cb4e8710 |
%global security_hardening none |
b9df96b1 |
Summary: Kernel |
c4e65aa5 |
Name: linux |
7eb4dd0a |
Version: 4.14.54 |
d0cd0394 |
Release: 2%{?kat_build:.%kat_build}%{?dist} |
c4e65aa5 |
License: GPLv2
URL: http://www.kernel.org/
Group: System Environment/Kernel
Vendor: VMware, Inc.
Distribution: Photon |
198b18db |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
7eb4dd0a |
%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d |
3c6e0c8b |
Source1: config |
36a312f8 |
Source2: initramfs.trigger |
aecc7617 |
%define ena_version 1.5.0
Source3: https://github.com/amzn/amzn-drivers/archive/ena_linux_%{ena_version}.tar.gz
%define sha1 ena_linux=cbbbe8a3bbab6d01a4e38417cb0ead2f7cb8b2ee |
bf65ba3d |
Source4: config_aarch64 |
fc081194 |
# common |
aecc7617 |
Patch0: linux-4.14-Log-kmsg-dump-on-panic.patch
Patch1: double-tcp_mem-limits.patch
# TODO: disable this patch, check for regressions
#Patch2: linux-4.9-watchdog-Disable-watchdog-on-virtual-machines.patch
Patch3: SUNRPC-Do-not-reuse-srcport-for-TIME_WAIT-socket.patch
Patch4: SUNRPC-xs_bind-uses-ip_local_reserved_ports.patch
Patch5: vsock-transport-for-9p.patch
Patch6: x86-vmware-STA-support.patch |
9dd420fe |
# rpi3 dts
Patch10: arm-dts-add-vchiq-entry.patch |
7b6a0618 |
#HyperV patches
Patch13: 0004-vmbus-Don-t-spam-the-logs-with-unknown-GUIDs.patch |
aecc7617 |
# TODO: Is CONFIG_HYPERV_VSOCKETS the same?
#Patch23: 0014-hv_sock-introduce-Hyper-V-Sockets.patch |
8037dd91 |
#FIPS patches - allow some algorithms |
aecc7617 |
Patch24: Allow-some-algo-tests-for-FIPS.patch |
2aa73e93 |
Patch26: add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch |
949cc56c |
# Fix CVE-2017-1000252
Patch28: kvm-dont-accept-wrong-gsi-values.patch |
7b6a0618 |
|
343d89e8 |
%if 0%{?kat_build:1}
Patch1000: %{kat_build}.patch
%endif |
c4e65aa5 |
BuildRequires: bc |
fe0e2ca1 |
BuildRequires: kbd |
cdd26197 |
BuildRequires: kmod-devel |
fe0e2ca1 |
BuildRequires: glib-devel
BuildRequires: xerces-c-devel
BuildRequires: xml-security-c-devel |
cdd26197 |
BuildRequires: libdnet-devel
BuildRequires: libmspack-devel |
4b0456e6 |
BuildRequires: Linux-PAM-devel |
c4e65aa5 |
BuildRequires: openssl-devel |
fe0e2ca1 |
BuildRequires: procps-ng-devel |
f02a30d5 |
BuildRequires: audit-devel |
7f9d2e12 |
Requires: filesystem kmod
Requires(post):(coreutils or toybox) |
bf36478b |
%define uname_r %{version}-%{release} |
b9df96b1 |
|
f4d17450 |
%description |
82df84cc |
The Linux package contains the Linux kernel. |
b9df96b1 |
|
f4d17450 |
|
7c85d55b |
%package devel |
198b18db |
Summary: Kernel Dev
Group: System Environment/Kernel |
bddc5e07 |
Obsoletes: linux-dev |
5f845a1e |
Requires: %{name} = %{version}-%{release} |
198b18db |
Requires: python2 gawk |
7c85d55b |
%description devel |
f4d17450 |
The Linux package contains the Linux kernel dev files
|
3636d11d |
%package drivers-gpu |
198b18db |
Summary: Kernel GPU Drivers
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release} |
3636d11d |
%description drivers-gpu |
1cb5fb91 |
The Linux package contains the Linux kernel drivers for GPU |
b9df96b1 |
|
3636d11d |
%package sound |
198b18db |
Summary: Kernel Sound modules
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release} |
3636d11d |
%description sound
The Linux package contains the Linux kernel sound support |
b9df96b1 |
|
f4d17450 |
%package docs |
198b18db |
Summary: Kernel docs
Group: System Environment/Kernel
Requires: python2 |
f4d17450 |
%description docs
The Linux package contains the Linux kernel doc files
|
bf65ba3d |
%ifarch x86_64 |
d145accb |
%package oprofile |
198b18db |
Summary: Kernel driver for oprofile, a statistical profiler for Linux systems
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release} |
d145accb |
%description oprofile
Kernel driver for oprofile, a statistical profiler for Linux systems |
bf65ba3d |
%endif |
b9df96b1 |
|
198b18db |
%package tools |
82df84cc |
Summary: This package contains the 'perf' performance analysis tools for Linux kernel |
198b18db |
Group: System/Tools
Requires: %{name} = %{version}-%{release}
Requires: audit
%description tools |
82df84cc |
This package contains the 'perf' performance analysis tools for Linux kernel. |
198b18db |
|
9dd420fe |
%ifarch aarch64
%package dtb-rpi3
Summary: Kernel Device Tree Blob files for Raspberry Pi3
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release}
%description dtb-rpi3
Kernel Device Tree Blob files for Raspberry Pi3
%endif
|
b9df96b1 |
|
f4d17450 |
%prep |
198b18db |
%setup -q -n linux-%{version} |
bf65ba3d |
%ifarch x86_64 |
26d69de9 |
%setup -D -b 3 -n linux-%{version} |
bf65ba3d |
%endif |
c4e65aa5 |
%patch0 -p1 |
7cf3452d |
%patch1 -p1 |
e20fa742 |
%patch3 -p1 |
97a4ea30 |
%patch4 -p1 |
aacd4f8a |
%patch5 -p1 |
fe0e2ca1 |
%patch6 -p1 |
9dd420fe |
%patch10 -p1 |
7b6a0618 |
%patch13 -p1 |
8037dd91 |
%patch24 -p1 |
1a6f8e5d |
%patch26 -p1 |
949cc56c |
%patch28 -p1 |
343d89e8 |
%if 0%{?kat_build:1}
%patch1000 -p1
%endif |
b9df96b1 |
|
f4d17450 |
%build
make mrproper |
bf65ba3d |
%ifarch x86_64 |
57f94ab7 |
cp %{SOURCE1} .config |
bf65ba3d |
arch="x86_64"
archdir="x86"
%endif
%ifarch aarch64
cp %{SOURCE4} .config
arch="arm64"
archdir="arm64"
%endif
|
bf36478b |
sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{release}"/' .config |
b9df96b1 |
make LC_ALL= oldconfig |
bf65ba3d |
make VERBOSE=1 KBUILD_BUILD_VERSION="1-photon" KBUILD_BUILD_HOST="photon" ARCH=${arch} %{?_smp_mflags} |
198b18db |
make -C tools perf |
bf65ba3d |
%ifarch x86_64 |
26d69de9 |
# build ENA module
bldroot=`pwd`
pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena
make -C $bldroot M=`pwd` VERBOSE=1 modules %{?_smp_mflags}
popd |
bf65ba3d |
%endif |
b9df96b1 |
|
bf36478b |
%define __modules_install_post \ |
3e5774e8 |
for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \
./scripts/sign-file sha512 certs/signing_key.pem certs/signing_key.x509 $MODULE \
rm -f $MODULE.{sig,dig} \
xz $MODULE \
done \ |
bf36478b |
%{nil}
# We want to compress modules after stripping. Extra step is added to
# the default __spec_install_post.
%define __spec_install_post\
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{__modules_install_post}\
%{nil}
|
f4d17450 |
%install
install -vdm 755 %{buildroot}/etc
install -vdm 755 %{buildroot}/boot |
bf36478b |
install -vdm 755 %{buildroot}%{_defaultdocdir}/%{name}-%{uname_r}
install -vdm 755 %{buildroot}/usr/src/%{name}-headers-%{uname_r}
install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r} |
f4d17450 |
make INSTALL_MOD_PATH=%{buildroot} modules_install |
9dd420fe |
|
bf65ba3d |
%ifarch x86_64 |
26d69de9 |
# install ENA module
bldroot=`pwd`
pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena
make -C $bldroot M=`pwd` INSTALL_MOD_PATH=%{buildroot} modules_install
popd |
68e9c14a |
|
bf36478b |
# Verify for build-id match
# We observe different IDs sometimes
# TODO: debug it
ID1=`readelf -n vmlinux | grep "Build ID"`
./scripts/extract-vmlinux arch/x86/boot/bzImage > extracted-vmlinux
ID2=`readelf -n extracted-vmlinux | grep "Build ID"`
if [ "$ID1" != "$ID2" ] ; then
echo "Build IDs do not match"
echo $ID1
echo $ID2
exit 1
fi
install -vm 644 arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r} |
bf65ba3d |
%endif |
9dd420fe |
|
bf65ba3d |
%ifarch aarch64
install -vm 644 arch/arm64/boot/Image %{buildroot}/boot/vmlinuz-%{uname_r} |
9dd420fe |
# Install DTB files
install -vdm 755 %{buildroot}/boot/dtb
install -vm 640 arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb %{buildroot}/boot/dtb/ |
bf65ba3d |
%endif |
9dd420fe |
|
bf36478b |
# Restrict the permission on System.map-X file
install -vm 400 System.map %{buildroot}/boot/System.map-%{uname_r}
install -vm 644 .config %{buildroot}/boot/config-%{uname_r}
cp -r Documentation/* %{buildroot}%{_defaultdocdir}/%{name}-%{uname_r}
install -vm 644 vmlinux %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r}
# `perf test vmlinux` needs it
ln -s vmlinux-%{uname_r} %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux
cat > %{buildroot}/boot/%{name}-%{uname_r}.cfg << "EOF" |
34315282 |
# GRUB Environment Block |
198b18db |
photon_cmdline=init=/lib/systemd/systemd ro loglevel=3 quiet no-vmw-sta |
bf36478b |
photon_linux=vmlinuz-%{uname_r}
photon_initrd=initrd.img-%{uname_r} |
34315282 |
EOF |
f4d17450 |
|
36a312f8 |
# Register myself to initramfs
mkdir -p %{buildroot}/%{_localstatedir}/lib/initramfs/kernel
cat > %{buildroot}/%{_localstatedir}/lib/initramfs/kernel/%{uname_r} << "EOF" |
cf07e2ab |
--add-drivers "tmem xen-scsifront xen-blkfront xen-acpi-processor xen-evtchn xen-gntalloc xen-gntdev xen-privcmd xen-pciback xenfs hv_utils hv_vmbus hv_storvsc hv_netvsc hv_sock hv_balloon cn" |
36a312f8 |
EOF
|
b9df96b1 |
# Cleanup dangling symlinks |
bf36478b |
rm -rf %{buildroot}/lib/modules/%{uname_r}/source
rm -rf %{buildroot}/lib/modules/%{uname_r}/build |
f4d17450 |
|
bf36478b |
find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy |
bf65ba3d |
find arch/${archdir}/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
find $(find arch/${archdir} -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
find arch/${archdir}/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
%ifarch x86_64 |
fc081194 |
# CONFIG_STACK_VALIDATION=y requires objtool to build external modules
install -vsm 755 tools/objtool/objtool %{buildroot}/usr/src/%{name}-headers-%{uname_r}/tools/objtool/
install -vsm 755 tools/objtool/fixdep %{buildroot}/usr/src/%{name}-headers-%{uname_r}/tools/objtool/ |
bf65ba3d |
%endif |
b9df96b1 |
|
bf36478b |
cp .config %{buildroot}/usr/src/%{name}-headers-%{uname_r} # copy .config manually to be where it's expected to be
ln -sf "/usr/src/%{name}-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" |
7d7041f4 |
find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x |
198b18db |
# disable (JOBS=1) parallel build to fix this issue:
# fixdep: error opening depfile: ./.plugin_cfg80211.o.d: No such file or directory
# Linux version that was affected is 4.4.26
make -C tools JOBS=1 DESTDIR=%{buildroot} prefix=%{_prefix} perf_install
|
36a312f8 |
%include %{SOURCE2}
|
b9df96b1 |
%post |
bf36478b |
/sbin/depmod -aq %{uname_r}
ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
b9df96b1 |
|
3636d11d |
%post drivers-gpu |
bf36478b |
/sbin/depmod -aq %{uname_r} |
3636d11d |
%post sound |
bf36478b |
/sbin/depmod -aq %{uname_r} |
2c8c1673 |
|
bf65ba3d |
%ifarch x86_64 |
d145accb |
%post oprofile |
bf36478b |
/sbin/depmod -aq %{uname_r} |
bf65ba3d |
%endif |
7d7041f4 |
|
f4d17450 |
%files
%defattr(-,root,root) |
bf36478b |
/boot/System.map-%{uname_r}
/boot/config-%{uname_r}
/boot/vmlinuz-%{uname_r}
%config(noreplace) /boot/%{name}-%{uname_r}.cfg |
36a312f8 |
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} |
7d7041f4 |
%defattr(0644,root,root) |
bf36478b |
/lib/modules/%{uname_r}/*
%exclude /lib/modules/%{uname_r}/build
%exclude /lib/modules/%{uname_r}/kernel/drivers/gpu
%exclude /lib/modules/%{uname_r}/kernel/sound |
bf65ba3d |
%ifarch x86_64 |
bf36478b |
%exclude /lib/modules/%{uname_r}/kernel/arch/x86/oprofile/ |
bf65ba3d |
%endif |
f4d17450 |
%files docs
%defattr(-,root,root) |
bf36478b |
%{_defaultdocdir}/%{name}-%{uname_r}/* |
f4d17450 |
|
7c85d55b |
%files devel |
f4d17450 |
%defattr(-,root,root) |
bf36478b |
/lib/modules/%{uname_r}/build
/usr/src/%{name}-headers-%{uname_r} |
f4d17450 |
|
3636d11d |
%files drivers-gpu |
1cb5fb91 |
%defattr(-,root,root) |
bf36478b |
%exclude /lib/modules/%{uname_r}/kernel/drivers/gpu/drm/cirrus/
/lib/modules/%{uname_r}/kernel/drivers/gpu |
b9df96b1 |
|
3636d11d |
%files sound
%defattr(-,root,root) |
bf36478b |
/lib/modules/%{uname_r}/kernel/sound |
3636d11d |
|
bf65ba3d |
%ifarch x86_64 |
d145accb |
%files oprofile
%defattr(-,root,root) |
bf36478b |
/lib/modules/%{uname_r}/kernel/arch/x86/oprofile/ |
bf65ba3d |
%endif |
d145accb |
|
198b18db |
%files tools
%defattr(-,root,root)
/usr/libexec
%exclude %{_libdir}/debug |
bf65ba3d |
%ifarch x86_64 |
198b18db |
/usr/lib64/traceevent |
bf65ba3d |
%endif
%ifarch aarch64
/usr/lib/traceevent
%endif |
198b18db |
%{_bindir} |
82df84cc |
/etc/bash_completion.d/* |
198b18db |
/usr/share/perf-core/strace/groups/file
/usr/share/doc/*
|
9dd420fe |
%ifarch aarch64
%files dtb-rpi3
%defattr(-,root,root)
/boot/dtb/bcm2837-rpi-3-b.dtb
%endif
|
f4d17450 |
%changelog |
d0cd0394 |
* Thu Jul 19 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.54-2
- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m |
7eb4dd0a |
* Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
- Update to version 4.14.54 |
9dd420fe |
* Fri Jan 26 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-2
- Added vchiq entry to rpi3 dts
- Added dtb-rpi3 subpackage |
aecc7617 |
* Fri Dec 22 2017 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1
- Version update |
343d89e8 |
* Wed Dec 13 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.66-4
- KAT build support |
bf65ba3d |
* Thu Dec 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.66-3
- Aarch64 support |
3e5774e8 |
* Tue Dec 05 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.66-2
- Sign and compress modules after stripping. fips=1 requires signed modules |
b2a23860 |
* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1
- Version update |
1a79e068 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1
- Version update |
1b55a951 |
* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1
- Version update |
949cc56c |
* Wed Oct 11 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-3
- Add patch "KVM: Don't accept obviously wrong gsi values via
KVM_IRQFD" to fix CVE-2017-1000252. |
745d0c0a |
* Tue Oct 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.53-2
- Build hang (at make oldconfig) fix. |
cc39a17a |
* Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1
- Version update |
bc415e79 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-3
- Allow privileged CLONE_NEWUSER from nested user namespaces. |
50f0a2a2 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-2
- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) |
c55c1442 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1
- Version update |
7f9d2e12 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-2
- Requires coreutils or toybox |
5e5f3587 |
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1
- Fix CVE-2017-11600 |
cf07e2ab |
* Tue Aug 22 2017 Anish Swaminathan <anishs@vmware.com> 4.9.43-2
- Add missing xen block drivers |
2aa73e93 |
* Mon Aug 14 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.43-1
- Version update
- [feature] new sysctl option unprivileged_userns_clone |
1a6f8e5d |
* Wed Aug 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-2
- Fix CVE-2017-7542
- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid
panic on modprobe tcrypt |
677a50e4 |
* Mon Aug 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-1
- Version update |
78a2e0ef |
* Fri Aug 04 2017 Bo Gan <ganb@vmware.com> 4.9.38-6
- Fix initramfs triggers |
8037dd91 |
* Tue Aug 01 2017 Anish Swaminathan <anishs@vmware.com> 4.9.38-5
- Allow some algorithms in FIPS mode
- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports
- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree
- Enable additional NF features |
7b6a0618 |
* Fri Jul 21 2017 Anish Swaminathan <anishs@vmware.com> 4.9.38-4
- Add patches in Hyperv codebase |
37cb0bf2 |
* Fri Jul 21 2017 Anish Swaminathan <anishs@vmware.com> 4.9.38-3
- Add missing hyperv drivers |
3c0c518f |
* Thu Jul 20 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.38-2
- Disable scheduler beef up patch |
5f845a1e |
* Tue Jul 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.38-1
- Fix CVE-2017-11176 and CVE-2017-10911 |
cdd26197 |
* Mon Jul 03 2017 Xiaolin Li <xiaolinl@vmware.com> 4.9.34-3
- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires |
bddc5e07 |
* Thu Jun 29 2017 Divya Thaluru <dthaluru@vmware.com> 4.9.34-2
- Added obsolete for deprecated linux-dev package |
d381b443 |
* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.34-1
- [feature] 9P FS security support
- [feature] DM Delay target support
- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 |
8ca4b02a |
* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076
CVE-2017-9077 and CVE-2017-9242
- [feature] IPV6 netfilter NAT table support |
26d69de9 |
* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1
- Added ENA driver for AMI
- Fix CVE-2017-7487 and CVE-2017-9059 |
82df84cc |
* Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2
- Enable IPVLAN module. |
9374f401 |
* Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1
- Version update |
e7547e1f |
* Wed May 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.27-1
- Version update |
3c6e0c8b |
* Sun May 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.26-1
- Version update
- Removed version suffix from config file name |
36a312f8 |
* Thu Apr 27 2017 Bo Gan <ganb@vmware.com> 4.9.24-2
- Support dynamic initrd generation |
f02a30d5 |
* Tue Apr 25 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.24-1
- Fix CVE-2017-6874 and CVE-2017-7618.
- Fix audit-devel BuildRequires.
- .config: build nvme and nvme-core in kernel. |
abe1d1bf |
* Mon Mar 6 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.13-2
- .config: NSX requirements for crypto and netfilter |
4e703b6f |
* Tue Feb 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.13-1
- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 |
b3111e31 |
* Thu Feb 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.9-1
- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546,
CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576.
- .config: added CRYPTO_FIPS support. |
198b18db |
* Tue Jan 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.2-1
- Update to linux-4.9.2 to fix CVE-2016-10088
- Move linux-tools.spec to linux.spec as -tools subpackage |
4b0456e6 |
* Mon Dec 19 2016 Xiaolin Li <xiaolinl@vmware.com> 4.9.0-2
- BuildRequires Linux-PAM-devel |
fc081194 |
* Mon Dec 12 2016 Alexey Makhalov <amakhalov@vmware.com> 4.9.0-1
- Update to linux-4.9.0
- Add paravirt stolen time accounting feature (from linux-esx),
but disable it by default (no-vmw-sta cmdline parameter) |
9a0c3523 |
* Thu Dec 8 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-3
- net-packet-fix-race-condition-in-packet_set_ring.patch
to fix CVE-2016-8655 |
bf36478b |
* Wed Nov 30 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-2
- Expand `uname -r` with release number
- Check for build-id matching
- Added syscalls tracing support
- Compress modules |
0d69865b |
* Mon Nov 28 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-1
- Update to linux-4.4.35
- vfio-pci-fix-integer-overflows-bitmask-check.patch
to fix CVE-2016-9083 |
d03d49c8 |
* Tue Nov 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-4
- net-9p-vsock.patch |
ebd80476 |
* Thu Nov 17 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-3
- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch
to fix CVE-2015-8964 |
f57e7856 |
* Tue Nov 15 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-2
- .config: add cgrup_hugetlb support
- .config: add netfilter_xt_{set,target_ct} support
- .config: add netfilter_xt_match_{cgroup,ipvs} support |
a2a6f3e5 |
* Thu Nov 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-1
- Update to linux-4.4.31 |
48ef5352 |
* Fri Oct 21 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.26-1
- Update to linux-4.4.26 |
67632e84 |
* Wed Oct 19 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-6
- net-add-recursion-limit-to-GRO.patch
- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch |
12ce123c |
* Tue Oct 18 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-5
- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch
- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch |
956ffbd3 |
* Mon Oct 3 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-4
- Package vmlinux with PROGBITS sections in -debuginfo subpackage |
a434059e |
* Tue Sep 27 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-3
- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m |
7c85d55b |
* Tue Sep 20 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-2
- Add -release number for /boot/* files
- Use initrd.img with version and release number
- Rename -dev subpackage to -devel |
b9ea416b |
* Wed Sep 7 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-1
- Update to linux-4.4.20 |
82df84cc |
- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch |
b9ea416b |
- keys-fix-asn.1-indefinite-length-object-parsing.patch |
b7c7d1ab |
* Thu Aug 25 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-11
- vmxnet3 patches to bumpup a version to 1.4.8.0 |
13cb6e6e |
* Wed Aug 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-10
- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch
- .config: pmem hotplug + ACPI NFIT support
- .config: enable EXPERT mode, disable UID16 syscalls |
17dc0a59 |
* Thu Jul 07 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-9
- .config: pmem + fs_dax support |
928075c4 |
* Fri Jun 17 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-8
- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch
- .config: disable rt group scheduling - not supported by systemd
* Wed Jun 15 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-7 |
82df84cc |
- fixed the capitalization for - System.map |
56a89e73 |
* Thu May 26 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-6
- patch: REVERT-sched-fair-Beef-up-wake_wide.patch
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.4.8-5
- GA - Bump release of all rpms
* Mon May 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-4
- Fixed generation of debug symbols for kernel modules & vmlinux. |
82dcc6f7 |
* Mon May 23 2016 Divya Thaluru <dthaluru@vmware.com> 4.4.8-3
- Added patches to fix CVE-2016-3134, CVE-2016-3135
* Wed May 18 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-2
- Enabled CONFIG_UPROBES in config as needed by ktap |
a217ee0e |
* Wed May 04 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-1
- Update to linux-4.4.8
- Added net-Drivers-Vmxnet3-set-... patch |
2f6f1aaf |
* Tue May 03 2016 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-27
- Compile Intel GigE and VMXNET3 as part of kernel. |
7d7041f4 |
* Thu Apr 28 2016 Nick Shi <nshi@vmware.com> 4.2.0-26 |
29993ce2 |
- Compile cramfs.ko to allow mounting cramfs image |
da944f23 |
* Tue Apr 12 2016 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-25
- Revert network interface renaming disable in kernel. |
28755687 |
* Tue Mar 29 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-24
- Support kmsg dumping to vmware.log on panic
- sunrpc: xs_bind uses ip_local_reserved_ports |
c92745ca |
* Mon Mar 28 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-23
- Enabled Regular stack protection in Linux kernel in config |
6f5f92b2 |
* Thu Mar 17 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-22
- Restrict the permissions of the /boot/System.map-X file |
f65555c4 |
* Fri Mar 04 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-21
- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. |
b866664a |
* Wed Mar 02 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-20
- Patch: SUNRPC: Ensure that we wait for connections to complete
before retrying |
18d86073 |
* Fri Feb 26 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-19
- Disable watchdog under VMware hypervisor. |
fd87e993 |
* Thu Feb 25 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-18
- Added rpcsec_gss_krb5 and nfs_fscache |
aacd4f8a |
* Mon Feb 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-17
- Added sysctl param to control weighted_cpuload() behavior |
28755687 |
* Thu Feb 18 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.0-16 |
106ee200 |
- Disabling network renaming |
97a4ea30 |
* Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15
- veth patch: don’t modify ip_summed |
f968f5a4 |
* Thu Feb 11 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-14
- Full tickless -> idle tickless + simple CPU time accounting
- SLUB -> SLAB
- Disable NUMA balancing
- Disable stack protector
- No build_forced no-CBs CPUs
- Disable Expert configuration mode
- Disable most of debug features from 'Kernel hacking' |
e20fa742 |
* Mon Feb 08 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-13
- Double tcp_mem limits, patch is added. |
c4e65aa5 |
* Wed Feb 03 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-12
- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. |
d6fffa80 |
* Tue Jan 26 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-11
- Revert CONFIG_HZ=250 |
b556c0a5 |
* Fri Jan 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-10
- Fix for CVE-2016-0728 |
5508a8d0 |
* Wed Jan 13 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-9
- CONFIG_HZ=250 |
c081fa09 |
* Tue Jan 12 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 4.2.0-8 |
a3591eab |
- Remove rootfstype from the kernel parameter. |
5508a8d0 |
* Mon Jan 04 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-7
- Disabled all the tracing options in kernel config.
- Disabled preempt.
- Disabled sched autogroup. |
74b63bd5 |
* Thu Dec 17 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-6 |
5508a8d0 |
- Enabled kprobe for systemtap & disabled dynamic function tracing in config
* Fri Dec 11 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-5
- Added oprofile kernel driver sub-package. |
c3771c35 |
* Fri Nov 13 2015 Mahmoud Bassiouny <mbassiouny@vmware.com> 4.2.0-4
- Change the linux image directory. |
5508a8d0 |
* Wed Nov 11 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-3
- Added the build essential files in the dev sub-package.
* Mon Nov 09 2015 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-2
- Enable Geneve module support for generic kernel.
* Fri Oct 23 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-1 |
82df84cc |
- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. |
5508a8d0 |
* Tue Sep 22 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.0.9-5
- Added driver support for frame buffer devices and ACPI |
f0c2bc87 |
* Wed Sep 2 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-4
- Added mouse ps/2 module. |
34315282 |
* Fri Aug 14 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-3
- Use photon.cfg as a symlink. |
fb6292b3 |
* Thu Aug 13 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-2 |
34315282 |
- Added environment file(photon.cfg) for grub. |
135489f0 |
* Wed Aug 12 2015 Sharath George <sharathg@vmware.com> 4.0.9-1
- Upgrading kernel version. |
3636d11d |
* Wed Aug 12 2015 Alexey Makhalov <amakhalov@vmware.com> 3.19.2-5
- Updated OVT to version 10.0.0.
- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure.
- Added -sound package/ |
301eb6ff |
* Tue Aug 11 2015 Anish Swaminathan<anishs@vmware.com> 3.19.2-4 |
82df84cc |
- Removed Requires dependencies. |
3636d11d |
* Fri Jul 24 2015 Harish Udaiya Kumar <hudaiyakumar@gmail.com> 3.19.2-3
- Updated the config file to include graphics drivers. |
9fa4ea45 |
* Mon May 18 2015 Touseef Liaqat <tliaqat@vmware.com> 3.13.3-2
- Update according to UsrMove. |
b9df96b1 |
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 3.13.3-1
- Initial build. First version
|