5984d5bc43
* Mon Nov 13 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-385.el9] - s390/qdio: fix do_sqbs() inline assembly constraint (Tobias Huschle) [RHEL-11201] - s390/lcs: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201] - s390/lcs: Convert sprintf to scnprintf (Tobias Huschle) [RHEL-11201] - s390/ctcm: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201] - s390/ctcm: Convert sprintf/snprintf to scnprintf (Tobias Huschle) [RHEL-11201] - s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-11201] - s390/lcs: Remove FDDI option (Tobias Huschle) [RHEL-11201] - nd_btt: Make BTT lanes preemptible (Tomas Glozar) [RHEL-9172] - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) [RHEL-15417] - Revert "rcu: Permit start_poll_synchronize_rcu_expedited() to be invoked early" (Čestmír Kalina) [RHEL-14709] - scsi: sd: Remove the number of forward declarations (Ewan D. Milne) [RHEL-14312] - scsi: core: Report error list information in debugfs (Ewan D. Milne) [RHEL-14312] - scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Ewan D. Milne) [RHEL-14312] - scsi: core: Remove unused extern declarations (Ewan D. Milne) [RHEL-14312] - scsi: core: Fix legacy /proc parsing buffer overflow (Ewan D. Milne) [RHEL-14312] - scsi: sd_zbc: Set zone limits before revalidating zones (Ewan D. Milne) [RHEL-14312] - scsi: core: Improve warning message in scsi_device_block() (Ewan D. Milne) [RHEL-14312] - scsi: core: Replace scsi_target_block() with scsi_block_targets() (Ewan D. Milne) [RHEL-14312] - scsi: core: Don't wait for quiesce in scsi_device_block() (Ewan D. Milne) [RHEL-14312] - scsi: core: Don't wait for quiesce in scsi_stop_queue() (Ewan D. Milne) [RHEL-14312] - scsi: core: Merge scsi_internal_device_block() and device_block() (Ewan D. Milne) [RHEL-14312] - scsi: sg: Increase number of devices (Ewan D. Milne) [RHEL-14312] - scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT (Ewan D. Milne) [RHEL-14312] - scsi: core: Support setting BLK_MQ_F_BLOCKING (Ewan D. Milne) [RHEL-14312] - scsi: core: Rework scsi_host_block() (Ewan D. Milne) [RHEL-14312] - scsi: core: Only kick the requeue list if necessary (Ewan D. Milne) [RHEL-14312] - scsi: core: Use min() instead of open-coding it (Ewan D. Milne) [RHEL-14312] - scsi: scsi_transport_fc: Remove unused 'desc_cnt' variable (Ewan D. Milne) [RHEL-14312] - scsi: sr: Simplify the sr_open() function (Ewan D. Milne) [RHEL-14312] - scsi: core: Improve scsi_vpd_inquiry() checks (Ewan D. Milne) [RHEL-14312] - scsi: core: Fix a procfs host directory removal regression (Ewan D. Milne) [RHEL-14312] - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (Ewan D. Milne) [RHEL-14312] - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (Ewan D. Milne) [RHEL-14312] - tcp: fix delayed ACKs for MSS boundary condition (Paolo Abeni) [RHEL-14348] - tcp: fix quick-ack counting to count actual ACKs of new data (Paolo Abeni) [RHEL-14348] - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Paolo Abeni) [RHEL-14348] - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Paolo Abeni) [RHEL-14348] - tcp: gso: really support BIG TCP (Paolo Abeni) [RHEL-14348] - tcp: fix mishandling when the sack compression is deferred. (Paolo Abeni) [RHEL-14348] - wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-13881] - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Jose Ignacio Tornos Martinez) [RHEL-6358] {CVE-2023-31083} - x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-8594] {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Unexport untraining functions (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-8594] {CVE-2023-20569} - objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-8594] {CVE-2023-20569} - objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-8594] {CVE-2023-20588} - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-8594] {CVE-2023-20593} - driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-8594] {CVE-2023-20569} - driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-8594] {CVE-2023-20569} - Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-8594] {CVE-2023-20569} - driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-8594] {CVE-2023-20569} - Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-8594] {CVE-2023-20588} - x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Add IBPB (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-8594] {CVE-2023-20569} - redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/alternative: Optimize returns patching (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-8594] {CVE-2023-20569} - objtool: Add objtool_types.h (Waiman Long) [RHEL-8594] {CVE-2023-20569} - objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-8594] {CVE-2023-20569} - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-8594] {CVE-2023-20569} - objtool: Fix SEGFAULT (Waiman Long) [RHEL-8594] {CVE-2023-20569} - vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-8594] {CVE-2023-20569} - livepatch: Make 'klp_stack_entries' static (Ryan Sullivan) [RHEL-2768] - livepatch: Convert stack entries array to percpu (Ryan Sullivan) [RHEL-2768] - livepatch: fix ELF typos (Ryan Sullivan) [RHEL-2768] - livepatch: Make kobj_type structures constant (Ryan Sullivan) [RHEL-2768] - Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition (Ryan Sullivan) [RHEL-2768] - module.h: Document klp_modinfo struct using kdoc (Ryan Sullivan) [RHEL-2768] - livepatch,x86: Clear relocation targets on a module removal (Ryan Sullivan) [RHEL-2768] - x86/module: remove unused code in __apply_relocate_add (Ryan Sullivan) [RHEL-2768] Resolves: RHEL-7056, RHEL-11201, RHEL-13881, RHEL-14312, RHEL-14114, RHEL-14348, RHEL-14709, RHEL-15417, RHEL-2768, RHEL-6358, RHEL-8594, RHEL-9172 Signed-off-by: Jan Stancek <jstancek@redhat.com>
68 lines
2.3 KiB
Makefile
68 lines
2.3 KiB
Makefile
RHEL_MAJOR = 9
|
|
RHEL_MINOR = 4
|
|
|
|
#
|
|
# RHEL_RELEASE
|
|
# -------------
|
|
#
|
|
# Represents build number in 'release' part of RPM's name-version-release.
|
|
# name is <package_name>, e.g. kernel
|
|
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
|
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
RHEL_RELEASE = 385
|
|
|
|
#
|
|
# ZSTREAM
|
|
# -------
|
|
#
|
|
# This variable controls whether we use zstream numbering or not for the
|
|
# package release. The zstream release keeps the build number of the last
|
|
# build done for ystream for the Beta milestone, and increments a second
|
|
# number for each build. The third number is used for branched builds
|
|
# (eg.: for builds with security fixes or hot fixes done outside of the
|
|
# batch release process).
|
|
#
|
|
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
|
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
|
# where X is the build number. With ZSTREAM set to "yes", we will have
|
|
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
|
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
|
# build number and Z will always be 1 except if you're doing a branched build
|
|
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
|
# number will be incremented instead of the Y).
|
|
#
|
|
ZSTREAM ?= no
|
|
|
|
#
|
|
# Early y+1 numbering
|
|
# --------------------
|
|
#
|
|
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
|
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
|
# is incremented with each build starting from 1. After merge from y,
|
|
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
|
#
|
|
# Example:
|
|
#
|
|
# rhel8.0 rhel-8.1
|
|
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
|
# kernel-4.18.0-58.2.el8
|
|
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
|
# kernel-4.18.0-60.el8
|
|
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
|
#
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
EARLY_YSTREAM ?= no
|
|
EARLY_YBUILD:=
|
|
EARLY_YRELEASE:=
|
|
ifneq ("$(ZSTREAM)", "yes")
|
|
ifeq ("$(EARLY_YSTREAM)","yes")
|
|
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
|
endif
|
|
endif
|