f38de42824
* Tue Jan 14 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-41.el10]
- netfilter: IDLETIMER: Fix for possible ABBA deadlock (Phil Sutter) [RHEL-70301]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-73194]
- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [RHEL-68691]
- sched/numa: fix memory leak due to the overwritten vma->numab_state (Phil Auld) [RHEL-67478]
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter) [RHEL-71827]
- NFSD: Mark exports of NFS as unsupported (Benjamin Coddington) [RHEL-50656]
- netdev-genl: Hold rcu_read_lock in napi_get (Paolo Abeni) [RHEL-73205]
- net: avoid potential UAF in default_operstate() (Paolo Abeni) [RHEL-73205] {CVE-2024-56635}
- net: defer final 'struct net' free in netns dismantle (Paolo Abeni) [RHEL-73205] {CVE-2024-56658}
- net: restrict SO_REUSEPORT to inet sockets (Paolo Abeni) [RHEL-73205]
- Revert "rtnetlink: add guard for RTNL" (Paolo Abeni) [RHEL-73205]
- netlink: fix false positive warning in extack during dumps (Paolo Abeni) [RHEL-73205] {CVE-2024-53212}
- tcp: check space before adding MPTCP SYN options (Paolo Abeni) [RHEL-73143]
- net: fix memory leak in tcp_conn_request() (Paolo Abeni) [RHEL-73143]
- Revert "udp: avoid calling sock_def_readable() if possible" (Paolo Abeni) [RHEL-73132]
- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [RHEL-69538]
- redhat: make kernel-debug-uki-virt installable without kernel-debug-core (Vitaly Kuznetsov) [RHEL-72983]
- KVM: arm64: Fix S1/S2 combination when FWB==1 and S2 has Device memory type (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add error handling in vgic_its_cache_translation (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Add tests for MMIO external abort injection (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Convert to kernel's ESR terminology (Shaoqin Huang) [RHEL-68039]
- tools: arm64: Grab a copy of esr.h from kernel (Shaoqin Huang) [RHEL-68039]
- KVM: selftests: Don't bother deleting memslots in KVM when freeing VMs (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add stronger type-checking to the ITS entry sizes (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Kill VGIC_MAX_PRIVATE definition (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Make vgic_get_irq() more robust (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Pass on SVE mapping failures (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't map 'kvm_vgic_global_state' at EL2 with pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Just advertise SEIS as 0 when emulating ICC_CTLR_EL1 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't retire aborted MMIO instruction (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Get rid of userspace_irqchip_in_use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize trap register values in hyp in pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize the hypervisor's VM state at EL2 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Move pkvm_vcpu_init_traps() to init_pkvm_hyp_vcpu() (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE (Shaoqin Huang) [RHEL-68039]
Resolves: RHEL-50656, RHEL-67478, RHEL-68039, RHEL-68691, RHEL-69538, RHEL-70301, RHEL-71827, RHEL-72983, RHEL-73132, RHEL-73143, RHEL-73194, RHEL-73205
Signed-off-by: Jan Stancek <jstancek@redhat.com>
81 lines
2.6 KiB
Makefile
81 lines
2.6 KiB
Makefile
RHEL_MAJOR = 10
|
|
RHEL_MINOR = 0
|
|
|
|
#
|
|
# RHEL_RELEASE
|
|
# -------------
|
|
#
|
|
# Represents build number in 'release' part of RPM's name-version-release.
|
|
# name is <package_name>, e.g. kernel
|
|
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
|
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
RHEL_RELEASE = 41
|
|
|
|
#
|
|
# RHEL_REBASE_NUM
|
|
# ----------------
|
|
#
|
|
# Used in RPM version string for Gemini kernels, which dont use upstream
|
|
# VERSION/PATCHLEVEL/SUBLEVEL. The number represents rebase number for
|
|
# current MAJOR release.
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
RHEL_REBASE_NUM = 1
|
|
|
|
|
|
#
|
|
# ZSTREAM
|
|
# -------
|
|
#
|
|
# This variable controls whether we use zstream numbering or not for the
|
|
# package release. The zstream release keeps the build number of the last
|
|
# build done for ystream for the Beta milestone, and increments a second
|
|
# number for each build. The third number is used for branched builds
|
|
# (eg.: for builds with security fixes or hot fixes done outside of the
|
|
# batch release process).
|
|
#
|
|
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
|
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
|
# where X is the build number. With ZSTREAM set to "yes", we will have
|
|
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
|
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
|
# build number and Z will always be 1 except if you're doing a branched build
|
|
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
|
# number will be incremented instead of the Y).
|
|
#
|
|
ZSTREAM ?= no
|
|
|
|
#
|
|
# Early y+1 numbering
|
|
# --------------------
|
|
#
|
|
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
|
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
|
# is incremented with each build starting from 1. After merge from y,
|
|
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
|
#
|
|
# Example:
|
|
#
|
|
# rhel8.0 rhel-8.1
|
|
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
|
# kernel-4.18.0-58.2.el8
|
|
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
|
# kernel-4.18.0-60.el8
|
|
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
|
#
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
EARLY_YSTREAM ?= no
|
|
EARLY_YBUILD:=
|
|
EARLY_YRELEASE:=
|
|
ifneq ("$(ZSTREAM)", "yes")
|
|
ifeq ("$(EARLY_YSTREAM)","yes")
|
|
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
|
endif
|
|
endif
|