diff options
| author | Thorsten Leemhuis <fedora@leemhuis.info> | 2017-09-14 07:52:03 +0200 |
|---|---|---|
| committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2017-09-14 07:52:03 +0200 |
| commit | 93a2b064114cd50623224304c05db1b7131bba78 (patch) | |
| tree | 6e1894580807381fc6564ff78bd0ec693228b014 /kernel.spec | |
| parent | 570de96589e3fd47dbcf6a2437f8e91a8bbe78ce (diff) | |
| parent | 1cea4bfbc911fc3948ae8256b55657576eb03f7d (diff) | |
| download | kernel-93a2b064114cd50623224304c05db1b7131bba78.tar.gz kernel-93a2b064114cd50623224304c05db1b7131bba78.tar.xz kernel-93a2b064114cd50623224304c05db1b7131bba78.zip | |
Merge remote-tracking branch 'origin/stabilization' into stabilization
Diffstat (limited to 'kernel.spec')
| -rw-r--r-- | kernel.spec | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/kernel.spec b/kernel.spec index 598226d11..ac032662c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -127,7 +127,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 # Want to build a vanilla kernel build without any non-upstream patches? %define with_vanilla %{?_without_vanilla: 0} %{?!_without_vanilla: 1} @@ -617,9 +617,11 @@ Patch320: bcm283x-vc4-Fix-OOPSes-from-trying-to-cache-a-partially-constructed-BO # Fix USB on the RPi https://patchwork.kernel.org/patch/9879371/ Patch321: bcm283x-dma-mapping-skip-USB-devices-when-configuring-DMA-during-probe.patch -# This breaks RPi booting with a LPAE kernel, we don't support the DSI ports currently -# Revert it while I engage upstream to work out what's going on -Patch322: Revert-ARM-dts-bcm2835-Add-the-DSI-module-nodes-and-.patch +# Updat3 move of bcm2837, landed in 4.14 +Patch322: bcm2837-move-dt.patch + +# https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20170912&id=723288836628bc1c0855f3bb7b64b1803e4b9e4a +Patch324: arm-of-restrict-dma-configuration.patch # 400 - IBM (ppc/s390x) patches @@ -646,6 +648,15 @@ Patch617: Fix-for-module-sig-verification.patch # rhbz 1485086 Patch619: pci-mark-amd-stoney-gpu-ats-as-broken.patch +# CVE-2017-12154 rhbz 1491224 1491231 +Patch620: kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch + +# CVE-2017-12153 rhbz 1491046 1491057 +Patch621: nl80211-check-for-the-required-netlink-attributes-presence.patch + +# CVE-2017-1000251 rhbz 1489716 1490906 +Patch622: bluetooth-properly-check-l2cap-config-option-output-buffer-length.patch + # END OF PATCH DEFINITIONS %endif @@ -2219,6 +2230,11 @@ fi # # %changelog +* Wed Sep 13 2017 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2017-12154 (rhbz 1491224 1491231) +- Fix CVE-2017-12153 (rhbz 1491046 1491057) +- Fix CVE-2017-1000251 (rhbz 1489716 1490906) + * Sun Sep 10 2017 Laura Abbott <labbott@fedoraproject.org> - 4.13.1-200 - Linux v4.13.1 |