From bff18cb2162ed778eb71f71acc6b3d3085d0f746 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= <ahajkova@redhat.com>
Date: Thu, 13 Nov 2025 16:21:51 +0100
Subject: [PATCH] kernel-4.18.0-553.85.1.el8_10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Thu Nov 13 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.85.1.el8_10]
- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123799]
- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123799] {CVE-2025-39968}
- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123799] {CVE-2025-39969}
- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123799] {CVE-2025-39970}
- i40e: Fix filter input checks to prevent config with invalid values (Michal Schmidt) [RHEL-123799]
- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123799] {CVE-2025-39971}
- i40e: fix: remove needless retries of NVM update (Michal Schmidt) [RHEL-123799]
- i40e: remove i40e_status (Michal Schmidt) [RHEL-123799]
- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123799] {CVE-2025-39972}
- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123799] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Michal Schmidt) [RHEL-123799]
- drm/nouveau: Don't create connectors that aren't in disp.conn_mask (Lyude Paul) [RHEL-22122]
- NFS: Fix a race when updating an existing write (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
- nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
- The rpminspect.yaml emptyrpm list needs to be expanded (Alexandra Hájková)
Resolves: RHEL-113849, RHEL-123799, RHEL-22122

Signed-off-by: Alexandra Hájková <ahajkova@redhat.com>
---
 kernel.spec     | 21 +++++++++++++++++++--
 rpminspect.yaml |  2 ++
 sources         |  4 ++--
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index db62547d9..a5fa96acc 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.84.1.el8_10
+%define pkgrelease 553.85.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.84.1%{?dist}
+%define specrelease 553.85.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2705,6 +2705,23 @@ fi
 #
 #
 %changelog
+* Thu Nov 13 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.85.1.el8_10]
+- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123799]
+- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123799] {CVE-2025-39968}
+- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123799] {CVE-2025-39969}
+- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123799] {CVE-2025-39970}
+- i40e: Fix filter input checks to prevent config with invalid values (Michal Schmidt) [RHEL-123799]
+- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123799] {CVE-2025-39971}
+- i40e: fix: remove needless retries of NVM update (Michal Schmidt) [RHEL-123799]
+- i40e: remove i40e_status (Michal Schmidt) [RHEL-123799]
+- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123799] {CVE-2025-39972}
+- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123799] {CVE-2025-39973}
+- i40e: increase max descriptors for XL710 (Michal Schmidt) [RHEL-123799]
+- drm/nouveau: Don't create connectors that aren't in disp.conn_mask (Lyude Paul) [RHEL-22122]
+- NFS: Fix a race when updating an existing write (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
+- nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
+- The rpminspect.yaml emptyrpm list needs to be expanded (Alexandra Hájková)
+
 * Thu Nov 06 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.84.1.el8_10]
 - cgroup: don't put ERR_PTR() into fc->root (CKI Backport Bot) [RHEL-123775]
 - vsock/virtio: Validate length in packet header before skb_put() (Jon Maloy) [RHEL-114296] {CVE-2025-39718}
diff --git a/rpminspect.yaml b/rpminspect.yaml
index 40d00d467..bad99359e 100644
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@@ -26,6 +26,8 @@ emptyrpm:
         - kernel-debug
         - kernel-zfcpdump
         - kernel-zfcpdump-modules
+        - kernel-rt
+        - kernel-rt-debug
 
 patches:
     ignore_list:
diff --git a/sources b/sources
index 3ffe4157d..5de79c582 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.84.1.el8_10.tar.xz) = 0dffa7747fbe7529df0237252d1a9527db83aff17c0f7fbba2c78dda14662ba9fc5910fbf9201e90d912684c104adc597d1283b87c7829b22721b2ad74109a13
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 4030373b899e45a1d86c642ea9054f1baeb292cedab63865d18eb5335e264310c2ce1d3129865769a132099208dbc500f5c05fd3e042c25182ac75afc2148885
+SHA512 (linux-4.18.0-553.85.1.el8_10.tar.xz) = a135611c3875c23703649a29fde4a7ccb488238498da895e95c3e71810a4b873bdd9caa94ffe730432fe29f025b4afb16eabde0b4ca34d37d7a0e4a6f6262ae2
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 8cf494d70df684d72fd25a5ddbb1341d64fb60951f4c22d3fa859eb78bf93a1fa41d362c3b192f7fea25c9696a744728e4fc6f1455807a8a6e1dedf25f963916
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 1ac5ac6985d4f141b2a06df5df02b1f75aad141c1385ce0ba69aaf2c3677d9a8fd7f5194200f071e7b93387e84963ad2a99830c85bad647a06d2cb16dd919562