diff --git a/SPECS/linux-api-headers/linux-api-headers.spec b/SPECS/linux-api-headers/linux-api-headers.spec index ce8f69f902..ca8f311f34 100644 --- a/SPECS/linux-api-headers/linux-api-headers.spec +++ b/SPECS/linux-api-headers/linux-api-headers.spec @@ -1,6 +1,6 @@ Summary: Linux API header files Name: linux-api-headers -Version: 4.19.1 +Version: 4.19.6 Release: 1%{?dist} License: GPLv2 URL: http://www.kernel.org/ @@ -8,7 +8,7 @@ Group: System Environment/Kernel Vendor: VMware, Inc. Distribution: Photon Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz -%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952 +%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61 BuildArch: noarch %description The Linux API Headers expose the kernel's API for use by Glibc. @@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de %defattr(-,root,root) %{_includedir}/* %changelog +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 * Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 - Update to version 4.19.1 * Thu Sep 20 2018 Srivatsa S. Bhat 4.18.9-1 diff --git a/SPECS/linux/aws/0014-xen-manage-introduce-helper-function-to-know-the-on-.patch b/SPECS/linux/aws/0014-xen-manage-introduce-helper-function-to-know-the-on-.patch index 1dbe9082b5..21b3d3f5a0 100644 --- a/SPECS/linux/aws/0014-xen-manage-introduce-helper-function-to-know-the-on-.patch +++ b/SPECS/linux/aws/0014-xen-manage-introduce-helper-function-to-know-the-on-.patch @@ -22,7 +22,7 @@ Signed-off-by: Srivatsa S. Bhat (VMware) 2 files changed, 19 insertions(+) diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c -index 1c9750fefa64..1720225eecb6 100644 +index 609fca8..2676b52 100644 --- a/drivers/xen/manage.c +++ b/drivers/xen/manage.c @@ -50,6 +50,21 @@ enum suspend_modes { @@ -48,10 +48,10 @@ index 1c9750fefa64..1720225eecb6 100644 int cancelled; }; diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h -index a95e65ec83c3..2e4b476b516c 100644 +index f6e798d..2aa94d8 100644 --- a/include/xen/xen-ops.h +++ b/include/xen/xen-ops.h -@@ -38,6 +38,10 @@ u64 xen_steal_clock(int cpu); +@@ -39,6 +39,10 @@ u64 xen_steal_clock(int cpu); int xen_setup_shutdown_event(void); @@ -61,7 +61,6 @@ index a95e65ec83c3..2e4b476b516c 100644 + extern unsigned long *xen_contiguous_bitmap; - #ifdef CONFIG_XEN_PV + #if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64) -- -2.14.4 - +2.7.4 diff --git a/SPECS/linux/aws/0017-x86-xen-add-system-core-suspend-and-resume-callbacks.patch b/SPECS/linux/aws/0017-x86-xen-add-system-core-suspend-and-resume-callbacks.patch index 4c68fcc782..956042a9e7 100644 --- a/SPECS/linux/aws/0017-x86-xen-add-system-core-suspend-and-resume-callbacks.patch +++ b/SPECS/linux/aws/0017-x86-xen-add-system-core-suspend-and-resume-callbacks.patch @@ -23,10 +23,10 @@ Signed-off-by: Srivatsa S. Bhat (VMware) 3 files changed, 56 insertions(+) diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c -index 8afb6dd311f1..c78b3e8fb2e5 100644 +index d24ad16..4196a65 100644 --- a/arch/x86/xen/enlighten_hvm.c +++ b/arch/x86/xen/enlighten_hvm.c -@@ -201,6 +201,7 @@ static void __init xen_hvm_guest_init(void) +@@ -202,6 +202,7 @@ static void __init xen_hvm_guest_init(void) if (xen_feature(XENFEAT_hvm_callback_vector)) xen_have_vector_callback = 1; @@ -35,7 +35,7 @@ index 8afb6dd311f1..c78b3e8fb2e5 100644 WARN_ON(xen_cpuhp_setup(xen_cpu_up_prepare_hvm, xen_cpu_dead_hvm)); xen_unplug_emulated_devices(); diff --git a/arch/x86/xen/suspend.c b/arch/x86/xen/suspend.c -index 3e3a58ea669e..5e542b7e5802 100644 +index 1d83152..784c448 100644 --- a/arch/x86/xen/suspend.c +++ b/arch/x86/xen/suspend.c @@ -2,17 +2,22 @@ @@ -61,7 +61,7 @@ index 3e3a58ea669e..5e542b7e5802 100644 #include "xen-ops.h" #include "mmu.h" -@@ -78,3 +83,51 @@ void xen_arch_suspend(void) +@@ -82,3 +87,51 @@ void xen_arch_suspend(void) on_each_cpu(xen_vcpu_notify_suspend, NULL, 1); } @@ -114,10 +114,10 @@ index 3e3a58ea669e..5e542b7e5802 100644 + register_syscore_ops(&xen_hvm_syscore_ops); +} diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h -index 2e4b476b516c..90c2b41eb4f3 100644 +index 2aa94d8..77f65e5 100644 --- a/include/xen/xen-ops.h +++ b/include/xen/xen-ops.h -@@ -42,6 +42,8 @@ bool xen_suspend_mode_is_xen_suspend(void); +@@ -43,6 +43,8 @@ bool xen_suspend_mode_is_xen_suspend(void); bool xen_suspend_mode_is_pm_suspend(void); bool xen_suspend_mode_is_pm_hibernation(void); @@ -125,7 +125,7 @@ index 2e4b476b516c..90c2b41eb4f3 100644 + extern unsigned long *xen_contiguous_bitmap; - #ifdef CONFIG_XEN_PV + #if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64) -- -2.14.4 +2.7.4 diff --git a/SPECS/linux/aws/0055-net-ipv4-defensive-cipso-option-parsing.patch b/SPECS/linux/aws/0055-net-ipv4-defensive-cipso-option-parsing.patch deleted file mode 100644 index 592aeaeeb7..0000000000 --- a/SPECS/linux/aws/0055-net-ipv4-defensive-cipso-option-parsing.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 15541c4d514bb189c3e4dbad9bd9f3b957d7c4d0 Mon Sep 17 00:00:00 2001 -From: Frank van der Linden -Date: Fri, 31 Aug 2018 18:34:53 +0000 -Subject: net/ipv4: defensive cipso option parsing - -commit 40413955ee265a5e42f710940ec78f5450d49149 fixed a possible -infinite loop in the IP option parsing of CIPSO. The fix assumes -that ip_option_compile filtered out all zero length options and -that no other one-byte options beside IPOPT_END and IPOPT_NOOP -exist. -While this assumption currently holds true, add explicit checks -for zero length and invalid length options to be safe for the -future. Even though ip_options_compile should have validated the -options, the introduction of new one-byte options can still -confuse this code without the additional checks. - -Signed-off-by: Stefan Nuernberger -Signed-off-by: Srivatsa S. Bhat (VMware) ---- - net/ipv4/cipso_ipv4.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c -index 82178cc69c96..f291b57b8474 100644 ---- a/net/ipv4/cipso_ipv4.c -+++ b/net/ipv4/cipso_ipv4.c -@@ -1512,7 +1512,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, - * - * Description: - * Parse the packet's IP header looking for a CIPSO option. Returns a pointer -- * to the start of the CIPSO option on success, NULL if one if not found. -+ * to the start of the CIPSO option on success, NULL if one is not found. - * - */ - unsigned char *cipso_v4_optptr(const struct sk_buff *skb) -@@ -1522,9 +1522,11 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) - int optlen; - int taglen; - -- for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { -+ for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 1; ) { - switch (optptr[0]) { - case IPOPT_CIPSO: -+ if (!optptr[1] || optptr[1] > optlen) -+ return NULL; - return optptr; - case IPOPT_END: - return NULL; -@@ -1534,6 +1536,10 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) - default: - taglen = optptr[1]; - } -+ -+ if (!taglen || taglen > optlen) -+ break; -+ - optlen -= taglen; - optptr += taglen; - } --- -2.14.4 - diff --git a/SPECS/linux/config-aws b/SPECS/linux/config-aws index 12f40894c7..bcfa906190 100644 --- a/SPECS/linux/config-aws +++ b/SPECS/linux/config-aws @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.1 Kernel Configuration +# Linux/x86 4.19.6 Kernel Configuration # # @@ -397,7 +397,9 @@ CONFIG_X86_SMAP=y CONFIG_X86_INTEL_UMIP=y # CONFIG_X86_INTEL_MPX is not set CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y -# CONFIG_EFI is not set +CONFIG_EFI=y +CONFIG_EFI_STUB=y +# CONFIG_EFI_MIXED is not set CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set CONFIG_HZ_250=y @@ -484,6 +486,7 @@ CONFIG_ACPI_HOTPLUG_IOAPIC=y CONFIG_ACPI_SBS=m # CONFIG_ACPI_HED is not set # CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_BGRT is not set # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set # CONFIG_ACPI_NFIT is not set CONFIG_HAVE_ACPI_APEI=y @@ -641,6 +644,19 @@ CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y # CONFIG_ISCSI_IBFT_FIND is not set # CONFIG_FW_CFG_SYSFS is not set # CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +# CONFIG_EFI_VARS is not set +CONFIG_EFI_ESRT=y +# CONFIG_EFI_RUNTIME_MAP is not set +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_RUNTIME_WRAPPERS=y +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_APPLE_PROPERTIES is not set +# CONFIG_RESET_ATTACK_MITIGATION is not set CONFIG_UEFI_CPER=y CONFIG_UEFI_CPER_X86=y @@ -2971,6 +2987,7 @@ CONFIG_FB_CIRRUS=m # CONFIG_FB_VGA16 is not set # CONFIG_FB_UVESA is not set CONFIG_FB_VESA=y +# CONFIG_FB_EFI is not set # CONFIG_FB_N411 is not set # CONFIG_FB_HGA is not set # CONFIG_FB_OPENCORES is not set @@ -3525,6 +3542,7 @@ CONFIG_XEN_PRIVCMD=m # CONFIG_XEN_ACPI_PROCESSOR is not set # CONFIG_XEN_MCE_LOG is not set CONFIG_XEN_HAVE_PVMMU=y +CONFIG_XEN_EFI=y CONFIG_XEN_AUTO_XLATE=y CONFIG_XEN_ACPI=y # CONFIG_XEN_SYMS is not set @@ -3846,6 +3864,7 @@ CONFIG_HUGETLB_PAGE=y CONFIG_MEMFD_CREATE=y CONFIG_ARCH_HAS_GIGANTIC_PAGE=y CONFIG_CONFIGFS_FS=m +CONFIG_EFIVAR_FS=m CONFIG_MISC_FILESYSTEMS=y # CONFIG_ORANGEFS_FS is not set # CONFIG_ADFS_FS is not set @@ -4216,7 +4235,6 @@ CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m CONFIG_CRYPTO_SERPENT_AVX_X86_64=m CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m # CONFIG_CRYPTO_SM4 is not set -# CONFIG_CRYPTO_SPECK is not set CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m @@ -4360,7 +4378,7 @@ CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y CONFIG_OID_REGISTRY=y -CONFIG_UCS2_STRING=m +CONFIG_UCS2_STRING=y CONFIG_FONT_SUPPORT=y # CONFIG_FONTS is not set CONFIG_FONT_8x8=y @@ -4566,8 +4584,10 @@ CONFIG_TRACE_IRQFLAGS_SUPPORT=y # CONFIG_X86_VERBOSE_BOOTUP is not set CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_EFI is not set # CONFIG_EARLY_PRINTK_USB_XDBC is not set # CONFIG_X86_PTDUMP is not set +# CONFIG_EFI_PGT_DUMP is not set # CONFIG_DEBUG_WX is not set CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set diff --git a/SPECS/linux/linux-aws.spec b/SPECS/linux/linux-aws.spec index a1bb9b30ac..1b7c6f856f 100644 --- a/SPECS/linux/linux-aws.spec +++ b/SPECS/linux/linux-aws.spec @@ -1,15 +1,15 @@ %global security_hardening none Summary: Kernel Name: linux-aws -Version: 4.19.1 -Release: 3%{?kat_build:.%kat_build}%{?dist} +Version: 4.19.6 +Release: 1%{?kat_build:.%kat_build}%{?dist} License: GPLv2 URL: http://www.kernel.org/ Group: System Environment/Kernel Vendor: VMware, Inc. Distribution: Photon Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz -%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952 +%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61 Source1: config-aws Source2: initramfs.trigger # common @@ -62,7 +62,6 @@ Patch123: 0027-xen-blkfront-add-persistent_grants-parameter.patch Patch125: 0029-Revert-xen-dont-fiddle-with-event-channel-masking-in.patch Patch131: 0035-xen-blkfront-Fixed-blkfront_restore-to-remove-a-call.patch Patch133: 0037-x86-tsc-avoid-system-instability-in-hibernation.patch -Patch151: 0055-net-ipv4-defensive-cipso-option-parsing.patch Patch152: 0056-Amazon-ENA-driver-Update-to-version-1.6.0.patch %if 0%{?kat_build:1} @@ -179,7 +178,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. %patch125 -p1 %patch131 -p1 %patch133 -p1 -%patch151 -p1 %patch152 -p1 %if 0%{?kat_build:1} @@ -358,6 +356,9 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg %{_libdir}/perf/include/bpf/* %changelog +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 +- Enable EFI in config-aws to support kernel signing. * Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.1-3 - Set nvme io_timeout to maximum in kernel cmdline. * Wed Nov 14 2018 Ajay Kaher 4.19.1-2 diff --git a/SPECS/linux/linux-esx.spec b/SPECS/linux/linux-esx.spec index 853903eb8a..6e4154e1ca 100644 --- a/SPECS/linux/linux-esx.spec +++ b/SPECS/linux/linux-esx.spec @@ -1,15 +1,15 @@ %global security_hardening none Summary: Kernel Name: linux-esx -Version: 4.19.1 -Release: 3%{?dist} +Version: 4.19.6 +Release: 1%{?dist} License: GPLv2 URL: http://www.kernel.org/ Group: System Environment/Kernel Vendor: VMware, Inc. Distribution: Photon Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz -%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952 +%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61 Source1: config-esx Source2: initramfs.trigger # common @@ -186,6 +186,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg /usr/src/linux-headers-%{uname_r} %changelog +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 * Thu Nov 29 2018 Alexey Makhalov 4.19.1-3 - Fix BAR4 is zero issue for IDE devices * Thu Nov 15 2018 Ajay Kaher 4.19.1-2 diff --git a/SPECS/linux/linux-secure.spec b/SPECS/linux/linux-secure.spec index fed5b03ef5..91e5cfb638 100644 --- a/SPECS/linux/linux-secure.spec +++ b/SPECS/linux/linux-secure.spec @@ -1,15 +1,15 @@ %global security_hardening none Summary: Kernel Name: linux-secure -Version: 4.19.1 -Release: 2%{?kat_build:.%kat_build}%{?dist} +Version: 4.19.6 +Release: 1%{?kat_build:.%kat_build}%{?dist} License: GPLv2 URL: http://www.kernel.org/ Group: System Environment/Kernel Vendor: VMware, Inc. Distribution: Photon Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz -%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952 +%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61 Source1: config-secure Source2: initramfs.trigger # common @@ -234,6 +234,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg /usr/src/linux-headers-%{uname_r} %changelog +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 * Thu Nov 15 2018 Ajay Kaher 4.19.1-2 - Adding BuildArch * Thu Nov 08 2018 Him Kalyan Bordoloi 4.19.1-1 diff --git a/SPECS/linux/linux.spec b/SPECS/linux/linux.spec index ec90f8fc69..8011ae6c8b 100644 --- a/SPECS/linux/linux.spec +++ b/SPECS/linux/linux.spec @@ -1,15 +1,15 @@ %global security_hardening none Summary: Kernel Name: linux -Version: 4.19.1 -Release: 3%{?kat_build:.%kat_build}%{?dist} +Version: 4.19.6 +Release: 1%{?kat_build:.%kat_build}%{?dist} License: GPLv2 URL: http://www.kernel.org/ Group: System Environment/Kernel Vendor: VMware, Inc. Distribution: Photon Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz -%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952 +%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61 Source1: config Source2: initramfs.trigger %define ena_version 1.6.0 @@ -372,6 +372,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg %endif %changelog +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 * Fri Dec 07 2018 Alexey Makhalov 4.19.1-3 - .config: added qmi wwan module * Mon Nov 12 2018 Ajay Kaher 4.19.1-2