@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.4.115

+Version:	4.4.124

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=d8a244092f001d149bbe673bd5b685d204fcf298

+%define sha1 linux=d5241400e6e5ed97fbdba1f92cf62c0a4382a30a

 BuildArch:	noarch

 # From SPECS/linux and used by linux-esx only

 # It provides f*xattrat syscalls

@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1

+-   Update to version 4.4.124

 *   Mon Feb 05 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.115-1

 -   Update to version 4.4.115

 *   Wed Jan 31 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.114-1

deleted file mode 100644

@@ -1,37 +0,0 @@

-commit 69c64866ce072dea1d1e59a0d61e0f66c0dffb76

-Author: Mohamed Ghannam <simo.ghannam@gmail.com>

-Date:   Tue Dec 5 20:58:35 2017 +0000

-

-    dccp: CVE-2017-8824: use-after-free in DCCP code

-

-    Whenever the sock object is in DCCP_CLOSED state,

-    dccp_disconnect() must free dccps_hc_tx_ccid and

-    dccps_hc_rx_ccid and set to NULL.

-

-    Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>

-    Reviewed-by: Eric Dumazet <edumazet@google.com>

-    Signed-off-by: David S. Miller <davem@davemloft.net>

-

-diff --git a/net/dccp/proto.c b/net/dccp/proto.c

-index b68168f..9d43c1f 100644

-+++ b/net/dccp/proto.c

-@@ -259,6 +259,7 @@ int dccp_disconnect(struct sock *sk, int flags)

- {

- 	struct inet_connection_sock *icsk = inet_csk(sk);

- 	struct inet_sock *inet = inet_sk(sk);

-+	struct dccp_sock *dp = dccp_sk(sk);

- 	int err = 0;

- 	const int old_state = sk->sk_state;

- 

-@@ -278,6 +279,10 @@ int dccp_disconnect(struct sock *sk, int flags)

- 		sk->sk_err = ECONNRESET;

- 

- 	dccp_clear_xmit_timers(sk);

-+	ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);

-+	ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);

-+	dp->dccps_hc_rx_ccid = NULL;

-+	dp->dccps_hc_tx_ccid = NULL;

- 

- 	__skb_queue_purge(&sk->sk_receive_queue);

- 	__skb_queue_purge(&sk->sk_write_queue);

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:       Kernel

 Name:          linux-esx

-Version:       4.4.115

+Version:       4.4.124

 Release:       1%{?dist}

 License:       GPLv2

 URL:           http://www.kernel.org/

@@ -9,7 +9,7 @@ Group:         System Environment/Kernel

 Vendor:        VMware, Inc.

 Distribution:  Photon

 Source0:       http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=d8a244092f001d149bbe673bd5b685d204fcf298

+%define sha1 linux=d5241400e6e5ed97fbdba1f92cf62c0a4382a30a

 Source1:       config-esx

 Patch0:        double-tcp_mem-limits.patch

 Patch1:        linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch

@@ -37,9 +37,6 @@ Patch22:       vsock-transport-for-9p.patch

 Patch23:       p9fs_dir_readdir-offset-support.patch

 Patch24:       Implement-the-f-xattrat-family-of-functions.patch

 Patch26:       init-do_mounts-recreate-dev-root.patch

-# Fix CVE-2017-8824

-Patch27:       dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch

-Patch30:       revert-SMB-validate-negotiate-even-if-signing-off.patch

 # For Spectre

 Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch

 Patch55: 0144-uvcvideo-prevent-speculative-execution.patch

@@ -50,7 +47,6 @@ Patch59: 0148-cw1200-prevent-speculative-execution.patch

 Patch60: 0149-Thermal-int340x-prevent-speculative-execution.patch

 Patch61: 0150-ipv4-prevent-speculative-execution.patch

 Patch62: 0151-ipv6-prevent-speculative-execution.patch

-Patch63: 0152-fs-prevent-speculative-execution.patch

 Patch64: 0153-net-mpls-prevent-speculative-execution.patch

 Patch65: 0154-udf-prevent-speculative-execution.patch

 Patch66: 0155-userns-prevent-speculative-execution.patch

@@ -118,8 +114,6 @@ The Linux package contains the Linux kernel doc files

 %patch23 -p1

 %patch24 -p1

 %patch26 -p1

-%patch27 -p1

-%patch30 -p1

 %patch52 -p1

 %patch55 -p1

@@ -130,7 +124,6 @@ The Linux package contains the Linux kernel doc files

 %patch60 -p1

 %patch61 -p1

 %patch62 -p1

-%patch63 -p1

 %patch64 -p1

 %patch65 -p1

 %patch66 -p1

@@ -224,6 +217,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1

+-   Update to version 4.4.124

 *   Mon Feb 05 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.115-1

 -   Update to version 4.4.115

 *   Wed Jan 31 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.114-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:    	4.4.115

-Release:        2%{?kat_build:.%kat_build}%{?dist}

+Version:    	4.4.124

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:    	http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz

-%define sha1 linux=d8a244092f001d149bbe673bd5b685d204fcf298

+%define sha1 linux=d5241400e6e5ed97fbdba1f92cf62c0a4382a30a

 Source1:	config

 %define ena_version 1.1.3

 Source2:    	https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz

@@ -36,9 +36,6 @@ Patch16:        vsock-transport-for-9p.patch

 #allow some algorithms in FIPS mode

 Patch17:        0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch

 Patch18:        0002-allow-also-ecb-cipher_null.patch

-# Fix CVE-2017-8824

-Patch21:        dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch

-Patch24:        revert-SMB-validate-negotiate-even-if-signing-off.patch

 # For Spectre

 Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch

 Patch55: 0144-uvcvideo-prevent-speculative-execution.patch

@@ -49,7 +46,6 @@ Patch59: 0148-cw1200-prevent-speculative-execution.patch

 Patch60: 0149-Thermal-int340x-prevent-speculative-execution.patch

 Patch61: 0150-ipv4-prevent-speculative-execution.patch

 Patch62: 0151-ipv6-prevent-speculative-execution.patch

-Patch63: 0152-fs-prevent-speculative-execution.patch

 Patch64: 0153-net-mpls-prevent-speculative-execution.patch

 Patch65: 0154-udf-prevent-speculative-execution.patch

 Patch66: 0155-userns-prevent-speculative-execution.patch

@@ -148,8 +144,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch16 -p1

 %patch17 -p1

 %patch18 -p1

-%patch21 -p1

-%patch24 -p1

 %patch52 -p1

 %patch55 -p1

@@ -160,7 +154,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch60 -p1

 %patch61 -p1

 %patch62 -p1

-%patch63 -p1

 %patch64 -p1

 %patch65 -p1

 %patch66 -p1

@@ -322,6 +315,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/perf-core

 %changelog

+*   Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1

+-   Update to version 4.4.124

 *   Thu Mar 08 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.4.115-2

 -   Add build dependency of libelf. Needed by perf to resolve symbols.

 *   Mon Feb 05 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.115-1

deleted file mode 100644

@@ -1,57 +0,0 @@

-

-This code reverts the commit mentioned below. (Apply it with patch -p1,

-not patch -p1 -R).

-

-commit 02ef29f9cbb616bf41900c427830dc8bf3f52d99

-Author: Steve French <smfrench@gmail.com>

-Date:   Wed Sep 20 19:57:18 2017 -0500

-

-    SMB: Validate negotiate (to protect against downgrade) even if signing off

-    

-    commit 0603c96f3af50e2f9299fa410c224ab1d465e0f9 upstream.

-    

-    As long as signing is supported (ie not a guest user connection) and

-    connection is SMB3 or SMB3.02, then validate negotiate (protect

-    against man in the middle downgrade attacks).  We had been doing this

-    only when signing was required, not when signing was just enabled,

-    but this more closely matches recommended SMB3 behavior and is

-    better security.  Suggested by Metze.

-    

-    Signed-off-by: Steve French <smfrench@gmail.com>

-    Reviewed-by: Jeremy Allison <jra@samba.org>

-    Acked-by: Stefan Metzmacher <metze@samba.org>

-    Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>

-    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

-

-diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c

-index f2ff60e..7123289 100644

-+++ b/fs/cifs/smb2pdu.c

-@@ -526,22 +526,15 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)

- 

- 	/*

- 	 * validation ioctl must be signed, so no point sending this if we

--	 * can not sign it (ie are not known user).  Even if signing is not

--	 * required (enabled but not negotiated), in those cases we selectively

-+	 * can not sign it.  We could eventually change this to selectively

- 	 * sign just this, the first and only signed request on a connection.

--	 * Having validation of negotiate info  helps reduce attack vectors.

-+	 * This is good enough for now since a user who wants better security

-+	 * would also enable signing on the mount. Having validation of

-+	 * negotiate info for signed connections helps reduce attack vectors

- 	 */

--	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST)

-+	if (tcon->ses->server->sign == false)

- 		return 0; /* validation requires signing */

- 

--	if (tcon->ses->user_name == NULL) {

--		cifs_dbg(FYI, "Can't validate negotiate: null user mount\n");

--		return 0; /* validation requires signing */

--	}

--

--	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)

--		cifs_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n");

--

- 	vneg_inbuf.Capabilities =

- 			cpu_to_le32(tcon->ses->server->vals->req_capabilities);

- 	memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid,

deleted file mode 100644

@@ -1,37 +0,0 @@

-From d7ca466502c0427749f64a6bdb47d96f848bf72d Mon Sep 17 00:00:00 2001

-From: Elena Reshetova <elena.reshetova@intel.com>

-Date: Wed, 30 Aug 2017 13:52:22 +0300

-Subject: [PATCH 152/194] fs: prevent speculative execution

-

-Since the fd value in function __fcheck_files()

-seems to be controllable by userspace and later on

-conditionally (upon bound check) used to resolve

-fdt->fd, insert an observable speculation

-barrier before its usage. This should prevent

-observable speculation on that branch and avoid

-kernel memory leak.

-

-Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>

- include/linux/fdtable.h | 4 +++-

- 1 file changed, 3 insertions(+), 1 deletion(-)

-

-diff --git a/include/linux/fdtable.h b/include/linux/fdtable.h

-index 1c65817..dbc1200 100644

-+++ b/include/linux/fdtable.h

-@@ -82,8 +82,10 @@ static inline struct file *__fcheck_files(struct files_struct *files, unsigned i

- {

- 	struct fdtable *fdt = rcu_dereference_raw(files->fdt);

- 

--	if (fd < fdt->max_fds)

-+	if (fd < fdt->max_fds) {

-+		osb();

- 		return rcu_dereference_raw(fdt->fd[fd]);

-+	}

- 	return NULL;

- }

- 

-2.9.5

-

@@ -50,13 +50,13 @@ index 952b23b5..d16bfe2 100644

  	movq	%rsp, %rdi

  	movl	$AUDIT_ARCH_X86_64, %esi

  	movq	%rax, %rdx

-@@ -267,7 +274,6 @@ tracesys_phase2:

+@@ -276,7 +276,6 @@ tracesys_phase2:

  	 * the value it wants us to use in the table lookup.

  	 */

  	RESTORE_C_REGS_EXCEPT_RAX

 -	RESTORE_EXTRA_REGS

  #if __SYSCALL_MASK == ~0

- 	cmpq	$__NR_syscall_max, %rax

+ 	cmpq	$NR_syscalls, %rax

  #else

 @@ -286,10 +292,8 @@ tracesys_phase2:

   * Has correct iret frame.