From 19514e73f2c7c76329af88188bd52bed33a8d5d2 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Mon, 15 Sep 2025 00:07:25 +0200
Subject: [PATCH] kernel-rt-4.18.0-553.76.1.rt7.417.el8_10

* Mon Sep 15 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.76.1.rt7.417.el8_10]
- HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498}
- xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193]
- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461}
Resolves: RHEL-104193, RHEL-105991, RHEL-107299, RHEL-111027

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel.spec | 16 +++++++++++++---
 sources     |  2 +-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index 7eb7357..f8ac5d1 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.75.1.rt7.416.el8_10
+%define pkgrelease 553.76.1.rt7.417.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.75.1.rt7.416%{?dist}
+%define specrelease 553.76.1.rt7.417%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .416
+%global rtbuild .417
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2708,6 +2708,16 @@ fi
 #
 #
 %changelog
+* Mon Sep 15 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.76.1.rt7.417.el8_10]
+- HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
+- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498}
+- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498}
+- xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193]
+- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461}
+
 * Tue Sep 09 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.75.1.rt7.416.el8_10]
 - Revert "module, async: async_synchronize_full() on module init iff async is used" (Herton R. Krzesinski) [RHEL-99812]
 - mm/page_alloc: make sure free_pcppages_bulk() bails when given count < 0 (Rafael Aquini) [RHEL-85453]
diff --git a/sources b/sources
index 13107ad..102ee56 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.75.1.rt7.416.el8_10.tar.xz) = fb11f924e3cb0392c0e19bba123acd99ccd0bbec071088c04ac009b35a91eeaa99bcb1158f5bcb5743673a4f4e7abab3f24077f987467d0d18ad19e3e3e44e8e
+SHA512 (linux-4.18.0-553.76.1.rt7.417.el8_10.tar.xz) = 9a7cb0f72cda88d112e619de19a8132b2cb154bbf3c35b5e51b0028e6b0816bb86f75aaa8376bcf1700cd110a2003f88dfb411e77812001a9f76ab406a3a98a8