kernel security and bug fix update

[4.18.0-305.3.1_4.OL8]

• Update Oracle Linux certificates (Kevin Lyons)
• Disable signing for aarch64 (Ilya Okomin)
• Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
• Update x509.genkey [Orabug: 24817676]
• Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
  [4.18.0-305.3.1_4]
• Revert ‘uio: use request_threaded_irq instead’ (Vitaly Kuznetsov) [1952952 1946644]
• drm/ast: Set format registers in primary plane’s update (Lyude Paul) [1952900 1923857]
• net/sched: act_ct: clear post_ct if doing ct_clear (Marcelo Ricardo Leitner) [1956458 1941889]
• md/raid1: properly indicate failure when ending a failed write request (Nigel Croxon) [1955188 1954588]
• nitro_enclaves: Fix stale file descriptors on failed usercopy (Vitaly Kuznetsov) [1956379 1953717]
  [4.18.0-305.2.1_4]
• net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP (Alaa Hleihel) [1952061 1936742]
• net/mlx5e: Reject tc rules which redirect from a VF to itself (Alaa Hleihel) [1952065 1932839]
• net/mlx5: CT: Add support for matching on ct_state inv and rel flags (Alaa Hleihel) [1952062 1942681]
• KVM: VMX: Don’t use vcpu->run->internal.ndata as an array index (Jon Maloy) [1954221 1954219]
• tools/power turbostat: Revert ‘[tools] tools/power turbostat: Enable accumulate RAPL display’ (Prarit Bhargava) [1952987 1944699]
  [4.18.0-305.1.1_4]
• ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (Jaroslav Kysela) [1954545 1870724]
• ALSA: usb-audio: fix use after free in usb_audio_disconnect (Jaroslav Kysela) [1954545 1870724]
• ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (Jaroslav Kysela) [1954545 1870724]
• selinux: fix deadlock in security_set_bools() (Ondrej Mosnacek) [1945123 1924230]
• geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (Antoine Tenart) [1944667 1941753]
• vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply (Antoine Tenart) [1944667 1941753]
• redhat: switch to zstream (Jan Stancek)