From 86f7dd24bafbbe017f5a27dedb515335a8af659f Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 16 Jul 2025 11:54:23 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.60.1 to #ICMN81 update to kernel-4.18.0-553.60.1 for CVE-2022-49111 CVE-2022-49136 CVE-2022-49846 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 4 +-- kernel.spec | 29 ++++++++++++++----- ...es-causes-kernel-compilation-to-fail.patch | 11 ------- 3 files changed, 24 insertions(+), 20 deletions(-) delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/download b/download index c16e94e..97d3b69 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -1ac43c54b7753109d797ddd0db655bde kernel-abi-stablelists-4.18.0-553.tar.bz2 +fc550c9b2b93a28403024e7b17ac7e72 kernel-abi-stablelists-4.18.0-553.tar.bz2 dacb6c59855053065f7f64fcfb9aa828 kernel-kabi-dw-4.18.0-553.tar.bz2 -fa039f9a4a98f6caced87d9f0fac8906 linux-4.18.0-553.58.1.el8_10.tar.xz +787cac094f3cb83a08251e0adc16b978 linux-4.18.0-553.60.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index 13cd629..d1d371a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.58.1.el8_10 +%define pkgrelease 553.60.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.58.1%{anolis_release}%{?dist} +%define specrelease 553.60.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -545,7 +544,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1103,7 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2699,8 +2696,26 @@ fi # # %changelog -* Mon Jul 07 2025 Xiaoping Liu - 4.18.0-553.58.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Thu Jun 26 2025 Denys Vlasenko [4.18.0-553.60.1.el8_10] +- xfs: don't allocate COW extents when unsharing a hole (Brian Foster) [RHEL-83037] +- xfs: don't allocate into the data fork for an unshare request (Brian Foster) [RHEL-83037] +- s390/ism: add release function for struct device (Mete Durlu) [RHEL-97192] +- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (CKI Backport Bot) [RHEL-99113] {CVE-2022-49846} + +* Thu Jun 19 2025 Denys Vlasenko [4.18.0-553.59.1.el8_10] +- SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected (Olga Kornievskaia) [RHEL-83291] +- SUNRPC: Set TCP_CORK until the transmit queue is empty (Olga Kornievskaia) [RHEL-83291] +- tcp: add tcp_sock_set_cork (Olga Kornievskaia) [RHEL-83291] +- xfs: xfs_ail_push_all_sync() stalls when racing with updates (Brian Foster) [RHEL-88132] +- Bluetooth: Fix use after free in hci_send_acl (CKI Backport Bot) [RHEL-90428] {CVE-2022-49111} +- Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (David Marlin) [RHEL-90468] {CVE-2022-49136} +- Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER (David Marlin) [RHEL-90468] {CVE-2022-49136} +- Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running (David Marlin) [RHEL-90468] {CVE-2022-49136} +- Bluetooth: Cancel sync command before suspend and power off (David Marlin) [RHEL-90468] {CVE-2022-49136} +- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set (CKI Backport Bot) [RHEL-90468] {CVE-2022-49136} +- fix backport of "filelock: Remove locks reliably when fcntl/close race is detected" (Scott Mayhew) [RHEL-89709] +- NFSv4: Allow FREE_STATEID to clean up delegations (Benjamin Coddington) [RHEL-86932] +- NFSv4.1: constify the stateid argument in nfs41_test_stateid() (Trond Myklebust) [RHEL-86932] * Thu Jun 12 2025 Denys Vlasenko [4.18.0-553.58.1.el8_10] - ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764} diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison -- Gitee From e991e34641b5f68a29e46173c424d9d401cd9f0e Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- kernel.spec | 8 +++++++- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/kernel.spec b/kernel.spec index d1d371a..f0c46e9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.60.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.60.1%{?dist} +%define specrelease 553.60.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -544,6 +545,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2696,6 +2699,9 @@ fi # # %changelog +* Wed Jul 16 2025 Xiaoping Liu - 4.18.0-553.60.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Thu Jun 26 2025 Denys Vlasenko [4.18.0-553.60.1.el8_10] - xfs: don't allocate COW extents when unsharing a hole (Brian Foster) [RHEL-83037] - xfs: don't allocate into the data fork for an unshare request (Brian Foster) [RHEL-83037] diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison -- Gitee