From ddff9dae11a16dea4a8a3ef2f9584837e116e89a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 06 2021 13:36:26 +0000 Subject: import kernel-4.18.0-240.22.1.el8_3 --- diff --git a/.gitignore b/.gitignore index 6b4ba25..efd2ac3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/kernel-abi-whitelists-4.18.0-240.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-240.tar.bz2 -SOURCES/linux-4.18.0-240.15.1.el8_3.tar.xz +SOURCES/linux-4.18.0-240.22.1.el8_3.tar.xz diff --git a/.kernel.metadata b/.kernel.metadata index 984e112..67893bf 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,3 +1,3 @@ 8d861248716a82a9ff7442c6150f5f9eccbb3243 SOURCES/kernel-abi-whitelists-4.18.0-240.tar.bz2 59861274c73f8acc9a5c9da435ab98c09e54fac8 SOURCES/kernel-kabi-dw-4.18.0-240.tar.bz2 -739e4f419150e689df825fea0e95265daf19abee SOURCES/linux-4.18.0-240.15.1.el8_3.tar.xz +d1132506a764b24d29154fcf4e06ee4da77faab6 SOURCES/linux-4.18.0-240.22.1.el8_3.tar.xz diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der deleted file mode 100644 index 44a2563..0000000 Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem deleted file mode 100644 index 82ad817..0000000 --- a/SOURCES/centos.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0 -MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln -bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK -PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+ -RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc -4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9 -hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp -9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB -AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN -BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6 -8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5 -ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7 -04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq -KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf -ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um -OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0 -MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl -eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P -CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl -hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+ -lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2 -F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ -yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw -DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6 -mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG -SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl -NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5 -8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM -MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs -lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0 -9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W ------END CERTIFICATE----- diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der deleted file mode 100644 index 321c4ec..0000000 --- a/SOURCES/centossecureboot001.der +++ /dev/null @@ -1,81 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b6:16:15:71:72:fb:31:7e - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org - Validity - Not Before: Aug 1 11:47:30 2018 GMT - Not After : Dec 31 11:47:30 2037 GMT - Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa: - 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51: - cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2: - 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3: - 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0: - bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18: - 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97: - a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57: - 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35: - 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0: - aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65: - 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46: - f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f: - 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2: - 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4: - 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28: - 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef: - 94:0f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: - Digital Signature - X509v3 Subject Key Identifier: - F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29 - X509v3 Authority Key Identifier: - keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3 - - Signature Algorithm: sha256WithRSAEncryption - 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c: - dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da: - 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b: - 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a: - 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e: - b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef: - f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f: - 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56: - a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30: - 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a: - ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97: - 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c: - 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77: - da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71: - da:7f:89:1d ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx -NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg -BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4 -MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP -f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2 -bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/ -VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR -pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud -EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb -Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B -AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G -1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV -IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv -0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ -+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD -bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ== ------END CERTIFICATE----- diff --git a/SOURCES/centossecureboot201.der b/SOURCES/centossecureboot201.der deleted file mode 100644 index f9d9675..0000000 --- a/SOURCES/centossecureboot201.der +++ /dev/null @@ -1,84 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 93:c2:04:d8:bd:77:6b:11 - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot CA 2/emailAddress=security@centos.org - Validity - Not Before: Jun 9 10:04:20 2020 GMT - Not After : Jan 18 10:04:20 2038 GMT - Subject: CN=CentOS Secure Boot Signing 201/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9e:ef:fe:76:1c:9f:9b:3e:f2:e4:c5:29:bd:19: - 32:01:59:f3:e6:99:fa:eb:b5:f8:94:0c:95:3a:65: - 5e:b1:72:d0:50:3e:70:64:8a:1a:d1:f6:4d:af:6d: - 57:ee:40:71:40:09:dd:30:0c:81:a1:8b:26:63:12: - 07:bf:e1:d1:45:9f:9b:09:a6:57:98:9e:ef:97:e9: - bd:68:38:ea:aa:63:92:2e:0d:2f:8e:fb:be:88:40: - 9b:59:e3:bc:b7:6f:e3:bb:6b:1e:6e:9e:ee:57:b8: - 28:c6:d5:d6:bf:47:a6:e9:38:a9:8f:08:73:98:49: - a8:58:d2:62:73:f1:1e:44:d4:88:3d:f9:aa:43:e2: - 72:2e:d7:43:3e:1d:b6:65:f6:d1:2e:ef:31:cb:9f: - 5e:e3:d4:ea:3c:23:9a:07:af:f9:4a:ee:43:9a:75: - 06:ed:9a:54:2c:ed:5b:ca:85:a5:10:16:cd:30:64: - ea:d5:27:7e:23:f6:fc:ec:69:a9:43:2f:78:73:6b: - 33:78:8b:f8:54:db:3f:ce:95:a4:5a:04:9a:15:49: - 98:cd:34:7c:c7:8c:a9:8a:32:82:ae:c0:d6:34:93: - e7:d2:54:82:45:ee:eb:54:9a:96:d4:da:4b:24:f8: - 09:56:d8:cd:7f:ec:7b:f3:bd:db:9b:8c:b6:18:87: - fa:07 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: critical - Code Signing - X509v3 Subject Key Identifier: - 5D:4B:64:F2:FA:63:1E:5E:5F:DB:AA:DC:14:67:C6:6C:99:21:7A:22 - X509v3 Authority Key Identifier: - keyid:70:00:7F:99:20:9C:12:6B:E1:47:74:EA:EC:7B:6D:96:31:F3:4D:CA - - Signature Algorithm: sha256WithRSAEncryption - 39:4b:b5:cc:37:3f:cd:db:84:0f:63:7c:c4:e4:53:fb:5e:fd: - db:12:19:23:6f:0a:50:14:fd:4f:7c:f9:87:3d:f9:6d:5b:af: - 07:a5:94:34:1b:84:07:f4:f1:a0:de:cc:73:87:99:31:c3:93: - 66:c0:bc:f2:0f:b2:69:65:8e:da:b9:1a:8e:ae:38:56:f3:7c: - 5a:8d:29:0d:3d:ad:84:e7:86:31:a2:8e:2a:a8:f8:f8:f7:87: - 32:65:5d:81:47:53:b8:40:c5:1b:a7:46:1f:b0:60:a7:b4:97: - 89:51:26:3c:de:46:b9:14:d5:a0:7d:99:cc:a7:7e:ed:89:18: - 02:ce:e6:07:45:49:e2:04:7d:5b:03:65:ec:e6:c3:86:0d:82: - 31:24:45:51:ec:15:ad:31:83:a8:1c:6e:52:4d:b8:0f:5d:0b: - e4:7b:51:49:39:46:8a:0b:fd:0c:46:af:b4:19:65:0f:12:f1: - fc:ee:fd:6b:4f:df:9a:73:7c:e0:c8:3d:c3:d5:b5:ab:4a:86: - 36:97:e8:89:fb:af:f4:f1:c2:05:5d:17:fb:b6:df:a5:0e:45: - 89:db:89:99:93:ce:f0:4e:e9:9c:f4:4a:03:b0:6e:be:a2:69: - ab:b1:f3:3b:ed:c7:97:f4:0e:0a:53:27:5a:7e:70:9a:35:ea: - 7a:76:d1:bc ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIJAJPCBNi9d2sRMA0GCSqGSIb3DQEBCwUAMEYxIDAeBgNV -BAMMF0NlbnRPUyBTZWN1cmUgQm9vdCBDQSAyMSIwIAYJKoZIhvcNAQkBFhNzZWN1 -cml0eUBjZW50b3Mub3JnMB4XDTIwMDYwOTEwMDQyMFoXDTM4MDExODEwMDQyMFow -TTEnMCUGA1UEAwweQ2VudE9TIFNlY3VyZSBCb290IFNpZ25pbmcgMjAxMSIwIAYJ -KoZIhvcNAQkBFhNzZWN1cml0eUBjZW50b3Mub3JnMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAnu/+dhyfmz7y5MUpvRkyAVnz5pn667X4lAyVOmVesXLQ -UD5wZIoa0fZNr21X7kBxQAndMAyBoYsmYxIHv+HRRZ+bCaZXmJ7vl+m9aDjqqmOS -Lg0vjvu+iECbWeO8t2/ju2sebp7uV7goxtXWv0em6TipjwhzmEmoWNJic/EeRNSI -PfmqQ+JyLtdDPh22ZfbRLu8xy59e49TqPCOaB6/5Su5DmnUG7ZpULO1byoWlEBbN -MGTq1Sd+I/b87GmpQy94c2szeIv4VNs/zpWkWgSaFUmYzTR8x4ypijKCrsDWNJPn -0lSCRe7rVJqW1NpLJPgJVtjNf+x7873bm4y2GIf6BwIDAQABo3gwdjAMBgNVHRMB -Af8EAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAd -BgNVHQ4EFgQUXUtk8vpjHl5f26rcFGfGbJkheiIwHwYDVR0jBBgwFoAUcAB/mSCc -EmvhR3Tq7HttljHzTcowDQYJKoZIhvcNAQELBQADggEBADlLtcw3P83bhA9jfMTk -U/te/dsSGSNvClAU/U98+Yc9+W1brwellDQbhAf08aDezHOHmTHDk2bAvPIPsmll -jtq5Go6uOFbzfFqNKQ09rYTnhjGijiqo+Pj3hzJlXYFHU7hAxRunRh+wYKe0l4lR -JjzeRrkU1aB9mcynfu2JGALO5gdFSeIEfVsDZezmw4YNgjEkRVHsFa0xg6gcblJN -uA9dC+R7UUk5RooL/QxGr7QZZQ8S8fzu/WtP35pzfODIPcPVtatKhjaX6In7r/Tx -wgVdF/u236UORYnbiZmTzvBO6Zz0SgOwbr6iaaux8zvtx5f0DgpTJ1p+cJo16np2 -0bw= ------END CERTIFICATE----- diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der deleted file mode 100644 index 42bdfcf..0000000 Binary files a/SOURCES/centossecurebootca2.der and /dev/null differ diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch deleted file mode 100644 index 5592a59..0000000 --- a/SOURCES/debrand-rh-i686-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700 -@@ -147,7 +147,7 @@ void main(void) - - /* Make sure we have all the proper CPU support */ - if (validate_cpu()) { -- puts("This processor is not supported in this version of RHEL.\n"); -+ puts("This processor is not supported in this version of CentOS Linux.\n"); - die(); - } - diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch deleted file mode 100644 index 74f2e15..0000000 --- a/SOURCES/debrand-rh_taint.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/kernel/rh_taint.c 2020-10-16 10:41:51.000000000 -0500 -+++ b/kernel/rh_taint.c 2020-11-19 10:50:24.853039167 -0600 -@@ -2,12 +2,12 @@ - #include - - /* -- * The following functions are used by Red Hat to indicate to users that -- * hardware and drivers are unsupported, or have limited support in RHEL major -+ * The following functions are used by CentOS Linux to indicate to users that -+ * hardware and drivers are unsupported, or have limited support in CentOS Linux major - * and minor releases. These functions output loud warning messages to the end - * user and should be USED WITH CAUTION. - * -- * Any use of these functions _MUST_ be documented in the RHEL Release Notes, -+ * Any use of these functions _MUST_ be documented in the CentOS Linux Release Notes, - * and have approval of management. - */ - -@@ -16,15 +16,15 @@ - * @msg: Hardware name, class, or type - * - * Called to mark a device, class of devices, or types of devices as not having -- * support in any RHEL minor release. This does not TAINT the kernel. Red Hat -- * will not fix bugs against this hardware in this minor release. Red Hat may -+ * support in any CentOS Linux minor release. This does not TAINT the kernel. CentOS Linux -+ * will not fix bugs against this hardware in this minor release. CentOS Linux may - * declare support in a future major or minor update release. This cannot be - * used to mark drivers unsupported. - */ - void mark_hardware_unsupported(const char *msg) - { - /* Print one single message */ -- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); -+ pr_crit("Warning: %s - this hardware has not undergone testing by CentOS Linux and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_unsupported); - -@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported) - * Called to minimize the support status of a previously supported device in - * a minor release. This does not TAINT the kernel. Marking hardware - * deprecated is usually done in conjunction with the hardware vendor. Future -- * RHEL major releases may not include this driver. Driver updates and fixes -+ * CentOS Linux major releases may not include this driver. Driver updates and fixes - * for this device will be limited to critical issues in future minor releases. - */ - void mark_hardware_deprecated(const char *msg) - { -- pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); -+ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this CentOS Linux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact CentOS Linux Support or your device's hardware vendor for additional information.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_deprecated); - -@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated); - * - * Called to minimize the support status of a new driver. This does TAINT the - * kernel. Calling this function indicates that the driver or subsystem has -- * had limited testing and is not marked for full support within this RHEL -- * minor release. The next RHEL minor release may contain full support for -- * this driver. Red Hat does not guarantee that bugs reported against this -+ * had limited testing and is not marked for full support within this CentOS Linux -+ * minor release. The next CentOS Linux minor release may contain full support for -+ * this driver. CentOS Linux does not guarantee that bugs reported against this - * driver or subsystem will be resolved. - */ - void mark_tech_preview(const char *msg, struct module *mod) -@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview); - * mark_driver_unsupported - drivers that we know we don't want to support - * @name: the name of the driver - * -- * In some cases Red Hat has chosen to build a driver for internal QE -+ * In some cases CentOS Linux has chosen to build a driver for internal QE - * use. Use this function to mark those drivers as unsupported for - * customers. - */ - void mark_driver_unsupported(const char *name) - { -- pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", -+ pr_crit("Warning: %s - This driver has not undergone sufficient testing by CentOS Linux for this release and therefore cannot be used in production systems.\n", - name ? name : "kernel"); - } - EXPORT_SYMBOL(mark_driver_unsupported); diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch deleted file mode 100644 index b3eed51..0000000 --- a/SOURCES/debrand-single-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 -@@ -900,7 +900,7 @@ static void rh_check_supported(void) - if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !guest && is_kdump_kernel()) { - pr_crit("Detected single cpu native boot.\n"); -- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In CentOS Linux 8, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); - } - - /* diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index dbfe9a7..b1bbe38 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 3914ded..543e4fb 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -19,7 +19,7 @@ %global distro_build 240 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 aarch64 +%ifarch x86_64 aarch64 s390x ppc64le %global signkernel 1 %else %global signkernel 0 @@ -42,10 +42,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 240.15.1.el8_3 +%define pkgrelease 240.22.1.el8_3 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 240.15.1%{?dist} +%define specrelease 240.22.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -53,10 +53,9 @@ # should not be exported to RPM provides %global __provides_exclude_from ^%{_libexecdir}/kselftests -# What parts do we want to build? We must build at least one kernel. -# These are the kernels that are built IF the architecture allows it. -# All should default to 1 (enabled) and be flipped to 0 (disabled) -# by later arch-specific checks. +# What parts do we want to build? These are the kernels that are built IF the +# architecture allows it. All should default to 1 (enabled) and be flipped to +# 0 (disabled) by later arch-specific checks. %define _with_kabidupchk 1 # The following build options are enabled by default. @@ -446,34 +445,44 @@ Source9: x509.genkey %if %{?released_kernel} -Source10: centossecurebootca2.der -Source11: centos-ca-secureboot.der -Source12: centossecureboot201.der -Source13: centossecureboot001.der +Source10: redhatsecurebootca5.cer +Source11: redhatsecurebootca3.cer +Source12: redhatsecureboot501.cer +Source13: redhatsecureboot301.cer +Source14: secureboot_s390.cer +Source15: secureboot_ppc.cer %define secureboot_ca_0 %{SOURCE11} %define secureboot_ca_1 %{SOURCE10} %ifarch x86_64 aarch64 %define secureboot_key_0 %{SOURCE13} -%define pesign_name_0 centossecureboot001 +%define pesign_name_0 redhatsecureboot301 %define secureboot_key_1 %{SOURCE12} -%define pesign_name_1 centossecureboot201 +%define pesign_name_1 redhatsecureboot501 +%endif +%ifarch s390x +%define secureboot_key_0 %{SOURCE14} +%define pesign_name_0 redhatsecureboot302 +%endif +%ifarch ppc64le +%define secureboot_key_0 %{SOURCE15} +%define pesign_name_0 redhatsecureboot303 %endif # released_kernel %else -Source11: centossecurebootca2.der -Source12: centos-ca-secureboot.der -Source13: centossecureboot201.der -Source14: centossecureboot001.der +Source11: redhatsecurebootca4.cer +Source12: redhatsecurebootca2.cer +Source13: redhatsecureboot401.cer +Source14: redhatsecureboot003.cer %define secureboot_ca_0 %{SOURCE12} %define secureboot_ca_1 %{SOURCE11} %define secureboot_key_0 %{SOURCE14} -%define pesign_name_0 centossecureboot001 +%define pesign_name_0 redhatsecureboot003 %define secureboot_key_1 %{SOURCE13} -%define pesign_name_1 centossecureboot201 +%define pesign_name_1 redhatsecureboot401 # released_kernel %endif @@ -530,24 +539,18 @@ Source400: mod-kvm.list Source2000: cpupower.service Source2001: cpupower.config -Source9000: centos.pem - ## Patches needed for building this package # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -Patch1002: debrand-rh-i686-cpu.patch - # END OF PATCH DEFINITIONS BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for CentOS. -It is based on upstream Linux at version %{version} and maintains kABI +This is the package which provides the Linux %{name} for Red Hat Enterprise +Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means this is not a %{version} kernel anymore: it includes several components which come @@ -555,7 +558,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in CentOS, enhancements for +updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc. # @@ -796,12 +799,12 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-whitelists -Summary: The CentOS kernel ABI symbol whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n %{name}-abi-whitelists -The kABI package contains information pertaining to the CentOS -kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the Red Hat Enterprise +Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -810,8 +813,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the CentOS -kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the Red Hat Enterprise +Linux kernel, suitable for the kabi-dw tool. %endif # @@ -883,7 +886,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ %{nil} # @@ -1081,14 +1084,10 @@ ApplyOptionalPatch() } %setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c -cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch ApplyOptionalPatch linux-kernel-test.patch # END OF PATCH APPLICATIONS @@ -1187,39 +1186,22 @@ cp_vmlinux() eu-strip --remove-comment -o "$2" "$1" } -BuildKernel() { - MakeTarget=$1 - KernelImage=$2 - Flavour=$4 - DoVDSO=$3 - Flav=${Flavour:++${Flavour}} - InstallName=${5:-vmlinuz} +InitBuildVars() { + # Initialize the kernel .config file and create some variables that are + # needed for the actual build process. - DoModules=1 - if [ "$Flavour" = "zfcpdump" ]; then - DoModules=0 - fi + Flavour=$1 + Flav=${Flavour:++${Flavour}} - # Pick the right config file for the kernel we're building + # Pick the right kernel config file Config=%{name}-%{version}-%{_target_cpu}${Flavour:+-${Flavour}}.config DevelDir=/usr/src/kernels/%{KVERREL}${Flav} - # When the bootable image is just the ELF kernel, strip it. - # We already copy the unstripped file into the debuginfo package. - if [ "$KernelImage" = vmlinux ]; then - CopyKernel=cp_vmlinux - else - CopyKernel=cp - fi - KernelVer=%{version}-%{release}.%{_target_cpu}${Flav} - echo BUILDING A KERNEL FOR ${Flavour} %{_target_cpu}... # make sure EXTRAVERSION says what we want it to say perl -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}.%{_target_cpu}${Flav}/" Makefile - # and now to start the build process - %{make} -s %{?_smp_mflags} mrproper cp configs/$Config .config @@ -1236,6 +1218,32 @@ BuildKernel() { if [ "$Flavour" == "" ]; then KCFLAGS="$KCFLAGS %{?kpatch_kcflags}" fi +} + +BuildKernel() { + MakeTarget=$1 + KernelImage=$2 + Flavour=$4 + DoVDSO=$3 + Flav=${Flavour:++${Flavour}} + InstallName=${5:-vmlinuz} + + DoModules=1 + if [ "$Flavour" = "zfcpdump" ]; then + DoModules=0 + fi + + # When the bootable image is just the ELF kernel, strip it. + # We already copy the unstripped file into the debuginfo package. + if [ "$KernelImage" = vmlinux ]; then + CopyKernel=cp_vmlinux + else + CopyKernel=cp + fi + + InitBuildVars $Flavour + + echo BUILDING A KERNEL FOR ${Flavour} %{_target_cpu}... %{make} -s ARCH=$Arch oldnoconfig >/dev/null %{make} -s ARCH=$Arch V=1 %{?_smp_mflags} KCFLAGS="$KCFLAGS" WITH_GCOV="%{?with_gcov}" $MakeTarget %{?sparse_mflags} %{?kernel_mflags} @@ -1756,6 +1764,14 @@ BuildKernel %make_target %kernel_image %{with_vdso_install} zfcpdump BuildKernel %make_target %kernel_image %{with_vdso_install} %endif +%ifnarch noarch i686 +%if !%{with_debug} && !%{with_zfcpdump} && !%{with_up} +# If only building the user space tools, then initialize the build environment +# and some variables so that the various userspace tools can be built. +InitBuildVars +%endif +%endif + %global perf_make \ make EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags}" %{?cross_opts} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 LIBBPF_DYNAMIC=1 prefix=%{_prefix} PYTHON=%{__python3} %if %{with_perf} @@ -2568,8 +2584,95 @@ fi # # %changelog -* Tue Feb 16 2021 CentOS Sources - 4.18.0-240.15.1.el8.centos -- Apply debranding changes +* Thu Mar 25 2021 Frantisek Hrbata [4.18.0-240.22.1.el8_3] +- futex: Handle faults correctly for PI futexes (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Simplify fixup_pi_state_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Use pi_state_update_owner() in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Provide and use pi_state_update_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Replace pointless printk in fixup_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Ensure the correct return value from futex_lock_pi() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Don't enable IRQs unconditionally in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Fix incorrect should_fail_futex() handling (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Consistently use fshared as boolean (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Remove needless goto's (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- futex: Remove put_futex_key() (Waiman Long) [1924633 1924635] {CVE-2021-3347} +- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930832 1930833] {CVE-2021-27364} +- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930855 1930856] {CVE-2021-27365} +- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1940423 1930809] {CVE-2021-27363} + +* Wed Mar 17 2021 Frantisek Hrbata [4.18.0-240.21.1.el8_3] +- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (Paolo Bonzini) [1939013 1912448] +- gfs2: Fix deadlock between gfs2_{create_inode, inode_lookup} and delete_work_func (Andreas Gruenbacher) [1937109 1903190] +- gfs2: Don't call cancel_delayed_work_sync from within delete work function (Andreas Gruenbacher) [1937109 1903190] +- gfs2: Only access gl_delete for iopen glocks (Andreas Gruenbacher) [1937109 1903190] +- gfs2: Don't sleep during glock hash walk (Andreas Gruenbacher) [1937109 1903190] +- [netdrv] net/mlx5e: Add missing set of destination vport flags in termtbl create (Alaa Hleihel) [1924689 1851700] +- [tools] tools arch x86: Sync asm/cpufeatures.h with the kernel sources (David Arcari) [1929740 1916478] +- [x86] x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [1929740 1916478] + +* Mon Mar 15 2021 Frantisek Hrbata [4.18.0-240.20.1.el8_3] +- fix regression in "epoll: Keep a reference on files added to the check list" (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466} +- do_epoll_ctl(): clean the failure exits up a bit (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466} +- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466} +- [kernel] sched/features: Distinguish between NORMAL and DEADLINE hrtick (Juri Lelli) [1930735 1912118] +- [kernel] sched/features: Fix hrtick reprogramming (Juri Lelli) [1930735 1912118] +- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Vitaly Kuznetsov) [1932199 1887216] +- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (Vitaly Kuznetsov) [1932199 1887216] +- iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu (Vitaly Kuznetsov) [1932199 1887216] +- net/vmw_vsock: fix NULL pointer dereference (Jon Maloy) [1925599 1925600] {CVE-2021-26708} +- net/vmw_vsock: improve locking in vsock_connect_timeout() (Jon Maloy) [1925599 1925600] {CVE-2021-26708} +- vsock: fix locking in vsock_shutdown() (Jon Maloy) [1925599 1925600] {CVE-2021-26708} +- vsock: fix the race conditions in multi-transport support (Jon Maloy) [1925599 1925600] {CVE-2021-26708} +- [base] mm: don't panic when links can't be created in sysfs (Baoquan He) [1930168 1890171] +- mm: don't rely on system state to detect hot-plug operations (Baoquan He) [1930168 1890171] +- mm: replace memmap_context by meminit_context (Baoquan He) [1930168 1890171] +- [tools] kvm: nvmx: check for invalid hdr.vmx.flags (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nvmx: check for required but missing VMCS12 in KVM_SET_NESTED_STATE (Paolo Bonzini) [1923281 1904128] +- [tools] selftests: kvm: do not set guest mode flag (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: svm: Fix offset computation bug in __sev_dbg_decrypt() (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nvmx: Sync unsync'd vmcs02 state to vmcs12 on migration (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: get smi pending status correctly (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: Add more protection against undefined behavior in rsvd_bits() (Paolo Bonzini) [1923281 1904128] +- [documentation] kvm: Forbid the use of tagged userspace addresses for memslots (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nsvm: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nsvm: mark vmcb as dirty when forcingly leaving the guest mode (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nsvm: correctly restore nested_run_pending on migration (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: fix shift out of bounds reported by UBSAN (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (Paolo Bonzini) [1923281 1904128] +- [target] scsi: target: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900462 1900463] {CVE-2020-28374} +- scsi: qla2xxx: Fix mailbox Ch erroneous error (Nilesh Javali) [1924222 1894578] +- [net] fix iteration for sctp transport seq_files (Xin Long) [1927521 1916824] +- [scsi] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (Dick Kennedy) [1927921 1887549] +- [mm] mm, oom: remove oom_lock from oom_reaper (Waiman Long) [1929738 1873759] + +* Thu Mar 11 2021 Frantisek Hrbata [4.18.0-240.19.1.el8_3] +- audit: trigger accompanying records when no rules present (Richard Guy Briggs) [1907520 1896480] +- revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") (Richard Guy Briggs) [1907520 1896480] +- audit: issue CWD record to accompany LSM_AUDIT_DATA_* records (Richard Guy Briggs) [1907520 1896480] +- audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs (Richard Guy Briggs) [1907520 1896480] +- redhat: use tags from git notes for zstream to generate changelog (Frantisek Hrbata) + +* Wed Feb 24 2021 Frantisek Hrbata [4.18.0-240.18.1.el8_3] +- [scsi] scsi: fnic: Do not call 'scsi_done()' for unhandled commands (Govindarajulu Varadarajan) [1925186 1870397] +- [target] scsi: target: iscsi: Fix cmd abort fabric stop race (Maurizio Lombardi) [1918354 1908215] +- [target] scsi: target: Modify core_tmr_abort_task() (Maurizio Lombardi) [1918363 1880395] +- [s390] s390/crypto: add arch_get_random_long() support (Vladis Dronov) [1915816 1904274] + +* Wed Feb 17 2021 Frantisek Hrbata [4.18.0-240.17.1.el8_3] +- [mm] mm/slub: fix panic in slab_alloc_node() (Oleksandr Natalenko) [1925511 1921056] +- [s390] s390/early: improve machine detection (Claudio Imbrenda) [1925508 1896307] +- [infiniband] RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (Kamal Heib) [1924691 1903992] + +* Wed Feb 10 2021 Frantisek Hrbata [4.18.0-240.16.1.el8_3] +- [netdrv] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats() (Alaa Hleihel) [1921060 1870593] +- [net] tcp: Fix potential use-after-free due to double kfree() (Florian Westphal) [1915529 1915164] +- [net] tcp: fix race condition when creating child sockets from syncookies (Florian Westphal) [1915529 1915164] +- [x86] kvm: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [1906438 1882793] * Wed Feb 03 2021 Frantisek Hrbata [4.18.0-240.15.1.el8_3] - [x86] kvm: svm: Initialize prev_ga_tag before use (Vitaly Kuznetsov) [1919885 1909254]