kernel-5.14.0-0.rc7.54
* Mon Aug 23 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc7.54] - redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Herton R. Krzesinski) [1994849] Resolves: rhbz#1994849 Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
e6db620870
commit
fab840e687
@ -12,7 +12,7 @@ RHEL_MINOR = 99
|
|||||||
#
|
#
|
||||||
# Use this spot to avoid future merge conflicts.
|
# Use this spot to avoid future merge conflicts.
|
||||||
# Do not trim this comment.
|
# Do not trim this comment.
|
||||||
RHEL_RELEASE = 50
|
RHEL_RELEASE = 54
|
||||||
|
|
||||||
#
|
#
|
||||||
# Early y+1 numbering
|
# Early y+1 numbering
|
||||||
|
64
kernel.spec
64
kernel.spec
@ -78,9 +78,9 @@ Summary: The Linux kernel
|
|||||||
# Set debugbuildsenabled to 0 to not build a separate debug kernel, but
|
# Set debugbuildsenabled to 0 to not build a separate debug kernel, but
|
||||||
# to build the base kernel using the debug configuration. (Specifying
|
# to build the base kernel using the debug configuration. (Specifying
|
||||||
# the --with-release option overrides this setting.)
|
# the --with-release option overrides this setting.)
|
||||||
%define debugbuildsenabled 0
|
%define debugbuildsenabled 1
|
||||||
|
|
||||||
%global distro_build 0.rc6.20210820gitd992fe5318d8.50
|
%global distro_build 0.rc7.54
|
||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
%define secure_boot_arch x86_64
|
%define secure_boot_arch x86_64
|
||||||
@ -124,13 +124,13 @@ Summary: The Linux kernel
|
|||||||
%define kversion 5.14
|
%define kversion 5.14
|
||||||
|
|
||||||
%define rpmversion 5.14.0
|
%define rpmversion 5.14.0
|
||||||
%define pkgrelease 0.rc6.20210820gitd992fe5318d8.50
|
%define pkgrelease 0.rc7.54
|
||||||
|
|
||||||
# This is needed to do merge window version magic
|
# This is needed to do merge window version magic
|
||||||
%define patchlevel 14
|
%define patchlevel 14
|
||||||
|
|
||||||
# allow pkg_release to have configurable %%{?dist} tag
|
# allow pkg_release to have configurable %%{?dist} tag
|
||||||
%define specrelease 0.rc6.20210820gitd992fe5318d8.50%{?buildid}%{?dist}
|
%define specrelease 0.rc7.54%{?buildid}%{?dist}
|
||||||
|
|
||||||
%define pkg_release %{specrelease}
|
%define pkg_release %{specrelease}
|
||||||
|
|
||||||
@ -671,7 +671,7 @@ BuildRequires: lld
|
|||||||
# exact git commit you can run
|
# exact git commit you can run
|
||||||
#
|
#
|
||||||
# xzcat -qq ${TARBALL} | git get-tar-commit-id
|
# xzcat -qq ${TARBALL} | git get-tar-commit-id
|
||||||
Source0: linux-5.14-rc6-125-gd992fe5318d8.tar.xz
|
Source0: linux-5.14-rc7.tar.xz
|
||||||
|
|
||||||
Source1: Makefile.rhelver
|
Source1: Makefile.rhelver
|
||||||
|
|
||||||
@ -690,26 +690,21 @@ Source9: x509.genkey.fedora
|
|||||||
%if %{?released_kernel}
|
%if %{?released_kernel}
|
||||||
|
|
||||||
Source10: redhatsecurebootca5.cer
|
Source10: redhatsecurebootca5.cer
|
||||||
Source11: redhatsecurebootca1.cer
|
Source11: redhatsecureboot501.cer
|
||||||
Source12: redhatsecureboot501.cer
|
Source12: secureboot_s390.cer
|
||||||
Source13: redhatsecureboot301.cer
|
Source13: secureboot_ppc.cer
|
||||||
Source14: secureboot_s390.cer
|
|
||||||
Source15: secureboot_ppc.cer
|
|
||||||
|
|
||||||
%define secureboot_ca_1 %{SOURCE10}
|
%define secureboot_ca_0 %{SOURCE10}
|
||||||
%define secureboot_ca_0 %{SOURCE11}
|
|
||||||
%ifarch x86_64 aarch64
|
%ifarch x86_64 aarch64
|
||||||
%define secureboot_key_1 %{SOURCE12}
|
%define secureboot_key_0 %{SOURCE11}
|
||||||
%define pesign_name_1 redhatsecureboot501
|
%define pesign_name_0 redhatsecureboot501
|
||||||
%define secureboot_key_0 %{SOURCE13}
|
|
||||||
%define pesign_name_0 redhatsecureboot301
|
|
||||||
%endif
|
%endif
|
||||||
%ifarch s390x
|
%ifarch s390x
|
||||||
%define secureboot_key_0 %{SOURCE14}
|
%define secureboot_key_0 %{SOURCE12}
|
||||||
%define pesign_name_0 redhatsecureboot302
|
%define pesign_name_0 redhatsecureboot302
|
||||||
%endif
|
%endif
|
||||||
%ifarch ppc64le
|
%ifarch ppc64le
|
||||||
%define secureboot_key_0 %{SOURCE15}
|
%define secureboot_key_0 %{SOURCE13}
|
||||||
%define pesign_name_0 redhatsecureboot303
|
%define pesign_name_0 redhatsecureboot303
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -717,16 +712,11 @@ Source15: secureboot_ppc.cer
|
|||||||
%else
|
%else
|
||||||
|
|
||||||
Source10: redhatsecurebootca4.cer
|
Source10: redhatsecurebootca4.cer
|
||||||
Source11: redhatsecurebootca2.cer
|
Source11: redhatsecureboot401.cer
|
||||||
Source12: redhatsecureboot401.cer
|
|
||||||
Source13: redhatsecureboot003.cer
|
|
||||||
|
|
||||||
%define secureboot_ca_1 %{SOURCE10}
|
%define secureboot_ca_0 %{SOURCE10}
|
||||||
%define secureboot_ca_0 %{SOURCE11}
|
%define secureboot_key_0 %{SOURCE11}
|
||||||
%define secureboot_key_1 %{SOURCE12}
|
%define pesign_name_0 redhatsecureboot401
|
||||||
%define pesign_name_1 redhatsecureboot401
|
|
||||||
%define secureboot_key_0 %{SOURCE13}
|
|
||||||
%define pesign_name_0 redhatsecureboot003
|
|
||||||
|
|
||||||
# released_kernel
|
# released_kernel
|
||||||
%endif
|
%endif
|
||||||
@ -1357,8 +1347,8 @@ ApplyOptionalPatch()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
%setup -q -n kernel-5.14-rc6-125-gd992fe5318d8 -c
|
%setup -q -n kernel-5.14-rc7 -c
|
||||||
mv linux-5.14-rc6-125-gd992fe5318d8 linux-%{KVERREL}
|
mv linux-5.14-rc7 linux-%{KVERREL}
|
||||||
|
|
||||||
cd linux-%{KVERREL}
|
cd linux-%{KVERREL}
|
||||||
cp -a %{SOURCE1} .
|
cp -a %{SOURCE1} .
|
||||||
@ -1630,9 +1620,7 @@ BuildKernel() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%ifarch x86_64 aarch64
|
%ifarch x86_64 aarch64
|
||||||
%pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
|
%pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
|
||||||
%pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
|
|
||||||
rm vmlinuz.tmp
|
|
||||||
%endif
|
%endif
|
||||||
%ifarch s390x ppc64le
|
%ifarch s390x ppc64le
|
||||||
if [ -x /usr/bin/rpm-sign ]; then
|
if [ -x /usr/bin/rpm-sign ]; then
|
||||||
@ -2097,13 +2085,7 @@ BuildKernel() {
|
|||||||
|
|
||||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||||
%ifarch x86_64 aarch64
|
|
||||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
|
|
||||||
install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer
|
|
||||||
ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
||||||
%else
|
|
||||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||||
%endif
|
|
||||||
%ifarch s390x ppc64le
|
%ifarch s390x ppc64le
|
||||||
if [ $DoModules -eq 1 ]; then
|
if [ $DoModules -eq 1 ]; then
|
||||||
if [ -x /usr/bin/rpm-sign ]; then
|
if [ -x /usr/bin/rpm-sign ]; then
|
||||||
@ -2952,6 +2934,12 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 23 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc7.54]
|
||||||
|
- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Herton R. Krzesinski) [1994849]
|
||||||
|
|
||||||
|
* Sat Aug 21 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210821gitfa54d366a6e4.51]
|
||||||
|
- More Fedora config updates (Justin M. Forbes)
|
||||||
|
|
||||||
* Fri Aug 20 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210820gitd992fe5318d8.50]
|
* Fri Aug 20 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210820gitd992fe5318d8.50]
|
||||||
- Fedora config updates for 5.14 (Justin M. Forbes)
|
- Fedora config updates for 5.14 (Justin M. Forbes)
|
||||||
|
|
||||||
|
@ -139,7 +139,7 @@ index 000000000000..effb81d04bfd
|
|||||||
+
|
+
|
||||||
+endmenu
|
+endmenu
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index c19d1638da25..5392d14f9646 100644
|
index 80aa85170d6b..3b0fcfb382a3 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
||||||
@ -1405,7 +1405,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
|
|||||||
if (data->f01_container->dev.driver) {
|
if (data->f01_container->dev.driver) {
|
||||||
/* Driver already bound, so enable ATTN now. */
|
/* Driver already bound, so enable ATTN now. */
|
||||||
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
|
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
|
||||||
index 5419c4b9f27a..3bce0190f0cd 100644
|
index 63f0af10c403..195be16dbd39 100644
|
||||||
--- a/drivers/iommu/iommu.c
|
--- a/drivers/iommu/iommu.c
|
||||||
+++ b/drivers/iommu/iommu.c
|
+++ b/drivers/iommu/iommu.c
|
||||||
@@ -7,6 +7,7 @@
|
@@ -7,6 +7,7 @@
|
||||||
@ -1416,7 +1416,7 @@ index 5419c4b9f27a..3bce0190f0cd 100644
|
|||||||
#include <linux/kernel.h>
|
#include <linux/kernel.h>
|
||||||
#include <linux/bug.h>
|
#include <linux/bug.h>
|
||||||
#include <linux/types.h>
|
#include <linux/types.h>
|
||||||
@@ -3036,6 +3037,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle)
|
@@ -3039,6 +3040,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle)
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
|
EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
|
||||||
|
|
||||||
@ -1743,10 +1743,10 @@ index 3a72352aa5cf..47b11f3c7fce 100644
|
|||||||
struct pci_driver *drv;
|
struct pci_driver *drv;
|
||||||
struct pci_dev *dev;
|
struct pci_dev *dev;
|
||||||
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
|
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
|
||||||
index 6d74386eadc2..2333c1e4ae05 100644
|
index ab3de1551b50..7bc8ebb58d35 100644
|
||||||
--- a/drivers/pci/quirks.c
|
--- a/drivers/pci/quirks.c
|
||||||
+++ b/drivers/pci/quirks.c
|
+++ b/drivers/pci/quirks.c
|
||||||
@@ -4230,6 +4230,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
|
@@ -4231,6 +4231,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
|
||||||
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084,
|
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084,
|
||||||
quirk_bridge_cavm_thrx2_pcie_root);
|
quirk_bridge_cavm_thrx2_pcie_root);
|
||||||
|
|
||||||
|
Binary file not shown.
Binary file not shown.
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (linux-5.14-rc6-125-gd992fe5318d8.tar.xz) = 381645b7843d25375bb15c670c07a7c0ae7c4c5b944ab937ce93a88b148157956e04367d38ee6569b68b31a5d94aa32d6998a8cb568f77462688d9a89ec03ac0
|
SHA512 (linux-5.14-rc7.tar.xz) = 8682d0a9b88220c3707130150591c7d471d6b2d8d2ddb0c8940c6e59d23f9a4b1a5fcc8ccc5a5a5b68f47f449521b5347d6d979688e40960fdc342b36a9fb012
|
||||||
SHA512 (kernel-abi-stablelists-5.14.0-0.rc6.20210820gitd992fe5318d8.50.tar.bz2) = 8771756b6eca6465cde6f69205b993ceff4be30c53263736d83e4cfdff82a662d52532e1f6ef7e253014fa0f13148161eaa60bf5dcced6995e1f2e6bf95b74bb
|
SHA512 (kernel-abi-stablelists-5.14.0-0.rc7.54.tar.bz2) = 67e2d05ce2c74e73f40bacb113630ade3be5f95207ea6c8aa1fa13ea7b875c53945458de6395d8ee7b0297f54deda8b8e61a727682cb33e7eeb0dfc1e1b7d998
|
||||||
SHA512 (kernel-kabi-dw-5.14.0-0.rc6.20210820gitd992fe5318d8.50.tar.bz2) = 1fb402c4172dc1912255c48bb8fe01823194bf0d0b272089b4e04deee5b2e559f81d28644dbfc1cb36e1991ac004ad207247a5eae480f6f80f06de287594e30d
|
SHA512 (kernel-kabi-dw-5.14.0-0.rc7.54.tar.bz2) = fb3ae66655d42c9294899e6c8fe6b684f97c65dca527f863059f419f90a3bb84fc98c0ea69f7939e9b09e1ee54a59a12cd23304b8d55275bfdb24a9d1228f43d
|
||||||
|
Loading…
Reference in New Issue
Block a user