@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.4.157

+Version:	4.4.161

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=6ba64a589f986cc8353794e5ead36892e5da7a40

+%define sha1 linux=9f1c41d4863a5322a0b2e3f527c96637b30c2cd0

 BuildArch:	noarch

 # From SPECS/linux and used by linux-esx only

 # It provides f*xattrat syscalls

@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Mon Oct 15 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.161-1

+-   Update to version 4.4.161

 *   Mon Sep 24 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.157-1

 -   Update to version 4.4.157

 *   Tue Sep 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.153-1

deleted file mode 100644

@@ -1,51 +0,0 @@

-From 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef Mon Sep 17 00:00:00 2001

-From: Thomas Gleixner <tglx@linutronix.de>

-Date: Mon, 2 Jul 2018 09:34:29 +0200

-Subject: [PATCH] alarmtimer: Prevent overflow for relative nanosleep

-

-commit 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef upstream.

-

-Air Icy reported:

-

-  UBSAN: Undefined behaviour in kernel/time/alarmtimer.c:811:7

-  signed integer overflow:

-  1529859276030040771 + 9223372036854775807 cannot be represented in type 'long long int'

-  Call Trace:

-   alarm_timer_nsleep+0x44c/0x510 kernel/time/alarmtimer.c:811

-   __do_sys_clock_nanosleep kernel/time/posix-timers.c:1235 [inline]

-   __se_sys_clock_nanosleep kernel/time/posix-timers.c:1213 [inline]

-   __x64_sys_clock_nanosleep+0x326/0x4e0 kernel/time/posix-timers.c:1213

-   do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290

-

-alarm_timer_nsleep() uses ktime_add() to add the current time and the

-relative expiry value. ktime_add() has no sanity checks so the addition

-can overflow when the relative timeout is large enough.

-

-Use ktime_add_safe() which has the necessary sanity checks in place and

-limits the result to the valid range.

-

-Fixes: 9a7adcf5c6de ("timers: Posix interface for alarm-timers")

-Reported-by: Team OWL337 <icytxw@gmail.com>

-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

-Cc: John Stultz <john.stultz@linaro.org>

-Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1807020926360.1595@nanos.tec.linutronix.de

-[ Srivatsa: Backported to 4.4.y ]

-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

- kernel/time/alarmtimer.c | 3 ++-

- 1 file changed, 2 insertions(+), 1 deletion(-)

-

-diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c

-index 6fcc367..e78480b 100644

-+++ b/kernel/time/alarmtimer.c

-@@ -773,7 +773,8 @@ static int alarm_timer_nsleep(const clockid_t which_clock, int flags,

- 	/* Convert (if necessary) to absolute time */

- 	if (flags != TIMER_ABSTIME) {

- 		ktime_t now = alarm_bases[type].gettime();

--		exp = ktime_add(now, exp);

-+

-+		exp = ktime_add_safe(now, exp);

- 	}

- 

- 	if (alarmtimer_do_nsleep(&alarm, exp))

deleted file mode 100644

@@ -1,53 +0,0 @@

-From b1c76346e194bf9390efec9bc00088650c2552e9 Mon Sep 17 00:00:00 2001

-From: Theodore Ts'o <tytso@mit.edu>

-Date: Wed, 13 Jun 2018 00:51:28 -0400

-Subject: [PATCH 2/2] ext4: always verify the magic number in xattr blocks

-

-commit 513f86d73855ce556ea9522b6bfd79f87356dc3a upstream.

-

-If there an inode points to a block which is also some other type of

-metadata block (such as a block allocation bitmap), the

-buffer_verified flag can be set when it was validated as that other

-metadata block type; however, it would make a really terrible external

-attribute block.  The reason why we use the verified flag is to avoid

-constantly reverifying the block.  However, it doesn't take much

-overhead to make sure the magic number of the xattr block is correct,

-and this will avoid potential crashes.

-

-This addresses CVE-2018-10879.

-

-https://bugzilla.kernel.org/show_bug.cgi?id=200001

-

-Signed-off-by: Theodore Ts'o <tytso@mit.edu>

-Reviewed-by: Andreas Dilger <adilger@dilger.ca>

-Cc: stable@kernel.org

-[ Srivatsa: Backported to 4.4.y ]

-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

- fs/ext4/xattr.c | 7 ++++---

- 1 file changed, 4 insertions(+), 3 deletions(-)

-

-diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c

-index eff07b9..7293f0b 100644

-+++ b/fs/ext4/xattr.c

-@@ -220,12 +220,13 @@ ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh)

- {

- 	int error;

- 

--	if (buffer_verified(bh))

--		return 0;

--

- 	if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||

- 	    BHDR(bh)->h_blocks != cpu_to_le32(1))

- 		return -EFSCORRUPTED;

-+

-+	if (buffer_verified(bh))

-+		return 0;

-+

- 	if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh)))

- 		return -EFSBADCRC;

- 	error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size,

-2.7.4

-

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:       Kernel

 Name:          linux-esx

-Version:       4.4.157

+Version:       4.4.161

 Release:       1%{?dist}

 License:       GPLv2

 URL:           http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:         System Environment/Kernel

 Vendor:        VMware, Inc.

 Distribution:  Photon

 Source0:       http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=6ba64a589f986cc8353794e5ead36892e5da7a40

+%define sha1 linux=9f1c41d4863a5322a0b2e3f527c96637b30c2cd0

 Source1:       config-esx

 Patch0:        double-tcp_mem-limits.patch

 Patch1:        linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch

@@ -62,11 +62,8 @@ Patch45:        0005-xfs-sanity-check-inode-di_mode.patch

 Patch46:        0006-xfs-verify-dinode-header-first.patch

 Patch47:        0007-xfs-move-inode-fork-verifiers-to-xfs_dinode_verify.patch

 Patch48:        0008-xfs-enhance-dinode-verifier.patch

-# Fix for CVE-2018-13053

-Patch49:        0001-alarmtimer-Prevent-overflow-for-relative-nanosleep.patch

 # Fix for CVE-2018-10879

 Patch50:        0001-ext4-add-corruption-check-in-ext4_xattr_set_entry.patch

-Patch51:        0002-ext4-always-verify-the-magic-number-in-xattr-blocks.patch

 # For Spectre

 Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch

@@ -150,9 +147,7 @@ The Linux package contains the Linux kernel doc files

 %patch46 -p1

 %patch47 -p1

 %patch48 -p1

-%patch49 -p1

 %patch50 -p1

-%patch51 -p1

 %patch67 -p1

@@ -243,6 +238,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Oct 15 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.161-1

+-   Update to version 4.4.161

 *   Mon Sep 24 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.157-1

 -   Update to version 4.4.157 and fix CVE-2018-10879

 *   Tue Sep 18 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.153-3

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:    	4.4.157

+Version:    	4.4.161

 Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz

-%define sha1 linux=6ba64a589f986cc8353794e5ead36892e5da7a40

+%define sha1 linux=9f1c41d4863a5322a0b2e3f527c96637b30c2cd0

 Source1:	config

 %define ena_version 1.1.3

 Source2:    	https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz

@@ -62,11 +62,8 @@ Patch38:        0005-xfs-sanity-check-inode-di_mode.patch

 Patch39:        0006-xfs-verify-dinode-header-first.patch

 Patch40:        0007-xfs-move-inode-fork-verifiers-to-xfs_dinode_verify.patch

 Patch41:        0008-xfs-enhance-dinode-verifier.patch

-# Fix for CVE-2018-13053

-Patch42:        0001-alarmtimer-Prevent-overflow-for-relative-nanosleep.patch

 # Fix for CVE-2018-10879

 Patch43:        0001-ext4-add-corruption-check-in-ext4_xattr_set_entry.patch

-Patch44:        0002-ext4-always-verify-the-magic-number-in-xattr-blocks.patch

 # For Spectre

 Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch

@@ -183,9 +180,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch39 -p1

 %patch40 -p1

 %patch41 -p1

-%patch42 -p1

 %patch43 -p1

-%patch44 -p1

 %patch67 -p1

@@ -344,6 +339,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/perf-core

 %changelog

+*   Mon Oct 15 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.161-1

+-   Update to version 4.4.161

 *   Mon Sep 24 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.157-1

 -   Update to version 4.4.157 and fix CVE-2018-10879

 *   Tue Sep 18 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.153-3