From 483fb7298132cdb853c29ef20e8d6c1bbe63def2 Mon Sep 17 00:00:00 2001
From: Eduard Abdullin <eabdullin@almalinux.org>
Date: Wed, 11 Feb 2026 10:13:43 +0000
Subject: [PATCH] Debrand for AlmaLinux OS

Use AlmaLinux OS secure boot cert

Enable Btrfs support for all kernel variants

hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024

megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024

qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024

qla4xxx: bring back deprecated PCI ids

lpfc: bring back deprecated PCI ids

be2iscsi: bring back deprecated PCI ids

kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
---
 .gitignore       |  6 +++---
 Makefile.rhelver |  2 +-
 kernel.changelog | 30 ++++++++++++++++++++++++++++++
 kernel.spec      | 40 +++++++++++++++++++++++++++++++++-------
 sources          |  6 +++---
 5 files changed, 70 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8d28bc1da..b8b1379e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,7 @@
 fedoraimaca.x509
-kernel-abi-stablelists-6.12.0-124.31.1.el10_1.tar.xz
-kernel-kabi-dw-6.12.0-124.31.1.el10_1.tar.xz
-linux-6.12.0-124.31.1.el10_1.tar.xz
+kernel-abi-stablelists-6.12.0-124.35.1.el10_1.tar.xz
+kernel-kabi-dw-6.12.0-124.35.1.el10_1.tar.xz
+linux-6.12.0-124.35.1.el10_1.tar.xz
 nvidiagpuoot001.x509
 olima1.x509
 olimaca1.x509
diff --git a/Makefile.rhelver b/Makefile.rhelver
index e4427791a..f4fc763e3 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 124.31.1
+RHEL_RELEASE = 124.35.1
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel.changelog b/kernel.changelog
index 96d77eee9..6bde8829f 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,32 @@
+* Sat Jan 31 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.35.1.el10_1]
+- ice: Fix kernel panic due to page refcount underflow (CKI Backport Bot) [RHEL-139734]
+- mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). (Davide Caratti) [RHEL-129044] {CVE-2025-40133}
+- mptcp: Call dst_release() in mptcp_active_enable(). (Davide Caratti) [RHEL-129044]
+- vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137703] {CVE-2025-38403}
+Resolves: RHEL-129044, RHEL-137703, RHEL-139734
+
+* Thu Jan 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.34.1.el10_1]
+- ice: prevent NULL deref in ice_lag_move_new_vf_nodes() (Michal Schmidt) [RHEL-143255]
+- svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142793] {CVE-2025-68811}
+- exec: Make sure task->comm is always NUL-terminated (Luiz Capitulino) [RHEL-141711]
+- lib/buildid: use __kernel_read() for sleepable context (Waiman Long) [RHEL-141229]
+- net: bonding: update the slave array for broadcast mode (Hangbin Liu) [RHEL-138325]
+- net: bonding: add broadcast_neighbor netlink option (Hangbin Liu) [RHEL-138325]
+- net: bonding: add broadcast_neighbor option for 802.3ad (Hangbin Liu) [RHEL-138325]
+Resolves: RHEL-138325, RHEL-141229, RHEL-141711, RHEL-142793, RHEL-143255
+
+* Tue Jan 27 2026 Julio Faracco <jfaracco@redhat.com> [6.12.0-124.33.1.el10_1]
+- io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137333] {CVE-2025-38730}
+- smb: client: let recv_done verify data_offset, data_length and remaining_data_length (Paulo Alcantara) [RHEL-131394] {CVE-2025-39933}
+Resolves: RHEL-131394, RHEL-137333
+
+* Sat Jan 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.32.1.el10_1]
+- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138024] {CVE-2025-38415}
+- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138024] {CVE-2025-38415}
+- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137686] {CVE-2025-40304}
+- fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136945] {CVE-2025-40322}
+Resolves: RHEL-136945, RHEL-137686, RHEL-138024
+
 * Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.31.1.el10_1]
 - i40e: support generic devlink param "max_mac_per_vf" (Mohammad Heib) [RHEL-121647]
 - devlink: Add new "max_mac_per_vf" generic device param (Mohammad Heib) [RHEL-121647]
@@ -19,6 +48,7 @@
 - RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CKI Backport Bot) [RHEL-134363] {CVE-2025-38022}
 - uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133456]
 - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129115] {CVE-2025-40154}
+- kabi: stabilize struct alt_instr (Čestmír Kalina) [RHEL-122759]
 Resolves: RHEL-121647, RHEL-122759, RHEL-126599, RHEL-129115, RHEL-129452, RHEL-133336, RHEL-133456, RHEL-134363, RHEL-134763, RHEL-136289
 
 * Wed Jan 21 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.30.1.el10_1]
diff --git a/kernel.spec b/kernel.spec
index 96221ff30..68aac6bbc 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 124.31.1
+%define pkgrelease 124.35.1
 %define kversion 6
-%define tarfile_release 6.12.0-124.31.1.el10_1
+%define tarfile_release 6.12.0-124.35.1.el10_1
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 124.31.1%{?buildid}%{?dist}
+%define specrelease 124.35.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-124.31.1.el10_1
+%define kabiversion 6.12.0-124.35.1.el10_1
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -4389,14 +4389,14 @@ fi\
 #
 #
 %changelog
-* Wed Feb 04 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-124.31.1
+* Wed Feb 11 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-124.35.1
 - Debrand for AlmaLinux OS
 - Use AlmaLinux OS secure boot cert
 
-* Wed Feb 04 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-124.31.1
+* Wed Feb 11 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-124.35.1
 - Enable Btrfs support for all kernel variants
 
-* Wed Feb 04 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-124.31.1
+* Wed Feb 11 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-124.35.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -4407,6 +4407,31 @@ fi\
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
+* Sat Jan 31 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.35.1.el10_1]
+- ice: Fix kernel panic due to page refcount underflow (CKI Backport Bot) [RHEL-139734]
+- mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). (Davide Caratti) [RHEL-129044] {CVE-2025-40133}
+- mptcp: Call dst_release() in mptcp_active_enable(). (Davide Caratti) [RHEL-129044]
+- vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137703] {CVE-2025-38403}
+
+* Thu Jan 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.34.1.el10_1]
+- ice: prevent NULL deref in ice_lag_move_new_vf_nodes() (Michal Schmidt) [RHEL-143255]
+- svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142793] {CVE-2025-68811}
+- exec: Make sure task->comm is always NUL-terminated (Luiz Capitulino) [RHEL-141711]
+- lib/buildid: use __kernel_read() for sleepable context (Waiman Long) [RHEL-141229]
+- net: bonding: update the slave array for broadcast mode (Hangbin Liu) [RHEL-138325]
+- net: bonding: add broadcast_neighbor netlink option (Hangbin Liu) [RHEL-138325]
+- net: bonding: add broadcast_neighbor option for 802.3ad (Hangbin Liu) [RHEL-138325]
+
+* Tue Jan 27 2026 Julio Faracco <jfaracco@redhat.com> [6.12.0-124.33.1.el10_1]
+- io_uring/net: commit partial buffers on retry (Jeff Moyer) [RHEL-137333] {CVE-2025-38730}
+- smb: client: let recv_done verify data_offset, data_length and remaining_data_length (Paulo Alcantara) [RHEL-131394] {CVE-2025-39933}
+
+* Sat Jan 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.32.1.el10_1]
+- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138024] {CVE-2025-38415}
+- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138024] {CVE-2025-38415}
+- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137686] {CVE-2025-40304}
+- fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136945] {CVE-2025-40322}
+
 * Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.31.1.el10_1]
 - i40e: support generic devlink param "max_mac_per_vf" (Mohammad Heib) [RHEL-121647]
 - devlink: Add new "max_mac_per_vf" generic device param (Mohammad Heib) [RHEL-121647]
@@ -4428,6 +4453,7 @@ fi\
 - RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CKI Backport Bot) [RHEL-134363] {CVE-2025-38022}
 - uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133456]
 - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129115] {CVE-2025-40154}
+- kabi: stabilize struct alt_instr (Čestmír Kalina) [RHEL-122759]
 
 * Wed Jan 21 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.30.1.el10_1]
 - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (Jeff Moyer) [RHEL-129623] {CVE-2025-38453}
diff --git a/sources b/sources
index ad70b2286..bb3bf7b23 100644
--- a/sources
+++ b/sources
@@ -1,7 +1,7 @@
 SHA512 (fedoraimaca.x509) = e04809394f4472c17e86d7024dee34f03fb68e82a85502fd5b00535202c72e57626a8376b2cf991b7e1e46404aa5ab8d189ebf320e0dd37d49e7efbc925c7a2e
-SHA512 (kernel-abi-stablelists-6.12.0-124.31.1.el10_1.tar.xz) = 241ce1af312f92483229c9f877ea207112021e701d3588f2ef9c5149f2c0e374127086eefd61bba5930d40d398dafff855d3c0ab85872b511ddbb684462a7773
-SHA512 (kernel-kabi-dw-6.12.0-124.31.1.el10_1.tar.xz) = ce66addfb8b13d117a19e3b00562b1bf242d5090874eca52ee55e7b3e7f0c315bc86dfc1c0bd94e361e7eee1b10f8a27641677506f40253dc01dc5eb258a6b60
-SHA512 (linux-6.12.0-124.31.1.el10_1.tar.xz) = 07211ca6d44a44e91f72afe5e08c432792343fa8dc084dc67bb2600521ae08c52e1d42bbf693bf316aaf4c759dabe5a0223dd1ecbf0cb2eed3f485534a954875
+SHA512 (kernel-abi-stablelists-6.12.0-124.35.1.el10_1.tar.xz) = fbe77c5f088b146747322c1a607427c5fa2d9fac28936b4de6a1eec555dd0d7197dce83f6261f33e8f6b3f9869e2ebd9b265748be08f58dd7aaf20605bb4832a
+SHA512 (kernel-kabi-dw-6.12.0-124.35.1.el10_1.tar.xz) = cd90f1fee55e223e5756e7490ff3702f57da6ffe5d1d8c57fdd7376ca88364c506c6d88763e085231e0331619b1d76ac62aaaea588310dccda3435ad4b320555
+SHA512 (linux-6.12.0-124.35.1.el10_1.tar.xz) = cd9f83a9928d45e5483376604460acd404f47e56587b754ea24e9973ab5ba54f1a18bc94877fcc279386cfa01d53b6a0faa3866129930b234ec9b1d8096c72d4
 SHA512 (nvidiagpuoot001.x509) = b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe
 SHA512 (olima1.x509) = 123c26c1d698cc8523845c6e1103b9c72abf855acd225d37baf1f3388a47f912166d6d786fb367fe46de39e011b586ad7f3963aa2e8923da30a6ea9ae0d76ad3
 SHA512 (olimaca1.x509) = 3a779415fad29d6f7250ec97ab1f0a5eb62c351b724feee06b22e17f065bf74a558f32cc524d3222c4485635ae5b9cd5287855c94010fe743b51a4d954340c4c