kernel

History

Andrew Lukoshko dde83d6182 Bump version to 4.18.0-553.126.2 Add the cifs.spnego userspace description fence. 1100-smb-client-reject-userspace-cifs.spnego-descriptions.patch Upstream commit 3da1fdf4efbc with the file path rewritten from fs/smb/client/cifs_spnego.c to fs/cifs/cifs_spnego.c (the cifs source has not been relocated under fs/smb/client/ in the AlmaLinux 8 tree). Refuses userspace-created cifs.spnego keys via request_key(2)/add_key(2); only kernel CIFS using the private spnego_cred may create them. cifs.upcall treats the key description as kernel-originating pid/uid/creduid/upcall_target -- without this fence, userspace can spoof those fields. Reintroduce the tarfile_release indirection so pkgrelease can advance independently of the imported source tarball (the indirection was reset by the 553.126.1 CS import; same pattern as `9497fbc22`).	2026-05-28 12:11:11 +00:00
..
kernel.spec	Bump version to 4.18.0-553.126.2	2026-05-28 12:11:11 +00:00

Andrew Lukoshko dde83d6182 Bump version to 4.18.0-553.126.2

Add the cifs.spnego userspace description fence.

  1100-smb-client-reject-userspace-cifs.spnego-descriptions.patch
    Upstream commit 3da1fdf4efbc with the file path rewritten from
    fs/smb/client/cifs_spnego.c to fs/cifs/cifs_spnego.c (the cifs
    source has not been relocated under fs/smb/client/ in the
    AlmaLinux 8 tree). Refuses userspace-created cifs.spnego keys
    via request_key(2)/add_key(2); only kernel CIFS using the
    private spnego_cred may create them. cifs.upcall treats the key
    description as kernel-originating
    pid/uid/creduid/upcall_target -- without this fence, userspace
    can spoof those fields.

Reintroduce the tarfile_release indirection so pkgrelease can
advance independently of the imported source tarball (the indirection
was reset by the 553.126.1 CS import; same pattern as 9497fbc22).

2026-05-28 12:11:11 +00:00

kernel.spec Bump version to 4.18.0-553.126.2 2026-05-28 12:11:11 +00:00