From 80461759bad746ebc48317469e9b4bb37bd34177 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 22 2017 15:31:52 +0000 Subject: import kernel-3.10.0-514.6.2.el7 --- diff --git a/.gitignore b/.gitignore index 009aee4..a342261 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,4 @@ SOURCES/kernel-abi-whitelists-514.tar.bz2 -SOURCES/linux-3.10.0-514.6.1.el7.tar.xz +SOURCES/linux-3.10.0-514.6.2.el7.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 -SOURCES/centos-kpatch.x509 -SOURCES/centos-ldup.x509 -SOURCES/centos.cer diff --git a/.kernel.metadata b/.kernel.metadata index f9b5a70..59055a2 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,7 +1,4 @@ 9d627e35baa56e8ffc7dc32e5d9ffa68c185e19c SOURCES/kernel-abi-whitelists-514.tar.bz2 -561ffa23591604ff67a4412807ec6b813996e2d8 SOURCES/linux-3.10.0-514.6.1.el7.tar.xz +776c4d9e15e33449bee866484a969d4ea5937e23 SOURCES/linux-3.10.0-514.6.2.el7.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 -5a7d05a8298cf38d43689470e8e43230d8add0f9 SOURCES/centos-kpatch.x509 -c61172887746663d3bdd9acaa263cbfacf99e8b3 SOURCES/centos-ldup.x509 -6e9105eb51e55a46761838f289a917611cad8091 SOURCES/centos.cer diff --git a/SOURCES/Makefile.common b/SOURCES/Makefile.common index 6f6124c..bc95299 100644 --- a/SOURCES/Makefile.common +++ b/SOURCES/Makefile.common @@ -9,7 +9,7 @@ RPMVERSION:=3.10.0 # marker is git tag which we base off of for exporting patches MARKER:=v3.10 PREBUILD:= -BUILD:=514.6.1 +BUILD:=514.6.2 DIST:=.el7 SPECFILE:=kernel.spec RPM:=$(REDHAT)/rpm diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch deleted file mode 100644 index 739855c..0000000 --- a/SOURCES/debrand-rh-i686-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/boot/main.c 2014-06-04 10:05:04.000000000 -0700 -+++ b/arch/x86/boot/main.c 2014-07-09 12:54:40.000000000 -0700 -@@ -146,7 +146,7 @@ void main(void) - - /* Make sure we have all the proper CPU support */ - if (validate_cpu()) { -- puts("This processor is unsupported in RHEL7.\n"); -+ puts("This processor is unsupported in CentOS 7.\n"); - die(); - } - diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch deleted file mode 100644 index 8ef4557..0000000 --- a/SOURCES/debrand-rh_taint.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 69c0d42cfa26515196896dea086857c2caccb6eb Mon Sep 17 00:00:00 2001 -From: Jim Perrin -Date: Thu, 19 Jun 2014 10:05:12 -0500 -Subject: [PATCH] branding patch for rh_taint - ---- - kernel/rh_taint.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c -index 59a74b0..0708e15 100644 ---- a/kernel/rh_taint.c -+++ b/kernel/rh_taint.c -@@ -8,7 +8,7 @@ - void mark_hardware_unsupported(const char *msg) - { - /* Print one single message */ -- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg); -+ pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg); - } - EXPORT_SYMBOL(mark_hardware_unsupported); - --- -1.8.3.1 - diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch deleted file mode 100644 index 9d2e08b..0000000 --- a/SOURCES/debrand-single-cpu.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 66185f5c6f881847776702e3a7956c504400f4f2 Mon Sep 17 00:00:00 2001 -From: Jim Perrin -Date: Thu, 19 Jun 2014 09:53:13 -0500 -Subject: [PATCH] branding patch for single-cpu systems - ---- - arch/x86/kernel/setup.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index b289118..9d25982 100644 ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -846,7 +846,7 @@ static void rh_check_supported(void) - if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) { - pr_crit("Detected single cpu native boot.\n"); -- pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); - } - - /* The RHEL7 kernel does not support this hardware. The kernel will --- -1.8.3.1 - diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index d98f8fe..b1bbe38 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS Linux kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 03a2756..4f6ade3 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -14,10 +14,10 @@ Summary: The Linux kernel %global distro_build 514 %define rpmversion 3.10.0 -%define pkgrelease 514.6.1.el7 +%define pkgrelease 514.6.2.el7 # allow pkg_release to have configurable %{?dist} tag -%define specrelease 514.6.1%{?dist} +%define specrelease 514.6.2%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -345,16 +345,16 @@ Source10: sign-modules Source11: x509.genkey Source12: extra_certificates %if %{?released_kernel} -Source13: centos.cer +Source13: securebootca.cer Source14: secureboot.cer %define pesign_name redhatsecureboot301 %else -Source13: centos.cer -Source14: secureboot.cer +Source13: redhatsecurebootca2.cer +Source14: redhatsecureboot003.cer %define pesign_name redhatsecureboot003 %endif -Source15: centos-ldup.x509 -Source16: centos-kpatch.x509 +Source15: rheldup3.x509 +Source16: rhelkpatch1.x509 Source18: check-kabi @@ -383,9 +383,6 @@ Source2001: cpupower.config # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -Patch1002: debrand-rh-i686-cpu.patch BuildRoot: %{_tmppath}/kernel-%{KVRA}-root @@ -547,11 +544,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n kernel-abi-whitelists -Summary: The CentOS Linux kernel ABI symbol whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n kernel-abi-whitelists -The kABI package contains information pertaining to the CentOS +The kABI package contains information pertaining to the Red Hat Enterprise Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -694,9 +691,6 @@ cd linux-%{KVRA} cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . ApplyOptionalPatch linux-kernel-test.patch -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch # Any further pre-build tree manipulations happen here. @@ -855,7 +849,7 @@ BuildKernel() { fi # EFI SecureBoot signing, x86_64-only %ifarch x86_64 - %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13} + %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} mv $KernelImage.signed $KernelImage %endif $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer @@ -1550,8 +1544,8 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog -* Tue Jan 17 2017 CentOS Sources - 3.10.0-514.6.1.el7 -- Apply debranding changes +* Fri Feb 17 2017 Frantisek Hrbata [3.10.0-514.6.2.el7] +- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463] * Sat Dec 10 2016 Frantisek Hrbata [3.10.0-514.6.1.el7] - [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}