From ecc9df28561e7345477170a7d304356ab703717a Mon Sep 17 00:00:00 2001 From: hz <572478035@qq.com> Date: Wed, 10 Aug 2022 11:23:14 +0800 Subject: [PATCH] update to kernel-3.10.0-1160.76.1.el7 Signed-off-by: hz <572478035@qq.com> --- Makefile.common | 2 +- centos-ca-secureboot.der | Bin 879 -> 0 bytes centos-kpatch.x509 | Bin 1063 -> 0 bytes centos-ldup.x509 | Bin 1070 -> 0 bytes centossecureboot001.crt | 81 ----------------------------- centossecureboot201.crt | 84 ------------------------------ centossecurebootca2.der | Bin 870 -> 0 bytes debrand-rh-i686-cpu.patch | 11 ---- debrand-rh_taint.patch | 25 --------- debrand-single-cpu.patch | 12 ----- download | 2 +- kernel.spec | 104 +++++++++++++++++++++++++++----------- redhatsecureboot301.cer | Bin 0 -> 899 bytes redhatsecureboot501.cer | Bin 0 -> 964 bytes redhatsecurebootca3.cer | Bin 0 -> 977 bytes redhatsecurebootca5.cer | Bin 0 -> 920 bytes rheldup3.x509 | Bin 0 -> 1198 bytes rhelkpatch1.x509 | Bin 0 -> 1176 bytes x509.genkey | 6 +-- 19 files changed, 79 insertions(+), 248 deletions(-) delete mode 100644 centos-ca-secureboot.der delete mode 100644 centos-kpatch.x509 delete mode 100644 centos-ldup.x509 delete mode 100644 centossecureboot001.crt delete mode 100644 centossecureboot201.crt delete mode 100644 centossecurebootca2.der delete mode 100644 debrand-rh-i686-cpu.patch delete mode 100644 debrand-rh_taint.patch delete mode 100644 debrand-single-cpu.patch create mode 100644 redhatsecureboot301.cer create mode 100644 redhatsecureboot501.cer create mode 100644 redhatsecurebootca3.cer create mode 100644 redhatsecurebootca5.cer create mode 100644 rheldup3.x509 create mode 100644 rhelkpatch1.x509 diff --git a/Makefile.common b/Makefile.common index c4e2691..ff03054 100644 --- a/Makefile.common +++ b/Makefile.common @@ -9,7 +9,7 @@ RPMVERSION:=3.10.0 # marker is git tag which we base off of for exporting patches MARKER:=v3.10 PREBUILD:= -BUILD:=1160.66.1 +BUILD:=1160.76.1 DIST:=.el7 SPECFILE:=kernel.spec RPM:=$(REDHAT)/rpm diff --git a/centos-ca-secureboot.der b/centos-ca-secureboot.der deleted file mode 100644 index 44a2563dee3f8eeecd5026306be46d2a8d89970d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 879 zcmXqLV$L>bVhUcs%*4pV#L4hmNbBIg2mJ>Oc-c6$+C196^D;7WvoaX?7^)elurY_S zF!RVdr{iSrs-7?>Fv8(0{a7??+i^BS8Q8X6fuxm32TiBSpJJB+Lh%uS5^348KkAG`4ntQednD^|^pY~&Kq^%)~p5y8z^R2XQM3^4F%YNucVa@Vyd<##+TldVe z>HXPWSAFxr2}Nw1;(%}ABz}^NXVPU)=s;ZQnxw2yL5!q z_1TwLeKwE>Nh`BR7>G4sSHJ^OAk4yQz|6?_A34l{NeCF`j12SlMr)}`?Dy9W+G@4s zW`>k-x7XUg*9_lZ_|Rt1`y+_Q_{DVFc8liaEQTc$&vf^v{1QCy?cno9R-=&16Dq}P z%k2(-TE@Nj?)0O_5?}Uo3C3|LWN2)>bZ5!I@Q1|*_FnktkT~@gd(O7GvO6~CT)1^W zu5In*6)wKN66H(%S=4W`O}U?aSoXzd=`!{9E6chR_s72#cyj3%Lj~*a_A<@lzBai7 z7Rgz&&c2>=FK*M8@9%Wkqzl!>@(LuPSKVX#p3rtX|Hh+r$$y*yO^378yT)1vYU2N z{%L=#s{b$lz0dFST?@ZkYH{q=b^pX3wm_}aHE~T6%5gvbPG_!}`t`qz<@fLJBw~!z zEA*6jr}kuopFXoj@sNbugW%}_PXBD)3f^wx_+e6T`R3P!pJIb%<+vDczh<(vZyLYu z_n40PGM9T;KG^-frngjM?z%52+i&Duxf7rDQtzVPUPdMB*&!9q2 zjggx0gj2Q`+%DF9I~Fr#50|syqo$+6&NnaH9n28cQseje(H8Wmn7yGi{OIG~5)9|o z_G@oB5bSl$a1GZU?mvN?(@J&K9UTM|15S7-UU}23n3lWX*5B`T9q-Lq(~dHnar5?Z zJn_9E>}iI0&qcMRcaN-BdiL3HrndBdk(kV+kN+nrr*$$hGcqtPjxvZa-~`5~tS}3c z0fPZIh{?~w!py|p08T8jd@N!tBClA4MRo4U&Uk%i@xOc~g9$$KzKa{kgVZXsNEnDU zh^%z;JQUou^h==N+T%|WO&Vqd_e?~NePH?n#(pD1=^8bjee&l&p6F=QS}hu9%s0b= z?ToDco(H`z0^FozZk0_HKfCQx@$|hc?2D4Ncu7pJz2+`*N%Hw328I_WHT-z4mG|-- zpPIRRiDAD*iV1U*bHw^`4eNt(?5_1%y7Rj7N=4qVZP3fi$xK`)dQ!LP!|G@E=NZnH z=Q2B)ypVzU?5EAAc5`NZ-&~TFii?K;H?OMRX!fm}g>(@RxbUMLR<=7MbB$XKn z4BbTzQ&($Ah&(zKao;*gX}8*j%XOFKtmaNE6z5X1l+3twAkfP2nAg#k&O>t_1qB&+ z#?Lxz%;GOHT`>4fsfe@tj~;^qi`UJ%>c=+6iCHyqhV!;(%fvaq5j#&QjwS5e91i5@VdsrDO3Ug4&1kN diff --git a/centos-ldup.x509 b/centos-ldup.x509 deleted file mode 100644 index 9c65dd3ab623d04a9333df892f540755cef603f8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1070 zcmXqLV$m{aVw$vonTe5!iAA`SIl_RKjZ>@5qwPB{BO@y-gMp%w@giBFoS!$6&X+cV2Nvc9|W_n&`Ub;edYNbIF<052-FtRc*H!=1z0L8nQniv}y zPCiy;Qo8$>F=pR0_2-M2oRZ};W=>xD{lo&PQ_~;Zy0lo*auuV@ffpJselK_5&0ZU+ zR<^>ZXPSKF?3||fOGlz|uX(g74yp9?Ms~& z9g81M4RV?uTX;U1_eEIS9KUj%R|=I!z11t$^SwK`{lWXvvVUOHy&Kkv+vXG z((8vO7ws1GoA!u3V0Bfyh<=uGySe12LKr_-JO>br2H{fYaFf*1Xa?8*0MzIMcxVY!;V|3lMLQ21_C4iLws`4g%{b%5XPR5@{nyZJPWXSsCnot5Yue3( zH&?#gQMHlaH@RS|-La#)q)z>1n@-NFZvw~rTU+NSNG!5mH!Dm_bMlty-=&{?;oN@q z0ki+MFIk&*Z)2J6U^lmC6EpA6@3J$^TO-Y{T-j4e=lBeF_n4w9cEZMv#l~80M0zip#T5? diff --git a/centossecureboot001.crt b/centossecureboot001.crt deleted file mode 100644 index c67b0f3..0000000 --- a/centossecureboot001.crt +++ /dev/null @@ -1,81 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b6:16:15:71:72:fb:31:7e - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org - Validity - Not Before: Aug 1 11:47:30 2018 GMT - Not After : Dec 31 11:47:30 2037 GMT - Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa: - 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51: - cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2: - 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3: - 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0: - bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18: - 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97: - a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57: - 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35: - 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0: - aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65: - 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46: - f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f: - 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2: - 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4: - 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28: - 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef: - 94:0f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: - Digital Signature - X509v3 Subject Key Identifier: - F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29 - X509v3 Authority Key Identifier: - keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3 - - Signature Algorithm: sha256WithRSAEncryption - 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c: - dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da: - 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b: - 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a: - 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e: - b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef: - f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f: - 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56: - a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30: - 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a: - ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97: - 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c: - 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77: - da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71: - da:7f:89:1d ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx -NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg -BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4 -MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP -f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2 -bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/ -VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR -pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud -EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb -Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B -AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G -1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV -IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv -0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ -+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD -bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ== ------END CERTIFICATE----- diff --git a/centossecureboot201.crt b/centossecureboot201.crt deleted file mode 100644 index f9d9675..0000000 --- a/centossecureboot201.crt +++ /dev/null @@ -1,84 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 93:c2:04:d8:bd:77:6b:11 - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot CA 2/emailAddress=security@centos.org - Validity - Not Before: Jun 9 10:04:20 2020 GMT - Not After : Jan 18 10:04:20 2038 GMT - Subject: CN=CentOS Secure Boot Signing 201/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9e:ef:fe:76:1c:9f:9b:3e:f2:e4:c5:29:bd:19: - 32:01:59:f3:e6:99:fa:eb:b5:f8:94:0c:95:3a:65: - 5e:b1:72:d0:50:3e:70:64:8a:1a:d1:f6:4d:af:6d: - 57:ee:40:71:40:09:dd:30:0c:81:a1:8b:26:63:12: - 07:bf:e1:d1:45:9f:9b:09:a6:57:98:9e:ef:97:e9: - bd:68:38:ea:aa:63:92:2e:0d:2f:8e:fb:be:88:40: - 9b:59:e3:bc:b7:6f:e3:bb:6b:1e:6e:9e:ee:57:b8: - 28:c6:d5:d6:bf:47:a6:e9:38:a9:8f:08:73:98:49: - a8:58:d2:62:73:f1:1e:44:d4:88:3d:f9:aa:43:e2: - 72:2e:d7:43:3e:1d:b6:65:f6:d1:2e:ef:31:cb:9f: - 5e:e3:d4:ea:3c:23:9a:07:af:f9:4a:ee:43:9a:75: - 06:ed:9a:54:2c:ed:5b:ca:85:a5:10:16:cd:30:64: - ea:d5:27:7e:23:f6:fc:ec:69:a9:43:2f:78:73:6b: - 33:78:8b:f8:54:db:3f:ce:95:a4:5a:04:9a:15:49: - 98:cd:34:7c:c7:8c:a9:8a:32:82:ae:c0:d6:34:93: - e7:d2:54:82:45:ee:eb:54:9a:96:d4:da:4b:24:f8: - 09:56:d8:cd:7f:ec:7b:f3:bd:db:9b:8c:b6:18:87: - fa:07 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: critical - Code Signing - X509v3 Subject Key Identifier: - 5D:4B:64:F2:FA:63:1E:5E:5F:DB:AA:DC:14:67:C6:6C:99:21:7A:22 - X509v3 Authority Key Identifier: - keyid:70:00:7F:99:20:9C:12:6B:E1:47:74:EA:EC:7B:6D:96:31:F3:4D:CA - - Signature Algorithm: sha256WithRSAEncryption - 39:4b:b5:cc:37:3f:cd:db:84:0f:63:7c:c4:e4:53:fb:5e:fd: - db:12:19:23:6f:0a:50:14:fd:4f:7c:f9:87:3d:f9:6d:5b:af: - 07:a5:94:34:1b:84:07:f4:f1:a0:de:cc:73:87:99:31:c3:93: - 66:c0:bc:f2:0f:b2:69:65:8e:da:b9:1a:8e:ae:38:56:f3:7c: - 5a:8d:29:0d:3d:ad:84:e7:86:31:a2:8e:2a:a8:f8:f8:f7:87: - 32:65:5d:81:47:53:b8:40:c5:1b:a7:46:1f:b0:60:a7:b4:97: - 89:51:26:3c:de:46:b9:14:d5:a0:7d:99:cc:a7:7e:ed:89:18: - 02:ce:e6:07:45:49:e2:04:7d:5b:03:65:ec:e6:c3:86:0d:82: - 31:24:45:51:ec:15:ad:31:83:a8:1c:6e:52:4d:b8:0f:5d:0b: - e4:7b:51:49:39:46:8a:0b:fd:0c:46:af:b4:19:65:0f:12:f1: - fc:ee:fd:6b:4f:df:9a:73:7c:e0:c8:3d:c3:d5:b5:ab:4a:86: - 36:97:e8:89:fb:af:f4:f1:c2:05:5d:17:fb:b6:df:a5:0e:45: - 89:db:89:99:93:ce:f0:4e:e9:9c:f4:4a:03:b0:6e:be:a2:69: - ab:b1:f3:3b:ed:c7:97:f4:0e:0a:53:27:5a:7e:70:9a:35:ea: - 7a:76:d1:bc ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIJAJPCBNi9d2sRMA0GCSqGSIb3DQEBCwUAMEYxIDAeBgNV -BAMMF0NlbnRPUyBTZWN1cmUgQm9vdCBDQSAyMSIwIAYJKoZIhvcNAQkBFhNzZWN1 -cml0eUBjZW50b3Mub3JnMB4XDTIwMDYwOTEwMDQyMFoXDTM4MDExODEwMDQyMFow -TTEnMCUGA1UEAwweQ2VudE9TIFNlY3VyZSBCb290IFNpZ25pbmcgMjAxMSIwIAYJ -KoZIhvcNAQkBFhNzZWN1cml0eUBjZW50b3Mub3JnMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAnu/+dhyfmz7y5MUpvRkyAVnz5pn667X4lAyVOmVesXLQ -UD5wZIoa0fZNr21X7kBxQAndMAyBoYsmYxIHv+HRRZ+bCaZXmJ7vl+m9aDjqqmOS -Lg0vjvu+iECbWeO8t2/ju2sebp7uV7goxtXWv0em6TipjwhzmEmoWNJic/EeRNSI -PfmqQ+JyLtdDPh22ZfbRLu8xy59e49TqPCOaB6/5Su5DmnUG7ZpULO1byoWlEBbN -MGTq1Sd+I/b87GmpQy94c2szeIv4VNs/zpWkWgSaFUmYzTR8x4ypijKCrsDWNJPn -0lSCRe7rVJqW1NpLJPgJVtjNf+x7873bm4y2GIf6BwIDAQABo3gwdjAMBgNVHRMB -Af8EAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAd -BgNVHQ4EFgQUXUtk8vpjHl5f26rcFGfGbJkheiIwHwYDVR0jBBgwFoAUcAB/mSCc -EmvhR3Tq7HttljHzTcowDQYJKoZIhvcNAQELBQADggEBADlLtcw3P83bhA9jfMTk -U/te/dsSGSNvClAU/U98+Yc9+W1brwellDQbhAf08aDezHOHmTHDk2bAvPIPsmll -jtq5Go6uOFbzfFqNKQ09rYTnhjGijiqo+Pj3hzJlXYFHU7hAxRunRh+wYKe0l4lR -JjzeRrkU1aB9mcynfu2JGALO5gdFSeIEfVsDZezmw4YNgjEkRVHsFa0xg6gcblJN -uA9dC+R7UUk5RooL/QxGr7QZZQ8S8fzu/WtP35pzfODIPcPVtatKhjaX6In7r/Tx -wgVdF/u236UORYnbiZmTzvBO6Zz0SgOwbr6iaaux8zvtx5f0DgpTJ1p+cJo16np2 -0bw= ------END CERTIFICATE----- diff --git a/centossecurebootca2.der b/centossecurebootca2.der deleted file mode 100644 index 42bdfcfbcda649796099fdc87bbe9dc58e2348d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 870 zcmXqLVoow>V)9zR%*4pV#L3VZSoN;M+UU0dFB_*;n@8JsUPeZ4Rt5t%Lj?mlHs(+k zW*%|p)Vvb^V1?k+zWand9m0rCz?btasy17qhCd~{zWSac7_phd5=E4lAo4tExT(TE@+xh11 zL5)4kX7}9{H-;C9i_BQIp!>|pw1_)NO3`N}XwL -Date: Thu, 19 Jun 2014 10:05:12 -0500 -Subject: [PATCH] branding patch for rh_taint - ---- - kernel/rh_taint.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c -index 59a74b0..0708e15 100644 ---- a/kernel/rh_taint.c -+++ b/kernel/rh_taint.c -@@ -8,7 +8,7 @@ - void mark_hardware_unsupported(const char *msg) - { - /* Print one single message */ -- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg); -+ pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg); - } - EXPORT_SYMBOL(mark_hardware_unsupported); - --- -1.8.3.1 - diff --git a/debrand-single-cpu.patch b/debrand-single-cpu.patch deleted file mode 100644 index afd0e0c..0000000 --- a/debrand-single-cpu.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -uNrp linux-3.10.0-957.27.2.el7.x86_64.orig/arch/x86/kernel/setup.c linux-3.10.0-957.27.2.el7.x86_64/arch/x86/kernel/setup.c ---- linux-3.10.0-957.27.2.el7.x86_64.orig/arch/x86/kernel/setup.c 2019-07-09 16:13:02.000000000 +0000 -+++ linux-3.10.0-957.27.2.el7.x86_64/arch/x86/kernel/setup.c 2019-07-29 17:32:40.018405430 +0000 -@@ -963,7 +963,7 @@ static void rh_check_supported(void) - if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !guest && !is_kdump_kernel()) { - pr_crit("Detected single cpu native boot.\n"); -- pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In CentOS Linux 7, single threaded, single CPU 64-bit physical systems are unsupported."); - } - - /* The RHEL7 kernel does not support this hardware. The kernel will diff --git a/download b/download index 5fcd3d3..66bc55d 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ dd4c41c2b2b5e2237fa63282e7bbdd7c kernel-abi-whitelists-1160.tar.bz2 85ce224ff3a41d590b5d0a5f7aa08bab kernel-kabi-dw-1160.tar.bz2 -7f4b38745931579524e1cf200c7f4407 linux-3.10.0-1160.66.1.el7.tar.xz +d0056f0af1fd94b2b7124f2f4c9ef1ec linux-3.10.0-1160.76.1.el7.tar.xz diff --git a/kernel.spec b/kernel.spec index dabb8b0..5cc7823 100644 --- a/kernel.spec +++ b/kernel.spec @@ -3,8 +3,7 @@ Summary: The Linux kernel -%define anolis_release .0.1 -%define dist .an7 +%define dist .el7 # % define buildid .local @@ -21,10 +20,10 @@ Summary: The Linux kernel %global distro_build 1160 %define rpmversion 3.10.0 -%define pkgrelease 1160.66.1.el7 +%define pkgrelease 1160.76.1.el7 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 1160.66.1%{anolis_release}%{?dist} +%define specrelease 1160.76.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -403,22 +402,22 @@ Source10: sign-modules Source11: x509.genkey Source12: extra_certificates %if %{?released_kernel} -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt -Source15: centossecurebootca2.der -Source16: centossecureboot201.crt -%define pesign_name_0 centossecureboot001 -%define pesign_name_1 centossecureboot201 +Source13: redhatsecurebootca3.cer +Source14: redhatsecureboot301.cer +Source15: redhatsecurebootca5.cer +Source16: redhatsecureboot501.cer +%define pesign_name_0 redhatsecureboot301 +%define pesign_name_1 redhatsecureboot501 %else -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt -Source15: centossecurebootca2.der -Source16: centossecureboot201.crt -%define pesign_name_0 centossecureboot001 -%define pesign_name_1 centossecureboot201 +Source13: redhatsecurebootca2.cer +Source14: redhatsecureboot003.cer +Source15: redhatsecurebootca4.cer +Source16: redhatsecureboot401.cer +%define pesign_name_0 redhatsecureboot003 +%define pesign_name_1 redhatsecureboot401 %endif -Source17: centos-ldup.x509 -Source18: centos-kpatch.x509 +Source17: rheldup3.x509 +Source18: rhelkpatch1.x509 Source19: check-kabi @@ -462,9 +461,6 @@ Source9999: lastcommit.stat # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -Patch1002: debrand-rh-i686-cpu.patch BuildRoot: %{_tmppath}/kernel-%{KVRA}-root @@ -648,11 +644,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n kernel-abi-whitelists -Summary: The CentOS Linux kernel ABI symbol whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n kernel-abi-whitelists -The kABI package contains information pertaining to the CentOS +The kABI package contains information pertaining to the Red Hat Enterprise Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -662,8 +658,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kabidw-base -The kabidw-base package contains data describing the current ABI of the CentOS -Linux kernel, suitable for the kabi-dw tool. +The kabidw-base package contains data describing the current ABI of the Red Hat +Enterprise Linux kernel, suitable for the kabi-dw tool. %endif # @@ -805,9 +801,6 @@ cd linux-%{KVRA} cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . ApplyOptionalPatch linux-kernel-test.patch -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch # Any further pre-build tree manipulations happen here. @@ -1811,8 +1804,59 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog -* Fri May 20 2022 maqi [3.10.0-1160.66.1.0.1.an7] -- Modified dist +* Tue Jul 26 2022 Rado Vrbovsky [3.10.0-1160.76.1.el7] +- sfc: complete the next packet when we receive a timestamp (Íñigo Huguet) [1793280] + +* Tue Jul 19 2022 Rado Vrbovsky [3.10.0-1160.75.1.el7] +- xfs: fix up non-directory creation in SGID directories (Andrey Albershteyn) [2089360] +- x86/speculation/mmio: Print SMT warning (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- KVM: x86/speculation: Disable Fill buffer clear within guests (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation/srbds: Update SRBDS mitigation selection (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- cpu/speculation: Add prototype for cpu_show_srbds() (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation: Add a common function for MD_CLEAR mitigation update (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- Documentation: Add documentation for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} +- [s390] s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc (Mete Durlu) [2072970] + +* Wed Jul 13 2022 Rado Vrbovsky [3.10.0-1160.74.1.el7] +- tracing: Fix bad use of igrab in trace_uprobe.c (Oleg Nesterov) [2096884] + +* Thu Jul 07 2022 Rado Vrbovsky [3.10.0-1160.73.1.el7] +- qede: Reduce verbosity of ptp tx timestamp (Manish Chopra) [2080646] +- RDMA/cma: Fix unbalanced cm_id reference count during address resolve (Kamal Heib) [2085425] + +* Tue Jun 28 2022 Rado Vrbovsky [3.10.0-1160.72.1.el7] +- sched,perf: Fix periodic timers (Valentin Schneider) [2077346] +- sched: debug: Remove the cfs bandwidth timer_active printout (Valentin Schneider) [2077346] +- sched: Cleanup bandwidth timers (Valentin Schneider) [2077346] + +* Wed Jun 15 2022 Rado Vrbovsky [3.10.0-1160.71.1.el7] +- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2093000] {CVE-2022-1966} +- netfilter: nf_tables: fix memory leak if expr init fails (Phil Sutter) [2093000] + +* Tue Jun 14 2022 Rado Vrbovsky [3.10.0-1160.70.1.el7] +- perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087954] + +* Mon Jun 06 2022 Rado Vrbovsky [3.10.0-1160.69.1.el7] +- mm: memcg: charge memsw as well in __GFP_NOFAIL case (Rafael Aquini) [2082564] + +* Thu May 26 2022 Rado Vrbovsky [3.10.0-1160.68.1.el7] +- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) [2088025] +- xfs: use length to balance duplicate bno buffers in perag rb_tree (Brian Foster) [2050464] +- sock: sock_dequeue_err_skb() needs hard irq safety (Kenneth Yin) [2070408] + +* Tue May 17 2022 Rado Vrbovsky [3.10.0-1160.67.1.el7] +- mm/rmap.c: explicitly reset vma->anon_vma in unlink_anon_vmas() (Rafael Aquini) [1824109 2069962] +- mm/rmap.c: don't reuse anon_vma if we just want a copy (Rafael Aquini) [1824109 2069962] +- mm/mmap.c: rb_parent is not necessary in __vma_link_list() (Rafael Aquini) [1824109 2069962] +- mm/mmap.c: extract __vma_unlink_list() as counterpart for __vma_link_list() (Rafael Aquini) [1824109 2069962] +- mm/mmap.c: __vma_unlink_prev() is not necessary now (Rafael Aquini) [1824109 2069962] +- mm/mmap.c: prev could be retrieved from vma->vm_prev (Rafael Aquini) [1824109 2069962] * Wed Apr 27 2022 Rado Vrbovsky [3.10.0-1160.66.1.el7] - net-sysfs: add check for netdevice being present to speed_show (William Zhao) [2055457] diff --git a/redhatsecureboot301.cer b/redhatsecureboot301.cer new file mode 100644 index 0000000000000000000000000000000000000000..20e660479db920c9af073ef60dfd52cfcd55ef35 GIT binary patch literal 899 zcmXqLVy-u6VoG1Y%*4pV#L4h}zvyHQr&ERoylk9WZ60mkc^MhGSs4s`4b=@)*_cCF zn1$tnQd1N>5=#_OQj1C) zic(WD5=-=w^K%X4#CZ)(3=Iv;4Gj!U4NRlNd5z71To3|r4T21H474EDDPy&+I5Ryj zGcTPKJDV7lkbT9-%D~*j$j@NV#K^_e#K_37NxkdnB-fbdAp)7dSWBPZtXrYb5w*C@ z@r&`BZ02)^7x}9-F_f-vdj9zHex2s374i`=>Kunka%XeJpYTcWnYOXcua#Nzv{P2r z{{KfRpNsxBUvPxw_cT2h+pJ?Ab^$YP&OhK@vBdbb{HgCD zgVUK-5>__PZZU-1nmGUR*MJSDB-cbvx6RHHnXKVwU9@H2#x6FkEt|?~dgtD8aoSb6 z`P$`cNzxNN-!l}2zMhj&w=>05mb+)gq|2XQRV^~E`;)lfwmuUxBLm~&Sc7N-9$?7J z3NtePXJIm6FyIF9_*qz(nb;c)WI-H07BLo)aL4})TlQq;>8I$gIMsYUAgZGz$Uq(> zt;`}}Al4w_Al4%0a?Yxeg@ctn?ZuBpb5eiAAV&Z&Spg$}kwNnVx9_f&sUPlII<6Po zwsYpDLfs|_*M8fGuUk4-m%YAz`?d3h%8P~vysm29RsQ!WK%@63*E zY;yV?ieH$Xp0GJ~>}cV)`v*$4n0`ogx_k24UDm?Lu%T{WiSI>r}MgeY{-MAm@j(GO|_ezzhSNC%m_dopoSNWyMX47EzS*y|} z3cr~?y=&H&a;tfp6!|uI6Eqs8Y&qmz)j<1 z6ca8^O-{^7Eh=#+N=?Z~EYVBO&oz(}=QT1gFf*_;ur#$aF^m%DHMTG?G_-(n4bpHr zK*K-{;sAMU4hYUn&&$k9S1<({MvOa}7?qIy&dAEZ+{DPwV9>?_b=fyaz_nMgbCq_4}%h&s@!! ze1+-H$r$aU3#Wbib#?#k&uh{GYUM6Zj@vtn;gxywxjzdyRhQhFw_E3gr&3h2=~R{1 zj&**wnV1`gIDK=C)Q=HpH6<5w#musUBRX5*FRT%+S?q^ zlC!X|$Tr`#TvsL{aXYvlkoIbiCkx z5_D~Q*@8!%rFvVIJk+SN&YvaV#ohSi!kzD4u!L^;lrQW*W7-1#!tQ%Ev()B&_RmzfDxh^SOyp9_ zQ{CMgMRQYpd7N(ray<%vF*_r`|Ig1qJ?keW%w>8X>p8K%ckRW_k5{=r91h)XDEdQO n!11>ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF zn1$tnQd1N>5=#_OQj1C) zic(WD5=-=w^K%X4#CZ)(42%qc(8R>VG)kP;*xbO#zzoWzwslR6O2{5!WMyD(V&rEq zXkz4IYGPz$nC+~vi6EDouC4!V-;tv&JA zN}nf->iaHo2tM8rAb&8=Njdj{a^${=Z?aE)&k<1VH{Q3Wx7jKD-_5CYum4K4d~JV` z`ccOE*<7!m22LI4&u3g0F3h!NN?ysm?c*7~^lIfF3D-Xhnr_&uU!bJ$?ZS8WW+A0- zr9raw{Iep~On)hDAUrqc*pZy>@YoE^;z#ABPp))utMY{K9XOZuN+87Vv97^}gccFK z6&c%&T=rzVyKuJ1S>c?Rq?77kYS zv==`X%}MC|0a-81!fL?G$oL;QPJxLO7^jR3 zp{b9(0{X(lQ;+K%h_CKtxc%nd+9kH!CBia&JkgcqO9LvF9(I1~^2+p(_fBqs&+@+g zjZG)^b(y8?lr#NV`RkoR|I-BpaSiJiPBV7drX0Bbe!0fPB95K&)ygj1YM5%bK;(6L z=7Y@r2hM%A`uyr;o|A^(c{icYtu_B=WuE^MZ_<i|1QMhsQHT z4}wg*#%C!d<*ePQAKPyWoS|9R;jPUx*P-5Ksuo_~6c3tyKHzf+y+r*{_;vOAw> zmv4Wk&h*1hGe;ze)#t#BH;PsH)$e|FOmna8+@9jW!^ymRMf{q+C84h)mppfN*sxn6 NnfI|Q%N6m!6aeL$dME$@ literal 0 HcmV?d00001 diff --git a/redhatsecurebootca5.cer b/redhatsecurebootca5.cer new file mode 100644 index 0000000000000000000000000000000000000000..dfb0284954861282d1a0ce16c8c5cdc71c27659f GIT binary patch literal 920 zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW6NxP$#b?ru1p1aqn$3D)YB{Qqo zjCvjz?|=HkE#3AN-xTZpws*U~)f@DZ{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({ zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOFD{5oE&78StJa^8n7$i2k94PWc<&xr*# z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx zk5XXYstAL9d+iK-w@u$FESybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw} Pd!}BnFF!b8N6JS4>O*3Z literal 0 HcmV?d00001 diff --git a/rheldup3.x509 b/rheldup3.x509 new file mode 100644 index 0000000000000000000000000000000000000000..5df3b4f30de160efb9bd4dfbe9b831ee44a74007 GIT binary patch literal 1198 zcmXqLVp(O-#4NOcnTe5!iId?z>lvMn2 z#^wgbMy60My`0g+xCl7_7+D#Zn;82U44N3bn3@dmh z!vdG3|0;V$ZnEg5ajZEll2;mR@wL@urt`Or%zJ9C?VT(A$fkG62bt;r`OFi~EIb~l z<&rtS8)w|#Kv!qQ3&uhNHe&*ln#F@XX?WP}(?tj|znsN2QnNwqA&i88Pl{7Wv zi0s?jcw^SC@Kv5_e^1!5^_iCM5Bm`;kSTp@vLox+z|>RL4ozSE@7|Z)cYE5~15d9r zf3ys?`QvqLy|vkD+xaIYkEDNf+^~1@42wPf|Bj`wzFB&D*6+hb6K-vvJ29i1VcUl0 zq@L&pdu28(wf5XsZoV(XoNK9e73=%N=^2Y-A5Mt7c1>x2z(sAPeYKwq_D1pMP0Z@+ z44ZCHD>8WrYvxnl{(Y9Y;!J7v%UEy6f7@i~%p&LVXWgfJLQL16Jb2BqOn&FtE8V3I zn|J$960KOM=Y6DKzjm$3zHBW`iK{P}m>C%u7snbz8}I?$Wr62!1ty~%stq%KUk|UJQ?XL= z?$;fAk4G{uU~63|QDu66e((pS#Qj{mWj-&Pce_tVMs-u$V&3WJc)wiGuqZ@P0gI*S{A{9m&1>-)Wng7=FnNZr~SSADzE z`FM5Za>G-0AsSCywAVQ9JizR7?q!%Tcl*z#XL3!Y%7=8$_x7!IcM#js)-=htyoX7> z>ip!lieA5N{C;V0W#@@UtjqOcy&G=7S>^x8FLsLX+Tv8TI$u5)Pv(B7r+zP-z2(dP zNL)O4a82vIH`9e5-h1||^w@{LheYd?i#}=m+Lpg~+S4mrH!aP6yzRWZTlTWaHMJVC zyUyK`eCe}d$t=0@KT%tq*UtaGdtZF(ypw!B3mHQg7v`-?7jAjC_N793+P+-2;s%L3 xC$5SesqfmFyu37k(1c-c6$+C196^D;7WvoaV&8JZXvu`!3T zFbiu3rKTu&B$g<+=9Q!t6%=I_rz-el=9N|`WEUisBxfiTXQt<6=A|oSr&by&87ROF z;$##PE>2BO%t`tXkcM%VqzX8&TDLLU~FUx<|$zSY-Cur_MUF}yRwy<27f+n7hK~wr6?mPnp0ia zO#<7tH0Rs=_y0FrZrPLN6%|z%*$g)6eBGQOC9APh#lLjbqcVo>yKIkDf|iOrauOH! zXN=04zCVFu?E~=yg*}mikJ@c>j_>ID=+e$9T==)F_We`sQx%E6VtpA8xLPkgzGwdM z;9cjJx1LvT zRA95t**@{Lqu|dyEp);^hnSg>|M;YTZLipRcl-Yfp3`6Kk21N$#5%$3 z=t;d^b=jEe>3>csZDC|EtI6eGX3A$`&mP%j$yx5sna}0=>O48d9cA%!~|-i(?I<4S0a5PgaJ&T}6j6PQB`6mqILDI@B5(Z)o*cG6rbzlN$WDvi^+~avx_@(yD zi6{BpWGBX~d@t^1|L!8IK+y!wQ0XblPMGv|{+@PzYc+?(uJY`snb+kCU#&HHx>;WK z^!4Mp-&|K5D5=yv^^|SB-FAodX)_uhxL#%XyiEIl=tjR>&0DXQu2yfFbG;%j%(rPn z?!Em9FQb+p>Fqw8_2FpG=X3gb_BZQ$&&})0pEI@c&eZvv1g3|tv(A1{Bw=)V6Gykn z=?{UoU$IX!TEJa-<$LnXljRYGdF9M6Yl9|SQd^YEC1|ACvOy>4=D+NlS#wr-`m|?t zN4EripRcU7^T(Xm|L6YiRpw;4U;g83iP1$FFkF z^PXB_dOBNVCciR7BQARQwXZ~CD k<{3+z;?eg4Pxel|&g~RC;X;_4(PtO2eQRg^ILWgO0MaGw8~^|S literal 0 HcmV?d00001 diff --git a/x509.genkey b/x509.genkey index d98f8fe..b1bbe38 100644 --- a/x509.genkey +++ b/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS Linux kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE -- Gitee