From fcb6ac112e050752ba206af8d7883402e220cc85 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Sat, 6 Jan 2024 23:03:44 +0100
Subject: [PATCH] kernel-rt-4.18.0-534.rt7.323.el8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Sat Jan 06 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-534.rt7.323.el8]
- [rt] build kernel-rt-4.18.0-534.rt7.323.el8 [RHEL-5332]
- nfsd: lock_rename() needs both directories to live on the same fs (Jeffrey Layton) [RHEL-19591]
- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19237 RHEL-19260] {CVE-2023-1073}
- ceph: do not print the whole xattr value if it's too long (Xiubo Li) [RHEL-16411]
- libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-20390]
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) [RHEL-8003]
- ceph: silence smatch warning in reconnect_caps_cb() (Xiubo Li) [RHEL-16410]
- ceph: fix potential use-after-free bug when trimming caps (Xiubo Li) [RHEL-16410]
- ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-16412]
- ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-16412]
- ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-16412]
- ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-16412]
- ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-16412]
- ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-16412]
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-16412]
- redhat/configs: Remove multi-buffer SHA configs (Štěpán Horáček) [RHEL-14477]
- crypto: tcrypt - remove all multibuffer ahash tests (Štěpán Horáček) [RHEL-14477]
- crypto: hash - Remove unused async iterators (Štěpán Horáček) [RHEL-14477]
- crypto: x86 - remove SHA multibuffer routines and mcryptd (Štěpán Horáček) [RHEL-14477]
- fs: group frequently accessed fields of struct super_block together (Miklos Szeredi) [RHEL-12504]
- fanotify: add API to attach/detach super block mark (Miklos Szeredi) [RHEL-12504]
- fsnotify: send path type events to group with super block marks (Miklos Szeredi) [RHEL-12504]
- fsnotify: add super block object type (Miklos Szeredi) [RHEL-12504]
- netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-1722]
- netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix table flag updates (Florian Westphal) [RHEL-1722]
- netfilter: nftables: update table flags from the commit phase (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-1722]
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-1722]
- netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix nft_trans type confusion (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-1722]
- netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-1722] {CVE-2023-4244}
- netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-1722] {CVE-2023-4244}
- netfilter: nftables: rename set element data activation/deactivation functions (Florian Westphal) [RHEL-1722]
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: add nft_chain_add() (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-1722]
- netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-1722]
- netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification (Florian Westphal) [RHEL-1722]
- netfilter: nftables: add catch-all set element support (Florian Westphal) [RHEL-1722]
Resolves: RHEL-5332, RHEL-1723, RHEL-19260

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel-rt-x86_64-debug.config |  5 +--
 kernel-rt-x86_64.config       |  5 +--
 kernel.spec                   | 69 +++++++++++++++++++++++++++++++++--
 sources                       |  2 +-
 4 files changed, 68 insertions(+), 13 deletions(-)

diff --git a/kernel-rt-x86_64-debug.config b/kernel-rt-x86_64-debug.config
index 7f24679..6380409 100644
--- a/kernel-rt-x86_64-debug.config
+++ b/kernel-rt-x86_64-debug.config
@@ -311,6 +311,7 @@
 # CONFIG_CRYPTO_LZ4 is not set
 # CONFIG_CRYPTO_LZ4HC is not set
 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
+# CONFIG_CRYPTO_MCRYPTD is not set
 # CONFIG_CRYPTO_MORUS1280 is not set
 # CONFIG_CRYPTO_MORUS1280_AVX2 is not set
 # CONFIG_CRYPTO_MORUS1280_SSE2 is not set
@@ -2749,7 +2750,6 @@ CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KHAZAD=m
 CONFIG_CRYPTO_LRW=m
 CONFIG_CRYPTO_MANAGER=y
-CONFIG_CRYPTO_MCRYPTD=m
 CONFIG_CRYPTO_MD4=m
 CONFIG_CRYPTO_MICHAEL_MIC=m
 CONFIG_CRYPTO_PCBC=m
@@ -2767,14 +2767,11 @@ CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
 CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
 CONFIG_CRYPTO_SHA1=y
-CONFIG_CRYPTO_SHA1_MB=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
 CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA256_MB=m
 CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA3=m
 CONFIG_CRYPTO_SHA512=y
-CONFIG_CRYPTO_SHA512_MB=m
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TEA=m
 CONFIG_CRYPTO_TEST=m
diff --git a/kernel-rt-x86_64.config b/kernel-rt-x86_64.config
index 19a6d41..f794a8c 100644
--- a/kernel-rt-x86_64.config
+++ b/kernel-rt-x86_64.config
@@ -327,6 +327,7 @@
 # CONFIG_CRYPTO_LZ4 is not set
 # CONFIG_CRYPTO_LZ4HC is not set
 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
+# CONFIG_CRYPTO_MCRYPTD is not set
 # CONFIG_CRYPTO_MORUS1280 is not set
 # CONFIG_CRYPTO_MORUS1280_AVX2 is not set
 # CONFIG_CRYPTO_MORUS1280_SSE2 is not set
@@ -2810,7 +2811,6 @@ CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_KHAZAD=m
 CONFIG_CRYPTO_LRW=m
 CONFIG_CRYPTO_MANAGER=y
-CONFIG_CRYPTO_MCRYPTD=m
 CONFIG_CRYPTO_MD4=m
 CONFIG_CRYPTO_MICHAEL_MIC=m
 CONFIG_CRYPTO_PCBC=m
@@ -2828,14 +2828,11 @@ CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
 CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
 CONFIG_CRYPTO_SHA1=y
-CONFIG_CRYPTO_SHA1_MB=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
 CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA256_MB=m
 CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA3=m
 CONFIG_CRYPTO_SHA512=y
-CONFIG_CRYPTO_SHA512_MB=m
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TEA=m
 CONFIG_CRYPTO_TEST=m
diff --git a/kernel.spec b/kernel.spec
index 929b0db..969c163 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -12,7 +12,7 @@
 # change below to w4T.xzdio):
 %define _binary_payload w3T.xzdio
 
-%global distro_build 533
+%global distro_build 534
 
 # Sign the x86_64 kernel for secure boot authentication
 %ifarch x86_64 aarch64 s390x ppc64le
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 533.rt7.322.el8
+%define pkgrelease 534.rt7.323.el8
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 533.rt7.322%{?dist}
+%define specrelease 534.rt7.323%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -147,7 +147,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .322
+%global rtbuild .323
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2698,6 +2698,67 @@ fi
 #
 #
 %changelog
+* Sat Jan 06 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-534.rt7.323.el8]
+- [rt] build kernel-rt-4.18.0-534.rt7.323.el8 [RHEL-5332]
+- nfsd: lock_rename() needs both directories to live on the same fs (Jeffrey Layton) [RHEL-19591]
+- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19237 RHEL-19260] {CVE-2023-1073}
+- ceph: do not print the whole xattr value if it's too long (Xiubo Li) [RHEL-16411]
+- libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-20390]
+- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) [RHEL-8003]
+- ceph: silence smatch warning in reconnect_caps_cb() (Xiubo Li) [RHEL-16410]
+- ceph: fix potential use-after-free bug when trimming caps (Xiubo Li) [RHEL-16410]
+- ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-16412]
+- ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-16412]
+- ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-16412]
+- ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-16412]
+- ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-16412]
+- ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-16412]
+- ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-16412]
+- redhat/configs: Remove multi-buffer SHA configs (Štěpán Horáček) [RHEL-14477]
+- crypto: tcrypt - remove all multibuffer ahash tests (Štěpán Horáček) [RHEL-14477]
+- crypto: hash - Remove unused async iterators (Štěpán Horáček) [RHEL-14477]
+- crypto: x86 - remove SHA multibuffer routines and mcryptd (Štěpán Horáček) [RHEL-14477]
+- fs: group frequently accessed fields of struct super_block together (Miklos Szeredi) [RHEL-12504]
+- fanotify: add API to attach/detach super block mark (Miklos Szeredi) [RHEL-12504]
+- fsnotify: send path type events to group with super block marks (Miklos Szeredi) [RHEL-12504]
+- fsnotify: add super block object type (Miklos Szeredi) [RHEL-12504]
+- netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-1722]
+- netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix table flag updates (Florian Westphal) [RHEL-1722]
+- netfilter: nftables: update table flags from the commit phase (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-1722]
+- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-1722]
+- netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix nft_trans type confusion (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-1722]
+- netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-1722] {CVE-2023-4244}
+- netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-1722] {CVE-2023-4244}
+- netfilter: nftables: rename set element data activation/deactivation functions (Florian Westphal) [RHEL-1722]
+- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: add nft_chain_add() (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-1722]
+- netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-1722]
+- netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification (Florian Westphal) [RHEL-1722]
+- netfilter: nftables: add catch-all set element support (Florian Westphal) [RHEL-1722]
+
 * Tue Jan 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-533.rt7.322.el8]
 - [rt] build kernel-rt-4.18.0-533.rt7.322.el8 [RHEL-5332]
 - netlink: support extack in dump ->start() (Hangbin Liu) [RHEL-17272]
diff --git a/sources b/sources
index 9e1f41a..05885b0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-533.rt7.322.el8.tar.xz) = 354d58fe914975d317b1dcbaf14e090e5b650bad426c877bf5a264158a56c1771879f25b9b6c927be480ccab277bf65cd25ba2dc3c84db2af9b3dcd1b18813f0
+SHA512 (linux-4.18.0-534.rt7.323.el8.tar.xz) = c7b02065c66c7dafd8980c8fd90e49ceea614aa1e3b2e5579cf687fccb0c1bb2031432d4c280c0f26f17607314ea9d0d97d780e383c84a20e60c2db66b34afab