[4.18.0-305.7.1.el8_4.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15-11.0.5.el8 [4.18.0-305.7.1.el8_4] - net: zero-initialize tc skb extension on allocation [1965457 1946986] - net/sched: cls_flower: fix only mask bit check in the validate_ct_state [1965457 1946986] - net: cls_api: Fix uninitialised struct field bo-unlocked_driver_cb [1965457 1946986] - net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct [1965457 1946986] - net/sched: cls_flower: validate ct_state for invalid and reply flags [1965457 1946986] - flow_dissector: fix TTL and TOS dissection on IPv4 fragments [1963952 1950288] - Revert sctp: Fix SHUTDOWN CTSN Ack in the peer restart case [1965632 1953839] - sctp: do asoc update earlier in sctp_sf_do_dupcook_b [1965632 1953839] - sctp: do asoc update earlier in sctp_sf_do_dupcook_a [1965632 1953839] - Bluetooth: verify AMP hci_chan before amp_destroy [1962544 1962546] {CVE-2021-33034} - x86/kvm: Unify kvm_pv_guest_cpu_reboot with kvm_guest_cpu_offline [1964930 1934273] - x86/kvm: Disable all PV features on crash [1964930 1934273] - x86/kvm: Disable kvmclock on all CPUs on shutdown [1964930 1934273] - x86/kvm: Teardown PV features on boot CPU as well [1964930 1934273] - x86/kvm: Fix pr_info for async PF setup/teardown [1964930 1934273] - net/sched: act_ct: Fix ct template allocation for zone 0 [1965150 1881824] [4.18.0-305.6.1.el8_4] - openvswitch: fix stack OOB read while fragmenting IPv4 packets [1963940 1924608] - net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets [1963940 1924608] - net/sched: act_ct: fix wild memory access when clearing fragments [1963940 1924608] - net: Treat __napi_schedule_irqoff as __napi_schedule on PREEMPT_RT - redhat/configs: Add CONFIG_SYSTEM_REVOCATION_KEYS and CONFIG_SYSTEM_REVOCATION_LIST [1965270 1893793] {CVE-2020-26541} - certs: add "x509_revocation_list" to gitignore [1965270 1893793] {CVE-2020-26541} - integrity: Load mokx variables into the blacklist keyring [1965270 1893793] {CVE-2020-26541} - certs: Add ability to preload revocation certs [1965270 1893793] {CVE-2020-26541} - certs: Move load_system_certificate_list to a common function [1965270 1893793] {CVE-2020-26541} - certs: Add EFI_CERT_X509_GUID support for dbx entries [1965270 1893793] {CVE-2020-26541} - net/sched: cls_api: increase max_reclassify_loop [1965148 1955136] - dm writecache: fix performance degradation in ssd mode [1962241 1961859] - scsi: fnic: Use scsi_host_busy_iter to traverse commands [1961705 1949250] - scsi: fnic: Kill "exclude_id" argument to fnic_cleanup_io [1961705 1949250] [4.18.0-305.5.1.el8_4] - gfs2: report already frozen/thawed errors [1961849 1932236] - gfs2: move freeze glock outside the make_fs_rw and _ro functions [1961849 1932236] - gfs2: Add common helper for holding and releasing the freeze glock [1961849 1932236] - gfs2: in signal_our_withdraw wait for unfreeze of _this_ fs only [1961849 1932236] - gfs2: Don"t freeze the file system during unmount [1961849 1932236] - gfs2: Fix regression in freeze_go_sync [1961849 1932236] - gfs2: The freeze glock should never be frozen [1961849 1932236] - gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE [1961849 1932236] - gfs2: read-only mounts should grab the sd_freeze_gl glock [1961849 1932236] - gfs2: freeze should work on read-only mounts [1961849 1932236] - gfs2: Abort gfs2_freeze if io error is seen [1961849 1932236] - CI: Disable result checking for realtime check - CI: Explicitly disable result checking for private CI - CI: Rename variable - CI: Update builder containers [4.18.0-305.4.1.el8_4] - vmxnet3: Set the default of vxlan overlay offload to disabled [1960702 1941714]