Tree - rpms/kpatch-patch-4_18_0-348_12_2

rpms / kpatch-patch-4_18_0-348_12_2

Blame SPECS/kpatch-patch.spec

Blob History Raw

		d9953d	`# Set to 1 if building an empty subscription-only package.`
		23221e	`%define empty_package 0`
		d9953d
		d9953d	`#######################################################`
		d9953d	`# Only need to update these variables and the changelog`
		d9953d	`%define kernel_ver 4.18.0-348.12.2.el8_5`
		d9953d	`%define kpatch_ver 0.9.5`
		23221e	`%define rpm_ver 1`
		23221e	`%define rpm_rel 1`
		d9953d
		d9953d	`%if !%{empty_package}`
		d9953d	`# Patch sources below. DO NOT REMOVE THIS LINE.`
		23221e	`#`
		23221e	`# https://bugzilla.redhat.com/2031991`
		23221e	`Source100: CVE-2021-0920.patch`
		23221e	`#`
		23221e	`# https://bugzilla.redhat.com/2034618`
		23221e	`Source101: CVE-2021-4154.patch`
		23221e	`#`
		23221e	`# https://bugzilla.redhat.com/2044377`
		23221e	`Source102: CVE-2022-0330.patch`
		23221e	`#`
		23221e	`# https://bugzilla.redhat.com/2050135`
		23221e	`Source103: CVE-2022-0435.patch`
		23221e	`#`
		23221e	`# https://bugzilla.redhat.com/2052187`
		23221e	`Source104: CVE-2022-0492.patch`
		23221e	`#`
		23221e	`# https://bugzilla.redhat.com/2047620`
		23221e	`Source105: CVE-2022-22942.patch`
		d9953d	`# End of patch sources. DO NOT REMOVE THIS LINE.`
		d9953d	`%endif`
		d9953d
		d9953d	`%define sanitized_rpm_rel %{lua: print((string.gsub(rpm.expand("%rpm_rel"), "%.", "_")))}`
		d9953d	`%define sanitized_kernel_ver %{lua: print((string.gsub(string.gsub(rpm.expand("%kernel_ver"), '.el8_?\%d?', ""), "%.", "_")))}`
		d9953d	`%define kernel_ver_arch %{kernel_ver}.%{_arch}`
		d9953d
		d9953d	`Name: kpatch-patch-%{sanitized_kernel_ver}`
		d9953d	`Version: %{rpm_ver}`
		d9953d	`Release: %{rpm_rel}%{?dist}`
		d9953d
		d9953d	`%if %{empty_package}`
		d9953d	`Summary: Initial empty kpatch-patch for kernel-%{kernel_ver_arch}`
		d9953d	`%else`
		d9953d	`Summary: Live kernel patching module for kernel-%{kernel_ver_arch}`
		d9953d	`%endif`
		d9953d
		d9953d	`Group: System Environment/Kernel`
		d9953d	`License: GPLv2`
		d9953d	`ExclusiveArch: x86_64 ppc64le`
		d9953d
		d9953d	`Conflicts: %{name} < %{version}-%{release}`
		d9953d
		d9953d	`Provides: kpatch-patch = %{kernel_ver_arch}`
		d9953d	`Provides: kpatch-patch = %{kernel_ver}`
		d9953d
		d9953d	`%if !%{empty_package}`
		d9953d	`Requires: systemd`
		d9953d	`%endif`
		d9953d	`Requires: kpatch >= 0.6.1-1`
		d9953d	`Requires: kernel-uname-r = %{kernel_ver_arch}`
		d9953d
		d9953d	`%if !%{empty_package}`
		d9953d	`BuildRequires: patchutils`
		d9953d	`BuildRequires: kernel-devel = %{kernel_ver}`
		d9953d	`BuildRequires: kernel-debuginfo = %{kernel_ver}`
		d9953d
		d9953d	`# kernel build requirements, generated from:`
		d9953d	`# % rpmspec -q --buildrequires kernel.spec \| sort \| awk '{print "BuildRequires:\t" $0}'`
		d9953d	`# with arch-specific packages moved into conditional block`
		d9953d	`BuildRequires: asciidoc audit-libs-devel bash bc binutils binutils-devel bison bzip2 diffutils elfutils elfutils-devel findutils flex gawk gcc gettext git gzip hmaccalc hostname kmod m4 make ncurses-devel net-tools newt-devel numactl-devel openssl openssl-devel patch pciutils-devel perl-Carp perl-devel perl(ExtUtils::Embed) perl-generators perl-interpreter python3-devel python3-docutils redhat-rpm-config rpm-build sh-utils tar xmlto xz xz-devel zlib-devel java-devel kabi-dw`
		d9953d
		d9953d	`%ifarch x86_64`
		d9953d	`BuildRequires: pesign >= 0.10-4`
		d9953d	`%endif`
		d9953d
		d9953d	`%ifarch ppc64le`
		d9953d	`BuildRequires: gcc-plugin-devel`
		d9953d	`%endif`
		d9953d
		d9953d	`Source0: https://github.com/dynup/kpatch/archive/v%{kpatch_ver}.tar.gz`
		d9953d
		d9953d	`Source10: kernel-%{kernel_ver}.src.rpm`
		d9953d
		d9953d	`# kpatch-build patches`
		d9953d
		d9953d	`%global _dupsign_opts --keyname=rhelkpatch1`
		d9953d
		d9953d	`%define builddir %{_builddir}/kpatch-%{kpatch_ver}`
		d9953d	`%define kpatch %{_sbindir}/kpatch`
		d9953d	`%define kmoddir %{_usr}/lib/kpatch/%{kernel_ver_arch}`
		d9953d	`%define kinstdir %{_sharedstatedir}/kpatch/%{kernel_ver_arch}`
		d9953d	`%define patchmodname kpatch-%{sanitized_kernel_ver}-%{version}-%{sanitized_rpm_rel}`
		d9953d	`%define patchmod %{patchmodname}.ko`
		d9953d
		d9953d	`%define _missing_build_ids_terminate_build 1`
		d9953d	`%define _find_debuginfo_opts -r`
		d9953d	`%undefine _include_minidebuginfo`
		d9953d	`%undefine _find_debuginfo_dwz_opts`
		d9953d
		d9953d	`%description`
		d9953d	`This is a kernel live patch module which can be loaded by the kpatch`
		d9953d	`command line utility to modify the code of a running kernel. This patch`
		d9953d	`module is targeted for kernel-%{kernel_ver}.`
		d9953d
		d9953d	`%prep`
		d9953d	`%autosetup -n kpatch-%{kpatch_ver} -p1`
		d9953d
		d9953d	`%build`
		d9953d	`kdevdir=/usr/src/kernels/%{kernel_ver_arch}`
		d9953d	`vmlinux=/usr/lib/debug/lib/modules/%{kernel_ver_arch}/vmlinux`
		d9953d
		d9953d	`# kpatch-build`
		d9953d	`make -C kpatch-build`
		d9953d
		d9953d	`# patch module`
		d9953d	`for i in %{sources}; do`
		d9953d	`[[ $i == *.patch ]] && patch_sources="$patch_sources $i"`
		d9953d	`done`
		d9953d	`export CACHEDIR="%{builddir}/.kpatch"`
		d9953d	`kpatch-build/kpatch-build --non-replace -n %{patchmodname} -r %{SOURCE10} -v $vmlinux --skip-cleanup $patch_sources \|\| { cat "${CACHEDIR}/build.log"; exit 1; }`
		d9953d
		d9953d
		d9953d	`%install`
		d9953d	`installdir=%{buildroot}/%{kmoddir}`
		d9953d	`install -d $installdir`
		d9953d	`install -m 755 %{builddir}/%{patchmod} $installdir`
		d9953d
		d9953d
		d9953d	`%files`
		d9953d	`%{_usr}/lib/kpatch`
		d9953d
		d9953d
		d9953d	`%post`
		d9953d	`%{kpatch} install -k %{kernel_ver_arch} %{kmoddir}/%{patchmod}`
		d9953d	`chcon -t modules_object_t %{kinstdir}/%{patchmod}`
		d9953d	`sync`
		d9953d	`if [[ %{kernel_ver_arch} = $(uname -r) ]]; then`
		d9953d	`cver="%{rpm_ver}_%{rpm_rel}"`
		d9953d	`pname=$(echo "kpatch_%{sanitized_kernel_ver}" \| sed 's/-/_/')`
		d9953d
		d9953d	`lver=$({ %{kpatch} list \| sed -nr "s/^${pname}_([0-9_]+)\ \[enabled\]$/\1/p"; echo "${cver}"; } \| sort -V \| tail -1)`
		d9953d
		d9953d	`if [ "${lver}" != "${cver}" ]; then`
		d9953d	`echo "WARNING: at least one loaded kpatch-patch (${pname}_${lver}) has a newer version than the one being installed."`
		d9953d	`echo "WARNING: You will have to reboot to load a downgraded kpatch-patch"`
		d9953d	`else`
		d9953d	`%{kpatch} load %{patchmod}`
		d9953d	`fi`
		d9953d	`fi`
		d9953d	`exit 0`
		d9953d
		d9953d
		d9953d	`%postun`
		d9953d	`%{kpatch} uninstall -k %{kernel_ver_arch} %{patchmod}`
		d9953d	`sync`
		d9953d	`exit 0`
		d9953d
		d9953d	`%else`
		d9953d	`%description`
		d9953d	`This is an empty kpatch-patch package which does not contain any real patches.`
		d9953d	`It is only a method to subscribe to the kpatch stream for kernel-%{kernel_ver}.`
		d9953d
		d9953d	`%files`
		d9953d	`%doc`
		d9953d	`%endif`
		d9953d
		d9953d	`%changelog`
		23221e	`* Fri Mar 04 2022 Yannick Cote <ycote@redhat.com> [1-1.el8_5]`
		23221e	`- kernel: failing usercopy allows for use-after-free exploitation [2047620] {CVE-2022-22942}`
		23221e	`- kernel: cgroups v1 release_agent feature may allow privilege escalation [2052187] {CVE-2022-0492}`
		23221e	`- kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS [2050135] {CVE-2022-0435}`
		23221e	`- kernel: possible privileges escalation due to missing TLB flush [2044377] {CVE-2022-0330}`
		23221e	`- kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout [2034618] {CVE-2021-4154}`
		23221e	`- kernel: Use After Free in unix_gc() which could result in a local privilege escalation [2031991] {CVE-2021-0920}`
		23221e
		d9953d	`* Mon Jan 17 2022 Joe Lawrence <joe.lawrence@redhat.com> [0-0.el8]`
		d9953d	`- An empty patch to subscribe to kpatch stream for kernel-4.18.0-348.12.2.el8_5 [2041612]`

rpms / kpatch-patch-4_18_0-348_12_2

Source Code

Blame SPECS/kpatch-patch.spec