From 074ed8e5c289cd7e04429eaeee6938ffcd4d3171 Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Thu, 15 May 2025 10:02:13 +0800
Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.52.1

to #IC7X4Q

update to kernel-4.18.0-553.52.1 for CVE-2022-49011 CVE-2024-53141

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 download                                      |  6 ++---
 kernel.spec                                   | 26 +++++++++++++------
 ...es-causes-kernel-compilation-to-fail.patch | 11 --------
 3 files changed, 21 insertions(+), 22 deletions(-)
 delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/download b/download
index bbe160f..50510cb 100644
--- a/download
+++ b/download
@@ -1,3 +1,3 @@
-2dbb57e5a178f1d357cc370b799598ce  kernel-abi-stablelists-4.18.0-553.tar.bz2
-559191ff3ea6f1f91b7d06563f479e39  kernel-kabi-dw-4.18.0-553.tar.bz2
-aee73a9937451c09a0084146de731637  linux-4.18.0-553.51.1.el8_10.tar.xz
+071345164f1399488763702dfde08b49  kernel-abi-stablelists-4.18.0-553.tar.bz2
+dacb6c59855053065f7f64fcfb9aa828  kernel-kabi-dw-4.18.0-553.tar.bz2
+270e6f930afc7323822108af09dcf02d  linux-4.18.0-553.52.1.el8_10.tar.xz
diff --git a/kernel.spec b/kernel.spec
index 24449b9..3a8e944 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,6 +1,5 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
-%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -39,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.51.1.el8_10
+%define pkgrelease 553.52.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.51.1%{anolis_release}%{?dist}
+%define specrelease 553.52.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -545,7 +544,6 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
-Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -577,7 +575,7 @@ Provides: kernel-drm-nouveau = 16\
 Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 Requires(pre): %{kernel_prereq}\
 Requires(pre): %{initrd_prereq}\
-Requires(pre): linux-firmware >= 20200619-99.git3890db36\
+Requires(pre): linux-firmware >= 20220713-109.gitdfa29317\
 %ifnarch s390x\
 Requires(pre): ((grub2 >= 2.02-99) if grub2)\
 Requires(pre): ((grub2-efi >= 2.02-99) if grub2-efi)\
@@ -1103,7 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
-%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2699,8 +2696,21 @@ fi
 #
 #
 %changelog
-* Tue May 06 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.51.1.0.1
-- kernel:repair dwarves causes kernel compilation to fail
+* Thu May 01 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.52.1.el8_10.gfd1b]
+- netfilter: ipset: add missing range check in bitmap_ip_uadt (Florian Westphal) [RHEL-70268] {CVE-2024-53141}
+- NFS: Extend rdirplus mount option with "force|none" (Benjamin Coddington) [RHEL-16285]
+- idpf: trigger SW interrupt when exiting wb_on_itr mode (Michal Schmidt) [RHEL-73266]
+- idpf: add support for SW triggered interrupts (Michal Schmidt) [RHEL-73266]
+- idpf: fix VF dynamic interrupt ctl register initialization (Michal Schmidt) [RHEL-73266]
+- idpf: enable WB_ON_ITR (Michal Schmidt) [RHEL-73266]
+- redhat: require recent enough linux-firmware for qed (Denys Vlasenko) [RHEL-6342]
+- gfs2: deallocate inodes in gfs2_create_inode (Andreas Gruenbacher) [RHEL-7875]
+- gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc (Andreas Gruenbacher) [RHEL-7875]
+- gfs2: Move gfs2_dinode_dealloc (Andreas Gruenbacher) [RHEL-7875]
+- gfs2: Don't reread inodes unnecessarily (Andreas Gruenbacher) [RHEL-7875]
+- gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) [RHEL-7875]
+- gfs2: No longer use 'extern' in function declarations (Andreas Gruenbacher) [RHEL-7875]
+- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (CKI Backport Bot) [RHEL-63668] {CVE-2022-49011}
 
 * Thu Apr 24 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.51.1.el8_10]
 - x86/xen: use the whole RCX when picking the right hypercall function (Vitaly Kuznetsov) [RHEL-87072]
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
deleted file mode 100644
index 74f4020..0000000
--- a/repair-dwarves-causes-kernel-compilation-to-fail.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
-+++ Makefile	2023-02-22 15:37:33.069118145 +0800
-@@ -378,7 +378,7 @@
- STRIP		= $(CROSS_COMPILE)strip
- OBJCOPY		= $(CROSS_COMPILE)objcopy
- OBJDUMP		= $(CROSS_COMPILE)objdump
--PAHOLE		= pahole
-+PAHOLE		= pahole --skip_encoding_btf_enum64
- RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
- LEX		= flex
- YACC		= bison
-- 
Gitee


From 151fd4d6e5fae957765505ed0e406829ab5c1c0f Mon Sep 17 00:00:00 2001
From: liuxiaoping <lxp01404969@alibaba-inc.com>
Date: Wed, 22 Feb 2023 15:53:19 +0800
Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail

---
 kernel.spec                                           |  8 +++++++-
 ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/kernel.spec b/kernel.spec
index 3a8e944..3266b3b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,5 +1,6 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
+%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -41,7 +42,7 @@
 %define pkgrelease 553.52.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.52.1%{?dist}
+%define specrelease 553.52.1%{anolis_release}%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -544,6 +545,7 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
+Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
+%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2696,6 +2699,9 @@ fi
 #
 #
 %changelog
+* Thu May 15 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.52.1.0.1
+- kernel:repair dwarves causes kernel compilation to fail
+
 * Thu May 01 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.52.1.el8_10.gfd1b]
 - netfilter: ipset: add missing range check in bitmap_ip_uadt (Florian Westphal) [RHEL-70268] {CVE-2024-53141}
 - NFS: Extend rdirplus mount option with "force|none" (Benjamin Coddington) [RHEL-16285]
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
new file mode 100644
index 0000000..74f4020
--- /dev/null
+++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch
@@ -0,0 +1,11 @@
+--- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
++++ Makefile	2023-02-22 15:37:33.069118145 +0800
+@@ -378,7 +378,7 @@
+ STRIP		= $(CROSS_COMPILE)strip
+ OBJCOPY		= $(CROSS_COMPILE)objcopy
+ OBJDUMP		= $(CROSS_COMPILE)objdump
+-PAHOLE		= pahole
++PAHOLE		= pahole --skip_encoding_btf_enum64
+ RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
+ LEX		= flex
+ YACC		= bison
-- 
Gitee