diff --git a/Makefile.rhelver b/Makefile.rhelver index 7fa8416f1..71911458c 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 58 +RHEL_RELEASE = 59 # # RHEL_REBASE_NUM diff --git a/Patchlist.changelog b/Patchlist.changelog index 4fd06efca..3052a4ac4 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,3 +1,6 @@ +https://gitlab.com/cki-project/kernel-ark/-/commit/7091e7aae971eb3bb57cd05575b6d47b023d7b1b + 7091e7aae971eb3bb57cd05575b6d47b023d7b1b not upstream: drop openssl ENGINE API usage + https://gitlab.com/cki-project/kernel-ark/-/commit/eb75341619677c7f8b6de39e4742a1bcf6569587 eb75341619677c7f8b6de39e4742a1bcf6569587 redhat: make bnx2xx drivers unmaintained in rhel-10 diff --git a/kernel.changelog b/kernel.changelog index f8c991d0e..447fe2f19 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,5 +1,10 @@ -* Mon Jul 08 2024 Fedora Kernel Team [6.10.0-0.rc7.58] -- Add openssl-devel-engine as a buildrequirement. (Justin M. Forbes) +* Tue Jul 09 2024 Fedora Kernel Team [6.10.0-0.rc7.4376e966ecb7.59] +- not upstream: drop openssl ENGINE API usage (Jan Stancek) +Resolves: + +* Mon Jul 08 2024 Fedora Kernel Team [6.10.0-0.rc7.4376e966ecb7.58] +- Also remove the zfcpdump BASE_SMALL config (Justin M. Forbes) +- Linux v6.10.0-0.rc7.4376e966ecb7 Resolves: * Mon Jul 08 2024 Fedora Kernel Team [6.10.0-0.rc7.57] diff --git a/kernel.spec b/kernel.spec index b1d4c675f..617f7e508 100644 --- a/kernel.spec +++ b/kernel.spec @@ -163,13 +163,13 @@ Summary: The Linux kernel %define specrpmversion 6.10.0 %define specversion 6.10.0 %define patchversion 6.10 -%define pkgrelease 0.rc7.58 +%define pkgrelease 0.rc7.20240709git4376e966ecb7.59 %define kversion 6 -%define tarfile_release 6.10-rc7 +%define tarfile_release 6.10-rc7-3-g4376e966ecb7 # This is needed to do merge window version magic %define patchlevel 10 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc7.58%{?buildid}%{?dist} +%define specrelease 0.rc7.20240709git4376e966ecb7.59%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.10.0 @@ -711,7 +711,7 @@ BuildRequires: libnl3-devel %endif %endif %if %{with_tools} || %{signmodules} || %{signkernel} -BuildRequires: openssl-devel openssl-devel-engine +BuildRequires: openssl-devel %endif %if %{with_bpftool} BuildRequires: python3-docutils @@ -4043,8 +4043,12 @@ fi\ # # %changelog -* Mon Jul 08 2024 Fedora Kernel Team [6.10.0-0.rc7.58] -- Add openssl-devel-engine as a buildrequirement. (Justin M. Forbes) +* Tue Jul 09 2024 Fedora Kernel Team [6.10.0-0.rc7.4376e966ecb7.59] +- not upstream: drop openssl ENGINE API usage (Jan Stancek) + +* Mon Jul 08 2024 Fedora Kernel Team [6.10.0-0.rc7.4376e966ecb7.58] +- Also remove the zfcpdump BASE_SMALL config (Justin M. Forbes) +- Linux v6.10.0-0.rc7.4376e966ecb7 * Mon Jul 08 2024 Fedora Kernel Team [6.10.0-0.rc7.57] - Linux v6.10.0-0.rc7 diff --git a/patch-6.10-redhat.patch b/patch-6.10-redhat.patch index 1b27ff80d..68133b957 100644 --- a/patch-6.10-redhat.patch +++ b/patch-6.10-redhat.patch @@ -9,6 +9,7 @@ arch/s390/kernel/setup.c | 4 + arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/setup.c | 98 +++- + certs/extract-cert.c | 25 +- crypto/drbg.c | 18 +- crypto/rng.c | 149 +++++- drivers/acpi/apei/hest.c | 8 + @@ -69,12 +70,13 @@ kernel/rh_messages.c | 414 ++++++++++++++++ kernel/rh_messages.h | 325 +++++++++++++ scripts/mod/modpost.c | 8 + + scripts/sign-file.c | 29 +- scripts/tags.sh | 2 + security/integrity/platform_certs/load_uefi.c | 6 +- security/lockdown/Kconfig | 13 + security/lockdown/lockdown.c | 1 + security/security.c | 12 + - 76 files changed, 2553 insertions(+), 218 deletions(-) + 78 files changed, 2557 insertions(+), 268 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 27ec49af1bf2..ac87cc84acef 100644 @@ -408,6 +410,49 @@ index 05c5aa951da7..09c1ad947f46 100644 unwind_init(); } +diff --git a/certs/extract-cert.c b/certs/extract-cert.c +index 70e9ec89d87d..f5fb74916cee 100644 +--- a/certs/extract-cert.c ++++ b/certs/extract-cert.c +@@ -21,7 +21,6 @@ + #include + #include + #include +-#include + + /* + * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API. +@@ -122,28 +121,8 @@ int main(int argc, char **argv) + fclose(f); + exit(0); + } else if (!strncmp(cert_src, "pkcs11:", 7)) { +- ENGINE *e; +- struct { +- const char *cert_id; +- X509 *cert; +- } parms; +- +- parms.cert_id = cert_src; +- parms.cert = NULL; +- +- ENGINE_load_builtin_engines(); +- drain_openssl_errors(); +- e = ENGINE_by_id("pkcs11"); +- ERR(!e, "Load PKCS#11 ENGINE"); +- if (ENGINE_init(e)) +- drain_openssl_errors(); +- else +- ERR(1, "ENGINE_init"); +- if (key_pass) +- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); +- ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); +- ERR(!parms.cert, "Get X.509 from PKCS#11"); +- write_cert(parms.cert); ++ fprintf(stderr, "Error: pkcs11 not implemented\n"); ++ exit(1); + } else { + BIO *b; + X509 *x509; diff --git a/crypto/drbg.c b/crypto/drbg.c index 3addce90930c..730b03de596a 100644 --- a/crypto/drbg.c @@ -4264,6 +4309,60 @@ index f48d72d22dc2..288e0dbe6463 100644 ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name); if (ret >= sizeof(fname)) { +diff --git a/scripts/sign-file.c b/scripts/sign-file.c +index 3edb156ae52c..0114ae1dbf7f 100644 +--- a/scripts/sign-file.c ++++ b/scripts/sign-file.c +@@ -27,7 +27,6 @@ + #include + #include + #include +-#include + + /* + * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API. +@@ -99,16 +98,6 @@ static void display_openssl_errors(int l) + } + } + +-static void drain_openssl_errors(void) +-{ +- const char *file; +- int line; +- +- if (ERR_peek_error() == 0) +- return; +- while (ERR_get_error_line(&file, &line)) {} +-} +- + #define ERR(cond, fmt, ...) \ + do { \ + bool __cond = (cond); \ +@@ -144,22 +133,8 @@ static EVP_PKEY *read_private_key(const char *private_key_name) + EVP_PKEY *private_key; + + if (!strncmp(private_key_name, "pkcs11:", 7)) { +- ENGINE *e; +- +- ENGINE_load_builtin_engines(); +- drain_openssl_errors(); +- e = ENGINE_by_id("pkcs11"); +- ERR(!e, "Load PKCS#11 ENGINE"); +- if (ENGINE_init(e)) +- drain_openssl_errors(); +- else +- ERR(1, "ENGINE_init"); +- if (key_pass) +- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), +- "Set PKCS#11 PIN"); +- private_key = ENGINE_load_private_key(e, private_key_name, +- NULL, NULL); +- ERR(!private_key, "%s", private_key_name); ++ fprintf(stderr, "Error: pkcs11 not implemented\n"); ++ exit(1); + } else { + BIO *b; + diff --git a/scripts/tags.sh b/scripts/tags.sh index 191e0461d6d5..e6f418b3e948 100755 --- a/scripts/tags.sh diff --git a/sources b/sources index 86e50d33f..76196e115 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-6.10-rc7.tar.xz) = e6d977770470be4344dc06cee1f163035f6adf658f1bad491bbce2dcf45e5e3fa2d419c73c873392cb6b520ae2afa73715ee2237251235cee90235092e59e6cf -SHA512 (kernel-abi-stablelists-6.10.0.tar.xz) = 0364a05e5b1fef92f9d1bf67b1c1b3388e0cad5e1669c6a05484c8d67cff9d8511b78a694eba906d767c327cec6c34cc1fe9faff2d38e228d1a40402fc698488 -SHA512 (kernel-kabi-dw-6.10.0.tar.xz) = 503efa109c986131ce918ea62746923718c8371501610778dfa0f0ac6b265ff07a6466cbe784e0e8168fa9ce14be4b448ed49abfef7d81c711c87b2e325dcf70 +SHA512 (linux-6.10-rc7-3-g4376e966ecb7.tar.xz) = 30c212d900ae3c714f1cb508b8dd93f99a5e142cd0958301cd1043e72348a65e31d1fbe22198431f7e763aeaff584b9024c056c535779e491acf5cb4608d0f58 +SHA512 (kernel-abi-stablelists-6.10.0.tar.xz) = 7041030c6187f3c17beffc5775857aab700696737e353ea7f620b6aca6f9743534667f1e5fbd6dc9397c47c82031e66a230a9df5ba33605d0e1c71cbaa0121c1 +SHA512 (kernel-kabi-dw-6.10.0.tar.xz) = 714adeee8e4258e14367915d851e7feb92307f5f387a99fea17f981c4ab1ab5d8ffe7b0e650ebdd0db2da8e3a4ec8e63fe5a66babaa7643a65313955a7244058