591487e9cc
* Tue Aug 13 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-497.el9]
- Add amd-pstate-ut to the mod-internal.list (David Arcari) [RHEL-53955]
- firmware: cs_dsp: Return error if block header overflows file (David Arcari) [RHEL-53650] {CVE-2024-42238}
- mm: prevent derefencing NULL ptr in pfn_section_valid() (Audra Mitchell) [RHEL-51138] {CVE-2024-41055}
- mm, kmsan: fix infinite recursion due to RCU critical section (Audra Mitchell) [RHEL-51138] {CVE-2024-41055}
- netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51046] {CVE-2024-41042}
- netfilter: nf_tables: allow loop termination for pending fatal signal (Phil Sutter) [RHEL-51046]
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter) [RHEL-51522] {CVE-2024-42070}
- netfilter: nft_inner: validate mandatory meta and payload (Phil Sutter) [RHEL-47486] {CVE-2024-39504}
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47616] {CVE-2024-39503}
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter) [RHEL-47616] {CVE-2024-39503}
- netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47616] {CVE-2024-39503}
- qed/qede: Fix scheduling while atomic (John Meneghini) [RHEL-9751]
- cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (Pavel Reichl) [RHEL-51157] {CVE-2024-41057}
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (Pavel Reichl) [RHEL-51163] {CVE-2024-41058}
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (Pavel Reichl) [RHEL-51157 RHEL-51163]
- nvme-fabrics: use reserved tag for reg read/write command (CKI Backport Bot) [RHEL-51357] {CVE-2024-41082}
- nvmet: always initialize cqe.result (Maurizio Lombardi) [RHEL-51334 RHEL-51335] {CVE-2024-41079}
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (Maurizio Lombardi) [RHEL-52019 RHEL-52020] {CVE-2024-42152}
- NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-52083] {CVE-2024-41076}
- xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50885] {CVE-2024-41013}
- xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50862] {CVE-2024-41014}
- tcp: avoid too many retransmit packets (Florian Westphal) [RHEL-48637] {CVE-2024-41007}
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Florian Westphal) [RHEL-48637]
- nfs: handle error of rpc_proc_register() in init_nfs_fs() (Scott Mayhew) [RHEL-39906] {CVE-2024-36939}
- mm/page_table_check: fix crash on ZONE_DEVICE (Chris von Recklinghausen) [RHEL-48052] {CVE-2024-40948}
- net: asix: add proper error handling of usb read errors (Ken Cox) [RHEL-28110] {CVE-2021-47101}
- asix: fix uninit-value in asix_mdio_read() (Ken Cox) [RHEL-28110] {CVE-2021-47101}
Resolves: RHEL-28110, RHEL-39906, RHEL-47486, RHEL-47616, RHEL-48052, RHEL-48637, RHEL-50862, RHEL-50885, RHEL-51046, RHEL-51138, RHEL-51157, RHEL-51163, RHEL-51334, RHEL-51335, RHEL-51357, RHEL-51522, RHEL-52019, RHEL-52020, RHEL-52083, RHEL-53650, RHEL-53955, RHEL-9751
Signed-off-by: Lucas Zampieri <lzampier@redhat.com>
68 lines
2.3 KiB
Makefile
68 lines
2.3 KiB
Makefile
RHEL_MAJOR = 9
|
|
RHEL_MINOR = 5
|
|
|
|
#
|
|
# RHEL_RELEASE
|
|
# -------------
|
|
#
|
|
# Represents build number in 'release' part of RPM's name-version-release.
|
|
# name is <package_name>, e.g. kernel
|
|
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
|
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
RHEL_RELEASE = 497
|
|
|
|
#
|
|
# ZSTREAM
|
|
# -------
|
|
#
|
|
# This variable controls whether we use zstream numbering or not for the
|
|
# package release. The zstream release keeps the build number of the last
|
|
# build done for ystream for the Beta milestone, and increments a second
|
|
# number for each build. The third number is used for branched builds
|
|
# (eg.: for builds with security fixes or hot fixes done outside of the
|
|
# batch release process).
|
|
#
|
|
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
|
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
|
# where X is the build number. With ZSTREAM set to "yes", we will have
|
|
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
|
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
|
# build number and Z will always be 1 except if you're doing a branched build
|
|
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
|
# number will be incremented instead of the Y).
|
|
#
|
|
ZSTREAM ?= no
|
|
|
|
#
|
|
# Early y+1 numbering
|
|
# --------------------
|
|
#
|
|
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
|
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
|
# is incremented with each build starting from 1. After merge from y,
|
|
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
|
#
|
|
# Example:
|
|
#
|
|
# rhel8.0 rhel-8.1
|
|
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
|
# kernel-4.18.0-58.2.el8
|
|
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
|
# kernel-4.18.0-60.el8
|
|
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
|
#
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
EARLY_YSTREAM ?= no
|
|
EARLY_YBUILD:=
|
|
EARLY_YRELEASE:=
|
|
ifneq ("$(ZSTREAM)", "yes")
|
|
ifeq ("$(EARLY_YSTREAM)","yes")
|
|
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
|
endif
|
|
endif
|