From ca236b8a77c665fbf90434a72303d4fc4fa25dcb Mon Sep 17 00:00:00 2001
From: Rado Vrbovsky <rvrbovsk@redhat.com>
Date: Mon, 16 Sep 2024 12:19:34 +0000
Subject: [PATCH] kernel-5.14.0-510.el9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Mon Sep 16 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-510.el9]
- perf: Fix event leak upon exec and file release (Michael Petlan) [RHEL-55606] {CVE-2024-43869}
- perf: Fix event leak upon exit (Michael Petlan) [RHEL-55603] {CVE-2024-43870}
- task_work: Introduce task_work_cancel() again (Michael Petlan) [RHEL-55603]
- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Michael Petlan) [RHEL-55603]
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44213] {CVE-2024-38558}
- net: drop bad gso csum_start and offset in virtio_net_hdr (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
- net: change maximum number of UDP segments to 128 (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
- net: missing check virtio (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
- fuse: Initialize beyond-EOF page contents before setting uptodate (CKI Backport Bot) [RHEL-56932] {CVE-2024-44947}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51285] {CVE-2024-41071}
- nvme-pci: add missing condition check for existence of mapped data (Maurizio Lombardi) [RHEL-55099] {CVE-2024-42276}
- sctp: fix association labeling in the duplicate COOKIE-ECHO case (Ondrej Mosnacek) [RHEL-48647]
- s390/ap: Refine AP bus bindings complete processing (Cédric Le Goater) [RHEL-50373]
- ice: Add netif_device_attach/detach into PF reset flow (Michal Schmidt) [RHEL-56084]
- ext4: make sure the first directory block is not a hole (CKI Backport Bot) [RHEL-54975] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (CKI Backport Bot) [RHEL-54964] {CVE-2024-42305}
Resolves: RHEL-54975, RHEL-54964

Signed-off-by: Rado Vrbovsky <rvrbovsk@redhat.com>
---
 Makefile.rhelver |  2 +-
 kernel.changelog | 41 +++++++++++++++++++++++++++++++++++++++++
 kernel.spec      | 27 +++++++++++++++++++++++----
 sources          |  6 +++---
 4 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/Makefile.rhelver b/Makefile.rhelver
index 44b923780..a42bdbb36 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 6
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 509
+RHEL_RELEASE = 510
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index c08f567e9..c6e1ee48a 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,23 @@
+* Mon Sep 16 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-510.el9]
+- perf: Fix event leak upon exec and file release (Michael Petlan) [RHEL-55606] {CVE-2024-43869}
+- perf: Fix event leak upon exit (Michael Petlan) [RHEL-55603] {CVE-2024-43870}
+- task_work: Introduce task_work_cancel() again (Michael Petlan) [RHEL-55603]
+- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Michael Petlan) [RHEL-55603]
+- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44213] {CVE-2024-38558}
+- net: drop bad gso csum_start and offset in virtio_net_hdr (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: change maximum number of UDP segments to 128 (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: missing check virtio (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- fuse: Initialize beyond-EOF page contents before setting uptodate (CKI Backport Bot) [RHEL-56932] {CVE-2024-44947}
+- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51285] {CVE-2024-41071}
+- nvme-pci: add missing condition check for existence of mapped data (Maurizio Lombardi) [RHEL-55099] {CVE-2024-42276}
+- sctp: fix association labeling in the duplicate COOKIE-ECHO case (Ondrej Mosnacek) [RHEL-48647]
+- s390/ap: Refine AP bus bindings complete processing (Cédric Le Goater) [RHEL-50373]
+- ice: Add netif_device_attach/detach into PF reset flow (Michal Schmidt) [RHEL-56084]
+- ext4: make sure the first directory block is not a hole (CKI Backport Bot) [RHEL-54975] {CVE-2024-42304}
+- ext4: check dot and dotdot of dx_root before making dir indexed (CKI Backport Bot) [RHEL-54964] {CVE-2024-42305}
+Resolves: RHEL-44213, RHEL-48647, RHEL-50373, RHEL-51285, RHEL-54891, RHEL-54964, RHEL-54975, RHEL-55099, RHEL-55603, RHEL-55606, RHEL-56084, RHEL-56932
+
 * Fri Sep 13 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-509.el9]
 - RDMA/mana_ib: Set correct device into ib (Maxim Levitsky) [RHEL-54330]
 - net: mana: Fix possible double free in error handling path (Maxim Levitsky) [RHEL-54330]
@@ -433,6 +453,27 @@ Resolves: RHEL-3230, RHEL-37349, RHEL-38600, RHEL-50255, RHEL-52234, RHEL-53992,
 - Revert "x86/topology: Fix max_siblings calculation for some hybrid cpus" (David Arcari) [RHEL-43147]
 Resolves: RHEL-43147, RHEL-54768
 
+* Tue Sep 10 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.3.1.el9_5]
+- perf: Fix event leak upon exec and file release (Michael Petlan) [RHEL-55606] {CVE-2024-43869}
+- perf: Fix event leak upon exit (Michael Petlan) [RHEL-55603] {CVE-2024-43870}
+- task_work: Introduce task_work_cancel() again (Michael Petlan) [RHEL-55603]
+- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Michael Petlan) [RHEL-55603]
+- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44213] {CVE-2024-38558}
+- net: drop bad gso csum_start and offset in virtio_net_hdr (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: change maximum number of UDP segments to 128 (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: missing check virtio (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- fuse: Initialize beyond-EOF page contents before setting uptodate (CKI Backport Bot) [RHEL-56932] {CVE-2024-44947}
+- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51285] {CVE-2024-41071}
+- nvme-pci: add missing condition check for existence of mapped data (Maurizio Lombardi) [RHEL-55099] {CVE-2024-42276}
+Resolves: RHEL-44213, RHEL-51285, RHEL-54891, RHEL-55099, RHEL-55603, RHEL-55606, RHEL-56932
+
+* Fri Sep 06 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.2.1.el9_5]
+- sctp: fix association labeling in the duplicate COOKIE-ECHO case (Ondrej Mosnacek) [RHEL-48647]
+- s390/ap: Refine AP bus bindings complete processing (Cédric Le Goater) [RHEL-50373]
+- ice: Add netif_device_attach/detach into PF reset flow (Michal Schmidt) [RHEL-56084]
+Resolves: RHEL-48647, RHEL-50373, RHEL-56084
+
 * Tue Sep 03 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.1.1.el9_5]
 - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (Desnes Nunes) [RHEL-52378] {CVE-2024-42226}
 - redhat: set defaults for RHEL 9.5 (Lucas Zampieri)
diff --git a/kernel.spec b/kernel.spec
index 2ed752fb7..ec5dfc40a 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 509
+%define pkgrelease 510
 %define kversion 5
-%define tarfile_release 5.14.0-509.el9
+%define tarfile_release 5.14.0-510.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 509%{?buildid}%{?dist}
+%define specrelease 510%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-509.el9
+%define kabiversion 5.14.0-510.el9
 
 #
 # End of genspec.sh variables
@@ -3799,6 +3799,25 @@ fi
 #
 #
 %changelog
+* Mon Sep 16 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-510.el9]
+- perf: Fix event leak upon exec and file release (Michael Petlan) [RHEL-55606] {CVE-2024-43869}
+- perf: Fix event leak upon exit (Michael Petlan) [RHEL-55603] {CVE-2024-43870}
+- task_work: Introduce task_work_cancel() again (Michael Petlan) [RHEL-55603]
+- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Michael Petlan) [RHEL-55603]
+- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44213] {CVE-2024-38558}
+- net: drop bad gso csum_start and offset in virtio_net_hdr (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: change maximum number of UDP segments to 128 (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- net: missing check virtio (Laurent Vivier) [RHEL-54891] {CVE-2024-43817}
+- fuse: Initialize beyond-EOF page contents before setting uptodate (CKI Backport Bot) [RHEL-56932] {CVE-2024-44947}
+- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51285] {CVE-2024-41071}
+- nvme-pci: add missing condition check for existence of mapped data (Maurizio Lombardi) [RHEL-55099] {CVE-2024-42276}
+- sctp: fix association labeling in the duplicate COOKIE-ECHO case (Ondrej Mosnacek) [RHEL-48647]
+- s390/ap: Refine AP bus bindings complete processing (Cédric Le Goater) [RHEL-50373]
+- ice: Add netif_device_attach/detach into PF reset flow (Michal Schmidt) [RHEL-56084]
+- ext4: make sure the first directory block is not a hole (CKI Backport Bot) [RHEL-54975] {CVE-2024-42304}
+- ext4: check dot and dotdot of dx_root before making dir indexed (CKI Backport Bot) [RHEL-54964] {CVE-2024-42305}
+
 * Fri Sep 13 2024 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-509.el9]
 - RDMA/mana_ib: Set correct device into ib (Maxim Levitsky) [RHEL-54330]
 - net: mana: Fix possible double free in error handling path (Maxim Levitsky) [RHEL-54330]
diff --git a/sources b/sources
index d90c44a48..e720a428a 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-509.el9.tar.xz) = 83c5feaafcd44a473be2a650de1bc668d128e1daab1f05ab25dfc6486b2b79e581262c8ed81c4496d9efe69fc0715e7ff6d3bc8abb143a6a4919501019f4de03
-SHA512 (kernel-abi-stablelists-5.14.0-509.el9.tar.bz2) = e3cdbca640c03d8daa0cf5d5a6a86f30ddb5b53c6902c9184d1ec22b0506632093c18a1194b5fa4a3a78b96c1e160946d4be125fbff84c7735c7670c5dc91ee3
-SHA512 (kernel-kabi-dw-5.14.0-509.el9.tar.bz2) = 3d08f838767b27b87724fed347ce3be63fce15e5eded0576121c474d14db4a6d07895b350c635e343d5522ac237dfd982d1f39b8480c4129f4eb79f6a64115cb
+SHA512 (linux-5.14.0-510.el9.tar.xz) = 51ccd7a681a29fdc9e47a73a5482e38ee8c448a4b85b416f0058ab0751cd4d2d404c55ae8ed72b01463feb7c158784f949ea4f744349c199f779a054c9c77de0
+SHA512 (kernel-abi-stablelists-5.14.0-510.el9.tar.bz2) = bb2b9ec4964dd237d2787bc0805d53e2df2611a67aeeb6219d867e714c64b42b27819538a3d8850616545fb723437d2dbf7a9aec3e18350b21a4eea15928edbd
+SHA512 (kernel-kabi-dw-5.14.0-510.el9.tar.bz2) = 3d08f838767b27b87724fed347ce3be63fce15e5eded0576121c474d14db4a6d07895b350c635e343d5522ac237dfd982d1f39b8480c4129f4eb79f6a64115cb