diff --git a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch b/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch deleted file mode 100644 index 74f402038ee3b15bfdede0d6239196b0261b33b0..0000000000000000000000000000000000000000 --- a/1000-repair-dwarves-causes-kernel-compilation-to-fail.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig 2022-10-07 22:45:37.000000000 +0800 -+++ Makefile 2023-02-22 15:37:33.069118145 +0800 -@@ -378,7 +378,7 @@ - STRIP = $(CROSS_COMPILE)strip - OBJCOPY = $(CROSS_COMPILE)objcopy - OBJDUMP = $(CROSS_COMPILE)objdump --PAHOLE = pahole -+PAHOLE = pahole --skip_encoding_btf_enum64 - RESOLVE_BTFIDS = $(objtree)/tools/bpf/resolve_btfids/resolve_btfids - LEX = flex - YACC = bison diff --git a/download b/download index 6edd98da4b7926978750142a4b0b6ee2512f6be7..9ab0a1a883f5c886c079aa358f23db9229405af3 100644 --- a/download +++ b/download @@ -1,3 +1,3 @@ -e8477f2d6aa843cc1c56cf17fd148ca5 kernel-abi-stablelists-4.18.0-553.tar.bz2 +7a5ad3900479b371e0ca11610884aa87 kernel-abi-stablelists-4.18.0-553.tar.bz2 dacb6c59855053065f7f64fcfb9aa828 kernel-kabi-dw-4.18.0-553.tar.bz2 -bd0e3e4cf3d14c4b738312ab7694dfe2 linux-4.18.0-553.74.1.el8_10.tar.xz +cedd04251f74e0601bef9d62fa987db6 linux-4.18.0-553.77.1.el8_10.tar.xz diff --git a/kernel.spec b/kernel.spec index 6741f157bc8fa4d62277bcfb95a96994e5b1caa0..3f7e294aae90c51a92913521f64cbad2238c2366 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,5 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre} -%define anolis_release .0.1 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio # compression for rpms (xz, level 2). @@ -39,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.74.1.el8_10 +%define pkgrelease 553.77.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.74.1%{anolis_release}%{?dist} +%define specrelease 553.77.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -550,7 +549,6 @@ Source4001: rpminspect.yaml # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: 1000-repair-dwarves-causes-kernel-compilation-to-fail.patch # END OF PATCH DEFINITIONS @@ -1108,7 +1106,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch -%patch1000 -p0 -b .1000-repair-dwarves-causes-kernel-compilation-to-fail # END OF PATCH APPLICATIONS @@ -2708,8 +2705,47 @@ fi # # %changelog -* Thu Sep 11 2025 Xiaoping Liu - 4.18.0-553.74.1.0.1 -- kernel:repair dwarves causes kernel compilation to fail +* Thu Sep 18 2025 Denys Vlasenko [4.18.0-553.77.1.el8_10] +- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797} +- net_sched: hfsc: Fix a UAF vulnerability in class handling (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797} +- net: openvswitch: Fix the dead loop of MPLS parse (Aaron Conole) [RHEL-95609] +- sctp: linearize cloned gso packets in sctp_rcv (CKI Backport Bot) [RHEL-113329] {CVE-2025-38718} +- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-109394] {CVE-2022-50087} +- nfsd: don't ignore the return code of svc_proc_register() (Olga Kornievskaia) [RHEL-111639] {CVE-2025-22026} + +* Sun Sep 14 2025 Denys Vlasenko [4.18.0-553.76.1.el8_10] +- HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498} +- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498} +- xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193] +- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461} + +* Tue Sep 09 2025 Denys Vlasenko [4.18.0-553.75.1.el8_10] +- Revert "module, async: async_synchronize_full() on module init iff async is used" (Herton R. Krzesinski) [RHEL-99812] +- mm/page_alloc: make sure free_pcppages_bulk() bails when given count < 0 (Rafael Aquini) [RHEL-85453] +- sch_cbq: make cbq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] +- net/sched: ets: use old 'nbands' while purging unused classes (Ivan Vecera) [RHEL-107541] {CVE-2025-38350} +- net_sched: sch_ets: implement lockless ets_dump() (Ivan Vecera) [RHEL-107541] {CVE-2025-38350} +- net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93376] {CVE-2025-38350} +- net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107541] {CVE-2025-38107} +- sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-37953} +- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93376] {CVE-2025-37798} +- sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-38350} +- sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-38350} +- sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-37932} +- idpf: convert control queue mutex to a spinlock (CKI Backport Bot) [RHEL-106049] {CVE-2025-38392} +- drm/framebuffer: Acquire internal references on GEM handles (Anusha Srivatsa) [RHEL-106684] {CVE-2025-38449} +- drm/gem: Acquire references on GEM handles for framebuffers (Anusha Srivatsa) [RHEL-106684] {CVE-2025-38449} +- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (partial) (Luis Claudio R. Goncalves) [RHEL-95713] +- vmxnet3: disable rx data ring on dma allocation failure (Michal Schmidt) [RHEL-106160] +- xfs: fix error returns from xfs_bmapi_write (Carlos Maiolino) [RHEL-93655] +- xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space (Carlos Maiolino) [RHEL-93655] +- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (CKI Backport Bot) [RHEL-112239] {CVE-2023-53125} +- net: usb: smsc75xx: Limit packet length to skb->len (CKI Backport Bot) [RHEL-112239] {CVE-2023-53125} +- PCI: Support BAR sizes up to 8TB (Myron Stowe) [RHEL-106671] * Sun Sep 07 2025 Denys Vlasenko [4.18.0-553.74.1.el8_10] - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [RHEL-112775] {CVE-2025-38352} diff --git a/linux-4.18.0-553.77.1.el8_10.tar.xz b/linux-4.18.0-553.77.1.el8_10.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..236fd3dddeb5186fc0a4d8bcb95af2af00927650 Binary files /dev/null and b/linux-4.18.0-553.77.1.el8_10.tar.xz differ