From fa7474d51bdedcb06f70214741af55c29cd990aa Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jul 29 2020 17:21:01 +0000
Subject: import kernel-rt-3.10.0-1127.18.2.rt56.1116.el7


---

diff --git a/.gitignore b/.gitignore
index b5c70c4..e0ebde0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/kernel-rt-3.10.0-1127.13.1.rt56.1110.tar.xz
+SOURCES/kernel-rt-3.10.0-1127.18.2.rt56.1116.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 8ac4349..bb812d0 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,3 +1,3 @@
-243a1cebfdb5fd11c58a2e444c11b2f9d51eaaa4 SOURCES/kernel-rt-3.10.0-1127.13.1.rt56.1110.tar.xz
+5e8eb6526b98203dfe7baa9994e4b274b3680a81 SOURCES/kernel-rt-3.10.0-1127.18.2.rt56.1116.tar.xz
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
new file mode 100644
index 0000000..20e6604
Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ
diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer
new file mode 100644
index 0000000..dfa7afb
Binary files /dev/null and b/SOURCES/redhatsecureboot501.cer differ
diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
new file mode 100644
index 0000000..b235400
Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
new file mode 100644
index 0000000..dfb0284
Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ
diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer
deleted file mode 100644
index 20e6604..0000000
Binary files a/SOURCES/secureboot.cer and /dev/null differ
diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer
deleted file mode 100644
index b235400..0000000
Binary files a/SOURCES/securebootca.cer and /dev/null differ
diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec
index 9146e1f..3c5ecb1 100644
--- a/SPECS/kernel-rt.spec
+++ b/SPECS/kernel-rt.spec
@@ -7,10 +7,10 @@ Summary: The Linux Realtime kernel
 %global dist .el7
 
 # realtimeN
-%global rtbuild 1110
+%global rtbuild 1116
 
 # RHEL7 build number
-%global rhel_build 1127.13.1
+%global rhel_build 1127.18.2
 
 # The preempt RT patch level
 %global rttag rt56
@@ -325,16 +325,22 @@ Source10: sign-modules
 Source11: x509.genkey
 Source12: extra_certificates
 %if %{?released_kernel}
-Source13: securebootca.cer
-Source14: secureboot.cer
-%define pesign_name redhatsecureboot301
+Source13: redhatsecurebootca3.cer
+Source14: redhatsecureboot301.cer
+Source15: redhatsecurebootca5.cer
+Source16: redhatsecureboot501.cer
+%define pesign_name_0 redhatsecureboot301
+%define pesign_name_1 redhatsecureboot501
 %else
 Source13: redhatsecurebootca2.cer
 Source14: redhatsecureboot003.cer
-%define pesign_name redhatsecureboot003
+Source15: redhatsecurebootca4.cer
+Source16: redhatsecureboot401.cer
+%define pesign_name_0 redhatsecureboot003
+%define pesign_name_1 redhatsecureboot401
 %endif
-Source15: rheldup3.x509
-Source16: rhelkpatch1.x509
+Source17: rheldup3.x509
+Source18: rhelkpatch1.x509
 
 Source22: perf
 Source23: perf-archive
@@ -722,8 +728,8 @@ BuildKernel() {
 
     cp %{SOURCE11} .    # x509.genkey
     cp %{SOURCE12} .    # extra_certificates
-    cp %{SOURCE15} .    # rheldup3.x509
-    cp %{SOURCE16} .    # rhelkpatch1.x509
+    cp %{SOURCE17} .    # rheldup3.x509
+    cp %{SOURCE18} .    # rhelkpatch1.x509
 
     # and now to start the build process
 
@@ -775,7 +781,9 @@ BuildKernel() {
     fi
 # EFI SecureBoot signing, x86_64-only
 %ifarch x86_64
-    %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name}
+    %pesign -s -i $KernelImage -o $KernelImage.tmp -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name_0}
+    %pesign -s -i $KernelImage.tmp -o $KernelImage.signed -a %{SOURCE15} -c %{SOURCE16} -n %{pesign_name_1}
+    rm $KernelImage.tmp
     mv $KernelImage.signed $KernelImage
 %endif
     $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
@@ -1153,7 +1161,9 @@ rm -f $RPM_BUILD_ROOT/usr/include/asm*/irq.h
 %if %{builddoc}
 # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}
-install -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca.cer
+install -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20140212.cer
+install -m 0644 %{SOURCE15} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20200609.cer
+ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca.cer
 %endif
 
 # We have to do the headers checksum calculation after the tools install because
@@ -1326,6 +1336,8 @@ fi
 %dir %{_datadir}/doc/kernel-rt-doc-%{rpmversion}/Documentation
 %dir %{_datadir}/doc/kernel-rt-doc-%{rpmversion}
 %{_datadir}/man/man9rt/*
+%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20140212.cer
+%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20200609.cer
 %{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca.cer
 %dir %{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}
 %dir %{_datadir}/doc/kernel-rt-keys
@@ -1439,6 +1451,64 @@ fi
 %endif
 
 %changelog
+* Tue Jul 21 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.18.2.rt56.1116.el7]
+- [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
+- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837429 1837430] {CVE-2020-10713}
+- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837429 1837430] {CVE-2020-10713}
+
+* Tue Jul 14 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.18.1.rt56.1115.el7]
+- [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
+- [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1838602 1830606]
+- [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1838602 1830606]
+
+* Tue Jul 07 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.17.1.rt56.1114.el7]
+- [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
+- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1852245 1820632]
+- [fs] aio: fix inconsistent ring state (Jeff Moyer) [1850055 1845326]
+- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844069 1844070] {CVE-2020-12654}
+- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844025 1844026] {CVE-2020-12653}
+- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
+- [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
+- [mm] mm: mremap: streamline move_page_tables()'s move_huge_pmd() corner case (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
+- [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}
+
+* Wed Jul 01 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.16.1.rt56.1113.el7]
+- [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
+- [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1850500 1752067]
+- [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1842994 1818001]
+- [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1842994 1818001]
+
+* Sat Jun 20 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.15.1.rt56.1112.el7]
+- [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
+- [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1847343 1663720]
+- [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1847343 1663720]
+- [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1847343 1663720]
+- [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1847343 1663720]
+- [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1847343 1663720]
+- [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1847343 1663720]
+- [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847333 1834278]
+- [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1841825 1837127]
+- [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1830889 1810643]
+- [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1830889 1810643]
+- [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1803448 1814257] {CVE-2019-19527}
+- [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1803448 1814257] {CVE-2019-19527}
+
+* Tue Jun 16 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.14.1.rt56.1111.el7]
+- [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
+- [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1845520 1813803]
+- [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Don't hold the inode lock across fsync() (Benjamin Coddington) [1845520 1813803]
+- [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1845520 1813803]
+- [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1845520 1813803]
+- [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1845520 1813803]
+- [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (Jonathan Toppins) [1834190 1823679]
+
 * Mon Jun 15 2020 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1127.13.1.rt56.1110.el7]
 - [rt] Update source tree to match RHEL rhel-7.8.z tree [1844620 1708718]
 - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543}