From 84589414564d1e5527071fba6c697e5553a54e29 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Thu, 7 Aug 2025 09:16:59 +0800 Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.66.1 to #ICRP6J update to kernel-4.18.0-553.66.1 for CVE-2022-50020 CVE-2025-21928 CVE-2025-22020 CVE-2025-37890 CVE-2025-38052 CVE-2025-38079 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 4 +-- kernel.spec | 29 ++++++++++++++----- ...es-causes-kernel-compilation-to-fail.patch | 11 ------- 3 files changed, 24 insertions(+), 20 deletions(-) delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/download b/download index ef5bc7c..0dba963 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -4f15e3c78f668c32bef2f2061a3833fc kernel-abi-stablelists-4.18.0-553.tar.bz2 +bb2a15373d399432d4670f42b239c56a kernel-abi-stablelists-4.18.0-553.tar.bz2 dacb6c59855053065f7f64fcfb9aa828 kernel-kabi-dw-4.18.0-553.tar.bz2 -87385d7e44b384fe26853fa58b170fdb linux-4.18.0-553.64.1.el8_10.tar.xz +791dda89a9f40cc474d03e09776e8ee9 linux-4.18.0-553.66.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index 3069882..38a067d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.64.1.el8_10 +%define pkgrelease 553.66.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.64.1%{anolis_release}%{?dist} +%define specrelease 553.66.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -550,7 +549,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1108,7 +1106,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2708,8 +2705,26 @@ fi # # %changelog -* Tue Jul 29 2025 Xiaoping Liu - 4.18.0-553.64.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Mon Jul 28 2025 Denys Vlasenko [4.18.0-553.66.1.el8_10] +- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} +- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000} +- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CKI Backport Bot) [RHEL-105415] {CVE-2025-37890} +- sch_hfsc: make hfsc_qlen_notify() idempotent (Xin Long) [RHEL-105415] +- crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102223] {CVE-2025-38079} +- Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-100698] {CVE-2025-22077} +- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-100698] +- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-100698] +- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-100698] {CVE-2024-54680} +- smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-100698] {CVE-2024-53095} +- smb: client: fix warning in generic_ip_connect() (Paulo Alcantara) [RHEL-100698] +- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103079] +- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103079] {CVE-2025-38052} +- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CKI Backport Bot) [RHEL-99013] {CVE-2025-22020} +- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98837] {CVE-2025-21928} + +* Thu Jul 24 2025 Denys Vlasenko [4.18.0-553.65.1.el8_10] +- x86/alternatives: avoid mapping FIX_TEXT_POKE1 page when it is not required (Rafael Aquini) [RHEL-95422] +- ext4: avoid resizing to a partial cluster size (CKI Backport Bot) [RHEL-101423] {CVE-2022-50020} * Wed Jul 23 2025 Denys Vlasenko [4.18.0-553.64.1.el8_10] - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CKI Backport Bot) [RHEL-100387] {CVE-2025-21919} diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f4020..0000000 --- a/repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison -- Gitee From b399f3694407c6130de86229f1a05204cfd639ce Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Wed, 22 Feb 2023 15:53:19 +0800 Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail --- ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++ kernel.spec | 8 +++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch new file mode 100644 index 0000000..74f4020 --- /dev/null +++ b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch @@ -0,0 +1,11 @@ +--- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 ++++ Makefile 2023-02-22 15:37:33.069118145 +0800 +@@ -378,7 +378,7 @@ + STRIP = $(CROSS_COMPILE)strip + OBJCOPY = $(CROSS_COMPILE)objcopy + OBJDUMP = $(CROSS_COMPILE)objdump +-PAHOLE = pahole ++PAHOLE = pahole --skip_encoding_btf_enum64 + RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids + LEX = flex + YACC = bison diff --git a/kernel.spec b/kernel.spec index 38a067d..d85f65f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,5 +1,6 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} +%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -41,7 +42,7 @@ %define pkgrelease 553.66.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.66.1%{?dist} +%define specrelease 553.66.1%{anolis_release}%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -549,6 +550,7 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1106,6 +1108,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2705,6 +2708,9 @@ fi # # %changelog +* Thu Aug 07 2025 Xiaoping Liu - 4.18.0-553.66.1.0.1 +- kernel:repair dwarves causes kernel compilation to fail + * Mon Jul 28 2025 Denys Vlasenko [4.18.0-553.66.1.el8_10] - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000} -- Gitee