From 2765c65162289ed9266de21347c77fa723cb9c45 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Fri, 15 Aug 2025 09:17:02 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.69.1 to #ICT1T6 update to kernel-4.18.0-553.69.1 for CVE-2021-47670 CVE-2024-56644 CVE-2025-21727 CVE-2025-21759 CVE-2025-38085 CVE-2025-38159 Project: TC2024080204 Signed-off-by: Jacob Wang --- ...es-causes-kernel-compilation-to-fail.patch | 11 ---- download | 4 +- kernel.spec | 52 ++++++++++++++++--- 3 files changed, 47 insertions(+), 20 deletions(-) delete mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison diff --git a/download b/download index 0dba963..eaf4c1e 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -bb2a15373d399432d4670f42b239c56a kernel-abi-stablelists-4.18.0-553.tar.bz2 +caefe24457b0d7f3fff3ae7be739a931 kernel-abi-stablelists-4.18.0-553.tar.bz2 dacb6c59855053065f7f64fcfb9aa828 kernel-kabi-dw-4.18.0-553.tar.bz2 -791dda89a9f40cc474d03e09776e8ee9 linux-4.18.0-553.66.1.el8_10.tar.xz +b319626919126460dc4a6071e54b1e6c linux-4.18.0-553.69.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index d85f65f..0714246 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.66.1.el8_10 +%define pkgrelease 553.69.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.66.1%{anolis_release}%{?dist} +%define specrelease 553.69.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -550,7 +549,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1108,7 +1106,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2708,8 +2705,49 @@ fi # # %changelog -* Thu Aug 07 2025 Xiaoping Liu - 4.18.0-553.66.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Thu Aug 07 2025 Denys Vlasenko [4.18.0-553.69.1.el8_10] +- Revert "sch_htb: make htb_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140] +- Revert "sch_drr: make drr_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140] +- Revert "sch_qfq: make qfq_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140] +- Revert "codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()" (Denys Vlasenko) [RHEL-108140] +- Revert "sch_htb: make htb_deactivate() idempotent" (Denys Vlasenko) [RHEL-108140] +- Revert "net/sched: Always pass notifications when child class becomes empty" (Denys Vlasenko) [RHEL-108140] +- Revert "sch_cbq: make cbq_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140] + +* Mon Aug 04 2025 Denys Vlasenko [4.18.0-553.68.1.el8_10] +- ipv6: mcast: extend RCU protection in igmp6_send() (Hangbin Liu) [RHEL-102392] {CVE-2025-21759} +- md/md-bitmap: move bitmap_{start, end}write to md upper layer (Nigel Croxon) [RHEL-57991] +- md/raid5: implement pers->bitmap_sector() (Nigel Croxon) [RHEL-57991] +- md: add a new callback pers->bitmap_sector() (Nigel Croxon) [RHEL-57991] +- md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() (Nigel Croxon) [RHEL-57991] +- md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() (Nigel Croxon) [RHEL-57991] +- md/raid5: recheck if reshape has finished with device_lock held (Nigel Croxon) [RHEL-57991] +- md/md-linear: enable io accounting (Nigel Croxon) [RHEL-59928] +- md/md-multipath: enable io accounting (Nigel Croxon) [RHEL-59928] +- md/raid10: switch to use md_account_bio() for io accounting (Nigel Croxon) [RHEL-59928] +- md/raid1: switch to use md_account_bio() for io accounting (Nigel Croxon) [RHEL-59928] +- raid5: fix missing io accounting in raid5_align_endio() (Nigel Croxon) [RHEL-59928] +- md: also clone new io if io accounting is disabled (Nigel Croxon) [RHEL-59928] +- sch_cbq: make cbq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] +- net/sched: Always pass notifications when child class becomes empty (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350} +- sch_htb: make htb_deactivate() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350} +- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350} +- sch_qfq: make qfq_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350} +- sch_drr: make drr_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350} +- sch_htb: make htb_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350} +- can: peak_usb: fix use after free bugs (CKI Backport Bot) [RHEL-99447] {CVE-2021-47670} +- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CKI Backport Bot) [RHEL-103141] {CVE-2025-38159} +- net/ipv6: release expired exception dst cached in socket (Guillaume Nault) [RHEL-105794] {CVE-2024-56644} + +* Thu Jul 31 2025 Denys Vlasenko [4.18.0-553.67.1.el8_10] +- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Rafael Aquini) [RHEL-101233] {CVE-2025-38085} +- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (Rafael Aquini) [RHEL-101233] {CVE-2025-38085} +- mm/khugepaged: fix GUP-fast interaction by sending IPI (Rafael Aquini) [RHEL-101233] {CVE-2025-38085} +- mm/khugepaged: take the right locks for page table retraction (Rafael Aquini) [RHEL-101233] {CVE-2025-38085} +- mm/khugepaged: unify collapse pmd clear, flush and free (Rafael Aquini) [RHEL-101233] {CVE-2025-38085} +- padata: fix UAF in padata_reorder (Waiman Long) [RHEL-101398] {CVE-2025-21727} +- redhat: update BUILD_TARGET to rhel-8.10.0-z-test-pesign (Jan Stancek) +- ftrace: Clean up hash direct_functions on register failures (Gregory Bell) [RHEL-103912] * Mon Jul 28 2025 Denys Vlasenko [4.18.0-553.66.1.el8_10] - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} -- Gitee From 58917213f9ecf0544f9258d8bc7be1a480d81f44 Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ kernel.spec | 8 +++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison diff --git a/kernel.spec b/kernel.spec index 0714246..a6db3f5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.69.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.69.1%{?dist} +%define specrelease 553.69.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -549,6 +550,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1106,6 +1108,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2705,6 +2708,9 @@ fi # # %changelog +* Fri Aug 15 2025 Xiaoping Liu - 4.18.0-553.69.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Thu Aug 07 2025 Denys Vlasenko [4.18.0-553.69.1.el8_10] - Revert "sch_htb: make htb_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140] - Revert "sch_drr: make drr_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140] -- Gitee