@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.19.1

+Version:	4.19.6

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952

+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61

 BuildArch:	noarch

 %description

 The Linux API Headers expose the kernel's API for use by Glibc.

@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

+-   Update to version 4.19.6

 *   Mon Nov 05 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.1-1

 -   Update to version 4.19.1

 *   Thu Sep 20 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.18.9-1

@@ -22,7 +22,7 @@ Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

  2 files changed, 19 insertions(+)

 diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c

-index 1c9750fefa64..1720225eecb6 100644

+index 609fca8..2676b52 100644

 --- a/drivers/xen/manage.c

 +++ b/drivers/xen/manage.c

 @@ -50,6 +50,21 @@ enum suspend_modes {

@@ -48,10 +48,10 @@ index 1c9750fefa64..1720225eecb6 100644

  	int cancelled;

  };

 diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h

-index a95e65ec83c3..2e4b476b516c 100644

+index f6e798d..2aa94d8 100644

 --- a/include/xen/xen-ops.h

 +++ b/include/xen/xen-ops.h

-@@ -38,6 +38,10 @@ u64 xen_steal_clock(int cpu);

+@@ -39,6 +39,10 @@ u64 xen_steal_clock(int cpu);

  int xen_setup_shutdown_event(void);

@@ -61,7 +61,6 @@ index a95e65ec83c3..2e4b476b516c 100644

 +

  extern unsigned long *xen_contiguous_bitmap;

- #ifdef CONFIG_XEN_PV

+ #if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64)

 -- 

-2.14.4

-

+2.7.4

@@ -23,10 +23,10 @@ Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

  3 files changed, 56 insertions(+)

 diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c

-index 8afb6dd311f1..c78b3e8fb2e5 100644

+index d24ad16..4196a65 100644

 --- a/arch/x86/xen/enlighten_hvm.c

 +++ b/arch/x86/xen/enlighten_hvm.c

-@@ -201,6 +201,7 @@ static void __init xen_hvm_guest_init(void)

+@@ -202,6 +202,7 @@ static void __init xen_hvm_guest_init(void)

  	if (xen_feature(XENFEAT_hvm_callback_vector))

  		xen_have_vector_callback = 1;

@@ -35,7 +35,7 @@ index 8afb6dd311f1..c78b3e8fb2e5 100644

  	WARN_ON(xen_cpuhp_setup(xen_cpu_up_prepare_hvm, xen_cpu_dead_hvm));

  	xen_unplug_emulated_devices();

 diff --git a/arch/x86/xen/suspend.c b/arch/x86/xen/suspend.c

-index 3e3a58ea669e..5e542b7e5802 100644

+index 1d83152..784c448 100644

 --- a/arch/x86/xen/suspend.c

 +++ b/arch/x86/xen/suspend.c

 @@ -2,17 +2,22 @@

@@ -61,7 +61,7 @@ index 3e3a58ea669e..5e542b7e5802 100644

  #include "xen-ops.h"

  #include "mmu.h"

-@@ -78,3 +83,51 @@ void xen_arch_suspend(void)

+@@ -82,3 +87,51 @@ void xen_arch_suspend(void)

  	on_each_cpu(xen_vcpu_notify_suspend, NULL, 1);

  }

@@ -114,10 +114,10 @@ index 3e3a58ea669e..5e542b7e5802 100644

 +		register_syscore_ops(&xen_hvm_syscore_ops);

 +}

 diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h

-index 2e4b476b516c..90c2b41eb4f3 100644

+index 2aa94d8..77f65e5 100644

 --- a/include/xen/xen-ops.h

 +++ b/include/xen/xen-ops.h

-@@ -42,6 +42,8 @@ bool xen_suspend_mode_is_xen_suspend(void);

+@@ -43,6 +43,8 @@ bool xen_suspend_mode_is_xen_suspend(void);

  bool xen_suspend_mode_is_pm_suspend(void);

  bool xen_suspend_mode_is_pm_hibernation(void);

@@ -125,7 +125,7 @@ index 2e4b476b516c..90c2b41eb4f3 100644

 +

  extern unsigned long *xen_contiguous_bitmap;

- #ifdef CONFIG_XEN_PV

+ #if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64)

 -- 

-2.14.4

+2.7.4

deleted file mode 100644

@@ -1,62 +0,0 @@

-From 15541c4d514bb189c3e4dbad9bd9f3b957d7c4d0 Mon Sep 17 00:00:00 2001

-From: Frank van der Linden <fllinden@amazon.com>

-Date: Fri, 31 Aug 2018 18:34:53 +0000

-Subject: net/ipv4: defensive cipso option parsing

-

-commit 40413955ee265a5e42f710940ec78f5450d49149 fixed a possible

-infinite loop in the IP option parsing of CIPSO. The fix assumes

-that ip_option_compile filtered out all zero length options and

-that no other one-byte options beside IPOPT_END and IPOPT_NOOP

-exist.

-While this assumption currently holds true, add explicit checks

-for zero length and invalid length options to be safe for the

-future. Even though ip_options_compile should have validated the

-options, the introduction of new one-byte options can still

-confuse this code without the additional checks.

-

-Signed-off-by: Stefan Nuernberger <snu@amazon.com>

-Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

- net/ipv4/cipso_ipv4.c | 10 ++++++++--

- 1 file changed, 8 insertions(+), 2 deletions(-)

-

-diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c

-index 82178cc69c96..f291b57b8474 100644

-+++ b/net/ipv4/cipso_ipv4.c

-@@ -1512,7 +1512,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def,

-  *

-  * Description:

-  * Parse the packet's IP header looking for a CIPSO option.  Returns a pointer

-- * to the start of the CIPSO option on success, NULL if one if not found.

-+ * to the start of the CIPSO option on success, NULL if one is not found.

-  *

-  */

- unsigned char *cipso_v4_optptr(const struct sk_buff *skb)

-@@ -1522,9 +1522,11 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb)

- 	int optlen;

- 	int taglen;

- 

--	for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) {

-+	for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 1; ) {

- 		switch (optptr[0]) {

- 		case IPOPT_CIPSO:

-+			if (!optptr[1] || optptr[1] > optlen)

-+				return NULL;

- 			return optptr;

- 		case IPOPT_END:

- 			return NULL;

-@@ -1534,6 +1536,10 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb)

- 		default:

- 			taglen = optptr[1];

- 		}

-+

-+		if (!taglen || taglen > optlen)

-+			break;

-+

- 		optlen -= taglen;

- 		optptr += taglen;

- 	}

-2.14.4

-

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.1 Kernel Configuration

+# Linux/x86 4.19.6 Kernel Configuration

 #

 #

@@ -397,7 +397,9 @@ CONFIG_X86_SMAP=y

 CONFIG_X86_INTEL_UMIP=y

 # CONFIG_X86_INTEL_MPX is not set

 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y

-# CONFIG_EFI is not set

+CONFIG_EFI=y

+CONFIG_EFI_STUB=y

+# CONFIG_EFI_MIXED is not set

 CONFIG_SECCOMP=y

 # CONFIG_HZ_100 is not set

 CONFIG_HZ_250=y

@@ -484,6 +486,7 @@ CONFIG_ACPI_HOTPLUG_IOAPIC=y

 CONFIG_ACPI_SBS=m

 # CONFIG_ACPI_HED is not set

 # CONFIG_ACPI_CUSTOM_METHOD is not set

+# CONFIG_ACPI_BGRT is not set

 # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set

 # CONFIG_ACPI_NFIT is not set

 CONFIG_HAVE_ACPI_APEI=y

@@ -641,6 +644,19 @@ CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y

 # CONFIG_ISCSI_IBFT_FIND is not set

 # CONFIG_FW_CFG_SYSFS is not set

 # CONFIG_GOOGLE_FIRMWARE is not set

+

+#

+# EFI (Extensible Firmware Interface) Support

+#

+# CONFIG_EFI_VARS is not set

+CONFIG_EFI_ESRT=y

+# CONFIG_EFI_RUNTIME_MAP is not set

+# CONFIG_EFI_FAKE_MEMMAP is not set

+CONFIG_EFI_RUNTIME_WRAPPERS=y

+# CONFIG_EFI_CAPSULE_LOADER is not set

+# CONFIG_EFI_TEST is not set

+# CONFIG_APPLE_PROPERTIES is not set

+# CONFIG_RESET_ATTACK_MITIGATION is not set

 CONFIG_UEFI_CPER=y

 CONFIG_UEFI_CPER_X86=y

@@ -2971,6 +2987,7 @@ CONFIG_FB_CIRRUS=m

 # CONFIG_FB_VGA16 is not set

 # CONFIG_FB_UVESA is not set

 CONFIG_FB_VESA=y

+# CONFIG_FB_EFI is not set

 # CONFIG_FB_N411 is not set

 # CONFIG_FB_HGA is not set

 # CONFIG_FB_OPENCORES is not set

@@ -3525,6 +3542,7 @@ CONFIG_XEN_PRIVCMD=m

 # CONFIG_XEN_ACPI_PROCESSOR is not set

 # CONFIG_XEN_MCE_LOG is not set

 CONFIG_XEN_HAVE_PVMMU=y

+CONFIG_XEN_EFI=y

 CONFIG_XEN_AUTO_XLATE=y

 CONFIG_XEN_ACPI=y

 # CONFIG_XEN_SYMS is not set

@@ -3846,6 +3864,7 @@ CONFIG_HUGETLB_PAGE=y

 CONFIG_MEMFD_CREATE=y

 CONFIG_ARCH_HAS_GIGANTIC_PAGE=y

 CONFIG_CONFIGFS_FS=m

+CONFIG_EFIVAR_FS=m

 CONFIG_MISC_FILESYSTEMS=y

 # CONFIG_ORANGEFS_FS is not set

 # CONFIG_ADFS_FS is not set

@@ -4216,7 +4235,6 @@ CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m

 CONFIG_CRYPTO_SERPENT_AVX_X86_64=m

 CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m

 # CONFIG_CRYPTO_SM4 is not set

-# CONFIG_CRYPTO_SPECK is not set

 CONFIG_CRYPTO_TEA=m

 CONFIG_CRYPTO_TWOFISH=m

 CONFIG_CRYPTO_TWOFISH_COMMON=m

@@ -4360,7 +4378,7 @@ CONFIG_CLZ_TAB=y

 CONFIG_IRQ_POLL=y

 CONFIG_MPILIB=y

 CONFIG_OID_REGISTRY=y

-CONFIG_UCS2_STRING=m

+CONFIG_UCS2_STRING=y

 CONFIG_FONT_SUPPORT=y

 # CONFIG_FONTS is not set

 CONFIG_FONT_8x8=y

@@ -4566,8 +4584,10 @@ CONFIG_TRACE_IRQFLAGS_SUPPORT=y

 # CONFIG_X86_VERBOSE_BOOTUP is not set

 CONFIG_EARLY_PRINTK=y

 # CONFIG_EARLY_PRINTK_DBGP is not set

+# CONFIG_EARLY_PRINTK_EFI is not set

 # CONFIG_EARLY_PRINTK_USB_XDBC is not set

 # CONFIG_X86_PTDUMP is not set

+# CONFIG_EFI_PGT_DUMP is not set

 # CONFIG_DEBUG_WX is not set

 CONFIG_DOUBLEFAULT=y

 # CONFIG_DEBUG_TLBFLUSH is not set

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-aws

-Version:        4.19.1

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.6

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952

+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61

 Source1:	config-aws

 Source2:	initramfs.trigger

 # common

@@ -62,7 +62,6 @@ Patch123: 0027-xen-blkfront-add-persistent_grants-parameter.patch

 Patch125: 0029-Revert-xen-dont-fiddle-with-event-channel-masking-in.patch

 Patch131: 0035-xen-blkfront-Fixed-blkfront_restore-to-remove-a-call.patch

 Patch133: 0037-x86-tsc-avoid-system-instability-in-hibernation.patch

-Patch151: 0055-net-ipv4-defensive-cipso-option-parsing.patch

 Patch152: 0056-Amazon-ENA-driver-Update-to-version-1.6.0.patch

 %if 0%{?kat_build:1}

@@ -179,7 +178,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch125 -p1

 %patch131 -p1

 %patch133 -p1

-%patch151 -p1

 %patch152 -p1

 %if 0%{?kat_build:1}

@@ -358,6 +356,9 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %{_libdir}/perf/include/bpf/*

 %changelog

+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

+-   Update to version 4.19.6

+-   Enable EFI in config-aws to support kernel signing.

 *   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.1-3

 -   Set nvme io_timeout to maximum in kernel cmdline.

 *   Wed Nov 14 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-esx

-Version:        4.19.1

-Release:        3%{?dist}

+Version:        4.19.6

+Release:        1%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952

+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61

 Source1:        config-esx

 Source2:        initramfs.trigger

 # common

@@ -186,6 +186,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

+-   Update to version 4.19.6

 *   Thu Nov 29 2018 Alexey Makhalov <amakhalov@vmware.com> 4.19.1-3

 -   Fix BAR4 is zero issue for IDE devices

 *   Thu Nov 15 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-secure

-Version:        4.19.1

-Release:        2%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.6

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952

+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61

 Source1:        config-secure

 Source2:        initramfs.trigger

 # common

@@ -234,6 +234,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

+-   Update to version 4.19.6

 *   Thu Nov 15 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2

 -   Adding BuildArch

 *   Thu Nov 08 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.19.1-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:        4.19.1

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.6

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952

+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.6.0

@@ -372,6 +372,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

+-   Update to version 4.19.6

 *   Fri Dec 07 2018 Alexey Makhalov <amakhalov@vmware.com> 4.19.1-3

 -   .config: added qmi wwan module

 *   Mon Nov 12 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2