Change-Id: Id74b883d15904f9a5320c7536d7680c37f4f47a5
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5110
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,172 @@ |
0 |
+From 2b16f048729bf35e6c28a40cbfad07239f9dcd90 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Daniel Axtens <dja@axtens.net> |
|
2 |
+Date: Wed, 31 Jan 2018 14:15:33 +1100 |
|
3 |
+Subject: [PATCH] net: create skb_gso_validate_mac_len() |
|
4 |
+ |
|
5 |
+If you take a GSO skb, and split it into packets, will the MAC |
|
6 |
+length (L2 + L3 + L4 headers + payload) of those packets be small |
|
7 |
+enough to fit within a given length? |
|
8 |
+ |
|
9 |
+Move skb_gso_mac_seglen() to skbuff.h with other related functions |
|
10 |
+like skb_gso_network_seglen() so we can use it, and then create |
|
11 |
+skb_gso_validate_mac_len to do the full calculation. |
|
12 |
+ |
|
13 |
+Signed-off-by: Daniel Axtens <dja@axtens.net> |
|
14 |
+Signed-off-by: David S. Miller <davem@davemloft.net> |
|
15 |
+Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
16 |
+--- |
|
17 |
+ include/linux/skbuff.h | 16 +++++++++++++ |
|
18 |
+ net/core/skbuff.c | 63 +++++++++++++++++++++++++++++++++++++++----------- |
|
19 |
+ net/sched/sch_tbf.c | 10 -------- |
|
20 |
+ 3 files changed, 66 insertions(+), 23 deletions(-) |
|
21 |
+ |
|
22 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
|
23 |
+index 1b3a2f9..5d34da2 100644 |
|
24 |
+--- a/include/linux/skbuff.h |
|
25 |
+@@ -3077,6 +3077,7 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen); |
|
26 |
+ void skb_scrub_packet(struct sk_buff *skb, bool xnet); |
|
27 |
+ unsigned int skb_gso_transport_seglen(const struct sk_buff *skb); |
|
28 |
+ bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu); |
|
29 |
++bool skb_gso_validate_mac_len(const struct sk_buff *skb, unsigned int len); |
|
30 |
+ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features); |
|
31 |
+ struct sk_buff *skb_vlan_untag(struct sk_buff *skb); |
|
32 |
+ int skb_ensure_writable(struct sk_buff *skb, int write_len); |
|
33 |
+@@ -3855,6 +3856,21 @@ static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb) |
|
34 |
+ return hdr_len + skb_gso_transport_seglen(skb); |
|
35 |
+ } |
|
36 |
+ |
|
37 |
++/** |
|
38 |
++ * skb_gso_mac_seglen - Return length of individual segments of a gso packet |
|
39 |
++ * |
|
40 |
++ * @skb: GSO skb |
|
41 |
++ * |
|
42 |
++ * skb_gso_mac_seglen is used to determine the real size of the |
|
43 |
++ * individual segments, including MAC/L2, Layer3 (IP, IPv6) and L4 |
|
44 |
++ * headers (TCP/UDP). |
|
45 |
++ */ |
|
46 |
++static inline unsigned int skb_gso_mac_seglen(const struct sk_buff *skb) |
|
47 |
++{ |
|
48 |
++ unsigned int hdr_len = skb_transport_header(skb) - skb_mac_header(skb); |
|
49 |
++ return hdr_len + skb_gso_transport_seglen(skb); |
|
50 |
++} |
|
51 |
++ |
|
52 |
+ /* Local Checksum Offload. |
|
53 |
+ * Compute outer checksum based on the assumption that the |
|
54 |
+ * inner checksum will be offloaded later. |
|
55 |
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
|
56 |
+index fb422df..40f966e 100644 |
|
57 |
+--- a/net/core/skbuff.c |
|
58 |
+@@ -4441,37 +4441,74 @@ unsigned int skb_gso_transport_seglen(const struct sk_buff *skb) |
|
59 |
+ EXPORT_SYMBOL_GPL(skb_gso_transport_seglen); |
|
60 |
+ |
|
61 |
+ /** |
|
62 |
+- * skb_gso_validate_mtu - Return in case such skb fits a given MTU |
|
63 |
++ * skb_gso_size_check - check the skb size, considering GSO_BY_FRAGS |
|
64 |
+ * |
|
65 |
+- * @skb: GSO skb |
|
66 |
+- * @mtu: MTU to validate against |
|
67 |
++ * There are a couple of instances where we have a GSO skb, and we |
|
68 |
++ * want to determine what size it would be after it is segmented. |
|
69 |
+ * |
|
70 |
+- * skb_gso_validate_mtu validates if a given skb will fit a wanted MTU |
|
71 |
+- * once split. |
|
72 |
++ * We might want to check: |
|
73 |
++ * - L3+L4+payload size (e.g. IP forwarding) |
|
74 |
++ * - L2+L3+L4+payload size (e.g. sanity check before passing to driver) |
|
75 |
++ * |
|
76 |
++ * This is a helper to do that correctly considering GSO_BY_FRAGS. |
|
77 |
++ * |
|
78 |
++ * @seg_len: The segmented length (from skb_gso_*_seglen). In the |
|
79 |
++ * GSO_BY_FRAGS case this will be [header sizes + GSO_BY_FRAGS]. |
|
80 |
++ * |
|
81 |
++ * @max_len: The maximum permissible length. |
|
82 |
++ * |
|
83 |
++ * Returns true if the segmented length <= max length. |
|
84 |
+ */ |
|
85 |
+-bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu) |
|
86 |
+-{ |
|
87 |
++static inline bool skb_gso_size_check(const struct sk_buff *skb, |
|
88 |
++ unsigned int seg_len, |
|
89 |
++ unsigned int max_len) { |
|
90 |
+ const struct skb_shared_info *shinfo = skb_shinfo(skb); |
|
91 |
+ const struct sk_buff *iter; |
|
92 |
+- unsigned int hlen; |
|
93 |
+- |
|
94 |
+- hlen = skb_gso_network_seglen(skb); |
|
95 |
+ |
|
96 |
+ if (shinfo->gso_size != GSO_BY_FRAGS) |
|
97 |
+- return hlen <= mtu; |
|
98 |
++ return seg_len <= max_len; |
|
99 |
+ |
|
100 |
+ /* Undo this so we can re-use header sizes */ |
|
101 |
+- hlen -= GSO_BY_FRAGS; |
|
102 |
++ seg_len -= GSO_BY_FRAGS; |
|
103 |
+ |
|
104 |
+ skb_walk_frags(skb, iter) { |
|
105 |
+- if (hlen + skb_headlen(iter) > mtu) |
|
106 |
++ if (seg_len + skb_headlen(iter) > max_len) |
|
107 |
+ return false; |
|
108 |
+ } |
|
109 |
+ |
|
110 |
+ return true; |
|
111 |
+ } |
|
112 |
++ |
|
113 |
++/** |
|
114 |
++ * skb_gso_validate_mtu - Return in case such skb fits a given MTU |
|
115 |
++ * |
|
116 |
++ * @skb: GSO skb |
|
117 |
++ * @mtu: MTU to validate against |
|
118 |
++ * |
|
119 |
++ * skb_gso_validate_mtu validates if a given skb will fit a wanted MTU |
|
120 |
++ * once split. |
|
121 |
++ */ |
|
122 |
++bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu) |
|
123 |
++{ |
|
124 |
++ return skb_gso_size_check(skb, skb_gso_network_seglen(skb), mtu); |
|
125 |
++} |
|
126 |
+ EXPORT_SYMBOL_GPL(skb_gso_validate_mtu); |
|
127 |
+ |
|
128 |
++/** |
|
129 |
++ * skb_gso_validate_mac_len - Will a split GSO skb fit in a given length? |
|
130 |
++ * |
|
131 |
++ * @skb: GSO skb |
|
132 |
++ * @len: length to validate against |
|
133 |
++ * |
|
134 |
++ * skb_gso_validate_mac_len validates if a given skb will fit a wanted |
|
135 |
++ * length once split, including L2, L3 and L4 headers and the payload. |
|
136 |
++ */ |
|
137 |
++bool skb_gso_validate_mac_len(const struct sk_buff *skb, unsigned int len) |
|
138 |
++{ |
|
139 |
++ return skb_gso_size_check(skb, skb_gso_mac_seglen(skb), len); |
|
140 |
++} |
|
141 |
++EXPORT_SYMBOL_GPL(skb_gso_validate_mac_len); |
|
142 |
++ |
|
143 |
+ static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb) |
|
144 |
+ { |
|
145 |
+ if (skb_cow(skb, skb_headroom(skb)) < 0) { |
|
146 |
+diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c |
|
147 |
+index 303355c..ad60a45 100644 |
|
148 |
+--- a/net/sched/sch_tbf.c |
|
149 |
+@@ -142,16 +142,6 @@ static u64 psched_ns_t2l(const struct psched_ratecfg *r, |
|
150 |
+ return len; |
|
151 |
+ } |
|
152 |
+ |
|
153 |
+-/* |
|
154 |
+- * Return length of individual segments of a gso packet, |
|
155 |
+- * including all headers (MAC, IP, TCP/UDP) |
|
156 |
+- */ |
|
157 |
+-static unsigned int skb_gso_mac_seglen(const struct sk_buff *skb) |
|
158 |
+-{ |
|
159 |
+- unsigned int hdr_len = skb_transport_header(skb) - skb_mac_header(skb); |
|
160 |
+- return hdr_len + skb_gso_transport_seglen(skb); |
|
161 |
+-} |
|
162 |
+- |
|
163 |
+ /* GSO packet is too big, segment it so that tbf can transmit |
|
164 |
+ * each segment in time |
|
165 |
+ */ |
|
166 |
+-- |
|
167 |
+2.7.4 |
|
168 |
+ |
0 | 169 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,58 @@ |
0 |
+From 8914a595110a6eca69a5e275b323f5d09e18f4f9 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Daniel Axtens <dja@axtens.net> |
|
2 |
+Date: Wed, 31 Jan 2018 14:15:34 +1100 |
|
3 |
+Subject: [PATCH] bnx2x: disable GSO where gso_size is too big for hardware |
|
4 |
+ |
|
5 |
+If a bnx2x card is passed a GSO packet with a gso_size larger than |
|
6 |
+~9700 bytes, it will cause a firmware error that will bring the card |
|
7 |
+down: |
|
8 |
+ |
|
9 |
+bnx2x: [bnx2x_attn_int_deasserted3:4323(enP24p1s0f0)]MC assert! |
|
10 |
+bnx2x: [bnx2x_mc_assert:720(enP24p1s0f0)]XSTORM_ASSERT_LIST_INDEX 0x2 |
|
11 |
+bnx2x: [bnx2x_mc_assert:736(enP24p1s0f0)]XSTORM_ASSERT_INDEX 0x0 = 0x00000000 0x25e43e47 0x00463e01 0x00010052 |
|
12 |
+bnx2x: [bnx2x_mc_assert:750(enP24p1s0f0)]Chip Revision: everest3, FW Version: 7_13_1 |
|
13 |
+... (dump of values continues) ... |
|
14 |
+ |
|
15 |
+Detect when the mac length of a GSO packet is greater than the maximum |
|
16 |
+packet size (9700 bytes) and disable GSO. |
|
17 |
+ |
|
18 |
+Signed-off-by: Daniel Axtens <dja@axtens.net> |
|
19 |
+Reviewed-by: Eric Dumazet <edumazet@google.com> |
|
20 |
+Signed-off-by: David S. Miller <davem@davemloft.net> |
|
21 |
+Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
22 |
+--- |
|
23 |
+ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 18 ++++++++++++++++++ |
|
24 |
+ 1 file changed, 18 insertions(+) |
|
25 |
+ |
|
26 |
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c |
|
27 |
+index 554c408..72d90b2 100644 |
|
28 |
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c |
|
29 |
+@@ -12930,6 +12930,24 @@ static netdev_features_t bnx2x_features_check(struct sk_buff *skb, |
|
30 |
+ struct net_device *dev, |
|
31 |
+ netdev_features_t features) |
|
32 |
+ { |
|
33 |
++ /* |
|
34 |
++ * A skb with gso_size + header length > 9700 will cause a |
|
35 |
++ * firmware panic. Drop GSO support. |
|
36 |
++ * |
|
37 |
++ * Eventually the upper layer should not pass these packets down. |
|
38 |
++ * |
|
39 |
++ * For speed, if the gso_size is <= 9000, assume there will |
|
40 |
++ * not be 700 bytes of headers and pass it through. Only do a |
|
41 |
++ * full (slow) validation if the gso_size is > 9000. |
|
42 |
++ * |
|
43 |
++ * (Due to the way SKB_BY_FRAGS works this will also do a full |
|
44 |
++ * validation in that case.) |
|
45 |
++ */ |
|
46 |
++ if (unlikely(skb_is_gso(skb) && |
|
47 |
++ (skb_shinfo(skb)->gso_size > 9000) && |
|
48 |
++ !skb_gso_validate_mac_len(skb, 9700))) |
|
49 |
++ features &= ~NETIF_F_GSO_MASK; |
|
50 |
++ |
|
51 |
+ features = vlan_features_check(skb, features); |
|
52 |
+ return vxlan_features_check(skb, features); |
|
53 |
+ } |
|
54 |
+-- |
|
55 |
+2.7.4 |
|
56 |
+ |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-aws |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -46,6 +46,9 @@ Patch30: vmxnet3-avoid-xmit-reset-due-to-a-race-in-vmxnet3.patch |
46 | 46 |
Patch31: vmxnet3-use-correct-flag-to-indicate-LRO-feature.patch |
47 | 47 |
Patch32: netfilter-ipset-pernet-ops-must-be-unregistered-last.patch |
48 | 48 |
Patch33: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
49 |
+# Fixes for CVE-2018-1000026 |
|
50 |
+Patch34: 0001-net-create-skb_gso_validate_mac_len.patch |
|
51 |
+Patch35: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
|
49 | 52 |
|
50 | 53 |
# For Spectre |
51 | 54 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
... | ... |
@@ -209,6 +212,8 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
209 | 209 |
%patch31 -p1 |
210 | 210 |
%patch32 -p1 |
211 | 211 |
%patch33 -p1 |
212 |
+%patch34 -p1 |
|
213 |
+%patch35 -p1 |
|
212 | 214 |
|
213 | 215 |
%patch52 -p1 |
214 | 216 |
%patch53 -p1 |
... | ... |
@@ -428,6 +433,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
428 | 428 |
/usr/share/doc/* |
429 | 429 |
|
430 | 430 |
%changelog |
431 |
+* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
|
432 |
+- Fix CVE-2018-1000026. |
|
431 | 433 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
432 | 434 |
- Update to version 4.9.97. Apply 3rd vmxnet3 patch. |
433 | 435 |
* Mon Apr 23 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.94-2 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 1%{?dist} |
|
5 |
+Release: 2%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -43,6 +43,10 @@ Patch30: vmxnet3-avoid-xmit-reset-due-to-a-race-in-vmxnet3.patch |
43 | 43 |
Patch31: vmxnet3-use-correct-flag-to-indicate-LRO-feature.patch |
44 | 44 |
Patch32: netfilter-ipset-pernet-ops-must-be-unregistered-last.patch |
45 | 45 |
Patch33: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
46 |
+# Fixes for CVE-2018-1000026 |
|
47 |
+Patch34: 0001-net-create-skb_gso_validate_mac_len.patch |
|
48 |
+Patch35: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
|
49 |
+ |
|
46 | 50 |
# For Spectre |
47 | 51 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
48 | 52 |
Patch53: 0142-bpf-prevent-speculative-execution-in-eBPF-interprete.patch |
... | ... |
@@ -123,6 +127,8 @@ The Linux package contains the Linux kernel doc files |
123 | 123 |
%patch31 -p1 |
124 | 124 |
%patch32 -p1 |
125 | 125 |
%patch33 -p1 |
126 |
+%patch34 -p1 |
|
127 |
+%patch35 -p1 |
|
126 | 128 |
|
127 | 129 |
%patch52 -p1 |
128 | 130 |
%patch53 -p1 |
... | ... |
@@ -234,6 +240,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
234 | 234 |
/usr/src/linux-headers-%{uname_r} |
235 | 235 |
|
236 | 236 |
%changelog |
237 |
+* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
|
238 |
+- Fix CVE-2018-1000026. |
|
237 | 239 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
238 | 240 |
- Update to version 4.9.97. Apply 3rd vmxnet3 patch. |
239 | 241 |
* Mon Apr 23 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.94-2 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -52,6 +52,10 @@ Patch32: vmxnet3-avoid-xmit-reset-due-to-a-race-in-vmxnet3.patch |
52 | 52 |
Patch33: vmxnet3-use-correct-flag-to-indicate-LRO-feature.patch |
53 | 53 |
Patch34: netfilter-ipset-pernet-ops-must-be-unregistered-last.patch |
54 | 54 |
Patch35: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
55 |
+# Fixes for CVE-2018-1000026 |
|
56 |
+Patch36: 0001-net-create-skb_gso_validate_mac_len.patch |
|
57 |
+Patch37: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
|
58 |
+ |
|
55 | 59 |
# For Spectre |
56 | 60 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
57 | 61 |
Patch53: 0142-bpf-prevent-speculative-execution-in-eBPF-interprete.patch |
... | ... |
@@ -176,6 +180,8 @@ EOF |
176 | 176 |
%patch33 -p1 |
177 | 177 |
%patch34 -p1 |
178 | 178 |
%patch35 -p1 |
179 |
+%patch36 -p1 |
|
180 |
+%patch37 -p1 |
|
179 | 181 |
|
180 | 182 |
# spectre |
181 | 183 |
%patch52 -p1 |
... | ... |
@@ -323,6 +329,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
323 | 323 |
/usr/src/linux-headers-%{uname_r} |
324 | 324 |
|
325 | 325 |
%changelog |
326 |
+* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
|
327 |
+- Fix CVE-2018-1000026. |
|
326 | 328 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
327 | 329 |
- Update to version 4.9.97. Apply 3rd vmxnet3 patch. |
328 | 330 |
* Mon Apr 23 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.94-2 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -50,6 +50,9 @@ Patch31: vmxnet3-use-correct-flag-to-indicate-LRO-feature.patch |
50 | 50 |
# To fix kernel PANIC in cascade |
51 | 51 |
Patch32: netfilter-ipset-pernet-ops-must-be-unregistered-last.patch |
52 | 52 |
Patch33: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
53 |
+# Fixes for CVE-2018-1000026 |
|
54 |
+Patch34: 0001-net-create-skb_gso_validate_mac_len.patch |
|
55 |
+Patch35: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
|
53 | 56 |
|
54 | 57 |
# For Spectre |
55 | 58 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
... | ... |
@@ -168,6 +171,8 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
168 | 168 |
%patch31 -p1 |
169 | 169 |
%patch32 -p1 |
170 | 170 |
%patch33 -p1 |
171 |
+%patch34 -p1 |
|
172 |
+%patch35 -p1 |
|
171 | 173 |
|
172 | 174 |
%patch52 -p1 |
173 | 175 |
%patch53 -p1 |
... | ... |
@@ -350,6 +355,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
350 | 350 |
/usr/share/doc/* |
351 | 351 |
|
352 | 352 |
%changelog |
353 |
+* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
|
354 |
+- Fix CVE-2018-1000026. |
|
353 | 355 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
354 | 356 |
- Update to version 4.9.97. Apply 3rd vmxnet3 patch. |
355 | 357 |
* Mon Apr 23 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.94-2 |