diff --git a/.gitignore b/.gitignore index 5fed0c9..a5880dd 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 -SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz +SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index fe7d72b..e6ab8bf 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 -98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 -8e36f68bdc4846384ae9835f703e877318c66d1c SOURCES/linux-4.18.0-513.11.1.el8_9.tar.xz +4c412afe8fdb3401721cdb2a253389272acff21d SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 +735b2f20ec96279896ae2ab6820ac7c4861825d2 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 +cb01896ee61636ccd11f3359e7d30d390802cc81 SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index c7a0401..cc32e74 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 513.11.1.el8_9 +%define pkgrelease 513.18.1.el8_9 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 513.11.1%{?dist} +%define specrelease 513.18.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2669,6 +2669,71 @@ fi # # %changelog +* Thu Feb 01 2024 Patrick Talbert [4.18.0-513.18.1.el8_9] +- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646} +- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} +- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} +- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} +- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} +- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} +- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} +- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007] +- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817} + +* Thu Jan 25 2024 Patrick Talbert [4.18.0-513.17.1.el8_9] +- redhat: rewrite genlog and support Y- tags (Jan Stancek) +- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606} +- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410] +- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944] +- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128] + +* Thu Jan 18 2024 Patrick Talbert [4.18.0-513.16.1.el8_9] +- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142] +- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142] +- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142] +- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142] +- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142] +- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142] +- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142] +- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142] +- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244] +- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073} +- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831] +- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055] + +* Thu Jan 11 2024 Patrick Talbert [4.18.0-513.15.1.el8_9] +- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244] +- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244] +- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} +- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} +- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} +- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} + +* Thu Jan 04 2024 Patrick Talbert [4.18.0-513.14.1.el8_9] +- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19452 RHEL-6567] {CVE-2022-3545} +- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (David Marlin) [RHEL-18999 RHEL-1231] {CVE-2023-40283} +- md/raid5: release batch_last before waiting for another stripe_head (Nigel Croxon) [RHEL-12284 RHEL-9875] + +* Thu Dec 21 2023 Patrick Talbert [4.18.0-513.13.1.el8_9] +- Fix double fget() in vhost_net_set_backend() (Jon Maloy) [RHEL-13212 RHEL-7162] {CVE-2023-1838} +- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19462 RHEL-6429] {CVE-2023-2166} +- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176} +- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176} +- net: fix net device address assign type (Michal Schmidt) [RHEL-17296 RHEL-6383] +- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17296 RHEL-6383] +- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717} +- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717} +- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18583 RHEL-6655] {CVE-2022-41858} + +* Thu Dec 14 2023 Patrick Talbert [4.18.0-513.12.1.el8_9] +- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623} +- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623} +- net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921} +- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921} +- net/tls: Remove the context from the list in tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301] +- tls: Fix context leak on tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301] +- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15187 RHEL-15188] {CVE-2023-45871} + * Thu Dec 07 2023 Patrick Talbert [4.18.0-513.11.1.el8_9] - redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko) - blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]