Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedora

author: Thorsten Leemhuis <fedora@leemhuis.info> 2019-11-22 17:15:14 +0100
committer: Thorsten Leemhuis <fedora@leemhuis.info> 2019-11-22 17:15:14 +0100
commit: fc10a67441c62a88e7e4055423c0fb11f1928dfe (patch)
tree: 406da91a6f1f74e31747fab9bdbbd51f2ce9a44f /kernel.spec
parent: 698074117f5e5d1f0d32a5581f21440c29b5f2d7 (diff)
parent: 97bb52b5db0b55b977f75767aa40ffafaf7289e2 (diff)
download: kernel-fc10a67441c62a88e7e4055423c0fb11f1928dfe.tar.gz
kernel-fc10a67441c62a88e7e4055423c0fb11f1928dfe.tar.xz
kernel-fc10a67441c62a88e7e4055423c0fb11f1928dfe.zip
1 files changed, 71 insertions, 7 deletions
diff --git a/kernel.spec b/kernel.spec
index 4f9224654..888164e2c 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -79,7 +79,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 1
+%global baserelease 2
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -112,7 +112,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %global rcrev 8
 # The git snapshot level
-%define gitrev 0
+%define gitrev 1
 # Set rpm version accordingly
 %define rpmversion 5.%{upstream_sublevel}.0
 %endif
@@ -199,7 +199,7 @@ Summary: The Linux kernel
 # Set debugbuildsenabled to 1 for production (build separate debug kernels)
 #  and 0 for rawhide (all kernels are debug kernels).
 # See also 'make debug' and 'make release'.
-%define debugbuildsenabled 1
+%define debugbuildsenabled 0
 
 %if 0%{?fedora}
 # Kernel headers are being split out into a separate package
@@ -827,6 +827,46 @@ Patch504: 0001-mm-kmemleak-skip-late_init-if-not-skip-disable.patch
 # https://lkml.org/lkml/2019/8/29/1772
 Patch505: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch
 
+# CVE-2019-19071 rhbz 1774949 1774950
+Patch509: rsi-release-skb-if-rsi_prepare_beacon-fails.patch
+
+# CVE-2019-19070 rhbz 1774957 1774958
+Patch510: spi-gpio-prevent-memory-leak-in-spi_gpio_probe.patch
+
+# CVE-2019-19068 rhbz 1774963 1774965
+Patch511: rtl8xxxu-prevent-leaking-urb.patch
+
+# CVE-2019-19043 rhbz 1774972 1774973
+Patch512: net-next-v2-9-9-i40e-prevent-memory-leak-in-i40e_setup_macvlans.patch
+
+# CVE-2019-19066 rhbz 1774976 1774978
+Patch513: scsi-bfa-release-allocated-memory-in-case-of-error.patch
+
+# CVE-2019-19046 rhbz 1774988 1774989
+Patch514: ipmi-Fix-memory-leak-in-__ipmi_bmc_register.patch
+
+# CVE-2019-19050 rhbz 1774998 1775002
+# CVE-2019-19062 rhbz 1775021 1775023
+Patch515: crypto-user-fix-memory-leak-in-crypto_reportstat.patch
+
+# CVE-2019-19064 rhbz 1775010 1775011
+Patch516: spi-lpspi-fix-memory-leak-in-fsl_lpspi_probe.patch
+
+# CVE-2019-19063 rhbz 1775015 1775016
+Patch517: rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch
+
+# CVE-2019-19057 rhbz 1775050 1775051
+Patch520: mwifiex-pcie-Fix-memory-leak-in-mwifiex_pcie_init_evt_ring.patch
+
+# CVE-2019-19053 rhbz 1775956 1775110
+Patch521: rpmsg-char-release-allocated-memory.patch
+
+# CVE-2019-19056 rhbz 1775097 1775115
+Patch522: mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_alloc_cmdrsp_buf.patch
+
+# CVE-2019-19054 rhbz 1775063 1775117
+Patch524: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1620,12 +1660,8 @@ BuildKernel() {
     fi
 
     %ifarch x86_64 aarch64
-    %if 0%{?fedora}
-    %pesign -s -i $KernelImage -o vmlinuz.signed
-    %else
     %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca} -c %{secureboot_key} -n %{pesign_name}
     %endif
-    %endif
     %ifarch s390x ppc64le
     if [ -x /usr/bin/rpm-sign ]; then
 	rpm-sign --key "%{pesign_name}" --lkmsign $SignImage --output vmlinuz.signed
@@ -2532,6 +2568,34 @@ fi
 #
 #
 %changelog
+* Fri Nov 22 2019 Laura Abbott <labbott@redhat.com> - 5.4.0-0.rc8.git1.2
+- bump and build to test new configs
+
+* Fri Nov 22 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc8.git1.1
+- Linux v5.4-rc8-15-g81429eb8d9ca
+
+* Fri Nov 22 2019 Jeremy Cline <jcline@redhat.com>
+- Reenable debugging options.
+
+* Thu Nov 21 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.3.12-300
+- Fix CVE-2019-19071 (rhbz 1774949 1774950)
+- Fix CVE-2019-19070 (rhbz 1774957 1774958)
+- Fix CVE-2019-19068 (rhbz 1774963 1774965)
+- Fix CVE-2019-19043 (rhbz 1774972 1774973)
+- Fix CVE-2019-19066 (rhbz 1774976 1774978)
+- Fix CVE-2019-19046 (rhbz 1774988 1774989)
+- Fix CVE-2019-19050 (rhbz 1774998 1775002)
+- Fix CVE-2019-19062 (rhbz 1775021 1775023)
+- Fix CVE-2019-19064 (rhbz 1775010 1775011)
+- Fix CVE-2019-19063 (rhbz 1775015 1775016)
+- Fix CVE-2019-19057 (rhbz 1775050 1775051)
+- Fix CVE-2019-19053 (rhbz 1775956 1775110)
+- Fix CVE-2019-19056 (rhbz 1775097 1775115)
+- Fix CVE-2019-19054 (rhbz 1775063 1775117)
+
+* Wed Nov 20 2019 Laura Abbott <labbott@redhat.com> - 5.4.0-0.rc8.git0.2
+- bump and build to check the pesign
+
 * Mon Nov 18 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc8.git0.1
 - Linux v5.4-rc8
author	Thorsten Leemhuis <fedora@leemhuis.info>	2019-11-22 17:15:14 +0100
committer	Thorsten Leemhuis <fedora@leemhuis.info>	2019-11-22 17:15:14 +0100
commit	fc10a67441c62a88e7e4055423c0fb11f1928dfe (patch)
tree	406da91a6f1f74e31747fab9bdbbd51f2ce9a44f /kernel.spec
parent	698074117f5e5d1f0d32a5581f21440c29b5f2d7 (diff)
parent	97bb52b5db0b55b977f75767aa40ffafaf7289e2 (diff)
download	kernel-fc10a67441c62a88e7e4055423c0fb11f1928dfe.tar.gz kernel-fc10a67441c62a88e7e4055423c0fb11f1928dfe.tar.xz kernel-fc10a67441c62a88e7e4055423c0fb11f1928dfe.zip