Browse code
kernels: fix CVE-2017-1000364 ("stack clash")
Extras:
- 9P FS security support
- DM Delay target support
Change-Id: Ia90700a1d66854fbf4d24088fb5d06a92fb48e80
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3094
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
Alexey Makhalov authored on 2017/06/29 07:57:14Showing 7 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/config
- SPECS/linux/config-esx
- SPECS/linux/config-secure
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.9.30 |
|
| 3 |
+Version: 4.9.34 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=08d55d9392cf4b176ae17d07dbbb9a22abf0d7b2 |
|
| 11 |
+%define sha1 linux=d02dc269e67eae329043c9aa7d6c2d6182950c2f |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
%description |
| 14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
| ... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 25 | 25 |
%defattr(-,root,root) |
| 26 | 26 |
%{_includedir}/*
|
| 27 | 27 |
%changelog |
| 28 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.34-1 |
|
| 29 |
+- Version update |
|
| 28 | 30 |
* Fri May 26 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.30-1 |
| 29 | 31 |
- Version update |
| 30 | 32 |
* Tue May 16 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.28-1 |
| ... | ... |
@@ -1919,7 +1919,7 @@ CONFIG_DM_ZERO=m |
| 1919 | 1919 |
CONFIG_DM_MULTIPATH=m |
| 1920 | 1920 |
# CONFIG_DM_MULTIPATH_QL is not set |
| 1921 | 1921 |
# CONFIG_DM_MULTIPATH_ST is not set |
| 1922 |
-# CONFIG_DM_DELAY is not set |
|
| 1922 |
+CONFIG_DM_DELAY=m |
|
| 1923 | 1923 |
CONFIG_DM_UEVENT=y |
| 1924 | 1924 |
CONFIG_DM_FLAKEY=m |
| 1925 | 1925 |
CONFIG_DM_VERITY=m |
| ... | ... |
@@ -4108,7 +4108,7 @@ CONFIG_CIFS_SMB2=y |
| 4108 | 4108 |
CONFIG_9P_FS=m |
| 4109 | 4109 |
# CONFIG_9P_FSCACHE is not set |
| 4110 | 4110 |
CONFIG_9P_FS_POSIX_ACL=y |
| 4111 |
-# CONFIG_9P_FS_SECURITY is not set |
|
| 4111 |
+CONFIG_9P_FS_SECURITY=y |
|
| 4112 | 4112 |
CONFIG_NLS=y |
| 4113 | 4113 |
CONFIG_NLS_DEFAULT="utf8" |
| 4114 | 4114 |
CONFIG_NLS_CODEPAGE_437=y |
| ... | ... |
@@ -1570,7 +1570,7 @@ CONFIG_DM_MIRROR=m |
| 1570 | 1570 |
# CONFIG_DM_RAID is not set |
| 1571 | 1571 |
CONFIG_DM_ZERO=m |
| 1572 | 1572 |
# CONFIG_DM_MULTIPATH is not set |
| 1573 |
-# CONFIG_DM_DELAY is not set |
|
| 1573 |
+CONFIG_DM_DELAY=m |
|
| 1574 | 1574 |
CONFIG_DM_UEVENT=y |
| 1575 | 1575 |
# CONFIG_DM_FLAKEY is not set |
| 1576 | 1576 |
# CONFIG_DM_VERITY is not set |
| ... | ... |
@@ -1885,7 +1885,7 @@ CONFIG_DM_ZERO=m |
| 1885 | 1885 |
CONFIG_DM_MULTIPATH=m |
| 1886 | 1886 |
# CONFIG_DM_MULTIPATH_QL is not set |
| 1887 | 1887 |
# CONFIG_DM_MULTIPATH_ST is not set |
| 1888 |
-# CONFIG_DM_DELAY is not set |
|
| 1888 |
+CONFIG_DM_DELAY=m |
|
| 1889 | 1889 |
CONFIG_DM_UEVENT=y |
| 1890 | 1890 |
CONFIG_DM_FLAKEY=m |
| 1891 | 1891 |
CONFIG_DM_VERITY=m |
| ... | ... |
@@ -4033,7 +4033,7 @@ CONFIG_CIFS_SMB2=y |
| 4033 | 4033 |
CONFIG_9P_FS=m |
| 4034 | 4034 |
# CONFIG_9P_FSCACHE is not set |
| 4035 | 4035 |
CONFIG_9P_FS_POSIX_ACL=y |
| 4036 |
-# CONFIG_9P_FS_SECURITY is not set |
|
| 4036 |
+CONFIG_9P_FS_SECURITY=y |
|
| 4037 | 4037 |
CONFIG_NLS=y |
| 4038 | 4038 |
CONFIG_NLS_DEFAULT="utf8" |
| 4039 | 4039 |
CONFIG_NLS_CODEPAGE_437=y |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.9.31 |
|
| 4 |
+Version: 4.9.34 |
|
| 5 | 5 |
Release: 1%{?dist}
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56 |
|
| 12 |
+%define sha1 linux=d02dc269e67eae329043c9aa7d6c2d6182950c2f |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -189,6 +189,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 189 | 189 |
/usr/src/linux-headers-%{uname_r}
|
| 190 | 190 |
|
| 191 | 191 |
%changelog |
| 192 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.34-1 |
|
| 193 |
+- [feature] DM Delay target support |
|
| 194 |
+- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605
|
|
| 192 | 195 |
* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1 |
| 193 | 196 |
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
| 194 | 197 |
CVE-2017-9077 and CVE-2017-9242 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 |
-Version: 4.9.31 |
|
| 4 |
+Version: 4.9.34 |
|
| 5 | 5 |
Release: 1%{?dist}
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56 |
|
| 12 |
+%define sha1 linux=d02dc269e67eae329043c9aa7d6c2d6182950c2f |
|
| 13 | 13 |
Source1: config-secure |
| 14 | 14 |
Source2: aufs4.9.tar.gz |
| 15 | 15 |
Source3: initramfs.trigger |
| ... | ... |
@@ -228,6 +228,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 228 | 228 |
/usr/src/linux-headers-%{uname_r}
|
| 229 | 229 |
|
| 230 | 230 |
%changelog |
| 231 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.34-1 |
|
| 232 |
+- [feature] 9P FS security support |
|
| 233 |
+- [feature] DM Delay target support |
|
| 234 |
+- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605
|
|
| 231 | 235 |
* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1 |
| 232 | 236 |
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
| 233 | 237 |
CVE-2017-9077 and CVE-2017-9242 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.9.31 |
|
| 4 |
+Version: 4.9.34 |
|
| 5 | 5 |
Release: 1%{?dist}
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=53e5a2409c713c3d6e8de2839e6cec9c2c5deb56 |
|
| 12 |
+%define sha1 linux=d02dc269e67eae329043c9aa7d6c2d6182950c2f |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
%define ena_version 1.1.3 |
| ... | ... |
@@ -267,6 +267,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 267 | 267 |
/usr/share/doc/* |
| 268 | 268 |
|
| 269 | 269 |
%changelog |
| 270 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.34-1 |
|
| 271 |
+- [feature] 9P FS security support |
|
| 272 |
+- [feature] DM Delay target support |
|
| 273 |
+- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605
|
|
| 270 | 274 |
* Thu Jun 8 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.31-1 |
| 271 | 275 |
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
| 272 | 276 |
CVE-2017-9077 and CVE-2017-9242 |