From bd4bddfebdf6a3bf6ceab8c1fd3ced9b63673c53 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Fri, 22 Nov 2024 09:59:00 +0100
Subject: [PATCH] kernel-rt-4.18.0-553.31.1.rt7.372.el8_10

* Fri Nov 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.31.1.rt7.372.el8_10]
- [rt] build kernel-rt-4.18.0-553.31.1.rt7.372.el8_10 [RHEL-68615]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}
Resolves: RHEL-68615

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel.spec | 26 +++++++++++++++++++++++---
 sources     |  2 +-
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index c6e90bc..ec49cf6 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.30.1.rt7.371.el8_10
+%define pkgrelease 553.31.1.rt7.372.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.30.1.rt7.371%{?dist}
+%define specrelease 553.31.1.rt7.372%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .371
+%global rtbuild .372
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,26 @@ fi
 #
 #
 %changelog
+* Fri Nov 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.31.1.rt7.372.el8_10]
+- [rt] build kernel-rt-4.18.0-553.31.1.rt7.372.el8_10 [RHEL-68615]
+- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
+- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
+- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
+- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
+- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
+- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
+- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
+- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
+- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
+- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
+- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
+- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
+- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
+- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
+- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
+- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
+- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}
+
 * Fri Nov 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.30.1.rt7.371.el8_10]
 - [rt] build kernel-rt-4.18.0-553.30.1.rt7.371.el8_10 [RHEL-66248]
 - locking/rtmutex: Use rt_mutex specific scheduler helpers (Daniel Vacek) [RHEL-63166]
diff --git a/sources b/sources
index 58a3256..d951e63 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.30.1.rt7.371.el8_10.tar.xz) = e338edd6094cda9f67ca69234ac822eda17adba0d7d8baaab0aa5f9359877e55b7fc743181f9a28ebe4ae6c6b4a66fad96405a41fce6a26c2ed63ab8465ecd6a
+SHA512 (linux-4.18.0-553.31.1.rt7.372.el8_10.tar.xz) = 9f3528cb0afc0c5087268b46e251d0dd0f28c721dd842648935673c227815ab9abe8b4e3a2502061316b042193a8eb2e1fc413cd6e452598de9ec759f0dd46a7