@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.9.137

+Version:	4.9.140

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727

+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e

 BuildArch:	noarch

 Patch0:         Implement-the-f-xattrat-family-of-functions.patch

 %description

@@ -27,6 +27,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1

+-   Update to version 4.9.140

 *   Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1

 -   Update to version 4.9.137

 *   Mon Oct 01 2018 srinidhira0 <srinidhir@vmware.com> 4.9.130-1

@@ -19,7 +19,7 @@ Subject: [PATCH 1/3] NOWRITEEXEC and PAX features: MPROTECT, EMUTRAMP

  12 files changed, 424 insertions(+)

 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c

-index 9f72ca3..fd5a25e 100644

+index 5c419b8..7b7e5d3 100644

 --- a/arch/x86/mm/fault.c

 +++ b/arch/x86/mm/fault.c

 @@ -244,6 +244,11 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address,

@@ -34,7 +34,7 @@ index 9f72ca3..fd5a25e 100644

  DEFINE_SPINLOCK(pgd_lock);

  LIST_HEAD(pgd_list);

-@@ -886,6 +891,13 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,

+@@ -881,6 +886,13 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,

  				return;

  		}

  #endif

@@ -48,7 +48,7 @@ index 9f72ca3..fd5a25e 100644

  		/*

  		 * To avoid leaking information about the kernel page table

-@@ -1492,3 +1504,209 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)

+@@ -1502,3 +1514,209 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)

  }

  NOKPROBE_SYMBOL(trace_do_page_fault);

  #endif /* CONFIG_TRACING */

@@ -259,7 +259,7 @@ index 9f72ca3..fd5a25e 100644

 +}

 +#endif

 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c

-index 2472af2..c7b750d 100644

+index e7e25a8..bdb1315 100644

 --- a/fs/binfmt_elf.c

 +++ b/fs/binfmt_elf.c

 @@ -36,6 +36,7 @@

@@ -310,7 +310,7 @@ index 2472af2..c7b750d 100644

  	if (elf_read_implies_exec(loc->elf_ex, executable_stack))

  		current->personality |= READ_IMPLIES_EXEC;

-@@ -2320,6 +2340,56 @@ static int elf_core_dump(struct coredump_params *cprm)

+@@ -2363,6 +2383,56 @@ static int elf_core_dump(struct coredump_params *cprm)

  #endif		/* CONFIG_ELF_CORE */

@@ -368,10 +368,10 @@ index 2472af2..c7b750d 100644

  {

  	register_binfmt(&elf_format);

 diff --git a/fs/exec.c b/fs/exec.c

-index 67e8657..4eff942 100644

+index fcd8642e..c8e7b8f 100644

 --- a/fs/exec.c

 +++ b/fs/exec.c

-@@ -718,7 +718,12 @@ int setup_arg_pages(struct linux_binprm *bprm,

+@@ -739,7 +739,12 @@ int setup_arg_pages(struct linux_binprm *bprm,

  	if (unlikely(executable_stack == EXSTACK_ENABLE_X))

  		vm_flags |= VM_EXEC;

  	else if (executable_stack == EXSTACK_DISABLE_X)

@@ -419,10 +419,10 @@ index 20fa8d8..3d0dd18 100644

  #endif

 diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h

-index 08d947f..3729003 100644

+index 8d6decd..923c34f 100644

 --- a/include/linux/mm_types.h

 +++ b/include/linux/mm_types.h

-@@ -517,6 +517,9 @@ struct mm_struct {

+@@ -521,6 +521,9 @@ struct mm_struct {

  	atomic_long_t hugetlb_usage;

  #endif

  	struct work_struct async_put_work;

@@ -433,10 +433,10 @@ index 08d947f..3729003 100644

  static inline void mm_init_cpumask(struct mm_struct *mm)

 diff --git a/include/linux/sched.h b/include/linux/sched.h

-index 4c27bcd..a138d62 100644

+index f4a551a..6f05b70 100644

 --- a/include/linux/sched.h

 +++ b/include/linux/sched.h

-@@ -1984,6 +1984,8 @@ static inline struct vm_struct *task_stack_vm_area(const struct task_struct *t)

+@@ -1999,6 +1999,8 @@ static inline struct vm_struct *task_stack_vm_area(const struct task_struct *t)

  }

  #endif

@@ -467,10 +467,10 @@ index b59ee07..ad4d96b 100644

  #define OLD_DT_LOOS	0x60000000

  #define DT_LOOS		0x6000000d

 diff --git a/ipc/shm.c b/ipc/shm.c

-index dbac886..266e8bd 100644

+index 9c687cd..aa0fc4f 100644

 --- a/ipc/shm.c

 +++ b/ipc/shm.c

-@@ -1133,6 +1133,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,

+@@ -1161,6 +1161,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg,

  		f_mode = FMODE_READ | FMODE_WRITE;

  	}

  	if (shmflg & SHM_EXEC) {

@@ -481,10 +481,10 @@ index dbac886..266e8bd 100644

  		acc_mode |= S_IXUGO;

  	}

 diff --git a/mm/mmap.c b/mm/mmap.c

-index 1af87c1..19fe04f 100644

+index 2837556..812ac33 100644

 --- a/mm/mmap.c

 +++ b/mm/mmap.c

-@@ -1360,6 +1360,17 @@ unsigned long do_mmap(struct file *file, unsigned long addr,

+@@ -1403,6 +1403,17 @@ unsigned long do_mmap(struct file *file, unsigned long addr,

  	vm_flags |= calc_vm_prot_bits(prot, pkey) | calc_vm_flag_bits(flags) |

  			mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;

@@ -502,8 +502,8 @@ index 1af87c1..19fe04f 100644

  	if (flags & MAP_LOCKED)

  		if (!can_do_mlock())

  			return -EPERM;

-@@ -2822,6 +2833,9 @@ static int do_brk(unsigned long addr, unsigned long request)

- 		return 0;

+@@ -2886,6 +2897,9 @@ static int do_brk(unsigned long addr, unsigned long len)

+ 	int error;

  	flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;

 +#ifdef CONFIG_PAX_MPROTECT

@@ -512,7 +512,7 @@ index 1af87c1..19fe04f 100644

  	error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED);

  	if (offset_in_page(error))

-@@ -3195,6 +3209,17 @@ static struct vm_area_struct *__install_special_mapping(

+@@ -3266,6 +3280,17 @@ static struct vm_area_struct *__install_special_mapping(

  	vma->vm_start = addr;

  	vma->vm_end = addr + len;

@@ -531,7 +531,7 @@ index 1af87c1..19fe04f 100644

  	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);

 diff --git a/mm/mprotect.c b/mm/mprotect.c

-index 1193652..88aa56a 100644

+index 6896f77..1a6b9e8 100644

 --- a/mm/mprotect.c

 +++ b/mm/mprotect.c

 @@ -25,6 +25,10 @@

@@ -545,7 +545,7 @@ index 1193652..88aa56a 100644

  #include <asm/uaccess.h>

  #include <asm/pgtable.h>

  #include <asm/cacheflush.h>

-@@ -329,6 +333,10 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,

+@@ -379,6 +383,10 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,

  	 * held in write mode.

  	 */

  	vma->vm_flags = newflags;

@@ -556,7 +556,7 @@ index 1193652..88aa56a 100644

  	dirty_accountable = vma_wants_writenotify(vma, vma->vm_page_prot);

  	vma_set_page_prot(vma);

-@@ -420,6 +428,10 @@ static int do_mprotect_pkey(unsigned long start, size_t len,

+@@ -470,6 +478,10 @@ static int do_mprotect_pkey(unsigned long start, size_t len,

  	if (start > vma->vm_start)

  		prev = vma;

@@ -568,7 +568,7 @@ index 1193652..88aa56a 100644

  		unsigned long mask_off_old_flags;

  		unsigned long newflags;

 diff --git a/security/Kconfig b/security/Kconfig

-index 118f454..965f1a3 100644

+index 32f36b4..6742dcd 100644

 --- a/security/Kconfig

 +++ b/security/Kconfig

 @@ -4,6 +4,84 @@

@@ -657,5 +657,5 @@ index 118f454..965f1a3 100644

  config SECURITY_DMESG_RESTRICT

 -- 

-2.8.1

+2.7.4

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-aws

-Version:        4.9.137

+Version:        4.9.140

 Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727

+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e

 Source1:	config-aws

 Source2:	initramfs.trigger

 # common

@@ -440,6 +440,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/doc/*

 %changelog

+*   Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1

+-   Update to version 4.9.140

 *   Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1

 -   Update to version 4.9.137

 *   Tue Oct 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-2

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-esx

-Version:        4.9.137

+Version:        4.9.140

 Release:        1%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727

+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e

 Source1:        config-esx

 Source2:        initramfs.trigger

 # common

@@ -233,6 +233,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1

+-   Update to version 4.9.140

 *   Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1

 -   Update to version 4.9.137

 *   Mon Oct 08 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-3

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-secure

-Version:        4.9.137

+Version:        4.9.140

 Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727

+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e

 Source1:        config-secure

 Source2:        aufs4.9.tar.gz

 %define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906

@@ -331,6 +331,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1

+-   Update to version 4.9.140

 *   Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1

 -   Update to version 4.9.137

 *   Tue Oct 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-2

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:        4.9.137

+Version:        4.9.140

 Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727

+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.1.3

@@ -363,6 +363,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/doc/*

 %changelog

+*   Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1

+-   Update to version 4.9.140

 *   Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1

 -   Update to version 4.9.137

 *   Tue Oct 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-2