From 7e380b4f98f6db4a0affa092a8319f9b6b16eada Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Fri, 13 Dec 2024 16:21:57 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.32.1.el8_10 to #IBB5K5 update to kernel-4.18.0-553.32.1.el8_10 for CVE-2024-46695 CVE-2024-49949 CVE-2024-50082 CVE-2024-50099 CVE-2024-50110 CVE-2024-50142 CVE-2024-50192 CVE-2024-50256 CVE-2024-50264 Project: TC2024080204 Signed-off-by: Zhao Hang --- download | 4 +- kernel.spec | 51 ++++++++++++++++--- ...es-causes-kernel-compilation-to-fail.patch | 11 ---- 3 files changed, 46 insertions(+), 20 deletions(-) delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/download b/download index 74d92c1..59600d8 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -85f59f2ef31c6fa74796270d6ad4629e kernel-abi-stablelists-4.18.0-553.tar.bz2 +3b177bbe46d9eb465549cc79177b9ca8 kernel-abi-stablelists-4.18.0-553.tar.bz2 559191ff3ea6f1f91b7d06563f479e39 kernel-kabi-dw-4.18.0-553.tar.bz2 -182e0cd6f5ea740cc2abf1b16f617c88 linux-4.18.0-553.30.1.el8_10.tar.xz +0d2554e5babb463fe7ad5b0ae7416b22 linux-4.18.0-553.32.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index 4ff38cb..305465b 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.30.1.el8_10 +%define pkgrelease 553.32.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.30.1%{anolis_release}%{?dist} +%define specrelease 553.32.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -545,7 +544,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1103,7 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2699,8 +2696,48 @@ fi # # %changelog -* Wed Nov 27 2024 Xiaoping Liu - 4.18.0-553.30.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Fri Nov 29 2024 Denys Vlasenko [4.18.0-553.32.1.el8_10] +- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192} +- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192} +- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082} +- gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869] +- Revert "GFS2: Don't add all glocks to the lru" (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869] +- gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869] +- gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869] +- gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869] +- KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080] +- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264} +- md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585] + +* Fri Nov 22 2024 Denys Vlasenko [4.18.0-553.31.1.el8_10] +- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110} +- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256} +- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862] +- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862] +- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988] +- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988] +- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988] +- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988] +- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988] +- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988] +- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988] +- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695} +- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823] +- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823] +- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099} +- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949} +- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142} * Fri Nov 15 2024 Denys Vlasenko [4.18.0-553.30.1.el8_10] - media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043} diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison -- Gitee From 4b451fc2f2e94f3179f53b902dc31fe612b718e8 Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- kernel.spec | 8 +++++++- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/kernel.spec b/kernel.spec index 305465b..729201e 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.32.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.32.1%{?dist} +%define specrelease 553.32.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -544,6 +545,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2696,6 +2699,9 @@ fi # # %changelog +* Fri Dec 13 2024 Xiaoping Liu - 4.18.0-553.32.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Fri Nov 29 2024 Denys Vlasenko [4.18.0-553.32.1.el8_10] - irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192} - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192} diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison -- Gitee