diff --git a/.gitignore b/.gitignore index 6d79607..a0c9afb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.111.1.rt7.452.el8_10.tar.xz +SOURCES/linux-4.18.0-553.112.1.rt7.453.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index c394175..0285910 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -213f9df5dd43fbdd954d8a515e121103b58470d7 SOURCES/linux-4.18.0-553.111.1.rt7.452.el8_10.tar.xz +cfdfaf08e5b616bf06c030a5ec4bd3f92b2d9fae SOURCES/linux-4.18.0-553.112.1.rt7.453.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 787209c..d85184a 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.111.1.rt7.452.el8_10 +%define pkgrelease 553.112.1.rt7.453.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.111.1.rt7.452%{?dist} +%define specrelease 553.112.1.rt7.453%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .452 +%global rtbuild .453 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2708,6 +2708,121 @@ fi # # %changelog +* Thu Mar 05 2026 CKI KWF Bot [4.18.0-553.112.1.rt7.453.el8_10] +- smb: client: handle lack of IPC in dfs_cache_refresh() (Paulo Alcantara) [RHEL-138235] +- smb: client: allow parsing zero-length AV pairs (Paulo Alcantara) [RHEL-138235] +- cifs: reduce warning log level for server not advertising interfaces (Paulo Alcantara) [RHEL-138235] +- smb: client: Fix match_session bug preventing session reuse (Paulo Alcantara) [RHEL-138235] +- smb: client: get rid of kstrdup() in get_ses_refpath() (Paulo Alcantara) [RHEL-138235] +- smb: client: fix noisy when tree connecting to DFS interlink targets (Paulo Alcantara) [RHEL-138235] +- smb: client: don't trust DFSREF_STORAGE_SERVER bit (Paulo Alcantara) [RHEL-138235] +- smb: client: don't check for @leaf_fullpath in match_server() (Paulo Alcantara) [RHEL-138235] +- smb: client: get rid of TCP_Server_Info::refpath_lock (Paulo Alcantara) [RHEL-138235] +- smb: client: don't retry DFS targets on server shutdown (Paulo Alcantara) [RHEL-138235] +- smb: client: fix return value of parse_dfs_referrals() (Paulo Alcantara) [RHEL-138235] +- smb: client: optimize referral walk on failed link targets (Paulo Alcantara) [RHEL-138235] +- smb: client: provide dns_resolve_{unc,name} helpers (Paulo Alcantara) [RHEL-138235] +- smb: client: parse DNS domain name from domain= option (Paulo Alcantara) [RHEL-138235] +- smb: client: fix DFS mount against old servers with NTLMSSP (Paulo Alcantara) [RHEL-138235] +- smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (Paulo Alcantara) [RHEL-138235] +- smb: client: introduce av_for_each_entry() helper (Paulo Alcantara) [RHEL-138235] +- smb: client: fix double free of TCP_Server_Info::hostname (Paulo Alcantara) [RHEL-138235] {CVE-2025-21673} +- smb: client: fix potential race in cifs_put_tcon() (Paulo Alcantara) [RHEL-138235] +- smb: client: fix noisy message when mounting shares (Paulo Alcantara) [RHEL-138235] +- smb: client: don't try following DFS links in cifs_tree_connect() (Paulo Alcantara) [RHEL-138235] +- smb: client: allow reconnect when sending ioctl (Paulo Alcantara) [RHEL-138235] +- smb: client: get rid of @nlsc param in cifs_tree_connect() (Paulo Alcantara) [RHEL-138235] +- smb: client: allow more DFS referrals to be cached (Paulo Alcantara) [RHEL-138235] +- smb: client: propagate error from cifs_construct_tcon() (Paulo Alcantara) [RHEL-138235] +- smb: client: fix DFS failover in multiuser mounts (Paulo Alcantara) [RHEL-138235] +- smb: client: fix DFS interlink failover (Paulo Alcantara) [RHEL-138235] +- smb: client: improve purging of cached referrals (Paulo Alcantara) [RHEL-138235] +- smb: client: avoid unnecessary reconnects when refreshing referrals (Paulo Alcantara) [RHEL-138235] +- smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex (Paulo Alcantara) [RHEL-138235] +- smb: client: handle DFS tcons in cifs_construct_tcon() (Paulo Alcantara) [RHEL-138235] +- smb: client: refresh referral without acquiring refpath_lock (Paulo Alcantara) [RHEL-138235] +- smb: client: guarantee refcounted children from parent session (Paulo Alcantara) [RHEL-138235] {CVE-2024-35869} +- smb: client: set correct id, uid and cruid for multiuser automounts (Paulo Alcantara) [RHEL-138235] {CVE-2024-26822} +- cifs: change tcon status when need_reconnect is set on it (Paulo Alcantara) [RHEL-138235] +- smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) [RHEL-138235] +- smb: client: fix mount when dns_resolver key is not available (Paulo Alcantara) [RHEL-138235] +- smb: client: get rid of dfs code dep in namespace.c (Paulo Alcantara) [RHEL-138235] +- smb: client: get rid of dfs naming in automount code (Paulo Alcantara) [RHEL-138235] +- smb: client: rename cifs_dfs_ref.c to namespace.c (Paulo Alcantara) [RHEL-138235] +- smb: client: ensure to try all targets when finding nested links (Paulo Alcantara) [RHEL-138235] +- smb: client: introduce DFS_CACHE_TGT_LIST() (Paulo Alcantara) [RHEL-138235] +- smb: client: fix null auth (Paulo Alcantara) [RHEL-138235] +- smb: client: fix dfs link mount against w2k8 (Paulo Alcantara) [RHEL-138235] +- cifs: fix charset issue in reconnection (Paulo Alcantara) [RHEL-138235] +- smb: client: fix missed ses refcounting (Paulo Alcantara) [RHEL-138235] {CVE-2023-54076} +- fs/nls: make load_nls() take a const parameter (Paulo Alcantara) [RHEL-138235] +- smb: client: remove redundant pointer 'server' (Paulo Alcantara) [RHEL-138235] +- smb: client: improve DFS mount check (Paulo Alcantara) [RHEL-138235] +- smb: client: fix shared DFS root mounts with different prefixes (Paulo Alcantara) [RHEL-138235] +- smb: client: fix parsing of source mount option (Paulo Alcantara) [RHEL-138235] +- smb: client: fix warning in cifs_match_super() (Paulo Alcantara) [RHEL-138235] +- cifs: fix max_credits implementation (Paulo Alcantara) [RHEL-138235] +- cifs: fix sockaddr comparison in iface_cmp (Paulo Alcantara) [RHEL-138235] +- cifs: fix status checks in cifs_tree_connect (Paulo Alcantara) [RHEL-138235] +- cifs: fix smb1 mount regression (Paulo Alcantara) [RHEL-138235] +- cifs: fix sharing of DFS connections (Paulo Alcantara) [RHEL-138235] +- cifs: avoid potential races when handling multiple dfs tcons (Paulo Alcantara) [RHEL-138235] +- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (Paulo Alcantara) [RHEL-138235] +- cifs: avoid dup prefix path in dfs_get_automount_devname() (Paulo Alcantara) [RHEL-138235] +- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (Paulo Alcantara) [RHEL-138235] {CVE-2023-53246} +- smb3: fix unusable share after force unmount failure (Paulo Alcantara) [RHEL-138235] +- cifs: check only tcon status on tcon related functions (Paulo Alcantara) [RHEL-138235] +- cifs: return DFS root session id in DebugData (Paulo Alcantara) [RHEL-138235] +- cifs: fix use-after-free bug in refresh_cache_worker() (Paulo Alcantara) [RHEL-138235] {CVE-2023-53052} +- cifs: set DFS root session in cifs_get_smb_ses() (Paulo Alcantara) [RHEL-138235] +- cifs: remove unused function (Paulo Alcantara) [RHEL-138235] +- cifs: remove duplicate code in __refresh_tcon() (Paulo Alcantara) [RHEL-138235] +- cifs: remove redundant assignment to the variable match (Paulo Alcantara) [RHEL-138235] +- cifs: use origin fullpath for automounts (Paulo Alcantara) [RHEL-138235] +- cifs: fix source pathname comparison of dfs supers (Paulo Alcantara) [RHEL-138235] +- cifs: fix confusing debug message (Paulo Alcantara) [RHEL-138235] +- cifs: don't block in dfs_cache_noreq_update_tgthint() (Paulo Alcantara) [RHEL-138235] +- cifs: refresh root referrals (Paulo Alcantara) [RHEL-138235] +- cifs: fix refresh of cached referrals (Paulo Alcantara) [RHEL-138235] +- cifs: share dfs connections and supers (Paulo Alcantara) [RHEL-138235] +- cifs: split out ses and tcon retrieval from mount_get_conns() (Paulo Alcantara) [RHEL-138235] +- cifs: set resolved ip in sockaddr (Paulo Alcantara) [RHEL-138235] +- cifs: remove unused smb3_fs_context::mount_options (Paulo Alcantara) [RHEL-138235] +- cifs: get rid of mount options string parsing (Paulo Alcantara) [RHEL-138235] +- cifs: use fs_context for automounts (Paulo Alcantara) [RHEL-138235] +- cifs: remove various function description warnings (Paulo Alcantara) [RHEL-138235] +- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Select which microcode patch to load (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Add more known models to entry sign checking (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Limit Entrysign signature checking to known generations (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Use sha256() instead of init/update/final (Waiman Long) [RHEL-132479] +- x86/microcode: Fix Entrysign revision check for Zen1/Naples (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Handle the case of no BIOS microcode (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Add some forgotten models to the SHA check (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Load only SHA256-checksummed patches (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Add get_patch_level() (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Have __apply_microcode_amd() return bool (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Flush patch buffer mapping after application (Waiman Long) [RHEL-132479] +- x86/mm: Carve out INVLPG inline asm for use by others (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Split load_microcode_amd() (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Pay attention to the stepping dynamically (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (Waiman Long) [RHEL-132479] +- x86/microcode/amd: Cache builtin microcode too (Waiman Long) [RHEL-132479] +- x86/microcode/amd: Use correct per CPU ucode_cpu_info (Waiman Long) [RHEL-132479] +- x86/microcode/amd: Remove X86_32 specific code in early_apply_microcode() & get_builtin_microcode() (Waiman Long) [RHEL-132479] +- x86/microcode: Move core specific defines to local header (Waiman Long) [RHEL-132479] +- x86/microcode/intel: Rename get_datasize() since its used externally (Waiman Long) [RHEL-132479] +- x86/microcode: Make reload_early_microcode() static (Waiman Long) [RHEL-132479] +- x86/microcode: Include vendor headers into microcode.h (Waiman Long) [RHEL-132479] +- x86/microcode/intel: Move microcode functions out of cpu/intel.c (Waiman Long) [RHEL-132479] +- x86/microcode/AMD: Get rid of __find_equiv_id() (Waiman Long) [RHEL-132479] +- x86/microcode: Add explicit CPU vendor dependency (Waiman Long) [RHEL-132479] + * Sat Feb 28 2026 CKI KWF Bot [4.18.0-553.111.1.rt7.452.el8_10] - macvlan: fix possible UAF in macvlan_forward_source() (Hangbin Liu) [RHEL-144120] {CVE-2026-23001}