diff --git a/download b/download index a46cd2e6267ae27b1e32741390b49a5a57cffd25..10414ed6c4e7ee0acfcbab0819f8f973e2824014 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -3aeb82d0f479dba60edcb89ced26479f kernel-abi-stablelists-4.18.0-513.tar.bz2 -5b2eae229b93fa3dbf0eebd0e8d0e199 kernel-kabi-dw-4.18.0-513.tar.bz2 -a0664573a2bf07ebf83621b3381a6b4c linux-4.18.0-513.9.1.el8_9.tar.xz +a978e706330dc04aade90002cd671bef kernel-abi-stablelists-4.18.0-513.tar.bz2 +e860e4be252b58b3a5128dd470442131 kernel-kabi-dw-4.18.0-513.tar.bz2 +d82ad297d1f895be32bbad80f9de7cf5 linux-4.18.0-513.11.1.el8_9.tar.xz diff --git a/kernel.spec b/kernel.spec index dcb44ad1bce0ca208f6ca04c705bb1d52242f4a2..8c1cb2c0eefd8579ea0df2c043b3ef63bbc61321 100644 --- a/kernel.spec +++ b/kernel.spec @@ -38,11 +38,11 @@ # define buildid .local -%define rpmversion 4.18.0 -%define pkgrelease 513.9.1.el8_9 +%define specversion 4.18.0 +%define pkgrelease 513.11.1.el8_9 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 513.9.1%{anolis_release}%{?dist} +%define specrelease 513.11.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -329,7 +329,7 @@ Name: kernel%{?variant} Group: System Environment/Kernel License: GPLv2 and Redistributable, no modification permitted URL: http://www.kernel.org/ -Version: %{rpmversion} +Version: %{specversion} Release: %{pkg_release} Summary: The Linux kernel, based on version %{version}, heavily modified with backports %if %{with_realtime} @@ -436,7 +436,7 @@ BuildRequires: xmlto BuildRequires: asciidoc %endif -Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz +Source0: linux-%{specversion}-%{pkgrelease}.tar.xz Source9: x509.genkey @@ -523,8 +523,8 @@ Source211: Module.kabi_dup_ppc64le Source212: Module.kabi_dup_s390x Source213: Module.kabi_dup_x86_64 -Source300: kernel-abi-stablelists-%{rpmversion}-%{distro_build}.tar.bz2 -Source301: kernel-kabi-dw-%{rpmversion}-%{distro_build}.tar.bz2 +Source300: kernel-abi-stablelists-%{specversion}-%{distro_build}.tar.bz2 +Source301: kernel-kabi-dw-%{specversion}-%{distro_build}.tar.bz2 %endif %if %{with_realtime} @@ -571,8 +571,8 @@ enterprise customers, etc. # macros defined above. # %define kernel_reqprovconf \ -Provides: %{name} = %{rpmversion}-%{pkg_release}\ -Provides: %{name}-%{_target_cpu} = %{rpmversion}-%{pkg_release}%{?1:+%{1}}\ +Provides: %{name} = %{specversion}-%{pkg_release}\ +Provides: %{name}-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:+%{1}}\ Provides: kernel-drm-nouveau = 16\ Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ Requires(pre): %{kernel_prereq}\ @@ -615,8 +615,8 @@ Group: Development/System Obsoletes: glibc-kernheaders < 3.0-46 Provides: glibc-kernheaders = 3.0-46 %if "0%{?variant}" -Obsoletes: kernel-headers < %{rpmversion}-%{pkg_release} -Provides: kernel-headers = %{rpmversion}-%{pkg_release} +Obsoletes: kernel-headers < %{specversion}-%{pkg_release} +Provides: kernel-headers = %{specversion}-%{pkg_release} %endif %description headers Kernel-headers includes the C header files that specify the interface @@ -812,7 +812,7 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists Group: System Environment/Kernel AutoReqProv: no -Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release} +Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release} Provides: %{name}-abi-whitelists %description -n %{name}-abi-stablelists The kABI package contains information pertaining to the Red Hat Enterprise @@ -1097,8 +1097,8 @@ ApplyOptionalPatch() fi } -%setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c -mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} +%setup -q -n %{name}-%{specversion}-%{pkgrelease} -c +mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} @@ -1187,7 +1187,7 @@ done %endif cp %{SOURCE42} . -./process_configs.sh -w -c %{name} %{rpmversion} %{?cross_opts} +./process_configs.sh -w -c %{name} %{specversion} %{?cross_opts} # end of kernel config %endif @@ -1993,7 +1993,7 @@ find Documentation -type d | xargs chmod u+w cd linux-%{KVERREL} %if %{with_doc} -docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease} +docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease} # copy the source over mkdir -p $docdir @@ -2470,9 +2470,9 @@ fi %if %{with_doc} %files doc %defattr(-,root,root) -%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation/* -%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation -%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease} +%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation/* +%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation +%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease} %endif %if %{with_perf} @@ -2699,9 +2699,120 @@ fi # # %changelog -* Tue Dec 26 2023 Xiaoping Liu - 4.18.0-513.9.1.0.1 +* Thu Jan 11 2024 Xiaoping Liu - 4.18.0-513.11.1.0.1 - kernel:repair dwarves causes kernel compilation to fail +* Thu Dec 07 2023 Patrick Talbert [4.18.0-513.11.1.el8_9] +- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko) +- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504] +- KVM: x86: Add SBPB support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- KVM: x86: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/CPU/AMD: Remove amd_get_topology_early() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Add IBPB (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/microcode/AMD: Load late on both threads too (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86/returnthunk: Allow different return thunks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- x86: Sanitize linker script (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- objtool: Fix .return_sites generation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569} +- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} +- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633} + +* Fri Nov 24 2023 Patrick Talbert [4.18.0-513.10.1.el8_9] +- pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (Scott Mayhew) [RHEL-16407 RHEL-4969] +- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162} +- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162} +- KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Peter Xu) [RHEL-15121 RHEL-7210] +- netfilter: conntrack: Fix gre tunneling over ipv6 (Florian Westphal) [RHEL-15259 RHEL-12497] +- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8443 RHEL-8444] {CVE-2023-42753} +- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-15096 RHEL-15023] +- redhat: change builder image to rhel-8.9 (Michael Hofmann) +- net: openvswitch: add support for l4 symmetric hashing (Antoine Tenart) [RHEL-12746 RHEL-10498] +- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16388 RHEL-2574] {CVE-2023-4622} + * Thu Nov 16 2023 Patrick Talbert [4.18.0-513.9.1.el8_9] - ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761] - nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11507 RHEL-11509] {CVE-2023-5178}