Update the version and add patches to fix the following CVEs:
CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381,
CVE-2019-12382, CVE-2019-12378, CVE-2019-12455
Change-Id: I6522ff038414007ed76257c6ed2a773b6f30564c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/7454
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
(cherry picked from commit f2bd0799d1970bab3881cb9bfd2c032495f33507)
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/7459
Reviewed-by: Srivatsa S. Bhat <srivatsab@vmware.com>
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.19.40 |
|
3 |
+Version: 4.19.52 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958 |
|
11 |
+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248 |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
%description |
14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
25 | 25 |
%defattr(-,root,root) |
26 | 26 |
%{_includedir}/* |
27 | 27 |
%changelog |
28 |
+* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1 |
|
29 |
+- Update to version 4.19.52 |
|
28 | 30 |
* Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1 |
29 | 31 |
- Update to version 4.19.40 |
30 | 32 |
* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-1 |
31 | 33 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,34 @@ |
0 |
+From f4df781a8c257883937168911608840fec190a31 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Tue, 28 May 2019 10:18:51 +0800 |
|
3 |
+Subject: [PATCH] clk-sunxi: fix a missing-check bug in sunxi_divs_clk_setup() |
|
4 |
+ |
|
5 |
+[ This patch is not yet upstream; however, it has been accepted into |
|
6 |
+ the drm maintainer's queue. ] |
|
7 |
+ |
|
8 |
+In sunxi_divs_clk_setup(), 'derived_name' is allocated by kstrndup(). |
|
9 |
+It returns NULL when fails. 'derived_name' should be checked. |
|
10 |
+ |
|
11 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
12 |
+Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com> |
|
13 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
14 |
+--- |
|
15 |
+ drivers/clk/sunxi/clk-sunxi.c | 2 ++ |
|
16 |
+ 1 file changed, 2 insertions(+) |
|
17 |
+ |
|
18 |
+diff --git a/drivers/clk/sunxi/clk-sunxi.c b/drivers/clk/sunxi/clk-sunxi.c |
|
19 |
+index 012714d..c76ce55 100644 |
|
20 |
+--- a/drivers/clk/sunxi/clk-sunxi.c |
|
21 |
+@@ -988,6 +988,8 @@ static struct clk ** __init sunxi_divs_clk_setup(struct device_node *node, |
|
22 |
+ if (endp) { |
|
23 |
+ derived_name = kstrndup(clk_name, endp - clk_name, |
|
24 |
+ GFP_KERNEL); |
|
25 |
++ if (!derived_name) |
|
26 |
++ return NULL; |
|
27 |
+ factors.name = derived_name; |
|
28 |
+ } else { |
|
29 |
+ factors.name = clk_name; |
|
30 |
+-- |
|
31 |
+2.7.4 |
|
32 |
+ |
0 | 33 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,42 @@ |
0 |
+From a8301ee448aef5712b703281b6103a95242f0411 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Thu, 23 May 2019 08:34:52 +0800 |
|
3 |
+Subject: [PATCH] consolemap: Fix a memory leaking bug in |
|
4 |
+ drivers/tty/vt/consolemap.c |
|
5 |
+ |
|
6 |
+[ This patch is not yet upstream; however, it has been accepted into |
|
7 |
+ the tty driver maintainer's queue. ] |
|
8 |
+ |
|
9 |
+In function con_insert_unipair(), when allocation for p2 and p1[n] |
|
10 |
+fails, ENOMEM is returned, but previously allocated p1 is not freed, |
|
11 |
+remains as leaking memory. Thus we should free p1 as well when this |
|
12 |
+allocation fails. |
|
13 |
+ |
|
14 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
15 |
+Reviewed-by: Kees Cook <keescook@chromium.org> |
|
16 |
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
|
17 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
18 |
+--- |
|
19 |
+ drivers/tty/vt/consolemap.c | 6 +++++- |
|
20 |
+ 1 file changed, 5 insertions(+), 1 deletion(-) |
|
21 |
+ |
|
22 |
+diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c |
|
23 |
+index 7c7ada0..814d1b7 100644 |
|
24 |
+--- a/drivers/tty/vt/consolemap.c |
|
25 |
+@@ -489,7 +489,11 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos) |
|
26 |
+ p2 = p1[n = (unicode >> 6) & 0x1f]; |
|
27 |
+ if (!p2) { |
|
28 |
+ p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL); |
|
29 |
+- if (!p2) return -ENOMEM; |
|
30 |
++ if (!p2) { |
|
31 |
++ kfree(p1); |
|
32 |
++ p->uni_pgdir[n] = NULL; |
|
33 |
++ return -ENOMEM; |
|
34 |
++ } |
|
35 |
+ memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the characters (yet) */ |
|
36 |
+ } |
|
37 |
+ |
|
38 |
+-- |
|
39 |
+2.7.4 |
|
40 |
+ |
0 | 41 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,41 @@ |
0 |
+From 9579fa77a71581a70d14a544cc58d0b00f700f05 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Fri, 24 May 2019 10:32:22 +0800 |
|
3 |
+Subject: [PATCH] drm/edid: Fix a missing-check bug in drm_load_edid_firmware() |
|
4 |
+ |
|
5 |
+[ This patch is not yet upstream; however, it has been accepted into |
|
6 |
+ the drm maintainer's queue. ] |
|
7 |
+ |
|
8 |
+In drm_load_edid_firmware(), fwstr is allocated by kstrdup(). And fwstr |
|
9 |
+is dereferenced in the following codes. However, memory allocation |
|
10 |
+functions such as kstrdup() may fail and returns NULL. Dereferencing |
|
11 |
+this null pointer may cause the kernel go wrong. Thus we should check |
|
12 |
+this kstrdup() operation. |
|
13 |
+Further, if kstrdup() returns NULL, we should return ERR_PTR(-ENOMEM) to |
|
14 |
+the caller site. |
|
15 |
+ |
|
16 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
17 |
+Reviewed-by: Jani Nikula <jani.nikula@intel.com> |
|
18 |
+Signed-off-by: Jani Nikula <jani.nikula@intel.com> |
|
19 |
+Link: https://patchwork.freedesktop.org/patch/msgid/20190524023222.GA5302@zhanggen-UX430UQ |
|
20 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
21 |
+--- |
|
22 |
+ drivers/gpu/drm/drm_edid_load.c | 2 ++ |
|
23 |
+ 1 file changed, 2 insertions(+) |
|
24 |
+ |
|
25 |
+diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c |
|
26 |
+index a491509..a0e107a 100644 |
|
27 |
+--- a/drivers/gpu/drm/drm_edid_load.c |
|
28 |
+@@ -290,6 +290,8 @@ struct edid *drm_load_edid_firmware(struct drm_connector *connector) |
|
29 |
+ * the last one found one as a fallback. |
|
30 |
+ */ |
|
31 |
+ fwstr = kstrdup(edid_firmware, GFP_KERNEL); |
|
32 |
++ if (!fwstr) |
|
33 |
++ return ERR_PTR(-ENOMEM); |
|
34 |
+ edidstr = fwstr; |
|
35 |
+ |
|
36 |
+ while ((edidname = strsep(&edidstr, ","))) { |
|
37 |
+-- |
|
38 |
+2.7.4 |
|
39 |
+ |
0 | 40 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,90 @@ |
0 |
+From f4756d57543226f5cd5e0b332b9830bdf7e56412 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Sat, 25 May 2019 13:25:58 +0200 |
|
3 |
+Subject: [PATCH] efi/x86/Add missing error handling to old_memmap 1:1 mapping |
|
4 |
+ code |
|
5 |
+ |
|
6 |
+commit 4e78921ba4dd0aca1cc89168f45039add4183f8e upstream. |
|
7 |
+ |
|
8 |
+The old_memmap flow in efi_call_phys_prolog() performs numerous memory |
|
9 |
+allocations, and either does not check for failure at all, or it does |
|
10 |
+but fails to propagate it back to the caller, which may end up calling |
|
11 |
+into the firmware with an incomplete 1:1 mapping. |
|
12 |
+ |
|
13 |
+So let's fix this by returning NULL from efi_call_phys_prolog() on |
|
14 |
+memory allocation failures only, and by handling this condition in the |
|
15 |
+caller. Also, clean up any half baked sets of page tables that we may |
|
16 |
+have created before returning with a NULL return value. |
|
17 |
+ |
|
18 |
+Note that any failure at this level will trigger a panic() two levels |
|
19 |
+up, so none of this makes a huge difference, but it is a nice cleanup |
|
20 |
+nonetheless. |
|
21 |
+ |
|
22 |
+[ardb: update commit log, add efi_call_phys_epilog() call on error path] |
|
23 |
+ |
|
24 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
25 |
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> |
|
26 |
+Cc: Linus Torvalds <torvalds@linux-foundation.org> |
|
27 |
+Cc: Peter Zijlstra <peterz@infradead.org> |
|
28 |
+Cc: Rob Bradford <robert.bradford@intel.com> |
|
29 |
+Cc: Thomas Gleixner <tglx@linutronix.de> |
|
30 |
+Cc: linux-efi@vger.kernel.org |
|
31 |
+Link: http://lkml.kernel.org/r/20190525112559.7917-2-ard.biesheuvel@linaro.org |
|
32 |
+Signed-off-by: Ingo Molnar <mingo@kernel.org> |
|
33 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
34 |
+--- |
|
35 |
+ arch/x86/platform/efi/efi.c | 2 ++ |
|
36 |
+ arch/x86/platform/efi/efi_64.c | 9 ++++++--- |
|
37 |
+ 2 files changed, 8 insertions(+), 3 deletions(-) |
|
38 |
+ |
|
39 |
+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c |
|
40 |
+index 9061bab..353019d 100644 |
|
41 |
+--- a/arch/x86/platform/efi/efi.c |
|
42 |
+@@ -86,6 +86,8 @@ static efi_status_t __init phys_efi_set_virtual_address_map( |
|
43 |
+ pgd_t *save_pgd; |
|
44 |
+ |
|
45 |
+ save_pgd = efi_call_phys_prolog(); |
|
46 |
++ if (!save_pgd) |
|
47 |
++ return EFI_ABORTED; |
|
48 |
+ |
|
49 |
+ /* Disable interrupts around EFI calls: */ |
|
50 |
+ local_irq_save(flags); |
|
51 |
+diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c |
|
52 |
+index ee5d08f..dfc809b 100644 |
|
53 |
+--- a/arch/x86/platform/efi/efi_64.c |
|
54 |
+@@ -84,13 +84,15 @@ pgd_t * __init efi_call_phys_prolog(void) |
|
55 |
+ |
|
56 |
+ if (!efi_enabled(EFI_OLD_MEMMAP)) { |
|
57 |
+ efi_switch_mm(&efi_mm); |
|
58 |
+- return NULL; |
|
59 |
++ return efi_mm.pgd; |
|
60 |
+ } |
|
61 |
+ |
|
62 |
+ early_code_mapping_set_exec(1); |
|
63 |
+ |
|
64 |
+ n_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT), PGDIR_SIZE); |
|
65 |
+ save_pgd = kmalloc_array(n_pgds, sizeof(*save_pgd), GFP_KERNEL); |
|
66 |
++ if (!save_pgd) |
|
67 |
++ return NULL; |
|
68 |
+ |
|
69 |
+ /* |
|
70 |
+ * Build 1:1 identity mapping for efi=old_map usage. Note that |
|
71 |
+@@ -138,10 +140,11 @@ pgd_t * __init efi_call_phys_prolog(void) |
|
72 |
+ pgd_offset_k(pgd * PGDIR_SIZE)->pgd &= ~_PAGE_NX; |
|
73 |
+ } |
|
74 |
+ |
|
75 |
+-out: |
|
76 |
+ __flush_tlb_all(); |
|
77 |
+- |
|
78 |
+ return save_pgd; |
|
79 |
++out: |
|
80 |
++ efi_call_phys_epilog(save_pgd); |
|
81 |
++ return NULL; |
|
82 |
+ } |
|
83 |
+ |
|
84 |
+ void __init efi_call_phys_epilog(pgd_t *save_pgd) |
|
85 |
+-- |
|
86 |
+2.7.4 |
|
87 |
+ |
0 | 88 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,36 @@ |
0 |
+From 25c3cdaecee4e72cab832bb6079776d8158e1cf9 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Fri, 24 May 2019 11:24:26 +0800 |
|
3 |
+Subject: [PATCH] ip_sockglue: Fix missing-check bug in ip_ra_control() |
|
4 |
+ |
|
5 |
+commit 425aa0e1d01513437668fa3d4a971168bbaa8515 upstream. |
|
6 |
+ |
|
7 |
+In function ip_ra_control(), the pointer new_ra is allocated a memory |
|
8 |
+space via kmalloc(). And it is used in the following codes. However, |
|
9 |
+when there is a memory allocation error, kmalloc() fails. Thus null |
|
10 |
+pointer dereference may happen. And it will cause the kernel to crash. |
|
11 |
+Therefore, we should check the return value and handle the error. |
|
12 |
+ |
|
13 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
14 |
+Signed-off-by: David S. Miller <davem@davemloft.net> |
|
15 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
16 |
+--- |
|
17 |
+ net/ipv4/ip_sockglue.c | 2 ++ |
|
18 |
+ 1 file changed, 2 insertions(+) |
|
19 |
+ |
|
20 |
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c |
|
21 |
+index b7a2612..faaf688 100644 |
|
22 |
+--- a/net/ipv4/ip_sockglue.c |
|
23 |
+@@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on, |
|
24 |
+ return -EINVAL; |
|
25 |
+ |
|
26 |
+ new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; |
|
27 |
++ if (on && !new_ra) |
|
28 |
++ return -ENOMEM; |
|
29 |
+ |
|
30 |
+ mutex_lock(&net->ipv4.ra_mutex); |
|
31 |
+ for (rap = &net->ipv4.ra_chain; |
|
32 |
+-- |
|
33 |
+2.7.4 |
|
34 |
+ |
0 | 35 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,36 @@ |
0 |
+From 330952de2ddbb22f30702b251017ea5109a2e613 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Fri, 24 May 2019 11:19:46 +0800 |
|
3 |
+Subject: [PATCH] ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() |
|
4 |
+ |
|
5 |
+commit 95baa60a0da80a0143e3ddd4d3725758b4513825 upstream. |
|
6 |
+ |
|
7 |
+In function ip6_ra_control(), the pointer new_ra is allocated a memory |
|
8 |
+space via kmalloc(). And it is used in the following codes. However, |
|
9 |
+when there is a memory allocation error, kmalloc() fails. Thus null |
|
10 |
+pointer dereference may happen. And it will cause the kernel to crash. |
|
11 |
+Therefore, we should check the return value and handle the error. |
|
12 |
+ |
|
13 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
14 |
+Signed-off-by: David S. Miller <davem@davemloft.net> |
|
15 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
16 |
+--- |
|
17 |
+ net/ipv6/ipv6_sockglue.c | 2 ++ |
|
18 |
+ 1 file changed, 2 insertions(+) |
|
19 |
+ |
|
20 |
+diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
|
21 |
+index c0cac9c..4bc97b1 100644 |
|
22 |
+--- a/net/ipv6/ipv6_sockglue.c |
|
23 |
+@@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel) |
|
24 |
+ return -ENOPROTOOPT; |
|
25 |
+ |
|
26 |
+ new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; |
|
27 |
++ if (sel >= 0 && !new_ra) |
|
28 |
++ return -ENOMEM; |
|
29 |
+ |
|
30 |
+ write_lock_bh(&ip6_ra_lock); |
|
31 |
+ for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { |
|
32 |
+-- |
|
33 |
+2.7.4 |
|
34 |
+ |
0 | 35 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,47 @@ |
0 |
+From 3a349cfe3e6ffd0856e04d3946589c437ef18d32 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Gen Zhang <blackgod016574@gmail.com> |
|
2 |
+Date: Thu, 30 May 2019 09:10:30 +0800 |
|
3 |
+Subject: [PATCH] scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() |
|
4 |
+ |
|
5 |
+[ This patch is not yet upstream; however, it has been accepted into |
|
6 |
+the scsi maintainer's queue. ] |
|
7 |
+ |
|
8 |
+In _ctl_ioctl_main(), 'ioctl_header' is fetched the first time from |
|
9 |
+userspace. 'ioctl_header.ioc_number' is then checked. The legal result is |
|
10 |
+saved to 'ioc'. Then, in condition MPT3COMMAND, the whole struct is fetched |
|
11 |
+again from the userspace. Then _ctl_do_mpt_command() is called, 'ioc' and |
|
12 |
+'karg' as inputs. |
|
13 |
+ |
|
14 |
+However, a malicious user can change the 'ioc_number' between the two |
|
15 |
+fetches, which will cause a potential security issues. Moreover, a |
|
16 |
+malicious user can provide a valid 'ioc_number' to pass the check in first |
|
17 |
+fetch, and then modify it in the second fetch. |
|
18 |
+ |
|
19 |
+To fix this, we need to recheck the 'ioc_number' in the second fetch. |
|
20 |
+ |
|
21 |
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com> |
|
22 |
+Acked-by: Suganath Prabu S <suganath-prabu.subramani@broadcom.com> |
|
23 |
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
|
24 |
+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> |
|
25 |
+--- |
|
26 |
+ drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 ++++ |
|
27 |
+ 1 file changed, 4 insertions(+) |
|
28 |
+ |
|
29 |
+diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c |
|
30 |
+index 5e8c059..b831740 100644 |
|
31 |
+--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c |
|
32 |
+@@ -2404,6 +2404,10 @@ _ctl_ioctl_main(struct file *file, unsigned int cmd, void __user *arg, |
|
33 |
+ break; |
|
34 |
+ } |
|
35 |
+ |
|
36 |
++ if (karg.hdr.ioc_number != ioctl_header.ioc_number) { |
|
37 |
++ ret = -EINVAL; |
|
38 |
++ break; |
|
39 |
++ } |
|
40 |
+ if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_command)) { |
|
41 |
+ uarg = arg; |
|
42 |
+ ret = _ctl_do_mpt_command(ioc, karg, &uarg->mf); |
|
43 |
+-- |
|
44 |
+2.7.4 |
|
45 |
+ |
... | ... |
@@ -1234,7 +1234,7 @@ index 7948a17febb4..bc2b010b3d76 100644 |
1234 | 1234 |
+ |
1235 | 1235 |
#endif /* _ASM_X86_MODULE_H */ |
1236 | 1236 |
diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c |
1237 |
-index 3aac91ca8909..fb9d908784a6 100644 |
|
1237 |
+index 8673319..173bf54 100644 |
|
1238 | 1238 |
--- a/arch/x86/kernel/cpu/vmware.c |
1239 | 1239 |
+++ b/arch/x86/kernel/cpu/vmware.c |
1240 | 1240 |
@@ -292,11 +292,17 @@ static __init int activate_jump_labels(void) |
... | ... |
@@ -1270,13 +1270,13 @@ index c88c23c658c1..7a0b8f22ced5 100644 |
1270 | 1270 |
return __e820__mapped_all(start, end, type); |
1271 | 1271 |
} |
1272 | 1272 |
diff --git a/arch/x86/kernel/ftrace_64.S b/arch/x86/kernel/ftrace_64.S |
1273 |
-index 91b2cff4b79a..7aeca3f7541c 100644 |
|
1273 |
+index 75f2b36..cfd00e5 100644 |
|
1274 | 1274 |
--- a/arch/x86/kernel/ftrace_64.S |
1275 | 1275 |
+++ b/arch/x86/kernel/ftrace_64.S |
1276 | 1276 |
@@ -186,7 +186,7 @@ GLOBAL(ftrace_graph_call) |
1277 |
- #endif |
|
1278 |
- |
|
1279 |
- /* This is weak to keep gas from relaxing the jumps */ |
|
1277 |
+ * This is weak to keep gas from relaxing the jumps. |
|
1278 |
+ * It is also used to copy the retq for trampolines. |
|
1279 |
+ */ |
|
1280 | 1280 |
-WEAK(ftrace_stub) |
1281 | 1281 |
+RAP_WEAK(ftrace_stub) |
1282 | 1282 |
retq |
... | ... |
@@ -5384,11 +5384,11 @@ index 2ff814c92f7f..a74ce003f47a 100644 |
5384 | 5384 |
static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) |
5385 | 5385 |
#endif /* __SYSCALL_DEFINEx */ |
5386 | 5386 |
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c |
5387 |
-index 3f5bf1af0826..91029cc72349 100644 |
|
5387 |
+index bad9985..cba5751 100644 |
|
5388 | 5388 |
--- a/kernel/bpf/core.c |
5389 | 5389 |
+++ b/kernel/bpf/core.c |
5390 |
-@@ -577,6 +577,8 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type, |
|
5391 |
- return ret; |
|
5390 |
+@@ -612,6 +612,8 @@ static void bpf_jit_uncharge_modmem(u32 pages) |
|
5391 |
+ atomic_long_sub(pages, &bpf_jit_current); |
|
5392 | 5392 |
} |
5393 | 5393 |
|
5394 | 5394 |
+extern long __rap_hash___bpf_prog_run; |
... | ... |
@@ -5396,8 +5396,8 @@ index 3f5bf1af0826..91029cc72349 100644 |
5396 | 5396 |
struct bpf_binary_header * |
5397 | 5397 |
bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, |
5398 | 5398 |
unsigned int alignment, |
5399 |
-@@ -600,11 +602,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, |
|
5400 |
- hdr->pages = size / PAGE_SIZE; |
|
5399 |
+@@ -641,11 +643,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, |
|
5400 |
+ hdr->pages = pages; |
|
5401 | 5401 |
hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)), |
5402 | 5402 |
PAGE_SIZE - sizeof(*hdr)); |
5403 | 5403 |
+#ifdef CONFIG_PAX_RAP |
... | ... |
@@ -24,26 +24,27 @@ values at runtime. |
24 | 24 |
--- |
25 | 25 |
drivers/pci/pci.c | 2 + |
26 | 26 |
drivers/pci/pci.h | 2 + |
27 |
- drivers/pci/probe.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++++++- |
|
28 |
- 3 files changed, 377 insertions(+), 4 deletions(-) |
|
27 |
+ drivers/pci/probe.c | 376 +++++++++++++++++++++++++++++++++++++++++++++++++++- |
|
28 |
+ 3 files changed, 376 insertions(+), 4 deletions(-) |
|
29 | 29 |
|
30 |
- |
|
31 |
-diff -ur linux-4.19.26/drivers/pci/pci.c linux-4.19.26_new/drivers/pci/pci.c |
|
32 |
-+++ linux-4.19.26_new/drivers/pci/pci.c 2019-03-05 07:47:24.981001824 +0530 |
|
33 |
-@@ -6115,6 +6115,8 @@ |
|
30 |
+diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c |
|
31 |
+index 61f2ef2..a97aa51 100644 |
|
32 |
+--- a/drivers/pci/pci.c |
|
33 |
+@@ -6136,6 +6136,8 @@ static int __init pci_setup(char *str) |
|
34 |
+ pci_add_flags(PCI_SCAN_ALL_PCIE_DEVS); |
|
34 | 35 |
} else if (!strncmp(str, "disable_acs_redir=", 18)) { |
35 |
- disable_acs_redir_param = |
|
36 |
- kstrdup(str + 18, GFP_KERNEL); |
|
36 |
+ disable_acs_redir_param = str + 18; |
|
37 | 37 |
+ } else if (!strncmp(str, "scan_all", 8)) { |
38 | 38 |
+ pci_scan_all(); |
39 | 39 |
} else { |
40 | 40 |
printk(KERN_ERR "PCI: Unknown option `%s'\n", |
41 | 41 |
str); |
42 |
-diff -ur linux-4.19.26/drivers/pci/pci.h linux-4.19.26_new/drivers/pci/pci.h |
|
43 |
-+++ linux-4.19.26_new/drivers/pci/pci.h 2019-03-05 07:47:24.981001824 +0530 |
|
44 |
-@@ -147,6 +147,8 @@ |
|
42 |
+diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h |
|
43 |
+index ab25752f..8b37f8a 100644 |
|
44 |
+--- a/drivers/pci/pci.h |
|
45 |
+@@ -147,6 +147,8 @@ void pci_no_msi(void); |
|
45 | 46 |
static inline void pci_no_msi(void) { } |
46 | 47 |
#endif |
47 | 48 |
|
... | ... |
@@ -52,10 +53,11 @@ diff -ur linux-4.19.26/drivers/pci/pci.h linux-4.19.26_new/drivers/pci/pci.h |
52 | 52 |
static inline void pci_msi_set_enable(struct pci_dev *dev, int enable) |
53 | 53 |
{ |
54 | 54 |
u16 control; |
55 |
-diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
|
56 |
-+++ linux-4.19.26_new/drivers/pci/probe.c 2019-03-05 07:47:24.997001823 +0530 |
|
57 |
-@@ -168,6 +168,346 @@ |
|
55 |
+diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c |
|
56 |
+index fa4c386..9a3957a 100644 |
|
57 |
+--- a/drivers/pci/probe.c |
|
58 |
+@@ -168,6 +168,346 @@ static inline unsigned long decode_bar(struct pci_dev *dev, u32 bar) |
|
58 | 59 |
|
59 | 60 |
#define PCI_COMMAND_DECODE_ENABLE (PCI_COMMAND_MEMORY | PCI_COMMAND_IO) |
60 | 61 |
|
... | ... |
@@ -402,7 +404,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
402 | 402 |
/** |
403 | 403 |
* pci_read_base - Read a PCI BAR |
404 | 404 |
* @dev: the PCI device |
405 |
-@@ -180,13 +520,20 @@ |
|
405 |
+@@ -180,13 +520,20 @@ static inline unsigned long decode_bar(struct pci_dev *dev, u32 bar) |
|
406 | 406 |
int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, |
407 | 407 |
struct resource *res, unsigned int pos) |
408 | 408 |
{ |
... | ... |
@@ -424,7 +426,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
424 | 424 |
/* No printks while decoding is disabled! */ |
425 | 425 |
if (!dev->mmio_always_on) { |
426 | 426 |
pci_read_config_word(dev, PCI_COMMAND, &orig_cmd); |
427 |
-@@ -196,7 +543,6 @@ |
|
427 |
+@@ -196,7 +543,6 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, |
|
428 | 428 |
} |
429 | 429 |
} |
430 | 430 |
|
... | ... |
@@ -432,7 +434,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
432 | 432 |
|
433 | 433 |
pci_read_config_dword(dev, pos, &l); |
434 | 434 |
pci_write_config_dword(dev, pos, l | mask); |
435 |
-@@ -212,6 +558,11 @@ |
|
435 |
+@@ -212,6 +558,11 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, |
|
436 | 436 |
if (sz == 0xffffffff) |
437 | 437 |
sz = 0; |
438 | 438 |
|
... | ... |
@@ -444,7 +446,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
444 | 444 |
/* |
445 | 445 |
* I don't know how l can have all bits set. Copied from old code. |
446 | 446 |
* Maybe it fixes a bug on some ancient platform. |
447 |
-@@ -316,8 +667,19 @@ |
|
447 |
+@@ -316,8 +667,19 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, |
|
448 | 448 |
fail: |
449 | 449 |
res->flags = 0; |
450 | 450 |
out: |
... | ... |
@@ -465,7 +467,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
465 | 465 |
|
466 | 466 |
return (res->flags & IORESOURCE_MEM_64) ? 1 : 0; |
467 | 467 |
} |
468 |
-@@ -1646,7 +2008,13 @@ |
|
468 |
+@@ -1651,7 +2013,13 @@ int pci_setup_device(struct pci_dev *dev) |
|
469 | 469 |
if (class == PCI_CLASS_BRIDGE_PCI) |
470 | 470 |
goto bad; |
471 | 471 |
pci_read_irq(dev); |
... | ... |
@@ -480,3 +482,6 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c |
480 | 480 |
|
481 | 481 |
pci_subsystem_ids(dev, &dev->subsystem_vendor, &dev->subsystem_device); |
482 | 482 |
|
483 |
+-- |
|
484 |
+2.7.4 |
|
485 |
+ |
... | ... |
@@ -449,7 +449,7 @@ index 0487e6a..76529de 100644 |
449 | 449 |
+ if (!info->nr_rings || !blkfront_use_blk_mq) |
450 | 450 |
info->nr_rings = 1; |
451 | 451 |
|
452 |
- info->rinfo = kcalloc(info->nr_rings, |
|
452 |
+ info->rinfo = kvcalloc(info->nr_rings, |
|
453 | 453 |
@@ -1955,7 +2090,8 @@ static int negotiate_mq(struct blkfront_info *info) |
454 | 454 |
INIT_LIST_HEAD(&rinfo->grants); |
455 | 455 |
rinfo->dev_info = info; |
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
# |
2 | 2 |
# Automatically generated file; DO NOT EDIT. |
3 |
-# Linux/arm64 4.19.32 Kernel Configuration |
|
3 |
+# Linux/arm64 4.19.52 Kernel Configuration |
|
4 | 4 |
# |
5 | 5 |
|
6 | 6 |
# |
... | ... |
@@ -9,6 +9,7 @@ |
9 | 9 |
CONFIG_CC_IS_GCC=y |
10 | 10 |
CONFIG_GCC_VERSION=70300 |
11 | 11 |
CONFIG_CLANG_VERSION=0 |
12 |
+CONFIG_CC_HAS_ASM_GOTO=y |
|
12 | 13 |
CONFIG_IRQ_WORK=y |
13 | 14 |
CONFIG_BUILDTIME_EXTABLE_SORT=y |
14 | 15 |
CONFIG_THREAD_INFO_IN_TASK=y |
... | ... |
@@ -372,6 +373,7 @@ CONFIG_ARM64_ERRATUM_832075=y |
372 | 372 |
CONFIG_ARM64_ERRATUM_845719=y |
373 | 373 |
CONFIG_ARM64_ERRATUM_843419=y |
374 | 374 |
CONFIG_ARM64_ERRATUM_1024718=y |
375 |
+CONFIG_ARM64_ERRATUM_1463225=y |
|
375 | 376 |
CONFIG_CAVIUM_ERRATUM_22375=y |
376 | 377 |
CONFIG_CAVIUM_ERRATUM_23144=y |
377 | 378 |
CONFIG_CAVIUM_ERRATUM_23154=y |
... | ... |
@@ -5676,7 +5678,6 @@ CONFIG_CIFS_STATS2=y |
5676 | 5676 |
# CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set |
5677 | 5677 |
CONFIG_CIFS_UPCALL=y |
5678 | 5678 |
CONFIG_CIFS_XATTR=y |
5679 |
-CONFIG_CIFS_POSIX=y |
|
5680 | 5679 |
CONFIG_CIFS_ACL=y |
5681 | 5680 |
CONFIG_CIFS_DEBUG=y |
5682 | 5681 |
# CONFIG_CIFS_DEBUG2 is not set |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-aws |
4 |
-Version: 4.19.40 |
|
5 |
-Release: 3%{?kat_build:.%kat_build}%{?dist} |
|
4 |
+Version: 4.19.52 |
|
5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958 |
|
12 |
+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248 |
|
13 | 13 |
Source1: config-aws |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
Source3: update_photon_cfg.postun |
... | ... |
@@ -37,6 +37,20 @@ Patch30: 4.17-0002-apparmor-af_unix-mediation.patch |
37 | 37 |
Patch31: 4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch |
38 | 38 |
# RDRAND-based RNG driver to enhance the kernel's entropy pool: |
39 | 39 |
Patch32: 4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch |
40 |
+# Fix for CVE-2019-12456 |
|
41 |
+Patch33: 0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch |
|
42 |
+# Fix for CVE-2019-12379 |
|
43 |
+Patch34: 0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch |
|
44 |
+# Fix for CVE-2019-12380 |
|
45 |
+Patch35: 0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch |
|
46 |
+# Fix for CVE-2019-12381 |
|
47 |
+Patch36: 0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch |
|
48 |
+# Fix for CVE-2019-12382 |
|
49 |
+Patch37: 0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch |
|
50 |
+# Fix for CVE-2019-12378 |
|
51 |
+Patch38: 0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch |
|
52 |
+# Fix for CVE-2019-12455 |
|
53 |
+Patch39: 0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch |
|
40 | 54 |
|
41 | 55 |
# Amazon AWS |
42 | 56 |
Patch101: 0002-watchdog-Disable-watchdog-on-virtual-machines.patch |
... | ... |
@@ -155,6 +169,13 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
155 | 155 |
%patch30 -p1 |
156 | 156 |
%patch31 -p1 |
157 | 157 |
%patch32 -p1 |
158 |
+%patch33 -p1 |
|
159 |
+%patch34 -p1 |
|
160 |
+%patch35 -p1 |
|
161 |
+%patch36 -p1 |
|
162 |
+%patch37 -p1 |
|
163 |
+%patch38 -p1 |
|
164 |
+%patch39 -p1 |
|
158 | 165 |
|
159 | 166 |
%patch101 -p1 |
160 | 167 |
%patch102 -p1 |
... | ... |
@@ -360,6 +381,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
360 | 360 |
%{_libdir}/perf/include/bpf/* |
361 | 361 |
|
362 | 362 |
%changelog |
363 |
+* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1 |
|
364 |
+- Update to version 4.19.52 |
|
365 |
+- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, |
|
366 |
+- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 |
|
363 | 367 |
* Thu May 23 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.40-3 |
364 | 368 |
- Fix CVE-2019-11191 by deprecating a.out file format support. |
365 | 369 |
* Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2 |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.19.40 |
|
5 |
-Release: 2%{?dist} |
|
4 |
+Version: 4.19.52 |
|
5 |
+Release: 1%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958 |
|
12 |
+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248 |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
Source3: update_photon_cfg.postun |
... | ... |
@@ -32,6 +32,7 @@ Patch17: 04-quiet-boot.patch |
32 | 32 |
Patch18: 05-pv-ops-clocksource.patch |
33 | 33 |
Patch19: 06-pv-ops-boot_clock.patch |
34 | 34 |
Patch20: 07-vmware-only.patch |
35 |
+ |
|
35 | 36 |
Patch22: 4.18-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch |
36 | 37 |
# Fix CVE-2017-1000252 |
37 | 38 |
Patch24: kvm-dont-accept-wrong-gsi-values.patch |
... | ... |
@@ -41,6 +42,20 @@ Patch25: 4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.p |
41 | 41 |
Patch26: 4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch |
42 | 42 |
Patch27: 4.17-0002-apparmor-af_unix-mediation.patch |
43 | 43 |
Patch28: 4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch |
44 |
+# Fix for CVE-2019-12456 |
|
45 |
+Patch29: 0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch |
|
46 |
+# Fix for CVE-2019-12379 |
|
47 |
+Patch30: 0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch |
|
48 |
+# Fix for CVE-2019-12380 |
|
49 |
+Patch31: 0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch |
|
50 |
+# Fix for CVE-2019-12381 |
|
51 |
+Patch32: 0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch |
|
52 |
+# Fix for CVE-2019-12382 |
|
53 |
+Patch33: 0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch |
|
54 |
+# Fix for CVE-2019-12378 |
|
55 |
+Patch34: 0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch |
|
56 |
+# Fix for CVE-2019-12455 |
|
57 |
+Patch35: 0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch |
|
44 | 58 |
|
45 | 59 |
BuildArch: x86_64 |
46 | 60 |
BuildRequires: bc |
... | ... |
@@ -100,6 +115,13 @@ The Linux package contains the Linux kernel doc files |
100 | 100 |
%patch26 -p1 |
101 | 101 |
%patch27 -p1 |
102 | 102 |
%patch28 -p1 |
103 |
+%patch29 -p1 |
|
104 |
+%patch30 -p1 |
|
105 |
+%patch31 -p1 |
|
106 |
+%patch32 -p1 |
|
107 |
+%patch33 -p1 |
|
108 |
+%patch34 -p1 |
|
109 |
+%patch35 -p1 |
|
103 | 110 |
|
104 | 111 |
%build |
105 | 112 |
# patch vmw_balloon driver |
... | ... |
@@ -197,6 +219,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
197 | 197 |
/usr/src/linux-headers-%{uname_r} |
198 | 198 |
|
199 | 199 |
%changelog |
200 |
+* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1 |
|
201 |
+- Update to version 4.19.52 |
|
202 |
+- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, |
|
203 |
+- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 |
|
200 | 204 |
* Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2 |
201 | 205 |
- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if |
202 | 206 |
- mulitple kernels are installed and current linux kernel is removed. |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 |
-Version: 4.19.40 |
|
5 |
-Release: 3%{?kat_build:.%kat_build}%{?dist} |
|
4 |
+Version: 4.19.52 |
|
5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958 |
|
12 |
+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248 |
|
13 | 13 |
Source1: config-secure |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
Source3: update_photon_cfg.postun |
... | ... |
@@ -40,6 +40,20 @@ Patch33: 4.17-0002-apparmor-af_unix-mediation.patch |
40 | 40 |
Patch34: 4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch |
41 | 41 |
# RDRAND-based RNG driver to enhance the kernel's entropy pool: |
42 | 42 |
Patch35: 4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch |
43 |
+# Fix for CVE-2019-12456 |
|
44 |
+Patch36: 0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch |
|
45 |
+# Fix for CVE-2019-12379 |
|
46 |
+Patch37: 0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch |
|
47 |
+# Fix for CVE-2019-12380 |
|
48 |
+Patch38: 0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch |
|
49 |
+# Fix for CVE-2019-12381 |
|
50 |
+Patch39: 0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch |
|
51 |
+# Fix for CVE-2019-12382 |
|
52 |
+Patch40: 0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch |
|
53 |
+# Fix for CVE-2019-12378 |
|
54 |
+Patch41: 0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch |
|
55 |
+# Fix for CVE-2019-12455 |
|
56 |
+Patch42: 0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch |
|
43 | 57 |
|
44 | 58 |
# NSX requirements (should be removed) |
45 | 59 |
Patch99: LKCM.patch |
... | ... |
@@ -111,6 +125,13 @@ The Linux package contains the Linux kernel doc files |
111 | 111 |
%patch33 -p1 |
112 | 112 |
%patch34 -p1 |
113 | 113 |
%patch35 -p1 |
114 |
+%patch36 -p1 |
|
115 |
+%patch37 -p1 |
|
116 |
+%patch38 -p1 |
|
117 |
+%patch39 -p1 |
|
118 |
+%patch40 -p1 |
|
119 |
+%patch41 -p1 |
|
120 |
+%patch42 -p1 |
|
114 | 121 |
|
115 | 122 |
pushd .. |
116 | 123 |
%patch99 -p0 |
... | ... |
@@ -239,6 +260,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
239 | 239 |
/usr/src/linux-headers-%{uname_r} |
240 | 240 |
|
241 | 241 |
%changelog |
242 |
+* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1 |
|
243 |
+- Update to version 4.19.52 |
|
244 |
+- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, |
|
245 |
+- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 |
|
242 | 246 |
* Tue May 28 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.40-3 |
243 | 247 |
- Change default I/O scheduler to 'deadline' to fix performance issue. |
244 | 248 |
* Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2 |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.19.40 |
|
5 |
-Release: 3%{?kat_build:.%kat_build}%{?dist} |
|
4 |
+Version: 4.19.52 |
|
5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958 |
|
12 |
+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248 |
|
13 | 13 |
Source1: config |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
%define ena_version 1.6.0 |
... | ... |
@@ -45,6 +45,20 @@ Patch30: 4.17-0002-apparmor-af_unix-mediation.patch |
45 | 45 |
Patch31: 4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch |
46 | 46 |
# RDRAND-based RNG driver to enhance the kernel's entropy pool: |
47 | 47 |
Patch32: 4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch |
48 |
+# Fix for CVE-2019-12456 |
|
49 |
+Patch33: 0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch |
|
50 |
+# Fix for CVE-2019-12379 |
|
51 |
+Patch34: 0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch |
|
52 |
+# Fix for CVE-2019-12380 |
|
53 |
+Patch35: 0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch |
|
54 |
+# Fix for CVE-2019-12381 |
|
55 |
+Patch36: 0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch |
|
56 |
+# Fix for CVE-2019-12382 |
|
57 |
+Patch37: 0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch |
|
58 |
+# Fix for CVE-2019-12378 |
|
59 |
+Patch38: 0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch |
|
60 |
+# Fix for CVE-2019-12455 |
|
61 |
+Patch39: 0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch |
|
48 | 62 |
|
49 | 63 |
%ifarch aarch64 |
50 | 64 |
# NXP LS1012a FRWY patches |
... | ... |
@@ -183,6 +197,13 @@ Kernel Device Tree Blob files for NXP ls1012a FRWY board |
183 | 183 |
%patch30 -p1 |
184 | 184 |
%patch31 -p1 |
185 | 185 |
%patch32 -p1 |
186 |
+%patch33 -p1 |
|
187 |
+%patch34 -p1 |
|
188 |
+%patch35 -p1 |
|
189 |
+%patch36 -p1 |
|
190 |
+%patch37 -p1 |
|
191 |
+%patch38 -p1 |
|
192 |
+%patch39 -p1 |
|
186 | 193 |
|
187 | 194 |
%ifarch aarch64 |
188 | 195 |
# NXP FSL_PPFE Driver patches |
... | ... |
@@ -442,6 +463,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
442 | 442 |
%endif |
443 | 443 |
|
444 | 444 |
%changelog |
445 |
+* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1 |
|
446 |
+- Update to version 4.19.52 |
|
447 |
+- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, |
|
448 |
+- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 |
|
445 | 449 |
* Tue May 28 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.40-3 |
446 | 450 |
- Change default I/O scheduler to 'deadline' to fix performance issue. |
447 | 451 |
* Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2 |