1
0
forked from rpms/kernel

Import EL kernel-4.18.0-513.11.1.el8_9

This commit is contained in:
eabdullin 2024-01-16 16:04:40 +03:00
parent ecd26ad835
commit bf55227155
6 changed files with 220 additions and 47 deletions

2
.gitignore vendored
View File

@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
SOURCES/centossecurebootca2.cer
SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
SOURCES/linux-4.18.0-513.9.1.el8_9.tar.xz
SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz
SOURCES/redhatsecureboot302.cer
SOURCES/redhatsecureboot303.cer
SOURCES/redhatsecureboot501.cer

View File

@ -1,8 +1,8 @@
2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
b7c81f7a4572b627bf2df9213d715e3e74c1c394 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
26df1b50927ada39cecb1b9e86331fcbd0c21c65 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
b66c16f3dbd5a47089d5552283162e6b403b3919 SOURCES/linux-4.18.0-513.9.1.el8_9.tar.xz
6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2
98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2
8e36f68bdc4846384ae9835f703e877318c66d1c SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer

View File

@ -0,0 +1,12 @@
--- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700
@@ -147,7 +147,7 @@ void main(void)
/* Make sure we have all the proper CPU support */
if (validate_cpu()) {
- puts("This processor is not supported in this version of RHEL.\n");
+ puts("This processor is not supported in this version of EuroLinux.\n");
die();
}

View File

@ -0,0 +1,11 @@
--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700
+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700
@@ -900,7 +900,7 @@ static void rh_check_supported(void)
if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
!guest && is_kdump_kernel()) {
pr_crit("Detected single cpu native boot.\n");
- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
+ pr_crit("Important: In EuroLinux 8, single threaded, single CPU 64-bit physical systems are unsupported.");
}
/*

View File

@ -0,0 +1,12 @@
diff -urN linux-4.18.0-477.27.1.el8_8/init/main.c linux-4.18.0-477.27.1.el8_8p/init/main.c
--- linux-4.18.0-477.27.1.el8_8/init/main.c 2023-08-31 16:01:50.000000000 +0200
+++ linux-4.18.0-477.27.1.el8_8p/init/main.c 2023-09-20 14:02:16.439638219 +0200
@@ -576,7 +576,7 @@
page_alloc_init();
pr_notice("Kernel command line: %s\n", boot_command_line);
- pr_notice("Specific versions of hardware are certified with Red Hat Enterprise Linux 8. Please see the list of hardware certified with Red Hat Enterprise Linux 8 at https://catalog.redhat.com.\n");
+ pr_notice("Specific versions of hardware are certified with EuroLinux 8. Since EuroLinux is binary compatible with RHEL, please see the list of certified hardware at https://catalog.redhat.com.\n");
/* parameters may set static keys */
jump_label_init();
parse_early_param();

View File

@ -37,11 +37,11 @@
# define buildid .local
%define rpmversion 4.18.0
%define pkgrelease 513.9.1.el8_9
%define specversion 4.18.0
%define pkgrelease 513.11.1.el8_9
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 513.9.1%{?dist}
%define specrelease 513.11.1%{?dist}
%define pkg_release %{specrelease}%{?buildid}
@ -324,11 +324,24 @@
%define initrd_prereq dracut >= 027
# EuroLinux override
# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast
# we have to change this here
%define with_doc 1
%define with_kabichk 1
%define with_kernel_abi_whitelists 1
%global signkernel 0
%global signmodules 0
# End of EuroLinux override
Name: kernel%{?variant}
Group: System Environment/Kernel
License: GPLv2 and Redistributable, no modification permitted
URL: http://www.kernel.org/
Version: %{rpmversion}
Version: %{specversion}
Release: %{pkg_release}
Summary: The Linux kernel, based on version %{version}, heavily modified with backports
%if %{with_realtime}
@ -435,7 +448,7 @@ BuildRequires: xmlto
BuildRequires: asciidoc
%endif
Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz
Source0: linux-%{specversion}-%{pkgrelease}.tar.xz
Source9: x509.genkey
@ -522,8 +535,8 @@ Source211: Module.kabi_dup_ppc64le
Source212: Module.kabi_dup_s390x
Source213: Module.kabi_dup_x86_64
Source300: kernel-abi-stablelists-%{rpmversion}-%{distro_build}.tar.bz2
Source301: kernel-kabi-dw-%{rpmversion}-%{distro_build}.tar.bz2
Source300: kernel-abi-stablelists-%{specversion}-%{distro_build}.tar.bz2
Source301: kernel-kabi-dw-%{specversion}-%{distro_build}.tar.bz2
%endif
%if %{with_realtime}
@ -544,14 +557,17 @@ Source4001: rpminspect.yaml
# empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
Patch1000: debrand-rh-i686-cpu.patch
Patch1002: debrand-single-cpu.patch
Patch1003: debrand-specific-versions-of-hardware.patch
# END OF PATCH DEFINITIONS
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
%description
This is the package which provides the Linux %{name} for Red Hat Enterprise
Linux. It is based on upstream Linux at version %{version} and maintains kABI
This is the package which provides the Linux %{name} for EuroLinux.
It is based on upstream Linux at version %{version} and maintains kABI
compatibility of a set of approved symbols, however it is heavily modified with
backports and fixes pulled from newer upstream Linux %{name} releases. This means
this is not a %{version} kernel anymore: it includes several components which come
@ -559,7 +575,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
core. Some of the components/backports that may be pulled in are: changes like
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
fixes and features), updates to block layer, supported filesystems, major driver
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
updates for supported hardware in EuroLinux, enhancements for
enterprise customers, etc.
#
@ -569,8 +585,8 @@ enterprise customers, etc.
# macros defined above.
#
%define kernel_reqprovconf \
Provides: %{name} = %{rpmversion}-%{pkg_release}\
Provides: %{name}-%{_target_cpu} = %{rpmversion}-%{pkg_release}%{?1:+%{1}}\
Provides: %{name} = %{specversion}-%{pkg_release}\
Provides: %{name}-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:+%{1}}\
Provides: kernel-drm-nouveau = 16\
Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
Requires(pre): %{kernel_prereq}\
@ -613,8 +629,8 @@ Group: Development/System
Obsoletes: glibc-kernheaders < 3.0-46
Provides: glibc-kernheaders = 3.0-46
%if "0%{?variant}"
Obsoletes: kernel-headers < %{rpmversion}-%{pkg_release}
Provides: kernel-headers = %{rpmversion}-%{pkg_release}
Obsoletes: kernel-headers < %{specversion}-%{pkg_release}
Provides: kernel-headers = %{specversion}-%{pkg_release}
%endif
%description headers
Kernel-headers includes the C header files that specify the interface
@ -807,14 +823,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
%endif
%package -n %{name}-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
Summary: The EuroLinux kernel ABI symbol stablelists
Group: System Environment/Kernel
AutoReqProv: no
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
Provides: %{name}-abi-whitelists
%description -n %{name}-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise
Linux kernel ABI, including lists of kernel symbols that are needed by
The kABI package contains information pertaining to the EuroLinux
kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base}
@ -823,8 +839,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel
AutoReqProv: no
%description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise
Linux kernel, suitable for the kabi-dw tool.
The package contains data describing the current ABI of the EuroLinux
kernel, suitable for the kabi-dw tool.
%endif
#
@ -898,7 +914,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
This package provides kernel modules for the %{?2:%{2} }kernel package for EuroLinux internal usage.\
%{nil}
#
@ -1070,7 +1086,7 @@ ApplyPatch()
if ! grep -E "^Patch[0-9]+: $patch\$" %{_specdir}/${RPM_PACKAGE_NAME%%%%%{?variant}}.spec ; then
if [ "${patch:0:8}" != "patch-4." ] ; then
echo "ERROR: Patch $patch not listed as a source patch in specfile"
exit 1
# exit 1
fi
fi 2>/dev/null
case "$patch" in
@ -1095,11 +1111,14 @@ ApplyOptionalPatch()
fi
}
%setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c
mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
%setup -q -n %{name}-%{specversion}-%{pkgrelease} -c
mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
cd linux-%{KVERREL}
ApplyOptionalPatch debrand-single-cpu.patch
#ApplyOptionalPatch debrand-rh_taint.patch
ApplyOptionalPatch debrand-rh-i686-cpu.patch
ApplyOptionalPatch linux-kernel-test.patch
# END OF PATCH APPLICATIONS
@ -1184,7 +1203,7 @@ done
%endif
cp %{SOURCE42} .
./process_configs.sh -w -c %{name} %{rpmversion} %{?cross_opts}
./process_configs.sh -w -c %{name} %{specversion} %{?cross_opts}
# end of kernel config
%endif
@ -1750,20 +1769,20 @@ BuildKernel() {
# build a BLS config for this kernel
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%ifarch s390x ppc64le
if [ $DoModules -eq 1 ]; then
if [ -x /usr/bin/rpm-sign ]; then
install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
else
install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
fi
fi
%endif
# # EuroLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
# mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
# install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
# %ifarch s390x ppc64le
# if [ $DoModules -eq 1 ]; then
# if [ -x /usr/bin/rpm-sign ]; then
# install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
# else
# install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
# openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
# chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename}
# fi
# fi
# %endif
%if %{with_ipaclones}
MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*\([0-9]\+\)/\1/p')
@ -1990,7 +2009,7 @@ find Documentation -type d | xargs chmod u+w
cd linux-%{KVERREL}
%if %{with_doc}
docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}
docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}
# copy the source over
mkdir -p $docdir
@ -2467,9 +2486,9 @@ fi
%if %{with_doc}
%files doc
%defattr(-,root,root)
%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation/*
%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation
%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}
%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation/*
%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation
%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}
%endif
%if %{with_perf}
@ -2696,6 +2715,125 @@ fi
#
#
%changelog
* Fri Jan 12 2024 EuroLinux Autopatch <devel@euro-linux.com>
- Added Patch: debrand-rh-i686-cpu.patch
--> i686 info debrand
- Added Patch: debrand-single-cpu.patch
--> Single cpu debrand
- Added Patch: debrand-specific-versions-of-hardware.patch
--> Specific versions of hardware debrand
* Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9]
- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)
- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]
- KVM: x86: Add SBPB support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- KVM: x86: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/CPU/AMD: Remove amd_get_topology_early() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/microcode/AMD: Load late on both threads too (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/returnthunk: Allow different return thunks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86: Sanitize linker script (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- objtool: Fix .return_sites generation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
* Fri Nov 24 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.10.1.el8_9]
- pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (Scott Mayhew) [RHEL-16407 RHEL-4969]
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
- KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Peter Xu) [RHEL-15121 RHEL-7210]
- netfilter: conntrack: Fix gre tunneling over ipv6 (Florian Westphal) [RHEL-15259 RHEL-12497]
- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8443 RHEL-8444] {CVE-2023-42753}
- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-15096 RHEL-15023]
- redhat: change builder image to rhel-8.9 (Michael Hofmann)
- net: openvswitch: add support for l4 symmetric hashing (Antoine Tenart) [RHEL-12746 RHEL-10498]
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16388 RHEL-2574] {CVE-2023-4622}
* Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
- ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}