From a46af5247a0fe1c220f6f919bc9577a543697c80 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Wed, 29 May 2024 22:37:37 +0200
Subject: [PATCH] kernel-4.18.0-553.6.1.el8_10

* Wed May 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.6.1.el8_10]
- powerpc/powernv: Add a null pointer check in opal_event_init() (Mamatha Inamdar) [RHEL-37058] {CVE-2023-52686}
- crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-35361]
- crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-35361]
- KEYS: use kfree_sensitive with key (Vladis Dronov) [RHEL-35361]
- lib/mpi: Extend the MPI library (only mpi_*_bit() part) (Vladis Dronov) [RHEL-35361]
- net: ip_tunnel: prevent perpetual headroom growth (Felix Maurer) [RHEL-31814] {CVE-2024-26804}
- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-36048]
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Kamal Heib) [RHEL-33162] {CVE-2024-26907}
- ovl: fix leaked dentry (Miklos Szeredi) [RHEL-27306] {CVE-2021-46972}
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm/vsyscall: Consider vsyscall page part of user address space (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm: Add vsyscall address helper (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- mm/swap: fix race when skipping swapcache (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- swap: fix do_swap_page() race with swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- mm/swapfile: use percpu_ref to serialize against concurrent swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() (Rafael Aquini) [RHEL-29294] {CVE-2023-52560}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-29783]
- block: null_blk: Fix handling of fake timeout request (Ming Lei) [RHEL-8130]
- null_blk: fix poll request timeout handling (Ming Lei) [RHEL-8130]
- block: null_blk: end timed out poll request (Ming Lei) [RHEL-8130]
- block: null_blk: only set set->nr_maps as 3 if active poll_queues is > 0 (Ming Lei) [RHEL-8130]
- null_blk: allow zero poll queues (Ming Lei) [RHEL-8130]
- null_blk: Fix handling of submit_queues and poll_queues attributes (Ming Lei) [RHEL-8130]
- null_blk: poll queue support (Ming Lei) [RHEL-8130]
- null_blk: fix command timeout completion handling (Ming Lei) [RHEL-8130]
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Prarit Bhargava) [RHEL-27790] {CVE-2021-47073}
- Bluetooth: avoid memcmp() out of bounds warning (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Fix coding style (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Fix using memcmp when comparing keys (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: Reject connection with the device which has same BD_ADDR (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Ignore NULL link key (David Marlin) [RHEL-3017] {CVE-2020-26555}
- ppp_async: limit MRU to 64K (Guillaume Nault) [RHEL-31353] {CVE-2024-26675}
- powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Mamatha Inamdar) [RHEL-37078] {CVE-2023-52675}
- tcp: do not accept ACK of bytes we never sent (Xin Long) [RHEL-21952]
Resolves: RHEL-21952, RHEL-27306, RHEL-27790, RHEL-29294, RHEL-29783, RHEL-3017, RHEL-31353, RHEL-31644, RHEL-31814, RHEL-33162, RHEL-33166, RHEL-35361, RHEL-36048, RHEL-37058, RHEL-37078, RHEL-8130

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel.spec | 41 +++++++++++++++++++++++++++++++++++++++--
 sources     |  4 ++--
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index fa00a2867..c79954d8a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.5.1.el8_10
+%define pkgrelease 553.6.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.5.1%{?dist}
+%define specrelease 553.6.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,43 @@ fi
 #
 #
 %changelog
+* Wed May 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.6.1.el8_10]
+- powerpc/powernv: Add a null pointer check in opal_event_init() (Mamatha Inamdar) [RHEL-37058] {CVE-2023-52686}
+- crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-35361]
+- crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-35361]
+- KEYS: use kfree_sensitive with key (Vladis Dronov) [RHEL-35361]
+- lib/mpi: Extend the MPI library (only mpi_*_bit() part) (Vladis Dronov) [RHEL-35361]
+- net: ip_tunnel: prevent perpetual headroom growth (Felix Maurer) [RHEL-31814] {CVE-2024-26804}
+- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-36048]
+- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Kamal Heib) [RHEL-33162] {CVE-2024-26907}
+- ovl: fix leaked dentry (Miklos Szeredi) [RHEL-27306] {CVE-2021-46972}
+- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- x86/mm/vsyscall: Consider vsyscall page part of user address space (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- x86/mm: Add vsyscall address helper (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
+- mm/swap: fix race when skipping swapcache (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
+- swap: fix do_swap_page() race with swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
+- mm/swapfile: use percpu_ref to serialize against concurrent swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
+- mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() (Rafael Aquini) [RHEL-29294] {CVE-2023-52560}
+- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-29783]
+- block: null_blk: Fix handling of fake timeout request (Ming Lei) [RHEL-8130]
+- null_blk: fix poll request timeout handling (Ming Lei) [RHEL-8130]
+- block: null_blk: end timed out poll request (Ming Lei) [RHEL-8130]
+- block: null_blk: only set set->nr_maps as 3 if active poll_queues is > 0 (Ming Lei) [RHEL-8130]
+- null_blk: allow zero poll queues (Ming Lei) [RHEL-8130]
+- null_blk: Fix handling of submit_queues and poll_queues attributes (Ming Lei) [RHEL-8130]
+- null_blk: poll queue support (Ming Lei) [RHEL-8130]
+- null_blk: fix command timeout completion handling (Ming Lei) [RHEL-8130]
+- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Prarit Bhargava) [RHEL-27790] {CVE-2021-47073}
+- Bluetooth: avoid memcmp() out of bounds warning (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: hci_event: Fix coding style (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: hci_event: Fix using memcmp when comparing keys (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: Reject connection with the device which has same BD_ADDR (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- Bluetooth: hci_event: Ignore NULL link key (David Marlin) [RHEL-3017] {CVE-2020-26555}
+- ppp_async: limit MRU to 64K (Guillaume Nault) [RHEL-31353] {CVE-2024-26675}
+- powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Mamatha Inamdar) [RHEL-37078] {CVE-2023-52675}
+- tcp: do not accept ACK of bytes we never sent (Xin Long) [RHEL-21952]
+
 * Mon May 20 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.5.1.el8_10]
 - tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-29238]
 - tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-29238]
diff --git a/sources b/sources
index 82ca21310..1ec9c4a41 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.5.1.el8_10.tar.xz) = 2a117fc1f444c51e45871df95a40ad6db04c70505c6e483ef2f7bc76c376fa8e47f6a597119564e50e1149c06bd3437a481baf0fb1b5d91f215bb7135987f1a5
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 9ba75e6231c2d95cb9c086faab46a4c1bb0a206180e5d501e14d3705e027d6d888272334dfbbe096f5ce318de50528540b30b44f328a511edc6a14072992a823
+SHA512 (linux-4.18.0-553.6.1.el8_10.tar.xz) = e1d8fe9f7b91d7db41708bcc54a13232509e143798d1c036d26d69ae18f54ef5f49b7fb25fc0bece6fcaa09abb38b881e33a47c3834b4d34ef05b30b47dd3536
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 5a764018932c1dacc5d5922de457ca5a1c50b5132caf5a863cd2562ab14086e57238191877377f2646f4044f65d6d3731f4d6b51436d386b4f8ebabd128f1dc9
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf