[ol9_baseos_latest] kernel-5.14.0-70.22.1.0.1.el9_0.x86_64

The kernel meta package

Changelog (Show File list) (Show related packages)

• Tue Aug 09 2022 Stephen Brennan <stephen.s.brennan@oracle.com> [5.14.0-70.22.1.0.1.el9_0.OL9]

  - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499}

• Tue Aug 09 2022 Kevin Lyons <kevin.x.lyons@oracle.com> [5.14.0-70.22.1.el9_0.OL9]

  - Update Oracle Linux certificates (Kevin Lyons)
  - Disable signing for aarch64 (Ilya Okomin)
  - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  - Update x509.genkey [Orabug: 24817676]
  - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4.el9
  - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]

• Tue Aug 02 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.22.1.el9_0]

  - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (Myron Stowe) [2109974 2084146]
  - PCI: vmd: Assign VMD IRQ domain before enumeration (Myron Stowe) [2109974 2084146]
  - rhel config: Set DMAR_UNITS_SUPPORTED (Jerry Snitselaar) [2105326 2094984]
  - iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2105326 2094984]

• Tue Jul 26 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.21.1.el9_0]

  - ibmvnic: fix race between xmit and reset (Gustavo Walbon) [2103085 2061556]
  - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2098251 2095440]
  - scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2098251 2095440]

• Tue Jul 19 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.20.1.el9_0]

  - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ming Lei) [2106024 2066297] {CVE-2022-0494}
  - ahci: Add a generic 'controller2' RAID id (Tomas Henzl) [2099740 2078880]
  - ahci: remove duplicated PCI device IDs (Tomas Henzl) [2099740 2042790]
  - gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: buffered write prefaulting (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Variable rename (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2097306 2082193]
  - iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2097306 2082193]
  - iomap: iomap_write_failed fix (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2097306 2082193]
  - fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Make use of list_is_first (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2097306 2082193]
  - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2097306 2082193]

• Wed Jul 13 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.19.1.el9_0]

  - KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2100903 2074832]
  - powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092248 2055566]
  - powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092248 2055566]
  - powerpc/64s/hash: Make hash faults work in NMI context (Desnes A. Nunes do Rosario) [2092253 2062762]

• Tue Jul 05 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.18.1.el9_0]

  - NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) [2101858 2086367]
  - NFSv4 only print the label when its queried (Benjamin Coddington) [2101854 2057327]
  - crypto: fips - make proc files report fips module name and version (Simo Sorce) [2093384 2080499]
  - net: sched: fix use-after-free in tc_new_tfilter() (Ivan Vecera) [2071707 2090410] {CVE-2022-1055}

• Tue Jun 14 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.17.1.el9_0]

  - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966}
  - thunderx nic: mark device as unmaintained (Íñigo Huguet) [2092638 2060285]
  - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255 2067770]
  - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087963 2087964] {CVE-2022-1729}
  - spec: Fix separate tools build (Jiri Olsa) [2090852 2054579]
  - mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963 2033500]

• Wed Jun 08 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.16.1.el9_0]

  - dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187 2081778]

• Wed Jun 01 2022 Herton R. Krzesinski <herton@redhat.com> [5.14.0-70.15.1.el9_0]

  - CI: Use zstream builder image (Veronika Kabatova)
  - tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - tcp: add small random increments to the source port (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012}
  - Revert "netfilter: conntrack: tag conntracks picked up in local out hook" (Florian Westphal) [2085480 2061850]
  - Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" (Florian Westphal) [2085480 2061850]
  - redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi)
  - redhat: fix make {distg-brew,distg-koji} (Andrea Claudi)
  - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666}
  - esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666}
  - sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856]
  - security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856]
  - security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856]
  - security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856]
  - security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856]