From c89ab676098cb5fdcbd596de4be665ea65f7e705 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 25 Nov 2019 10:35:44 -0500 Subject: Fixup missing keys These were missing from the sync up. Also fix a duplicate file. --- kernel.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'kernel.spec') diff --git a/kernel.spec b/kernel.spec index 1a75dcae8..b575499c1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -596,12 +596,22 @@ Source11: x509.genkey.fedora Source12: securebootca.cer Source13: secureboot.cer +Source14: secureboot_s390.cer +Source15: secureboot_ppc.cer %define secureboot_ca %{SOURCE12} %ifarch x86_64 aarch64 %define secureboot_key %{SOURCE13} %define pesign_name redhatsecureboot301 %endif +%ifarch s390x +%define secureboot_key %{SOURCE14} +%define pesign_name redhatsecureboot302 +%endif +%ifarch ppc64le +%define secureboot_key %{SOURCE15} +%define pesign_name redhatsecureboot303 +%endif %else # released_kernel @@ -614,7 +624,7 @@ Source13: redhatsecureboot003.cer %endif # released_kernel -Source15: mod-extra.list.rhel +Source22: mod-extra.list.rhel Source16: mod-extra.list.fedora Source17: mod-extra.sh Source18: mod-sign.sh -- cgit From 0b30cc5df58af3a1385f218163d33634b51ed67f Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 25 Nov 2019 14:57:11 -0500 Subject: Remove extra files from being packaged This commit was missed --- kernel.spec | 3 --- 1 file changed, 3 deletions(-) (limited to 'kernel.spec') diff --git a/kernel.spec b/kernel.spec index b575499c1..a3e123536 100644 --- a/kernel.spec +++ b/kernel.spec @@ -2522,9 +2522,6 @@ fi %{expand:%%files %{?3:%{3}-}modules-extra}\ %config(noreplace) /etc/modprobe.d/*-blacklist.conf\ /lib/modules/%{KVERREL}%{?3:+%{3}}/extra\ -%%defattr(-,root,root)\ -%defverify(not mtime)\ -/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ %{expand:%%files %{?3:%{3}-}modules-internal}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/internal\ %if %{with_debuginfo}\ -- cgit From 786bb94902ac99e68472d9d15462177418976504 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 25 Nov 2019 15:01:47 -0500 Subject: bump and build to pick up fixes --- kernel.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'kernel.spec') diff --git a/kernel.spec b/kernel.spec index a3e123536..8ff38b9b1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -2558,6 +2558,9 @@ fi # # %changelog +* Mon Nov 25 2019 Laura Abbott - 5.4.0-2 +- bump and build to pick up fixes + * Mon Nov 25 2019 Justin M. Forbes - Fix CVE-2019-14895 (rhbz 1774870 1776139) - Fix CVE-2019-14896 (rhbz 1774875 1776143) -- cgit From 7009ddf5df3fe8e765d8e0743b4051e0df68f5e2 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 25 Nov 2019 17:23:43 -0500 Subject: Clean up stray *.h.s files The various header testing options (e.g. CONFIG_KERNEL_HEADER_TEST) leave a lot of stray *.s files around. Make sure these get cleaned up so they don't end up packaged. --- kernel.spec | 3 +++ 1 file changed, 3 insertions(+) (limited to 'kernel.spec') diff --git a/kernel.spec b/kernel.spec index 8ff38b9b1..ec88bcb56 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1728,6 +1728,9 @@ BuildKernel() { mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/internal mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates + # CONFIG_KERNEL_HEADER_TEST generates some extra files in the process of + # testing so just delete + find . -name *.h.s -delete # first copy everything cp --parents `find -type f -name "Makefile*" -o -name "Kconfig*"` $RPM_BUILD_ROOT/lib/modules/$KernelVer/build cp Module.symvers $RPM_BUILD_ROOT/lib/modules/$KernelVer/build -- cgit From 17ffa26d54598f92b17e25a82f76ffa1837d06c2 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Tue, 26 Nov 2019 12:44:01 -0600 Subject: Linux v5.4-3619-gbe2eca94d144 --- kernel.spec | 46 ++++++++-------------------------------------- 1 file changed, 8 insertions(+), 38 deletions(-) (limited to 'kernel.spec') diff --git a/kernel.spec b/kernel.spec index ec88bcb56..5d8cfc849 100644 --- a/kernel.spec +++ b/kernel.spec @@ -24,7 +24,7 @@ Summary: The Linux kernel # For rawhide and/or a kernel built from an rc or git snapshot, # released_kernel should be 0. # For a stable, released kernel, released_kernel should be 1. -%global released_kernel 1 +%global released_kernel 0 %if 0%{?fedora} %define secure_boot_arch x86_64 @@ -77,7 +77,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 2 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -102,7 +102,7 @@ Summary: The Linux kernel # The next upstream release sublevel (base_sublevel+1) %define upstream_sublevel %(echo $((%{base_sublevel} + 1))) # The rc snapshot level -%global rcrev 1 +%global rcrev 0 # The git snapshot level %define gitrev 1 # Set rpm version accordingly @@ -191,7 +191,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 %if 0%{?fedora} # Kernel headers are being split out into a separate package @@ -810,43 +810,12 @@ Patch504: 0001-mm-kmemleak-skip-late_init-if-not-skip-disable.patch # https://lkml.org/lkml/2019/8/29/1772 Patch505: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch -# CVE-2019-19071 rhbz 1774949 1774950 -Patch509: rsi-release-skb-if-rsi_prepare_beacon-fails.patch - -# CVE-2019-19070 rhbz 1774957 1774958 -Patch510: spi-gpio-prevent-memory-leak-in-spi_gpio_probe.patch - -# CVE-2019-19068 rhbz 1774963 1774965 -Patch511: rtl8xxxu-prevent-leaking-urb.patch - -# CVE-2019-19043 rhbz 1774972 1774973 -Patch512: net-next-v2-9-9-i40e-prevent-memory-leak-in-i40e_setup_macvlans.patch - # CVE-2019-19066 rhbz 1774976 1774978 Patch513: scsi-bfa-release-allocated-memory-in-case-of-error.patch -# CVE-2019-19046 rhbz 1774988 1774989 -Patch514: ipmi-Fix-memory-leak-in-__ipmi_bmc_register.patch - -# CVE-2019-19050 rhbz 1774998 1775002 -# CVE-2019-19062 rhbz 1775021 1775023 -Patch515: crypto-user-fix-memory-leak-in-crypto_reportstat.patch - -# CVE-2019-19064 rhbz 1775010 1775011 -Patch516: spi-lpspi-fix-memory-leak-in-fsl_lpspi_probe.patch - -# CVE-2019-19063 rhbz 1775015 1775016 -Patch517: rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch - -# CVE-2019-19057 rhbz 1775050 1775051 -Patch520: mwifiex-pcie-Fix-memory-leak-in-mwifiex_pcie_init_evt_ring.patch - # CVE-2019-19053 rhbz 1775956 1775110 Patch521: rpmsg-char-release-allocated-memory.patch -# CVE-2019-19056 rhbz 1775097 1775115 -Patch522: mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_alloc_cmdrsp_buf.patch - # CVE-2019-19054 rhbz 1775063 1775117 Patch524: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch @@ -860,9 +829,6 @@ Patch526: libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch # CVE-2019-14901 rhbz 1773519 1776184 Patch527: mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch -# CVE-2019-19078 rhbz 1776354 1776353 -Patch528: ath10k-fix-memory-leak.patch - # END OF PATCH DEFINITIONS %endif @@ -2561,6 +2527,10 @@ fi # # %changelog +* Tue Nov 26 2019 Justin M. Forbes - 5.5.0-0.rc0.git1.1 +- Linux v5.4-3619-gbe2eca94d144 +- Reenable debugging options. + * Mon Nov 25 2019 Laura Abbott - 5.4.0-2 - bump and build to pick up fixes -- cgit