From 83e71a5ac93813f7db00839d48c27f484d485d1b Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Thu, 30 May 2024 08:03:48 +0200
Subject: [PATCH] kernel-rt-4.18.0-553.6.1.rt7.347.el8_10

* Thu May 30 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.6.1.rt7.347.el8_10]
- [rt] build kernel-rt-4.18.0-553.6.1.rt7.347.el8_10 [RHEL-34640]
- cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-8779]
- powerpc/powernv: Add a null pointer check in opal_event_init() (Mamatha Inamdar) [RHEL-37058] {CVE-2023-52686}
- crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-35361]
- crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-35361]
- KEYS: use kfree_sensitive with key (Vladis Dronov) [RHEL-35361]
- lib/mpi: Extend the MPI library (only mpi_*_bit() part) (Vladis Dronov) [RHEL-35361]
- net: ip_tunnel: prevent perpetual headroom growth (Felix Maurer) [RHEL-31814] {CVE-2024-26804}
- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-36048]
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Kamal Heib) [RHEL-33162] {CVE-2024-26907}
- ovl: fix leaked dentry (Miklos Szeredi) [RHEL-27306] {CVE-2021-46972}
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm/vsyscall: Consider vsyscall page part of user address space (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm: Add vsyscall address helper (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- mm/swap: fix race when skipping swapcache (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- swap: fix do_swap_page() race with swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- mm/swapfile: use percpu_ref to serialize against concurrent swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() (Rafael Aquini) [RHEL-29294] {CVE-2023-52560}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-29783]
- block: null_blk: Fix handling of fake timeout request (Ming Lei) [RHEL-8130]
- null_blk: fix poll request timeout handling (Ming Lei) [RHEL-8130]
- block: null_blk: end timed out poll request (Ming Lei) [RHEL-8130]
- block: null_blk: only set set->nr_maps as 3 if active poll_queues is > 0 (Ming Lei) [RHEL-8130]
- null_blk: allow zero poll queues (Ming Lei) [RHEL-8130]
- null_blk: Fix handling of submit_queues and poll_queues attributes (Ming Lei) [RHEL-8130]
- null_blk: poll queue support (Ming Lei) [RHEL-8130]
- null_blk: fix command timeout completion handling (Ming Lei) [RHEL-8130]
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Prarit Bhargava) [RHEL-27790] {CVE-2021-47073}
- Bluetooth: avoid memcmp() out of bounds warning (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Fix coding style (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Fix using memcmp when comparing keys (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: Reject connection with the device which has same BD_ADDR (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Ignore NULL link key (David Marlin) [RHEL-3017] {CVE-2020-26555}
- ppp_async: limit MRU to 64K (Guillaume Nault) [RHEL-31353] {CVE-2024-26675}
- powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Mamatha Inamdar) [RHEL-37078] {CVE-2023-52675}
- tcp: do not accept ACK of bytes we never sent (Xin Long) [RHEL-21952]
Resolves: RHEL-34640, RHEL-27307, RHEL-31354, RHEL-33167, RHEL-27791, RHEL-3899, RHEL-31645, RHEL-29295, RHEL-31815, RHEL-33163, RHEL-8779

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel.spec | 45 ++++++++++++++++++++++++++++++++++++++++++---
 sources     |  2 +-
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index 56505ca..57c9fbc 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.5.1.rt7.346.el8_10
+%define pkgrelease 553.6.1.rt7.347.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.5.1.rt7.346%{?dist}
+%define specrelease 553.6.1.rt7.347%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .346
+%global rtbuild .347
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,45 @@ fi
 #
 #
 %changelog
+* Thu May 30 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.6.1.rt7.347.el8_10]
+- [rt] build kernel-rt-4.18.0-553.6.1.rt7.347.el8_10 [RHEL-34640]
+- cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-8779]
+- powerpc/powernv: Add a null pointer check in opal_event_init() (Mamatha Inamdar) [RHEL-37058] {CVE-2023-52686}
+- crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-35361]
+- crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-35361]
+- KEYS: use kfree_sensitive with key (Vladis Dronov) [RHEL-35361]
+- lib/mpi: Extend the MPI library (only mpi_*_bit() part) (Vladis Dronov) [RHEL-35361]
+- net: ip_tunnel: prevent perpetual headroom growth (Felix Maurer) [RHEL-31814] {CVE-2024-26804}
+- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-36048]
+- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Kamal Heib) [RHEL-33162] {CVE-2024-26907}
+- ovl: fix leaked dentry (Miklos Szeredi) [RHEL-27306] {CVE-2021-46972}
+- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- x86/mm/vsyscall: Consider vsyscall page part of user address space (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- x86/mm: Add vsyscall address helper (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- mm/swap: fix race when skipping swapcache (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
+- swap: fix do_swap_page() race with swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
+- mm/swapfile: use percpu_ref to serialize against concurrent swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
+- mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() (Rafael Aquini) [RHEL-29294] {CVE-2023-52560}
+- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-29783]
+- block: null_blk: Fix handling of fake timeout request (Ming Lei) [RHEL-8130]
+- null_blk: fix poll request timeout handling (Ming Lei) [RHEL-8130]
+- block: null_blk: end timed out poll request (Ming Lei) [RHEL-8130]
+- block: null_blk: only set set->nr_maps as 3 if active poll_queues is > 0 (Ming Lei) [RHEL-8130]
+- null_blk: allow zero poll queues (Ming Lei) [RHEL-8130]
+- null_blk: Fix handling of submit_queues and poll_queues attributes (Ming Lei) [RHEL-8130]
+- null_blk: poll queue support (Ming Lei) [RHEL-8130]
+- null_blk: fix command timeout completion handling (Ming Lei) [RHEL-8130]
+- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Prarit Bhargava) [RHEL-27790] {CVE-2021-47073}
+- Bluetooth: avoid memcmp() out of bounds warning (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: hci_event: Fix coding style (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: hci_event: Fix using memcmp when comparing keys (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: Reject connection with the device which has same BD_ADDR (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: hci_event: Ignore NULL link key (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- ppp_async: limit MRU to 64K (Guillaume Nault) [RHEL-31353] {CVE-2024-26675}
+- powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Mamatha Inamdar) [RHEL-37078] {CVE-2023-52675}
+- tcp: do not accept ACK of bytes we never sent (Xin Long) [RHEL-21952]
+
 * Tue May 21 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.5.1.rt7.346.el8_10]
 - [rt] build kernel-rt-4.18.0-553.5.1.rt7.346.el8_10 [RHEL-34640]
 - tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-29238]
diff --git a/sources b/sources
index 5461f17..6030f2a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.5.1.rt7.346.el8_10.tar.xz) = 4f41e8930bc08af2079284def86fb0ac3756952805e580a855785b3a101fea3bc68172e0ba8841d83f1e14f84322a876082ceaaada95f7b1833cb30e3755986e
+SHA512 (linux-4.18.0-553.6.1.rt7.347.el8_10.tar.xz) = a234062ef4a4fd3db3bb13fb8f53905191bc44b44da4cd4df21ef4b75b7bad80ed997a18de555e32ea76f2d51a023a195e280c9427f65d0ba1a2f27566b81971