From 4a9d518c90c6887e2246e235fd2927f6563564e3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 18 2023 07:41:08 +0000 Subject: import kernel-3.10.0-1160.95.1.el7 --- diff --git a/.gitignore b/.gitignore index 2a6802e..f018f20 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ SOURCES/kernel-abi-whitelists-1160.tar.bz2 SOURCES/kernel-kabi-dw-1160.tar.bz2 -SOURCES/linux-3.10.0-1160.92.1.el7.tar.xz +SOURCES/linux-3.10.0-1160.95.1.el7.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 566adeb..c34171f 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,5 +1,5 @@ ba5599148e52ecd126ebcf873672e26d3288323e SOURCES/kernel-abi-whitelists-1160.tar.bz2 5000b85c42ef87b6835dd8eef063e4623c2e0fa9 SOURCES/kernel-kabi-dw-1160.tar.bz2 -ad47eeec3b604fe4f3c9f0c92407c5f7e8ef0c73 SOURCES/linux-3.10.0-1160.92.1.el7.tar.xz +5bfa52cee420865058dd9751a3db563ea623f150 SOURCES/linux-3.10.0-1160.95.1.el7.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/Makefile.common b/SOURCES/Makefile.common index 75389b1..2b095c4 100644 --- a/SOURCES/Makefile.common +++ b/SOURCES/Makefile.common @@ -9,7 +9,7 @@ RPMVERSION:=3.10.0 # marker is git tag which we base off of for exporting patches MARKER:=v3.10 PREBUILD:= -BUILD:=1160.92.1 +BUILD:=1160.95.1 DIST:=.el7 SPECFILE:=kernel.spec RPM:=$(REDHAT)/rpm diff --git a/SOURCES/kernel-3.10.0-s390x-debug.config b/SOURCES/kernel-3.10.0-s390x-debug.config index 0bc3ea3..53e052f 100644 --- a/SOURCES/kernel-3.10.0-s390x-debug.config +++ b/SOURCES/kernel-3.10.0-s390x-debug.config @@ -197,6 +197,8 @@ CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y diff --git a/SOURCES/kernel-3.10.0-s390x-kdump.config b/SOURCES/kernel-3.10.0-s390x-kdump.config index bdc5500..95336d9 100644 --- a/SOURCES/kernel-3.10.0-s390x-kdump.config +++ b/SOURCES/kernel-3.10.0-s390x-kdump.config @@ -193,6 +193,8 @@ CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y diff --git a/SOURCES/kernel-3.10.0-s390x.config b/SOURCES/kernel-3.10.0-s390x.config index b75b462..731f49b 100644 --- a/SOURCES/kernel-3.10.0-s390x.config +++ b/SOURCES/kernel-3.10.0-s390x.config @@ -197,6 +197,8 @@ CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index d98f8fe..b1bbe38 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS Linux kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index b6e71a7..f5508c5 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -20,10 +20,10 @@ Summary: The Linux kernel %global distro_build 1160 %define rpmversion 3.10.0 -%define pkgrelease 1160.92.1.el7 +%define pkgrelease 1160.95.1.el7 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 1160.92.1%{?dist} +%define specrelease 1160.95.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -402,22 +402,22 @@ Source10: sign-modules Source11: x509.genkey Source12: extra_certificates %if %{?released_kernel} -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt -Source15: centossecurebootca2.der -Source16: centossecureboot201.crt -%define pesign_name_0 centossecureboot001 -%define pesign_name_1 centossecureboot201 +Source13: redhatsecurebootca3.cer +Source14: redhatsecureboot301.cer +Source15: redhatsecurebootca5.cer +Source16: redhatsecureboot501.cer +%define pesign_name_0 redhatsecureboot301 +%define pesign_name_1 redhatsecureboot501 %else -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt -Source15: centossecurebootca2.der -Source16: centossecureboot201.crt -%define pesign_name_0 centossecureboot001 -%define pesign_name_1 centossecureboot201 +Source13: redhatsecurebootca2.cer +Source14: redhatsecureboot003.cer +Source15: redhatsecurebootca4.cer +Source16: redhatsecureboot401.cer +%define pesign_name_0 redhatsecureboot003 +%define pesign_name_1 redhatsecureboot401 %endif -Source17: centos-ldup.x509 -Source18: centos-kpatch.x509 +Source17: rheldup3.x509 +Source18: rhelkpatch1.x509 Source19: check-kabi @@ -461,9 +461,6 @@ Source9999: lastcommit.stat # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -Patch1002: debrand-rh-i686-cpu.patch BuildRoot: %{_tmppath}/kernel-%{KVRA}-root @@ -647,11 +644,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n kernel-abi-whitelists -Summary: The CentOS Linux kernel ABI symbol whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n kernel-abi-whitelists -The kABI package contains information pertaining to the CentOS +The kABI package contains information pertaining to the Red Hat Enterprise Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -661,8 +658,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kabidw-base -The kabidw-base package contains data describing the current ABI of the CentOS -Linux kernel, suitable for the kabi-dw tool. +The kabidw-base package contains data describing the current ABI of the Red Hat +Enterprise Linux kernel, suitable for the kabi-dw tool. %endif # @@ -804,9 +801,6 @@ cd linux-%{KVRA} cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . ApplyOptionalPatch linux-kernel-test.patch -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch # Any further pre-build tree manipulations happen here. @@ -1810,6 +1804,19 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog +* Fri Jun 23 2023 Rado Vrbovsky [3.10.0-1160.95.1.el7] +- perf/s390x: Align the register list to what we support (Michael Petlan) [2207745] +- Revert "[tools] s390/perf: add perf register support for floating-point registers" (Michael Petlan) [2207745] +- s390/perf: add perf_regs support and user stack dump (Michael Petlan) [2207745] +- s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR (Tobias Huschle) [2212672] + +* Fri Jun 09 2023 Rado Vrbovsky [3.10.0-1160.94.1.el7] +- netfilter: nf_tables: deactivate anonymous set from preparation phase (Florian Westphal) [2196159] {CVE-2023-32233} + +* Mon Jun 05 2023 Rado Vrbovsky [3.10.0-1160.93.1.el7] +- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Wander Lairson Costa) [2152941] {CVE-2022-3564} +- proc/pagemap: walk page tables under pte lock (Rafael Aquini) [2190338] + * Thu May 18 2023 Rado Vrbovsky [3.10.0-1160.92.1.el7] - packet: fix use-after-free in prb_retire_rx_blk_timer_expired() (Florian Westphal) [2182642] - x86/bugs: Workaround for incorrectly set X86_BUG_RETBLEED under VMware (Waiman Long) [2189556]