diff --git a/.gitignore b/.gitignore index f49b82c..e9c09cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/kernel-rt-3.10.0-1160.108.1.rt56.1259.tar.xz +SOURCES/kernel-rt-3.10.0-1160.114.2.rt56.1266.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index e23b1d7..eae6e2a 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,3 +1,3 @@ -1f037fcacfc1cbdbddc832181a8e487e210c3f52 SOURCES/kernel-rt-3.10.0-1160.108.1.rt56.1259.tar.xz +56b61e0a225dfaeba9f67c0d250a2bcacb5111ce SOURCES/kernel-rt-3.10.0-1160.114.2.rt56.1266.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index 57ca55b..3ab6765 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec @@ -6,10 +6,10 @@ Summary: The Linux Realtime kernel %global dist .el7 # realtimeN -%global rtbuild 1259 +%global rtbuild 1266 # RHEL7 build number -%global rhel_build 1160.108.1 +%global rhel_build 1160.114.2 # The preempt RT patch level %global rttag rt56 @@ -60,7 +60,7 @@ Summary: The Linux Realtime kernel # if patch fuzzy patch applying will be forbidden %global with_fuzzy_patches 0 -%global rpmversion 3.10.0 +%global specversion 3.10.0 # What parts do we want to build? We must build at least one kernel. @@ -88,13 +88,13 @@ Summary: The Linux Realtime kernel %global pkg_release_simple %{rhel_build}.%{rttag}.%{rtbuild} %global pkg_release %{rhel_build}.%{rttag}.%{rtbuild}%{?buildid}%{?dist} -%global KVERREL %{rpmversion}-%{pkg_release}.%{_target_cpu} +%global KVERREL %{specversion}-%{pkg_release}.%{_target_cpu} # SEED to recalculate the build-id hashes %global _find_debuginfo_opts --unique-debug-suffix %{pkg_release} # The kernel tarball/base version -%global kversion %{rpmversion} +%global kversion %{specversion} %define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0} @@ -166,11 +166,11 @@ Summary: The Linux Realtime kernel %ifarch %{all_x86} %global hdrarch i386 -%global all_arch_configs kernel-%{rpmversion}-i?86-rt*.config +%global all_arch_configs kernel-%{specversion}-i?86-rt*.config %endif %ifarch x86_64 -%global all_arch_configs kernel-%{rpmversion}-x86_64-rt*.config +%global all_arch_configs kernel-%{specversion}-x86_64-rt*.config %endif %global oldconfig_target oldconfig @@ -238,9 +238,9 @@ Summary: The Linux Realtime kernel # macros defined above. # %define kernel_reqprovconf \ -Provides: installonlypkg(kernel) = %{rpmversion}-%{pkg_release}\ -Provides: kernel = %{rpmversion}-%{pkg_release}\ -Provides: kernel-%{_target_cpu} = %{rpmversion}-%{pkg_release}%{?1:.%{1}}\ +Provides: installonlypkg(kernel) = %{specversion}-%{pkg_release}\ +Provides: kernel = %{specversion}-%{pkg_release}\ +Provides: kernel-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:.%{1}}\ Provides: kernel-drm = 4.3.0\ Provides: kernel-drm-nouveau = 16\ Provides: kernel-modeset = 1\ @@ -267,15 +267,15 @@ Name: kernel-rt Group: System Environment/Kernel License: GPLv2 URL: http://www.kernel.org/ -Version: %{rpmversion} +Version: %{specversion} Release: %{pkg_release} # DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD. # SET %%nobuildarches (ABOVE) INSTEAD ExclusiveArch: noarch x86_64 ExclusiveOS: Linux -Provides: installonlypkg(kernel-rt) = %{rpmversion} +Provides: installonlypkg(kernel-rt) = %{specversion} Provides: kernel-rt-drm = 4.3.0 -Provides: kernel-rt-%{_target_cpu} = %{rpmversion}-%{pkg_release} +Provides: kernel-rt-%{_target_cpu} = %{specversion}-%{pkg_release} %kernel_reqprovconf @@ -317,7 +317,7 @@ BuildRequires: rpm-build >= 4.9.0-1, elfutils >= 0.153-1 %define debuginfo_args --strict-build-id -r %endif -Source0: %{name}-%{rpmversion}-%{pkg_release_simple}.tar.xz +Source0: %{name}-%{specversion}-%{pkg_release_simple}.tar.xz Source10: sign-modules %define modsign_cmd %{SOURCE10} @@ -602,7 +602,7 @@ esac if [ ! -d kernel-%{kversion}/vanilla-%{kversion}/ ]; then rm -f pax_global_header; %setup -q -n kernel-%{kversion} -c - mv %{name}-%{rpmversion}-%{pkg_release_simple} vanilla-%{kversion}; + mv %{name}-%{specversion}-%{pkg_release_simple} vanilla-%{kversion}; else cd kernel-%{kversion}/; fi @@ -1097,7 +1097,7 @@ fi cd linux-%{kversion}.%{_target_cpu} %if %{builddoc} -docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-doc-%{rpmversion} +docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-doc-%{specversion} man9dir=$RPM_BUILD_ROOT%{_datadir}/man/man9rt # copy the source over @@ -1162,10 +1162,10 @@ rm -f $RPM_BUILD_ROOT/usr/include/asm*/irq.h %if %{builddoc} # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel -mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release} -install -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20140212.cer -install -m 0644 %{SOURCE15} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20200609.cer -ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca.cer +mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release} +install -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release}/kernel-signing-ca-20140212.cer +install -m 0644 %{SOURCE15} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release}/kernel-signing-ca-20200609.cer +ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release}/kernel-signing-ca.cer %endif @@ -1335,14 +1335,14 @@ fi %if %{builddoc} %files doc %defattr(-,root,root) -%{_datadir}/doc/kernel-rt-doc-%{rpmversion}/Documentation/* -%dir %{_datadir}/doc/kernel-rt-doc-%{rpmversion}/Documentation -%dir %{_datadir}/doc/kernel-rt-doc-%{rpmversion} +%{_datadir}/doc/kernel-rt-doc-%{specversion}/Documentation/* +%dir %{_datadir}/doc/kernel-rt-doc-%{specversion}/Documentation +%dir %{_datadir}/doc/kernel-rt-doc-%{specversion} %{_datadir}/man/man9rt/* -%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20140212.cer -%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca-20200609.cer -%{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release}/kernel-signing-ca.cer -%dir %{_datadir}/doc/kernel-rt-keys/%{rpmversion}-%{pkg_release} +%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release}/kernel-signing-ca-20140212.cer +%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release}/kernel-signing-ca-20200609.cer +%{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release}/kernel-signing-ca.cer +%dir %{_datadir}/doc/kernel-rt-keys/%{specversion}-%{pkg_release} %dir %{_datadir}/doc/kernel-rt-keys %endif @@ -1454,6 +1454,48 @@ fi %endif %changelog +* Wed Mar 06 2024 Rado Vrbovsky [3.10.0-1160.114.2.rt56.1266.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-26403] {CVE-2024-26602} + +* Thu Feb 15 2024 Rado Vrbovsky [3.10.0-1160.114.1.rt56.1265.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-23504] {CVE-2024-1086} + +* Tue Feb 13 2024 Rado Vrbovsky [3.10.0-1160.113.1.rt56.1264.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15193] {CVE-2023-45871} +- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (David Marlin) [RHEL-8955] {CVE-2022-42896} +- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (David Marlin) [RHEL-8955] {CVE-2022-42896} +- Bluetooth: Use separate L2CAP LE credit based connection result values (David Marlin) [RHEL-8955] {CVE-2022-42896} +- Bluetooth: L2CAP: Fix L2CAP_CR_SCID_IN_USE value (David Marlin) [RHEL-8955] {CVE-2022-42896} + +* Fri Feb 02 2024 Rado Vrbovsky [3.10.0-1160.112.1.rt56.1263.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14397] +- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14405] {CVE-2023-4921} +- cpufreq: Initialize policy->kobj while allocating policy (Waiman Long) [2161654] +- net: bonding: fix possible NULL deref in rlb code (Hangbin Liu) [RHEL-17227] +- net: bonding: fix use-after-free after 802.3ad slave unbind (Hangbin Liu) [RHEL-17227] + +* Thu Jan 25 2024 Rado Vrbovsky [3.10.0-1160.111.1.rt56.1262.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- redhat: rewrite genlog and support Y- tags (Jan Stancek) +- scsi: zfcp: Fix double free of FSF request when qdio send fails (Tobias Huschle) [RHEL-16335] +- fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1713] {CVE-2023-38409} + +* Fri Jan 19 2024 Rado Vrbovsky [3.10.0-1160.110.1.rt56.1261.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- gfs2: Fix glock recursion on withdraw during recovery (Andreas Gruenbacher) [RHEL-17223] + +* Fri Jan 12 2024 Rado Vrbovsky [3.10.0-1160.109.1.rt56.1260.el7] +- [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-21455] +- [rt] Subject: redhat-rt: fix to be able to build with rpm 4.19.0 (Rado Vrbovsky) +- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (Waiman Long) [RHEL-17703] +- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko) [2224973] +- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (Oleksandr Natalenko) [2224973] +- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko) [2224973] + * Mon Jan 08 2024 Rado Vrbovsky [3.10.0-1160.108.1.rt56.1259.el7] - [rt] Update source tree to match RHEL rhel-7.9.z tree [RHEL-19250] - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) [RHEL-6302]