From b2a260bc1031082814908b9ebcb6b4ecba115195 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 3 Sep 2025 11:06:43 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.72.1 to #ICW413 update to kernel-4.18.0-553.72.1 for CVE-2025-38211 CVE-2025-38332 CVE-2025-38464 CVE-2025-38477 Project: TC2024080204 Signed-off-by: Jacob Wang --- ...es-causes-kernel-compilation-to-fail.patch | 11 ----- download | 4 +- kernel.spec | 49 ++++++++++++++++--- 3 files changed, 44 insertions(+), 20 deletions(-) delete mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison diff --git a/download b/download index 737c283..08661af 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -d4c872e655b6b344460eb424c2531829 kernel-abi-stablelists-4.18.0-553.tar.bz2 +071543236a55937f74f3d1463f43754a kernel-abi-stablelists-4.18.0-553.tar.bz2 dacb6c59855053065f7f64fcfb9aa828 kernel-kabi-dw-4.18.0-553.tar.bz2 -7386f755c05942e562231ff03cbe2075 linux-4.18.0-553.71.1.el8_10.tar.xz +40a0a86d31409e4393bc82f8201ea622 linux-4.18.0-553.72.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index 3fadb5b..447efb6 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.71.1.el8_10 +%define pkgrelease 553.72.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.71.1%{anolis_release}%{?dist} +%define specrelease 553.72.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -550,7 +549,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1108,7 +1106,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2708,8 +2705,46 @@ fi # # %changelog -* Thu Aug 28 2025 Xiaoping Liu - 4.18.0-553.71.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Sat Aug 23 2025 Denys Vlasenko [4.18.0-553.72.1.el8_10] +- scsi: lpfc: Use memcpy() for BIOS version (Ewan D. Milne) [RHEL-105927] {CVE-2025-38332} +- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103371] +- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Michal Schmidt) [RHEL-104260] {CVE-2025-38211} +- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Michal Schmidt) [RHEL-104260] {CVE-2024-47696} +- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Michal Schmidt) [RHEL-104260] {CVE-2024-42285} +- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (CKI Backport Bot) [RHEL-106312] {CVE-2025-38477} +- net/sched: sch_qfq: Fix race condition on qfq_aggregate (CKI Backport Bot) [RHEL-106312] {CVE-2025-38477} +- cxgb4: use port number to set mac addr (CKI Backport Bot) [RHEL-75976] +- net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107894] +- aacraid: fix a buffer overflow (Tomas Henzl) [RHEL-62313] +- filemap: remove use of wait bookmarks (Brian Foster) [RHEL-107181] +- x86/efistub: Omit physical KASLR when memory reservations exist (Ricardo Robaina) [RHEL-82369] +- efi/libstub: Check return value of efi_parse_options (Ricardo Robaina) [RHEL-82369] +- efi/x86: Support builtin command line (Ricardo Robaina) [RHEL-82369] +- tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106635] {CVE-2025-38464} +- sbitmap: remove stale comment in sbq_calc_wake_batch (Ming Lei) [RHEL-81758] +- block: Fix lockdep warning in blk_mq_mark_tag_wait (Ming Lei) [RHEL-81758] +- blk-mq: fix potential io hang by wrong 'wake_batch' (Ming Lei) [RHEL-81758] +- lib/sbitmap: define swap_lock as raw_spinlock_t (Ming Lei) [RHEL-81758] +- sbitmap: fix io hung due to race on sbitmap_word::cleared (Ming Lei) [RHEL-81758] +- sbitmap: use READ_ONCE to access map->word (Ming Lei) [RHEL-81758] +- sbitmap: fix batching wakeup (Ming Lei) [RHEL-81758] +- sbitmap: correct wake_batch recalculation to avoid potential IO hung (Ming Lei) [RHEL-81758] +- sbitmap: add sbitmap_find_bit to remove repeat code in __sbitmap_get/__sbitmap_get_shallow (Ming Lei) [RHEL-81758] +- sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code (Ming Lei) [RHEL-81758] +- sbitmap: remove redundant check in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] +- sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow (Ming Lei) [RHEL-81758] +- sbitmap: Use atomic_long_try_cmpxchg in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] +- sbitmap: remove unnecessary code in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] +- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (Ming Lei) [RHEL-81758] +- lib/sbitmap: kill 'depth' from sbitmap_word (Ming Lei) [RHEL-81758] +- sbitmap: add __sbitmap_queue_get_batch() (Ming Lei) [RHEL-81758] +- sbitmap: Try each queue to wake up at least one waiter (Ming Lei) [RHEL-81758] +- wait: Return number of exclusive waiters awaken (Ming Lei) [RHEL-81758] +- sched/wait: Deduplicate code with do-while (Ming Lei) [RHEL-81758] +- sbitmap: Advance the queue index before waking up a queue (Ming Lei) [RHEL-81758] +- sbitmap: Use single per-bitmap counting to wake up queued tags (Ming Lei) [RHEL-81758] +- blk-mq: Fix wrong wakeup batch configuration which will cause hang (Ming Lei) [RHEL-81758] +- blk-mq: fix tag_get wait task can't be awakened (Ming Lei) [RHEL-81758] * Fri Aug 15 2025 Denys Vlasenko [4.18.0-553.71.1.el8_10] - udp: Fix memory accounting leak. (Xin Long) [RHEL-104084] {CVE-2025-22058} -- Gitee From e78964cb9182114c8b779bdffa1f8de62bf71cee Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ kernel.spec | 8 +++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison diff --git a/kernel.spec b/kernel.spec index 447efb6..9ea38ec 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.72.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.72.1%{?dist} +%define specrelease 553.72.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -549,6 +550,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1106,6 +1108,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2705,6 +2708,9 @@ fi # # %changelog +* Wed Sep 03 2025 Xiaoping Liu - 4.18.0-553.72.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Sat Aug 23 2025 Denys Vlasenko [4.18.0-553.72.1.el8_10] - scsi: lpfc: Use memcpy() for BIOS version (Ewan D. Milne) [RHEL-105927] {CVE-2025-38332} - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103371] -- Gitee