diff options
-rw-r--r-- | Add-secure_modules-call.patch | 18 | ||||
-rw-r--r-- | config-generic | 3 | ||||
-rw-r--r-- | config-powerpc64-generic | 1 | ||||
-rw-r--r-- | gitrev | 2 | ||||
-rw-r--r-- | kernel.spec | 43 | ||||
-rw-r--r-- | sources | 2 |
6 files changed, 38 insertions, 31 deletions
diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch index 5c272a983..1cbf3afd9 100644 --- a/Add-secure_modules-call.patch +++ b/Add-secure_modules-call.patch @@ -1,7 +1,7 @@ -From 0f6eec5ca124baf1372fb4edeacd11a002378f5e Mon Sep 17 00:00:00 2001 +From 3213f1513a744fb21b6b9e4d4f2650a204855b3e Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Aug 2013 17:58:15 -0400 -Subject: [PATCH 01/20] Add secure_modules() call +Subject: [PATCH] Add secure_modules() call Provide a single call to allow kernel code to determine whether the system has been configured to either disable module loading entirely or to load @@ -17,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 2 files changed, 16 insertions(+) diff --git a/include/linux/module.h b/include/linux/module.h -index 3daf2b3..082298a 100644 +index 0c3207d..05bd6c9 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -655,6 +655,8 @@ static inline bool is_livepatch_module(struct module *mod) +@@ -641,6 +641,8 @@ static inline bool is_livepatch_module(struct module *mod) } #endif /* CONFIG_LIVEPATCH */ @@ -28,8 +28,8 @@ index 3daf2b3..082298a 100644 + #else /* !CONFIG_MODULES... */ - /* Given an address, look for it in the exception tables. */ -@@ -771,6 +773,10 @@ static inline bool module_requested_async_probing(struct module *module) + static inline struct module *__module_address(unsigned long addr) +@@ -750,6 +752,10 @@ static inline bool module_requested_async_probing(struct module *module) return false; } @@ -41,10 +41,10 @@ index 3daf2b3..082298a 100644 #ifdef CONFIG_SYSFS diff --git a/kernel/module.c b/kernel/module.c -index 5f71aa6..3c38496 100644 +index 529efae..0332fdd 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -4199,3 +4199,13 @@ void module_layout(struct module *mod, +@@ -4279,3 +4279,13 @@ void module_layout(struct module *mod, } EXPORT_SYMBOL(module_layout); #endif @@ -59,5 +59,5 @@ index 5f71aa6..3c38496 100644 +} +EXPORT_SYMBOL(secure_modules); -- -2.5.5 +2.9.2 diff --git a/config-generic b/config-generic index 005adb193..4047344f0 100644 --- a/config-generic +++ b/config-generic @@ -199,6 +199,7 @@ CONFIG_INFINIBAND_OCRDMA=m CONFIG_INFINIBAND_USNIC=m CONFIG_INFINIBAND_RDMAVT=m +CONFIG_RDMA_RXE=m # # Executable file formats @@ -4745,6 +4746,8 @@ CONFIG_NFSD_PNFS=y CONFIG_NFSD_BLOCKLAYOUT=y CONFIG_NFSD_SCSILAYOUT=y CONFIG_NFSD_V4_SECURITY_LABEL=y +# This is labeled as 'bare minimum' and 'not for production' +# CONFIG_NFSD_FLEXFILELAYOUT is not set CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_PNFS_OBJLAYOUT=m diff --git a/config-powerpc64-generic b/config-powerpc64-generic index 8e19373c9..ed55cfcd0 100644 --- a/config-powerpc64-generic +++ b/config-powerpc64-generic @@ -162,6 +162,7 @@ CONFIG_SCSI_IBMVSCSI=m CONFIG_SCSI_IPR=m CONFIG_SCSI_IPR_TRACE=y CONFIG_SCSI_IPR_DUMP=y +CONFIG_SCSI_IBMVSCSIS=m CONFIG_SERIAL_ICOM=m # CONFIG_SERIAL_8250 is not set @@ -1 +1 @@ -96b585267f552d4b6a28ea8bd75e5ed03deb6e71 +dd7fd3a82ce55e5772d41b1faa2439f15318a902 diff --git a/kernel.spec b/kernel.spec index f30607d07..e6b3b2cfd 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 6 +%define gitrev 7 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -354,7 +354,7 @@ Summary: The Linux kernel %endif # Architectures we build tools/cpupower on -%define cpupowerarchs %{ix86} x86_64 %{power64} %{arm} aarch64 +%define cpupowerarchs %{ix86} x86_64 %{power64} %{arm} aarch64 # # Packages that need to be installed before the kernel is, because the %%post @@ -386,12 +386,12 @@ Requires: kernel-modules-uname-r = %{KVERREL}%{?variant} BuildRequires: kmod, patch, bash, sh-utils, tar, git BuildRequires: bzip2, xz, findutils, gzip, m4, perl, perl-Carp, perl-devel, perl-generators, make, diffutils, gawk BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc -BuildRequires: net-tools, hostname, bc +BuildRequires: net-tools, hostname, bc, elfutils-devel %if %{with_sparse} BuildRequires: sparse %endif %if %{with_perf} -BuildRequires: elfutils-devel zlib-devel binutils-devel newt-devel python-devel perl(ExtUtils::Embed) bison flex xz-devel +BuildRequires: zlib-devel binutils-devel newt-devel python-devel perl(ExtUtils::Embed) bison flex xz-devel BuildRequires: audit-libs-devel %ifnarch s390 s390x %{arm} BuildRequires: numactl-devel @@ -964,7 +964,7 @@ on kernel bugs, as some of these options impact performance noticably. # And finally the main -core package %define variant_summary The Linux kernel -%kernel_variant_package +%kernel_variant_package %description core The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions @@ -1290,7 +1290,7 @@ cd .. # This affects the vDSO images in vmlinux, and the vmlinux image in bzImage. export AFTER_LINK=\ 'sh -xc "/usr/lib/rpm/debugedit -b $$RPM_BUILD_DIR -d /usr/src/debug \ - -i $@ > $@.id"' + -i $@ > $@.id"' %endif cp_vmlinux() @@ -1387,7 +1387,7 @@ BuildKernel() { mv vmlinuz.signed $KernelImage %endif $CopyKernel $KernelImage \ - $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer + $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer cp $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer $RPM_BUILD_ROOT/lib/modules/$KernelVer/$InstallName @@ -1536,13 +1536,13 @@ BuildKernel() { } collect_modules_list networking \ - 'register_netdev|ieee80211_register_hw|usbnet_probe|phy_driver_register|rt(l_|2x00)(pci|usb)_probe|register_netdevice' + 'register_netdev|ieee80211_register_hw|usbnet_probe|phy_driver_register|rt(l_|2x00)(pci|usb)_probe|register_netdevice' collect_modules_list block \ - 'ata_scsi_ioctl|scsi_add_host|scsi_add_host_with_dma|blk_alloc_queue|blk_init_queue|register_mtd_blktrans|scsi_esp_register|scsi_register_device_handler|blk_queue_physical_block_size' 'pktcdvd.ko|dm-mod.ko' + 'ata_scsi_ioctl|scsi_add_host|scsi_add_host_with_dma|blk_alloc_queue|blk_init_queue|register_mtd_blktrans|scsi_esp_register|scsi_register_device_handler|blk_queue_physical_block_size' 'pktcdvd.ko|dm-mod.ko' collect_modules_list drm \ - 'drm_open|drm_init' + 'drm_open|drm_init' collect_modules_list modesetting \ - 'drm_crtc_init' + 'drm_crtc_init' # detect missing or incorrect license tags ( find $RPM_BUILD_ROOT/lib/modules/$KernelVer -name '*.ko' | xargs /sbin/modinfo -l | \ @@ -1573,9 +1573,9 @@ BuildKernel() { # Find all the module files and filter them out into the core and modules # lists. This actually removes anything going into -modules from the dir. find lib/modules/$KernelVer/kernel -name *.ko | sort -n > modules.list - cp $RPM_SOURCE_DIR/filter-*.sh . + cp $RPM_SOURCE_DIR/filter-*.sh . %{SOURCE99} modules.list %{_target_cpu} - rm filter-*.sh + rm filter-*.sh # Run depmod on the resulting module tree and make sure it isn't broken depmod -b . -aeF ./System.map $KernelVer &> depmod.out @@ -1780,7 +1780,7 @@ make ARCH=%{hdrarch} INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr headers_install find $RPM_BUILD_ROOT/usr/include \ \( -name .install -o -name .check -o \ - -name ..install.cmd -o -name ..check.cmd \) | xargs rm -f + -name ..install.cmd -o -name ..check.cmd \) | xargs rm -f %endif @@ -1790,7 +1790,7 @@ make ARCH=%{hdrarch} INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr/tmp-headers headers_in find $RPM_BUILD_ROOT/usr/tmp-headers/include \ \( -name .install -o -name .check -o \ - -name ..install.cmd -o -name ..check.cmd \) | xargs rm -f + -name ..install.cmd -o -name ..check.cmd \) | xargs rm -f # Copy all the architectures we care about to their respective asm directories for arch in arm arm64 powerpc s390 x86 ; do @@ -2153,8 +2153,11 @@ fi # plz don't put in a version string unless you're going to tag # and build. # -# +# %changelog +* Fri Aug 05 2016 Laura Abbott <labbott@redhat.com> - 4.8.0-0.rc0.git7.1 +- Linux v4.7-11891-gdd7fd3a + * Thu Aug 04 2016 Laura Abbott <labbott@redhat.com> - 4.8.0-0.rc0.git6.1 - Linux v4.7-11544-g96b5852 @@ -2406,7 +2409,7 @@ fi * Wed May 18 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git3.1 - Linux v4.6-3623-g0b7962a - ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs, - timers, crypto merges + timers, crypto merges * Tue May 17 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git2.2 - Adjust solib for cpupower @@ -2739,7 +2742,7 @@ fi - Reenable debugging options. * Tue Mar 08 2016 Thorsten Leemhuis <fedora@leemhuis.info> -- add signkernel macro to make signing kernel and signing modules +- add signkernel macro to make signing kernel and signing modules independent from each other - sign modules on all archs @@ -3698,7 +3701,7 @@ fi - Inital ARM updates for 4.1 - Temporarily disable AMD ARM64 xgbe-a0 driver -* Wed Apr 22 2015 Josh Boyer <jwboyer@fedoraproject.org> +* Wed Apr 22 2015 Josh Boyer <jwboyer@fedoraproject.org> - Linux v4.0-9804-gdb4fd9c5d072 * Tue Apr 21 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc0.git11.1 @@ -3933,7 +3936,7 @@ fi - kernel-arm64.patch merge, but leave it off. - kernel-arm64-fix-psci-when-pg.patch: when -pg (because of ftrace) is enabled we must explicitly annotate which registers should be assigned, otherwise - gcc will do unexpected things behind our backs. + gcc will do unexpected things behind our backs. * Tue Feb 17 2015 Josh Boyer <jwboyer@fedoraproject.org> - 3.20.0-0.rc0.git7.1 - Linux v3.19-7478-g796e1c55717e @@ -1,3 +1,3 @@ 5276563eb1f39a048e4a8a887408c031 linux-4.7.tar.xz fe259c02c75eec61d1aa4b1211f3c853 perf-man-4.7.tar.gz -49f6889a0303e4aef5f3b604d8642da0 patch-4.7-git6.xz +b3f0d17b8d20d874a419f7d7671d5dda patch-4.7-git7.xz |