kernel-rt-4.18.0-553.25.1.rt7.366.el8_10

* Wed Oct 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.25.1.rt7.366.el8_10]
- [rt] build kernel-rt-4.18.0-553.25.1.rt7.366.el8_10 [RHEL-59541]
- cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052]
- cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052]
- cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052]
- smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052]
- smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052]
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052]
- cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052]
- cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052]
- cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052]
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052]
- cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052]
- cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052]
- Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix unix perm bits to cifsacl conversion for "other" bits. (Paulo Alcantara) [RHEL-56052]
- drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttilä) [RHEL-53633] {CVE-2024-41092}
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
- of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
Resolves: RHEL-59541, RHEL-55003, RHEL-53636, RHEL-51554, RHEL-44268

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>

kernel.spec

@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.24.1.rt7.365.el8_10
+%define pkgrelease 553.25.1.rt7.366.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.24.1.rt7.365%{?dist}
+%define specrelease 553.25.1.rt7.366%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .365
+%global rtbuild .366
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,31 @@ fi
 #
 #
 %changelog
+* Wed Oct 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.25.1.rt7.366.el8_10]
+- [rt] build kernel-rt-4.18.0-553.25.1.rt7.366.el8_10 [RHEL-59541]
+- cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052]
+- cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052]
+- cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052]
+- smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052]
+- smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052]
+- cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052]
+- cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052]
+- cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052]
+- cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052]
+- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052]
+- cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052]
+- cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052]
+- cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052]
+- Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
+- SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
+- cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052]
+- cifs: Fix unix perm bits to cifsacl conversion for "other" bits. (Paulo Alcantara) [RHEL-56052]
+- drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttilä) [RHEL-53633] {CVE-2024-41092}
+- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224]
+- kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
+- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
+- of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
+
 * Wed Sep 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.24.1.rt7.365.el8_10]
 - [rt] build kernel-rt-4.18.0-553.24.1.rt7.365.el8_10 [RHEL-59541]
 - cifs: do not set WorkstationName in NTLMSSP auth blob (Paulo Alcantara) [RHEL-56729]

sources

@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.24.1.rt7.365.el8_10.tar.xz) = 0410646fa7f3caa01bae79be185f68303ca29b379ae2cbfaa80462f00b92472d5b71c8bf2ca8080498d1e8d88555932e157df8cd6ac91800ce93538ca9def896
+SHA512 (linux-4.18.0-553.25.1.rt7.366.el8_10.tar.xz) = d5970b6c47a99a8f4fa9d3e50f669271a8ab031c1471519b5e349f7d238c9bcff96e5165d3c56efce72a56141f61203f7a33b4ca53cf72587c5d0ea59cd89cc1