@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.19.32

+Version:	4.19.40

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=b5267a7e170d2ac0dd51f14c65a4832eb379fb19

+%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

 BuildArch:	noarch

 %description

 The Linux API Headers expose the kernel's API for use by Glibc.

@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1

+-   Update to version 4.19.40

 *   Wed Mar 27 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-1

 -   Update to version 4.19.32

 *   Thu Mar 14 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.29-1

deleted file mode 100644

@@ -1,305 +0,0 @@

-From 84c4e1f89fefe70554da0ab33be72c9be7994379 Mon Sep 17 00:00:00 2001

-From: Linus Torvalds <torvalds@linux-foundation.org>

-Date: Sun, 3 Mar 2019 14:23:33 -0800

-Subject: aio: simplify - and fix - fget/fput for io_submit()

-

-commit 84c4e1f89fefe70554da0ab33be72c9be7994379 upstream.

-

-Al Viro root-caused a race where the IOCB_CMD_POLL handling of

-fget/fput() could cause us to access the file pointer after it had

-already been freed:

-

- "In more details - normally IOCB_CMD_POLL handling looks so:

-

-   1) io_submit(2) allocates aio_kiocb instance and passes it to

-      aio_poll()

-

-   2) aio_poll() resolves the descriptor to struct file by req->file =

-      fget(iocb->aio_fildes)

-

-   3) aio_poll() sets ->woken to false and raises ->ki_refcnt of that

-      aio_kiocb to 2 (bumps by 1, that is).

-

-   4) aio_poll() calls vfs_poll(). After sanity checks (basically,

-      "poll_wait() had been called and only once") it locks the queue.

-      That's what the extra reference to iocb had been for - we know we

-      can safely access it.

-

-   5) With queue locked, we check if ->woken has already been set to

-      true (by aio_poll_wake()) and, if it had been, we unlock the

-      queue, drop a reference to aio_kiocb and bugger off - at that

-      point it's a responsibility to aio_poll_wake() and the stuff

-      called/scheduled by it. That code will drop the reference to file

-      in req->file, along with the other reference to our aio_kiocb.

-

-   6) otherwise, we see whether we need to wait. If we do, we unlock the

-      queue, drop one reference to aio_kiocb and go away - eventual

-      wakeup (or cancel) will deal with the reference to file and with

-      the other reference to aio_kiocb

-

-   7) otherwise we remove ourselves from waitqueue (still under the

-      queue lock), so that wakeup won't get us. No async activity will

-      be happening, so we can safely drop req->file and iocb ourselves.

-

-  If wakeup happens while we are in vfs_poll(), we are fine - aio_kiocb

-  won't get freed under us, so we can do all the checks and locking

-  safely. And we don't touch ->file if we detect that case.

-

-  However, vfs_poll() most certainly *does* touch the file it had been

-  given. So wakeup coming while we are still in ->poll() might end up

-  doing fput() on that file. That case is not too rare, and usually we

-  are saved by the still present reference from descriptor table - that

-  fput() is not the final one.

-

-  But if another thread closes that descriptor right after our fget()

-  and wakeup does happen before ->poll() returns, we are in trouble -

-  final fput() done while we are in the middle of a method:

-

-Al also wrote a patch to take an extra reference to the file descriptor

-to fix this, but I instead suggested we just streamline the whole file

-pointer handling by submit_io() so that the generic aio submission code

-simply keeps the file pointer around until the aio has completed.

-

-Fixes: bfe4037e722e ("aio: implement IOCB_CMD_POLL")

-Acked-by: Al Viro <viro@zeniv.linux.org.uk>

-Reported-by: syzbot+503d4cc169fcec1cb18c@syzkaller.appspotmail.com

-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

-[ Srivatsa: Fixed accessing aio_fildes within iocb. ]

-Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

-

- fs/aio.c           | 67 ++++++++++++++++++++++--------------------------------

- include/linux/fs.h |  8 ++++++-

- 2 files changed, 34 insertions(+), 41 deletions(-)

-

-diff --git a/fs/aio.c b/fs/aio.c

-index 45d5ef8..014d692 100644

-+++ b/fs/aio.c

-@@ -161,9 +161,13 @@ struct kioctx {

- 	unsigned		id;

- };

- 

-+/*

-+ * First field must be the file pointer in all the

-+ * iocb unions! See also 'struct kiocb' in <linux/fs.h>

-+ */

- struct fsync_iocb {

--	struct work_struct	work;

- 	struct file		*file;

-+	struct work_struct	work;

- 	bool			datasync;

- };

- 

-@@ -177,8 +181,15 @@ struct poll_iocb {

- 	struct work_struct	work;

- };

- 

-+/*

-+ * NOTE! Each of the iocb union members has the file pointer

-+ * as the first entry in their struct definition. So you can

-+ * access the file pointer through any of the sub-structs,

-+ * or directly as just 'ki_filp' in this struct.

-+ */

- struct aio_kiocb {

- 	union {

-+		struct file		*ki_filp;

- 		struct kiocb		rw;

- 		struct fsync_iocb	fsync;

- 		struct poll_iocb	poll;

-@@ -1054,6 +1065,8 @@ static inline void iocb_put(struct aio_kiocb *iocb)

- {

- 	if (refcount_read(&iocb->ki_refcnt) == 0 ||

- 	    refcount_dec_and_test(&iocb->ki_refcnt)) {

-+		if (iocb->ki_filp)

-+			fput(iocb->ki_filp);

- 		percpu_ref_put(&iocb->ki_ctx->reqs);

- 		kmem_cache_free(kiocb_cachep, iocb);

- 	}

-@@ -1412,7 +1425,6 @@ static void aio_complete_rw(struct kiocb *kiocb, long res, long res2)

- 		file_end_write(kiocb->ki_filp);

- 	}

- 

--	fput(kiocb->ki_filp);

- 	aio_complete(iocb, res, res2);

- }

- 

-@@ -1420,9 +1432,6 @@ static int aio_prep_rw(struct kiocb *req, struct iocb *iocb)

- {

- 	int ret;

- 

--	req->ki_filp = fget(iocb->aio_fildes);

--	if (unlikely(!req->ki_filp))

--		return -EBADF;

- 	req->ki_complete = aio_complete_rw;

- 	req->ki_pos = iocb->aio_offset;

- 	req->ki_flags = iocb_flags(req->ki_filp);

-@@ -1438,7 +1447,6 @@ static int aio_prep_rw(struct kiocb *req, struct iocb *iocb)

- 		ret = ioprio_check_cap(iocb->aio_reqprio);

- 		if (ret) {

- 			pr_debug("aio ioprio check cap error: %d\n", ret);

--			fput(req->ki_filp);

- 			return ret;

- 		}

- 

-@@ -1447,8 +1455,6 @@ static int aio_prep_rw(struct kiocb *req, struct iocb *iocb)

- 		req->ki_ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, 0);

- 

- 	ret = kiocb_set_rw_flags(req, iocb->aio_rw_flags);

--	if (unlikely(ret))

--		fput(req->ki_filp);

- 	return ret;

- }

- 

-@@ -1503,24 +1509,19 @@ static ssize_t aio_read(struct kiocb *req, struct iocb *iocb, bool vectored,

- 	if (ret)

- 		return ret;

- 	file = req->ki_filp;

--

--	ret = -EBADF;

- 	if (unlikely(!(file->f_mode & FMODE_READ)))

--		goto out_fput;

-+		return -EBADF;

- 	ret = -EINVAL;

- 	if (unlikely(!file->f_op->read_iter))

--		goto out_fput;

-+		return -EINVAL;

- 

- 	ret = aio_setup_rw(READ, iocb, &iovec, vectored, compat, &iter);

- 	if (ret)

--		goto out_fput;

-+		return ret;

- 	ret = rw_verify_area(READ, file, &req->ki_pos, iov_iter_count(&iter));

- 	if (!ret)

- 		aio_rw_done(req, call_read_iter(file, req, &iter));

- 	kfree(iovec);

--out_fput:

--	if (unlikely(ret))

--		fput(file);

- 	return ret;

- }

- 

-@@ -1537,16 +1538,14 @@ static ssize_t aio_write(struct kiocb *req, struct iocb *iocb, bool vectored,

- 		return ret;

- 	file = req->ki_filp;

- 

--	ret = -EBADF;

- 	if (unlikely(!(file->f_mode & FMODE_WRITE)))

--		goto out_fput;

--	ret = -EINVAL;

-+		return -EBADF;

- 	if (unlikely(!file->f_op->write_iter))

--		goto out_fput;

-+		return -EINVAL;

- 

- 	ret = aio_setup_rw(WRITE, iocb, &iovec, vectored, compat, &iter);

- 	if (ret)

--		goto out_fput;

-+		return ret;

- 	ret = rw_verify_area(WRITE, file, &req->ki_pos, iov_iter_count(&iter));

- 	if (!ret) {

- 		/*

-@@ -1564,9 +1563,6 @@ static ssize_t aio_write(struct kiocb *req, struct iocb *iocb, bool vectored,

- 		aio_rw_done(req, call_write_iter(file, req, &iter));

- 	}

- 	kfree(iovec);

--out_fput:

--	if (unlikely(ret))

--		fput(file);

- 	return ret;

- }

- 

-@@ -1576,7 +1572,6 @@ static void aio_fsync_work(struct work_struct *work)

- 	int ret;

- 

- 	ret = vfs_fsync(req->file, req->datasync);

--	fput(req->file);

- 	aio_complete(container_of(req, struct aio_kiocb, fsync), ret, 0);

- }

- 

-@@ -1586,13 +1581,8 @@ static int aio_fsync(struct fsync_iocb *req, struct iocb *iocb, bool datasync)

- 			iocb->aio_rw_flags))

- 		return -EINVAL;

- 

--	req->file = fget(iocb->aio_fildes);

--	if (unlikely(!req->file))

--		return -EBADF;

--	if (unlikely(!req->file->f_op->fsync)) {

--		fput(req->file);

-+	if (unlikely(!req->file->f_op->fsync))

- 		return -EINVAL;

--	}

- 

- 	req->datasync = datasync;

- 	INIT_WORK(&req->work, aio_fsync_work);

-@@ -1602,10 +1592,7 @@ static int aio_fsync(struct fsync_iocb *req, struct iocb *iocb, bool datasync)

- 

- static inline void aio_poll_complete(struct aio_kiocb *iocb, __poll_t mask)

- {

--	struct file *file = iocb->poll.file;

--

- 	aio_complete(iocb, mangle_poll(mask), 0);

--	fput(file);

- }

- 

- static void aio_poll_complete_work(struct work_struct *work)

-@@ -1730,9 +1717,6 @@ static ssize_t aio_poll(struct aio_kiocb *aiocb, struct iocb *iocb)

- 

- 	INIT_WORK(&req->work, aio_poll_complete_work);

- 	req->events = demangle_poll(iocb->aio_buf) | EPOLLERR | EPOLLHUP;

--	req->file = fget(iocb->aio_fildes);

--	if (unlikely(!req->file))

--		return -EBADF;

- 

- 	apt.pt._qproc = aio_poll_queue_proc;

- 	apt.pt._key = req->events;

-@@ -1771,10 +1755,8 @@ static ssize_t aio_poll(struct aio_kiocb *aiocb, struct iocb *iocb)

- 	spin_unlock_irq(&ctx->ctx_lock);

- 

- out:

--	if (unlikely(apt.error)) {

--		fput(req->file);

-+	if (unlikely(apt.error))

- 		return apt.error;

--	}

- 

- 	if (mask)

- 		aio_poll_complete(aiocb, mask);

-@@ -1812,6 +1794,11 @@ static int io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,

- 	if (unlikely(!req))

- 		return -EAGAIN;

- 

-+	req->ki_filp = fget(iocb.aio_fildes);

-+	ret = -EBADF;

-+	if (unlikely(!req->ki_filp))

-+		goto out_put_req;

-+

- 	if (iocb.aio_flags & IOCB_FLAG_RESFD) {

- 		/*

- 		 * If the IOCB_FLAG_RESFD flag of aio_flags is set, get an

-diff --git a/include/linux/fs.h b/include/linux/fs.h

-index 7b60848..111c94c 100644

-+++ b/include/linux/fs.h

-@@ -304,13 +304,19 @@ enum rw_hint {

- 

- struct kiocb {

- 	struct file		*ki_filp;

-+

-+	/* The 'ki_filp' pointer is shared in a union for aio */

-+	randomized_struct_fields_start

-+

- 	loff_t			ki_pos;

- 	void (*ki_complete)(struct kiocb *iocb, long ret, long ret2);

- 	void			*private;

- 	int			ki_flags;

- 	u16			ki_hint;

- 	u16			ki_ioprio; /* See linux/ioprio.h */

--} __randomize_layout;

-+

-+	randomized_struct_fields_end

-+};

- 

- static inline bool is_sync_kiocb(struct kiocb *kiocb)

- {

@@ -2758,6 +2758,7 @@ CONFIG_UNIX98_PTYS=y

 # CONFIG_NOZOMI is not set

 # CONFIG_N_GSM is not set

 # CONFIG_TRACE_SINK is not set

+CONFIG_LDISC_AUTOLOAD=y

 CONFIG_DEVMEM=y

 # CONFIG_DEVKMEM is not set

@@ -4592,6 +4593,7 @@ CONFIG_INTEL_PUNIT_IPC=m

 # CONFIG_MLX_PLATFORM is not set

 # CONFIG_INTEL_TURBO_MAX_3 is not set

 # CONFIG_I2C_MULTI_INSTANTIATE is not set

+# CONFIG_INTEL_ATOMISP2_PM is not set

 CONFIG_PMC_ATOM=y

 # CONFIG_CHROME_PLATFORMS is not set

 # CONFIG_MELLANOX_PLATFORM is not set

@@ -2411,6 +2411,7 @@ CONFIG_UNIX98_PTYS=y

 # CONFIG_NOZOMI is not set

 # CONFIG_N_GSM is not set

 # CONFIG_TRACE_SINK is not set

+CONFIG_LDISC_AUTOLOAD=y

 CONFIG_DEVMEM=y

 # CONFIG_DEVKMEM is not set

@@ -3611,6 +3612,7 @@ CONFIG_MXM_WMI=m

 # CONFIG_MLX_PLATFORM is not set

 # CONFIG_INTEL_TURBO_MAX_3 is not set

 # CONFIG_I2C_MULTI_INSTANTIATE is not set

+# CONFIG_INTEL_ATOMISP2_PM is not set

 CONFIG_PMC_ATOM=y

 # CONFIG_CHROME_PLATFORMS is not set

 # CONFIG_MELLANOX_PLATFORM is not set

@@ -2020,6 +2020,7 @@ CONFIG_UNIX98_PTYS=y

 # CONFIG_NOZOMI is not set

 # CONFIG_N_GSM is not set

 # CONFIG_TRACE_SINK is not set

+CONFIG_LDISC_AUTOLOAD=y

 # CONFIG_DEVMEM is not set

 # CONFIG_DEVKMEM is not set

@@ -2529,6 +2529,7 @@ CONFIG_UNIX98_PTYS=y

 # CONFIG_NOZOMI is not set

 # CONFIG_N_GSM is not set

 # CONFIG_TRACE_SINK is not set

+CONFIG_LDISC_AUTOLOAD=y

 # CONFIG_DEVMEM is not set

 # CONFIG_DEVKMEM is not set

@@ -3955,6 +3956,7 @@ CONFIG_PVPANIC=m

 # CONFIG_MLX_PLATFORM is not set

 # CONFIG_INTEL_TURBO_MAX_3 is not set

 # CONFIG_I2C_MULTI_INSTANTIATE is not set

+# CONFIG_INTEL_ATOMISP2_PM is not set

 CONFIG_PMC_ATOM=y

 # CONFIG_CHROME_PLATFORMS is not set

 # CONFIG_MELLANOX_PLATFORM is not set

@@ -2664,6 +2664,7 @@ CONFIG_UNIX98_PTYS=y

 # CONFIG_NOZOMI is not set

 # CONFIG_N_GSM is not set

 # CONFIG_TRACE_SINK is not set

+CONFIG_LDISC_AUTOLOAD=y

 CONFIG_DEVMEM=y

 #

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-aws

-Version:        4.19.32

-Release:        2%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.40

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=b5267a7e170d2ac0dd51f14c65a4832eb379fb19

+%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

 Source1:	config-aws

 Source2:	initramfs.trigger

 # common

@@ -36,9 +36,6 @@ Patch30:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch31:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 # RDRAND-based RNG driver to enhance the kernel's entropy pool:

 Patch32:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

-# Fix CVE-2019-10125

-Patch33:        0001-aio-simplify-and-fix-fget-fput-for-io_submit.patch

-

 # Amazon AWS

 Patch101: 0002-watchdog-Disable-watchdog-on-virtual-machines.patch

@@ -156,7 +153,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch30 -p1

 %patch31 -p1

 %patch32 -p1

-%patch33 -p1

 %patch101 -p1

 %patch102 -p1

@@ -361,6 +357,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %{_libdir}/perf/include/bpf/*

 %changelog

+*   Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1

+-   Update to version 4.19.40

 *   Fri Mar 29 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-2

 -   Fix CVE-2019-10125

 *   Wed Mar 27 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-esx

-Version:        4.19.32

-Release:        3%{?dist}

+Version:        4.19.40

+Release:        1%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=b5267a7e170d2ac0dd51f14c65a4832eb379fb19

+%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

 Source1:        config-esx

 Source2:        initramfs.trigger

 # common

@@ -40,8 +40,6 @@ Patch25:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.p

 Patch26:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch

 Patch27:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch28:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

-# Fix CVE-2019-10125

-Patch29:        0001-aio-simplify-and-fix-fget-fput-for-io_submit.patch

 BuildArch:     x86_64

 BuildRequires: bc

@@ -100,7 +98,6 @@ The Linux package contains the Linux kernel doc files

 %patch26 -p1

 %patch27 -p1

 %patch28 -p1

-%patch29 -p1

 %build

 # patch vmw_balloon driver

@@ -197,6 +194,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1

+-   Update to version 4.19.40

 *   Fri May 03 2019 Ajay Kaher <akaher@vmware.com> 4.19.32-3

 -   Enable SELinux kernel config

 *   Fri Mar 29 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-2

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-secure

-Version:        4.19.32

-Release:        2%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.40

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=b5267a7e170d2ac0dd51f14c65a4832eb379fb19

+%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

 Source1:        config-secure

 Source2:        initramfs.trigger

 # common

@@ -39,9 +39,6 @@ Patch33:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch34:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 # RDRAND-based RNG driver to enhance the kernel's entropy pool:

 Patch35:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

-# Fix CVE-2019-10125

-Patch36:        0001-aio-simplify-and-fix-fget-fput-for-io_submit.patch

-

 # NSX requirements (should be removed)

 Patch99:        LKCM.patch

@@ -112,7 +109,6 @@ The Linux package contains the Linux kernel doc files

 %patch33 -p1

 %patch34 -p1

 %patch35 -p1

-%patch36 -p1

 pushd ..

 %patch99 -p0

@@ -240,6 +236,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1

+-   Update to version 4.19.40

 *   Fri Mar 29 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-2

 -   Fix CVE-2019-10125

 *   Wed Mar 27 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:        4.19.32

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.40

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=b5267a7e170d2ac0dd51f14c65a4832eb379fb19

+%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.6.0

@@ -44,8 +44,6 @@ Patch30:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch31:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 # RDRAND-based RNG driver to enhance the kernel's entropy pool:

 Patch32:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

-# Fix CVE-2019-10125

-Patch33:        0001-aio-simplify-and-fix-fget-fput-for-io_submit.patch

 %ifarch aarch64

 # NXP LS1012a FRWY patches

@@ -183,7 +181,6 @@ Kernel Device Tree Blob files for NXP ls1012a FRWY board

 %patch30 -p1

 %patch31 -p1

 %patch32 -p1

-%patch33 -p1

 %ifarch aarch64

 # NXP FSL_PPFE Driver patches

@@ -442,6 +439,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+*   Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1

+-   Update to version 4.19.40

 *   Thu Apr 11 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-3

 -   Update config_aarch64 to fix ARM64 build.

 *   Fri Mar 29 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-2