00d168
debrand kernel-3.10.0-327.4.5.el7
@@ -2,3 +2,6 @@ SOURCES/kernel-abi-whitelists-327.tar.bz2
|
|
2
2
|
SOURCES/linux-3.10.0-327.4.5.el7.tar.xz
|
3
3
|
SOURCES/rheldup3.x509
|
4
4
|
SOURCES/rhelkpatch1.x509
|
5
|
+
SOURCES/centos-kpatch.x509
|
6
|
+
SOURCES/centos-ldup.x509
|
7
|
+
SOURCES/centos.cer
|
@@ -2,3 +2,6 @@
|
|
2
2
|
39e3921cdb55f114db6ea6b967961d5fcfd1c018 SOURCES/linux-3.10.0-327.4.5.el7.tar.xz
|
3
3
|
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
|
4
4
|
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
|
5
|
+
5a7d05a8298cf38d43689470e8e43230d8add0f9 SOURCES/centos-kpatch.x509
|
6
|
+
c61172887746663d3bdd9acaa263cbfacf99e8b3 SOURCES/centos-ldup.x509
|
7
|
+
6e9105eb51e55a46761838f289a917611cad8091 SOURCES/centos.cer
|
@@ -0,0 +1,11 @@
|
|
1
|
+
--- a/arch/x86/boot/main.c 2014-06-04 10:05:04.000000000 -0700
|
2
|
+
+++ b/arch/x86/boot/main.c 2014-07-09 12:54:40.000000000 -0700
|
3
|
+
@@ -146,7 +146,7 @@ void main(void)
|
4
|
+
|
5
|
+
/* Make sure we have all the proper CPU support */
|
6
|
+
if (validate_cpu()) {
|
7
|
+
- puts("This processor is unsupported in RHEL7.\n");
|
8
|
+
+ puts("This processor is unsupported in CentOS 7.\n");
|
9
|
+
die();
|
10
|
+
}
|
11
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
From 69c0d42cfa26515196896dea086857c2caccb6eb Mon Sep 17 00:00:00 2001
|
2
|
+
From: Jim Perrin <jperrin@centos.org>
|
3
|
+
Date: Thu, 19 Jun 2014 10:05:12 -0500
|
4
|
+
Subject: [PATCH] branding patch for rh_taint
|
5
|
+
|
6
|
+
---
|
7
|
+
kernel/rh_taint.c | 2 +-
|
8
|
+
1 file changed, 1 insertion(+), 1 deletion(-)
|
9
|
+
|
10
|
+
diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c
|
11
|
+
index 59a74b0..0708e15 100644
|
12
|
+
--- a/kernel/rh_taint.c
|
13
|
+
+++ b/kernel/rh_taint.c
|
14
|
+
|
15
|
+
void mark_hardware_unsupported(const char *msg)
|
16
|
+
{
|
17
|
+
/* Print one single message */
|
18
|
+
- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg);
|
19
|
+
+ pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg);
|
20
|
+
}
|
21
|
+
EXPORT_SYMBOL(mark_hardware_unsupported);
|
22
|
+
|
23
|
+
--
|
24
|
+
1.8.3.1
|
25
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
From 66185f5c6f881847776702e3a7956c504400f4f2 Mon Sep 17 00:00:00 2001
|
2
|
+
From: Jim Perrin <jperrin@centos.org>
|
3
|
+
Date: Thu, 19 Jun 2014 09:53:13 -0500
|
4
|
+
Subject: [PATCH] branding patch for single-cpu systems
|
5
|
+
|
6
|
+
---
|
7
|
+
arch/x86/kernel/setup.c | 2 +-
|
8
|
+
1 file changed, 1 insertion(+), 1 deletion(-)
|
9
|
+
|
10
|
+
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
11
|
+
index b289118..9d25982 100644
|
12
|
+
--- a/arch/x86/kernel/setup.c
|
13
|
+
+++ b/arch/x86/kernel/setup.c
|
14
|
+
@@ -846,7 +846,7 @@ static void rh_check_supported(void)
|
15
|
+
if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
|
16
|
+
!x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) {
|
17
|
+
pr_crit("Detected single cpu native boot.\n");
|
18
|
+
- pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
|
19
|
+
+ pr_crit("Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information");
|
20
|
+
}
|
21
|
+
|
22
|
+
/* The RHEL7 kernel does not support this hardware. The kernel will
|
23
|
+
--
|
24
|
+
1.8.3.1
|
25
|
+
|
@@ -5,9 +5,9 @@ prompt = no
|
|
5
5
|
x509_extensions = myexts
|
6
6
|
|
7
7
|
[ req_distinguished_name ]
|
8
|
-
O =
|
9
|
-
CN =
|
10
|
-
emailAddress =
|
8
|
+
O = CentOS
|
9
|
+
CN = CentOS Linux kernel signing key
|
10
|
+
emailAddress = security@centos.org
|
11
11
|
|
12
12
|
[ myexts ]
|
13
13
|
basicConstraints=critical,CA:FALSE
|
@@ -339,16 +339,16 @@ Source10: sign-modules
|
|
339
339
|
Source11: x509.genkey
|
340
340
|
Source12: extra_certificates
|
341
341
|
%if %{?released_kernel}
|
342
|
-
Source13:
|
342
|
+
Source13: centos.cer
|
343
343
|
Source14: secureboot.cer
|
344
344
|
%define pesign_name redhatsecureboot301
|
345
345
|
%else
|
346
|
-
Source13:
|
347
|
-
Source14:
|
346
|
+
Source13: centos.cer
|
347
|
+
Source14: secureboot.cer
|
348
348
|
%define pesign_name redhatsecureboot003
|
349
349
|
%endif
|
350
|
-
Source15:
|
351
|
-
Source16:
|
350
|
+
Source15: centos-ldup.x509
|
351
|
+
Source16: centos-kpatch.x509
|
352
352
|
|
353
353
|
Source18: check-kabi
|
354
354
|
|
@@ -377,6 +377,9 @@ Source2001: cpupower.config
|
|
377
377
|
|
378
378
|
# empty final patch to facilitate testing of kernel patches
|
379
379
|
Patch999999: linux-kernel-test.patch
|
380
|
+
Patch1000: debrand-single-cpu.patch
|
381
|
+
Patch1001: debrand-rh_taint.patch
|
382
|
+
Patch1002: debrand-rh-i686-cpu.patch
|
380
383
|
|
381
384
|
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
|
382
385
|
|
@@ -538,11 +541,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
|
538
541
|
%endif
|
539
542
|
|
540
543
|
%package -n kernel-abi-whitelists
|
541
|
-
Summary: The
|
544
|
+
Summary: The CentOS Linux kernel ABI symbol whitelists
|
542
545
|
Group: System Environment/Kernel
|
543
546
|
AutoReqProv: no
|
544
547
|
%description -n kernel-abi-whitelists
|
545
|
-
The kABI package contains information pertaining to the
|
548
|
+
The kABI package contains information pertaining to the CentOS
|
546
549
|
Linux kernel ABI, including lists of kernel symbols that are needed by
|
547
550
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
548
551
|
|
@@ -685,6 +688,9 @@ cd linux-%{KVRA}
|
|
685
688
|
cp $RPM_SOURCE_DIR/kernel-%{version}-*.config .
|
686
689
|
|
687
690
|
ApplyOptionalPatch linux-kernel-test.patch
|
691
|
+
ApplyOptionalPatch debrand-single-cpu.patch
|
692
|
+
ApplyOptionalPatch debrand-rh_taint.patch
|
693
|
+
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
688
694
|
|
689
695
|
# Any further pre-build tree manipulations happen here.
|
690
696
|
|
@@ -843,7 +849,7 @@ BuildKernel() {
|
|
843
849
|
fi
|
844
850
|
# EFI SecureBoot signing, x86_64-only
|
845
851
|
%ifarch x86_64
|
846
|
-
%pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{
|
852
|
+
%pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13}
|
847
853
|
mv $KernelImage.signed $KernelImage
|
848
854
|
%endif
|
849
855
|
$CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
@@ -1530,6 +1536,9 @@ fi
|
|
1530
1536
|
%kernel_variant_files %{with_kdump} kdump
|
1531
1537
|
|
1532
1538
|
%changelog
|
1539
|
+
* Mon Jan 25 2016 CentOS Sources <bugs@centos.org> - 3.10.0-327.4.5.el7
|
1540
|
+
- Apply debranding changes
|
1541
|
+
|
1533
1542
|
* Thu Jan 21 2016 Alexander Gordeev <agordeev@redhat.com> [3.10.0-327.4.5.el7]
|
1534
1543
|
- [security] keys: Fix keyring ref leak in join_session_keyring() (David Howells) [1298931 1298036] {CVE-2016-0728}
|
1535
1544
|
|