%global security_hardening none
Summary: Kernel
Name: linux
Version: 4.4.146
Release: 1%{?kat_build:.%kat_build}%{?dist}
License: GPLv2
URL: http://www.kernel.org/
Group: System Environment/Kernel
Vendor: VMware, Inc.
Distribution: Photon
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz
%define sha1 linux=e1f85bb95eb77f49ec9e0fe680ee287732c0ab3b
Source1: config
%define ena_version 1.1.3
Source2: https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz
%define sha1 ena_linux=84138e8d7eb230b45cb53835edf03ca08043d471
Patch0: double-tcp_mem-limits.patch
Patch1: linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch
Patch2: linux-4.4-watchdog-Disable-watchdog-on-virtual-machines.patch
Patch3: SUNRPC-Do-not-reuse-srcport-for-TIME_WAIT-socket.patch
Patch4: 06-sunrpc.patch
Patch5: vmware-log-kmsg-dump-on-panic.patch
Patch6: vmxnet3-1.4.6.0-update-rx-ring2-max-size.patch
Patch7: vmxnet3-1.4.6.0-avoid-calling-pskb_may_pull-with-interrupts-disabled.patch
#for linux-tools
Patch8: perf-top-sigsegv-fix.patch
Patch9: REVERT-sched-fair-Beef-up-wake_wide.patch
Patch10: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch
Patch12: vmxnet3-1.4.6.0-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch
Patch13: vmxnet3-1.4.7.0-set-CHECKSUM_UNNECESSARY-for-IPv6-packets.patch
Patch14: vmxnet3-1.4.8.0-segCnt-can-be-1-for-LRO-packets.patch
#fixes CVE-2016-6187
Patch15: apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch
Patch16: vsock-transport-for-9p.patch
#allow some algorithms in FIPS mode
Patch17: 0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch
Patch18: 0002-allow-also-ecb-cipher_null.patch
# Fixes for CVE-2018-1000026
Patch19: 0001-net-create-skb_gso_validate_mac_len.patch
Patch20: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch
# Fix for CVE-2018-8043
Patch22: 0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch
# Fix for CVE-2017-18241
Patch25: 0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch
Patch26: Implement-the-f-xattrat-family-of-functions.patch
Patch27: 0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch
# Fix for CVE-2017-18232
Patch28: 0001-scsi-libsas-direct-call-probe-and-destruct.patch
# Fix for CVE-2018-10323
Patch29: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
# Fix for CVE-2017-18249 (following 4 patches)
Patch30: 0001-f2fs-cover-more-area-with-nat_tree_lock.patch
Patch31: 0002-Revert-f2fs-check-the-node-block-address-of-newly-al.patch
Patch32: 0003-f2fs-remove-an-obsolete-variable.patch
Patch33: 0004-f2fs-fix-race-condition-in-between-free-nid-allocato.patch
# Fix for CVE-2018-10322 (following 8 patches)
Patch34: 0001-xfs-add-missing-include-dependencies-to-xfs_dir2.h.patch
Patch35: 0002-xfs-replace-xfs_mode_to_ftype-table-with-switch-stat.patch
Patch36: 0003-xfs-fix-xfs_mode_to_ftype-prototype.patch
Patch37: 0004-xfs-sanity-check-directory-inode-di_size.patch
Patch38: 0005-xfs-sanity-check-inode-di_mode.patch
Patch39: 0006-xfs-verify-dinode-header-first.patch
Patch40: 0007-xfs-move-inode-fork-verifiers-to-xfs_dinode_verify.patch
Patch41: 0008-xfs-enhance-dinode-verifier.patch
# For Spectre
Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch
Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch
%if 0%{?kat_build:1}
Patch1000: %{kat_build}.patch
%endif
BuildRequires: bc
BuildRequires: kbd
BuildRequires: kmod
BuildRequires: glib-devel
BuildRequires: xerces-c-devel
BuildRequires: xml-security-c-devel
BuildRequires: libdnet
BuildRequires: libmspack
BuildRequires: Linux-PAM
BuildRequires: openssl-devel audit-devel
BuildRequires: procps-ng-devel
BuildRequires: elfutils-libelf-devel
Requires: filesystem kmod coreutils
%define uname_r %{version}-%{release}
%description
The Linux package contains the Linux kernel.
%package dev
Summary: Kernel Dev
Group: System Environment/Kernel
Provides: linux-devel = %{version}-%{release}
Requires: %{name} = %{version}-%{release}
Requires: python2
%description dev
The Linux package contains the Linux kernel dev files
%package drivers-gpu
Summary: Kernel GPU Drivers
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release}
%description drivers-gpu
The Linux package contains the Linux kernel drivers for GPU
%package sound
Summary: Kernel Sound modules
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release}
%description sound
The Linux package contains the Linux kernel sound support
%package docs
Summary: Kernel docs
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release}
Requires: python2
%description docs
The Linux package contains the Linux kernel doc files
%package oprofile
Summary: Kernel driver for oprofile, a statistical profiler for Linux systems
Group: System Environment/Kernel
Requires: %{name} = %{version}-%{release}
%description oprofile
Kernel driver for oprofile, a statistical profiler for Linux systems
%package tools
Summary: This package contains the 'perf' performance analysis tools for Linux kernel
Group: System/Tools
Requires: audit
Requires: %{name} = %{version}-%{release}
%description tools
This package contains the 'perf' performance analysis tools for Linux kernel.
%prep
%setup -q
%setup -D -b 2
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch22 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
%patch67 -p1
%patch70 -p1
%if 0%{?kat_build:1}
%patch1000 -p1
%endif
%build
make mrproper
cp %{SOURCE1} .config
sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{release}"/' .config
make LC_ALL= oldconfig
make VERBOSE=1 KBUILD_BUILD_VERSION="1-photon" KBUILD_BUILD_HOST="photon" ARCH="x86_64" %{?_smp_mflags}
make -C tools perf
# build ENA module
bldroot=`pwd`
pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena
make -C $bldroot M=`pwd` VERBOSE=1 modules %{?_smp_mflags}
popd
%define __modules_install_post \
find %{buildroot}/lib/modules/%{uname_r} -name *.ko | xargs xz \
%{nil}
%define __modules_install_post \
for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \
./scripts/sign-file sha512 certs/signing_key.pem certs/signing_key.x509 $MODULE \
rm -f $MODULE.{sig,dig} \
xz $MODULE \
done \
%{nil}
# We want to compress modules after stripping. Extra step is added to
# the default __spec_install_post.
%define __spec_install_post\
%{?__debug_package:%{__debug_install_post}}\
%{__arch_install_post}\
%{__os_install_post}\
%{__modules_install_post}\
%{nil}
%install
install -vdm 755 %{buildroot}/etc
install -vdm 755 %{buildroot}/boot
install -vdm 755 %{buildroot}%{_defaultdocdir}/%{name}-%{uname_r}
install -vdm 755 %{buildroot}/etc/modprobe.d
install -vdm 755 %{buildroot}/usr/src/%{name}-headers-%{uname_r}
install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}
make INSTALL_MOD_PATH=%{buildroot} modules_install
# install ENA module
bldroot=`pwd`
pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena
make -C $bldroot M=`pwd` INSTALL_MOD_PATH=%{buildroot} modules_install
popd
# Verify for build-id match
# We observe different IDs sometimes
# TODO: debug it
ID1=`readelf -n vmlinux | grep "Build ID"`
./scripts/extract-vmlinux arch/x86/boot/bzImage > extracted-vmlinux
ID2=`readelf -n extracted-vmlinux | grep "Build ID"`
if [ "$ID1" != "$ID2" ] ; then
echo "Build IDs do not match"
echo $ID1
echo $ID2
exit 1
fi
install -vm 644 arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r}
# Restrict the permission on System.map-X file
install -vm 400 System.map %{buildroot}/boot/System.map-%{uname_r}
install -vm 644 .config %{buildroot}/boot/config-%{uname_r}
cp -r Documentation/* %{buildroot}%{_defaultdocdir}/%{name}-%{uname_r}
install -vm 644 vmlinux %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r}
# `perf test vmlinux` needs it
ln -s vmlinux-%{uname_r} %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}/vmlinux
cat > %{buildroot}/boot/%{name}-%{uname_r}.cfg << "EOF"
# GRUB Environment Block
photon_cmdline=init=/lib/systemd/systemd ro loglevel=3 quiet plymouth.enable=0
photon_linux=vmlinuz-%{uname_r}
photon_initrd=initrd.img-%{uname_r}
EOF
# Cleanup dangling symlinks
rm -rf %{buildroot}/lib/modules/%{uname_r}/source
rm -rf %{buildroot}/lib/modules/%{uname_r}/build
find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
find arch/x86/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
find $(find arch/x86 -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
find arch/x86/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}/usr/src/%{name}-headers-%{uname_r}' copy
cp .config %{buildroot}/usr/src/%{name}-headers-%{uname_r} # copy .config manually to be where it's expected to be
ln -sf "/usr/src/%{name}-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build"
find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x
# disable (JOBS=1) parallel build to fix this issue:
# fixdep: error opening depfile: ./.plugin_cfg80211.o.d: No such file or directory
# Linux version that was affected is 4.4.26
make -C tools JOBS=1 DESTDIR=%{buildroot} prefix=%{_prefix} perf_install
%post
/sbin/depmod -aq %{uname_r}
ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
%post drivers-gpu
/sbin/depmod -aq %{uname_r}
%post sound
/sbin/depmod -aq %{uname_r}
%post oprofile
/sbin/depmod -aq %{uname_r}
%files
%defattr(-,root,root)
/boot/System.map-%{uname_r}
/boot/config-%{uname_r}
/boot/vmlinuz-%{uname_r}
%config(noreplace) /boot/%{name}-%{uname_r}.cfg
/lib/firmware/*
%defattr(0644,root,root)
/lib/modules/%{uname_r}/*
%exclude /lib/modules/%{uname_r}/build
%exclude /lib/modules/%{uname_r}/kernel/drivers/gpu
%exclude /lib/modules/%{uname_r}/kernel/sound
%exclude /lib/modules/%{uname_r}/kernel/arch/x86/oprofile/
%files docs
%defattr(-,root,root)
%{_defaultdocdir}/%{name}-%{uname_r}/*
%files dev
%defattr(-,root,root)
/lib/modules/%{uname_r}/build
/usr/src/%{name}-headers-%{uname_r}
%files drivers-gpu
%defattr(-,root,root)
%exclude /lib/modules/%{uname_r}/kernel/drivers/gpu/drm/cirrus/
/lib/modules/%{uname_r}/kernel/drivers/gpu
%files sound
%defattr(-,root,root)
/lib/modules/%{uname_r}/kernel/sound
%files oprofile
%defattr(-,root,root)
/lib/modules/%{uname_r}/kernel/arch/x86/oprofile/
%files tools
%defattr(-,root,root)
/usr/libexec
/usr/lib64/traceevent
%{_bindir}
/etc/bash_completion.d/*
/usr/share/perf-core
%changelog
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.146-1
- Update to version 4.4.146
* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.145-1
- Update to version 4.4.145 and clear stack on fork.
* Thu Jul 26 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.144-1
- Update to version 4.4.144 and fix CVE-2018-10322
* Mon Jul 16 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.140-1
- Update to version 4.4.140 and fix CVE-2017-18249
* Wed Jul 11 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.139-3
- Use AppArmor security module by default.
* Tue Jul 10 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.139-2
- Fix CVE-2017-18232 and CVE-2018-10323.
* Tue Jul 03 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.139-1
- Update to version 4.4.139
* Thu Jun 28 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.138-2
- Add rdrand-based RNG driver to enhance kernel entropy.
* Mon Jun 25 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.138-1
- Update to version 4.4.138
* Thu Jun 14 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.137-2
- Add more spectre mitigations (IBPB/IBRS) and support for SSBD.
* Wed Jun 13 2018 Alexey Makhalov <amakhalov@vmware.com> 4.4.137-1
- Update to version 4.4.137. Fix panic in kprobe.
* Mon May 21 2018 Bo Gan <ganb@vmware.com> 4.4.131-3
- Implement the f*xattrat family of syscalls (Previously linux-esx only)
* Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.131-2
- Fix CVE-2018-8043, CVE-2017-18216, CVE-2018-8087, CVE-2017-18241.
* Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.131-1
- Update to version 4.4.131
* Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.130-2
- Fix CVE-2017-18255.
* Mon Apr 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.130-1
- Update to version 4.4.130 and fix CVE-2018-1000026.
* Thu Apr 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-2
- Add full retpoline support by building with retpoline-enabled gcc.
* Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1
- Update to version 4.4.124
* Thu Mar 08 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.4.115-2
- Add build dependency of libelf. Needed by perf to resolve symbols.
* Mon Feb 05 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.115-1
- Update to version 4.4.115
* Wed Jan 31 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.114-1
- Update version to 4.4.114
* Fri Jan 26 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.113-1
- Update version to 4.4.113.
* Fri Jan 19 2018 Bo Gan <ganb@vmware.com> 4.4.112-1
- Version update to 4.4.112
* Wed Jan 10 2018 Bo Gan <ganb@vmware.com> 4.4.111-1
- Version update to 4.4.111
* Mon Jan 08 2018 Bo Gan <ganb@vmware.com> 4.4.110-2
- Initial Spectre fix
- Add Observable speculation barrier
- Clear unused register upon syscall entry
* Fri Jan 05 2018 Anish Swaminathan <anishs@vmware.com> 4.4.110-1
- Version update to 4.4.110
* Thu Jan 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-3
- Update vsock transport for 9p with newer version.
* Wed Jan 03 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-2
- Fix SMB3 mount regression.
* Tue Jan 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-1
- Version update
- Add patches to fix CVE-2017-8824, CVE-2017-17448 and CVE-2017-17450.
* Tue Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.106-1
- Version update
* Tue Dec 12 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.104-2
- KAT build support
* Fri Dec 08 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.104-1
- Version update
* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.103-1
- Version update
* Mon Nov 20 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.99-1
- Version update
* Tue Nov 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.96-1
- Version update
* Mon Oct 16 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.92-1
- Version update
* Mon Oct 16 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.88-2
- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak)
* Fri Sep 22 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.88-1
- Version update
* Mon Sep 04 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.86-1
- Fix CVE-2017-11600
* Thu Aug 17 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.82-2
- .config: disable XEN_BALLOON_MEMORY_HOTPLUG
* Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.82-1
- Version update
* Fri Aug 11 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.81-1
- Version update
* Tue Aug 08 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.79-2
- Fix CVE-2017-10911, CVE-2017-7542
- [bugfix] Added ccm,gcm,ghash,zlib,lzo crypto modules to avoid
panic on modprobe tcrypt
* Wed Aug 02 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.79-1
- Fix CVE-2017-11473
* Tue Aug 01 2017 Anish Swaminathan <anishs@vmware.com> 4.4.77-2
- Allow some algorithms in FIPS mode
- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports
- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree
* Mon Jul 17 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.77-1
- Fix CVE-2017-11176
* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.74-1
- [feature] 9P FS security support
- [feature] DM Delay target support
- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605
* Mon Jun 19 2017 Anish Swaminathan <anishs@vmware.com> 4.4.71-2
- [feature] IPV6 netfilter NAT masquerade, security support
* Wed Jun 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.71-1
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076
CVE-2017-9077 and CVE-2017-9242
* Tue Jun 6 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.70-3
- [feature] IPV6 netfilter NAT table support
* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.70-2
- Added ENA driver for AMI
* Thu May 25 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.70-1
- Fix CVE-2017-7487 and CVE-2017-9059
* Tue May 9 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.67-1
- Version update
- Sign and compress modules after stripping. fips=1 requires signed modules
- Removed version suffix from config file name
* Tue May 2 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.65-1
- Version update, remove upstreamed patches
- Added crypto modules for NSX
- Move linux-tools as a -tools subpackage
* Thu Apr 27 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.64-1
- Fix CVE-2017-7889
- Fix Bug #1852790
* Thu Apr 20 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.62-1
- Fix CVE-2017-2671 and CVE-2017-7618
* Mon Apr 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.60-1
- Fix CVE-2017-7184, CVE-2017-7187, CVE-2017-7294,
CVE-2017-7308 and CVE-2017-7346
* Wed Mar 15 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.54-1
- Update to linux-4.4.54 to fix CVE-2017-6346 and CVE-2017-6347
* Thu Feb 23 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.51-1
- Update to linux-4.4.51 and apply a patch to fix
CVE-2017-5986 and CVE-2017-6074
* Wed Feb 1 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.41-2
- .config: added MODULES_SIG, CRYPTO_FIPS support.
* Mon Jan 9 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.41-1
- Update to linux-4.4.41
to fix CVE-2016-10088, CVE-2016-9793 and CVE-2016-9576
* Thu Dec 8 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-3
- net-packet-fix-race-condition-in-packet_set_ring.patch
to fix CVE-2016-8655
* Wed Nov 30 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-2
- Expand `uname -r` with release number
- Check for build-id matching
- Added syscalls tracing support
- Compress modules
* Mon Nov 28 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-1
- Update to linux-4.4.35
- vfio-pci-fix-integer-overflows-bitmask-check.patch
to fix CVE-2016-9083
* Tue Nov 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-4
- net-9p-vsock.patch
* Thu Nov 17 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-3
- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch
to fix CVE-2015-8964
* Tue Nov 15 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-2
- .config: add cgrup_hugetlb support
- .config: add netfilter_xt_{set,target_ct} support
- .config: add netfilter_xt_match_{cgroup,ipvs} support
* Thu Nov 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-1
- Update to linux-4.4.31
* Fri Oct 21 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.26-1
- Update to linux-4.4.26
* Wed Oct 19 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-6
- net-add-recursion-limit-to-GRO.patch
- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch
* Tue Oct 18 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-5
- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch
- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch
* Mon Oct 3 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-4
- Package vmlinux with PROGBITS sections in -debuginfo subpackage
* Tue Sep 27 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-3
- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m
* Tue Sep 20 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-2
- Add -release number for /boot/* files
- Use initrd.img with version and release number
* Wed Sep 7 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-1
- Update to linux-4.4.20
- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch
- keys-fix-asn.1-indefinite-length-object-parsing.patch
* Thu Aug 25 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-11
- vmxnet3 patches to bumpup a version to 1.4.8.0
* Wed Aug 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-10
- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch
- .config: pmem hotplug + ACPI NFIT support
- .config: enable EXPERT mode, disable UID16 syscalls
* Thu Jul 07 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-9
- .config: pmem + fs_dax support
* Fri Jun 17 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-8
- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch
- .config: disable rt group scheduling - not supported by systemd
* Wed Jun 15 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-7
- fixed the capitalization for - System.map
* Thu May 26 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-6
- patch: REVERT-sched-fair-Beef-up-wake_wide.patch
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.4.8-5
- GA - Bump release of all rpms
* Mon May 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-4
- Fixed generation of debug symbols for kernel modules & vmlinux.
* Mon May 23 2016 Divya Thaluru <dthaluru@vmware.com> 4.4.8-3
- Added patches to fix CVE-2016-3134, CVE-2016-3135
* Wed May 18 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-2
- Enabled CONFIG_UPROBES in config as needed by ktap
* Wed May 04 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-1
- Update to linux-4.4.8
- Added net-Drivers-Vmxnet3-set-... patch
* Tue May 03 2016 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-27
- Compile Intel GigE and VMXNET3 as part of kernel.
* Thu Apr 28 2016 Nick Shi <nshi@vmware.com> 4.2.0-26
- Compile cramfs.ko to allow mounting cramfs image
* Tue Apr 12 2016 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-25
- Revert network interface renaming disable in kernel.
* Tue Mar 29 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-24
- Support kmsg dumping to vmware.log on panic
- sunrpc: xs_bind uses ip_local_reserved_ports
* Mon Mar 28 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-23
- Enabled Regular stack protection in Linux kernel in config
* Thu Mar 17 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-22
- Restrict the permissions of the /boot/System.map-X file
* Fri Mar 04 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-21
- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket.
* Wed Mar 02 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-20
- Patch: SUNRPC: Ensure that we wait for connections to complete
before retrying
* Fri Feb 26 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-19
- Disable watchdog under VMware hypervisor.
* Thu Feb 25 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-18
- Added rpcsec_gss_krb5 and nfs_fscache
* Mon Feb 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-17
- Added sysctl param to control weighted_cpuload() behavior
* Thu Feb 18 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.0-16
- Disabling network renaming
* Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15
- veth patch: don’t modify ip_summed
* Thu Feb 11 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-14
- Full tickless -> idle tickless + simple CPU time accounting
- SLUB -> SLAB
- Disable NUMA balancing
- Disable stack protector
- No build_forced no-CBs CPUs
- Disable Expert configuration mode
- Disable most of debug features from 'Kernel hacking'
* Mon Feb 08 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-13
- Double tcp_mem limits, patch is added.
* Wed Feb 03 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-12
- Fixes for CVE-2015-7990/6937 and CVE-2015-8660.
* Tue Jan 26 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-11
- Revert CONFIG_HZ=250
* Fri Jan 22 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-10
- Fix for CVE-2016-0728
* Wed Jan 13 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-9
- CONFIG_HZ=250
* Tue Jan 12 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 4.2.0-8
- Remove rootfstype from the kernel parameter.
* Mon Jan 04 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-7
- Disabled all the tracing options in kernel config.
- Disabled preempt.
- Disabled sched autogroup.
* Thu Dec 17 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-6
- Enabled kprobe for systemtap & disabled dynamic function tracing in config
* Fri Dec 11 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-5
- Added oprofile kernel driver sub-package.
* Fri Nov 13 2015 Mahmoud Bassiouny <mbassiouny@vmware.com> 4.2.0-4
- Change the linux image directory.
* Wed Nov 11 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-3
- Added the build essential files in the dev sub-package.
* Mon Nov 09 2015 Vinay Kulkarni <kulkarniv@vmware.com> 4.2.0-2
- Enable Geneve module support for generic kernel.
* Fri Oct 23 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.0-1
- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode.
* Tue Sep 22 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.0.9-5
- Added driver support for frame buffer devices and ACPI
* Wed Sep 2 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-4
- Added mouse ps/2 module.
* Fri Aug 14 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-3
- Use photon.cfg as a symlink.
* Thu Aug 13 2015 Alexey Makhalov <amakhalov@vmware.com> 4.0.9-2
- Added environment file(photon.cfg) for grub.
* Wed Aug 12 2015 Sharath George <sharathg@vmware.com> 4.0.9-1
- Upgrading kernel version.
* Wed Aug 12 2015 Alexey Makhalov <amakhalov@vmware.com> 3.19.2-5
- Updated OVT to version 10.0.0.
- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure.
- Added -sound package/
* Tue Aug 11 2015 Anish Swaminathan<anishs@vmware.com> 3.19.2-4
- Removed Requires dependencies.
* Fri Jul 24 2015 Harish Udaiya Kumar <hudaiyakumar@gmail.com> 3.19.2-3
- Updated the config file to include graphics drivers.
* Mon May 18 2015 Touseef Liaqat <tliaqat@vmware.com> 3.13.3-2
- Update according to UsrMove.
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 3.13.3-1
- Initial build. First version