The Linux kernel
29dd6805c8
* Mon May 23 2022 Patrick Talbert <ptalbert@redhat.com> [5.14.0-97.el9]
- tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2064868] {CVE-2022-1012}
- tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2064868] {CVE-2022-1012}
- tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2064868] {CVE-2022-1012}
- tcp: add small random increments to the source port (Guillaume Nault) [2064868] {CVE-2022-1012}
- tcp: resalt the secret every 10 seconds (Guillaume Nault) [2064868] {CVE-2022-1012}
- tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2064868] {CVE-2022-1012}
- secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2064868] {CVE-2022-1012}
- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082951] {CVE-2022-27666}
- esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082951] {CVE-2022-27666}
- cifs: truncate the inode and mapping when we simulate fcollapse (Ronnie Sahlberg) [1997367]
- bpf: Fix renaming task_getsecid_subj->current_getsecid_subj. (Ondrej Mosnacek) [2083580]
- selinux: use correct type for context length (Ondrej Mosnacek) [2083580]
- selinux: drop return statement at end of void functions (Ondrej Mosnacek) [2083580]
- selinux: parse contexts for mount options early (Ondrej Mosnacek) [2083580]
- selinux: various sparse fixes (Ondrej Mosnacek) [2083580]
- selinux: try to use preparsed sid before calling parse_sid() (Ondrej Mosnacek) [2083580]
- selinux: Fix selinux_sb_mnt_opts_compat() (Ondrej Mosnacek) [2083580]
- LSM: general protection fault in legacy_parse_param (Ondrej Mosnacek) [2083580]
- selinux: fix a type cast problem in cred_init_security() (Ondrej Mosnacek) [2083580]
- selinux: drop unused macro (Ondrej Mosnacek) [2083580]
- selinux: simplify cred_init_security (Ondrej Mosnacek) [2083580]
- selinux: do not discard const qualifier in cast (Ondrej Mosnacek) [2083580]
- selinux: drop unused parameter of avtab_insert_node (Ondrej Mosnacek) [2083580]
- selinux: drop cast to same type (Ondrej Mosnacek) [2083580]
- selinux: enclose macro arguments in parenthesis (Ondrej Mosnacek) [2083580]
- selinux: declare name parameter of hash_eval const (Ondrej Mosnacek) [2083580]
- selinux: declare path parameters of _genfs_sid const (Ondrej Mosnacek) [2083580]
- selinux: check return value of sel_make_avc_files (Ondrej Mosnacek) [2083580]
- selinux: access superblock_security_struct in LSM blob way (Ondrej Mosnacek) [2083580]
- selinux: fix misuse of mutex_is_locked() (Ondrej Mosnacek) [2050966 2083580]
- selinux: minor tweaks to selinux_add_opt() (Ondrej Mosnacek) [2083580]
- selinux: fix potential memleak in selinux_add_opt() (Ondrej Mosnacek) [2083580]
- security,selinux: remove security_add_mnt_opt() (Ondrej Mosnacek) [2083580]
- selinux: Use struct_size() helper in kmalloc() (Ondrej Mosnacek) [2083580]
- lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() (Ondrej Mosnacek) [2083580]
- selinux: initialize proto variable in selinux_ip_postroute_compat() (Ondrej Mosnacek) [2083580]
- selinux: fix sleeping function called from invalid context (Ondrej Mosnacek) [2083580]
- selinux: fix a sock regression in selinux_ip_postroute_compat() (Ondrej Mosnacek) [2083580]
- LSM: Avoid warnings about potentially unused hook variables (Ondrej Mosnacek) [2083580]
- selinux: fix all of the W=1 build warnings (Ondrej Mosnacek) [2083580]
- selinux: make better use of the nf_hook_state passed to the NF hooks (Ondrej Mosnacek) [2083580]
- selinux: fix race condition when computing ocontext SIDs (Ondrej Mosnacek) [2083580]
- selinux: remove unneeded ipv6 hook wrappers (Ondrej Mosnacek) [2083580]
- security: remove unneeded subdir-$(CONFIG_...) (Ondrej Mosnacek) [2083580]
- selinux: return early for possible NULL audit buffers (Ondrej Mosnacek) [2083580]
- quota: make dquot_quota_sync return errors from ->sync_fs (Lukas Czerner) [2083053]
- redhat: Enable VM kselftests (Nico Pache) [2081818]
- selftests/vm: Makefile: s/TARGETS/VMTARGETS/g (Joel Savitz) [2081818]
- redhat: Enable HMM test to be used by the kselftest test suite (Nico Pache) [2081818]
- redhat: enable CONFIG_TEST_VMALLOC for vm selftests (Nico Pache) [2081818]
- net: bridge: switchdev: check br_vlan_group() return value (Ivan Vecera) [2081601]
- net: bridge: mst: Restrict info size queries to bridge ports (Ivan Vecera) [2081601]
- net: bridge: mst: prevent NULL deref in br_mst_info_size() (Ivan Vecera) [2081601]
- selftests: forwarding: Use same VRF for port and VLAN upper (Ivan Vecera) [2081601]
- selftests: forwarding: Disable learning before link up (Ivan Vecera) [2081601]
- net: bridge: mst: Add helper to query a port's MST state (Ivan Vecera) [2081601]
- net: bridge: mst: Add helper to check if MST is enabled (Ivan Vecera) [2081601]
- net: bridge: mst: Add helper to map an MSTI to a VID set (Ivan Vecera) [2081601]
- net: bridge: mst: Notify switchdev drivers of MST state changes (Ivan Vecera) [2081601]
- net: bridge: mst: Notify switchdev drivers of VLAN MSTI migrations (Ivan Vecera) [2081601]
- net: bridge: mst: Notify switchdev drivers of MST mode changes (Ivan Vecera) [2081601]
- net: bridge: mst: Support setting and reporting MST port states (Ivan Vecera) [2081601]
- net: bridge: mst: Allow changing a VLAN's MSTI (Ivan Vecera) [2081601]
- net: bridge: mst: Multiple Spanning Tree (MST) mode (Ivan Vecera) [2081601]
- net: switchdev: remove lag_mod_cb from switchdev_handle_fdb_event_to_device (Ivan Vecera) [2081601]
- selftests: forwarding: tests of locked port feature (Ivan Vecera) [2081601]
- net: bridge: Add support for offloading of locked port flag (Ivan Vecera) [2081601]
- net: bridge: Add support for bridge port in locked mode (Ivan Vecera) [2081601]
- net: switchdev: avoid infinite recursion from LAG to bridge with port object handler (Ivan Vecera) [2081601]
- bridge: switch br_net_exit to batch mode (Ivan Vecera) [2081601]
- net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled (Ivan Vecera) [2081601]
- net: switchdev: introduce switchdev_handle_port_obj_{add,del} for foreign interfaces (Ivan Vecera) [2081601]
- net: switchdev: rename switchdev_lower_dev_find to switchdev_lower_dev_find_rcu (Ivan Vecera) [2081601]
- net: bridge: switchdev: replay all VLAN groups (Ivan Vecera) [2081601]
- net: bridge: make nbp_switchdev_unsync_objs() follow reverse order of sync() (Ivan Vecera) [2081601]
- net: bridge: switchdev: differentiate new VLANs from changed ones (Ivan Vecera) [2081601]
- net: bridge: vlan: notify switchdev only when something changed (Ivan Vecera) [2081601]
- net: bridge: vlan: make __vlan_add_flags react only to PVID and UNTAGGED (Ivan Vecera) [2081601]
- net: bridge: vlan: don't notify to switchdev master VLANs without BRENTRY flag (Ivan Vecera) [2081601]
- net: bridge: vlan: check early for lack of BRENTRY flag in br_vlan_add_existing (Ivan Vecera) [2081601]
- net: bridge: vlan: check for errors from __vlan_del in __vlan_flush (Ivan Vecera) [2081601]
- net/switchdev: use struct_size over open coded arithmetic (Ivan Vecera) [2081601]
- net: bridge: vlan: fix memory leak in __allowed_ingress (Ivan Vecera) [2081601]
- net: bridge: vlan: fix single net device option dumping (Ivan Vecera) [2081601]
- net: bridge: Get SIOCGIFBR/SIOCSIFBR ioctl working in compat mode (Ivan Vecera) [2081601]
- bridge: use __set_bit in __br_vlan_set_default_pvid (Ivan Vecera) [2081601]
- net: bridge: Allow base 16 inputs in sysfs (Ivan Vecera) [2081601]
- net/bridge: replace simple_strtoul to kstrtol (Ivan Vecera) [2081601]
- net: bridge: Slightly optimize 'find_portno()' (Ivan Vecera) [2081601]
- net: bridge: switchdev: fix shim definition for br_switchdev_mdb_notify (Ivan Vecera) [2081601]
- net: bridge: switchdev: consistent function naming (Ivan Vecera) [2081601]
- net: bridge: mdb: move all switchdev logic to br_switchdev.c (Ivan Vecera) [2081601]
- net: bridge: split out the switchdev portion of br_mdb_notify (Ivan Vecera) [2081601]
- net: bridge: move br_vlan_replay to br_switchdev.c (Ivan Vecera) [2081601]
- net: bridge: provide shim definition for br_vlan_flags (Ivan Vecera) [2081601]
- net: switchdev: merge switchdev_handle_fdb_{add,del}_to_device (Ivan Vecera) [2081601]
- net: bridge: create a common function for populating switchdev FDB entries (Ivan Vecera) [2081601]
- net: bridge: move br_fdb_replay inside br_switchdev.c (Ivan Vecera) [2081601]
- net: bridge: reduce indentation level in fdb_create (Ivan Vecera) [2081601]
- net: bridge: rename br_fdb_insert to br_fdb_add_local (Ivan Vecera) [2081601]
- net: bridge: rename fdb_insert to fdb_add_local (Ivan Vecera) [2081601]
- net: bridge: remove fdb_insert forward declaration (Ivan Vecera) [2081601]
- net: bridge: remove fdb_notify forward declaration (Ivan Vecera) [2081601]
- scsi: ses: Fix unsigned comparison with less than zero (Tomas Henzl) [2065658]
- scsi: ses: Retry failed Send/Receive Diagnostic commands (Tomas Henzl) [2065658]
- redhat/configs: enable GUP_TEST in debug kernel (Joel Savitz) [2079631]
Resolves: rhbz#2064868, rhbz#2082951, rhbz#1997367, rhbz#2083580, rhbz#2050966, rhbz#2083053, rhbz#2081818, rhbz#2081601, rhbz#2065658, rhbz#2079631
Signed-off-by: Patrick Talbert <ptalbert@redhat.com>
|
||
|---|---|---|
| .gitignore | ||
| check-kabi | ||
| cpupower.config | ||
| cpupower.service | ||
| filter-aarch64.sh.rhel | ||
| filter-armv7hl.sh.rhel | ||
| filter-i686.sh.rhel | ||
| filter-modules.sh.rhel | ||
| filter-ppc64le.sh.rhel | ||
| filter-s390x.sh.rhel | ||
| filter-x86_64.sh.rhel | ||
| gating.yaml | ||
| generate_all_configs.sh | ||
| kernel-aarch64-debug-rhel.config | ||
| kernel-aarch64-rhel.config | ||
| kernel-local | ||
| kernel-ppc64le-debug-rhel.config | ||
| kernel-ppc64le-rhel.config | ||
| kernel-s390x-debug-rhel.config | ||
| kernel-s390x-rhel.config | ||
| kernel-s390x-zfcpdump-rhel.config | ||
| kernel-x86_64-debug-rhel.config | ||
| kernel-x86_64-rhel.config | ||
| kernel.spec | ||
| kvm_stat.logrotate | ||
| linux-kernel-test.patch | ||
| Makefile.rhelver | ||
| merge.pl | ||
| mod-denylist.sh | ||
| mod-extra.list.rhel | ||
| mod-internal.list | ||
| mod-sign.sh | ||
| Module.kabi_aarch64 | ||
| Module.kabi_dup_aarch64 | ||
| Module.kabi_dup_ppc64le | ||
| Module.kabi_dup_s390x | ||
| Module.kabi_dup_x86_64 | ||
| Module.kabi_ppc64le | ||
| Module.kabi_s390x | ||
| Module.kabi_x86_64 | ||
| parallel_xz.sh | ||
| partial-kgcov-snip.config | ||
| patch-5.14.0-redhat.patch | ||
| process_configs.sh | ||
| README.rst | ||
| rheldup3.x509 | ||
| rhelkpatch1.x509 | ||
| rpminspect.yaml | ||
| sources | ||
| update_scripts.sh | ||
| x509.genkey.centos | ||
| x509.genkey.rhel | ||
=================== The Kernel dist-git =================== The kernel is maintained in a `source tree`_ rather than directly in dist-git. The specfile is maintained as a `template`_ in the source tree along with a set of build scripts to generate configurations, (S)RPMs, and to populate the dist-git repository. The `documentation`_ for the source tree covers how to contribute and maintain the tree. If you're looking for the downstream patch set it's available in the source tree with "git log master..ark-patches" or `online`_. Each release in dist-git is tagged in the source repository so you can easily check out the source tree for a build. The tags are in the format name-version-release, but note release doesn't contain the dist tag since the source can be built in different build roots (Fedora, CentOS, etc.) .. _source tree: https://gitlab.com/cki-project/kernel-ark.git .. _template: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/redhat/kernel.spec.template .. _documentation: https://gitlab.com/cki-project/kernel-ark/-/wikis/home .. _online: https://gitlab.com/cki-project/kernel-ark/-/commits/ark-patches