From ba8b59672fcd5038a1a2627a182ee8ea47ff4723 Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Thu, 17 Jul 2025 09:32:17 +0800
Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.62.1

to #ICMUM1

update to kernel-4.18.0-553.62.1 for CVE-2022-49058 CVE-2022-49788 CVE-2024-57980 CVE-2024-58002 CVE-2025-21991

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 download                                      |  4 +-
 kernel.spec                                   | 69 +++++++++++++++++--
 ...es-causes-kernel-compilation-to-fail.patch | 11 ---
 3 files changed, 64 insertions(+), 20 deletions(-)
 delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/download b/download
index c16e94e..a3bb8f2 100644
--- a/download
+++ b/download
@@ -1,3 +1,3 @@
-1ac43c54b7753109d797ddd0db655bde  kernel-abi-stablelists-4.18.0-553.tar.bz2
+d029616e4dee467c9597e0593706e62b  kernel-abi-stablelists-4.18.0-553.tar.bz2
 dacb6c59855053065f7f64fcfb9aa828  kernel-kabi-dw-4.18.0-553.tar.bz2
-fa039f9a4a98f6caced87d9f0fac8906  linux-4.18.0-553.58.1.el8_10.tar.xz
+3ff977a1a488eb8ce11d8b3f9de1bf94  linux-4.18.0-553.62.1.el8_10.tar.xz
diff --git a/kernel.spec b/kernel.spec
index 13cd629..43c53ef 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,6 +1,5 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
-%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -39,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.58.1.el8_10
+%define pkgrelease 553.62.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.58.1%{anolis_release}%{?dist}
+%define specrelease 553.62.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -545,7 +544,6 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
-Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1103,7 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
-%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2699,8 +2696,66 @@ fi
 #
 #
 %changelog
-* Mon Jul 07 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.58.1.0.1
-- kernel:repair dwarves causes kernel compilation to fail
+* Thu Jul 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.62.1.el8_10]
+- s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (David Hildenbrand) [RHEL-87557]
+- mm/slab: make __free(kfree) accept error pointers (Mark Langsdorf) [RHEL-84410]
+- driver core: fix potential NULL pointer dereference in dev_uevent() (Mark Langsdorf) [RHEL-84410]
+- driver core: introduce device_set_driver() helper (Mark Langsdorf) [RHEL-84410]
+- Revert "drivers: core: synchronize really_probe() and dev_uevent()" (Mark Langsdorf) [RHEL-84410]
+- cleanup: Add conditional guard helper (Mark Langsdorf) [RHEL-84410]
+- cleanup: Adjust scoped_guard() macros to avoid potential warning (Mark Langsdorf) [RHEL-84410]
+- cleanup: Remove address space of returned pointer (Mark Langsdorf) [RHEL-84410]
+- cleanup: Add usage and style documentation (Mark Langsdorf) [RHEL-84410]
+- file: add take_fd() cleanup helper (Mark Langsdorf) [RHEL-84410]
+- cleanup: Standardize the header guard define's name (Mark Langsdorf) [RHEL-84410]
+- cleanup: Add conditional guard support (Mark Langsdorf) [RHEL-84410]
+- cleanup: Make no_free_ptr() __must_check (Mark Langsdorf) [RHEL-84410]
+- locking: Introduce __cleanup() based infrastructure (Mark Langsdorf) [RHEL-84410]
+- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CKI Backport Bot) [RHEL-100343] {CVE-2022-49788}
+- media: uvcvideo: Announce the user our deprecation intentions (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Allow changing noparam on the fly (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Invert default value for nodrop module param (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Propagate buf->error to userspace (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Flush the control cache when we get an event (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Annotate lock requirements for uvc_ctrl_set (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Remove dangling pointers (Desnes Nunes) [RHEL-98760] {CVE-2024-58002}
+- media: uvcvideo: Remove redundant NULL assignment (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Only save async fh if success (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Refactor iterators (Desnes Nunes) [RHEL-98760]
+- media: uvcvideo: Fix double free in error path (CKI Backport Bot) [RHEL-98788] {CVE-2024-57980}
+- cifs: potential buffer overflow in handling symlinks (Paulo Alcantara) [RHEL-97074] {CVE-2022-49058}
+- Race between reading mdstat and stopping an md device (Nigel Croxon) [RHEL-95723]
+- fs/dcache: Control # of dentries in list_lru_node (Waiman Long) [RHEL-8578]
+- fs/dcache: Add sysctl parameter dentry-fs-klimit to control # of dentries in filesystem (Waiman Long) [RHEL-8578]
+- mm/list_lru: Make list_lru_add() return # if items in affected list_lru_node (Waiman Long) [RHEL-8578]
+
+* Thu Jul 03 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.61.1.el8_10]
+- s390: Add z17 elf platform (Christoph Schlameuss) [RHEL-100409]
+- ext4: ignore xattrs past end (CKI Backport Bot) [RHEL-100375] {CVE-2025-37738}
+- ext4: fix off-by-one error in do_split (CKI Backport Bot) [RHEL-100361] {CVE-2025-23150}
+- net: atm: fix use after free in lec_send() (CKI Backport Bot) [RHEL-93119] {CVE-2025-22004}
+- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CKI Backport Bot) [RHEL-98980] {CVE-2025-21991}
+
+* Thu Jun 26 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.60.1.el8_10]
+- xfs: don't allocate COW extents when unsharing a hole (Brian Foster) [RHEL-83037]
+- xfs: don't allocate into the data fork for an unshare request (Brian Foster) [RHEL-83037]
+- s390/ism: add release function for struct device (Mete Durlu) [RHEL-97192]
+- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (CKI Backport Bot) [RHEL-99113] {CVE-2022-49846}
+
+* Thu Jun 19 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.59.1.el8_10]
+- SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected (Olga Kornievskaia) [RHEL-83291]
+- SUNRPC: Set TCP_CORK until the transmit queue is empty (Olga Kornievskaia) [RHEL-83291]
+- tcp: add tcp_sock_set_cork (Olga Kornievskaia) [RHEL-83291]
+- xfs: xfs_ail_push_all_sync() stalls when racing with updates (Brian Foster) [RHEL-88132]
+- Bluetooth: Fix use after free in hci_send_acl (CKI Backport Bot) [RHEL-90428] {CVE-2022-49111}
+- Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: Cancel sync command before suspend and power off (David Marlin) [RHEL-90468] {CVE-2022-49136}
+- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set (CKI Backport Bot) [RHEL-90468] {CVE-2022-49136}
+- fix backport of "filelock: Remove locks reliably when fcntl/close race is detected" (Scott Mayhew) [RHEL-89709]
+- NFSv4: Allow FREE_STATEID to clean up delegations (Benjamin Coddington) [RHEL-86932]
+- NFSv4.1: constify the stateid argument in nfs41_test_stateid() (Trond Myklebust) [RHEL-86932]
 
 * Thu Jun 12 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.58.1.el8_10]
 - ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
deleted file mode 100644
index 74f4020..0000000
--- a/repair-dwarves-causes-kernel-compilation-to-fail.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
-+++ Makefile	2023-02-22 15:37:33.069118145 +0800
-@@ -378,7 +378,7 @@
- STRIP		= $(CROSS_COMPILE)strip
- OBJCOPY		= $(CROSS_COMPILE)objcopy
- OBJDUMP		= $(CROSS_COMPILE)objdump
--PAHOLE		= pahole
-+PAHOLE		= pahole --skip_encoding_btf_enum64
- RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
- LEX		= flex
- YACC		= bison
-- 
Gitee


From af70302f64fbf00339c6e183e17f5df3e53a2a38 Mon Sep 17 00:00:00 2001
From: liuxiaoping <lxp01404969@alibaba-inc.com>
Date: Wed, 22 Feb 2023 15:53:19 +0800
Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail

---
 kernel.spec                                           |  8 +++++++-
 ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/kernel.spec b/kernel.spec
index 43c53ef..8e658d3 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,5 +1,6 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
+%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -41,7 +42,7 @@
 %define pkgrelease 553.62.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.62.1%{?dist}
+%define specrelease 553.62.1%{anolis_release}%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -544,6 +545,7 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
+Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
+%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2696,6 +2699,9 @@ fi
 #
 #
 %changelog
+* Thu Jul 17 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.62.1.0.1
+- kernel:repair dwarves causes kernel compilation to fail
+
 * Thu Jul 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.62.1.el8_10]
 - s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (David Hildenbrand) [RHEL-87557]
 - mm/slab: make __free(kfree) accept error pointers (Mark Langsdorf) [RHEL-84410]
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
new file mode 100644
index 0000000..74f4020
--- /dev/null
+++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch
@@ -0,0 +1,11 @@
+--- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
++++ Makefile	2023-02-22 15:37:33.069118145 +0800
+@@ -378,7 +378,7 @@
+ STRIP		= $(CROSS_COMPILE)strip
+ OBJCOPY		= $(CROSS_COMPILE)objcopy
+ OBJDUMP		= $(CROSS_COMPILE)objdump
+-PAHOLE		= pahole
++PAHOLE		= pahole --skip_encoding_btf_enum64
+ RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
+ LEX		= flex
+ YACC		= bison
-- 
Gitee