@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.4.74

+Version:	4.4.81

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=80b338e4442f57563dceb71be4acc1f5a5c234a0

+%define sha1 linux=b13679a3a9fc9f38c67bdbe321b426e3f19373ad

 BuildArch:	noarch

 %description

 The Linux API Headers expose the kernel's API for use by Glibc.

@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Fri Aug 11 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.81-1

+-   Version update

 *   Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.74-1

 -   Update version

 *   Wed Jun 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.71-1

deleted file mode 100644

@@ -1,51 +0,0 @@

-From 6399f1fae4ec29fab5ec76070435555e256ca3a6 Mon Sep 17 00:00:00 2001

-From: Sabrina Dubroca <sd@queasysnail.net>

-Date: Wed, 19 Jul 2017 22:28:55 +0200

-Subject: [PATCH] ipv6: avoid overflow of offset in ip6_find_1stfragopt

-

-In some cases, offset can overflow and can cause an infinite loop in

-ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and

-cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.

-

-This problem has been here since before the beginning of git history.

-

-Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>

-Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

-Signed-off-by: David S. Miller <davem@davemloft.net>

- net/ipv6/output_core.c | 8 ++++++--

- 1 file changed, 6 insertions(+), 2 deletions(-)

-

-diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c

-index e9065b8d3af85..abb2c307fbe83 100644

-+++ b/net/ipv6/output_core.c

-@@ -78,7 +78,7 @@ EXPORT_SYMBOL(ipv6_select_ident);

- 

- int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)

- {

--	u16 offset = sizeof(struct ipv6hdr);

-+	unsigned int offset = sizeof(struct ipv6hdr);

- 	unsigned int packet_len = skb_tail_pointer(skb) -

- 		skb_network_header(skb);

- 	int found_rhdr = 0;

-@@ -86,6 +86,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)

- 

- 	while (offset <= packet_len) {

- 		struct ipv6_opt_hdr *exthdr;

-+		unsigned int len;

- 

- 		switch (**nexthdr) {

- 

-@@ -111,7 +112,10 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)

- 

- 		exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +

- 						 offset);

--		offset += ipv6_optlen(exthdr);

-+		len = ipv6_optlen(exthdr);

-+		if (len + offset >= IPV6_MAXPLEN)

-+			return -EINVAL;

-+		offset += len;

- 		*nexthdr = &exthdr->nexthdr;

- 	}

- 

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:       Kernel

 Name:          linux-esx

-Version:       4.4.79

-Release:       2%{?dist}

+Version:       4.4.81

+Release:       1%{?dist}

 License:       GPLv2

 URL:           http://www.kernel.org/

 Group:         System Environment/Kernel

 Vendor:        VMware, Inc.

 Distribution:  Photon

 Source0:       http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=5b249aa3410b464515178df8f9a1ff0e3ba3f67e

+%define sha1 linux=b13679a3a9fc9f38c67bdbe321b426e3f19373ad

 Source1:       config-esx

 Patch0:        double-tcp_mem-limits.patch

 Patch1:        linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch

@@ -35,8 +35,6 @@ Patch20:       vmci-1.1.4.0-use-32bit-atomics-for-queue-headers.patch

 Patch21:       vmci-1.1.5.0-doorbell-create-and-destroy-fixes.patch

 Patch22:       net-9p-vsock.patch

 Patch23:       p9fs_dir_readdir-offset-support.patch

-# Fix CVE-2017-7542

-Patch24:        ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch

 BuildRequires: bc

 BuildRequires: kbd

@@ -97,7 +95,6 @@ The Linux package contains the Linux kernel doc files

 %patch21 -p1

 %patch22 -p1

 %patch23 -p1

-%patch24 -p1

 %build

 # patch vmw_balloon driver

@@ -186,6 +183,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Fri Aug 11 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.81-1

+-   Version update

 *   Tue Aug 08 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.79-2

 -   [bugfix] Do not fallback to syscall from VDSO on clock_gettime(MONOTONIC)

 -   Fix CVE-2017-7542

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:    	4.4.79

-Release:    	2%{?dist}

+Version:    	4.4.81

+Release:    	1%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz

-%define sha1 linux=5b249aa3410b464515178df8f9a1ff0e3ba3f67e

+%define sha1 linux=b13679a3a9fc9f38c67bdbe321b426e3f19373ad

 Source1:	config

 %define ena_version 1.1.3

 Source2:    	https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz

@@ -38,8 +38,6 @@ Patch17:        0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch

 Patch18:        0002-allow-also-ecb-cipher_null.patch

 # Fix CVE-2017-10911

 Patch19:        xen-blkback-dont-leak-stack-data-via-response-ring.patch

-# Fix CVE-2017-7542

-Patch20:        ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch

 BuildRequires:  bc

 BuildRequires:  kbd

@@ -130,7 +128,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch17 -p1

 %patch18 -p1

 %patch19 -p1

-%patch20 -p1

 %build

 make mrproper

@@ -283,6 +280,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/perf-core

 %changelog

+*   Fri Aug 11 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.81-1

+-   Version update

 *   Tue Aug 08 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.79-2

 -   Fix CVE-2017-10911, CVE-2017-7542

 -   [bugfix] Added ccm,gcm,ghash,zlib,lzo crypto modules to avoid

new file mode 100755

@@ -0,0 +1,18 @@

+#! /bin/sh

+

+specs="linux-api-headers/linux-api-headers.spec linux/linux.spec linux/linux-esx.spec"

+

+tarball_url=`curl -s https://www.kernel.org  | grep -Eo 'https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.[0-9]*.tar.xz'`

+tarball=$(basename $tarball_url)

+version=`echo $tarball | sed 's/linux-//; s/.tar.xz//'`

+echo latest linux version: $version

+test -f stage/SOURCES/$tarball && echo up to date && exit 0

+$(cd stage/SOURCES && wget $tarball_url)

+sha1=`sha1sum stage/SOURCES/$tarball | awk '{print $1}'`

+changelog_entry=$(echo "`date +"%a %b %d %Y"` `git config user.name` <`git config user.email`> $version-1")

+for spec in $specs; do

+	sed -i '/^Version:/ s/4.4.[0-9]*/'$version'/' SPECS/$spec

+	sed -i '/^Release:/ s/[0-9]*%/1%/' SPECS/$spec

+	sed -i '/^%define sha1 linux/ s/=[0-9a-f]*$/='$sha1'/' SPECS/$spec

+	sed -i '/^%changelog/a*   '"$changelog_entry"'\n-   Version update' SPECS/$spec

+done