From 423b8d22e28c1b7c3247760f4cbe39acef4b1aa2 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 25 Jun 2025 10:14:30 +0000
Subject: [PATCH] Import from CS git

---
 .gitignore          |  2 +-
 .kernel-rt.metadata |  2 +-
 SPECS/kernel.spec   | 65 ++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 64 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 41147a5..13c2f7b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-553.56.1.rt7.397.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.58.1.rt7.399.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 200b11d..6388832 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-00b9d6e0f3fd272d1f9e1bb6b5692d94338c51e0 SOURCES/linux-4.18.0-553.56.1.rt7.397.el8_10.tar.xz
+2710f71103eed27824125b6ae978b296d563a65f SOURCES/linux-4.18.0-553.58.1.rt7.399.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 8e8d241..795a511 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.56.1.rt7.397.el8_10
+%define pkgrelease 553.58.1.rt7.399.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.56.1.rt7.397%{?dist}
+%define specrelease 553.58.1.rt7.399%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .397
+%global rtbuild .399
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,65 @@ fi
 #
 #
 %changelog
+* Thu Jun 12 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.58.1.rt7.399.el8_10]
+- [rt] build kernel-rt-4.18.0-553.58.1.rt7.399.el8_10
+- ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
+- ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89535] {CVE-2025-21765}
+- net: add dev_net_rcu() helper (Xin Long) [RHEL-89535] {CVE-2025-21765}
+- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Xin Long) [RHEL-89535]
+- idpf: check error for register_netdev() on init (Michal Schmidt) [RHEL-71182] {CVE-2025-22116}
+- idpf: avoid mailbox timeout delays during reset (Michal Schmidt) [RHEL-71182]
+- idpf: fix a race in txq wakeup (Michal Schmidt) [RHEL-71182]
+- idpf: fix idpf_vport_splitq_napi_poll() (Michal Schmidt) [RHEL-71182]
+- idpf: fix null-ptr-deref in idpf_features_check (Michal Schmidt) [RHEL-71182]
+- idpf: protect shutdown from reset (Michal Schmidt) [RHEL-71182]
+- idpf: fix potential memory leak on kcalloc() failure (Michal Schmidt) [RHEL-71182]
+- idpf: fix offloads support for encapsulated packets (Michal Schmidt) [RHEL-71182]
+- idpf: fix adapter NULL pointer dereference on reboot (Michal Schmidt) [RHEL-71182] {CVE-2025-22065}
+- idpf: fix checksums set in idpf_rx_rsc() (Michal Schmidt) [RHEL-71182] {CVE-2025-21890}
+- idpf: fix handling rsc packet with a single segment (Michal Schmidt) [RHEL-71182]
+- idpf: add more info during virtchnl transaction timeout/salt mismatch (Michal Schmidt) [RHEL-71182]
+- idpf: convert workqueues to unbound (Michal Schmidt) [RHEL-71182] {CVE-2024-58057}
+- idpf: Acquire the lock before accessing the xn->salt (Michal Schmidt) [RHEL-71182]
+- idpf: fix transaction timeouts on reset (Michal Schmidt) [RHEL-71182]
+- idpf: add read memory barrier when checking descriptor done bit (Michal Schmidt) [RHEL-71182]
+- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-71182]
+- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-71182]
+- idpf: call set_real_num_queues in idpf_open (Michal Schmidt) [RHEL-71182 RHEL-90849]
+- idpf: fix idpf_vc_core_init error path (Michal Schmidt) [RHEL-68233 RHEL-71182 RHEL-90846] {CVE-2024-53064}
+- idpf: avoid vport access in idpf_get_link_ksettings (Michal Schmidt) [RHEL-71182 RHEL-90846] {CVE-2024-50274}
+- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-71182]
+- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-71182] {CVE-2024-44932}
+- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-71182]
+- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-71182] {CVE-2024-44964}
+- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-71182]
+- redhat/configs: set CONFIG_IDPF_SINGLEQ as disabled (Michal Schmidt) [RHEL-71182]
+- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-71182]
+- idpf: avoid bloating &idpf_q_vector with big %%NR_CPUS (Michal Schmidt) [RHEL-71182]
+- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-71182]
+- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-71182]
+- net: remove gfp_mask from napi_alloc_skb() [idpf] (Michal Schmidt) [RHEL-71182]
+- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-71182]
+- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-71182]
+- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-71182]
+- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-71182]
+- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-95783]
+- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-95783]
+- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-95783]
+- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-95783]
+- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Mete Durlu) [RHEL-95783]
+- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-95783]
+- s390/pci: Fix potential double remove of hotplug slot (Mete Durlu) [RHEL-95783]
+- s390/pci: remove hotplug slot when releasing the device (Mete Durlu) [RHEL-95783]
+- s390/pci: introduce lock to synchronize state of zpci_dev's (Mete Durlu) [RHEL-95783]
+- s390/pci: rename lock member in struct zpci_dev (Mete Durlu) [RHEL-95783]
+
+* Thu Jun 05 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.57.1.rt7.398.el8_10]
+- [rt] build kernel-rt-4.18.0-553.57.1.rt7.398.el8_10
+- smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) [RHEL-55825]
+- cifs: fix double free race when mount fails in cifs_get_root() (Paulo Alcantara) [RHEL-55825] {CVE-2022-48919}
+- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-68090] {CVE-2024-50301}
+
 * Sun Jun 01 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.56.1.rt7.397.el8_10]
 - [rt] build kernel-rt-4.18.0-553.56.1.rt7.397.el8_10
 - tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (David Arcari) [RHEL-86963]