Browse code
Kernel: update to 4.9.120 for l1tf fixes
Linux Documentation:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/Documentation/l1tf.rst?h=linux-4.9.y
Change-Id: I2281dd1b2a079ee24678d5ff962f32cda5f8676c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5506
Reviewed-by: Sharath George
Tested-by: Sharath George
Bo Gan authored on 2018/08/17 17:45:06Showing 11 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/0001-fork-unconditionally-clear-stack-on-fork.patch
- SPECS/linux/0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch
- SPECS/linux/config
- SPECS/linux/config-aws
- SPECS/linux/config-esx
- SPECS/linux/config-secure
- SPECS/linux/linux-aws.spec
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.9.118 |
|
| 3 |
+Version: 4.9.120 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=1f441c2113d0b7bba57dd8f6e5f5db07d222d47b |
|
| 11 |
+%define sha1 linux=66f5b1a840e64ecf7fbc676abce9c9c40c21aec7 |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
Patch0: Implement-the-f-xattrat-family-of-functions.patch |
| 14 | 14 |
%description |
| ... | ... |
@@ -27,6 +27,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 27 | 27 |
%defattr(-,root,root) |
| 28 | 28 |
%{_includedir}/*
|
| 29 | 29 |
%changelog |
| 30 |
+* Fri Aug 17 2018 Bo Gan <ganb@vmware.com> 4.9.120-1 |
|
| 31 |
+- Update to version 4.9.120 |
|
| 30 | 32 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| 31 | 33 |
- Update to version 4.9.118 |
| 32 | 34 |
* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.116-1 |
| 33 | 35 |
deleted file mode 100644 |
| ... | ... |
@@ -1,88 +0,0 @@ |
| 1 |
-From 7debcc6438b4a0bdc9a7b509a751350dad883328 Mon Sep 17 00:00:00 2001 |
|
| 2 |
-From: Kees Cook <keescook@chromium.org> |
|
| 3 |
-Date: Fri, 20 Apr 2018 14:55:31 -0700 |
|
| 4 |
-Subject: [PATCH] fork: unconditionally clear stack on fork |
|
| 5 |
- |
|
| 6 |
-commit e01e80634ecdde1dd113ac43b3adad21b47f3957 upstream. |
|
| 7 |
- |
|
| 8 |
-One of the classes of kernel stack content leaks[1] is exposing the |
|
| 9 |
-contents of prior heap or stack contents when a new process stack is |
|
| 10 |
-allocated. Normally, those stacks are not zeroed, and the old contents |
|
| 11 |
-remain in place. In the face of stack content exposure flaws, those |
|
| 12 |
-contents can leak to userspace. |
|
| 13 |
- |
|
| 14 |
-Fixing this will make the kernel no longer vulnerable to these flaws, as |
|
| 15 |
-the stack will be wiped each time a stack is assigned to a new process. |
|
| 16 |
-There's not a meaningful change in runtime performance; it almost looks |
|
| 17 |
-like it provides a benefit. |
|
| 18 |
- |
|
| 19 |
-Performing back-to-back kernel builds before: |
|
| 20 |
- Run times: 157.86 157.09 158.90 160.94 160.80 |
|
| 21 |
- Mean: 159.12 |
|
| 22 |
- Std Dev: 1.54 |
|
| 23 |
- |
|
| 24 |
-and after: |
|
| 25 |
- Run times: 159.31 157.34 156.71 158.15 160.81 |
|
| 26 |
- Mean: 158.46 |
|
| 27 |
- Std Dev: 1.46 |
|
| 28 |
- |
|
| 29 |
-Instead of making this a build or runtime config, Andy Lutomirski |
|
| 30 |
-recommended this just be enabled by default. |
|
| 31 |
- |
|
| 32 |
-[1] A noisy search for many kinds of stack content leaks can be seen here: |
|
| 33 |
-https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel+stack+leak |
|
| 34 |
- |
|
| 35 |
-I did some more with perf and cycle counts on running 100,000 execs of |
|
| 36 |
-/bin/true. |
|
| 37 |
- |
|
| 38 |
-before: |
|
| 39 |
-Cycles: 218858861551 218853036130 214727610969 227656844122 224980542841 |
|
| 40 |
-Mean: 221015379122.60 |
|
| 41 |
-Std Dev: 4662486552.47 |
|
| 42 |
- |
|
| 43 |
-after: |
|
| 44 |
-Cycles: 213868945060 213119275204 211820169456 224426673259 225489986348 |
|
| 45 |
-Mean: 217745009865.40 |
|
| 46 |
-Std Dev: 5935559279.99 |
|
| 47 |
- |
|
| 48 |
-It continues to look like it's faster, though the deviation is rather |
|
| 49 |
-wide, but I'm not sure what I could do that would be less noisy. I'm |
|
| 50 |
-open to ideas! |
|
| 51 |
- |
|
| 52 |
-Link: http://lkml.kernel.org/r/20180221021659.GA37073@beast |
|
| 53 |
-Signed-off-by: Kees Cook <keescook@chromium.org> |
|
| 54 |
-Acked-by: Michal Hocko <mhocko@suse.com> |
|
| 55 |
-Reviewed-by: Andrew Morton <akpm@linux-foundation.org> |
|
| 56 |
-Cc: Andy Lutomirski <luto@kernel.org> |
|
| 57 |
-Cc: Laura Abbott <labbott@redhat.com> |
|
| 58 |
-Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> |
|
| 59 |
-Cc: Mel Gorman <mgorman@techsingularity.net> |
|
| 60 |
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
|
| 61 |
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
|
| 62 |
-[ Srivatsa: Backported to 4.9.y ] |
|
| 63 |
-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
| 64 |
- include/linux/thread_info.h | 7 +------ |
|
| 65 |
- 1 file changed, 1 insertion(+), 6 deletions(-) |
|
| 66 |
- |
|
| 67 |
-diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h |
|
| 68 |
-index 2873baf..5e64367 100644 |
|
| 69 |
-+++ b/include/linux/thread_info.h |
|
| 70 |
-@@ -59,12 +59,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); |
|
| 71 |
- |
|
| 72 |
- #ifdef __KERNEL__ |
|
| 73 |
- |
|
| 74 |
--#ifdef CONFIG_DEBUG_STACK_USAGE |
|
| 75 |
--# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | \ |
|
| 76 |
-- __GFP_ZERO) |
|
| 77 |
--#else |
|
| 78 |
--# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK) |
|
| 79 |
--#endif |
|
| 80 |
-+#define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | __GFP_ZERO) |
|
| 81 |
- |
|
| 82 |
- /* |
|
| 83 |
- * flag set/clear/test wrappers |
|
| 84 |
-2.7.4 |
|
| 85 |
- |
| 86 | 1 |
deleted file mode 100644 |
| ... | ... |
@@ -1,48 +0,0 @@ |
| 1 |
-commit 92d34134193e5b129dc24f8d79cb9196626e8d7a Mon Sep 17 00:00:00 2001 |
|
| 2 |
- |
|
| 3 |
-Author: Shankara Pailoor <shankarapailoor@gmail.com> |
|
| 4 |
-Date: Tue, 5 Jun 2018 08:33:27 -0500 |
|
| 5 |
-Subject: [PATCH] jfs: Fix inconsistency between memory allocation and |
|
| 6 |
- ea_buf->max_size |
|
| 7 |
- |
|
| 8 |
-The code is assuming the buffer is max_size length, but we weren't |
|
| 9 |
-allocating enough space for it. |
|
| 10 |
- |
|
| 11 |
-Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com> |
|
| 12 |
-Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> |
|
| 13 |
- |
|
| 14 |
-[ Srinidhi Rao : Backported this change to 4.9 ] |
|
| 15 |
-Signed-off-by: srinidhira0 <srinidhir@vmware.com> |
|
| 16 |
- fs/jfs/xattr.c | 10 ++++++---- |
|
| 17 |
- 1 file changed, 6 insertions(+), 4 deletions(-) |
|
| 18 |
- |
|
| 19 |
-diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c |
|
| 20 |
-index c60f3d3..a679798 100644 |
|
| 21 |
-+++ b/fs/jfs/xattr.c |
|
| 22 |
-@@ -491,15 +491,17 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) |
|
| 23 |
- if (size > PSIZE) {
|
|
| 24 |
- /* |
|
| 25 |
- * To keep the rest of the code simple. Allocate a |
|
| 26 |
-- * contiguous buffer to work with |
|
| 27 |
-+ * contiguous buffer to work with. Make the buffer large |
|
| 28 |
-+ * enough to make use of the whole extent. |
|
| 29 |
- */ |
|
| 30 |
-- ea_buf->xattr = kmalloc(size, GFP_KERNEL); |
|
| 31 |
-+ ea_buf->max_size = (size + sb->s_blocksize - 1) & |
|
| 32 |
-+ ~(sb->s_blocksize - 1); |
|
| 33 |
-+ |
|
| 34 |
-+ ea_buf->xattr = kmalloc(ea_buf->max_size, GFP_KERNEL); |
|
| 35 |
- if (ea_buf->xattr == NULL) |
|
| 36 |
- return -ENOMEM; |
|
| 37 |
- |
|
| 38 |
- ea_buf->flag = EA_MALLOC; |
|
| 39 |
-- ea_buf->max_size = (size + sb->s_blocksize - 1) & |
|
| 40 |
-- ~(sb->s_blocksize - 1); |
|
| 41 |
- |
|
| 42 |
- if (ea_size == 0) |
|
| 43 |
- return 0; |
|
| 44 |
-2.7.4 |
|
| 45 |
- |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
# |
| 2 | 2 |
# Automatically generated file; DO NOT EDIT. |
| 3 |
-# Linux/x86 4.9.111 Kernel Configuration |
|
| 3 |
+# Linux/x86 4.9.120 Kernel Configuration |
|
| 4 | 4 |
# |
| 5 | 5 |
CONFIG_64BIT=y |
| 6 | 6 |
CONFIG_X86_64=y |
| ... | ... |
@@ -243,6 +243,7 @@ CONFIG_SYSTEM_DATA_VERIFICATION=y |
| 243 | 243 |
CONFIG_PROFILING=y |
| 244 | 244 |
CONFIG_TRACEPOINTS=y |
| 245 | 245 |
CONFIG_KEXEC_CORE=y |
| 246 |
+CONFIG_HOTPLUG_SMT=y |
|
| 246 | 247 |
CONFIG_OPROFILE=m |
| 247 | 248 |
CONFIG_OPROFILE_EVENT_MULTIPLEX=y |
| 248 | 249 |
CONFIG_HAVE_OPROFILE=y |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
# |
| 2 | 2 |
# Automatically generated file; DO NOT EDIT. |
| 3 |
-# Linux/x86 4.9.111 Kernel Configuration |
|
| 3 |
+# Linux/x86 4.9.120 Kernel Configuration |
|
| 4 | 4 |
# |
| 5 | 5 |
CONFIG_64BIT=y |
| 6 | 6 |
CONFIG_X86_64=y |
| ... | ... |
@@ -246,6 +246,7 @@ CONFIG_SYSTEM_DATA_VERIFICATION=y |
| 246 | 246 |
CONFIG_PROFILING=y |
| 247 | 247 |
CONFIG_TRACEPOINTS=y |
| 248 | 248 |
CONFIG_KEXEC_CORE=y |
| 249 |
+CONFIG_HOTPLUG_SMT=y |
|
| 249 | 250 |
CONFIG_OPROFILE=m |
| 250 | 251 |
CONFIG_OPROFILE_EVENT_MULTIPLEX=y |
| 251 | 252 |
CONFIG_HAVE_OPROFILE=y |
| ... | ... |
@@ -554,7 +555,6 @@ CONFIG_TRANSPARENT_HUGE_PAGECACHE=y |
| 554 | 554 |
CONFIG_CLEANCACHE=y |
| 555 | 555 |
CONFIG_FRONTSWAP=y |
| 556 | 556 |
# CONFIG_CMA is not set |
| 557 |
-CONFIG_MEM_SOFT_DIRTY=y |
|
| 558 | 557 |
CONFIG_ZSWAP=y |
| 559 | 558 |
CONFIG_ZPOOL=y |
| 560 | 559 |
CONFIG_ZBUD=m |
| ... | ... |
@@ -2368,7 +2368,7 @@ CONFIG_POWER_SUPPLY=y |
| 2368 | 2368 |
# CONFIG_CHARGER_BQ2415X is not set |
| 2369 | 2369 |
# CONFIG_CHARGER_SMB347 is not set |
| 2370 | 2370 |
# CONFIG_BATTERY_GAUGE_LTC2941 is not set |
| 2371 |
-CONFIG_HWMON=m |
|
| 2371 |
+CONFIG_HWMON=y |
|
| 2372 | 2372 |
# CONFIG_HWMON_VID is not set |
| 2373 | 2373 |
# CONFIG_HWMON_DEBUG_CHIP is not set |
| 2374 | 2374 |
|
| ... | ... |
@@ -3295,7 +3295,6 @@ CONFIG_MXM_WMI=m |
| 3295 | 3295 |
# Clock Source drivers |
| 3296 | 3296 |
# |
| 3297 | 3297 |
CONFIG_CLKEVT_I8253=y |
| 3298 |
-CONFIG_I8253_LOCK=y |
|
| 3299 | 3298 |
CONFIG_CLKBLD_I8253=y |
| 3300 | 3299 |
# CONFIG_ATMEL_PIT is not set |
| 3301 | 3300 |
# CONFIG_SH_TIMER_CMT is not set |
| ... | ... |
@@ -3421,7 +3420,7 @@ CONFIG_EXT4_FS_SECURITY=y |
| 3421 | 3421 |
CONFIG_EXT4_DEBUG=y |
| 3422 | 3422 |
CONFIG_JBD2=y |
| 3423 | 3423 |
CONFIG_JBD2_DEBUG=y |
| 3424 |
-CONFIG_FS_MBCACHE=m |
|
| 3424 |
+CONFIG_FS_MBCACHE=y |
|
| 3425 | 3425 |
# CONFIG_REISERFS_FS is not set |
| 3426 | 3426 |
CONFIG_JFS_FS=m |
| 3427 | 3427 |
CONFIG_JFS_POSIX_ACL=y |
| ... | ... |
@@ -4219,7 +4218,7 @@ CONFIG_GENERIC_IO=y |
| 4219 | 4219 |
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y |
| 4220 | 4220 |
CONFIG_ARCH_HAS_FAST_MULTIPLIER=y |
| 4221 | 4221 |
CONFIG_CRC_CCITT=m |
| 4222 |
-CONFIG_CRC16=m |
|
| 4222 |
+CONFIG_CRC16=y |
|
| 4223 | 4223 |
CONFIG_CRC_T10DIF=y |
| 4224 | 4224 |
CONFIG_CRC_ITU_T=m |
| 4225 | 4225 |
CONFIG_CRC32=y |
| ... | ... |
@@ -4265,6 +4264,7 @@ CONFIG_TEXTSEARCH=y |
| 4265 | 4265 |
CONFIG_TEXTSEARCH_KMP=m |
| 4266 | 4266 |
CONFIG_TEXTSEARCH_BM=m |
| 4267 | 4267 |
CONFIG_TEXTSEARCH_FSM=m |
| 4268 |
+CONFIG_INTERVAL_TREE=y |
|
| 4268 | 4269 |
CONFIG_RADIX_TREE_MULTIORDER=y |
| 4269 | 4270 |
CONFIG_ASSOCIATIVE_ARRAY=y |
| 4270 | 4271 |
CONFIG_HAS_IOMEM=y |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
# |
| 2 | 2 |
# Automatically generated file; DO NOT EDIT. |
| 3 |
-# Linux/x86 4.9.109 Kernel Configuration |
|
| 3 |
+# Linux/x86 4.9.120 Kernel Configuration |
|
| 4 | 4 |
# |
| 5 | 5 |
CONFIG_64BIT=y |
| 6 | 6 |
CONFIG_X86_64=y |
| ... | ... |
@@ -238,6 +238,7 @@ CONFIG_SLAB=y |
| 238 | 238 |
# CONFIG_SLAB_FREELIST_RANDOM is not set |
| 239 | 239 |
CONFIG_SYSTEM_DATA_VERIFICATION=y |
| 240 | 240 |
# CONFIG_PROFILING is not set |
| 241 |
+CONFIG_HOTPLUG_SMT=y |
|
| 241 | 242 |
CONFIG_HAVE_OPROFILE=y |
| 242 | 243 |
CONFIG_OPROFILE_NMI_TIMER=y |
| 243 | 244 |
# CONFIG_KPROBES is not set |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
# |
| 2 | 2 |
# Automatically generated file; DO NOT EDIT. |
| 3 |
-# Linux/x86 4.9.78 Kernel Configuration |
|
| 3 |
+# Linux/x86 4.9.120 Kernel Configuration |
|
| 4 | 4 |
# |
| 5 | 5 |
CONFIG_64BIT=y |
| 6 | 6 |
CONFIG_X86_64=y |
| ... | ... |
@@ -242,6 +242,7 @@ CONFIG_SLUB_CPU_PARTIAL=y |
| 242 | 242 |
CONFIG_SYSTEM_DATA_VERIFICATION=y |
| 243 | 243 |
CONFIG_PROFILING=y |
| 244 | 244 |
CONFIG_TRACEPOINTS=y |
| 245 |
+CONFIG_HOTPLUG_SMT=y |
|
| 245 | 246 |
CONFIG_OPROFILE=m |
| 246 | 247 |
CONFIG_OPROFILE_EVENT_MULTIPLEX=y |
| 247 | 248 |
CONFIG_HAVE_OPROFILE=y |
| ... | ... |
@@ -494,7 +495,6 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y |
| 494 | 494 |
CONFIG_ARCH_SPARSEMEM_DEFAULT=y |
| 495 | 495 |
CONFIG_ARCH_SELECT_MEMORY_MODEL=y |
| 496 | 496 |
CONFIG_ARCH_MEMORY_PROBE=y |
| 497 |
-CONFIG_ARCH_PROC_KCORE_TEXT=y |
|
| 498 | 497 |
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 |
| 499 | 498 |
CONFIG_SELECT_MEMORY_MODEL=y |
| 500 | 499 |
CONFIG_SPARSEMEM_MANUAL=y |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-aws |
| 4 |
-Version: 4.9.118 |
|
| 5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 4 |
+Version: 4.9.120 |
|
| 5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=1f441c2113d0b7bba57dd8f6e5f5db07d222d47b |
|
| 12 |
+%define sha1 linux=66f5b1a840e64ecf7fbc676abce9c9c40c21aec7 |
|
| 13 | 13 |
Source1: config-aws |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -65,10 +65,6 @@ Patch45: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 65 | 65 |
Patch46: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 66 | 66 |
Patch47: 0002-xfs-verify-dinode-header-first.patch |
| 67 | 67 |
Patch48: 0003-xfs-enhance-dinode-verifier.patch |
| 68 |
-# Fix for CVE-2018-12233 |
|
| 69 |
-Patch49: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 70 |
- |
|
| 71 |
-Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
|
| 72 | 68 |
|
| 73 | 69 |
# Out-of-tree patches from AppArmor: |
| 74 | 70 |
Patch71: 0001-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch |
| ... | ... |
@@ -235,9 +231,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 235 | 235 |
%patch46 -p1 |
| 236 | 236 |
%patch47 -p1 |
| 237 | 237 |
%patch48 -p1 |
| 238 |
-%patch49 -p1 |
|
| 239 |
- |
|
| 240 |
-%patch70 -p1 |
|
| 241 | 238 |
|
| 242 | 239 |
%patch71 -p1 |
| 243 | 240 |
%patch72 -p1 |
| ... | ... |
@@ -447,6 +440,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 447 | 447 |
/usr/share/doc/* |
| 448 | 448 |
|
| 449 | 449 |
%changelog |
| 450 |
+* Fri Aug 17 2018 Bo Gan <ganb@vmware.com> 4.9.120-1 |
|
| 451 |
+- Update to version 4.9.120 (l1tf fixes) |
|
| 450 | 452 |
* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
| 451 | 453 |
- Fix CVE-2018-12233 |
| 452 | 454 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.9.118 |
|
| 5 |
-Release: 2%{?dist}
|
|
| 4 |
+Version: 4.9.120 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=1f441c2113d0b7bba57dd8f6e5f5db07d222d47b |
|
| 12 |
+%define sha1 linux=66f5b1a840e64ecf7fbc676abce9c9c40c21aec7 |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -62,10 +62,6 @@ Patch45: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 62 | 62 |
Patch46: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 63 | 63 |
Patch47: 0002-xfs-verify-dinode-header-first.patch |
| 64 | 64 |
Patch48: 0003-xfs-enhance-dinode-verifier.patch |
| 65 |
-# Fix for CVE-2018-12233 |
|
| 66 |
-Patch49: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 67 |
- |
|
| 68 |
-Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
|
| 69 | 65 |
|
| 70 | 66 |
|
| 71 | 67 |
BuildRequires: bc |
| ... | ... |
@@ -145,9 +141,7 @@ The Linux package contains the Linux kernel doc files |
| 145 | 145 |
%patch46 -p1 |
| 146 | 146 |
%patch47 -p1 |
| 147 | 147 |
%patch48 -p1 |
| 148 |
-%patch49 -p1 |
|
| 149 | 148 |
|
| 150 |
-%patch70 -p1 |
|
| 151 | 149 |
|
| 152 | 150 |
%build |
| 153 | 151 |
# patch vmw_balloon driver |
| ... | ... |
@@ -244,6 +238,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 244 | 244 |
/usr/src/linux-headers-%{uname_r}
|
| 245 | 245 |
|
| 246 | 246 |
%changelog |
| 247 |
+* Fri Aug 17 2018 Bo Gan <ganb@vmware.com> 4.9.120-1 |
|
| 248 |
+- Update to version 4.9.120 (l1tf fixes) |
|
| 247 | 249 |
* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
| 248 | 250 |
- Fix CVE-2018-12233 |
| 249 | 251 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 |
-Version: 4.9.118 |
|
| 5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 4 |
+Version: 4.9.120 |
|
| 5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=1f441c2113d0b7bba57dd8f6e5f5db07d222d47b |
|
| 12 |
+%define sha1 linux=66f5b1a840e64ecf7fbc676abce9c9c40c21aec7 |
|
| 13 | 13 |
Source1: config-secure |
| 14 | 14 |
Source2: aufs4.9.tar.gz |
| 15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
| ... | ... |
@@ -71,10 +71,7 @@ Patch47: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 71 | 71 |
Patch48: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 72 | 72 |
Patch49: 0002-xfs-verify-dinode-header-first.patch |
| 73 | 73 |
Patch50: 0003-xfs-enhance-dinode-verifier.patch |
| 74 |
-# Fix for CVE-2018-12233 |
|
| 75 |
-Patch51: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 76 | 74 |
|
| 77 |
-Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
|
| 78 | 75 |
|
| 79 | 76 |
# Out-of-tree patches from AppArmor: |
| 80 | 77 |
Patch71: 0001-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch |
| ... | ... |
@@ -201,9 +198,7 @@ EOF |
| 201 | 201 |
%patch48 -p1 |
| 202 | 202 |
%patch49 -p1 |
| 203 | 203 |
%patch50 -p1 |
| 204 |
-%patch51 -p1 |
|
| 205 | 204 |
|
| 206 |
-%patch70 -p1 |
|
| 207 | 205 |
|
| 208 | 206 |
%patch71 -p1 |
| 209 | 207 |
%patch72 -p1 |
| ... | ... |
@@ -339,6 +334,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 339 | 339 |
/usr/src/linux-headers-%{uname_r}
|
| 340 | 340 |
|
| 341 | 341 |
%changelog |
| 342 |
+* Fri Aug 17 2018 Bo Gan <ganb@vmware.com> 4.9.120-1 |
|
| 343 |
+- Update to version 4.9.120 (l1tf fixes) |
|
| 342 | 344 |
* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
| 343 | 345 |
- Fix CVE-2018-12233 |
| 344 | 346 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.9.118 |
|
| 5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 4 |
+Version: 4.9.120 |
|
| 5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=1f441c2113d0b7bba57dd8f6e5f5db07d222d47b |
|
| 12 |
+%define sha1 linux=66f5b1a840e64ecf7fbc676abce9c9c40c21aec7 |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
%define ena_version 1.1.3 |
| ... | ... |
@@ -70,10 +70,6 @@ Patch45: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 70 | 70 |
Patch46: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 71 | 71 |
Patch47: 0002-xfs-verify-dinode-header-first.patch |
| 72 | 72 |
Patch48: 0003-xfs-enhance-dinode-verifier.patch |
| 73 |
-# Fix for CVE-2018-12233 |
|
| 74 |
-Patch49: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 75 |
- |
|
| 76 |
-Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
|
| 77 | 73 |
|
| 78 | 74 |
# Out-of-tree patches from AppArmor: |
| 79 | 75 |
Patch71: 0001-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch |
| ... | ... |
@@ -193,9 +189,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 193 | 193 |
%patch46 -p1 |
| 194 | 194 |
%patch47 -p1 |
| 195 | 195 |
%patch48 -p1 |
| 196 |
-%patch49 -p1 |
|
| 197 |
- |
|
| 198 |
-%patch70 -p1 |
|
| 199 | 196 |
|
| 200 | 197 |
%patch71 -p1 |
| 201 | 198 |
%patch72 -p1 |
| ... | ... |
@@ -370,6 +363,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 370 | 370 |
/usr/share/doc/* |
| 371 | 371 |
|
| 372 | 372 |
%changelog |
| 373 |
+* Fri Aug 17 2018 Bo Gan <ganb@vmware.com> 4.9.120-1 |
|
| 374 |
+- Update to version 4.9.120 (l1tf fixes) |
|
| 373 | 375 |
* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
| 374 | 376 |
- Fix CVE-2018-12233 |
| 375 | 377 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |