On Fri, Jan 05, 2024 at 10:51:50AM +0100, Greg Kroah-Hartman wrote:

On Thu, Jan 04, 2024 at 09:13:34PM -0500, Jeffrey E Altman wrote:

quoted

On 12/30/2023 6:58 AM, Greg Kroah-Hartman wrote:

quoted

6.6-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Howells <dhowells@redhat.com>

[ Upstream commit 39299bdd2546688d92ed9db4948f6219ca1b9542 ]

Greg,

Upstream commit 39299bdd2546688d92ed9db4948f6219ca1b9542 ("keys, dns: Allow
key types (eg. DNS) to be reclaimed immediately on expiry") was subsequently
fixed by

  commit 1997b3cb4217b09e49659b634c94da47f0340409
  Author: Edward Adam Davis [off-list ref]
  Date:   Sun Dec 24 00:02:49 2023 +0000

    keys, dns: Fix missing size check of V1 server-list header

  Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed
immediately on expiry")

If it is not too late, would it be possible to apply 1997b3cb421 to the
branches b946001d3bb1 was cherry-picked to before release?
I believe the complete set of branches are

  linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.0.y

The stable trees were already released with this change in it, so I'll
queue this up for the next round, thanks.

Ah, I see what happened, that line:
	Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
refers to a commit that is not in Linus's tree, and isn't the sha1 that
you are pointing at here either.

So I'll go add this manually, but this is why our checking scripts
missed this, please be more careful about using the proper SHA1 values
in commits.  Using invalid ones is almost worse than not using them at
allm as it gives you the false sense that the markings are correct.

thanks,

greg k-h