From c7dc249bc9e6d57491e7902a1866f6259fcf4760 Mon Sep 17 00:00:00 2001
From: Lucas Zampieri <lzampier@redhat.com>
Date: Mon, 12 Aug 2024 16:29:21 +0000
Subject: [PATCH] kernel-5.14.0-496.el9

* Mon Aug 12 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-496.el9]
- mptcp: fix possible NULL dereferences (Antoine Tenart) [RHEL-48648]
- af_packet: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
- udp: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
- tcp: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
- net: raw: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
- ping: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
- net: introduce sk_skb_reason_drop function (Antoine Tenart) [RHEL-48648]
- net: add rx_sk to trace_kfree_skb (Antoine Tenart) [RHEL-48648]
- tcp: rstreason: fully support in tcp_check_req() (Antoine Tenart) [RHEL-48648]
- tcp: rstreason: handle timewait cases in the receive path (Antoine Tenart) [RHEL-48648]
- tcp: rstreason: fully support in tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
- tcp: rstreason: fully support in tcp_ack() (Antoine Tenart) [RHEL-48648]
- tcp: rstreason: fully support in tcp_rcv_synsent_state_process() (Antoine Tenart) [RHEL-48648]
- rstreason: make it work in trace world (Antoine Tenart) [RHEL-48648]
- mptcp: introducing a helper into active reset logic (Antoine Tenart) [RHEL-48648]
- mptcp: support rstreason for passive reset (Antoine Tenart) [RHEL-48648]
- tcp: support rstreason for passive reset (Antoine Tenart) [RHEL-48648]
- rstreason: prepare for active reset (Antoine Tenart) [RHEL-48648]
- rstreason: prepare for passive reset (Antoine Tenart) [RHEL-48648]
- net: introduce rstreason to detect why the RST is sent (Antoine Tenart) [RHEL-48648]
- trace: tcp: fully support trace_tcp_send_reset (Antoine Tenart) [RHEL-48648]
- trace: adjust TP_STORE_ADDR_PORTS_SKB() parameters (Antoine Tenart) [RHEL-48648]
- net: udp: add IP/port data to the tracepoint udp/udp_fail_queue_rcv_skb (Antoine Tenart) [RHEL-48648]
- net: port TP_STORE_ADDR_PORTS_SKB macro to be tcp/udp independent (Antoine Tenart) [RHEL-48648]
- trace: use TP_STORE_ADDRS() macro in inet_sock_set_state() (Antoine Tenart) [RHEL-48648]
- trace: use TP_STORE_ADDRS() macro in inet_sk_error_report() (Antoine Tenart) [RHEL-48648]
- trace: move to TP_STORE_ADDRS related macro to net_probe_common.h (Antoine Tenart) [RHEL-48648]
- inet: preserve const qualifier in inet_sk() (Antoine Tenart) [RHEL-48648]
- tcp: make dropreason in tcp_child_process() work (Antoine Tenart) [RHEL-48648]
- tcp: make the dropreason really work when calling tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
- tcp: add dropreasons in tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
- tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() (Antoine Tenart) [RHEL-48648]
- tcp: introduce dropreasons in receive path (Antoine Tenart) [RHEL-48648]
- tcp: use drop reasons in cookie check for ipv6 (Antoine Tenart) [RHEL-48648]
- tcp: directly drop skb in cookie check for ipv6 (Antoine Tenart) [RHEL-48648]
- tcp: use drop reasons in cookie check for ipv4 (Antoine Tenart) [RHEL-48648]
- tcp: directly drop skb in cookie check for ipv4 (Antoine Tenart) [RHEL-48648]
- tcp: add a dropreason definitions and prepare for cookie check (Antoine Tenart) [RHEL-48648]
- tcp: Clean up goto labels in cookie_v[46]_check(). (Antoine Tenart) [RHEL-48648]
- net: use %%pS for kfree_skb tracing event location (Antoine Tenart) [RHEL-48648]
- PCI: endpoint: remove bogus return in pci_epf_device_remove() (Brian Masney) [RHEL-47218]
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37006] {CVE-2024-35855}
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37010] {CVE-2024-35854}
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37014] {CVE-2024-35853}
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37486] {CVE-2024-36006}
Resolves: RHEL-37006, RHEL-37010, RHEL-37014, RHEL-37486, RHEL-47218, RHEL-48648

Signed-off-by: Lucas Zampieri <lzampier@redhat.com>
---
 Makefile.rhelver |  2 +-
 kernel.changelog | 48 ++++++++++++++++++++++++++++++++++++++++++
 kernel.spec      | 55 ++++++++++++++++++++++++++++++++++++++++++++----
 sources          |  6 +++---
 4 files changed, 103 insertions(+), 8 deletions(-)

diff --git a/Makefile.rhelver b/Makefile.rhelver
index 8f1e20426..129921321 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 5
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 495
+RHEL_RELEASE = 496
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index effef7eb4..0340fd189 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,51 @@
+* Mon Aug 12 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-496.el9]
+- mptcp: fix possible NULL dereferences (Antoine Tenart) [RHEL-48648]
+- af_packet: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- udp: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- tcp: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- net: raw: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- ping: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- net: introduce sk_skb_reason_drop function (Antoine Tenart) [RHEL-48648]
+- net: add rx_sk to trace_kfree_skb (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_check_req() (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: handle timewait cases in the receive path (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_ack() (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_rcv_synsent_state_process() (Antoine Tenart) [RHEL-48648]
+- rstreason: make it work in trace world (Antoine Tenart) [RHEL-48648]
+- mptcp: introducing a helper into active reset logic (Antoine Tenart) [RHEL-48648]
+- mptcp: support rstreason for passive reset (Antoine Tenart) [RHEL-48648]
+- tcp: support rstreason for passive reset (Antoine Tenart) [RHEL-48648]
+- rstreason: prepare for active reset (Antoine Tenart) [RHEL-48648]
+- rstreason: prepare for passive reset (Antoine Tenart) [RHEL-48648]
+- net: introduce rstreason to detect why the RST is sent (Antoine Tenart) [RHEL-48648]
+- trace: tcp: fully support trace_tcp_send_reset (Antoine Tenart) [RHEL-48648]
+- trace: adjust TP_STORE_ADDR_PORTS_SKB() parameters (Antoine Tenart) [RHEL-48648]
+- net: udp: add IP/port data to the tracepoint udp/udp_fail_queue_rcv_skb (Antoine Tenart) [RHEL-48648]
+- net: port TP_STORE_ADDR_PORTS_SKB macro to be tcp/udp independent (Antoine Tenart) [RHEL-48648]
+- trace: use TP_STORE_ADDRS() macro in inet_sock_set_state() (Antoine Tenart) [RHEL-48648]
+- trace: use TP_STORE_ADDRS() macro in inet_sk_error_report() (Antoine Tenart) [RHEL-48648]
+- trace: move to TP_STORE_ADDRS related macro to net_probe_common.h (Antoine Tenart) [RHEL-48648]
+- inet: preserve const qualifier in inet_sk() (Antoine Tenart) [RHEL-48648]
+- tcp: make dropreason in tcp_child_process() work (Antoine Tenart) [RHEL-48648]
+- tcp: make the dropreason really work when calling tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: add dropreasons in tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: introduce dropreasons in receive path (Antoine Tenart) [RHEL-48648]
+- tcp: use drop reasons in cookie check for ipv6 (Antoine Tenart) [RHEL-48648]
+- tcp: directly drop skb in cookie check for ipv6 (Antoine Tenart) [RHEL-48648]
+- tcp: use drop reasons in cookie check for ipv4 (Antoine Tenart) [RHEL-48648]
+- tcp: directly drop skb in cookie check for ipv4 (Antoine Tenart) [RHEL-48648]
+- tcp: add a dropreason definitions and prepare for cookie check (Antoine Tenart) [RHEL-48648]
+- tcp: Clean up goto labels in cookie_v[46]_check(). (Antoine Tenart) [RHEL-48648]
+- net: use %%pS for kfree_skb tracing event location (Antoine Tenart) [RHEL-48648]
+- PCI: endpoint: remove bogus return in pci_epf_device_remove() (Brian Masney) [RHEL-47218]
+- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37006] {CVE-2024-35855}
+- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37010] {CVE-2024-35854}
+- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37014] {CVE-2024-35853}
+- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37486] {CVE-2024-36006}
+Resolves: RHEL-37006, RHEL-37010, RHEL-37014, RHEL-37486, RHEL-47218, RHEL-48648
+
 * Fri Aug 09 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-495.el9]
 - tcp_metrics: validate source addr length (Guillaume Nault) [RHEL-52031] {CVE-2024-42154}
 - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Benjamin Coddington) [RHEL-53004]
diff --git a/kernel.spec b/kernel.spec
index 98ae9c3f2..bd8f391cd 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 495
+%define pkgrelease 496
 %define kversion 5
-%define tarfile_release 5.14.0-495.el9
+%define tarfile_release 5.14.0-496.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 495%{?buildid}%{?dist}
+%define specrelease 496%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-495.el9
+%define kabiversion 5.14.0-496.el9
 
 #
 # End of genspec.sh variables
@@ -3782,6 +3782,53 @@ fi
 #
 #
 %changelog
+* Mon Aug 12 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-496.el9]
+- mptcp: fix possible NULL dereferences (Antoine Tenart) [RHEL-48648]
+- af_packet: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- udp: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- tcp: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- net: raw: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- ping: use sk_skb_reason_drop to free rx packets (Antoine Tenart) [RHEL-48648]
+- net: introduce sk_skb_reason_drop function (Antoine Tenart) [RHEL-48648]
+- net: add rx_sk to trace_kfree_skb (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_check_req() (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: handle timewait cases in the receive path (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_ack() (Antoine Tenart) [RHEL-48648]
+- tcp: rstreason: fully support in tcp_rcv_synsent_state_process() (Antoine Tenart) [RHEL-48648]
+- rstreason: make it work in trace world (Antoine Tenart) [RHEL-48648]
+- mptcp: introducing a helper into active reset logic (Antoine Tenart) [RHEL-48648]
+- mptcp: support rstreason for passive reset (Antoine Tenart) [RHEL-48648]
+- tcp: support rstreason for passive reset (Antoine Tenart) [RHEL-48648]
+- rstreason: prepare for active reset (Antoine Tenart) [RHEL-48648]
+- rstreason: prepare for passive reset (Antoine Tenart) [RHEL-48648]
+- net: introduce rstreason to detect why the RST is sent (Antoine Tenart) [RHEL-48648]
+- trace: tcp: fully support trace_tcp_send_reset (Antoine Tenart) [RHEL-48648]
+- trace: adjust TP_STORE_ADDR_PORTS_SKB() parameters (Antoine Tenart) [RHEL-48648]
+- net: udp: add IP/port data to the tracepoint udp/udp_fail_queue_rcv_skb (Antoine Tenart) [RHEL-48648]
+- net: port TP_STORE_ADDR_PORTS_SKB macro to be tcp/udp independent (Antoine Tenart) [RHEL-48648]
+- trace: use TP_STORE_ADDRS() macro in inet_sock_set_state() (Antoine Tenart) [RHEL-48648]
+- trace: use TP_STORE_ADDRS() macro in inet_sk_error_report() (Antoine Tenart) [RHEL-48648]
+- trace: move to TP_STORE_ADDRS related macro to net_probe_common.h (Antoine Tenart) [RHEL-48648]
+- inet: preserve const qualifier in inet_sk() (Antoine Tenart) [RHEL-48648]
+- tcp: make dropreason in tcp_child_process() work (Antoine Tenart) [RHEL-48648]
+- tcp: make the dropreason really work when calling tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: add dropreasons in tcp_rcv_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() (Antoine Tenart) [RHEL-48648]
+- tcp: introduce dropreasons in receive path (Antoine Tenart) [RHEL-48648]
+- tcp: use drop reasons in cookie check for ipv6 (Antoine Tenart) [RHEL-48648]
+- tcp: directly drop skb in cookie check for ipv6 (Antoine Tenart) [RHEL-48648]
+- tcp: use drop reasons in cookie check for ipv4 (Antoine Tenart) [RHEL-48648]
+- tcp: directly drop skb in cookie check for ipv4 (Antoine Tenart) [RHEL-48648]
+- tcp: add a dropreason definitions and prepare for cookie check (Antoine Tenart) [RHEL-48648]
+- tcp: Clean up goto labels in cookie_v[46]_check(). (Antoine Tenart) [RHEL-48648]
+- net: use %%pS for kfree_skb tracing event location (Antoine Tenart) [RHEL-48648]
+- PCI: endpoint: remove bogus return in pci_epf_device_remove() (Brian Masney) [RHEL-47218]
+- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37006] {CVE-2024-35855}
+- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37010] {CVE-2024-35854}
+- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37014] {CVE-2024-35853}
+- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37486] {CVE-2024-36006}
+
 * Fri Aug 09 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-495.el9]
 - tcp_metrics: validate source addr length (Guillaume Nault) [RHEL-52031] {CVE-2024-42154}
 - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Benjamin Coddington) [RHEL-53004]
diff --git a/sources b/sources
index 7a70cb3de..4c99b3ccd 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-495.el9.tar.xz) = e4f7233575d75a7f6ddf2cfedae30fd5685f9f5fb9b57516be9fbcacbc4d89959eef9887c57ad7e3b8e243a96779385f4a6f28eb022f891b0b61a11c86bedacc
-SHA512 (kernel-abi-stablelists-5.14.0-495.el9.tar.bz2) = fc3a49cb9a55dcd1ba5aa10405162966d3aafa652d3c597f9213f7bca737160398ddb2341c519b44524566f4145619a9fc1dd77f48d995087fb358f47397acd9
-SHA512 (kernel-kabi-dw-5.14.0-495.el9.tar.bz2) = 3f0b8360a9dbf1660f576a6b130928640383aaca5344d226a807e4f8cf4ae749d3dd2b35b5a0ff65fc284ed42d0bbbbf8ebcd5c056e1c8d1ef5c0998c27213ad
+SHA512 (linux-5.14.0-496.el9.tar.xz) = 73831b355d935537945b28cd884b8514c7b3ecfc6e0ce089924523305ff3f79a72a4e276a35a61a48f4bc032a0567b8da2fc1eb46120137c5c4cdf51a9efa6a6
+SHA512 (kernel-abi-stablelists-5.14.0-496.el9.tar.bz2) = 24ba98743224ad53dc3be91ac6836f029edb57142b0458d53b641b08d55fefd26bc46a1bab6f8dd1c24913f0c296dd2f68fef5b7c9154a449d1bef535c511c64
+SHA512 (kernel-kabi-dw-5.14.0-496.el9.tar.bz2) = 3b8d80b1f7644ed93773092dbb6f02ec46b888d9408e3449d5cfe8c90350e800aeed7a1a01265e37a093100d50eb374902527ccb1efb1807ead1f59c2a28f37b