diff --git a/.gitignore b/.gitignore index 87e5faf..9a69cef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/kernel-abi-whitelists-4.18.0-80.tar.bz2 -SOURCES/kernel-kabi-dw-4.18.0-80.tar.bz2 -SOURCES/linux-4.18.0-80.el8.tar.xz +SOURCES/kernel-abi-whitelists-4.18.0-80.1.1.tar.bz2 +SOURCES/kernel-kabi-dw-4.18.0-80.1.1.tar.bz2 +SOURCES/linux-4.18.0-80.1.2.el8_0.tar.xz diff --git a/.kernel.metadata b/.kernel.metadata index 9067327..e64a961 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,3 +1,3 @@ -0eb33304d878cf522484c7568ffacf5e13a90594 SOURCES/kernel-abi-whitelists-4.18.0-80.tar.bz2 -8c632d3af87ead71777d38bd55dd3c9439b6de60 SOURCES/kernel-kabi-dw-4.18.0-80.tar.bz2 -089a8374a860db00d6baf85a80d0a8483f9a01f4 SOURCES/linux-4.18.0-80.el8.tar.xz +bbc43aca63d0c09e707d957068809aaa14f4e63c SOURCES/kernel-abi-whitelists-4.18.0-80.1.1.tar.bz2 +8c632d3af87ead71777d38bd55dd3c9439b6de60 SOURCES/kernel-kabi-dw-4.18.0-80.1.1.tar.bz2 +01cbf5ff5bd978e7732841263751596888831886 SOURCES/linux-4.18.0-80.1.2.el8_0.tar.xz diff --git a/SOURCES/Module.kabi_ppc64le b/SOURCES/Module.kabi_ppc64le index 66167a5..0ecf388 100644 --- a/SOURCES/Module.kabi_ppc64le +++ b/SOURCES/Module.kabi_ppc64le @@ -38,8 +38,6 @@ 0xeb94d60b __put_cred vmlinux EXPORT_SYMBOL 0xccbfcd34 __put_page vmlinux EXPORT_SYMBOL 0x6301916d __put_task_struct vmlinux EXPORT_SYMBOL_GPL -0xddc8dd18 __radix_tree_insert vmlinux EXPORT_SYMBOL -0x572808d3 __radix_tree_next_slot vmlinux EXPORT_SYMBOL 0xe45c1b14 __release_region vmlinux EXPORT_SYMBOL 0x5eba9410 __request_region vmlinux EXPORT_SYMBOL 0xb5892fee __skb_gso_segment vmlinux EXPORT_SYMBOL @@ -350,12 +348,6 @@ 0xf140518e put_disk vmlinux EXPORT_SYMBOL 0xd1e4ec46 queue_delayed_work_on vmlinux EXPORT_SYMBOL 0x121da905 queue_work_on vmlinux EXPORT_SYMBOL -0x3e819312 radix_tree_delete vmlinux EXPORT_SYMBOL -0xae7deeea radix_tree_gang_lookup vmlinux EXPORT_SYMBOL -0xbd63726a radix_tree_gang_lookup_tag vmlinux EXPORT_SYMBOL -0x07491c63 radix_tree_next_chunk vmlinux EXPORT_SYMBOL -0x9754ec10 radix_tree_preload vmlinux EXPORT_SYMBOL -0x91564088 radix_tree_tag_set vmlinux EXPORT_SYMBOL 0x60a13e90 rcu_barrier vmlinux EXPORT_SYMBOL_GPL 0xacef9390 read_cache_pages vmlinux EXPORT_SYMBOL 0xfb6af58d recalc_sigpending vmlinux EXPORT_SYMBOL diff --git a/SOURCES/Module.kabi_s390x b/SOURCES/Module.kabi_s390x index dc93e32..584d45b 100644 --- a/SOURCES/Module.kabi_s390x +++ b/SOURCES/Module.kabi_s390x @@ -37,8 +37,6 @@ 0x25207859 __put_cred vmlinux EXPORT_SYMBOL 0xbd1b113a __put_page vmlinux EXPORT_SYMBOL 0x8a2e5412 __put_task_struct vmlinux EXPORT_SYMBOL_GPL -0x198cd08c __radix_tree_insert vmlinux EXPORT_SYMBOL -0xb2790f3c __radix_tree_next_slot vmlinux EXPORT_SYMBOL 0xe45c1b14 __release_region vmlinux EXPORT_SYMBOL 0x5eba9410 __request_region vmlinux EXPORT_SYMBOL 0x60b53515 __skb_gso_segment vmlinux EXPORT_SYMBOL @@ -316,12 +314,6 @@ 0xb5e6ea9c put_disk vmlinux EXPORT_SYMBOL 0xd1e4ec46 queue_delayed_work_on vmlinux EXPORT_SYMBOL 0x121da905 queue_work_on vmlinux EXPORT_SYMBOL -0x5386ec95 radix_tree_delete vmlinux EXPORT_SYMBOL -0x781ba89f radix_tree_gang_lookup vmlinux EXPORT_SYMBOL -0x123bbc9c radix_tree_gang_lookup_tag vmlinux EXPORT_SYMBOL -0x4f4096d8 radix_tree_next_chunk vmlinux EXPORT_SYMBOL -0x9754ec10 radix_tree_preload vmlinux EXPORT_SYMBOL -0x0a74ec92 radix_tree_tag_set vmlinux EXPORT_SYMBOL 0x60a13e90 rcu_barrier vmlinux EXPORT_SYMBOL_GPL 0xbeabc0e4 read_cache_pages vmlinux EXPORT_SYMBOL 0xfb6af58d recalc_sigpending vmlinux EXPORT_SYMBOL diff --git a/SOURCES/Module.kabi_x86_64 b/SOURCES/Module.kabi_x86_64 index 104d94b..e0cc6a2 100644 --- a/SOURCES/Module.kabi_x86_64 +++ b/SOURCES/Module.kabi_x86_64 @@ -45,8 +45,6 @@ 0x5a4896a8 __put_user_2 vmlinux EXPORT_SYMBOL 0xb2fd5ceb __put_user_4 vmlinux EXPORT_SYMBOL 0xb8e7ce2c __put_user_8 vmlinux EXPORT_SYMBOL -0x2dc7de88 __radix_tree_insert vmlinux EXPORT_SYMBOL -0x937b5e60 __radix_tree_next_slot vmlinux EXPORT_SYMBOL 0x9a8a0ca3 __register_nmi_handler vmlinux EXPORT_SYMBOL 0xe45c1b14 __release_region vmlinux EXPORT_SYMBOL 0x5eba9410 __request_region vmlinux EXPORT_SYMBOL @@ -399,12 +397,6 @@ 0x782e6c6b put_disk vmlinux EXPORT_SYMBOL 0xd1e4ec46 queue_delayed_work_on vmlinux EXPORT_SYMBOL 0x121da905 queue_work_on vmlinux EXPORT_SYMBOL -0xa79f6dfa radix_tree_delete vmlinux EXPORT_SYMBOL -0xe787139f radix_tree_gang_lookup vmlinux EXPORT_SYMBOL -0x929c1a90 radix_tree_gang_lookup_tag vmlinux EXPORT_SYMBOL -0x16866f44 radix_tree_next_chunk vmlinux EXPORT_SYMBOL -0x9754ec10 radix_tree_preload vmlinux EXPORT_SYMBOL -0x7eb71a81 radix_tree_tag_set vmlinux EXPORT_SYMBOL 0x60a13e90 rcu_barrier vmlinux EXPORT_SYMBOL_GPL 0x082ed22e read_cache_pages vmlinux EXPORT_SYMBOL 0xfb6af58d recalc_sigpending vmlinux EXPORT_SYMBOL diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem deleted file mode 100644 index 82ad817..0000000 --- a/SOURCES/centos.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0 -MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln -bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK -PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+ -RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc -4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9 -hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp -9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB -AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN -BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6 -8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5 -ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7 -04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq -KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf -ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um -OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0 -MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl -eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P -CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl -hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+ -lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2 -F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ -yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw -DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6 -mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG -SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl -NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5 -8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM -MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs -lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0 -9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W ------END CERTIFICATE----- diff --git a/SOURCES/centossecureboot001.crt b/SOURCES/centossecureboot001.crt deleted file mode 100644 index 321c4ec..0000000 --- a/SOURCES/centossecureboot001.crt +++ /dev/null @@ -1,81 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b6:16:15:71:72:fb:31:7e - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org - Validity - Not Before: Aug 1 11:47:30 2018 GMT - Not After : Dec 31 11:47:30 2037 GMT - Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa: - 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51: - cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2: - 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3: - 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0: - bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18: - 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97: - a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57: - 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35: - 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0: - aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65: - 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46: - f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f: - 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2: - 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4: - 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28: - 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef: - 94:0f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: - Digital Signature - X509v3 Subject Key Identifier: - F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29 - X509v3 Authority Key Identifier: - keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3 - - Signature Algorithm: sha256WithRSAEncryption - 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c: - dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da: - 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b: - 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a: - 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e: - b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef: - f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f: - 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56: - a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30: - 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a: - ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97: - 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c: - 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77: - da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71: - da:7f:89:1d ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx -NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg -BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4 -MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP -f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2 -bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/ -VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR -pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud -EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb -Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B -AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G -1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV -IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv -0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ -+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD -bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ== ------END CERTIFICATE----- diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch deleted file mode 100644 index 5592a59..0000000 --- a/SOURCES/debrand-rh-i686-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700 -@@ -147,7 +147,7 @@ void main(void) - - /* Make sure we have all the proper CPU support */ - if (validate_cpu()) { -- puts("This processor is not supported in this version of RHEL.\n"); -+ puts("This processor is not supported in this version of CentOS Linux.\n"); - die(); - } - diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch deleted file mode 100644 index c2ae3c4..0000000 --- a/SOURCES/debrand-rh_taint.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/kernel/rh_taint.c 2019-05-25 14:06:27.474558423 -0700 -+++ b/kernel/rh_taint.c 2019-05-25 14:25:53.471345832 -0700 -@@ -2,12 +2,12 @@ - #include - - /* -- * The following functions are used by Red Hat to indicate to users that -- * hardware and drivers are unsupported, or have limited support in RHEL major -+ * The following functions are used by CentOS to indicate to users that -+ * hardware and drivers are unsupported, or have limited support in CentOS Linux major - * and minor releases. These functions output loud warning messages to the end - * user and should be USED WITH CAUTION. - * -- * Any use of these functions _MUST_ be documented in the RHEL Release Notes, -+ * Any use of these functions _MUST_ be documented in the CentOS Linux Release Notes, - * and have approval of management. - */ - -@@ -16,15 +16,15 @@ - * @msg: Hardware name, class, or type - * - * Called to mark a device, class of devices, or types of devices as not having -- * support in any RHEL minor release. This does not TAINT the kernel. Red Hat -- * will not fix bugs against this hardware in this minor release. Red Hat may -+ * support in any CentOS Linux minor release. This does not TAINT the kernel. CentOS -+ * will not fix bugs against this hardware in this minor release. CentOS may - * declare support in a future major or minor update release. This cannot be - * used to mark drivers unsupported. - */ - void mark_hardware_unsupported(const char *msg) - { - /* Print one single message */ -- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg); -+ pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg); - } - EXPORT_SYMBOL(mark_hardware_unsupported); - -@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported) - * Called to minimize the support status of a previously supported device in - * a minor release. This does not TAINT the kernel. Marking hardware - * deprecated is usually done in conjunction with the hardware vendor. Future -- * RHEL major releases may not include this driver. Driver updates and fixes -+ * CentOS Linux major releases may not include this driver. Driver updates and fixes - * for this device will be limited to critical issues in future minor releases. - */ - void mark_hardware_deprecated(const char *msg) - { -- pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); -+ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this CentOS Linux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact CentOS Support or your device's hardware vendor for additional information.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_deprecated); - -@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated); - * - * Called to minimize the support status of a new driver. This does TAINT the - * kernel. Calling this function indicates that the driver or subsystem has -- * had limited testing and is not marked for full support within this RHEL -- * minor release. The next RHEL minor release may contain full support for -- * this driver. Red Hat does not guarantee that bugs reported against this -+ * had limited testing and is not marked for full support within this CentOS Linux -+ * minor release. The next CentOS Linux minor release may contain full support for -+ * this driver. CentOS does not guarantee that bugs reported against this - * driver or subsystem will be resolved. - */ - void mark_tech_preview(const char *msg, struct module *mod) -@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview); - * mark_driver_unsupported - drivers that we know we don't want to support - * @name: the name of the driver - * -- * In some cases Red Hat has chosen to build a driver for internal QE -+ * In some cases CentOS has chosen to build a driver for internal QE - * use. Use this function to mark those drivers as unsupported for - * customers. - */ - void mark_driver_unsupported(const char *name) - { -- pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", -+ pr_crit("Warning: %s - This driver has not undergone sufficient testing by CentOS for this release and therefore cannot be used in production systems.\n", - name ? name : "kernel"); - } - EXPORT_SYMBOL(mark_driver_unsupported); diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch deleted file mode 100644 index b3eed51..0000000 --- a/SOURCES/debrand-single-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 -@@ -900,7 +900,7 @@ static void rh_check_supported(void) - if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !guest && is_kdump_kernel()) { - pr_crit("Detected single cpu native boot.\n"); -- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In CentOS Linux 8, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); - } - - /* diff --git a/SOURCES/mod-extra-blacklist.sh b/SOURCES/mod-extra-blacklist.sh index 9569ef6..c705a6c 100755 --- a/SOURCES/mod-extra-blacklist.sh +++ b/SOURCES/mod-extra-blacklist.sh @@ -1,7 +1,7 @@ #!/bin/bash -buildroot="$1" -kernel_base="$2" +list="$1" +buildroot=${list%/*} blacklist() { @@ -18,7 +18,7 @@ __EOF__ check_blacklist() { - if modinfo "$1" | grep -q '^alias:\s\+net-'; then + if modinfo "$buildroot/$1" | grep -q '^alias:\s\+net-'; then mod="${1##*/}" mod="${mod%.ko*}" echo "$mod has an alias that allows auto-loading. Blacklisting." @@ -44,5 +44,15 @@ foreachp() } [ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/" -find "$buildroot/$kernel_base/extra" -name "*.ko*" | \ - foreachp check_blacklist + +if [ -s $list ]; then + cat $list | foreachp check_blacklist + if ls $buildroot/etc/modprobe.d/* >& /dev/null ; then + echo "%defattr(-,root,root)" >> $list + echo "%config(noreplace) /etc/modprobe.d/*-blacklist.conf" >> $list + fi +else + # If modules-extra.list is empty the %files section will throw an + # error. Add a dummy entry to workaround the problem. + echo "%defattr(-,root,root)" >> $list +fi diff --git a/SOURCES/mod-extra.sh b/SOURCES/mod-extra.sh index d121bd0..fd555ba 100755 --- a/SOURCES/mod-extra.sh +++ b/SOURCES/mod-extra.sh @@ -1,17 +1,18 @@ #! /bin/bash -Dir=$1 -List=$2 +Rpmdir=$1 +Dir=$Rpmdir/$2 +List=$3 pushd $Dir rm -rf modnames find . -name "*.ko" -type f > modnames # Look through all of the modules, and throw any that have a dependency in # our list into the list as well. -rm -rf dep.list dep2.list +rm -rf dep.list rm -rf req.list req2.list touch dep.list req.list -cp $2 . +cp $List . for dep in `cat modnames` do @@ -48,33 +49,12 @@ do # get the path for the module modpath=`grep /$mod modnames` ||: [ -z "$modpath" ] && continue; - echo $modpath >> dep.list + echo /lib/modules/$(basename $Dir)/${modpath#"./"} >> dep.list done -sort -u dep.list > dep2.list - -# now move the modules into the extra/ directory -for mod in `cat dep2.list` -do - newpath=`dirname $mod | sed -e 's/kernel\//extra\//'` - mkdir -p $newpath - mv $mod $newpath -done - -popd - -# If we're signing modules, we can't leave the .mod files for the .ko files -# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign' -# target doesn't try to sign a non-existent file. This is kinda ugly, but -# so is modules-extra. - -for mod in `cat ${Dir}/dep2.list` -do - modfile=`basename $mod | sed -e 's/.ko/.mod/'` - rm .tmp_versions/$modfile -done - -pushd $Dir -rm modnames dep.list dep2.list req.list req2.list +sort -u dep.list > $Rpmdir/modules-extra.list +rm modnames dep.list req.list req2.list rm mod-extra.list mod-extra2.list mod-extra3.list popd + +sed -i "s|^\/||g" $Rpmdir/modules-extra.list diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index d98f8fe..b1bbe38 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS Linux kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 5676975..9664753 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -7,7 +7,7 @@ Summary: The Linux kernel # For internal testing builds during development, it should be 0. %global released_kernel 1 -%global distro_build 80 +%global distro_build 80.1.1 # Sign the x86_64 kernel for secure boot authentication %ifarch x86_64 aarch64 @@ -33,10 +33,10 @@ Summary: The Linux kernel # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 80.el8 +%define pkgrelease 80.1.2.el8_0 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 80%{?dist} +%define specrelease 80.1.2%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -45,6 +45,7 @@ Summary: The Linux kernel # All should default to 1 (enabled) and be flipped to 0 (disabled) # by later arch-specific checks. +%define _with_kabidupchk 1 # The following build options are enabled by default. # Use either --without in your rpmbuild command or force values # to 0 in here to disable them. @@ -356,13 +357,13 @@ Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz Source11: x509.genkey %if %{?released_kernel} -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt -%define pesign_name centossecureboot001 +Source13: securebootca.cer +Source14: secureboot.cer +%define pesign_name redhatsecureboot301 %else -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt -%define pesign_name centossecureboot001 +Source13: redhatsecurebootca2.cer +Source14: redhatsecureboot003.cer +%define pesign_name redhatsecureboot003 %endif Source16: mod-extra.list Source17: mod-extra.sh @@ -408,13 +409,7 @@ Source301: kernel-kabi-dw-%{rpmversion}-%{distro_build}.tar.bz2 Source2000: cpupower.service Source2001: cpupower.config -# Sources for CentOS debranding -Source9000: centos.pem - ## Patches needed for building this package -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -Patch1002: debrand-rh-i686-cpu.patch # END OF PATCH DEFINITIONS @@ -865,16 +860,10 @@ ApplyOptionalPatch() } %setup -q -n kernel-%{rpmversion}-%{pkgrelease} -c - -cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch - # END OF PATCH APPLICATIONS # Any further pre-build tree manipulations happen here. @@ -1098,7 +1087,6 @@ BuildKernel() { mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/build (cd $RPM_BUILD_ROOT/lib/modules/$KernelVer ; ln -s build source) # dirs for additional modules per module-init-tools, kbuild/modules.txt - mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates # first copy everything @@ -1301,11 +1289,6 @@ BuildKernel() { rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep} popd - # Call the modules-extra script to move things around - %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16} - # Blacklist net autoloadable modules in modules-extra - %{SOURCE19} $RPM_BUILD_ROOT lib/modules/$KernelVer - # # Generate the kernel-core and kernel-modules files lists # @@ -1317,8 +1300,23 @@ BuildKernel() { mkdir restore cp -r lib/modules/$KernelVer/* restore/. - # don't include anything going into k-m-e in the file lists - rm -rf lib/modules/$KernelVer/extra + # Call the modules-extra script to move things around. Note cleanup below. + %{SOURCE17} $RPM_BUILD_ROOT /lib/modules/$KernelVer %{SOURCE16} + # Blacklist net autoloadable modules in modules-extra + %{SOURCE19} $RPM_BUILD_ROOT/modules-extra.list + cat $RPM_BUILD_ROOT/modules-extra.list | xargs rm -f + + # If we're signing modules, we can't leave the .mod files for the .ko files + # we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign' + # target doesn't try to sign a non-existent file. This is kinda ugly, but + # so is modules-extra. + popd + for mod in `cat $RPM_BUILD_ROOT/modules-extra.list` + do + modfile=`basename $mod | sed -e 's/.ko/.mod/'` + [ -f "$modfile" ] && rm .tmp_versions/$modfile + done + pushd $RPM_BUILD_ROOT if [ $DoModules -eq 1 ]; then # Find all the module files and filter them out into the core and @@ -1342,6 +1340,8 @@ BuildKernel() { # Ensure important files/directories exist to let the packaging succeed echo '%%defattr(-,-,-)' > modules.list echo '%%defattr(-,-,-)' > k-d.list + # This overwrites anything created by %{SOURCE19} + echo '%%defattr(-,-,-)' > modules-extra.list mkdir -p lib/modules/$KernelVer/kernel # Add files usually created by make modules, needed to prevent errors # thrown by depmod during package installation @@ -1369,11 +1369,14 @@ BuildKernel() { sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list > ../kernel${Flavour:+-${Flavour}}-modules.list sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list > ../kernel${Flavour:+-${Flavour}}-core.list sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >> ../kernel${Flavour:+-${Flavour}}-core.list + sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules-extra.list >> ../kernel${Flavour:+-${Flavour}}-modules-extra.list # Cleanup rm -f $RPM_BUILD_ROOT/k-d.list rm -f $RPM_BUILD_ROOT/modules.list rm -f $RPM_BUILD_ROOT/module-dirs.list + # Cleanup file created by %{SOURCE17} + rm -f $RPM_BUILD_ROOT/modules-extra.list %if %{signmodules} if [ $DoModules -eq 1 ]; then @@ -2044,10 +2047,7 @@ fi %defattr(-,root,root)\ %defverify(not mtime)\ /usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ -%{expand:%%files %{?3:%{3}-}modules-extra}\ -%defattr(-,root,root)\ -%config(noreplace) /etc/modprobe.d/*-blacklist.conf\ -/lib/modules/%{KVERREL}%{?3:+%{3}}/extra\ +%{expand:%%files -f kernel-%{?3:%{3}-}modules-extra.list %{?3:%{3}-}modules-extra}\ %if %{with_debuginfo}\ %ifnarch noarch\ %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ @@ -2070,12 +2070,40 @@ fi # # %changelog -* Mon May 27 2019 Fabian Arrotin - 4.18.9-80.el8 -- Rolled in CentOS secureboot cert -- Debranding patches - -* Tue May 07 2019 CentOS Sources - 4.18.0-80.el8.centos -- Apply debranding changes +* Sun Apr 28 2019 Frantisek Hrbata [4.18.0-80.1.2.el8_0] +- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [include] locking/atomics, asm-generic: Move some macros from to a new file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} + +* Sat Apr 27 2019 Frantisek Hrbata [4.18.0-80.1.1.el8_0] +- [zstream] switch to zstream (Frantisek Hrbata) * Wed Mar 13 2019 Frantisek Hrbata [4.18.0-80.el8] - [arm64] revert "arm64: tlb: Avoid synchronous TLBIs when freeing page tables" (Christoph von Recklinghausen) [1685697]