diff --git a/.gitignore b/.gitignore
index 3dc00cd..3b6af96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 SOURCES/kernel-abi-stablelists-4.18.0-305.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-305.tar.bz2
-SOURCES/linux-4.18.0-305.12.1.el8_4.tar.xz
+SOURCES/linux-4.18.0-305.17.1.el8_4.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
diff --git a/.kernel.metadata b/.kernel.metadata
index 4d40151..c990ec0 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,5 +1,5 @@
 bf2922872b49aeeb6fe4cdb149d4061604ed7488 SOURCES/kernel-abi-stablelists-4.18.0-305.tar.bz2
 4d18d659f47e29331ec86f06d9bd64b93dbac657 SOURCES/kernel-kabi-dw-4.18.0-305.tar.bz2
-509250f8ca54ac0e0d5560e45e5f1de4226fc9ac SOURCES/linux-4.18.0-305.12.1.el8_4.tar.xz
+961c83aab338c68f73da636e6eb838448fe7d03d SOURCES/linux-4.18.0-305.17.1.el8_4.tar.xz
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der
deleted file mode 100644
index 44a2563..0000000
Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ
diff --git a/SOURCES/centos-dup.x509 b/SOURCES/centos-dup.x509
deleted file mode 100644
index 9c65dd3..0000000
Binary files a/SOURCES/centos-dup.x509 and /dev/null differ
diff --git a/SOURCES/centos-kpatch.x509 b/SOURCES/centos-kpatch.x509
deleted file mode 100644
index ca57a43..0000000
Binary files a/SOURCES/centos-kpatch.x509 and /dev/null differ
diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem
deleted file mode 100644
index 82ad817..0000000
--- a/SOURCES/centos.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
-BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
-FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0
-MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln
-bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK
-PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+
-RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc
-4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9
-hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp
-9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB
-AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN
-BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6
-8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5
-ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7
-04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq
-KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf
-ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um
-OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
-BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
-FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0
-MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl
-eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P
-CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl
-hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+
-lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2
-F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ
-yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw
-DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6
-mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG
-SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl
-NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5
-8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM
-MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs
-lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0
-9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W
------END CERTIFICATE-----
diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der
deleted file mode 100644
index e8216b1..0000000
Binary files a/SOURCES/centossecureboot001.der and /dev/null differ
diff --git a/SOURCES/centossecureboot201.der b/SOURCES/centossecureboot201.der
deleted file mode 100644
index ca3c134..0000000
Binary files a/SOURCES/centossecureboot201.der and /dev/null differ
diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der
deleted file mode 100644
index 42bdfcf..0000000
Binary files a/SOURCES/centossecurebootca2.der and /dev/null differ
diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch
deleted file mode 100644
index 5592a59..0000000
--- a/SOURCES/debrand-rh-i686-cpu.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/arch/x86/boot/main.c	2019-03-13 04:04:53.000000000 -0700
-+++ b/arch/x86/boot/main.c	2019-05-25 14:31:21.043272496 -0700
-@@ -147,7 +147,7 @@ void main(void)
- 
- 	/* Make sure we have all the proper CPU support */
- 	if (validate_cpu()) {
--		puts("This processor is not supported in this version of RHEL.\n");
-+		puts("This processor is not supported in this version of CentOS Linux.\n");
- 		die();
- 	}
- 
diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch
deleted file mode 100644
index 74f2e15..0000000
--- a/SOURCES/debrand-rh_taint.patch
+++ /dev/null
@@ -1,81 +0,0 @@
---- a/kernel/rh_taint.c	2020-10-16 10:41:51.000000000 -0500
-+++ b/kernel/rh_taint.c	2020-11-19 10:50:24.853039167 -0600
-@@ -2,12 +2,12 @@
- #include <linux/module.h>
- 
- /*
-- * The following functions are used by Red Hat to indicate to users that
-- * hardware and drivers are unsupported, or have limited support in RHEL major
-+ * The following functions are used by CentOS Linux to indicate to users that
-+ * hardware and drivers are unsupported, or have limited support in CentOS Linux major
-  * and minor releases.  These functions output loud warning messages to the end
-  * user and should be USED WITH CAUTION.
-  *
-- * Any use of these functions _MUST_ be documented in the RHEL Release Notes,
-+ * Any use of these functions _MUST_ be documented in the CentOS Linux Release Notes,
-  * and have approval of management.
-  */
- 
-@@ -16,15 +16,15 @@
-  * @msg: Hardware name, class, or type
-  *
-  * Called to mark a device, class of devices, or types of devices as not having
-- * support in any RHEL minor release.  This does not TAINT the kernel.  Red Hat
-- * will not fix bugs against this hardware in this minor release.  Red Hat may
-+ * support in any CentOS Linux minor release.  This does not TAINT the kernel.  CentOS Linux
-+ * will not fix bugs against this hardware in this minor release.  CentOS Linux may
-  * declare support in a future major or minor update release.  This cannot be
-  * used to mark drivers unsupported.
-  */
- void mark_hardware_unsupported(const char *msg)
- {
- 	/* Print one single message */
--	pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg);
-+	pr_crit("Warning: %s - this hardware has not undergone testing by CentOS Linux and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg);
- }
- EXPORT_SYMBOL(mark_hardware_unsupported);
- 
-@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported)
-  * Called to minimize the support status of a previously supported device in
-  * a minor release.  This does not TAINT the kernel.  Marking hardware
-  * deprecated is usually done in conjunction with the hardware vendor.  Future
-- * RHEL major releases may not include this driver.  Driver updates and fixes
-+ * CentOS Linux major releases may not include this driver.  Driver updates and fixes
-  * for this device will be limited to critical issues in future minor releases.
-  */
- void mark_hardware_deprecated(const char *msg)
- {
--	pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg);
-+	pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this CentOS Linux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact CentOS Linux Support or your device's hardware vendor for additional information.\n", msg);
- }
- EXPORT_SYMBOL(mark_hardware_deprecated);
- 
-@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated);
-  *
-  * Called to minimize the support status of a new driver.  This does TAINT the
-  * kernel.  Calling this function indicates that the driver or subsystem has
-- * had limited testing and is not marked for full support within this RHEL
-- * minor release.  The next RHEL minor release may contain full support for
-- * this driver.  Red Hat does not guarantee that bugs reported against this
-+ * had limited testing and is not marked for full support within this CentOS Linux
-+ * minor release.  The next CentOS Linux minor release may contain full support for
-+ * this driver.  CentOS Linux does not guarantee that bugs reported against this
-  * driver or subsystem will be resolved.
-  */
- void mark_tech_preview(const char *msg, struct module *mod)
-@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview);
-  * mark_driver_unsupported - drivers that we know we don't want to support
-  * @name: the name of the driver
-  *
-- * In some cases Red Hat has chosen to build a driver for internal QE
-+ * In some cases CentOS Linux has chosen to build a driver for internal QE
-  * use. Use this function to mark those drivers as unsupported for
-  * customers.
-  */
- void mark_driver_unsupported(const char *name)
- {
--	pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n",
-+	pr_crit("Warning: %s - This driver has not undergone sufficient testing by CentOS Linux for this release and therefore cannot be used in production systems.\n",
- 	        name ? name : "kernel");
- }
- EXPORT_SYMBOL(mark_driver_unsupported);
diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch
deleted file mode 100644
index b3eed51..0000000
--- a/SOURCES/debrand-single-cpu.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/arch/x86/kernel/setup.c	2019-03-13 04:04:53.000000000 -0700
-+++ b/arch/x86/kernel/setup.c	2019-05-27 08:35:54.580595314 -0700
-@@ -900,7 +900,7 @@ static void rh_check_supported(void)
- 	if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
- 	    !guest && is_kdump_kernel()) {
- 		pr_crit("Detected single cpu native boot.\n");
--		pr_crit("Important:  In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
-+		pr_crit("Important:  In CentOS Linux 8, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information");
- 	}
- 
- 	/*
diff --git a/SOURCES/generate_bls_conf.sh b/SOURCES/generate_bls_conf.sh
index bdb52a6..f8415db 100755
--- a/SOURCES/generate_bls_conf.sh
+++ b/SOURCES/generate_bls_conf.sh
@@ -19,7 +19,7 @@ else
 fi
 
 cat >${output} <<EOF
-title ${NAME% *} (${kernelver}) ${VERSION}${debugname}
+title ${NAME} (${kernelver}) ${VERSION}${debugname}
 version ${kernelver}${debugid}
 linux ${bootprefix}/vmlinuz-${kernelver}
 initrd ${bootprefix}/initramfs-${kernelver}.img
diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
new file mode 100644
index 0000000..20e6604
Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ
diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer
new file mode 100644
index 0000000..dfa7afb
Binary files /dev/null and b/SOURCES/redhatsecureboot501.cer differ
diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
new file mode 100644
index 0000000..b235400
Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
new file mode 100644
index 0000000..dfb0284
Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ
diff --git a/SOURCES/secureboot_ppc.cer b/SOURCES/secureboot_ppc.cer
new file mode 100644
index 0000000..2c0087d
Binary files /dev/null and b/SOURCES/secureboot_ppc.cer differ
diff --git a/SOURCES/secureboot_s390.cer b/SOURCES/secureboot_s390.cer
new file mode 100644
index 0000000..137d385
Binary files /dev/null and b/SOURCES/secureboot_s390.cer differ
diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey
index dbfe9a7..b1bbe38 100644
--- a/SOURCES/x509.genkey
+++ b/SOURCES/x509.genkey
@@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts
 
 [ req_distinguished_name ]
-O = CentOS
-CN = CentOS kernel signing key
-emailAddress = security@centos.org
+O = Red Hat
+CN = Red Hat Enterprise Linux kernel signing key
+emailAddress = secalert@redhat.com
 
 [ myexts ]
 basicConstraints=critical,CA:FALSE
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 4bf8115..771d233 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -19,7 +19,7 @@
 %global distro_build 305
 
 # Sign the x86_64 kernel for secure boot authentication
-%ifarch x86_64 aarch64
+%ifarch x86_64 aarch64 s390x ppc64le
 %global signkernel 1
 %else
 %global signkernel 0
@@ -42,10 +42,10 @@
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 305.12.1.el8_4
+%define pkgrelease 305.17.1.el8_4
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 305.12.1%{?dist}
+%define specrelease 305.17.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -445,34 +445,44 @@ Source9: x509.genkey
 
 %if %{?released_kernel}
 
-Source10: centossecurebootca2.der
-Source11: centos-ca-secureboot.der
-Source12: centossecureboot201.der
-Source13: centossecureboot001.der
+Source10: redhatsecurebootca5.cer
+Source11: redhatsecurebootca3.cer
+Source12: redhatsecureboot501.cer
+Source13: redhatsecureboot301.cer
+Source14: secureboot_s390.cer
+Source15: secureboot_ppc.cer
 
 %define secureboot_ca_0 %{SOURCE11}
 %define secureboot_ca_1 %{SOURCE10}
 %ifarch x86_64 aarch64
 %define secureboot_key_0 %{SOURCE13}
-%define pesign_name_0 centossecureboot001
+%define pesign_name_0 redhatsecureboot301
 %define secureboot_key_1 %{SOURCE12}
-%define pesign_name_1 centossecureboot201
+%define pesign_name_1 redhatsecureboot501
+%endif
+%ifarch s390x
+%define secureboot_key_0 %{SOURCE14}
+%define pesign_name_0 redhatsecureboot302
+%endif
+%ifarch ppc64le
+%define secureboot_key_0 %{SOURCE15}
+%define pesign_name_0 redhatsecureboot303
 %endif
 
 # released_kernel
 %else
 
-Source11: centossecurebootca2.der
-Source12: centos-ca-secureboot.der
-Source13: centossecureboot201.der
-Source14: centossecureboot001.der
+Source11: redhatsecurebootca4.cer
+Source12: redhatsecurebootca2.cer
+Source13: redhatsecureboot401.cer
+Source14: redhatsecureboot003.cer
 
 %define secureboot_ca_0 %{SOURCE12}
 %define secureboot_ca_1 %{SOURCE11}
 %define secureboot_key_0 %{SOURCE14}
-%define pesign_name_0 centossecureboot001
+%define pesign_name_0 redhatsecureboot003
 %define secureboot_key_1 %{SOURCE13}
-%define pesign_name_1 centossecureboot201
+%define pesign_name_1 redhatsecureboot401
 
 # released_kernel
 %endif
@@ -504,8 +514,8 @@ Source43: generate_bls_conf.sh
 
 Source44: mod-internal.list
 
-Source100: centos-dup.x509
-Source101: centos-kpatch.x509
+Source100: rheldup3.x509
+Source101: rhelkpatch1.x509
 
 %if %{with_kabichk}
 Source200: check-kabi
@@ -533,12 +543,7 @@ Source2000: cpupower.service
 Source2001: cpupower.config
 Source2002: kvm_stat.logrotate
 
-Source9000: centos.pem
-
 ## Patches needed for building this package
-Patch1000: debrand-single-cpu.patch
-Patch1001: debrand-rh_taint.patch
-Patch1002: debrand-rh-i686-cpu.patch
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
@@ -548,8 +553,8 @@ Patch999999: linux-kernel-test.patch
 BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
 
 %description
-This is the package which provides the Linux %{name} for CentOS.
-It is based on upstream Linux at version %{version} and maintains kABI
+This is the package which provides the Linux %{name} for Red Hat Enterprise
+Linux. It is based on upstream Linux at version %{version} and maintains kABI
 compatibility of a set of approved symbols, however it is heavily modified with
 backports and fixes pulled from newer upstream Linux %{name} releases. This means
 this is not a %{version} kernel anymore: it includes several components which come
@@ -557,7 +562,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
 core. Some of the components/backports that may be pulled in are: changes like
 updates to the core kernel (eg.: scheduler, cgroups, memory management, security
 fixes and features), updates to block layer, supported filesystems, major driver
-updates for supported hardware in CentOS, enhancements for
+updates for supported hardware in Red Hat Enterprise Linux, enhancements for
 enterprise customers, etc.
 
 #
@@ -798,14 +803,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 %endif
 
 %package -n %{name}-abi-stablelists
-Summary: The CentOS kernel ABI symbol stablelists
+Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
 Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
-The kABI package contains information pertaining to the CentOS
-kernel ABI, including lists of kernel symbols that are needed by
+The kABI package contains information pertaining to the Red Hat Enterprise
+Linux kernel ABI, including lists of kernel symbols that are needed by
 external Linux kernel modules, and a yum plugin to aid enforcement.
 
 %if %{with_kabidw_base}
@@ -814,8 +819,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
 Group: System Environment/Kernel
 AutoReqProv: no
 %description kernel-kabidw-base-internal
-The package contains data describing the current ABI of the CentOS
-kernel, suitable for the kabi-dw tool.
+The package contains data describing the current ABI of the Red Hat Enterprise
+Linux kernel, suitable for the kabi-dw tool.
 %endif
 
 #
@@ -887,7 +892,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 AutoReq: no\
 AutoProv: yes\
 %description %{?1:%{1}-}modules-internal\
-This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\
+This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
 %{nil}
 
 #
@@ -1085,14 +1090,10 @@ ApplyOptionalPatch()
 }
 
 %setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c
-cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem
 mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
 
 cd linux-%{KVERREL}
 
-ApplyOptionalPatch debrand-single-cpu.patch
-ApplyOptionalPatch debrand-rh_taint.patch
-ApplyOptionalPatch debrand-rh-i686-cpu.patch
 ApplyOptionalPatch linux-kernel-test.patch
 
 # END OF PATCH APPLICATIONS
@@ -2611,6 +2612,53 @@ fi
 #
 #
 %changelog
+* Mon Aug 30 2021 Jan Stancek <jstancek@redhat.com> [4.18.0-305.17.1.el8_4]
+- ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1998002 1982954]
+- netfilter: conntrack: remove offload_pickup sysctl again (Florian Westphal) [1995555 1987101]
+- netfilter: flowtable: Set offload timeouts according to proto values (Phil Sutter) [1995554 1979184]
+- netfilter: conntrack: Introduce udp offload timeout configuration (Phil Sutter) [1995554 1979184]
+- netfilter: conntrack: Introduce tcp offload timeout configuration (Phil Sutter) [1995554 1979184]
+- powerpc/64s: Fix crashes when toggling stf barrier (Desnes A. Nunes do Rosario) [1989174 1964484]
+- iavf: fix locking of critical sections (Stefan Assmann) [1997534 1975245]
+- iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1997534 1975245]
+
+* Mon Aug 23 2021 Jan Stancek <jstancek@redhat.com> [4.18.0-305.16.1.el8_4]
+- kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1994879 1939133]
+- kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1994879 1939133]
+- kernfs: switch kernfs to use an rwsem (Ian Kent) [1994879 1939133]
+- kernfs: use VFS negative dentry caching (Ian Kent) [1994879 1939133]
+- kernfs: add a revision to identify directory node changes (Ian Kent) [1994879 1939133]
+- kernfs: move revalidate to be near lookup (Ian Kent) [1994879 1939133]
+- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (Jan Stancek) [1948608 1923762]
+- net: sched: act_mirred: Reset ct info when mirror/redirect skb (C. Erastus Toe) [1992226 1980532]
+- usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1993894 1972139]
+- usb: ehci: do not initialise static variables (Torez Smith) [1993894 1972139]
+- usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1993894 1972139]
+- USB: ehci: drop workaround for forced irq threading (Torez Smith) [1993894 1972139]
+- usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1993894 1972139]
+- NFS: Only change the cookie verifier if the directory page cache is empty (Benjamin Coddington) [1993895 1982825]
+- NFS: Fix handling of cookie verifier in uncached_readdir() (Benjamin Coddington) [1993895 1982825]
+- nfs: Subsequent READDIR calls should carry non-zero cookieverifier (Benjamin Coddington) [1993895 1982825]
+- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988225 1988226] {CVE-2021-37576}
+
+* Tue Aug 17 2021 Jan Stancek <jstancek@redhat.com> [4.18.0-305.15.1.el8_4]
+- sched: Fix data-race in wakeup (Phil Auld) [1987296 1937103]
+- mm/page_alloc: bail out on fatal signal during reclaim/compaction retry attempt (Aaron Tomlin) [1984085 1919765]
+- sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base() (Benjamin Coddington) [1990404 1969751]
+
+* Tue Aug 10 2021 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-305.14.1.el8_4]
+- tick/nohz: Kick only _queued_ task whose tick dependency is updated (Waiman Long) [1981336 1922901]
+- tick/nohz: Change signal tick dependency to wake up CPUs of member tasks (Waiman Long) [1981336 1922901]
+- tick/nohz: Only wake up a single target cpu when kicking a task (Waiman Long) [1981336 1922901]
+- tick/nohz: Narrow down noise while setting current task's tick dependency (Waiman Long) [1981336 1922901]
+- mlx5: net: zero-initialize tc skb extension on allocation (Jan Stancek) [1982220 1965418]
+- scsi: qedf: Update the max_id value in host structure (Nilesh Javali) [1989097 1954876]
+- scsi: qla2xxx: Reserve extra IRQ vectors (Nilesh Javali) [1986156 1964834]
+
+* Tue Aug 03 2021 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-305.13.1.el8_4]
+- xfrm: Fix wraparound in xfrm_policy_addr_delta() (Sabrina Dubroca) [1981840 1951965]
+- VMCI: Release resource if the work is already queued (Cathy Avery) [1982042 1978518]
+
 * Mon Jul 26 2021 Jan Stancek <jstancek@redhat.com> [4.18.0-305.12.1.el8_4]
 - Revert "nvme-pci: remove last_sq_tail" (Gopal Tiwari) [1965415 1921591]
 - tc-testing: add test for ct DNAT tuple collision (Marcelo Ricardo Leitner) [1982494 1964578]