diff --git a/.gitignore b/.gitignore index bb9ded5..429943a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/kernel-abi-whitelists-4.18.0-193.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-193.tar.bz2 -SOURCES/linux-4.18.0-193.1.2.el8_2.tar.xz +SOURCES/linux-4.18.0-193.6.3.el8_2.tar.xz diff --git a/.kernel.metadata b/.kernel.metadata index d3a5652..9cffd75 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,3 +1,3 @@ e784eb39f12543661810c04a478fd6a3e342644d SOURCES/kernel-abi-whitelists-4.18.0-193.tar.bz2 89d98f66f0a35a19ab31b2d7943d3199ca8a15c1 SOURCES/kernel-kabi-dw-4.18.0-193.tar.bz2 -12bc38eb6a9193fcdd4fa1c94173f2e2dd878501 SOURCES/linux-4.18.0-193.1.2.el8_2.tar.xz +0dc471dcaa6001250583429d9b5a4d4d7e8607e7 SOURCES/linux-4.18.0-193.6.3.el8_2.tar.xz diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/filter-modules.sh b/SOURCES/filter-modules.sh index c750bc7..416e6d7 100755 --- a/SOURCES/filter-modules.sh +++ b/SOURCES/filter-modules.sh @@ -34,7 +34,7 @@ netprots="6lowpan appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee80215 drmdrvs="amd ast gma500 i2c i915 mgag200 nouveau radeon via " -singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr parport_serial ism" +singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr parport_serial ism xt_u32" # Grab the arch-specific filter list overrides source ./filter-$2.sh diff --git a/SOURCES/kernel-aarch64-debug.config b/SOURCES/kernel-aarch64-debug.config index 6002bf2..aa3415d 100644 --- a/SOURCES/kernel-aarch64-debug.config +++ b/SOURCES/kernel-aarch64-debug.config @@ -1261,7 +1261,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NET_9P is not set # CONFIG_NET_ACT_CONNMARK is not set @@ -4045,6 +4044,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-aarch64.config b/SOURCES/kernel-aarch64.config index ff3fceb..a3d74de 100644 --- a/SOURCES/kernel-aarch64.config +++ b/SOURCES/kernel-aarch64.config @@ -1318,7 +1318,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NET_9P is not set # CONFIG_NET_ACT_CONNMARK is not set @@ -4056,6 +4055,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-ppc64le-debug.config b/SOURCES/kernel-ppc64le-debug.config index b3cd2af..24b230c 100644 --- a/SOURCES/kernel-ppc64le-debug.config +++ b/SOURCES/kernel-ppc64le-debug.config @@ -1139,7 +1139,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NET_9P is not set # CONFIG_NET_ACT_CONNMARK is not set @@ -3730,6 +3729,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-ppc64le.config b/SOURCES/kernel-ppc64le.config index 2084aee..44bd529 100644 --- a/SOURCES/kernel-ppc64le.config +++ b/SOURCES/kernel-ppc64le.config @@ -1198,7 +1198,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NET_9P is not set # CONFIG_NET_ACT_CONNMARK is not set @@ -3738,6 +3737,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-s390x-debug.config b/SOURCES/kernel-s390x-debug.config index 5d5ecee..ebc9904 100644 --- a/SOURCES/kernel-s390x-debug.config +++ b/SOURCES/kernel-s390x-debug.config @@ -1223,7 +1223,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NETIUCV is not set # CONFIG_NET_9P is not set @@ -3745,6 +3744,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-s390x-zfcpdump.config b/SOURCES/kernel-s390x-zfcpdump.config index 897382c..56cb6b4 100644 --- a/SOURCES/kernel-s390x-zfcpdump.config +++ b/SOURCES/kernel-s390x-zfcpdump.config @@ -1378,7 +1378,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NETIUCV is not set # CONFIG_NETPOLL is not set @@ -3845,6 +3844,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-s390x.config b/SOURCES/kernel-s390x.config index 4a6506e..9580d5f 100644 --- a/SOURCES/kernel-s390x.config +++ b/SOURCES/kernel-s390x.config @@ -1281,7 +1281,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NETIUCV is not set # CONFIG_NET_9P is not set @@ -3752,6 +3751,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-x86_64-debug.config b/SOURCES/kernel-x86_64-debug.config index 266386f..3dc4781 100644 --- a/SOURCES/kernel-x86_64-debug.config +++ b/SOURCES/kernel-x86_64-debug.config @@ -1139,7 +1139,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NET_9P is not set # CONFIG_NET_ACT_CONNMARK is not set @@ -3965,6 +3964,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/kernel-x86_64.config b/SOURCES/kernel-x86_64.config index 6cb57ea..7a9fd78 100644 --- a/SOURCES/kernel-x86_64.config +++ b/SOURCES/kernel-x86_64.config @@ -1195,7 +1195,6 @@ # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set # CONFIG_NET_9P is not set # CONFIG_NET_ACT_CONNMARK is not set @@ -3972,6 +3971,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_SET=m CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m diff --git a/SOURCES/mod-extra.list b/SOURCES/mod-extra.list index 78d1cb0..032133e 100644 --- a/SOURCES/mod-extra.list +++ b/SOURCES/mod-extra.list @@ -187,5 +187,6 @@ warrior.ko whci.ko wire.ko xpad.ko +xt_u32.ko yam.ko zhenhua.ko diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index d98f8fe..b1bbe38 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS Linux kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 684f02d..84b6787 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -19,7 +19,7 @@ %global distro_build 193 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 aarch64 +%ifarch x86_64 aarch64 s390x ppc64le %global signkernel 1 %else %global signkernel 0 @@ -42,10 +42,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 193.1.2.el8_2 +%define pkgrelease 193.6.3.el8_2 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 193.1.2%{?dist} +%define specrelease 193.6.3%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -421,24 +421,34 @@ Source11: x509.genkey %if %{?released_kernel} -Source12: centos-ca-secureboot.der -Source13: centossecureboot001.crt +Source12: securebootca.cer +Source13: secureboot.cer +Source14: secureboot_s390.cer +Source15: secureboot_ppc.cer %define secureboot_ca %{SOURCE12} %ifarch x86_64 aarch64 %define secureboot_key %{SOURCE13} -%define pesign_name centossecureboot001 +%define pesign_name redhatsecureboot301 +%endif +%ifarch s390x +%define secureboot_key %{SOURCE14} +%define pesign_name redhatsecureboot302 +%endif +%ifarch ppc64le +%define secureboot_key %{SOURCE15} +%define pesign_name redhatsecureboot303 %endif # released_kernel %else -Source12: centos-ca-secureboot.der -Source13: centossecureboot001.crt +Source12: redhatsecurebootca2.cer +Source13: redhatsecureboot003.cer %define secureboot_ca %{SOURCE12} %define secureboot_key %{SOURCE13} -%define pesign_name centossecureboot001 +%define pesign_name redhatsecureboot003 # released_kernel %endif @@ -495,13 +505,6 @@ Source400: mod-kvm.list Source2000: cpupower.service Source2001: cpupower.config -# Sources for CentOS debranding -Source9000: centos.pem - -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -#Patch1002: debrand-rh-i686-cpu.patch - ## Patches needed for building this package # empty final patch to facilitate testing of kernel patches @@ -512,7 +515,7 @@ Patch999999: linux-kernel-test.patch BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for CentOS +This is the package which provides the Linux %{name} for Red Hat Enterprise Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means @@ -521,7 +524,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in CentOS Linux, enhancements for +updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc. # @@ -754,11 +757,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-whitelists -Summary: The CentOS Linux kernel ABI symbol whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n %{name}-abi-whitelists -The kABI package contains information pertaining to the CentOS +The kABI package contains information pertaining to the Red Hat Enterprise Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -768,7 +771,7 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the CentOS +The package contains data describing the current ABI of the Red Hat Enterprise Linux kernel, suitable for the kabi-dw tool. %endif @@ -841,7 +844,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ %{nil} # @@ -1036,17 +1039,11 @@ ApplyOptionalPatch() } %setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c - -cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem - mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -#ApplyOptionalPatch debrand-rh-i686-cpu.patch # END OF PATCH APPLICATIONS @@ -1645,7 +1642,7 @@ BuildKernel() { # build a BLS config for this kernel %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" - # CentOS UEFI Secure Boot CA cert, which can be used to authenticate the kernel + # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer install -m 0644 %{secureboot_ca} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer %ifarch s390x ppc64le @@ -2465,13 +2462,60 @@ fi # # %changelog -* Tue May 12 2020 CentOS Sources - 4.18.0-193.1.2.el8.centos -- Apply debranding changes - -* Thu May 07 2020 Bruno Meneguele [4.18.0-193.1.2.el8_2] +* Mon Jun 01 2020 Bruno Meneguele [4.18.0-193.6.3.el8_2] +- rebuild to enable xt_u32 module (Jiri Benc) [1840800 1840799 1834769 1838190] + +* Tue May 26 2020 Bruno Meneguele [4.18.0-193.6.2.el8_2] +- [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} +- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} +- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} +- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} +- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} + +* Fri May 22 2020 Bruno Meneguele [4.18.0-193.6.1.el8_2] +- [char] tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (Steve Best) [1827632 1808048] +- [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1838477 1819408] +- [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1838477 1819408] +- [kernel] sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression (Phil Auld) [1834517 1745111] +- [block] block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Ming Lei) [1835531 1835532] {CVE-2020-12657} +- [kvm] KVM: x86: use raw clock values consistently (Marcelo Tosatti) [1822498 1768622] +- [kvm] KVM: x86: reorganize pvclock_gtod_data members (Marcelo Tosatti) [1822498 1768622] +- [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1822498 1768622] + +* Thu May 21 2020 Bruno Meneguele [4.18.0-193.5.1.el8_2] +- [fs] nfs: fix NULL deference in nfs4_get_valid_delegation ("J. Bruce Fields") [1837969 1831553] + +* Fri May 15 2020 Bruno Meneguele [4.18.0-193.4.1.el8_2] +- [bluetooth] Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" (Gopal Tiwari) [1827620 1811534] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827249 1827251] {CVE-2020-10711} - [mm] s390/mm: fix page table upgrade vs 2ndary address mode accesses (Vladis Dronov) [1828153 1828154] {CVE-2020-11884} +* Tue May 12 2020 Bruno Meneguele [4.18.0-193.3.1.el8_2] +- [kernel] sched/isolation: Allow "isolcpus=" to skip unknown sub-parameters (Peter Xu) [1832367 1799014] +- [firmware] efi: fix a mistype in comments mentioning efivar_entry_iter_begin() (Vladis Dronov) [1829527 1804417] +- [firmware] efi: add a sanity check to efivar_store_raw() (Vladis Dronov) [1829527 1804417] +- [firmware] efi: fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [1829527 1804417] +- [net] net/smc: keep vlan_id for SMC-R in smc_listen_work() (Philipp Rudo) [1827631 1796890] + +* Mon May 04 2020 Bruno Meneguele [4.18.0-193.2.1.el8_2] +- [net] vti[6]: fix packet tx through bpf_redirect() in XinY cases (Sabrina Dubroca) [1821375 1795145] +- [net] xfrm interface: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145] +- [net] vti[6]: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145] +- [scripts] redhat: fix modpost.c prerequisites (Frantisek Hrbata) [1828229 1818499] +- [infiniband] IB/core: Avoid deadlock during netlink message handling (Kamal Heib) [1821381 1818986] +- [infiniband] RDMA/core: Support netlink commands in non init_net net namespaces (Kamal Heib) [1821381 1818986] +- [misc] mei: me: add comet point (lake) H device ids (Ken Cox) [1825262 1815355] +- [misc] mei: me: add comet point (lake) LP device ids (Ken Cox) [1825262 1815355] +- [misc] mei: define dma ring buffer sizes for PCH12 HW and newer (Ken Cox) [1825262 1815355] +- [misc] mei: hbm: define dma ring setup protocol (Ken Cox) [1825262 1815355] +- [net] SUNRPC: fix krb5p mount to provide large enough buffer in rq_rcvsize (Steve Dickson) [1826219 1825388] +- [mm] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (Rafael Aquini) [1827619 1763878] +- [mm] mm: thp: fix flags for pmd migration when split (Rafael Aquini) [1827619 1763878] +- [mm] mm: thp: relocate flush_cache_range() in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878] +- [mm] mm: thp: fix mmu_notifier in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878] +- [mm] mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition (Rafael Aquini) [1827619 1763878] +- [md] Revert "dm: always call blk_queue_split() in dm_process_bio()" (Mike Snitzer) [1821382 1820705] + * Mon Apr 27 2020 Bruno Meneguele [4.18.0-193.1.1.el8_2] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1824398 1806817] {CVE-2020-2732}