diff --git a/SOURCES/uki_addons.json b/SOURCES/uki_addons.json index d82dc87..aaf8402 100644 --- a/SOURCES/uki_addons.json +++ b/SOURCES/uki_addons.json @@ -1,11 +1,11 @@ { "virt": { "common": { - "fips-disable.addon": [ - "fips=0\n" - ], "fips-enable.addon": [ "fips=1\n" + ], + "fips-disable.addon": [ + "fips=0\n" ] } } diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index f90b458..17ac609 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 503 +%define pkgrelease 503.2.1 %define kversion 5 -%define tarfile_release 5.14.0-503.el9 +%define tarfile_release 5.14.0-503.2.1.el9_5 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 503%{?buildid}%{?dist} +%define specrelease 503.2.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-503.el9 +%define kabiversion 5.14.0-503.2.1.el9_5 # # End of genspec.sh variables @@ -185,6 +185,7 @@ Summary: The Linux kernel # should not be exported to RPM provides %global __provides_exclude_from ^%{_libexecdir}/kselftests +%define _with_kabidupchk 1 # The following build options are enabled by default, but may become disabled # by later architecture-specific checks. These can also be disabled by using # --without in the rpmbuild command, or by forcing these values to 0. @@ -438,14 +439,14 @@ Summary: The Linux kernel %define with_selftests 0 %endif -%ifnarch noarch +%ifnarch x86_64 %define with_kernel_abi_stablelists 0 %endif # Overrides for generic default options # only package docs noarch -%ifnarch noarch +%ifnarch x86_64 %define with_doc 0 %define doc_build_fail true %endif @@ -646,7 +647,6 @@ Requires: kernel-modules-core-uname-r = %{KVERREL} Provides: installonlypkg(kernel) %endif - # # List the packages used during the kernel build # @@ -1008,6 +1008,7 @@ AutoProv: yes\ %package doc Summary: Various documentation bits found in the kernel source Group: Documentation +BuildArch: noarch %description doc This package contains documentation files from the kernel source. Various bits of information about the Linux kernel and the @@ -1476,6 +1477,11 @@ Provides: installonlypkg(kernel)\ Requires: kernel-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %endif\ +%if "%{1}" == "rt" || "%{?1}" == ""\ +Provides: msvsphere(kernel-sig-key) = 202310\ +Conflicts: shim-ia32 <= 15.6-1.el9.inferit\ +Conflicts: shim-x64 <= 15.6-1.el9.inferit\ +%endif\ %{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\ %if %{?1:1} %{!?1:0} \ %{expand:%%kernel_meta_package %{?1:%{1}}}\ @@ -1829,17 +1835,12 @@ RHJOBS=$RPM_BUILD_NCPUS PACKAGE_NAME=kernel ./process_configs.sh $OPTS ${specver cp %{SOURCE82} . RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh %{primary_target} -## We may want to override files from the primary target in case of building -## against a flavour of it (eg. centos not rhel), thus override it here if -## necessary -#if [ "%{primary_target}" == "rhel" ]; then -#%if 0%{?centos} -# echo "Updating scripts/sources to centos version" -# RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh centos -#%else -# echo "Not updating scripts/sources to centos version" -#%endif -#fi +# We may want to override files from the primary target in case of building +# against a flavour of it (eg. centos not rhel), thus override it here if +# necessary +if [ "%{primary_target}" == "rhel" ]; then + echo "Not updating scripts/sources to centos version" +fi # end of kernel config %endif @@ -2461,8 +2462,11 @@ BuildKernel() { SBATsuffix="rhel" %endif SBAT=$(cat <<- EOF - linux,1,MSVSphere,$KernelVer,mailto:security@msvsphere-os.ru + linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com + linux,1,MSVSphere,$KernelVer,mailto:security@msvsphere-os.ru + linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com linux.$SBATsuffix,1,MSVSphere,$KernelVer,mailto:security@msvsphere-os.ru + kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com kernel-uki-virt.$SBATsuffix,1,MSVSphere,kernel-uki-virt,$KernelVer,mailto:security@msvsphere-os.ru EOF ) @@ -2491,9 +2495,11 @@ BuildKernel() { %if %{signkernel} %if 0%{?centos} - UKI_secureboot_name=centossecureboot204 + UKI_secureboot_name=spheresecureboot001 + UKI_secureboot_cert=%{SOURCE151} %else - UKI_secureboot_name=redhatsecureboot504 + UKI_secureboot_name=spheresecureboot001 + UKI_secureboot_cert=%{SOURCE152} %endif UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer @@ -3794,6 +3800,15 @@ fi # # %changelog +* Fri Sep 06 2024 Lucas Zampieri [5.14.0-503.2.1.el9_5] +- sctp: fix association labeling in the duplicate COOKIE-ECHO case (Ondrej Mosnacek) [RHEL-48647] +- s390/ap: Refine AP bus bindings complete processing (Cédric Le Goater) [RHEL-50373] +- ice: Add netif_device_attach/detach into PF reset flow (Michal Schmidt) [RHEL-56084] + +* Tue Sep 03 2024 Lucas Zampieri [5.14.0-503.1.1.el9_5] +- usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (Desnes Nunes) [RHEL-52378] {CVE-2024-42226} +- redhat: set defaults for RHEL 9.5 (Lucas Zampieri) + * Wed Oct 9 2024 Arkady L. Shane [5.14.0-503.el9] - Debranding for MSVSphere 9.5