[4.18.0-305.17.1.el8_4.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15-11.0.5.el8 [4.18.0-305.17.1.el8_4] - ucounts: Move max_time_namespace according to ucount_type [1998002 1982954] - netfilter: conntrack: remove offload_pickup sysctl again [1995555 1987101] - netfilter: flowtable: Set offload timeouts according to proto values [1995554 1979184] - netfilter: conntrack: Introduce udp offload timeout configuration [1995554 1979184] - netfilter: conntrack: Introduce tcp offload timeout configuration [1995554 1979184] - powerpc/64s: Fix crashes when toggling stf barrier [1989174 1964484] - iavf: fix locking of critical sections [1997534 1975245] - iavf: do not override the adapter state in the watchdog task [1997534 1975245] [4.18.0-305.16.1.el8_4] - kernfs: dont call d_splice_alias under kernfs node lock [1994879 1939133] - kernfs: use i_lock to protect concurrent inode updates [1994879 1939133] - kernfs: switch kernfs to use an rwsem [1994879 1939133] - kernfs: use VFS negative dentry caching [1994879 1939133] - kernfs: add a revision to identify directory node changes [1994879 1939133] - kernfs: move revalidate to be near lookup [1994879 1939133] - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery [1948608 1923762] - net: sched: act_mirred: Reset ct info when mirror/redirect skb [1992226 1980532] - usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI [1993894 1972139] - usb: ehci: do not initialise static variables [1993894 1972139] - usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core [1993894 1972139] - USB: ehci: drop workaround for forced irq threading [1993894 1972139] - usb: ehci: add spurious flag to disable overcurrent checking [1993894 1972139] - NFS: Only change the cookie verifier if the directory page cache is empty [1993895 1982825] - NFS: Fix handling of cookie verifier in uncached_readdir [1993895 1982825] - nfs: Subsequent READDIR calls should carry non-zero cookieverifier [1993895 1982825] - KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow [1988225 1988226] {CVE-2021-37576} [4.18.0-305.15.1.el8_4] - sched: Fix data-race in wakeup [1987296 1937103] - mm/page_alloc: bail out on fatal signal during reclaim/compaction retry attempt [1984085 1919765] - sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base [1990404 1969751] [4.18.0-305.14.1.el8_4] - tick/nohz: Kick only _queued_ task whose tick dependency is updated [1981336 1922901] - tick/nohz: Change signal tick dependency to wake up CPUs of member tasks [1981336 1922901] - tick/nohz: Only wake up a single target cpu when kicking a task [1981336 1922901] - tick/nohz: Narrow down noise while setting current task"s tick dependency [1981336 1922901] - mlx5: net: zero-initialize tc skb extension on allocation [1982220 1965418] - scsi: qedf: Update the max_id value in host structure [1989097 1954876] - scsi: qla2xxx: Reserve extra IRQ vectors [1986156 1964834] [4.18.0-305.13.1.el8_4] - xfrm: Fix wraparound in xfrm_policy_addr_delta [1981840 1951965] - VMCI: Release resource if the work is already queued [1982042 1978518]