522] - Remove duplicate configs acroos fedora, ark and common (Don Zickus) - Combine duplicate configs across ark and fedora into common (Don Zickus) - common/ark: cleanup and unify the parport configs (Peter Robinson) - iommu/vt-d: enable INTEL_IDXD_SVM for both fedora and rhel (Jerry Snitselaar) - REDHAT: coresight: etm4x: Disable coresight on HPE Apollo 70 (Jeremy Linton) - configs/common/generic: disable CONFIG_SLAB_MERGE_DEFAULT (Rafael Aquini) - Remove _legacy_common_support (Justin M. Forbes) - redhat/mod-blacklist.sh: Fix floppy blacklisting (Hans de Goede) Resolves: rhbz#1613522 Signed-off-by: Herton R. Krzesinski <herton@redhat.com> |
||
Herton R. Krzesinski
|
49962f1221 |
kernel-5.11.0-0.rc5.134.el9
* Mon Jan 25 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.11.0-0.rc5.134] - v5.11-rc5 rebase - Fedora 5.11 config updates part 4 ("Justin M. Forbes") - Fedora 5.11 config updates part 3 ("Justin M. Forbes") - Fedora 5.11 config updates part 2 ("Justin M. Forbes") - Update internal (test) module list from RHEL-8 (Joe Lawrence) [1915073] Signed-off-by: Herton R. Krzesinski <herton@redhat.com> |
||
Petr Šabata
|
6a4fc7e052 |
RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/kernel#351b480089e439ed4f8da85787b1b002d1b53a62 |