From 9dbacbed09a678a59268b38b47771e9620a96bc0 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Wed, 10 Jul 2024 18:57:22 +0200
Subject: [PATCH] kernel-4.18.0-553.12.1.el8_10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Wed Jul 10 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.12.1.el8_10]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538}
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469}
- SUNRPC: Fix a suspicious RCU usage warning (Scott Mayhew) [RHEL-30503] {CVE-2023-52623}
- ice: Fix some null pointer dereference issues in ice_ptp.c (Petr Oros) [RHEL-26901] {CVE-2023-52471}
- xfs: fix internal error from AGFL exhaustion (Pavel Reichl) [RHEL-45581]
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (Phil Auld) [RHEL-38117] {CVE-2023-52707}
- wait: add wake_up_pollfree() (Phil Auld) [RHEL-38117]
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-33269] {CVE-2024-26852}
- net: bridge: switchdev: Skip MDB replays of deferred events on offload (Ivan Vecera) [RHEL-33117] {CVE-2024-26837}
- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Pavel Reichl) [RHEL-31700] {CVE-2024-26772}
- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-31688] {CVE-2024-26773}
- ext4: fix double-free of blocks due to wrong extents moved_len (Pavel Reichl) [RHEL-31612] {CVE-2024-26704}
- vxlan: Pull inner IP header in vxlan_xmit_one(). (Guillaume Nault) [RHEL-31389]
- geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Guillaume Nault) [RHEL-31389]
- vxlan: Pull inner IP header in vxlan_rcv(). (Guillaume Nault) [RHEL-31389]
- geneve: fix header validation in geneve[6]_xmit_skb (Guillaume Nault) [RHEL-31389]
- geneve: make sure to pull inner header in geneve_rx() (Guillaume Nault) [RHEL-31389]
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Guillaume Nault) [RHEL-31389]
- net: geneve: check skb is large enough for IPv4/IPv6 header (Guillaume Nault) [RHEL-31389]
- net/smc: fix neighbour and rtable leak in smc_ib_find_route() (Tobias Huschle) [RHEL-39744] {CVE-2024-36945}
- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-38452] {CVE-2024-36010}
- bonding: stop the device in bond_setup_by_slave() (Hangbin Liu) [RHEL-38327] {CVE-2023-52784}
- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-39702] {CVE-2024-36020}
- powerpc/64: Fix the definition of the fixmap area (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
- powerpc/mm/hash64: Add a variable to track the end of IO mapping (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Xin Long) [RHEL-39770] {CVE-2024-36933}
- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Xin Long) [RHEL-39770]
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39779] {CVE-2024-36929}
- tcp: properly terminate timers for kernel sockets (Guillaume Nault) [RHEL-37171] {CVE-2024-35910}
- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39831]
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39831] {CVE-2024-36905}
- tcp: remove redundant check on tskb (Florian Westphal) [RHEL-39831]
- drm/ast: Fix soft lockup (cki-backport-bot) [RHEL-37438] {CVE-2024-35952}
- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-39341]
- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-39341]
- null_blk: fix return value from null_add_dev() (Ming Lei) [RHEL-39341]
Resolves: RHEL-26893, RHEL-26901, RHEL-27191, RHEL-30503, RHEL-31389, RHEL-31612, RHEL-31688, RHEL-31700, RHEL-33117, RHEL-33269, RHEL-37171, RHEL-37438, RHEL-38117, RHEL-38327, RHEL-38452, RHEL-39341, RHEL-39702, RHEL-39744, RHEL-39770, RHEL-39779, RHEL-39831, RHEL-44291, RHEL-45581

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel.spec | 42 ++++++++++++++++++++++++++++++++++++++++--
 sources     |  4 ++--
 2 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index e659998c4..6aa8844c1 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.11.1.el8_10
+%define pkgrelease 553.12.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.11.1%{?dist}
+%define specrelease 553.12.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,44 @@ fi
 #
 #
 %changelog
+* Wed Jul 10 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.12.1.el8_10]
+- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538}
+- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469}
+- SUNRPC: Fix a suspicious RCU usage warning (Scott Mayhew) [RHEL-30503] {CVE-2023-52623}
+- ice: Fix some null pointer dereference issues in ice_ptp.c (Petr Oros) [RHEL-26901] {CVE-2023-52471}
+- xfs: fix internal error from AGFL exhaustion (Pavel Reichl) [RHEL-45581]
+- sched/psi: Fix use-after-free in ep_remove_wait_queue() (Phil Auld) [RHEL-38117] {CVE-2023-52707}
+- wait: add wake_up_pollfree() (Phil Auld) [RHEL-38117]
+- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-33269] {CVE-2024-26852}
+- net: bridge: switchdev: Skip MDB replays of deferred events on offload (Ivan Vecera) [RHEL-33117] {CVE-2024-26837}
+- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Pavel Reichl) [RHEL-31700] {CVE-2024-26772}
+- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-31688] {CVE-2024-26773}
+- ext4: fix double-free of blocks due to wrong extents moved_len (Pavel Reichl) [RHEL-31612] {CVE-2024-26704}
+- vxlan: Pull inner IP header in vxlan_xmit_one(). (Guillaume Nault) [RHEL-31389]
+- geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Guillaume Nault) [RHEL-31389]
+- vxlan: Pull inner IP header in vxlan_rcv(). (Guillaume Nault) [RHEL-31389]
+- geneve: fix header validation in geneve[6]_xmit_skb (Guillaume Nault) [RHEL-31389]
+- geneve: make sure to pull inner header in geneve_rx() (Guillaume Nault) [RHEL-31389]
+- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Guillaume Nault) [RHEL-31389]
+- net: geneve: check skb is large enough for IPv4/IPv6 header (Guillaume Nault) [RHEL-31389]
+- net/smc: fix neighbour and rtable leak in smc_ib_find_route() (Tobias Huschle) [RHEL-39744] {CVE-2024-36945}
+- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-38452] {CVE-2024-36010}
+- bonding: stop the device in bond_setup_by_slave() (Hangbin Liu) [RHEL-38327] {CVE-2023-52784}
+- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-39702] {CVE-2024-36020}
+- powerpc/64: Fix the definition of the fixmap area (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
+- powerpc/mm/hash64: Add a variable to track the end of IO mapping (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
+- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Xin Long) [RHEL-39770] {CVE-2024-36933}
+- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Xin Long) [RHEL-39770]
+- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39779] {CVE-2024-36929}
+- tcp: properly terminate timers for kernel sockets (Guillaume Nault) [RHEL-37171] {CVE-2024-35910}
+- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39831]
+- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39831] {CVE-2024-36905}
+- tcp: remove redundant check on tskb (Florian Westphal) [RHEL-39831]
+- drm/ast: Fix soft lockup (cki-backport-bot) [RHEL-37438] {CVE-2024-35952}
+- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-39341]
+- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-39341]
+- null_blk: fix return value from null_add_dev() (Ming Lei) [RHEL-39341]
+
 * Wed Jul 03 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.11.1.el8_10]
 - x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-42121]
 - Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-42121]
diff --git a/sources b/sources
index 5861e7991..d5f013364 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.11.1.el8_10.tar.xz) = 30bb98192c1cd91d5a52b6255893b09c8d44abfe0970fcdf79ac6192aaad0b36db9bbac6be30075fcf04074a17bcd15165ab15c988892cceb563784808634851
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 0044a0cf192c8257a4724fe17a26f5e61c8fae8e4ef63bbfebb2e02b28db91e3c45f2332d4068226e09ba9cb75e47d5b9eb48e2628533f7f248adc7493bce1e4
+SHA512 (linux-4.18.0-553.12.1.el8_10.tar.xz) = fa47e2bd7ad7de31de104da323502d38802cb1c511306c39b50294b6f69c00e03869c5563e81dfa87fdc965ad30461a0354d3dc298eedcc1a190cd5d19ff592e
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 5f014a83a2073516b73962702012820a4f7ce4686b52040a631064af73b13874bc695577027f39b500daf76545a2cffbd9ff5dad00fcecbcf0733a5c819abe8e
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf