From 7245cefcf0d9fb2395df0be9638313f8e3a4caf6 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:48:34 -0800 Subject: [PATCH 1/4] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.169.1 - branch main (#11319) Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com> Co-authored-by: Rachel Menge --- .../kernel-azure-signed.spec | 5 +- .../kernel-hci-signed/kernel-hci-signed.spec | 5 +- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 7 +- .../hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 5 +- SPECS/kernel-azure/config | 5 +- SPECS/kernel-azure/config_aarch64 | 5 +- .../kernel-azure/kernel-azure.signatures.json | 6 +- SPECS/kernel-azure/kernel-azure.spec | 5 +- ...-Add-support-to-create-match-definer.patch | 601 ------------------ SPECS/kernel-hci/config | 5 +- SPECS/kernel-hci/kernel-hci.signatures.json | 4 +- SPECS/kernel-hci/kernel-hci.spec | 7 +- .../kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 7 +- SPECS/kernel/config | 5 +- SPECS/kernel/config_aarch64 | 5 +- SPECS/kernel/kernel.signatures.json | 6 +- SPECS/kernel/kernel.spec | 7 +- cgmanifest.json | 20 +- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 4 +- 24 files changed, 80 insertions(+), 644 deletions(-) delete mode 100644 SPECS/kernel-hci/0003-net-mlx5-Add-support-to-create-match-definer.patch diff --git a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec index bf62a473e8c..ca3570c0319 100644 --- a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec +++ b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec @@ -9,7 +9,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for Azure Name: kernel-azure-signed-%{buildarch} -Version: 5.15.167.1 +Version: 5.15.169.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Sep 18 2024 CBL-Mariner Servicing Account - 5.15.167.1-1 - Auto-upgrade to 5.15.167.1 diff --git a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec index 6bf9056ad53..e7e59f4e0cd 100644 --- a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec +++ b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec @@ -4,7 +4,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for HCI Name: kernel-hci-signed-%{buildarch} -Version: 5.15.167.1 +Version: 5.15.169.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Sep 18 2024 CBL-Mariner Servicing Account - 5.15.167.1-1 - Auto-upgrade to 5.15.167.1 diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 8e161b9d5d8..d9bd3d6ec90 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,8 +9,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.15.167.1 -Release: 2%{?dist} +Version: 5.15.169.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Oct 23 2024 Rachel Menge - 5.15.167.1-2 - Bump release to match kernel diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index 63c71897dd8..ba4cd1db112 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0" + "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" } } diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index d94f05433ee..8065cf3b492 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.15.167.1 +Version: 5.15.169.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -219,6 +219,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Sep 18 2024 CBL-Mariner Servicing Account - 5.15.167.1-1 - Auto-upgrade to 5.15.167.1 diff --git a/SPECS/kernel-azure/config b/SPECS/kernel-azure/config index 10615306ef2..c137893bef8 100644 --- a/SPECS/kernel-azure/config +++ b/SPECS/kernel-azure/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.167.1 Kernel Configuration +# Linux/x86_64 5.15.169.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -6771,6 +6771,9 @@ CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEY_DH_OPERATIONS is not set CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y diff --git a/SPECS/kernel-azure/config_aarch64 b/SPECS/kernel-azure/config_aarch64 index e52cf7dc401..ce9286bd26a 100644 --- a/SPECS/kernel-azure/config_aarch64 +++ b/SPECS/kernel-azure/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.167.1 Kernel Configuration +# Linux/arm64 5.15.169.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -8934,6 +8934,9 @@ CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEY_DH_OPERATIONS is not set CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y diff --git a/SPECS/kernel-azure/kernel-azure.signatures.json b/SPECS/kernel-azure/kernel-azure.signatures.json index d7d95e0ee6a..ed038dda741 100644 --- a/SPECS/kernel-azure/kernel-azure.signatures.json +++ b/SPECS/kernel-azure/kernel-azure.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "97d9d65905746afb5c23e03bc0d5c4c2703f1701ffb61031dda00e8541ecf185", - "config_aarch64": "616ea3ccfdf311b10a2702e7eac052f561fb0556a94b0c5e1b72c6293fca5083", + "config": "c1a986285c252995287d11b26ff11988ee1a3c471afaf49afcee1bfacf7f7bb1", + "config_aarch64": "4ac4d0d5cb74ba8d975e423209aa0cf68340cd4fc931156aecb11a90591ef255", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0" + "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" } } diff --git a/SPECS/kernel-azure/kernel-azure.spec b/SPECS/kernel-azure/kernel-azure.spec index f20f660ec2b..7f65b9f4975 100644 --- a/SPECS/kernel-azure/kernel-azure.spec +++ b/SPECS/kernel-azure/kernel-azure.spec @@ -27,7 +27,7 @@ Summary: Linux Kernel Name: kernel-azure -Version: 5.15.167.1 +Version: 5.15.169.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -420,6 +420,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Sep 18 2024 CBL-Mariner Servicing Account - 5.15.167.1-1 - Auto-upgrade to 5.15.167.1 diff --git a/SPECS/kernel-hci/0003-net-mlx5-Add-support-to-create-match-definer.patch b/SPECS/kernel-hci/0003-net-mlx5-Add-support-to-create-match-definer.patch deleted file mode 100644 index ffa1bc4cade..00000000000 --- a/SPECS/kernel-hci/0003-net-mlx5-Add-support-to-create-match-definer.patch +++ /dev/null @@ -1,601 +0,0 @@ -From da65e864db3be50a842c8843322cda806271c5d9 Mon Sep 17 00:00:00 2001 -From: Maor Gottlieb -Date: Tue, 6 Jul 2021 17:48:26 +0300 -Subject: [PATCH 03/22] net/mlx5: Add support to create match definer - -Introduce new APIs to create and destroy flow matcher -for given format id. - -Flow match definer object is used for defining the fields and -mask used for the hash calculation. User should mask the desired -fields like done in the match criteria. - -This object is assigned to flow group of type hash. In this flow -group type, packets lookup is done based on the hash result. - -This patch also adds the required bits to create such flow group. - -Signed-off-by: Maor Gottlieb -Reviewed-by: Mark Bloch -Signed-off-by: Saeed Mahameed ---- - .../net/ethernet/mellanox/mlx5/core/fs_cmd.c | 57 ++++ - .../net/ethernet/mellanox/mlx5/core/fs_cmd.h | 4 + - .../net/ethernet/mellanox/mlx5/core/fs_core.c | 46 +++ - .../net/ethernet/mellanox/mlx5/core/fs_core.h | 5 + - .../mellanox/mlx5/core/steering/fs_dr.c | 15 + - include/linux/mlx5/fs.h | 8 + - include/linux/mlx5/mlx5_ifc.h | 272 ++++++++++++++++-- - 7 files changed, 380 insertions(+), 27 deletions(-) - -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c -index caefdb7dfefe..2c82dc118460 100644 ---- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c -+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c -@@ -185,6 +185,20 @@ static int mlx5_cmd_set_slave_root_fdb(struct mlx5_core_dev *master, - return mlx5_cmd_exec(slave, in, sizeof(in), out, sizeof(out)); - } - -+static int -+mlx5_cmd_stub_destroy_match_definer(struct mlx5_flow_root_namespace *ns, -+ int definer_id) -+{ -+ return 0; -+} -+ -+static int -+mlx5_cmd_stub_create_match_definer(struct mlx5_flow_root_namespace *ns, -+ u16 format_id, u32 *match_mask) -+{ -+ return 0; -+} -+ - static int mlx5_cmd_update_root_ft(struct mlx5_flow_root_namespace *ns, - struct mlx5_flow_table *ft, u32 underlay_qpn, - bool disconnect) -@@ -909,6 +923,45 @@ static void mlx5_cmd_modify_header_dealloc(struct mlx5_flow_root_namespace *ns, - mlx5_cmd_exec_in(dev, dealloc_modify_header_context, in); - } - -+static int mlx5_cmd_destroy_match_definer(struct mlx5_flow_root_namespace *ns, -+ int definer_id) -+{ -+ u32 in[MLX5_ST_SZ_DW(general_obj_in_cmd_hdr)] = {}; -+ u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)]; -+ -+ MLX5_SET(general_obj_in_cmd_hdr, in, opcode, -+ MLX5_CMD_OP_DESTROY_GENERAL_OBJECT); -+ MLX5_SET(general_obj_in_cmd_hdr, in, obj_type, -+ MLX5_OBJ_TYPE_MATCH_DEFINER); -+ MLX5_SET(general_obj_in_cmd_hdr, in, obj_id, definer_id); -+ -+ return mlx5_cmd_exec(ns->dev, in, sizeof(in), out, sizeof(out)); -+} -+ -+static int mlx5_cmd_create_match_definer(struct mlx5_flow_root_namespace *ns, -+ u16 format_id, u32 *match_mask) -+{ -+ u32 out[MLX5_ST_SZ_DW(create_match_definer_out)] = {}; -+ u32 in[MLX5_ST_SZ_DW(create_match_definer_in)] = {}; -+ struct mlx5_core_dev *dev = ns->dev; -+ void *ptr; -+ int err; -+ -+ MLX5_SET(create_match_definer_in, in, general_obj_in_cmd_hdr.opcode, -+ MLX5_CMD_OP_CREATE_GENERAL_OBJECT); -+ MLX5_SET(create_match_definer_in, in, general_obj_in_cmd_hdr.obj_type, -+ MLX5_OBJ_TYPE_MATCH_DEFINER); -+ -+ ptr = MLX5_ADDR_OF(create_match_definer_in, in, obj_context); -+ MLX5_SET(match_definer, ptr, format_id, format_id); -+ -+ ptr = MLX5_ADDR_OF(match_definer, ptr, match_mask); -+ memcpy(ptr, match_mask, MLX5_FLD_SZ_BYTES(match_definer, match_mask)); -+ -+ err = mlx5_cmd_exec_inout(dev, create_match_definer, in, out); -+ return err ? err : MLX5_GET(general_obj_out_cmd_hdr, out, obj_id); -+} -+ - static const struct mlx5_flow_cmds mlx5_flow_cmds = { - .create_flow_table = mlx5_cmd_create_flow_table, - .destroy_flow_table = mlx5_cmd_destroy_flow_table, -@@ -923,6 +976,8 @@ static const struct mlx5_flow_cmds mlx5_flow_cmds = { - .packet_reformat_dealloc = mlx5_cmd_packet_reformat_dealloc, - .modify_header_alloc = mlx5_cmd_modify_header_alloc, - .modify_header_dealloc = mlx5_cmd_modify_header_dealloc, -+ .create_match_definer = mlx5_cmd_create_match_definer, -+ .destroy_match_definer = mlx5_cmd_destroy_match_definer, - .set_peer = mlx5_cmd_stub_set_peer, - .create_ns = mlx5_cmd_stub_create_ns, - .destroy_ns = mlx5_cmd_stub_destroy_ns, -@@ -942,6 +997,8 @@ static const struct mlx5_flow_cmds mlx5_flow_cmd_stubs = { - .packet_reformat_dealloc = mlx5_cmd_stub_packet_reformat_dealloc, - .modify_header_alloc = mlx5_cmd_stub_modify_header_alloc, - .modify_header_dealloc = mlx5_cmd_stub_modify_header_dealloc, -+ .create_match_definer = mlx5_cmd_stub_create_match_definer, -+ .destroy_match_definer = mlx5_cmd_stub_destroy_match_definer, - .set_peer = mlx5_cmd_stub_set_peer, - .create_ns = mlx5_cmd_stub_create_ns, - .destroy_ns = mlx5_cmd_stub_destroy_ns, -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.h b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.h -index 5ecd33cdc087..220ec632d35a 100644 ---- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.h -+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.h -@@ -97,6 +97,10 @@ struct mlx5_flow_cmds { - - int (*create_ns)(struct mlx5_flow_root_namespace *ns); - int (*destroy_ns)(struct mlx5_flow_root_namespace *ns); -+ int (*create_match_definer)(struct mlx5_flow_root_namespace *ns, -+ u16 format_id, u32 *match_mask); -+ int (*destroy_match_definer)(struct mlx5_flow_root_namespace *ns, -+ int definer_id); - }; - - int mlx5_cmd_fc_alloc(struct mlx5_core_dev *dev, u32 *id); -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c -index d852c6e086a0..3caaf8812d88 100644 ---- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c -+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c -@@ -3281,6 +3281,52 @@ void mlx5_packet_reformat_dealloc(struct mlx5_core_dev *dev, - } - EXPORT_SYMBOL(mlx5_packet_reformat_dealloc); - -+int mlx5_get_match_definer_id(struct mlx5_flow_definer *definer) -+{ -+ return definer->id; -+} -+ -+struct mlx5_flow_definer * -+mlx5_create_match_definer(struct mlx5_core_dev *dev, -+ enum mlx5_flow_namespace_type ns_type, u16 format_id, -+ u32 *match_mask) -+{ -+ struct mlx5_flow_root_namespace *root; -+ struct mlx5_flow_definer *definer; -+ int id; -+ -+ root = get_root_namespace(dev, ns_type); -+ if (!root) -+ return ERR_PTR(-EOPNOTSUPP); -+ -+ definer = kzalloc(sizeof(*definer), GFP_KERNEL); -+ if (!definer) -+ return ERR_PTR(-ENOMEM); -+ -+ definer->ns_type = ns_type; -+ id = root->cmds->create_match_definer(root, format_id, match_mask); -+ if (id < 0) { -+ mlx5_core_warn(root->dev, "Failed to create match definer (%d)\n", id); -+ kfree(definer); -+ return ERR_PTR(id); -+ } -+ definer->id = id; -+ return definer; -+} -+ -+void mlx5_destroy_match_definer(struct mlx5_core_dev *dev, -+ struct mlx5_flow_definer *definer) -+{ -+ struct mlx5_flow_root_namespace *root; -+ -+ root = get_root_namespace(dev, definer->ns_type); -+ if (WARN_ON(!root)) -+ return; -+ -+ root->cmds->destroy_match_definer(root, definer->id); -+ kfree(definer); -+} -+ - int mlx5_flow_namespace_set_peer(struct mlx5_flow_root_namespace *ns, - struct mlx5_flow_root_namespace *peer_ns) - { -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h -index 79d37530afb3..7711db245c63 100644 ---- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h -+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h -@@ -49,6 +49,11 @@ - #define FDB_TC_MAX_PRIO 16 - #define FDB_TC_LEVELS_PER_PRIO 2 - -+struct mlx5_flow_definer { -+ enum mlx5_flow_namespace_type ns_type; -+ u32 id; -+}; -+ - struct mlx5_modify_hdr { - enum mlx5_flow_namespace_type ns_type; - union { -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c -index 0553ee1fe80a..5d22a28294d5 100644 ---- a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c -+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c -@@ -626,6 +626,19 @@ static void mlx5_cmd_dr_modify_header_dealloc(struct mlx5_flow_root_namespace *n - mlx5dr_action_destroy(modify_hdr->action.dr_action); - } - -+static int -+mlx5_cmd_dr_destroy_match_definer(struct mlx5_flow_root_namespace *ns, -+ int definer_id) -+{ -+ return -EOPNOTSUPP; -+} -+ -+static int mlx5_cmd_dr_create_match_definer(struct mlx5_flow_root_namespace *ns, -+ u16 format_id, u32 *match_mask) -+{ -+ return -EOPNOTSUPP; -+} -+ - static int mlx5_cmd_dr_delete_fte(struct mlx5_flow_root_namespace *ns, - struct mlx5_flow_table *ft, - struct fs_fte *fte) -@@ -728,6 +741,8 @@ static const struct mlx5_flow_cmds mlx5_flow_cmds_dr = { - .packet_reformat_dealloc = mlx5_cmd_dr_packet_reformat_dealloc, - .modify_header_alloc = mlx5_cmd_dr_modify_header_alloc, - .modify_header_dealloc = mlx5_cmd_dr_modify_header_dealloc, -+ .create_match_definer = mlx5_cmd_dr_create_match_definer, -+ .destroy_match_definer = mlx5_cmd_dr_destroy_match_definer, - .set_peer = mlx5_cmd_dr_set_peer, - .create_ns = mlx5_cmd_dr_create_ns, - .destroy_ns = mlx5_cmd_dr_destroy_ns, -diff --git a/include/linux/mlx5/fs.h b/include/linux/mlx5/fs.h -index 259fcc168340..7a43fec63a35 100644 ---- a/include/linux/mlx5/fs.h -+++ b/include/linux/mlx5/fs.h -@@ -98,6 +98,7 @@ enum { - - struct mlx5_pkt_reformat; - struct mlx5_modify_hdr; -+struct mlx5_flow_definer; - struct mlx5_flow_table; - struct mlx5_flow_group; - struct mlx5_flow_namespace; -@@ -258,6 +259,13 @@ struct mlx5_modify_hdr *mlx5_modify_header_alloc(struct mlx5_core_dev *dev, - void *modify_actions); - void mlx5_modify_header_dealloc(struct mlx5_core_dev *dev, - struct mlx5_modify_hdr *modify_hdr); -+struct mlx5_flow_definer * -+mlx5_create_match_definer(struct mlx5_core_dev *dev, -+ enum mlx5_flow_namespace_type ns_type, u16 format_id, -+ u32 *match_mask); -+void mlx5_destroy_match_definer(struct mlx5_core_dev *dev, -+ struct mlx5_flow_definer *definer); -+int mlx5_get_match_definer_id(struct mlx5_flow_definer *definer); - - struct mlx5_pkt_reformat_params { - int type; -diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h -index d20b5921d4a0..68c17c769ca1 100644 ---- a/include/linux/mlx5/mlx5_ifc.h -+++ b/include/linux/mlx5/mlx5_ifc.h -@@ -94,6 +94,7 @@ enum { - enum { - MLX5_OBJ_TYPE_GENEVE_TLV_OPT = 0x000b, - MLX5_OBJ_TYPE_VIRTIO_NET_Q = 0x000d, -+ MLX5_OBJ_TYPE_MATCH_DEFINER = 0x0018, - MLX5_OBJ_TYPE_MKEY = 0xff01, - MLX5_OBJ_TYPE_QP = 0xff02, - MLX5_OBJ_TYPE_PSV = 0xff03, -@@ -1729,7 +1730,7 @@ struct mlx5_ifc_cmd_hca_cap_bits { - u8 flex_parser_id_outer_first_mpls_over_gre[0x4]; - u8 flex_parser_id_outer_first_mpls_over_udp_label[0x4]; - -- u8 reserved_at_6e0[0x10]; -+ u8 max_num_match_definer[0x10]; - u8 sf_base_id[0x10]; - - u8 flex_parser_id_gtpu_dw_2[0x4]; -@@ -1744,7 +1745,7 @@ struct mlx5_ifc_cmd_hca_cap_bits { - - u8 reserved_at_760[0x20]; - u8 vhca_tunnel_commands[0x40]; -- u8 reserved_at_7c0[0x40]; -+ u8 match_definer_format_supported[0x40]; - }; - - struct mlx5_ifc_cmd_hca_cap_2_bits { -@@ -5629,6 +5630,236 @@ struct mlx5_ifc_query_fte_in_bits { - u8 reserved_at_120[0xe0]; - }; - -+struct mlx5_ifc_match_definer_format_0_bits { -+ u8 reserved_at_0[0x100]; -+ -+ u8 metadata_reg_c_0[0x20]; -+ -+ u8 metadata_reg_c_1[0x20]; -+ -+ u8 outer_dmac_47_16[0x20]; -+ -+ u8 outer_dmac_15_0[0x10]; -+ u8 outer_ethertype[0x10]; -+ -+ u8 reserved_at_180[0x1]; -+ u8 sx_sniffer[0x1]; -+ u8 functional_lb[0x1]; -+ u8 outer_ip_frag[0x1]; -+ u8 outer_qp_type[0x2]; -+ u8 outer_encap_type[0x2]; -+ u8 port_number[0x2]; -+ u8 outer_l3_type[0x2]; -+ u8 outer_l4_type[0x2]; -+ u8 outer_first_vlan_type[0x2]; -+ u8 outer_first_vlan_prio[0x3]; -+ u8 outer_first_vlan_cfi[0x1]; -+ u8 outer_first_vlan_vid[0xc]; -+ -+ u8 outer_l4_type_ext[0x4]; -+ u8 reserved_at_1a4[0x2]; -+ u8 outer_ipsec_layer[0x2]; -+ u8 outer_l2_type[0x2]; -+ u8 force_lb[0x1]; -+ u8 outer_l2_ok[0x1]; -+ u8 outer_l3_ok[0x1]; -+ u8 outer_l4_ok[0x1]; -+ u8 outer_second_vlan_type[0x2]; -+ u8 outer_second_vlan_prio[0x3]; -+ u8 outer_second_vlan_cfi[0x1]; -+ u8 outer_second_vlan_vid[0xc]; -+ -+ u8 outer_smac_47_16[0x20]; -+ -+ u8 outer_smac_15_0[0x10]; -+ u8 inner_ipv4_checksum_ok[0x1]; -+ u8 inner_l4_checksum_ok[0x1]; -+ u8 outer_ipv4_checksum_ok[0x1]; -+ u8 outer_l4_checksum_ok[0x1]; -+ u8 inner_l3_ok[0x1]; -+ u8 inner_l4_ok[0x1]; -+ u8 outer_l3_ok_duplicate[0x1]; -+ u8 outer_l4_ok_duplicate[0x1]; -+ u8 outer_tcp_cwr[0x1]; -+ u8 outer_tcp_ece[0x1]; -+ u8 outer_tcp_urg[0x1]; -+ u8 outer_tcp_ack[0x1]; -+ u8 outer_tcp_psh[0x1]; -+ u8 outer_tcp_rst[0x1]; -+ u8 outer_tcp_syn[0x1]; -+ u8 outer_tcp_fin[0x1]; -+}; -+ -+struct mlx5_ifc_match_definer_format_22_bits { -+ u8 reserved_at_0[0x100]; -+ -+ u8 outer_ip_src_addr[0x20]; -+ -+ u8 outer_ip_dest_addr[0x20]; -+ -+ u8 outer_l4_sport[0x10]; -+ u8 outer_l4_dport[0x10]; -+ -+ u8 reserved_at_160[0x1]; -+ u8 sx_sniffer[0x1]; -+ u8 functional_lb[0x1]; -+ u8 outer_ip_frag[0x1]; -+ u8 outer_qp_type[0x2]; -+ u8 outer_encap_type[0x2]; -+ u8 port_number[0x2]; -+ u8 outer_l3_type[0x2]; -+ u8 outer_l4_type[0x2]; -+ u8 outer_first_vlan_type[0x2]; -+ u8 outer_first_vlan_prio[0x3]; -+ u8 outer_first_vlan_cfi[0x1]; -+ u8 outer_first_vlan_vid[0xc]; -+ -+ u8 metadata_reg_c_0[0x20]; -+ -+ u8 outer_dmac_47_16[0x20]; -+ -+ u8 outer_smac_47_16[0x20]; -+ -+ u8 outer_smac_15_0[0x10]; -+ u8 outer_dmac_15_0[0x10]; -+}; -+ -+struct mlx5_ifc_match_definer_format_23_bits { -+ u8 reserved_at_0[0x100]; -+ -+ u8 inner_ip_src_addr[0x20]; -+ -+ u8 inner_ip_dest_addr[0x20]; -+ -+ u8 inner_l4_sport[0x10]; -+ u8 inner_l4_dport[0x10]; -+ -+ u8 reserved_at_160[0x1]; -+ u8 sx_sniffer[0x1]; -+ u8 functional_lb[0x1]; -+ u8 inner_ip_frag[0x1]; -+ u8 inner_qp_type[0x2]; -+ u8 inner_encap_type[0x2]; -+ u8 port_number[0x2]; -+ u8 inner_l3_type[0x2]; -+ u8 inner_l4_type[0x2]; -+ u8 inner_first_vlan_type[0x2]; -+ u8 inner_first_vlan_prio[0x3]; -+ u8 inner_first_vlan_cfi[0x1]; -+ u8 inner_first_vlan_vid[0xc]; -+ -+ u8 tunnel_header_0[0x20]; -+ -+ u8 inner_dmac_47_16[0x20]; -+ -+ u8 inner_smac_47_16[0x20]; -+ -+ u8 inner_smac_15_0[0x10]; -+ u8 inner_dmac_15_0[0x10]; -+}; -+ -+struct mlx5_ifc_match_definer_format_29_bits { -+ u8 reserved_at_0[0xc0]; -+ -+ u8 outer_ip_dest_addr[0x80]; -+ -+ u8 outer_ip_src_addr[0x80]; -+ -+ u8 outer_l4_sport[0x10]; -+ u8 outer_l4_dport[0x10]; -+ -+ u8 reserved_at_1e0[0x20]; -+}; -+ -+struct mlx5_ifc_match_definer_format_30_bits { -+ u8 reserved_at_0[0xa0]; -+ -+ u8 outer_ip_dest_addr[0x80]; -+ -+ u8 outer_ip_src_addr[0x80]; -+ -+ u8 outer_dmac_47_16[0x20]; -+ -+ u8 outer_smac_47_16[0x20]; -+ -+ u8 outer_smac_15_0[0x10]; -+ u8 outer_dmac_15_0[0x10]; -+}; -+ -+struct mlx5_ifc_match_definer_format_31_bits { -+ u8 reserved_at_0[0xc0]; -+ -+ u8 inner_ip_dest_addr[0x80]; -+ -+ u8 inner_ip_src_addr[0x80]; -+ -+ u8 inner_l4_sport[0x10]; -+ u8 inner_l4_dport[0x10]; -+ -+ u8 reserved_at_1e0[0x20]; -+}; -+ -+struct mlx5_ifc_match_definer_format_32_bits { -+ u8 reserved_at_0[0xa0]; -+ -+ u8 inner_ip_dest_addr[0x80]; -+ -+ u8 inner_ip_src_addr[0x80]; -+ -+ u8 inner_dmac_47_16[0x20]; -+ -+ u8 inner_smac_47_16[0x20]; -+ -+ u8 inner_smac_15_0[0x10]; -+ u8 inner_dmac_15_0[0x10]; -+}; -+ -+struct mlx5_ifc_match_definer_bits { -+ u8 modify_field_select[0x40]; -+ -+ u8 reserved_at_40[0x40]; -+ -+ u8 reserved_at_80[0x10]; -+ u8 format_id[0x10]; -+ -+ u8 reserved_at_a0[0x160]; -+ -+ u8 match_mask[16][0x20]; -+}; -+ -+struct mlx5_ifc_general_obj_in_cmd_hdr_bits { -+ u8 opcode[0x10]; -+ u8 uid[0x10]; -+ -+ u8 vhca_tunnel_id[0x10]; -+ u8 obj_type[0x10]; -+ -+ u8 obj_id[0x20]; -+ -+ u8 reserved_at_60[0x20]; -+}; -+ -+struct mlx5_ifc_general_obj_out_cmd_hdr_bits { -+ u8 status[0x8]; -+ u8 reserved_at_8[0x18]; -+ -+ u8 syndrome[0x20]; -+ -+ u8 obj_id[0x20]; -+ -+ u8 reserved_at_60[0x20]; -+}; -+ -+struct mlx5_ifc_create_match_definer_in_bits { -+ struct mlx5_ifc_general_obj_in_cmd_hdr_bits general_obj_in_cmd_hdr; -+ -+ struct mlx5_ifc_match_definer_bits obj_context; -+}; -+ -+struct mlx5_ifc_create_match_definer_out_bits { -+ struct mlx5_ifc_general_obj_out_cmd_hdr_bits general_obj_out_cmd_hdr; -+}; -+ - enum { - MLX5_QUERY_FLOW_GROUP_OUT_MATCH_CRITERIA_ENABLE_OUTER_HEADERS = 0x0, - MLX5_QUERY_FLOW_GROUP_OUT_MATCH_CRITERIA_ENABLE_MISC_PARAMETERS = 0x1, -@@ -8102,6 +8333,11 @@ struct mlx5_ifc_create_flow_group_out_bits { - u8 reserved_at_60[0x20]; - }; - -+enum { -+ MLX5_CREATE_FLOW_GROUP_IN_GROUP_TYPE_TCAM_SUBTABLE = 0x0, -+ MLX5_CREATE_FLOW_GROUP_IN_GROUP_TYPE_HASH_SPLIT = 0x1, -+}; -+ - enum { - MLX5_CREATE_FLOW_GROUP_IN_MATCH_CRITERIA_ENABLE_OUTER_HEADERS = 0x0, - MLX5_CREATE_FLOW_GROUP_IN_MATCH_CRITERIA_ENABLE_MISC_PARAMETERS = 0x1, -@@ -8123,7 +8359,9 @@ struct mlx5_ifc_create_flow_group_in_bits { - u8 reserved_at_60[0x20]; - - u8 table_type[0x8]; -- u8 reserved_at_88[0x18]; -+ u8 reserved_at_88[0x4]; -+ u8 group_type[0x4]; -+ u8 reserved_at_90[0x10]; - - u8 reserved_at_a0[0x8]; - u8 table_id[0x18]; -@@ -8138,7 +8376,10 @@ struct mlx5_ifc_create_flow_group_in_bits { - - u8 end_flow_index[0x20]; - -- u8 reserved_at_140[0xa0]; -+ u8 reserved_at_140[0x10]; -+ u8 match_definer_id[0x10]; -+ -+ u8 reserved_at_160[0x80]; - - u8 reserved_at_1e0[0x18]; - u8 match_criteria_enable[0x8]; -@@ -10634,29 +10875,6 @@ struct mlx5_ifc_dealloc_memic_out_bits { - u8 reserved_at_40[0x40]; - }; - --struct mlx5_ifc_general_obj_in_cmd_hdr_bits { -- u8 opcode[0x10]; -- u8 uid[0x10]; -- -- u8 vhca_tunnel_id[0x10]; -- u8 obj_type[0x10]; -- -- u8 obj_id[0x20]; -- -- u8 reserved_at_60[0x20]; --}; -- --struct mlx5_ifc_general_obj_out_cmd_hdr_bits { -- u8 status[0x8]; -- u8 reserved_at_8[0x18]; -- -- u8 syndrome[0x20]; -- -- u8 obj_id[0x20]; -- -- u8 reserved_at_60[0x20]; --}; -- - struct mlx5_ifc_umem_bits { - u8 reserved_at_0[0x80]; - --- -2.25.1 - diff --git a/SPECS/kernel-hci/config b/SPECS/kernel-hci/config index e0d9c89a206..e31526e1381 100644 --- a/SPECS/kernel-hci/config +++ b/SPECS/kernel-hci/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.167.1 Kernel Configuration +# Linux/x86_64 5.15.169.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -6760,6 +6760,9 @@ CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEY_DH_OPERATIONS is not set CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y diff --git a/SPECS/kernel-hci/kernel-hci.signatures.json b/SPECS/kernel-hci/kernel-hci.signatures.json index 50e01ad2585..5752e54125e 100644 --- a/SPECS/kernel-hci/kernel-hci.signatures.json +++ b/SPECS/kernel-hci/kernel-hci.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "05cee91e9e1f815e6bf8cebfb5866aeef51e849e41b0c37834d9e0c5a09cea59", - "kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0" + "config": "9a96852f716a0b4c1294e1b6311d07b257f1409c09ca451a4618981657b44d97", + "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" } } diff --git a/SPECS/kernel-hci/kernel-hci.spec b/SPECS/kernel-hci/kernel-hci.spec index 7ad05b0fff0..687cf0bf4a3 100644 --- a/SPECS/kernel-hci/kernel-hci.spec +++ b/SPECS/kernel-hci/kernel-hci.spec @@ -17,7 +17,7 @@ %define config_source %{SOURCE1} Summary: Linux Kernel for HCI Name: kernel-hci -Version: 5.15.167.1 +Version: 5.15.169.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -29,7 +29,6 @@ Source1: config Source2: cbl-mariner-ca-20211013.pem Patch0: 0001-net-mlx5-Support-partial-TTC-rules.patch Patch1: 0002-net-mlx5-Introduce-port-selection-namespace.patch -Patch2: 0003-net-mlx5-Add-support-to-create-match-definer.patch Patch3: 0004-net-mlx5-Introduce-new-uplink-destination-type.patch Patch4: 0005-net-mlx5-Lag-move-lag-files-into-directory.patch Patch5: 0006-net-mlx5-Lag-set-LAG-traffic-type-mapping.patch @@ -230,7 +229,6 @@ manipulation of eBPF programs and maps. %setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-%{version} %patch0 -p1 %patch1 -p1 -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 @@ -547,6 +545,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Sep 18 2024 CBL-Mariner Servicing Account - 5.15.167.1-1 - Auto-upgrade to 5.15.167.1 diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index e96ab9d2c7a..dba5f06ce74 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0" + "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" } } diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 490821e1c1f..24d5a8ba158 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -11,8 +11,8 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.15.167.1 -Release: 2%{?dist} +Version: 5.15.169.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -73,6 +73,9 @@ done %endif %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Oct 23 2024 Rachel Menge - 5.15.167.1-2 - Bump release to match kernel diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 1e78db239c5..7340c7f3092 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.167.1 Kernel Configuration +# Linux/x86_64 5.15.169.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -6806,6 +6806,9 @@ CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEY_DH_OPERATIONS is not set CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index e3e322650bf..14cf327760d 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.167.1 Kernel Configuration +# Linux/arm64 5.15.169.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -8953,6 +8953,9 @@ CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEY_DH_OPERATIONS is not set CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index d5e3b8abb45..718f01bdf2e 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "dc024483419fd8d1df7191058e01d80d7421d1c141f0bfc30f330201abb51ed3", - "config_aarch64": "000300cac16ea745e68e93e1cada7c344518d4e848e287530b2d3f1225b51e05", + "config": "40be0e8793721747449f2b75878d51d7155ce00d179d9df2c07e9c3d695da230", + "config_aarch64": "39f0d1a94147c0d1a8ca7cd0f415f8dd85a6d6cc66855c3f092a4660762114c0", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0" + "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" } } diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index ddd26aec995..abc76fe00db 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -27,8 +27,8 @@ Summary: Linux Kernel Name: kernel -Version: 5.15.167.1 -Release: 2%{?dist} +Version: 5.15.169.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -426,6 +426,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 +- Auto-upgrade to 5.15.169.1 + * Wed Oct 23 2024 Rachel Menge - 5.15.167.1-2 - Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 diff --git a/cgmanifest.json b/cgmanifest.json index b1443813a5e..ea958b126af 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -6540,8 +6540,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.15.167.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.167.1.tar.gz" + "version": "5.15.169.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" } } }, @@ -8121,8 +8121,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.15.167.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.167.1.tar.gz" + "version": "5.15.169.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" } } }, @@ -8131,8 +8131,8 @@ "type": "other", "other": { "name": "kernel-azure", - "version": "5.15.167.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.167.1.tar.gz" + "version": "5.15.169.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" } } }, @@ -8141,8 +8141,8 @@ "type": "other", "other": { "name": "kernel-hci", - "version": "5.15.167.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.167.1.tar.gz" + "version": "5.15.169.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" } } }, @@ -8151,8 +8151,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.15.167.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.167.1.tar.gz" + "version": "5.15.169.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 4c0666c36f5..675c8023e55 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-20.cm2.aarch64.rpm -kernel-headers-5.15.167.1-2.cm2.noarch.rpm +kernel-headers-5.15.169.1-1.cm2.noarch.rpm glibc-2.35-7.cm2.aarch64.rpm glibc-devel-2.35-7.cm2.aarch64.rpm glibc-i18n-2.35-7.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 69d09254f01..019ebe64cfa 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-20.cm2.x86_64.rpm -kernel-headers-5.15.167.1-2.cm2.noarch.rpm +kernel-headers-5.15.169.1-1.cm2.noarch.rpm glibc-2.35-7.cm2.x86_64.rpm glibc-devel-2.35-7.cm2.x86_64.rpm glibc-i18n-2.35-7.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 47837cd8e0e..ecbf006de6e 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.167.1-2.cm2.noarch.rpm +kernel-headers-5.15.169.1-1.cm2.noarch.rpm kmod-29-2.cm2.aarch64.rpm kmod-debuginfo-29-2.cm2.aarch64.rpm kmod-devel-29-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 8ff85ef07e7..9b2b5a256c6 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -141,8 +141,8 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-cross-headers-5.15.167.1-2.cm2.noarch.rpm -kernel-headers-5.15.167.1-2.cm2.noarch.rpm +kernel-cross-headers-5.15.169.1-1.cm2.noarch.rpm +kernel-headers-5.15.169.1-1.cm2.noarch.rpm kmod-29-2.cm2.x86_64.rpm kmod-debuginfo-29-2.cm2.x86_64.rpm kmod-devel-29-2.cm2.x86_64.rpm From d21f097cd4759d2dbf19c22c05e9ca2dd2999737 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Thu, 5 Dec 2024 21:17:20 -0800 Subject: [PATCH 2/4] Fix call to IsSRPMTestActive in new multi build fix (#7992) (#11332) --- toolkit/tools/scheduler/schedulerutils/preparerequest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/tools/scheduler/schedulerutils/preparerequest.go b/toolkit/tools/scheduler/schedulerutils/preparerequest.go index 6529073231f..616fcceb5b5 100644 --- a/toolkit/tools/scheduler/schedulerutils/preparerequest.go +++ b/toolkit/tools/scheduler/schedulerutils/preparerequest.go @@ -182,7 +182,7 @@ func testNodesToRequests(pkgGraph *pkggraph.PkgGraph, buildState *GraphBuildStat srpmFileName := defaultTestNode.SRPMFileName() // Check if we already queued up this build node for building. - if buildState.IsSRPMBuildActive(srpmFileName) || buildState.IsNodeProcessed(defaultTestNode) { + if buildState.IsSRPMTestActive(srpmFileName) || buildState.IsNodeProcessed(defaultTestNode) { err = fmt.Errorf("unexpected duplicate test for (%s)", srpmFileName) // Temporarily ignore the error, this state is unexpected but not fatal. Error return will be // restored later once the underlying cause of this error is fixed. From 41023eb0067b26e437e67e89292f7a2b99b895dc Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Fri, 6 Dec 2024 11:27:23 -0800 Subject: [PATCH 3/4] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.173.1 - branch main (#11333) --- .../kernel-azure-signed.spec | 5 ++++- .../kernel-hci-signed/kernel-hci-signed.spec | 5 ++++- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 ++++- .../hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 5 ++++- SPECS/kernel-azure/config | 2 +- SPECS/kernel-azure/config_aarch64 | 2 +- .../kernel-azure/kernel-azure.signatures.json | 6 +++--- SPECS/kernel-azure/kernel-azure.spec | 5 ++++- SPECS/kernel-hci/config | 2 +- SPECS/kernel-hci/kernel-hci.signatures.json | 4 ++-- SPECS/kernel-hci/kernel-hci.spec | 5 ++++- .../kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 5 ++++- SPECS/kernel/config | 2 +- SPECS/kernel/config_aarch64 | 2 +- SPECS/kernel/kernel.signatures.json | 6 +++--- SPECS/kernel/kernel.spec | 5 ++++- cgmanifest.json | 20 +++++++++---------- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 4 ++-- 23 files changed, 62 insertions(+), 38 deletions(-) diff --git a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec index ca3570c0319..92600960378 100644 --- a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec +++ b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec @@ -9,7 +9,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for Azure Name: kernel-azure-signed-%{buildarch} -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec index e7e59f4e0cd..be643793073 100644 --- a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec +++ b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec @@ -4,7 +4,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for HCI Name: kernel-hci-signed-%{buildarch} -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index d9bd3d6ec90..5d3c210dabb 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,7 +9,7 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index ba4cd1db112..4830a5122f7 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" + "kernel-5.15.173.1.tar.gz": "f1aeb91c86010db1138bdf7b45d06b886fc34e07e554bd3116fac2d6f5d42d54" } } diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 8065cf3b492..b2bb3a69590 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -219,6 +219,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS/kernel-azure/config b/SPECS/kernel-azure/config index c137893bef8..4f8218ab3e6 100644 --- a/SPECS/kernel-azure/config +++ b/SPECS/kernel-azure/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.169.1 Kernel Configuration +# Linux/x86_64 5.15.173.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel-azure/config_aarch64 b/SPECS/kernel-azure/config_aarch64 index ce9286bd26a..9f98b3ca15b 100644 --- a/SPECS/kernel-azure/config_aarch64 +++ b/SPECS/kernel-azure/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.169.1 Kernel Configuration +# Linux/arm64 5.15.173.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel-azure/kernel-azure.signatures.json b/SPECS/kernel-azure/kernel-azure.signatures.json index ed038dda741..77cf5f70d8c 100644 --- a/SPECS/kernel-azure/kernel-azure.signatures.json +++ b/SPECS/kernel-azure/kernel-azure.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "c1a986285c252995287d11b26ff11988ee1a3c471afaf49afcee1bfacf7f7bb1", - "config_aarch64": "4ac4d0d5cb74ba8d975e423209aa0cf68340cd4fc931156aecb11a90591ef255", + "config": "790ebe8deaae330c23bac52ed9c7c243a3863f0d298032fde88324f7911f430f", + "config_aarch64": "91754e5716915767b1f8b7c08738a2f46bb7dbf97ae948711c26f13df86273e6", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" + "kernel-5.15.173.1.tar.gz": "f1aeb91c86010db1138bdf7b45d06b886fc34e07e554bd3116fac2d6f5d42d54" } } diff --git a/SPECS/kernel-azure/kernel-azure.spec b/SPECS/kernel-azure/kernel-azure.spec index 7f65b9f4975..e9f6c7879e7 100644 --- a/SPECS/kernel-azure/kernel-azure.spec +++ b/SPECS/kernel-azure/kernel-azure.spec @@ -27,7 +27,7 @@ Summary: Linux Kernel Name: kernel-azure -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -420,6 +420,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS/kernel-hci/config b/SPECS/kernel-hci/config index e31526e1381..04988781d41 100644 --- a/SPECS/kernel-hci/config +++ b/SPECS/kernel-hci/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.169.1 Kernel Configuration +# Linux/x86_64 5.15.173.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel-hci/kernel-hci.signatures.json b/SPECS/kernel-hci/kernel-hci.signatures.json index 5752e54125e..f5eb0fce4f6 100644 --- a/SPECS/kernel-hci/kernel-hci.signatures.json +++ b/SPECS/kernel-hci/kernel-hci.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "9a96852f716a0b4c1294e1b6311d07b257f1409c09ca451a4618981657b44d97", - "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" + "config": "704a1adab01a34f73cb92080fc48122b6e1c4baa67ea6fd84a94f6b1df2e1065", + "kernel-5.15.173.1.tar.gz": "f1aeb91c86010db1138bdf7b45d06b886fc34e07e554bd3116fac2d6f5d42d54" } } diff --git a/SPECS/kernel-hci/kernel-hci.spec b/SPECS/kernel-hci/kernel-hci.spec index 687cf0bf4a3..ecc2ed9cbf1 100644 --- a/SPECS/kernel-hci/kernel-hci.spec +++ b/SPECS/kernel-hci/kernel-hci.spec @@ -17,7 +17,7 @@ %define config_source %{SOURCE1} Summary: Linux Kernel for HCI Name: kernel-hci -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -545,6 +545,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index dba5f06ce74..0b4e6f51d88 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" + "kernel-5.15.173.1.tar.gz": "f1aeb91c86010db1138bdf7b45d06b886fc34e07e554bd3116fac2d6f5d42d54" } } diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 24d5a8ba158..209b15b991a 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -11,7 +11,7 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -73,6 +73,9 @@ done %endif %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/SPECS/kernel/config b/SPECS/kernel/config index 7340c7f3092..2dded1e7b7f 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.169.1 Kernel Configuration +# Linux/x86_64 5.15.173.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 14cf327760d..56e43ba77e7 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.169.1 Kernel Configuration +# Linux/arm64 5.15.173.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 718f01bdf2e..6eeba3241bb 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "40be0e8793721747449f2b75878d51d7155ce00d179d9df2c07e9c3d695da230", - "config_aarch64": "39f0d1a94147c0d1a8ca7cd0f415f8dd85a6d6cc66855c3f092a4660762114c0", + "config": "b76588ba8d87b4f123c63c6efa445611003d4ad13772099ee69c8c42e8791db2", + "config_aarch64": "29096b8a09733344d63d9e883147179005ead9c10ebf6b561c1b4057e5087f4b", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-5.15.169.1.tar.gz": "44bc7ddb0ec7357e64b03db42f9a77fbe31e23c8dac488479851330af2d690be" + "kernel-5.15.173.1.tar.gz": "f1aeb91c86010db1138bdf7b45d06b886fc34e07e554bd3116fac2d6f5d42d54" } } diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index abc76fe00db..d53d23df4dc 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -27,7 +27,7 @@ Summary: Linux Kernel Name: kernel -Version: 5.15.169.1 +Version: 5.15.173.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation @@ -426,6 +426,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Fri Dec 06 2024 CBL-Mariner Servicing Account - 5.15.173.1-1 +- Auto-upgrade to 5.15.173.1 + * Thu Dec 05 2024 CBL-Mariner Servicing Account - 5.15.169.1-1 - Auto-upgrade to 5.15.169.1 diff --git a/cgmanifest.json b/cgmanifest.json index ea958b126af..39cdbc5ed09 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -6540,8 +6540,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.15.169.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" + "version": "5.15.173.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.173.1.tar.gz" } } }, @@ -8121,8 +8121,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.15.169.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" + "version": "5.15.173.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.173.1.tar.gz" } } }, @@ -8131,8 +8131,8 @@ "type": "other", "other": { "name": "kernel-azure", - "version": "5.15.169.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" + "version": "5.15.173.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.173.1.tar.gz" } } }, @@ -8141,8 +8141,8 @@ "type": "other", "other": { "name": "kernel-hci", - "version": "5.15.169.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" + "version": "5.15.173.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.173.1.tar.gz" } } }, @@ -8151,8 +8151,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.15.169.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.169.1.tar.gz" + "version": "5.15.173.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.173.1.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 675c8023e55..ed3d7da0965 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-20.cm2.aarch64.rpm -kernel-headers-5.15.169.1-1.cm2.noarch.rpm +kernel-headers-5.15.173.1-1.cm2.noarch.rpm glibc-2.35-7.cm2.aarch64.rpm glibc-devel-2.35-7.cm2.aarch64.rpm glibc-i18n-2.35-7.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 019ebe64cfa..d034af1a99f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-20.cm2.x86_64.rpm -kernel-headers-5.15.169.1-1.cm2.noarch.rpm +kernel-headers-5.15.173.1-1.cm2.noarch.rpm glibc-2.35-7.cm2.x86_64.rpm glibc-devel-2.35-7.cm2.x86_64.rpm glibc-i18n-2.35-7.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index ecbf006de6e..51a272a009f 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.169.1-1.cm2.noarch.rpm +kernel-headers-5.15.173.1-1.cm2.noarch.rpm kmod-29-2.cm2.aarch64.rpm kmod-debuginfo-29-2.cm2.aarch64.rpm kmod-devel-29-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 9b2b5a256c6..d088745e913 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -141,8 +141,8 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-cross-headers-5.15.169.1-1.cm2.noarch.rpm -kernel-headers-5.15.169.1-1.cm2.noarch.rpm +kernel-cross-headers-5.15.173.1-1.cm2.noarch.rpm +kernel-headers-5.15.173.1-1.cm2.noarch.rpm kmod-29-2.cm2.x86_64.rpm kmod-debuginfo-29-2.cm2.x86_64.rpm kmod-devel-29-2.cm2.x86_64.rpm From 0fe0c32119dd3a5c7a958a0187dfac7d3ae63d0d Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sat, 7 Dec 2024 17:12:19 -0800 Subject: [PATCH 4/4] [AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade php to 8.1.31to fix multiple CVEs - branch main (#11345) --- SPECS/php/php.signatures.json | 2 +- SPECS/php/php.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/php/php.signatures.json b/SPECS/php/php.signatures.json index 38ef7214772..bbfabdfc901 100644 --- a/SPECS/php/php.signatures.json +++ b/SPECS/php/php.signatures.json @@ -14,6 +14,6 @@ "php.conf": "e2388be032eccf7c0197d597ba72259a095bf8434438a184e6a640edb4b59de2", "php.ini": "8fd5a4d891c19320c07010fbbbac982c886b422bc8d062acaeae49d70c136fc8", "php.modconf": "dc7303ea584452d2f742d002a648abe74905025aabf240259c7e8bd01746d278", - "php-8.1.30.tar.xz": "f24a6007f0b25a53cb7fbaee69c85017e0345b62089c2425a0afb7e177192ed1" + "php-8.1.31.tar.xz": "c4f244d46ba51c72f7d13d4f66ce6a9e9a8d6b669c51be35e01765ba58e7afca" } } diff --git a/SPECS/php/php.spec b/SPECS/php/php.spec index dd8cb3b4f54..d7395dc8177 100644 --- a/SPECS/php/php.spec +++ b/SPECS/php/php.spec @@ -32,7 +32,7 @@ %global with_qdbm 0 Summary: PHP scripting language for creating dynamic web sites Name: php -Version: 8.1.30 +Version: 8.1.31 Release: 1%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend @@ -1516,6 +1516,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %dir %{_datadir}/php/preload %changelog +* Wed Dec 04 2024 CBL-Mariner Servicing Account - 8.1.31-1 +- Auto-upgrade to 8.1.31 - Fix CVE-2024-8932, CVE-2024-8929, CVE-2024-11234, CVE-2024-11233, CVE-2024-11236 + * Mon Oct 21 2024 CBL-Mariner Servicing Account - 8.1.30-1 - Auto-upgrade to 8.1.30 - CVE-2024-8927, CVE-2024-8925 diff --git a/cgmanifest.json b/cgmanifest.json index 39cdbc5ed09..303e49f60d3 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -21114,8 +21114,8 @@ "type": "other", "other": { "name": "php", - "version": "8.1.30", - "downloadUrl": "https://www.php.net/distributions/php-8.1.30.tar.xz" + "version": "8.1.31", + "downloadUrl": "https://www.php.net/distributions/php-8.1.31.tar.xz" } } },