diff --git a/.gitignore b/.gitignore index a5880dd..5e20144 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 -SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz +SOURCES/linux-4.18.0-513.24.1.el8_9.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index 34e7605..1f63a32 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -6bac4f0d78ba0bb5ead1fb8246e3696a463e9b07 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 -98694c1cb92f1ff948a817c610e83f44cdefdc46 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 -cb01896ee61636ccd11f3359e7d30d390802cc81 SOURCES/linux-4.18.0-513.18.1.el8_9.tar.xz +c7f830cea6081a930009b1f964e7f9b70c47eeb3 SOURCES/kernel-abi-stablelists-4.18.0-513.tar.bz2 +15094c92ff5c01bb04f3f9052561a774df6502c4 SOURCES/kernel-kabi-dw-4.18.0-513.tar.bz2 +6a87768e60e51e5c1d227082dcbdd3ed5c98ce8e SOURCES/linux-4.18.0-513.24.1.el8_9.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 5fe3fc7..99687e0 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,12 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 513.18.2.el8_9 +%define pkgrelease 513.24.1.el8_9 # allow pkg_release to have configurable %%{?dist} tag -# alma patched to 513.18.2 but still using 513.18.1 sources plus patch file -%define specrelease 513.18.2%{?dist} -%define tarfile_release 513.18.1.el8_9 +%define specrelease 513.24.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -55,6 +53,7 @@ # architecture allows it. All should default to 1 (enabled) and be flipped to # 0 (disabled) by later arch-specific checks. +%define _with_kabidupchk 1 %define _with_kabidupchk 1 # The following build options are enabled by default. # Use either --without in your rpmbuild command or force values @@ -436,7 +435,7 @@ BuildRequires: xmlto BuildRequires: asciidoc %endif -Source0: linux-%{specversion}-%{tarfile_release}.tar.xz +Source0: linux-%{specversion}-%{pkgrelease}.tar.xz Source9: x509.genkey @@ -1089,9 +1088,9 @@ ApplyOptionalPatch() fi } -%setup -q -n %{name}-%{specversion}-%{tarfile_release} -c -cp -v %{SOURCE9000} linux-%{specversion}-%{tarfile_release}/certs/rhel.pem -mv linux-%{specversion}-%{tarfile_release} linux-%{KVERREL} +%setup -q -n %{name}-%{specversion}-%{pkgrelease} -c +cp -v %{SOURCE9000} linux-%{specversion}-%{pkgrelease}/certs/rhel.pem +mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} @@ -2697,8 +2696,174 @@ fi # # %changelog -* Fri Mar 29 2024 Jonathan Wright [4.18.0-513.18.2.el8_9] -- netfilter: nf_tables: reject QUEUE/DROP verdict parameters {CVE-2024-1086} +* Thu Mar 14 2024 Lucas Zampieri [4.18.0-513.24.1.el8_9] +- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-27496 RHEL-21760] +- ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-27496 RHEL-21760] +- ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-27496 RHEL-21760] + +* Thu Mar 07 2024 Patrick Talbert [4.18.0-513.23.1.el8_9] +- scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26139 RHEL-25747] +- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-26331 RHEL-23386] {CVE-2021-33631} +- serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: expand "custom" (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: extract port ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: drop ISA support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} +- tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} + +* Thu Feb 29 2024 Patrick Talbert [4.18.0-513.22.1.el8_9] +- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-25811 RHEL-11194] +- smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-25719 RHEL-22312] +- ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-20909 RHEL-16412] +- ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-20909 RHEL-16412] +- KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-23063 RHEL-7558] +- x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-23063 RHEL-7558] +- dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] +- dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-26101 RHEL-22232] +- dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] + +* Thu Feb 22 2024 Patrick Talbert [4.18.0-513.21.1.el8_9] +- rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-24204 RHEL-21941] +- drm/amdgpu: Fix potential fence use-after-free v2 (Jorge San Emeterio) [RHEL-24479 RHEL-22504] {CVE-2023-51042} +- perf: Fix perf_event_validate_size() lockdep splat (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} +- perf: Fix perf_event_validate_size() (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} +- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-22077 RHEL-21685] {CVE-2024-0565} +- ibmveth: Remove condition to recompute TCP header checksum. (Mamatha Inamdar) [RHEL-20822 RHEL-12553] + +* Thu Feb 15 2024 Patrick Talbert [4.18.0-513.20.1.el8_9] +- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-22766 RHEL-3179] {CVE-2022-38096} +- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21055 RHEL-21054] + +* Thu Feb 08 2024 Patrick Talbert [4.18.0-513.19.1.el8_9] +- libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-21394 RHEL-20390] +- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24010 RHEL-23506] {CVE-2024-1086} * Thu Feb 01 2024 Patrick Talbert [4.18.0-513.18.1.el8_9] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}