[5.14.0-70.17.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.17.1_0.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Remove nmap references from kernel [Orabug: 34313944] [5.14.0-70.17.1_0] - netfilter: nf_tables: disallow non-stateful expression in sets earlier [2092994 2092995] {CVE-2022-1966} - thunderx nic: mark device as unmaintained [2092638 2060285] - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init [2092255 2067770] - perf: Fix sys_perf_event_open race against self [2087963 2087964] {CVE-2022-1729} - spec: Fix separate tools build [2090852 2054579] - mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu [2086963 2033500] [5.14.0-70.16.1_0] - dm integrity: fix memory corruption when tag_size is less than digest size [2082187 2081778] [5.14.0-70.15.1_0] - CI: Use zstream builder image - tcp: drop the hash_32 part from the index calculation [2087128 2064868] {CVE-2022-1012} - tcp: increase source port perturb table to 2^16 [2087128 2064868] {CVE-2022-1012} - tcp: dynamically allocate the perturb table used by source ports [2087128 2064868] {CVE-2022-1012} - tcp: add small random increments to the source port [2087128 2064868] {CVE-2022-1012} - tcp: resalt the secret every 10 seconds [2087128 2064868] {CVE-2022-1012} - tcp: use different parts of the port_offset for index and offset [2087128 2064868] {CVE-2022-1012} - secure_seq: use the 64 bits of the siphash for port offset calculation [2087128 2064868] {CVE-2022-1012} - Revert "netfilter: conntrack: tag conntracks picked up in local out hook" [2085480 2061850] - Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" [2085480 2061850] - redhat/koji/Makefile: Decouple koji Makefile from Makefile.common - redhat: fix make {distg-brew,distg-koji} - esp: limit skb_page_frag_refill use to a single page [2082950 2082951] {CVE-2022-27666} - esp: Fix possible buffer overflow in ESP transformation [2082950 2082951] {CVE-2022-27666} - sctp: use the correct skb for security_sctp_assoc_request [2084044 2078856] - security: implement sctp_assoc_established hook in selinux [2084044 2078856] - security: add sctp_assoc_established hook [2084044 2078856] - security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce [2084044 2078856] - security: pass asoc to sctp_assoc_request and sctp_sk_clone [2084044 2078856] [5.14.0-70.14.1_0] - PCI: hv: Propagate coherence from VMbus device to PCI device [2074830 2068432] - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device [2074830 2068432] - redhat: rpminspect: disable "patches" check for known empty patch files - redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins [2072643 2070624] - CI: Drop baseline runs