From f9626397ef4ad727cf44cf1fcd9d3d37de472c52 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Wed, 27 Nov 2024 10:42:12 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.30.1.src.rpm to #bug12157 update to kernel-4.18.0-553.30.1.src.rpm for CVE-2024-27043 CVE-2024-27399 CVE-2024-38564 CVE-2024-46858 Project: TC2024080204 Signed-off-by: Zhao Hang --- download | 4 +- kernel.spec | 39 +++++++++++++++---- ...es-causes-kernel-compilation-to-fail.patch | 11 ------ 3 files changed, 34 insertions(+), 20 deletions(-) delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/download b/download index fef567b..74d92c1 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -30258db91934ca7712ca6473b4243e82 kernel-abi-stablelists-4.18.0-553.tar.bz2 +85f59f2ef31c6fa74796270d6ad4629e kernel-abi-stablelists-4.18.0-553.tar.bz2 559191ff3ea6f1f91b7d06563f479e39 kernel-kabi-dw-4.18.0-553.tar.bz2 -cd40522539ffc17b79e579f6f0699bac linux-4.18.0-553.27.1.el8_10.tar.xz +182e0cd6f5ea740cc2abf1b16f617c88 linux-4.18.0-553.30.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index a93179f..9c78f73 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.27.1.el8_10 +%define pkgrelease 553.30.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.27.1%{anolis_release}%{?dist} +%define specrelease 553.30.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -545,7 +544,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1103,7 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2699,8 +2696,36 @@ fi # # %changelog -* Wed Nov 06 2024 Xiaoping Liu - 4.18.0-553.27.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Fri Nov 15 2024 Denys Vlasenko [4.18.0-553.30.1.el8_10] +- media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043} +- blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200] +- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52684] +- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52684] +- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52684] +- smb: client: use actual path when queryfs (Paulo Alcantara) [RHEL-60363] +- cifs: Fix uninitialized memory reads for oparms.mode (Paulo Alcantara) [RHEL-60363] +- cifs: Fix uninitialized memory read for smb311 posix symlink create (Paulo Alcantara) [RHEL-60363] +- cifs: convert the path to utf16 in smb2_query_info_compound (Paulo Alcantara) [RHEL-60363] +- autofs: fix thinko in validate_dev_ioctl() (Ian Kent) [RHEL-62168] +- autofs: add per dentry expire timeout (Ian Kent) [RHEL-62168] +- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (Viktor Malik) [RHEL-44167] {CVE-2024-38564} + +* Thu Nov 07 2024 Denys Vlasenko [4.18.0-553.29.1.el8_10] +- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (cki-backport-bot) [RHEL-36372] {CVE-2024-27399} +- mptcp: pm: Fix uaf in __timer_delete_sync (Guillaume Nault) [RHEL-60614] {CVE-2024-46858} +- cifs: fix dfs link failover in cifs_tree_connect() (Paulo Alcantara) [RHEL-8002] + +* Thu Oct 31 2024 Denys Vlasenko [4.18.0-553.28.1.el8_10] +- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Mete Durlu) [RHEL-61702] +- smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-61400] +- smb: client: fix potential deadlock when releasing mids (Paulo Alcantara) [RHEL-61400] +- cifs: remove useless DeleteMidQEntry() (Paulo Alcantara) [RHEL-61400] +- Bluetooth: af_bluetooth: Fix deadlock (CKI Backport Bot) [RHEL-58991] +- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann) +- x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Nico Pache) [RHEL-26709] +- audit: Send netlink ACK before setting connection in auditd_set (Richard Guy Briggs) [RHEL-14004] +- KVM: selftests: x86: Fix test failure on arch lbr capable platforms (Maxim Levitsky) [RHEL-23999] +- raid1: fix use-after-free for original bio in raid1_write_request() (Nigel Croxon) [RHEL-55263] * Thu Oct 17 2024 Denys Vlasenko [4.18.0-553.27.1.el8_10] - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Waiman Long) [RHEL-62139] {CVE-2024-47668} diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison -- Gitee From 73c674e876d0c856e4f953b6dd8db71a92c7272d Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- kernel.spec | 8 +++++++- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/kernel.spec b/kernel.spec index 9c78f73..4ff38cb 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.30.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.30.1%{?dist} +%define specrelease 553.30.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -544,6 +545,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2696,6 +2699,9 @@ fi # # %changelog +* Wed Nov 27 2024 Xiaoping Liu - 4.18.0-553.30.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Fri Nov 15 2024 Denys Vlasenko [4.18.0-553.30.1.el8_10] - media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043} - blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200] diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison -- Gitee