diff --git a/.gitignore b/.gitignore index c50a234..65f74e0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/kernel-abi-stablelists-4.18.0-477.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-477.tar.bz2 -SOURCES/linux-4.18.0-477.21.1.el8_8.tar.xz +SOURCES/linux-4.18.0-477.27.1.el8_8.tar.xz SOURCES/redhatsecureboot301.cer SOURCES/redhatsecureboot501.cer SOURCES/redhatsecurebootca3.cer diff --git a/.kernel.metadata b/.kernel.metadata index 2f34458..0f46334 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,6 +1,6 @@ -c146c42f597375267ef487cd6206f6a74e1f28eb SOURCES/kernel-abi-stablelists-4.18.0-477.tar.bz2 -02cebecb3f0527938e2b7ca98e777f0118393003 SOURCES/kernel-kabi-dw-4.18.0-477.tar.bz2 -e8ecd560cbabdb14cc71243d631a49698660d969 SOURCES/linux-4.18.0-477.21.1.el8_8.tar.xz +d6802c7be6d773ba94bc28df3e972b5116f3b899 SOURCES/kernel-abi-stablelists-4.18.0-477.tar.bz2 +1c991a9d51cc8c9f31360865a5102136770f8df1 SOURCES/kernel-kabi-dw-4.18.0-477.tar.bz2 +a6839047af70ad6f394c861d98e18ae9c5991f38 SOURCES/linux-4.18.0-477.27.1.el8_8.tar.xz cebbeeee9c3eb829017c51005714ec98d83653ae SOURCES/redhatsecureboot301.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer diff --git a/SOURCES/kernel-x86_64-debug.config b/SOURCES/kernel-x86_64-debug.config index a30c257..09dc447 100644 --- a/SOURCES/kernel-x86_64-debug.config +++ b/SOURCES/kernel-x86_64-debug.config @@ -3493,6 +3493,7 @@ CONFIG_INTEL_TH_PTI=m CONFIG_INTEL_TH_STH=m CONFIG_INTEL_TURBO_MAX_3=y CONFIG_INTEL_TXT=y +CONFIG_INTEL_UNCORE_FREQ_CONTROL=m CONFIG_INTEL_VBTN=m CONFIG_INTEL_VSEC=m CONFIG_INTEL_WMI_THUNDERBOLT=m diff --git a/SOURCES/kernel-x86_64.config b/SOURCES/kernel-x86_64.config index 2fdad59..36df590 100644 --- a/SOURCES/kernel-x86_64.config +++ b/SOURCES/kernel-x86_64.config @@ -3507,6 +3507,7 @@ CONFIG_INTEL_TH_PTI=m CONFIG_INTEL_TH_STH=m CONFIG_INTEL_TURBO_MAX_3=y CONFIG_INTEL_TXT=y +CONFIG_INTEL_UNCORE_FREQ_CONTROL=m CONFIG_INTEL_VBTN=m CONFIG_INTEL_VSEC=m CONFIG_INTEL_WMI_THUNDERBOLT=m diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 4dd420b..895fc54 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 477.21.1.el8_8 +%define pkgrelease 477.27.1.el8_8 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 477.21.1%{?dist} +%define specrelease 477.27.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2699,6 +2699,129 @@ fi # # %changelog +* Thu Aug 31 2023 Lucas Zampieri [4.18.0-477.27.1.el8_8] +- gfs2: Fix freeze consistency check in gfs2_trans_add_meta (Andreas Gruenbacher) [2231825 2095340] +- gfs2: gfs2_freeze_lock_shared cleanup (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Replace sd_freeze_state with SDF_FROZEN flag (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Rework freeze / thaw logic (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Reconfiguring frozen filesystem already rejected (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Rename gfs2_freeze_lock{ => _shared } (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Rename the {freeze,thaw}_super callbacks (Andreas Gruenbacher) [2231825 2095340] +- gfs2: Rename remaining "transaction" glock references (Andreas Gruenbacher) [2231825 2095340] +- gfs2: init system threads before freeze lock (Bob Peterson) [2231825 2095340] +- cifs: fix bogus cifs_mount error handling in RHEL8 (Jeffrey Layton) [2229128 2215018] +- cifs: missing null pointer check in cifs_mount (Jay Shin) [2229128 2215018] +- x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2230158 2156826] +- redhat/configs: enable CONFIG_INTEL_UNCORE_FREQ_CONTROL for x86_64 (David Arcari) [2230158 2156826] +- platform/x86/intel-uncore-freq: Return error on write frequency (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-freq: Add client processors (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-freq: add Emerald Rapids support (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-freq: Prevent driver loading in guests (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (David Arcari) [2230158 2156826] +- platform/x86/intel-uncore-freq: Split common and enumeration part (David Arcari) [2230158 2156826] +- platform/x86/intel/uncore-freq: Display uncore current frequency (David Arcari) [2230158 2156826] +- platform/x86/intel/uncore-freq: Use sysfs API to create attributes (David Arcari) [2230158 2156826] +- platform/x86/intel/uncore-freq: Move to uncore-frequency folder (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (David Arcari) [2230158 2156826] +- platform/x86: intel-uncore-frequency: Move to intel sub-directory (David Arcari) [2230158 2156826] +- platform/x86/intel-uncore-freq: Add Sapphire Rapids server support (David Arcari) [2230158 2156826] +- platform/x86/intel-uncore-freq: make uncore_root_kobj static (David Arcari) [2230158 2156826] +- platform/x86: Convert to new CPU match macros (David Arcari) [2230158 2156826] +- platform/x86/intel-uncore-freq: Add release callback (David Arcari) [2230158 2156826] +- platform/x86/intel-uncore-freq: Fix static checker issue and potential race condition (David Arcari) [2230158 2156826] +- MAINTAINERS: Update for the intel uncore frequency control (David Arcari) [2230158 2156826] +- platform/x86: Add support for Uncore frequency control (David Arcari) [2230158 2156826] +- scsi: storvsc: Remove errant duplicate code (Cathy Avery) [2233227 2211725] +- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (Cathy Avery) [2233227 2211725] +- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (Davide Caratti) [2225647 2225103] {CVE-2023-3776} +- iavf: remove active_cvlans and active_svlans bitmaps (Stefan Assmann) [2232399 2153349] +- iavf: refactor VLAN filter states (Stefan Assmann) [2232399 2153349] +- iavf: do not track VLAN 0 filters (Stefan Assmann) [2232399 2153349] +- iavf: fix non-tunneled IPv6 UDP packet type and hashing (Stefan Assmann) [2232399 2153349] +- iavf: fix inverted Rx hash condition leading to disabled hash (Stefan Assmann) [2232399 2153349] +- net/sched: move struct tc_mqprio_qopt_offload from pkt_cls.h to pkt_sched.h (Stefan Assmann) [2232399 2153349] +- iavf/iavf_main: actually log ->src mask when talking about it (Stefan Assmann) [2232399 2153349] +- iavf: Fix VF driver counting VLAN 0 filters (Stefan Assmann) [2232399 2153349] +- iavf: Change information about device removal in dmesg (Stefan Assmann) [2232399 2153349] +- iavf: Replace __FUNCTION__ with __func__ (Stefan Assmann) [2232399 2153349] +- net: Remove the obsolte u64_stats_fetch_*_irq() users (drivers). (Stefan Assmann) [2232399 2153349] +- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Florian Westphal) [2221725 2221046] {CVE-2023-35001} + +* Thu Aug 24 2023 Lucas Zampieri [4.18.0-477.26.1.el8_8] +- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (Cathy Avery) [2230743 1986067] +- kernfs: Improve kernfs_notify() poll notification latency (Ian Kent) [2208540] +- crypto: rng - Fix lock imbalance in crypto_del_rng (Herbert Xu) [2232215] +- net: stmmac: propagate feature flags to vlan (Corinna Vinschen) [2219907 2174701] +- scsi: storvsc: Handle SRB status value 0x30 (Cathy Avery) [2231988 2218133] + +* Thu Aug 17 2023 Lucas Zampieri [4.18.0-477.25.1.el8_8] +- netfilter: nft_set_pipapo: fix improper element removal (Phil Sutter) [2227508 2225276] {CVE-2023-4004} +- perf/x86/rapl: Add support for Intel Emerald Rapids (Michael Petlan) [2230162 2165766] +- perf/x86/intel/cstate: Add Emerald Rapids (Michael Petlan) [2230152 2156802] +- perf/x86/intel: Add Emerald Rapids (Michael Petlan) [2230152 2156802] +- perf/x86/intel/uncore: Add Emerald Rapids (Michael Petlan) [2230152 2156802] +- perf/x86/msr: Add Emerald Rapids (Michael Petlan) [2230152 2156802] +- perf/x86/msr: Add Sapphire Rapids CPU support (Michael Petlan) [2230152 2156802] +- netfilter: xt_owner: Add supplementary groups option (Phil Sutter) [2229715 2136194] + +* Fri Aug 11 2023 Lucas Zampieri [4.18.0-477.24.1.el8_8] +- x86/cpu/amd: Add a Zenbleed fix (Waiman Long) [2226831 2226832] {CVE-2023-20593} +- x86/cpu/amd: Move the errata checking functionality up (Waiman Long) [2226831 2226832] {CVE-2023-20593} +- x86/amd: Cache debug register values in percpu variables (Waiman Long) [2226831 2226832] {CVE-2023-20593} +- x86/cpu: Restore AMD's DE_CFG MSR after resume (Waiman Long) [2226831 2226832] {CVE-2023-20593} +- x86/microcode/AMD: Track patch allocation size explicitly (David Arcari) [2226831 2226832] {CVE-2023-20593} +- x86/microcode: Print previous version of microcode after reload (David Arcari) [2226831 2226832] {CVE-2023-20593} +- x86/cpu: Load microcode during restore_processor_state() (David Arcari) [2226831 2226832] {CVE-2023-20593} +- x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- x86/pm: Fix false positive kmemleak report in msr_build_context() (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- x86/speculation: Restore speculation related MSRs during S3 resume (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- kbuild: remove leftover comment for filechk utility (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- x86/rdrand: Sanity-check RDRAND output (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- firmware: refactor firmware/Makefile (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- kbuild: remove redundant 'set -e' from filechk_offsets (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- kbuild: do not redirect the first prerequisite for filechk (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- kbuild: move bin2c back to scripts/ from scripts/basic/ (Chris von Recklinghausen) [2226831 2226832] {CVE-2023-20593} +- libceph: harden msgr2.1 frame segment length checks (Ilya Dryomov) [2227073 2222256] +- iavf: fix reset task race with iavf_remove() (Petr Oros) [2228161 2223604] +- iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (Petr Oros) [2228161 2223604] +- Revert "iavf: Do not restart Tx queues after reset task failure" (Petr Oros) [2228161 2223604] +- Revert "iavf: Detach device during reset task" (Petr Oros) [2228161 2223604] +- iavf: Wait for reset in callbacks which trigger it (Petr Oros) [2228161 2223604] +- iavf: use internal state to free traffic IRQs (Petr Oros) [2228161 2223604] +- iavf: Fix out-of-bounds when setting channels on remove (Petr Oros) [2228161 2223604] +- iavf: Fix use-after-free in free_netdev (Petr Oros) [2228161 2223604] +- iavf: make functions static where possible (Petr Oros) [2228161 2223604] +- iavf: fix err handling for MAC replace (Petr Oros) [2228161 2223604] +- iavf: remove some unused functions and pointless wrappers (Petr Oros) [2228161 2223604] +- iavf: remove mask from iavf_irq_enable_queues() (Petr Oros) [2228161 2223604] +- iavf: send VLAN offloading caps once after VFR (Petr Oros) [2228161 2223604] +- i40e: Wait for pending VF reset in VF set callbacks (Ivan Vecera) [2228163 2203921] +- i40e: Add helper for VF inited state check with timeout (Ivan Vecera) [2228163 2203921] +- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (Mark Langsdorf) [2218025 2215625] +- locking/semaphore: Add might_sleep() to down_*() family (Mark Langsdorf) [2218025 2215625] +- ipvlan:Fix out-of-bounds caused by unclear skb->cb (Davide Caratti) [2219660 2218676] {CVE-2023-3090} +- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (Phil Sutter) [2216165 2214963] {CVE-2023-3390} +- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (Phil Sutter) [2216165 2214963] {CVE-2023-3390} +- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (Phil Sutter) [2216165 2214963] {CVE-2023-3390} + +* Fri Aug 04 2023 Lucas Zampieri [4.18.0-477.23.1.el8_8] +- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (Petr Oros) [2224515 2153356] +- ceph: fix use-after-free bug for inodes when flushing capsnaps (Xiubo Li) [2218271 2209299] + +* Thu Jul 27 2023 Lucas Zampieri [4.18.0-477.22.1.el8_8] +- mm: avoid unnecessary page fault retires on shared memory types (Nico Pache) [2221100 2213877] +- mm: remove redundant check about FAULT_FLAG_ALLOW_RETRY bit (Nico Pache) [2221100 2213877] +- mm: Allow the [page|pfn]_mkwrite callbacks to drop the mmap_sem (Nico Pache) [2221100 2213877] +- bluetooth: Perform careful capability checks in hci_sock_ioctl() (Ricardo Robaina) [2196352 2196353] {CVE-2023-2002} +- mm/memcg: Fix mem_cgroup_id_get_online() underflow problem (Waiman Long) [2221010] +- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (Davide Caratti) [2216989 2214027] {CVE-2023-35788} +- netfilter: conntrack: gre: don't set assured flag for clash entries (Florian Westphal) [2223542] +- netfilter: conntrack: allow insertion clash of gre protocol (Florian Westphal) [2223542] + * Wed Jul 26 2023 MSVSphere Packaging Team - [4.18.0-477.21.1.el8_8] - Rebuilt for MSVSphere 8.8