8e4e27
import kernel-3.10.0-957.21.2.el7
@@ -1,8 +1,5 @@
|
|
1
1
|
SOURCES/kernel-abi-whitelists-957.tar.bz2
|
2
2
|
SOURCES/kernel-kabi-dw-957.tar.bz2
|
3
|
-
SOURCES/linux-3.10.0-957.
|
3
|
+
SOURCES/linux-3.10.0-957.21.2.el7.tar.xz
|
4
4
|
SOURCES/rheldup3.x509
|
5
5
|
SOURCES/rhelkpatch1.x509
|
6
|
-
SOURCES/centos-kpatch.x509
|
7
|
-
SOURCES/centos-ldup.x509
|
8
|
-
SOURCES/centos.cer
|
@@ -1,8 +1,5 @@
|
|
1
1
|
0f7aaf77a461acfa8354aeca16ae3ac89798143a SOURCES/kernel-abi-whitelists-957.tar.bz2
|
2
2
|
e01030ef3029e113eeff62bf9ea0dcf09b86d4e2 SOURCES/kernel-kabi-dw-957.tar.bz2
|
3
|
-
|
3
|
+
0e83f362f44febdbe1fc5fc1793a0985b715cbc2 SOURCES/linux-3.10.0-957.21.2.el7.tar.xz
|
4
4
|
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
|
5
5
|
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
|
6
|
-
5a7d05a8298cf38d43689470e8e43230d8add0f9 SOURCES/centos-kpatch.x509
|
7
|
-
c61172887746663d3bdd9acaa263cbfacf99e8b3 SOURCES/centos-ldup.x509
|
8
|
-
6e9105eb51e55a46761838f289a917611cad8091 SOURCES/centos.cer
|
@@ -9,7 +9,7 @@ RPMVERSION:=3.10.0
|
|
9
9
|
marker is git tag which we base off of for exporting patches
|
10
10
|
MARKER:=v3.10
|
11
11
|
PREBUILD:=
|
12
|
-
BUILD:=957.
|
12
|
+
BUILD:=957.21.2
|
13
13
|
DIST:=.el7
|
14
14
|
SPECFILE:=kernel.spec
|
15
15
|
RPM:=$(REDHAT)/rpm
|
Binary file
|
@@ -1,81 +0,0 @@
|
|
1
|
-
Certificate:
|
2
|
-
Data:
|
3
|
-
Version: 3 (0x2)
|
4
|
-
Serial Number:
|
5
|
-
b6:16:15:71:72:fb:31:7e
|
6
|
-
Signature Algorithm: sha256WithRSAEncryption
|
7
|
-
Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security .org
|
8
|
-
Validity
|
9
|
-
Not Before: Aug 1 11:47:30 2018 GMT
|
10
|
-
Not After : Dec 31 11:47:30 2037 GMT
|
11
|
-
Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security .org
|
12
|
-
Subject Public Key Info:
|
13
|
-
Public Key Algorithm: rsaEncryption
|
14
|
-
RSA Public Key: (2048 bit)
|
15
|
-
Modulus (2048 bit):
|
16
|
-
00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa:
|
17
|
-
76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51:
|
18
|
-
cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2:
|
19
|
-
4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3:
|
20
|
-
24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0:
|
21
|
-
bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18:
|
22
|
-
00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97:
|
23
|
-
a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57:
|
24
|
-
6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35:
|
25
|
-
6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0:
|
26
|
-
aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65:
|
27
|
-
53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46:
|
28
|
-
f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f:
|
29
|
-
6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2:
|
30
|
-
76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4:
|
31
|
-
94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28:
|
32
|
-
4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef:
|
33
|
-
94:0f
|
34
|
-
Exponent: 65537 (0x10001)
|
35
|
-
X509v3 extensions:
|
36
|
-
X509v3 Basic Constraints: critical
|
37
|
-
CA:FALSE
|
38
|
-
X509v3 Key Usage:
|
39
|
-
Digital Signature
|
40
|
-
X509v3 Subject Key Identifier:
|
41
|
-
F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29
|
42
|
-
X509v3 Authority Key Identifier:
|
43
|
-
keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3
|
44
|
-
|
45
|
-
Signature Algorithm: sha256WithRSAEncryption
|
46
|
-
97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c:
|
47
|
-
dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da:
|
48
|
-
11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b:
|
49
|
-
2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a:
|
50
|
-
28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e:
|
51
|
-
b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef:
|
52
|
-
f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f:
|
53
|
-
0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56:
|
54
|
-
a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30:
|
55
|
-
17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a:
|
56
|
-
ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97:
|
57
|
-
58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c:
|
58
|
-
75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77:
|
59
|
-
da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71:
|
60
|
-
da:7f:89:1d
|
61
|
-
-----BEGIN CERTIFICATE-----
|
62
|
-
MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
|
63
|
-
BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
|
64
|
-
FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx
|
65
|
-
NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg
|
66
|
-
BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB
|
67
|
-
AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4
|
68
|
-
MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP
|
69
|
-
f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2
|
70
|
-
bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/
|
71
|
-
VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR
|
72
|
-
pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud
|
73
|
-
EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb
|
74
|
-
Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B
|
75
|
-
AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G
|
76
|
-
1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV
|
77
|
-
IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv
|
78
|
-
0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ
|
79
|
-
+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD
|
80
|
-
bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ==
|
81
|
-
-----END CERTIFICATE-----
|
@@ -1,11 +0,0 @@
|
|
1
|
-
--- a/arch/x86/boot/main.c 2014-06-04 10:05:04.000000000 -0700
|
2
|
-
+++ b/arch/x86/boot/main.c 2014-07-09 12:54:40.000000000 -0700
|
3
|
-
@@ -146,7 +146,7 @@ void main(void)
|
4
|
-
|
5
|
-
/* Make sure we have all the proper CPU support */
|
6
|
-
if (validate_cpu()) {
|
7
|
-
- puts("This processor is unsupported in RHEL7.\n");
|
8
|
-
+ puts("This processor is unsupported in CentOS 7.\n");
|
9
|
-
die();
|
10
|
-
}
|
11
|
-
|
@@ -1,25 +0,0 @@
|
|
1
|
-
From 69c0d42cfa26515196896dea086857c2caccb6eb Mon Sep 17 00:00:00 2001
|
2
|
-
From: Jim Perrin <jperrin@centos.org>
|
3
|
-
Date: Thu, 19 Jun 2014 10:05:12 -0500
|
4
|
-
Subject: [PATCH] branding patch for rh_taint
|
5
|
-
|
6
|
-
---
|
7
|
-
kernel/rh_taint.c | 2 +-
|
8
|
-
1 file changed, 1 insertion(+), 1 deletion(-)
|
9
|
-
|
10
|
-
diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c
|
11
|
-
index 59a74b0..0708e15 100644
|
12
|
-
--- a/kernel/rh_taint.c
|
13
|
-
+++ b/kernel/rh_taint.c
|
14
|
-
|
15
|
-
void mark_hardware_unsupported(const char *msg)
|
16
|
-
{
|
17
|
-
/* Print one single message */
|
18
|
-
- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg);
|
19
|
-
+ pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg);
|
20
|
-
}
|
21
|
-
EXPORT_SYMBOL(mark_hardware_unsupported);
|
22
|
-
|
23
|
-
--
|
24
|
-
1.8.3.1
|
25
|
-
|
@@ -1,25 +0,0 @@
|
|
1
|
-
From 66185f5c6f881847776702e3a7956c504400f4f2 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Jim Perrin <jperrin@centos.org>
|
3
|
-
Date: Thu, 19 Jun 2014 09:53:13 -0500
|
4
|
-
Subject: [PATCH] branding patch for single-cpu systems
|
5
|
-
|
6
|
-
---
|
7
|
-
arch/x86/kernel/setup.c | 2 +-
|
8
|
-
1 file changed, 1 insertion(+), 1 deletion(-)
|
9
|
-
|
10
|
-
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
11
|
-
index b289118..9d25982 100644
|
12
|
-
--- a/arch/x86/kernel/setup.c
|
13
|
-
+++ b/arch/x86/kernel/setup.c
|
14
|
-
@@ -846,7 +846,7 @@ static void rh_check_supported(void)
|
15
|
-
if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
|
16
|
-
!x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) {
|
17
|
-
pr_crit("Detected single cpu native boot.\n");
|
18
|
-
- pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
|
19
|
-
+ pr_crit("Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information");
|
20
|
-
}
|
21
|
-
|
22
|
-
/* The RHEL7 kernel does not support this hardware. The kernel will
|
23
|
-
--
|
24
|
-
1.8.3.1
|
25
|
-
|
@@ -5,9 +5,9 @@ prompt = no
|
|
5
5
|
x509_extensions = myexts
|
6
6
|
|
7
7
|
[ req_distinguished_name ]
|
8
|
-
O =
|
9
|
-
CN =
|
10
|
-
emailAddress =
|
8
|
+
O = Red Hat
|
9
|
+
CN = Red Hat Enterprise Linux kernel signing key
|
10
|
+
emailAddress = secalert@redhat.com
|
11
11
|
|
12
12
|
[ myexts ]
|
13
13
|
basicConstraints=critical,CA:FALSE
|
@@ -14,10 +14,10 @@ Summary: The Linux kernel
|
|
14
14
|
%global distro_build 957
|
15
15
|
|
16
16
|
%define rpmversion 3.10.0
|
17
|
-
%define pkgrelease 957.
|
17
|
+
%define pkgrelease 957.21.2.el7
|
18
18
|
|
19
19
|
# allow pkg_release to have configurable %%{?dist} tag
|
20
|
-
%define specrelease 957.
|
20
|
+
%define specrelease 957.21.2%{?dist}
|
21
21
|
|
22
22
|
%define pkg_release %{specrelease}%{?buildid}
|
23
23
|
|
@@ -280,7 +280,7 @@ Summary: The Linux kernel
|
|
280
280
|
# problems with the newer kernel or lack certain things that make
|
281
281
|
# integration in the distro harder than needed.
|
282
282
|
#
|
283
|
-
%define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 3.13.1-201, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3
|
283
|
+
%define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 3.13.1-201, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3
|
284
284
|
|
285
285
|
# We moved the drm include files into kernel-headers, make sure there's
|
286
286
|
# a recent enough libdrm-devel on the system that doesn't have those.
|
@@ -395,16 +395,16 @@ Source10: sign-modules
|
|
395
395
|
Source11: x509.genkey
|
396
396
|
Source12: extra_certificates
|
397
397
|
%if %{?released_kernel}
|
398
|
-
Source13:
|
399
|
-
Source14:
|
400
|
-
%define
|
398
|
+
Source13: securebootca.cer
|
399
|
+
Source14: secureboot.cer
|
400
|
+
%define pesign_name redhatsecureboot301
|
401
401
|
%else
|
402
|
-
Source13:
|
403
|
-
Source14:
|
404
|
-
%define
|
402
|
+
Source13: redhatsecurebootca2.cer
|
403
|
+
Source14: redhatsecureboot003.cer
|
404
|
+
%define pesign_name redhatsecureboot003
|
405
405
|
%endif
|
406
|
-
Source15:
|
407
|
-
Source16:
|
406
|
+
Source15: rheldup3.x509
|
407
|
+
Source16: rhelkpatch1.x509
|
408
408
|
|
409
409
|
Source18: check-kabi
|
410
410
|
|
@@ -446,9 +446,6 @@ Source9999: lastcommit.stat
|
|
446
446
|
|
447
447
|
# empty final patch to facilitate testing of kernel patches
|
448
448
|
Patch999999: linux-kernel-test.patch
|
449
|
-
Patch1000: debrand-single-cpu.patch
|
450
|
-
Patch1001: debrand-rh_taint.patch
|
451
|
-
Patch1002: debrand-rh-i686-cpu.patch
|
452
449
|
|
453
450
|
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
|
454
451
|
|
@@ -621,11 +618,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
|
621
618
|
%endif
|
622
619
|
|
623
620
|
%package -n kernel-abi-whitelists
|
624
|
-
Summary: The
|
621
|
+
Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists
|
625
622
|
Group: System Environment/Kernel
|
626
623
|
AutoReqProv: no
|
627
624
|
%description -n kernel-abi-whitelists
|
628
|
-
The kABI package contains information pertaining to the
|
625
|
+
The kABI package contains information pertaining to the Red Hat Enterprise
|
629
626
|
Linux kernel ABI, including lists of kernel symbols that are needed by
|
630
627
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
631
628
|
|
@@ -778,9 +775,6 @@ cd linux-%{KVRA}
|
|
778
775
|
cp $RPM_SOURCE_DIR/kernel-%{version}-*.config .
|
779
776
|
|
780
777
|
ApplyOptionalPatch linux-kernel-test.patch
|
781
|
-
ApplyOptionalPatch debrand-single-cpu.patch
|
782
|
-
ApplyOptionalPatch debrand-rh_taint.patch
|
783
|
-
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
784
778
|
|
785
779
|
# Any further pre-build tree manipulations happen here.
|
786
780
|
|
@@ -1757,44 +1751,119 @@ fi
|
|
1757
1751
|
%kernel_variant_files %{with_kdump} kdump
|
1758
1752
|
|
1759
1753
|
%changelog
|
1760
|
-
* Tue May
|
1761
|
-
-
|
1762
|
-
|
1763
|
-
*
|
1764
|
-
- [x86]
|
1765
|
-
- [x86]
|
1766
|
-
|
1767
|
-
|
1768
|
-
- [x86] x86/
|
1769
|
-
- [x86] x86/
|
1770
|
-
- [x86] x86/
|
1771
|
-
- [
|
1772
|
-
- [documentation]
|
1773
|
-
- [
|
1774
|
-
- [
|
1775
|
-
- [x86] x86/
|
1776
|
-
- [x86] x86/
|
1777
|
-
- [
|
1778
|
-
- [
|
1779
|
-
- [x86] x86/speculation/mds: Add
|
1780
|
-
- [
|
1781
|
-
- [x86] x86/speculation/mds: Add
|
1782
|
-
- [x86] x86/speculation/mds:
|
1783
|
-
- [
|
1784
|
-
- [x86] x86/
|
1785
|
-
- [x86] x86/
|
1786
|
-
- [
|
1787
|
-
- [x86] x86/speculation:
|
1788
|
-
- [
|
1789
|
-
- [
|
1790
|
-
- [x86] x86/
|
1791
|
-
- [x86] x86/
|
1792
|
-
- [x86] x86/speculation:
|
1793
|
-
- [x86] x86/
|
1794
|
-
- [
|
1795
|
-
- [
|
1796
|
-
- [x86] x86/
|
1797
|
-
- [x86] x86/
|
1754
|
+
* Tue May 28 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.2.el7]
|
1755
|
+
- [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633]
|
1756
|
+
|
1757
|
+
* Thu May 23 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.1.el7]
|
1758
|
+
- [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1759
|
+
- [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1760
|
+
|
1761
|
+
* Wed May 15 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.20.1.el7]
|
1762
|
+
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1763
|
+
- [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1764
|
+
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1765
|
+
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1766
|
+
- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1767
|
+
- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1768
|
+
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1769
|
+
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1770
|
+
- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1771
|
+
- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1772
|
+
- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1773
|
+
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1774
|
+
- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1775
|
+
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1776
|
+
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1777
|
+
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1778
|
+
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1779
|
+
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1780
|
+
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1781
|
+
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1782
|
+
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1783
|
+
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1784
|
+
- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1785
|
+
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1786
|
+
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1787
|
+
- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1788
|
+
- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1789
|
+
- [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1790
|
+
- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1791
|
+
- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1792
|
+
- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1793
|
+
- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1794
|
+
- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
|
1795
|
+
- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1796
|
+
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1797
|
+
- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
|
1798
|
+
|
1799
|
+
* Fri Apr 26 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.19.1.el7]
|
1800
|
+
- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929]
|
1801
|
+
- [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348]
|
1802
|
+
- [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348]
|
1803
|
+
- [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749]
|
1804
|
+
- [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405]
|
1805
|
+
- [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405]
|
1806
|
+
- [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405]
|
1807
|
+
- [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236]
|
1808
|
+
- [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236]
|
1809
|
+
- [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236]
|
1810
|
+
- [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307]
|
1811
|
+
- [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454]
|
1812
|
+
- [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535]
|
1813
|
+
- [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466]
|
1814
|
+
- [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149]
|
1815
|
+
- [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149]
|
1816
|
+
- [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293]
|
1817
|
+
- [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
|
1818
|
+
- [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
|
1819
|
+
- [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435]
|
1820
|
+
- [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435]
|
1821
|
+
- [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435]
|
1822
|
+
- [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435]
|
1823
|
+
- [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523]
|
1824
|
+
- [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428]
|
1825
|
+
|
1826
|
+
* Tue Apr 23 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.18.1.el7]
|
1827
|
+
- [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825]
|
1828
|
+
|
1829
|
+
* Mon Apr 15 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.17.1.el7]
|
1830
|
+
- [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906]
|
1831
|
+
|
1832
|
+
* Thu Apr 11 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.16.1.el7]
|
1833
|
+
- [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427]
|
1834
|
+
- [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427]
|
1835
|
+
- [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427]
|
1836
|
+
- [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427]
|
1837
|
+
- [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427]
|
1838
|
+
- [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427]
|
1839
|
+
- [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427]
|
1840
|
+
- [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421]
|
1841
|
+
- [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049]
|
1842
|
+
- [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227]
|
1843
|
+
- [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705]
|
1844
|
+
- [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887]
|
1845
|
+
- [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180]
|
1846
|
+
- [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855]
|
1847
|
+
- [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292]
|
1848
|
+
- [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203]
|
1849
|
+
|
1850
|
+
* Thu Mar 28 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.15.1.el7]
|
1851
|
+
- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780]
|
1852
|
+
- [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462]
|
1853
|
+
|
1854
|
+
* Tue Mar 26 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.14.1.el7]
|
1855
|
+
- [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001]
|
1856
|
+
- [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001]
|
1857
|
+
- [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001]
|
1858
|
+
- [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001]
|
1859
|
+
- [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001]
|
1860
|
+
- [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001]
|
1861
|
+
- [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001]
|
1862
|
+
- [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001]
|
1863
|
+
- [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001]
|
1864
|
+
|
1865
|
+
* Thu Mar 21 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.13.1.el7]
|
1866
|
+
- [drm] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer (Ben Skeggs) [1690761 1669098]
|
1798
1867
|
|
1799
1868
|
* Wed Mar 20 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.12.1.el7]
|
1800
1869
|
- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
|