From 3467cd2ed78b93efb3fcc867193ae2de39a1aea5 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Tue, 11 Nov 2025 09:36:55 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.83.1 to #ID5Y6L update to kernel-4.18.0-553.83.1 for CVE-2022-50367 CVE-2023-53178 CVE-2025-40300 Project: TC2024080204 Signed-off-by: Jacob Wang --- ...es-causes-kernel-compilation-to-fail.patch | 11 ------- download | 6 ++-- kernel-x86_64-debug.config | 1 + kernel-x86_64.config | 1 + kernel.spec | 31 ++++++++++++++----- 5 files changed, 29 insertions(+), 21 deletions(-) delete mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison diff --git a/download b/download index 51a3321..efaaa0a 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -617059adb7f9a0f97a3f753cf9f76d35 kernel-abi-stablelists-4.18.0-553.tar.bz2 -607d4269d50cb377d94f3bcb7405fbd9 kernel-kabi-dw-4.18.0-553.tar.bz2 -7f918fa6265a0705c57c3f565a7820f9 linux-4.18.0-553.82.1.el8_10.tar.xz +54490c13a76628ad026ef6848b188798 kernel-abi-stablelists-4.18.0-553.tar.bz2 +dacb6c59855053065f7f64fcfb9aa828 kernel-kabi-dw-4.18.0-553.tar.bz2 +fa27db3ade9289eac80c234b6a2fbc17 linux-4.18.0-553.83.1.el8_10.tar.xz diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 779f161..213c7e2 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -3936,6 +3936,7 @@ CONFIG_MISDN_L1OIP=m CONFIG_MISDN_NETJET=m CONFIG_MISDN_SPEEDFAX=m CONFIG_MISDN_W6692=m +CONFIG_MITIGATION_VMSCAPE=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_INFINIBAND=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index c7fc8a8..805cd4e 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -3936,6 +3936,7 @@ CONFIG_MISDN_L1OIP=m CONFIG_MISDN_NETJET=m CONFIG_MISDN_SPEEDFAX=m CONFIG_MISDN_W6692=m +CONFIG_MITIGATION_VMSCAPE=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_INFINIBAND=m diff --git a/kernel.spec b/kernel.spec index bf3fdbf..d04497f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.82.1.el8_10 +%define pkgrelease 553.83.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.82.1%{anolis_release}%{?dist} +%define specrelease 553.83.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -550,7 +549,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1108,7 +1106,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2708,8 +2705,28 @@ fi # # %changelog -* Thu Nov 06 2025 Xiaoping Liu - 4.18.0-553.82.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Thu Oct 30 2025 Denys Vlasenko [4.18.0-553.83.1.el8_10] +- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367} +- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285] +- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781] +- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781] +- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781] +- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781] +- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781] +- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757] +- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215] +- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215] +- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215] +- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611] +- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} +- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} * Thu Oct 23 2025 Alexandra Hájková [4.18.0-553.82.1.el8_10] - smb: client: fix missing timestamp updates after utime(2) (Paulo Alcantara) [RHEL-109431] -- Gitee From fc8e22d3ee0752c0771028008778a992030cf30c Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ kernel.spec | 8 +++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison diff --git a/kernel.spec b/kernel.spec index d04497f..7aa72f0 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.83.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.83.1%{?dist} +%define specrelease 553.83.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -549,6 +550,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1106,6 +1108,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2705,6 +2708,9 @@ fi # # %changelog +* Tue Nov 11 2025 Xiaoping Liu - 4.18.0-553.83.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Thu Oct 30 2025 Denys Vlasenko [4.18.0-553.83.1.el8_10] - fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367} - redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285] -- Gitee