5 files changed, 43 insertions, 113 deletions
diff --git a/SOURCES/Patchlist.changelog b/SOURCES/Patchlist.changelog
index 00475c0..cae9726 100644
--- a/SOURCES/Patchlist.changelog
+++ b/SOURCES/Patchlist.changelog
@@ -1,3 +1,6 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/f65fe5e93408aed742291b98358a9873317a59ef
+ f65fe5e93408aed742291b98358a9873317a59ef Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
+
 "https://gitlab.com/cki-project/kernel-ark/-/commit"/11fa2c73bc247b4d40c71e3220ead390202a2043
  11fa2c73bc247b4d40c71e3220ead390202a2043 selftests: openvswitch: Add validation for the recursion test
 
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index db610ce..1377ded 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,13 @@
+* Wed Mar 06 2024 Augusto Caringi <acaringi@redhat.com> [6.7.9-0]
+- Add some CVE fixes for 6.7.9 (Justin M. Forbes)
+- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
+- Linux v6.7.9
+Resolves: 
+
+* Sun Mar 03 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.7.8-0]
+- Linux v6.7.8
+Resolves: 
+
 * Fri Mar 01 2024 Augusto Caringi <acaringi@redhat.com> [6.7.7-0]
 - Add rhbz 2266309 to BugsFixed (Justin M. Forbes)
 - Add libperf-debuginfo subpackage (Justin M. Forbes)
diff --git a/SOURCES/patch-6.7-redhat.patch b/SOURCES/patch-6.7-redhat.patch
index 112914f..365623b 100644
--- a/SOURCES/patch-6.7-redhat.patch
+++ b/SOURCES/patch-6.7-redhat.patch
@@ -32,6 +32,7 @@
  include/linux/security.h                           |   5 +
  kernel/module/main.c                               |   2 +
  kernel/module/signing.c                            |   9 +-
+ net/bluetooth/rfcomm/core.c                        |   2 +-
  scripts/mod/modpost.c                              |   8 +
  scripts/tags.sh                                    |   2 +
  security/integrity/platform_certs/load_uefi.c      |   6 +-
@@ -41,7 +42,7 @@
  tools/power/cpupower/Makefile                      |   2 +-
  .../selftests/net/openvswitch/openvswitch.sh       |  13 ++
  .../testing/selftests/net/openvswitch/ovs-dpctl.py |  71 +++++++--
- 43 files changed, 770 insertions(+), 194 deletions(-)
+ 44 files changed, 771 insertions(+), 195 deletions(-)
 
 diff --git a/Documentation/admin-guide/laptops/thinkpad-acpi.rst b/Documentation/admin-guide/laptops/thinkpad-acpi.rst
 index 98d304010170..7f674a6cfa8a 100644
@@ -69,7 +70,7 @@ index 98d304010170..7f674a6cfa8a 100644
  
  0x1020	0x1F	unknown
 diff --git a/Makefile b/Makefile
-index 72ee3609aae3..824a28d7c706 100644
+index f1a592b7c7bc..27fc5bc7b1bb 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@@ -1505,6 +1506,19 @@ index a2ff4242e623..f0d2be1ee4f1 100644
  }
  
  int module_sig_check(struct load_info *info, int flags)
+diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
+index 053ef8f25fae..1d34d8497033 100644
+--- a/net/bluetooth/rfcomm/core.c
++++ b/net/bluetooth/rfcomm/core.c
+@@ -1941,7 +1941,7 @@ static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
+ 	/* Get data directly from socket receive queue without copying it. */
+ 	while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
+ 		skb_orphan(skb);
+-		if (!skb_linearize(skb)) {
++		if (!skb_linearize(skb) && sk->sk_state != BT_CLOSED) {
+ 			s = rfcomm_recv_frame(s, skb);
+ 			if (!s)
+ 				break;
 diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
 index f7c4d3fe4381..7fd1ef7930c6 100644
 --- a/scripts/mod/modpost.c
diff --git a/SOURCES/t2linux.patch b/SOURCES/t2linux.patch
index 0c6e17a..b254a1d 100644
--- a/SOURCES/t2linux.patch
+++ b/SOURCES/t2linux.patch
@@ -12048,105 +12048,3 @@ index 792adaf88..3ba90878c 100644
  /**
 -- 
 2.37.2
-
-From patchwork Wed Dec 27 10:10:03 2023
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Johan Hovold <johan+linaro@kernel.org>
-X-Patchwork-Id: 13505281
-Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
- [10.30.226.201])
-	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
-	(No client certificate requested)
-	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 731F42D602;
-	Wed, 27 Dec 2023 10:10:50 +0000 (UTC)
-Authentication-Results: smtp.subspace.kernel.org;
-	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
- header.b="OE5gY3Rg"
-Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1F71C433C8;
-	Wed, 27 Dec 2023 10:10:49 +0000 (UTC)
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
-	s=k20201202; t=1703671849;
-	bh=HNX2qe5wIUjgAOE0bih0cYXbYbw77i5qRYAGTFhWf8Q=;
-	h=From:To:Cc:Subject:Date:From;
-	b=OE5gY3RgSNMMNpr/DemitpLvv8B5KUxkea+huKa97KhEilNAbl/OG/gZPSswoI3kl
-	 ifwN2LiGgFt8jyQh8hVsCoIrrOOGgiqeJ9ivyZI86fxAmaICglCBVc65vzpPozQdYn
-	 YsryqO/D6A6i3egHRr7G52DifE/DihYN9uZqhAIHTY+ESsr/mJvwodvV8HNt60TaF9
-	 dFeWSj4rAgt/QaclFNs1wznkamzzJ3UloOq2NJbzC3F6ILEsWfuPRm8iKBlgwdNTZ+
-	 bn4JmN3Zh0Mr2uaTVg902uWeLcZ93sY9BmqH1AOBDEXTlUvPd7n6xVrSnOLfdlTR5k
-	 O5JKLTyyjvyTQ==
-Received: from johan by xi.lan with local (Exim 4.96.2)
-	(envelope-from <johan+linaro@kernel.org>)
-	id 1rIQs7-0002kc-0u;
-	Wed, 27 Dec 2023 11:10:44 +0100
-From: Johan Hovold <johan+linaro@kernel.org>
-To: Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
-	Marcel Holtmann <marcel@holtmann.org>,
-	Johan Hedberg <johan.hedberg@gmail.com>
-Cc: Hector Martin <marcan@marcan.st>,
-	Sven Peter <sven@svenpeter.dev>,
-	Alyssa Rosenzweig <alyssa@rosenzweig.io>,
-	asahi@lists.linux.dev,
-	linux-arm-kernel@lists.infradead.org,
-	linux-bluetooth@vger.kernel.org,
-	linux-kernel@vger.kernel.org,
-	Johan Hovold <johan+linaro@kernel.org>,
-	stable@vger.kernel.org,
-	Felix Zhang <mrman@mrman314.tech>
-Subject: [PATCH] Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid
-Date: Wed, 27 Dec 2023 11:10:03 +0100
-Message-ID: <20231227101003.10534-1-johan+linaro@kernel.org>
-X-Mailer: git-send-email 2.41.0
-Precedence: bulk
-X-Mailing-List: linux-bluetooth@vger.kernel.org
-List-Id: <linux-bluetooth.vger.kernel.org>
-List-Subscribe: <mailto:linux-bluetooth+subscribe@vger.kernel.org>
-List-Unsubscribe: <mailto:linux-bluetooth+unsubscribe@vger.kernel.org>
-MIME-Version: 1.0
-
-A recent commit restored the original (and still documented) semantics
-for the HCI_QUIRK_USE_BDADDR_PROPERTY quirk so that the device address
-is considered invalid unless an address is provided by firmware.
-
-This specifically means that this flag must only be set for devices with
-invalid addresses, but the Broadcom BCM4377 driver has so far been
-setting this flag unconditionally.
-
-Fortunately the driver already checks for invalid addresses during setup
-and sets the HCI_QUIRK_INVALID_BDADDR flag, which can simply be replaced
-with HCI_QUIRK_USE_BDADDR_PROPERTY to indicate that the default address
-is invalid but can be overridden by firmware (long term, this should
-probably just always be allowed).
-
-Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk")
-Cc: stable@vger.kernel.org      # 6.5
-Reported-by: Felix Zhang <mrman@mrman314.tech>
-Link: https://lore.kernel.org/r/77419ffacc5b4875e920e038332575a2a5bff29f.camel@mrman314.tech/
-Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
-Reported-by: Felix Zhang <mrman@mrman314.tech>
----
- drivers/bluetooth/hci_bcm4377.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/drivers/bluetooth/hci_bcm4377.c b/drivers/bluetooth/hci_bcm4377.c
-index a61757835695..9a7243d5db71 100644
---- a/drivers/bluetooth/hci_bcm4377.c
-+++ b/drivers/bluetooth/hci_bcm4377.c
-@@ -1417,7 +1417,7 @@ static int bcm4377_check_bdaddr(struct bcm4377_data *bcm4377)
- 
- 	bda = (struct hci_rp_read_bd_addr *)skb->data;
- 	if (!bcm4377_is_valid_bdaddr(bcm4377, &bda->bdaddr))
--		set_bit(HCI_QUIRK_INVALID_BDADDR, &bcm4377->hdev->quirks);
-+		set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &bcm4377->hdev->quirks);
- 
- 	kfree_skb(skb);
- 	return 0;
-@@ -2368,7 +2368,6 @@ static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id)
- 	hdev->set_bdaddr = bcm4377_hci_set_bdaddr;
- 	hdev->setup = bcm4377_hci_setup;
- 
--	set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
- 	if (bcm4377->hw->broken_mws_transport_config)
- 		set_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &hdev->quirks);
- 	if (bcm4377->hw->broken_ext_scan)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index c9b8eea..737df97 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -160,18 +160,18 @@ Summary: The Linux kernel
 #  the --with-release option overrides this setting.)
 %define debugbuildsenabled 1
 %define buildid .fsync
-%define specrpmversion 6.7.7
-%define specversion 6.7.7
+%define specrpmversion 6.7.9
+%define specversion 6.7.9
 %define patchversion 6.7
 %define pkgrelease 200
 %define kversion 6
-%define tarfile_release 6.7.7
+%define tarfile_release 6.7.9
 # This is needed to do merge window version magic
 %define patchlevel 7
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 202%{?buildid}%{?dist}
+%define specrelease 201%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.7.7
+%define kabiversion 6.7.9
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -3994,11 +3994,16 @@ fi\
 #
 #
 %changelog
-* Sat Mar 09 2024 Jan200101 <sentrycraft123@gmail.com> - 6.7.7-202.fsync
-- kernel-fsync v6.7.7 hdr revert
+* Sat Mar 09 2024 Jan200101 <sentrycraft123@gmail.com> - 6.7.9-201.fsync
+- kernel-fsync v6.7.9
 
-* Wed Mar 06 2024 Jan200101 <sentrycraft123@gmail.com> - 6.7.7-201.fsync
-- kernel-fsync v6.7.7
+* Wed Mar 06 2024 Augusto Caringi <acaringi@redhat.com> [6.7.9-0]
+- Add some CVE fixes for 6.7.9 (Justin M. Forbes)
+- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
+- Linux v6.7.9
+
+* Sun Mar 03 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.7.8-0]
+- Linux v6.7.8
 
 * Fri Mar 01 2024 Augusto Caringi <acaringi@redhat.com> [6.7.7-0]
 - Add rhbz 2266309 to BugsFixed (Justin M. Forbes)