Extras for all kernels:
fix CVE-2017-7487 and CVE-2017-9059
Change-Id: I0c29decf94d29dc53661f3949f286d452c37b278
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/2809
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.9.28 |
|
3 |
+Version: 4.9.30 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=58ca565d0675f518465220b8b2515b10c779c426 |
|
11 |
+%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
%description |
14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
25 | 25 |
%defattr(-,root,root) |
26 | 26 |
%{_includedir}/* |
27 | 27 |
%changelog |
28 |
+* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
|
29 |
+- Version update |
|
28 | 30 |
* Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1 |
29 | 31 |
- Version update |
30 | 32 |
* Wed May 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.27-1 |
... | ... |
@@ -12661,8 +12661,8 @@ index c2d2895..76324ed 100644 |
12661 | 12661 |
{ |
12662 | 12662 |
+ struct nfsd4_getdeviceinfo *gdev = _gdev; |
12663 | 12663 |
struct xdr_stream *xdr = &resp->xdr; |
12664 |
- const struct nfsd4_layout_ops *ops = |
|
12665 |
- nfsd4_layout_ops[gdev->gd_layout_type]; |
|
12664 |
+ const struct nfsd4_layout_ops *ops; |
|
12665 |
+ u32 starting_len = xdr->buf->len, needed_len; |
|
12666 | 12666 |
@@ -4147,9 +4228,9 @@ nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr, |
12667 | 12667 |
} |
12668 | 12668 |
|
... | ... |
@@ -12673,8 +12673,8 @@ index c2d2895..76324ed 100644 |
12673 | 12673 |
{ |
12674 | 12674 |
+ struct nfsd4_layoutget *lgp = _lgp; |
12675 | 12675 |
struct xdr_stream *xdr = &resp->xdr; |
12676 |
- const struct nfsd4_layout_ops *ops = |
|
12677 |
- nfsd4_layout_ops[lgp->lg_layout_type]; |
|
12676 |
+ const struct nfsd4_layout_ops *ops; |
|
12677 |
+ __be32 *p; |
|
12678 | 12678 |
@@ -4182,9 +4263,9 @@ nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr, |
12679 | 12679 |
} |
12680 | 12680 |
|
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.9.28 |
|
5 |
-Release: 2%{?dist} |
|
4 |
+Version: 4.9.30 |
|
5 |
+Release: 1%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=58ca565d0675f518465220b8b2515b10c779c426 |
|
12 |
+%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -189,6 +189,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
189 | 189 |
/usr/src/linux-headers-%{uname_r} |
190 | 190 |
|
191 | 191 |
%changelog |
192 |
+* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
|
193 |
+- Fix CVE-2017-7487 and CVE-2017-9059 |
|
192 | 194 |
* Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2 |
193 | 195 |
- Enable IPVLAN module. |
194 | 196 |
* Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1 |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 |
-Version: 4.9.28 |
|
5 |
-Release: 2%{?dist} |
|
4 |
+Version: 4.9.30 |
|
5 |
+Release: 1%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=58ca565d0675f518465220b8b2515b10c779c426 |
|
12 |
+%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
13 | 13 |
Source1: config-secure |
14 | 14 |
Source2: aufs4.9.tar.gz |
15 | 15 |
Source3: initramfs.trigger |
... | ... |
@@ -228,6 +228,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
228 | 228 |
/usr/src/linux-headers-%{uname_r} |
229 | 229 |
|
230 | 230 |
%changelog |
231 |
+* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
|
232 |
+- Fix CVE-2017-7487 and CVE-2017-9059 |
|
231 | 233 |
* Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2 |
232 | 234 |
- Enable IPVLAN module. |
233 | 235 |
* Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1 |
... | ... |
@@ -1,17 +1,20 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.9.28 |
|
5 |
-Release: 2%{?dist} |
|
4 |
+Version: 4.9.30 |
|
5 |
+Release: 1%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=58ca565d0675f518465220b8b2515b10c779c426 |
|
12 |
+%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
13 | 13 |
Source1: config |
14 | 14 |
Source2: initramfs.trigger |
15 |
+%define ena_version 1.1.3 |
|
16 |
+Source3: https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz |
|
17 |
+%define sha1 ena_linux=84138e8d7eb230b45cb53835edf03ca08043d471 |
|
15 | 18 |
# common |
16 | 19 |
Patch0: x86-vmware-read-tsc_khz-only-once-at-boot-time.patch |
17 | 20 |
Patch1: x86-vmware-use-tsc_khz-value-for-calibrate_cpu.patch |
... | ... |
@@ -91,6 +94,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
91 | 91 |
|
92 | 92 |
%prep |
93 | 93 |
%setup -q -n linux-%{version} |
94 |
+%setup -D -b 3 -n linux-%{version} |
|
94 | 95 |
%patch0 -p1 |
95 | 96 |
%patch1 -p1 |
96 | 97 |
%patch2 -p1 |
... | ... |
@@ -112,6 +116,11 @@ sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{release}"/' .config |
112 | 112 |
make LC_ALL= oldconfig |
113 | 113 |
make VERBOSE=1 KBUILD_BUILD_VERSION="1-photon" KBUILD_BUILD_HOST="photon" ARCH="x86_64" %{?_smp_mflags} |
114 | 114 |
make -C tools perf |
115 |
+# build ENA module |
|
116 |
+bldroot=`pwd` |
|
117 |
+pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena |
|
118 |
+make -C $bldroot M=`pwd` VERBOSE=1 modules %{?_smp_mflags} |
|
119 |
+popd |
|
115 | 120 |
|
116 | 121 |
%define __modules_install_post \ |
117 | 122 |
find %{buildroot}/lib/modules/%{uname_r} -name *.ko | xargs xz \ |
... | ... |
@@ -134,6 +143,11 @@ install -vdm 755 %{buildroot}/etc/modprobe.d |
134 | 134 |
install -vdm 755 %{buildroot}/usr/src/%{name}-headers-%{uname_r} |
135 | 135 |
install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r} |
136 | 136 |
make INSTALL_MOD_PATH=%{buildroot} modules_install |
137 |
+# install ENA module |
|
138 |
+bldroot=`pwd` |
|
139 |
+pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena |
|
140 |
+make -C $bldroot M=`pwd` INSTALL_MOD_PATH=%{buildroot} modules_install |
|
141 |
+popd |
|
137 | 142 |
|
138 | 143 |
# Verify for build-id match |
139 | 144 |
# We observe different IDs sometimes |
... | ... |
@@ -253,6 +267,9 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
253 | 253 |
/usr/share/doc/* |
254 | 254 |
|
255 | 255 |
%changelog |
256 |
+* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
|
257 |
+- Added ENA driver for AMI |
|
258 |
+- Fix CVE-2017-7487 and CVE-2017-9059 |
|
256 | 259 |
* Wed May 17 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.9.28-2 |
257 | 260 |
- Enable IPVLAN module. |
258 | 261 |
* Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1 |