From f45f1491b87f2bce2d1afc8fc1b92ee11cbcd547 Mon Sep 17 00:00:00 2001 From: Akemi Yagi Date: Sep 22 2019 05:02:46 +0000 Subject: c8 plus kernel: update to 4.18.0-80.11.1.el8_0 Signed-off-by: Akemi Yagi --- diff --git a/SPECS/kernel-plus.spec b/SPECS/kernel-plus.spec index 6b80484..b3e8b60 100644 --- a/SPECS/kernel-plus.spec +++ b/SPECS/kernel-plus.spec @@ -34,10 +34,10 @@ Summary: The Linux kernel # %%define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 80.7.2.el8_0 +%define pkgrelease 80.11.1.el8_0 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 80.7.2%{?dist} +%define specrelease 80.11.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2177,19 +2177,101 @@ fi # # %changelog -* Fri Aug 09 2019 Akemi Yagi [4.18.0-80.7.2.el8_0.centos.plus] +* Tue Sep 10 2019 Akemi Yagi [4.18.0-80.11.1.el8_0.centos.plus] - Apply debranding changes - Modify config file for x86_64 with extra features turned on including some network adapters, ReiserFS, TOMOYO - Apply patches from CentOS-7 plus kernel - Apply driver patches imported from ELRepo - Apply patches for e1000 and e1000e from kernel.org [bug#16284] -* Fri Jul 26 2019 Frantisek Hrbata [4.18.0-80.7.2.el8_0] +* Tue Sep 03 2019 Frantisek Hrbata [4.18.0-80.11.1.el8_0] +- [wireless] mwifiex: Don't abort on small, spec-compliant vendor IEs (Jarod Wilson) [1714475 1728992] +- [wireless] mwifiex: fix 802.11n/WPA detection (Jarod Wilson) [1714475 1714476] {CVE-2019-3846} + +* Tue Aug 06 2019 Frantisek Hrbata [4.18.0-80.10.1.el8_0] - [x86] x86/entry/64: Use JMP instead of JMPQ (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125} - [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125} - [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125} - [x86] x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125} - [x86] x86/cpufeatures: Carve out CQM features retrieval (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125} + +* Mon Aug 05 2019 Frantisek Hrbata [4.18.0-80.9.1.el8_0] +- [netdrv] thunderx: eliminate extra calls to put_page() for pages held for recycling (Dean Nelson) [1726354 1644011] +- [netdrv] thunderx: enable page recycling for non-XDP case (Dean Nelson) [1726354 1644011] +- [arm64] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off (Mark Salter) [1726357 1673068] +- [arm64] arm64: kaslr: ensure randomized quantities are clean to the PoC (Mark Salter) [1726357 1673068] +- [mm] powerpc/mm/64s/hash: Reallocate context ids on fork (Gustavo Duarte) [1734689 1723808] {CVE-2019-12817} +- [powerpc] powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (Steve Best) [1733282 1720929] +- [powerpc] powerpc/pseries/mobility: prevent cpu hotplug during DT update (Steve Best) [1733282 1720929] +- [powerpc] powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (Steve Best) [1733282 1720929] +- [powerpc] powerpc/watchpoint: Restore NV GPRs while returning from exception (Steve Best) [1733281 1728557] +- [hid] HID: i2c-hid: Don't reset device upon system resume (Perry Yuan) [1727098 1715385] +- [netdrv] net/mlx5e: RX, Verify MPWQE stride size is in range (Alaa Hleihel) [1726372 1683589] +- [sound] ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Jaroslav Kysela) [1726371 1658924] {CVE-2018-19824} +- [sound] ALSA: hda - Enable runtime PM only for discrete GPU (Jaroslav Kysela) [1726361 1714817] +- [cpufreq] cpufreq: intel_pstate: Ignore turbo active ratio in HWP (David Arcari) [1726360 1711970] +- [infiniband] usnic_verbs: fix deadlock (Govindarajulu Varadarajan) [1726358 1688505] +- [infiniband] IB/usnic: Fix locking when unregistering (Govindarajulu Varadarajan) [1726358 1688505] +- [infiniband] IB/usnic: Fix potential deadlock (Govindarajulu Varadarajan) [1726358 1688505] +- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098] +- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098] +- [x86] x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (Frank Ramsay) [1724534 1677695] +- [security] selinux: overhaul sidtab to fix bug and improve performance (Ondrej Mosnacek) [1717780 1656787] +- [security] selinux: use separate table for initial SID lookup (Ondrej Mosnacek) [1717780 1656787] +- [security] selinux: refactor sidtab conversion (Ondrej Mosnacek) [1717780 1656787] +- [security] selinux: Cleanup printk logging in sidtab (Ondrej Mosnacek) [1717780 1656787] +- [security] selinux: Cleanup printk logging in services (Ondrej Mosnacek) [1717780 1656787] +- [security] selinux: Cleanup printk logging in policydb (Ondrej Mosnacek) [1717780 1656787] +- [crypto] crypto: authenc - fix parsing key with misaligned rta_len (Herbert Xu) [1715335 1707546] +- [mm] mm, page_alloc: fix has_unmovable_pages for HugePages (David Gibson) [1714758 1688114] +- [wireless] mwifiex: Abort at too short BSS descriptor element (Jarod Wilson) [1714475 1714476] {CVE-2019-3846} +- [wireless] mwifiex: Fix possible buffer overflows at parsing bss descriptor (Jarod Wilson) [1714475 1714476] {CVE-2019-3846} +- [nvme] nvme-pci: add missing unlock for reset error (Gopal Tiwari) [1712261 1703201] +- [nvme] nvme-pci: fix rapid add remove sequence (Gopal Tiwari) [1712261 1703201] +- [wireless] brcmfmac: add subtype check for event handling in data path (Stanislaw Gruszka) [1733895 1704684] {CVE-2019-9503} +- [wireless] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1705385 1705386] {CVE-2019-9500} +- [include] fs: fix kABI for struct pipe_buf_operations (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487} +- [fs] fs: prevent page refcount overflow in pipe_buf_get (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487} +- [mm] mm: prevent get_user_pages() from overflowing page refcount (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487} +- [include] mm: add 'try_get_page()' helper function (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487} +- [include] mm: make page ref count overflow check tighter and more explicit (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487} +- [fs] fuse: call pipe_buf_release() under pipe lock (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487} +- [kvm] KVM: x86: nVMX: fix x2APIC VTPR read intercept (Vitaly Kuznetsov) [1697198 1697199] +- [kvm] KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887) (Vitaly Kuznetsov) [1697198 1697199] + +* Thu Aug 01 2019 Frantisek Hrbata [4.18.0-80.8.1.el8_0] +- [documentation] Documentation: Add ARM64 to kernel-parameters.rst (Jeremy Linton) [1726353 1640855] +- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: enable generic CPU vulnerabilites support (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: add sysfs vulnerability show for speculative store bypass (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Always enable ssb vulnerability detection (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: add sysfs vulnerability show for spectre-v2 (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Always enable spectre-v2 vulnerability detection (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Advertise mitigation of Spectre-v2, or lack thereof (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: add sysfs vulnerability show for meltdown (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Add sysfs vulnerability show for spectre-v1 (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Provide a command line to disable spectre_v2 mitigation (Jeremy Linton) [1726353 1640855] +- [documentation] powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (Jeremy Linton) [1726353 1640855] +- [documentation] Documentation: Document arm64 kpti control (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Add MIDR encoding for HiSilicon Taishan CPUs (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: capabilities: Merge duplicate Cavium erratum entries (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: Use a raw spinlock in __install_bp_hardening_cb() (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: fix SSBS sanitization (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: don't zero DIT on signal return (Jeremy Linton) [1726353 1640855] +- [kvm] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: cpufeature: Detect SSBS and advertise to userspace (Jeremy Linton) [1726353 1640855] +- [arm64] arm64: move SCTLR_EL{1,2} assertions to (Jeremy Linton) [1726353 1640855] +- Revert: [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1726353 1640855] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091} - [kernel] ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (Aristeu Rozanski) [1730958 1730959] {CVE-2019-13272} * Mon Jun 24 2019 Frantisek Hrbata [4.18.0-80.7.1.el8_0]