From 1e141932567d3ae10b436d887168593174718cdc Mon Sep 17 00:00:00 2001 From: Akemi Yagi Date: Nov 12 2019 21:27:17 +0000 Subject: c7 plus kernel: update to 3.10.0-1062.4.2.el7 Signed-off-by: Akemi Yagi --- diff --git a/SOURCES/Makefile.common b/SOURCES/Makefile.common index 6214c5a..2051ee3 100644 --- a/SOURCES/Makefile.common +++ b/SOURCES/Makefile.common @@ -9,7 +9,7 @@ RPMVERSION:=3.10.0 # marker is git tag which we base off of for exporting patches MARKER:=v3.10 PREBUILD:= -BUILD:=1062.4.1 +BUILD:=1062.4.2 DIST:=.el7 SPECFILE:=kernel.spec RPM:=$(REDHAT)/rpm diff --git a/SOURCES/kernel-3.10.0-i686.config b/SOURCES/kernel-3.10.0-i686.config index 33b42aa..05ab439 100644 --- a/SOURCES/kernel-3.10.0-i686.config +++ b/SOURCES/kernel-3.10.0-i686.config @@ -554,6 +554,9 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_TSX_MODE_OFF is not set +CONFIG_X86_INTEL_TSX_MODE_ON=y +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y diff --git a/SOURCES/kernel-3.10.0-x86_64.config b/SOURCES/kernel-3.10.0-x86_64.config index ea6dbb8..8b63101 100644 --- a/SOURCES/kernel-3.10.0-x86_64.config +++ b/SOURCES/kernel-3.10.0-x86_64.config @@ -581,6 +581,9 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_TSX_MODE_OFF is not set +CONFIG_X86_INTEL_TSX_MODE_ON=y +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y diff --git a/SPECS/kernel-plus.spec b/SPECS/kernel-plus.spec index 6a53acc..0800406 100644 --- a/SPECS/kernel-plus.spec +++ b/SPECS/kernel-plus.spec @@ -14,10 +14,10 @@ Summary: The Linux kernel %global distro_build 1062 %define rpmversion 3.10.0 -%define pkgrelease 1062.4.1.el7 +%define pkgrelease 1062.4.2.el7 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 1062.4.1%{?dist} +%define specrelease 1062.4.2%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -522,6 +522,7 @@ Patch1305: patch-cxgb4-tv64-uninit.patch Patch1307: patch-i686-nfp-2.patch #Patch1308: patch-i686-v7_7.patch Patch1308: patch-i686-v7_7.2.patch +Patch1309: bmap-bug16610.patch # end of i686 mods @@ -992,6 +993,7 @@ ApplyOptionalPatch patch-cxgb4-tv64-uninit.patch ApplyOptionalPatch patch-i686-nfp-2.patch #ApplyOptionalPatch patch-i686-v7_7.patch ApplyOptionalPatch patch-i686-v7_7.2.patch +ApplyOptionalPatch bmap-bug16610.patch %endif ### plus mod @@ -2039,7 +2041,7 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog -* Tue Oct 15 2019 Akemi Yagi [3.10.0-1062.4.1.el7.centos.plus] +* Tue Nov 12 2019 Akemi Yagi [3.10.0-1062.4.2.el7.centos.plus] - Apply debranding changes - Roll in i686 mods addmissing.patch [puias] @@ -2059,6 +2061,7 @@ fi more 686 mods for 7.5 (-862.11.6) [pgreco, bug#15174] Patches updated for 7.6 [kabe, bug#15428] Patches for 7.7 [pgreco, bug#16324] + Patch bmap [pgreco bug#16610] - Modify config file for x86_64 with extra features turned on including some network adapters, BusLogic, ReiserFS, TOMOYO - Add in a patch that allows non-LogiTech remote to work [bug#5780] @@ -2095,6 +2098,45 @@ fi - Apply a patch for acpi issue [bug#16315] - Apply a patch to fix ICMP redirects [bug#16521] +* Tue Nov 05 2019 Bruno Meneguele [3.10.0-1062.4.2.el7] +- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154} +- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154} +- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155} +- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [x86] tsx: Add "auto" option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [x86] cpu: Add a "tsx=" cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135} +- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} +- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207} + * Wed Sep 25 2019 Bruno Meneguele [3.10.0-1062.4.1.el7] - [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879 1750880] {CVE-2019-14835}