%global security_hardening none

 Summary:        Kernel

 Name:           linux

 Version:        4.14.54

 Release:        2%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2
 URL:        	http://www.kernel.org/
 Group:        	System Environment/Kernel
 Vendor:         VMware, Inc.
 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

 %define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.5.0
 Source3:       https://github.com/amzn/amzn-drivers/archive/ena_linux_%{ena_version}.tar.gz
 %define sha1 ena_linux=cbbbe8a3bbab6d01a4e38417cb0ead2f7cb8b2ee

 Source4:	config_aarch64

 # common

 Patch0:         linux-4.14-Log-kmsg-dump-on-panic.patch
 Patch1:         double-tcp_mem-limits.patch
 # TODO: disable this patch, check for regressions
 #Patch2:         linux-4.9-watchdog-Disable-watchdog-on-virtual-machines.patch
 Patch3:         SUNRPC-Do-not-reuse-srcport-for-TIME_WAIT-socket.patch
 Patch4:         SUNRPC-xs_bind-uses-ip_local_reserved_ports.patch
 Patch5:         vsock-transport-for-9p.patch
 Patch6:         x86-vmware-STA-support.patch

 # rpi3 dts
 Patch10:	arm-dts-add-vchiq-entry.patch

 #HyperV patches
 Patch13:        0004-vmbus-Don-t-spam-the-logs-with-unknown-GUIDs.patch

 # TODO: Is CONFIG_HYPERV_VSOCKETS the same?
 #Patch23:        0014-hv_sock-introduce-Hyper-V-Sockets.patch

 #FIPS patches - allow some algorithms

 Patch24:        Allow-some-algo-tests-for-FIPS.patch

 Patch26:        add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

 # Fix CVE-2017-1000252
 Patch28:        kvm-dont-accept-wrong-gsi-values.patch

 %if 0%{?kat_build:1}
 Patch1000:	%{kat_build}.patch
 %endif

 BuildRequires:  bc

 BuildRequires:  kbd

 BuildRequires:  kmod-devel

 BuildRequires:  glib-devel
 BuildRequires:  xerces-c-devel
 BuildRequires:  xml-security-c-devel

 BuildRequires:  libdnet-devel
 BuildRequires:  libmspack-devel

 BuildRequires:  Linux-PAM-devel

 BuildRequires:  openssl-devel

 BuildRequires:  procps-ng-devel

 BuildRequires:	audit-devel

 Requires:       filesystem kmod
 Requires(post):(coreutils or toybox)

 %define uname_r %{version}-%{release}

 %description

 The Linux package contains the Linux kernel.

 %package devel

 Summary:        Kernel Dev
 Group:          System Environment/Kernel

 Obsoletes:      linux-dev

 Requires:       %{name} = %{version}-%{release}

 Requires:       python2 gawk

 %description devel

 The Linux package contains the Linux kernel dev files
 

 %package drivers-gpu

 Summary:        Kernel GPU Drivers
 Group:          System Environment/Kernel
 Requires:       %{name} = %{version}-%{release}

 %description drivers-gpu

 The Linux package contains the Linux kernel drivers for GPU

 %package sound

 Summary:        Kernel Sound modules
 Group:          System Environment/Kernel
 Requires:       %{name} = %{version}-%{release}

 %description sound
 The Linux package contains the Linux kernel sound support

 %package docs

 Summary:        Kernel docs
 Group:          System Environment/Kernel
 Requires:       python2

 %description docs
 The Linux package contains the Linux kernel doc files
 

 %ifarch x86_64

 %package oprofile

 Summary:        Kernel driver for oprofile, a statistical profiler for Linux systems
 Group:          System Environment/Kernel
 Requires:       %{name} = %{version}-%{release}

 %description oprofile
 Kernel driver for oprofile, a statistical profiler for Linux systems

 %endif

 %package tools

 Summary:        This package contains the 'perf' performance analysis tools for Linux kernel

 Group:          System/Tools
 Requires:       %{name} = %{version}-%{release}
 Requires:       audit
 %description tools

 This package contains the 'perf' performance analysis tools for Linux kernel.

 %ifarch aarch64
 %package dtb-rpi3
 Summary:        Kernel Device Tree Blob files for Raspberry Pi3
 Group:          System Environment/Kernel
 Requires:       %{name} = %{version}-%{release}
 %description dtb-rpi3
 Kernel Device Tree Blob files for Raspberry Pi3
 %endif
 

 %prep

 %setup -q -n linux-%{version}

 %ifarch x86_64

 %setup -D -b 3 -n linux-%{version}

 %endif

 %patch0 -p1

 %patch1 -p1

 %patch3 -p1

 %patch4 -p1

 %patch5 -p1

 %patch6 -p1

 %patch10 -p1

 %patch13 -p1

 %patch24 -p1

 %patch26 -p1

 %patch28 -p1

 %if 0%{?kat_build:1}
 %patch1000 -p1
 %endif

 %build
 make mrproper

 
 %ifarch x86_64

 cp %{SOURCE1} .config

 arch="x86_64"
 archdir="x86"
 %endif
 
 %ifarch aarch64
 cp %{SOURCE4} .config
 arch="arm64"
 archdir="arm64"
 %endif
 

 sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{release}"/' .config

 make LC_ALL= oldconfig

 make VERBOSE=1 KBUILD_BUILD_VERSION="1-photon" KBUILD_BUILD_HOST="photon" ARCH=${arch} %{?_smp_mflags}

 make -C tools perf

 %ifarch x86_64

 # build ENA module
 bldroot=`pwd`
 pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena
 make -C $bldroot M=`pwd` VERBOSE=1 modules %{?_smp_mflags}
 popd

 %endif

 %define __modules_install_post \

 for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \
     ./scripts/sign-file sha512 certs/signing_key.pem certs/signing_key.x509 $MODULE \
     rm -f $MODULE.{sig,dig} \
     xz $MODULE \
     done \

 %{nil}
 
 # We want to compress modules after stripping. Extra step is added to
 # the default __spec_install_post.
 %define __spec_install_post\
     %{?__debug_package:%{__debug_install_post}}\
     %{__arch_install_post}\
     %{__os_install_post}\
     %{__modules_install_post}\
 %{nil}
 

 %install
 install -vdm 755 %{buildroot}/etc
 install -vdm 755 %{buildroot}/boot

 install -vdm 755 %{buildroot}%{_defaultdocdir}/%{name}-%{uname_r}
 install -vdm 755 %{buildroot}/usr/src/%{name}-headers-%{uname_r}
 install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}

 make INSTALL_MOD_PATH=%{buildroot} modules_install

 %ifarch x86_64

 # install ENA module
 bldroot=`pwd`
 pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena
 make -C $bldroot M=`pwd` INSTALL_MOD_PATH=%{buildroot} modules_install
 popd

 # Verify for build-id match
 # We observe different IDs sometimes
 # TODO: debug it
 ID1=`readelf -n vmlinux | grep "Build ID"`
 ./scripts/extract-vmlinux arch/x86/boot/bzImage > extracted-vmlinux
 ID2=`readelf -n extracted-vmlinux | grep "Build ID"`
 if [ "$ID1" != "$ID2" ] ; then
 	echo "Build IDs do not match"
 	echo $ID1
 	echo $ID2
 	exit 1
 fi
 install -vm 644 arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r}

 %endif

 %ifarch aarch64
 install -vm 644 arch/arm64/boot/Image %{buildroot}/boot/vmlinuz-%{uname_r}

 # Install DTB files
 install -vdm 755 %{buildroot}/boot/dtb
 install -vm 640 arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb %{buildroot}/boot/dtb/

 %endif

 # Restrict the permission on System.map-X file
 install -vm 400 System.map %{buildroot}/boot/System.map-%{uname_r}
 install -vm 644 .config %{buildroot}/boot/config-%{uname_r}
 cp -r Documentation/*        %{buildroot}%{_defaultdocdir}/%{name}-%{uname_r}
 install -vm 644 vmlinux %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r}
 # `perf test vmlinux` needs it
 ln -s vmlinux-%{uname_r} %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux
 
 cat > %{buildroot}/boot/%{name}-%{uname_r}.cfg << "EOF"

 # GRUB Environment Block

 photon_cmdline=init=/lib/systemd/systemd ro loglevel=3 quiet no-vmw-sta

 photon_linux=vmlinuz-%{uname_r}
 photon_initrd=initrd.img-%{uname_r}

 EOF

 # Register myself to initramfs
 mkdir -p %{buildroot}/%{_localstatedir}/lib/initramfs/kernel
 cat > %{buildroot}/%{_localstatedir}/lib/initramfs/kernel/%{uname_r} << "EOF"

 --add-drivers "tmem xen-scsifront xen-blkfront xen-acpi-processor xen-evtchn xen-gntalloc xen-gntdev xen-privcmd xen-pciback xenfs hv_utils hv_vmbus hv_storvsc hv_netvsc hv_sock hv_balloon cn"

 EOF
 

 #    Cleanup dangling symlinks

 rm -rf %{buildroot}/lib/modules/%{uname_r}/source
 rm -rf %{buildroot}/lib/modules/%{uname_r}/build

 find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs  sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy

 find arch/${archdir}/include include scripts -type f | xargs  sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
 find $(find arch/${archdir} -name include -o -name scripts -type d) -type f | xargs  sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
 find arch/${archdir}/include Module.symvers include scripts -type f | xargs  sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
 %ifarch x86_64

 # CONFIG_STACK_VALIDATION=y requires objtool to build external modules
 install -vsm 755 tools/objtool/objtool %{buildroot}/usr/src/%{name}-headers-%{uname_r}/tools/objtool/
 install -vsm 755 tools/objtool/fixdep %{buildroot}/usr/src/%{name}-headers-%{uname_r}/tools/objtool/

 %endif

 cp .config %{buildroot}/usr/src/%{name}-headers-%{uname_r} # copy .config manually to be where it's expected to be
 ln -sf "/usr/src/%{name}-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build"

 find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x

 
 # disable (JOBS=1) parallel build to fix this issue:
 # fixdep: error opening depfile: ./.plugin_cfg80211.o.d: No such file or directory
 # Linux version that was affected is 4.4.26
 make -C tools JOBS=1 DESTDIR=%{buildroot} prefix=%{_prefix} perf_install
 

 %include %{SOURCE2}
 

 %post

 /sbin/depmod -aq %{uname_r}
 ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %post drivers-gpu

 /sbin/depmod -aq %{uname_r}

 
 %post sound

 /sbin/depmod -aq %{uname_r}

 %ifarch x86_64

 %post oprofile

 /sbin/depmod -aq %{uname_r}

 %endif

 %files
 %defattr(-,root,root)

 /boot/System.map-%{uname_r}
 /boot/config-%{uname_r}
 /boot/vmlinuz-%{uname_r}
 %config(noreplace) /boot/%{name}-%{uname_r}.cfg

 %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}

 %defattr(0644,root,root)

 /lib/modules/%{uname_r}/*
 %exclude /lib/modules/%{uname_r}/build
 %exclude /lib/modules/%{uname_r}/kernel/drivers/gpu
 %exclude /lib/modules/%{uname_r}/kernel/sound

 %ifarch x86_64

 %exclude /lib/modules/%{uname_r}/kernel/arch/x86/oprofile/

 %endif

 
 %files docs
 %defattr(-,root,root)

 %{_defaultdocdir}/%{name}-%{uname_r}/*

 %files devel

 %defattr(-,root,root)

 /lib/modules/%{uname_r}/build
 /usr/src/%{name}-headers-%{uname_r}

 %files drivers-gpu

 %defattr(-,root,root)

 %exclude /lib/modules/%{uname_r}/kernel/drivers/gpu/drm/cirrus/
 /lib/modules/%{uname_r}/kernel/drivers/gpu

 %files sound
 %defattr(-,root,root)

 /lib/modules/%{uname_r}/kernel/sound

 %ifarch x86_64

 %files oprofile
 %defattr(-,root,root)

 /lib/modules/%{uname_r}/kernel/arch/x86/oprofile/

 %endif

 %files tools
 %defattr(-,root,root)
 /usr/libexec
 %exclude %{_libdir}/debug

 %ifarch x86_64

 /usr/lib64/traceevent

 %endif
 %ifarch aarch64
 /usr/lib/traceevent
 %endif

 %{_bindir}

 /etc/bash_completion.d/*

 /usr/share/perf-core/strace/groups/file
 /usr/share/doc/*
 

 %ifarch aarch64
 %files dtb-rpi3
 %defattr(-,root,root)
 /boot/dtb/bcm2837-rpi-3-b.dtb
 %endif
 

 %changelog

 *   Thu Jul 19 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.54-2
 -   .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m

 *   Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
 -   Update to version 4.14.54

 *   Fri Jan 26 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-2
 -   Added vchiq entry to rpi3 dts
 -   Added dtb-rpi3 subpackage

 *   Fri Dec 22 2017 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1
 -   Version update

 *   Wed Dec 13 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.66-4
 -   KAT build support

 *   Thu Dec 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.66-3
 -   Aarch64 support

 *   Tue Dec 05 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.66-2
 -   Sign and compress modules after stripping. fips=1 requires signed modules

 *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1
 -   Version update

 *   Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1
 -   Version update

 *   Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1
 -   Version update

 *   Wed Oct 11 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-3
 -   Add patch "KVM: Don't accept obviously wrong gsi values via
     KVM_IRQFD" to fix CVE-2017-1000252.

 *   Tue Oct 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.53-2
 -   Build hang (at make oldconfig) fix.

 *   Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1
 -   Version update

 *   Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-3
 -   Allow privileged CLONE_NEWUSER from nested user namespaces.

 *   Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-2
 -   Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak)

 *   Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1
 -   Version update

 *   Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-2
 -   Requires coreutils or toybox

 *   Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.47-1
 -   Fix CVE-2017-11600

 *   Tue Aug 22 2017 Anish Swaminathan <anishs@vmware.com> 4.9.43-2
 -   Add missing xen block drivers

 *   Mon Aug 14 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.43-1
 -   Version update
 -   [feature] new sysctl option unprivileged_userns_clone

 *   Wed Aug 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-2
 -   Fix CVE-2017-7542
 -   [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid
     panic on modprobe tcrypt

 *   Mon Aug 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-1
 -   Version update

 *   Fri Aug 04 2017 Bo Gan <ganb@vmware.com> 4.9.38-6
 -   Fix initramfs triggers

 *   Tue Aug 01 2017 Anish Swaminathan <anishs@vmware.com> 4.9.38-5
 -   Allow some algorithms in FIPS mode
 -   Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports
 -   bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree
 -   Enable additional NF features

 *   Fri Jul 21 2017 Anish Swaminathan <anishs@vmware.com> 4.9.38-4
 -   Add patches in Hyperv codebase

 *   Fri Jul 21 2017 Anish Swaminathan <anishs@vmware.com> 4.9.38-3
 -   Add missing hyperv drivers

 *   Thu Jul 20 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.38-2
 -   Disable scheduler beef up patch

 *   Tue Jul 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.38-1
 -   Fix CVE-2017-11176 and CVE-2017-10911

 *   Mon Jul 03 2017 Xiaolin Li <xiaolinl@vmware.com> 4.9.34-3
 -   Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires

 *   Thu Jun 29 2017 Divya Thaluru <dthaluru@vmware.com> 4.9.34-2
 -   Added obsolete for deprecated linux-dev package

 *   Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.34-1
 -   [feature] 9P FS security support
 -   [feature] DM Delay target support
 -   Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605

 *   Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1
 -   Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076
     CVE-2017-9077 and CVE-2017-9242
 -   [feature] IPV6 netfilter NAT table support

 *   Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1
 -   Added ENA driver for AMI
 -   Fix CVE-2017-7487 and CVE-2017-9059

 *   Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2
 -   Enable IPVLAN module.

 *   Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1
 -   Version update

 *   Wed May 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.27-1
 -   Version update

 *   Sun May 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.26-1
 -   Version update
 -   Removed version suffix from config file name

 *   Thu Apr 27 2017 Bo Gan <ganb@vmware.com> 4.9.24-2
 -   Support dynamic initrd generation

 *   Tue Apr 25 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.24-1
 -   Fix CVE-2017-6874 and CVE-2017-7618.
 -   Fix audit-devel BuildRequires.
 -   .config: build nvme and nvme-core in kernel.

 *   Mon Mar 6 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.13-2
 -   .config: NSX requirements for crypto and netfilter

 *   Tue Feb 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.13-1
 -   Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074

 *   Thu Feb 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.9-1
 -   Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546,
     CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576.
 -   .config: added CRYPTO_FIPS support.

 *   Tue Jan 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.2-1
 -   Update to linux-4.9.2 to fix CVE-2016-10088
 -   Move linux-tools.spec to linux.spec as -tools subpackage

 *   Mon Dec 19 2016 Xiaolin Li <xiaolinl@vmware.com> 4.9.0-2
 -   BuildRequires Linux-PAM-devel

 *   Mon Dec 12 2016 Alexey Makhalov <amakhalov@vmware.com> 4.9.0-1
 -   Update to linux-4.9.0
 -   Add paravirt stolen time accounting feature (from linux-esx),
     but disable it by default (no-vmw-sta cmdline parameter)

 *   Thu Dec  8 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-3
 -   net-packet-fix-race-condition-in-packet_set_ring.patch
     to fix CVE-2016-8655

 *   Wed Nov 30 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-2
 -   Expand `uname -r` with release number
 -   Check for build-id matching
 -   Added syscalls tracing support
 -   Compress modules

 *   Mon Nov 28 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-1
 -   Update to linux-4.4.35
 -   vfio-pci-fix-integer-overflows-bitmask-check.patch
     to fix CVE-2016-9083

 *   Tue Nov 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-4
 -   net-9p-vsock.patch

 *   Thu Nov 17 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-3
 -   tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch
     to fix CVE-2015-8964

 *   Tue Nov 15 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-2
 -   .config: add cgrup_hugetlb support
 -   .config: add netfilter_xt_{set,target_ct} support
 -   .config: add netfilter_xt_match_{cgroup,ipvs} support

 *   Thu Nov 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-1
 -   Update to linux-4.4.31

 *   Fri Oct 21 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.26-1
 -   Update to linux-4.4.26

 *   Wed Oct 19 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-6
 -   net-add-recursion-limit-to-GRO.patch
 -   scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch

 *   Tue Oct 18 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-5
 -   ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch
 -   tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch

 *   Mon Oct  3 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-4
 -   Package vmlinux with PROGBITS sections in -debuginfo subpackage

 *   Tue Sep 27 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-3
 -   .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m

 *   Tue Sep 20 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-2
 -   Add -release number for /boot/* files
 -   Use initrd.img with version and release number
 -   Rename -dev subpackage to -devel

 *   Wed Sep  7 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-1
 -   Update to linux-4.4.20

 -   apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch

 -   keys-fix-asn.1-indefinite-length-object-parsing.patch

 *   Thu Aug 25 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-11
 -   vmxnet3 patches to bumpup a version to 1.4.8.0

 *   Wed Aug 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-10
 -   Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch
 -   .config: pmem hotplug + ACPI NFIT support
 -   .config: enable EXPERT mode, disable UID16 syscalls

 *   Thu Jul 07 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-9
 -   .config: pmem + fs_dax support

 *   Fri Jun 17 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-8
 -   patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch
 -   .config: disable rt group scheduling - not supported by systemd
 *   Wed Jun 15 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-7

 -   fixed the capitalization for - System.map

 *   Thu May 26 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-6
 -   patch: REVERT-sched-fair-Beef-up-wake_wide.patch
 *   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.4.8-5
 -   GA - Bump release of all rpms
 *   Mon May 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-4
 -   Fixed generation of debug symbols for kernel modules & vmlinux.

 *   Mon May 23 2016 Divya Thaluru <dthaluru@vmware.com> 4.4.8-3
 -   Added patches to fix CVE-2016-3134, CVE-2016-3135
 *   Wed May 18 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-2
 -   Enabled CONFIG_UPROBES in config as needed by ktap

 *   Wed May 04 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-1
 -   Update to linux-4.4.8
 -   Added net-Drivers-Vmxnet3-set-... patch

 *   Tue May 03 2016 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-27
 -   Compile Intel GigE and VMXNET3 as part of kernel.

 *   Thu Apr 28 2016 Nick Shi <nshi@vmware.com> 4.2.0-26

 -   Compile cramfs.ko to allow mounting cramfs image

 *   Tue Apr 12 2016 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-25
 -   Revert network interface renaming disable in kernel.

 *   Tue Mar 29 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-24
 -   Support kmsg dumping to vmware.log on panic
 -   sunrpc: xs_bind uses ip_local_reserved_ports

 *   Mon Mar 28 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-23
 -   Enabled Regular stack protection in Linux kernel in config

 *   Thu Mar 17 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-22
 -   Restrict the permissions of the /boot/System.map-X file

 *   Fri Mar 04 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-21
 -   Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket.

 *   Wed Mar 02 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-20
 -   Patch: SUNRPC: Ensure that we wait for connections to complete
     before retrying

 *   Fri Feb 26 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-19
 -   Disable watchdog under VMware hypervisor.

 *   Thu Feb 25 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-18
 -   Added rpcsec_gss_krb5 and nfs_fscache

 *   Mon Feb 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-17
 -   Added sysctl param to control weighted_cpuload() behavior

 *   Thu Feb 18 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.0-16

 -   Disabling network renaming

 *   Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15
 -   veth patch: don’t modify ip_summed

 *   Thu Feb 11 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-14
 -   Full tickless -> idle tickless + simple CPU time accounting
 -   SLUB -> SLAB
 -   Disable NUMA balancing
 -   Disable stack protector
 -   No build_forced no-CBs CPUs
 -   Disable Expert configuration mode
 -   Disable most of debug features from 'Kernel hacking'

 *   Mon Feb 08 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-13
 -   Double tcp_mem limits, patch is added.

 *   Wed Feb 03 2016 Anish Swaminathan <anishs@vmware.com>  4.2.0-12
 -   Fixes for CVE-2015-7990/6937 and CVE-2015-8660.

 *   Tue Jan 26 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-11
 -   Revert CONFIG_HZ=250

 *   Fri Jan 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-10
 -   Fix for CVE-2016-0728

 *   Wed Jan 13 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-9
 -   CONFIG_HZ=250

 *   Tue Jan 12 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 4.2.0-8

 -   Remove rootfstype from the kernel parameter.

 *   Mon Jan 04 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-7
 -   Disabled all the tracing options in kernel config.
 -   Disabled preempt.
 -   Disabled sched autogroup.

 *   Thu Dec 17 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-6

 -   Enabled kprobe for systemtap & disabled dynamic function tracing in config
 *   Fri Dec 11 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-5
 -   Added oprofile kernel driver sub-package.

 *   Fri Nov 13 2015 Mahmoud Bassiouny <mbassiouny@vmware.com> 4.2.0-4
 -   Change the linux image directory.

 *   Wed Nov 11 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-3
 -   Added the build essential files in the dev sub-package.
 *   Mon Nov 09 2015 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-2
 -   Enable Geneve module support for generic kernel.
 *   Fri Oct 23 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-1

 -   Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode.

 *   Tue Sep 22 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.0.9-5
 -   Added driver support for frame buffer devices and ACPI

 *   Wed Sep 2 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-4
 -   Added mouse ps/2 module.

 *   Fri Aug 14 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-3
 -   Use photon.cfg as a symlink.

 *   Thu Aug 13 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-2

 -   Added environment file(photon.cfg) for grub.

 *   Wed Aug 12 2015 Sharath George <sharathg@vmware.com> 4.0.9-1
 -   Upgrading kernel version.

 *   Wed Aug 12 2015 Alexey Makhalov <amakhalov@vmware.com> 3.19.2-5
 -   Updated OVT to version 10.0.0.
 -   Rename -gpu-drivers to -drivers-gpu in accordance to directory structure.
 -   Added -sound package/

 *   Tue Aug 11 2015 Anish Swaminathan<anishs@vmware.com> 3.19.2-4

 -   Removed Requires dependencies.

 *   Fri Jul 24 2015 Harish Udaiya Kumar <hudaiyakumar@gmail.com> 3.19.2-3
 -   Updated the config file to include graphics drivers.

 *   Mon May 18 2015 Touseef Liaqat <tliaqat@vmware.com> 3.13.3-2
 -   Update according to UsrMove.

 *   Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 3.13.3-1
 -   Initial build. First version