@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.9.111

+Version:	4.9.114

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=4130f2b7979e04c94bef21755d413560961311a3

+%define sha1 linux=e6fd3e5317a88f945e26c85471d0152e062f2d99

 BuildArch:	noarch

 Patch0:         Implement-the-f-xattrat-family-of-functions.patch

 %description

@@ -27,6 +27,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Mon Jul 23 2018 srinidhira0 <srinidhir@vmware.com> 4.9.114-1

+-   Update to version 4.9.114

 *   Sat Jul 07 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.111-1

 -   Update to version 4.9.111

 *   Thu Jun 21 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.109-1

deleted file mode 100644

@@ -1,121 +0,0 @@

-From 3e4c56d41eef5595035872a2ec5a483f42e8917f Mon Sep 17 00:00:00 2001

-From: alex chen <alex.chen@huawei.com>

-Date: Wed, 15 Nov 2017 17:31:44 -0800

-Subject: [PATCH] ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()

-

-ip_alloc_sem should be taken in ocfs2_get_block() when reading file in

-DIRECT mode to prevent concurrent access to extent tree with

-ocfs2_dio_end_io_write(), which may cause BUGON in the following

-situation:

-

-read file 'A'                                  end_io of writing file 'A'

-vfs_read

- __vfs_read

-  ocfs2_file_read_iter

-   generic_file_read_iter

-    ocfs2_direct_IO

-     __blockdev_direct_IO

-      do_blockdev_direct_IO

-       do_direct_IO

-        get_more_blocks

-         ocfs2_get_block

-          ocfs2_extent_map_get_blocks

-           ocfs2_get_clusters

-            ocfs2_get_clusters_nocache()

-             ocfs2_search_extent_list

-              return the index of record which

-              contains the v_cluster, that is

-              v_cluster > rec[i]->e_cpos.

-                                                ocfs2_dio_end_io

-                                                 ocfs2_dio_end_io_write

-                                                  down_write(&oi->ip_alloc_sem);

-                                                  ocfs2_mark_extent_written

-                                                   ocfs2_change_extent_flag

-                                                    ocfs2_split_extent

-                                                     ...

-                                                 --> modify the rec[i]->e_cpos, resulting

-                                                     in v_cluster < rec[i]->e_cpos.

-             BUG_ON(v_cluster < le32_to_cpu(rec->e_cpos))

-

-[alex.chen@huawei.com: v3]

-  Link: http://lkml.kernel.org/r/59EF3614.6050008@huawei.com

-Link: http://lkml.kernel.org/r/59EF3614.6050008@huawei.com

-Fixes: c15471f79506 ("ocfs2: fix sparse file & data ordering issue in direct io")

-Signed-off-by: Alex Chen <alex.chen@huawei.com>

-Reviewed-by: Jun Piao <piaojun@huawei.com>

-Reviewed-by: Joseph Qi <jiangqi903@gmail.com>

-Reviewed-by: Gang He <ghe@suse.com>

-Acked-by: Changwei Ge <ge.changwei@h3c.com>

-Cc: Mark Fasheh <mfasheh@versity.com>

-Cc: Joel Becker <jlbec@evilplan.org>

-Cc: Junxiao Bi <junxiao.bi@oracle.com>

-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

- fs/ocfs2/aops.c | 26 ++++++++++++++++++--------

- 1 file changed, 18 insertions(+), 8 deletions(-)

-

-diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c

-index f2961b1..c26d046 100644

-+++ b/fs/ocfs2/aops.c

-@@ -134,6 +134,19 @@ static int ocfs2_symlink_get_block(struct inode *inode, sector_t iblock,

- 	return err;

- }

- 

-+static int ocfs2_lock_get_block(struct inode *inode, sector_t iblock,

-+		    struct buffer_head *bh_result, int create)

-+{

-+	int ret = 0;

-+	struct ocfs2_inode_info *oi = OCFS2_I(inode);

-+

-+	down_read(&oi->ip_alloc_sem);

-+	ret = ocfs2_get_block(inode, iblock, bh_result, create);

-+	up_read(&oi->ip_alloc_sem);

-+

-+	return ret;

-+}

-+

- int ocfs2_get_block(struct inode *inode, sector_t iblock,

- 		    struct buffer_head *bh_result, int create)

- {

-@@ -2120,7 +2133,7 @@ static void ocfs2_dio_free_write_ctx(struct inode *inode,

-  * called like this: dio->get_blocks(dio->inode, fs_startblk,

-  * 					fs_count, map_bh, dio->rw == WRITE);

-  */

--static int ocfs2_dio_get_block(struct inode *inode, sector_t iblock,

-+static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock,

- 			       struct buffer_head *bh_result, int create)

- {

- 	struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);

-@@ -2146,12 +2159,9 @@ static int ocfs2_dio_get_block(struct inode *inode, sector_t iblock,

- 	 * while file size will be changed.

- 	 */

- 	if (pos + total_len <= i_size_read(inode)) {

--		down_read(&oi->ip_alloc_sem);

--		/* This is the fast path for re-write. */

--		ret = ocfs2_get_block(inode, iblock, bh_result, create);

--

--		up_read(&oi->ip_alloc_sem);

- 

-+		/* This is the fast path for re-write. */

-+		ret = ocfs2_lock_get_block(inode, iblock, bh_result, create);

- 		if (buffer_mapped(bh_result) &&

- 		    !buffer_new(bh_result) &&

- 		    ret == 0)

-@@ -2416,9 +2426,9 @@ static ssize_t ocfs2_direct_IO(struct kiocb *iocb, struct iov_iter *iter)

- 		return 0;

- 

- 	if (iov_iter_rw(iter) == READ)

--		get_block = ocfs2_get_block;

-+		get_block = ocfs2_lock_get_block;

- 	else

--		get_block = ocfs2_dio_get_block;

-+		get_block = ocfs2_dio_wr_get_block;

- 

- 	return __blockdev_direct_IO(iocb, inode, inode->i_sb->s_bdev,

- 				    iter, get_block,

-2.7.4

-

deleted file mode 100644

@@ -1,208 +0,0 @@

-From 853bc26a7ea39e354b9f8889ae7ad1492ffa28d2 Mon Sep 17 00:00:00 2001

-From: alex chen <alex.chen@huawei.com>

-Date: Wed, 15 Nov 2017 17:31:48 -0800

-Subject: [PATCH] ocfs2: subsystem.su_mutex is required while accessing the

- item->ci_parent

-

-The subsystem.su_mutex is required while accessing the item->ci_parent,

-otherwise, NULL pointer dereference to the item->ci_parent will be

-triggered in the following situation:

-

-add node                     delete node

-sys_write

- vfs_write

-  configfs_write_file

-   o2nm_node_store

-    o2nm_node_local_write

-                             do_rmdir

-                              vfs_rmdir

-                               configfs_rmdir

-                                mutex_lock(&subsys->su_mutex);

-                                unlink_obj

-                                 item->ci_group = NULL;

-                                 item->ci_parent = NULL;

-	 to_o2nm_cluster_from_node

-	  node->nd_item.ci_parent->ci_parent

-	  BUG since of NULL pointer dereference to nd_item.ci_parent

-

-Moreover, the o2nm_cluster also should be protected by the

-subsystem.su_mutex.

-

-[alex.chen@huawei.com: v2]

-  Link: http://lkml.kernel.org/r/59EEAA69.9080703@huawei.com

-Link: http://lkml.kernel.org/r/59E9B36A.10700@huawei.com

-Signed-off-by: Alex Chen <alex.chen@huawei.com>

-Reviewed-by: Jun Piao <piaojun@huawei.com>

-Reviewed-by: Joseph Qi <jiangqi903@gmail.com>

-Cc: Mark Fasheh <mfasheh@versity.com>

-Cc: Joel Becker <jlbec@evilplan.org>

-Cc: Junxiao Bi <junxiao.bi@oracle.com>

-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

- fs/ocfs2/cluster/nodemanager.c | 63 ++++++++++++++++++++++++++++++++++++------

- 1 file changed, 55 insertions(+), 8 deletions(-)

-

-diff --git a/fs/ocfs2/cluster/nodemanager.c b/fs/ocfs2/cluster/nodemanager.c

-index a51200e..da64c3a2 100644

-+++ b/fs/ocfs2/cluster/nodemanager.c

-@@ -40,6 +40,9 @@ char *o2nm_fence_method_desc[O2NM_FENCE_METHODS] = {

- 		"panic",	/* O2NM_FENCE_PANIC */

- };

- 

-+static inline void o2nm_lock_subsystem(void);

-+static inline void o2nm_unlock_subsystem(void);

-+

- struct o2nm_node *o2nm_get_node_by_num(u8 node_num)

- {

- 	struct o2nm_node *node = NULL;

-@@ -181,7 +184,10 @@ static struct o2nm_cluster *to_o2nm_cluster_from_node(struct o2nm_node *node)

- {

- 	/* through the first node_set .parent

- 	 * mycluster/nodes/mynode == o2nm_cluster->o2nm_node_group->o2nm_node */

--	return to_o2nm_cluster(node->nd_item.ci_parent->ci_parent);

-+	if (node->nd_item.ci_parent)

-+		return to_o2nm_cluster(node->nd_item.ci_parent->ci_parent);

-+	else

-+		return NULL;

- }

- 

- enum {

-@@ -194,7 +200,7 @@ static ssize_t o2nm_node_num_store(struct config_item *item, const char *page,

- 				   size_t count)

- {

- 	struct o2nm_node *node = to_o2nm_node(item);

--	struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node);

-+	struct o2nm_cluster *cluster;

- 	unsigned long tmp;

- 	char *p = (char *)page;

- 	int ret = 0;

-@@ -214,6 +220,13 @@ static ssize_t o2nm_node_num_store(struct config_item *item, const char *page,

- 	    !test_bit(O2NM_NODE_ATTR_PORT, &node->nd_set_attributes))

- 		return -EINVAL; /* XXX */

- 

-+	o2nm_lock_subsystem();

-+	cluster = to_o2nm_cluster_from_node(node);

-+	if (!cluster) {

-+		o2nm_unlock_subsystem();

-+		return -EINVAL;

-+	}

-+

- 	write_lock(&cluster->cl_nodes_lock);

- 	if (cluster->cl_nodes[tmp])

- 		ret = -EEXIST;

-@@ -226,6 +239,8 @@ static ssize_t o2nm_node_num_store(struct config_item *item, const char *page,

- 		set_bit(tmp, cluster->cl_nodes_bitmap);

- 	}

- 	write_unlock(&cluster->cl_nodes_lock);

-+	o2nm_unlock_subsystem();

-+

- 	if (ret)

- 		return ret;

- 

-@@ -269,7 +284,7 @@ static ssize_t o2nm_node_ipv4_address_store(struct config_item *item,

- 					    size_t count)

- {

- 	struct o2nm_node *node = to_o2nm_node(item);

--	struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node);

-+	struct o2nm_cluster *cluster;

- 	int ret, i;

- 	struct rb_node **p, *parent;

- 	unsigned int octets[4];

-@@ -286,6 +301,13 @@ static ssize_t o2nm_node_ipv4_address_store(struct config_item *item,

- 		be32_add_cpu(&ipv4_addr, octets[i] << (i * 8));

- 	}

- 

-+	o2nm_lock_subsystem();

-+	cluster = to_o2nm_cluster_from_node(node);

-+	if (!cluster) {

-+		o2nm_unlock_subsystem();

-+		return -EINVAL;

-+	}

-+

- 	ret = 0;

- 	write_lock(&cluster->cl_nodes_lock);

- 	if (o2nm_node_ip_tree_lookup(cluster, ipv4_addr, &p, &parent))

-@@ -298,6 +320,8 @@ static ssize_t o2nm_node_ipv4_address_store(struct config_item *item,

- 		rb_insert_color(&node->nd_ip_node, &cluster->cl_node_ip_tree);

- 	}

- 	write_unlock(&cluster->cl_nodes_lock);

-+	o2nm_unlock_subsystem();

-+

- 	if (ret)

- 		return ret;

- 

-@@ -315,7 +339,7 @@ static ssize_t o2nm_node_local_store(struct config_item *item, const char *page,

- 				     size_t count)

- {

- 	struct o2nm_node *node = to_o2nm_node(item);

--	struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node);

-+	struct o2nm_cluster *cluster;

- 	unsigned long tmp;

- 	char *p = (char *)page;

- 	ssize_t ret;

-@@ -333,17 +357,26 @@ static ssize_t o2nm_node_local_store(struct config_item *item, const char *page,

- 	    !test_bit(O2NM_NODE_ATTR_PORT, &node->nd_set_attributes))

- 		return -EINVAL; /* XXX */

- 

-+	o2nm_lock_subsystem();

-+	cluster = to_o2nm_cluster_from_node(node);

-+	if (!cluster) {

-+		ret = -EINVAL;

-+		goto out;

-+	}

-+

- 	/* the only failure case is trying to set a new local node

- 	 * when a different one is already set */

- 	if (tmp && tmp == cluster->cl_has_local &&

--	    cluster->cl_local_node != node->nd_num)

--		return -EBUSY;

-+	    cluster->cl_local_node != node->nd_num) {

-+		ret = -EBUSY;

-+		goto out;

-+	}

- 

- 	/* bring up the rx thread if we're setting the new local node. */

- 	if (tmp && !cluster->cl_has_local) {

- 		ret = o2net_start_listening(node);

- 		if (ret)

--			return ret;

-+			goto out;

- 	}

- 

- 	if (!tmp && cluster->cl_has_local &&

-@@ -358,7 +391,11 @@ static ssize_t o2nm_node_local_store(struct config_item *item, const char *page,

- 		cluster->cl_local_node = node->nd_num;

- 	}

- 

--	return count;

-+	ret = count;

-+

-+out:

-+	o2nm_unlock_subsystem();

-+	return ret;

- }

- 

- CONFIGFS_ATTR(o2nm_node_, num);

-@@ -738,6 +775,16 @@ static struct o2nm_cluster_group o2nm_cluster_group = {

- 	},

- };

- 

-+static inline void o2nm_lock_subsystem(void)

-+{

-+	mutex_lock(&o2nm_cluster_group.cs_subsys.su_mutex);

-+}

-+

-+static inline void o2nm_unlock_subsystem(void)

-+{

-+	mutex_unlock(&o2nm_cluster_group.cs_subsys.su_mutex);

-+}

-+

- int o2nm_depend_item(struct config_item *item)

- {

- 	return configfs_depend_item(&o2nm_cluster_group.cs_subsys, item);

-2.7.4

-

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-aws

-Version:        4.9.111

-Release:        5%{?kat_build:.%kat_build}%{?dist}

+Version:        4.9.114

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=4130f2b7979e04c94bef21755d413560961311a3

+%define sha1 linux=e6fd3e5317a88f945e26c85471d0152e062f2d99

 Source1:	config-aws

 Source2:	initramfs.trigger

 # common

@@ -50,14 +50,10 @@ Patch33:        vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch

 # Fixes for CVE-2018-1000026

 Patch34:        0001-net-create-skb_gso_validate_mac_len.patch

 Patch35:        0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch

-# Fix for CVE-2017-18216

-Patch37:        0001-ocfs2-subsystem.su_mutex-is-required-while-accessing.patch

 # Fix for CVE-2018-8043

 Patch38:        0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch

 # Fix for CVE-2017-18241

 Patch40:        0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch

-# Fix for CVE-2017-18224

-Patch41:        0001-ocfs2-ip_alloc_sem-should-be-taken-in-ocfs2_get_bloc.patch

 Patch42:        0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

 # Fix for CVE-2017-18232

 Patch43:        0001-scsi-libsas-direct-call-probe-and-destruct.patch

@@ -242,10 +238,8 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch33 -p1

 %patch34 -p1

 %patch35 -p1

-%patch37 -p1

 %patch38 -p1

 %patch40 -p1

-%patch41 -p1

 %patch42 -p1

 %patch43 -p1

 %patch44 -p1

@@ -477,6 +471,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/doc/*

 %changelog

+*   Mon Jul 23 2018 srinidhira0 <srinidhir@vmware.com> 4.9.114-1

+-   Update to version 4.9.114

 *   Thu Jul 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.111-5

 -   Apply out-of-tree patches needed for AppArmor.

 *   Thu Jul 17 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.111-4

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-esx

-Version:        4.9.111

-Release:        3%{?dist}

+Version:        4.9.114

+Release:        1%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=4130f2b7979e04c94bef21755d413560961311a3

+%define sha1 linux=e6fd3e5317a88f945e26c85471d0152e062f2d99

 Source1:        config-esx

 Source2:        initramfs.trigger

 # common

@@ -47,14 +47,10 @@ Patch33:        vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch

 # Fixes for CVE-2018-1000026

 Patch34:        0001-net-create-skb_gso_validate_mac_len.patch

 Patch35:        0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch

-# Fix for CVE-2017-18216

-Patch37:        0001-ocfs2-subsystem.su_mutex-is-required-while-accessing.patch

 # Fix for CVE-2018-8043

 Patch38:        0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch

 # Fix for CVE-2017-18241

 Patch40:        0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch

-# Fix for CVE-2017-18224

-Patch41:        0001-ocfs2-ip_alloc_sem-should-be-taken-in-ocfs2_get_bloc.patch

 Patch42:        0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

 # Fix for CVE-2017-18232

 Patch43:        0001-scsi-libsas-direct-call-probe-and-destruct.patch

@@ -152,10 +148,8 @@ The Linux package contains the Linux kernel doc files

 %patch33 -p1

 %patch34 -p1

 %patch35 -p1

-%patch37 -p1

 %patch38 -p1

 %patch40 -p1

-%patch41 -p1

 %patch42 -p1

 %patch43 -p1

 %patch44 -p1

@@ -275,6 +269,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Jul 23 2018 srinidhira0 <srinidhir@vmware.com> 4.9.114-1

+-   Update to version 4.9.114

 *   Thu Jul 17 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.111-3

 -   Fix CVE-2018-10322

 *   Thu Jul 12 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.111-2

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-secure

-Version:        4.9.111

-Release:        4%{?kat_build:.%kat_build}%{?dist}

+Version:        4.9.114

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=4130f2b7979e04c94bef21755d413560961311a3

+%define sha1 linux=e6fd3e5317a88f945e26c85471d0152e062f2d99

 Source1:        config-secure

 Source2:        aufs4.9.tar.gz

 %define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906

@@ -56,14 +56,10 @@ Patch35:        vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch

 # Fixes for CVE-2018-1000026

 Patch36:        0001-net-create-skb_gso_validate_mac_len.patch

 Patch37:        0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch

-# Fix for CVE-2017-18216

-Patch39:        0001-ocfs2-subsystem.su_mutex-is-required-while-accessing.patch

 # Fix for CVE-2018-8043

 Patch40:        0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch

 # Fix for CVE-2017-18241

 Patch42:        0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch

-# Fix for CVE-2017-18224

-Patch43:        0001-ocfs2-ip_alloc_sem-should-be-taken-in-ocfs2_get_bloc.patch

 Patch44:        0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

 # Fix for CVE-2017-18232

 Patch45:        0001-scsi-libsas-direct-call-probe-and-destruct.patch

@@ -208,10 +204,8 @@ EOF

 %patch35 -p1

 %patch36 -p1

 %patch37 -p1

-%patch39 -p1

 %patch40 -p1

 %patch42 -p1

-%patch43 -p1

 %patch44 -p1

 %patch45 -p1

 %patch46 -p1

@@ -370,6 +364,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Jul 23 2018 srinidhira0 <srinidhir@vmware.com> 4.9.114-1

+-   Update to version 4.9.114

 *   Thu Jul 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.111-4

 -   Apply out-of-tree patches needed for AppArmor.

 *   Thu Jul 17 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.111-3

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:        4.9.111

-Release:        5%{?kat_build:.%kat_build}%{?dist}

+Version:        4.9.114

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=4130f2b7979e04c94bef21755d413560961311a3

+%define sha1 linux=e6fd3e5317a88f945e26c85471d0152e062f2d99

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.1.3

@@ -54,14 +54,11 @@ Patch33:        vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch

 # Fixes for CVE-2018-1000026

 Patch34:        0001-net-create-skb_gso_validate_mac_len.patch

 Patch35:        0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch

-# Fix for CVE-2017-18216

-Patch37:        0001-ocfs2-subsystem.su_mutex-is-required-while-accessing.patch

 # Fix for CVE-2018-8043

 Patch38:        0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch

 # Fix for CVE-2017-18241

 Patch40:        0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch

-# Fix for CVE-2017-18224

-Patch41:        0001-ocfs2-ip_alloc_sem-should-be-taken-in-ocfs2_get_bloc.patch

+

 Patch42:        0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

 # Fix for CVE-2017-18232

 Patch43:        0001-scsi-libsas-direct-call-probe-and-destruct.patch

@@ -200,10 +197,8 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch33 -p1

 %patch34 -p1

 %patch35 -p1

-%patch37 -p1

 %patch38 -p1

 %patch40 -p1

-%patch41 -p1

 %patch42 -p1

 %patch43 -p1

 %patch44 -p1

@@ -397,6 +392,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/doc/*

 %changelog

+*   Mon Jul 23 2018 srinidhira0 <srinidhir@vmware.com> 4.9.114-1

+-   Update to version 4.9.114

 *   Thu Jul 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.111-5

 -   Apply out-of-tree patches needed for AppArmor.

 *   Thu Jul 17 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.111-4