kernel: update to 5.10.28.1 (#846)
Update the kernel to 5.10.28.1. - 5.10.28.1 addresses the following CVEs: CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660, CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971, CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508, CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646, CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002 - update uname_r define It is generally expected that users can run "dnf install kernel-devel-$(uname -r)" to pull the proper kernel-devel package associated with the currently running kernel. Currently "uname -r" returns something like "5.10.28.1-rolling-lts-mariner-1.cm1". RPM package naming has the following convention: [name]-[version]-[release].[arch].rpm where [version] and [release] cannot contain any dash characters. Therefore it is impossible to name a corresponding kernel-devel RPM to match kernel-devel-$(uname -r). In 5.10.28.1, we changed the kernel Makefile's EXTRAVERSION value from "EXTRAVERSION=.1-rolling-lts-mariner" to "EXTRAVERSION=.1", dropping the extra "rolling-lts-mariner" from the uname. This allows the "dnf install kernel-devel-$(uname -r)" to work as intended. Signed-off-by: Chris Co <chrco@microsoft.com>
This commit is contained in:
Родитель
679c6cf331
Коммит
26d5c16802
|
@ -1,9 +1,9 @@
|
||||||
%global debug_package %{nil}
|
%global debug_package %{nil}
|
||||||
%define uname_r %{version}-rolling-lts-mariner-%{release}
|
%define uname_r %{version}-%{release}
|
||||||
Summary: Signed Linux Kernel for aarch64 systems
|
Summary: Signed Linux Kernel for aarch64 systems
|
||||||
Name: kernel-signed-aarch64
|
Name: kernel-signed-aarch64
|
||||||
Version: 5.10.21.1
|
Version: 5.10.28.1
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
Distribution: Mariner
|
Distribution: Mariner
|
||||||
|
@ -82,6 +82,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
||||||
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 08 2021 Chris Co <chrco@microsoft.com> - 5.10.28.1-1
|
||||||
|
- Update source to 5.10.28.1
|
||||||
|
- Update uname_r define to match the new value derived from the source
|
||||||
|
|
||||||
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
||||||
- Update to kernel release 5.10.21.1-4
|
- Update to kernel release 5.10.21.1-4
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
%global debug_package %{nil}
|
%global debug_package %{nil}
|
||||||
%define uname_r %{version}-rolling-lts-mariner-%{release}
|
%define uname_r %{version}-%{release}
|
||||||
Summary: Signed Linux Kernel for x86_64 systems
|
Summary: Signed Linux Kernel for x86_64 systems
|
||||||
Name: kernel-signed-x64
|
Name: kernel-signed-x64
|
||||||
Version: 5.10.21.1
|
Version: 5.10.28.1
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
Distribution: Mariner
|
Distribution: Mariner
|
||||||
|
@ -82,6 +82,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
||||||
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 08 2021 Chris Co <chrco@microsoft.com> - 5.10.28.1-1
|
||||||
|
- Update source to 5.10.28.1
|
||||||
|
- Update uname_r define to match the new value derived from the source
|
||||||
|
|
||||||
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
||||||
- Update to kernel release 5.10.21.1-4
|
- Update to kernel release 5.10.21.1-4
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,6 @@
|
||||||
"hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1",
|
"hypervkvpd.service": "25339871302f7a47e1aecfa9fc2586c78bc37edb98773752f0a5dec30f0ed3a1",
|
||||||
"hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1",
|
"hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1",
|
||||||
"hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d",
|
"hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d",
|
||||||
"kernel-5.10.21.1.tar.gz": "7b5ef89649dbcd95344e5a374a3144afdc1f2613995870b1613e585fb91abff0"
|
"kernel-5.10.28.1.tar.gz": "51118e54227410d15c20246e4905d897a8b6b3ebe1326ebe44e1080d0d17c27d"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -8,7 +8,7 @@
|
||||||
%global udev_prefix 70
|
%global udev_prefix 70
|
||||||
Summary: Hyper-V daemons suite
|
Summary: Hyper-V daemons suite
|
||||||
Name: hyperv-daemons
|
Name: hyperv-daemons
|
||||||
Version: 5.10.21.1
|
Version: 5.10.28.1
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
|
@ -219,6 +219,9 @@ fi
|
||||||
%{_sbindir}/lsvmbus
|
%{_sbindir}/lsvmbus
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 08 2021 Chris Co <chrco@microsoft.com> - 5.10.28.1-1
|
||||||
|
- Update source to 5.10.28.1
|
||||||
|
|
||||||
* Thu Mar 11 2021 Chris Co <chrco@microsoft.com> - 5.10.21.1-1
|
* Thu Mar 11 2021 Chris Co <chrco@microsoft.com> - 5.10.21.1-1
|
||||||
- Update source to 5.10.21.1
|
- Update source to 5.10.21.1
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"Signatures": {
|
"Signatures": {
|
||||||
"kernel-5.10.21.1.tar.gz": "7b5ef89649dbcd95344e5a374a3144afdc1f2613995870b1613e585fb91abff0"
|
"kernel-5.10.28.1.tar.gz": "51118e54227410d15c20246e4905d897a8b6b3ebe1326ebe44e1080d0d17c27d"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: Linux API header files
|
Summary: Linux API header files
|
||||||
Name: kernel-headers
|
Name: kernel-headers
|
||||||
Version: 5.10.21.1
|
Version: 5.10.28.1
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
Distribution: Mariner
|
Distribution: Mariner
|
||||||
|
@ -35,6 +35,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir}
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 08 2021 Chris Co <chrco@microsoft.com> - 5.10.28.1-1
|
||||||
|
- Update source to 5.10.28.1
|
||||||
|
|
||||||
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
||||||
- Update to kernel release 5.10.21.1-4
|
- Update to kernel release 5.10.21.1-4
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#
|
#
|
||||||
# Automatically generated file; DO NOT EDIT.
|
# Automatically generated file; DO NOT EDIT.
|
||||||
# Linux/x86_64 5.10.21.1-rolling-lts-mariner Kernel Configuration
|
# Linux/x86_64 5.10.28.1 Kernel Configuration
|
||||||
#
|
#
|
||||||
CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0"
|
CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0"
|
||||||
CONFIG_CC_IS_GCC=y
|
CONFIG_CC_IS_GCC=y
|
||||||
|
@ -1537,7 +1537,6 @@ CONFIG_PCIEASPM_DEFAULT=y
|
||||||
# CONFIG_PCIEASPM_PERFORMANCE is not set
|
# CONFIG_PCIEASPM_PERFORMANCE is not set
|
||||||
# CONFIG_PCIE_DPC is not set
|
# CONFIG_PCIE_DPC is not set
|
||||||
# CONFIG_PCIE_PTM is not set
|
# CONFIG_PCIE_PTM is not set
|
||||||
# CONFIG_PCIE_BW is not set
|
|
||||||
CONFIG_PCI_MSI=y
|
CONFIG_PCI_MSI=y
|
||||||
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
||||||
CONFIG_PCI_QUIRKS=y
|
CONFIG_PCI_QUIRKS=y
|
||||||
|
@ -3260,6 +3259,7 @@ CONFIG_UIO=m
|
||||||
# CONFIG_UIO_PRUSS is not set
|
# CONFIG_UIO_PRUSS is not set
|
||||||
# CONFIG_UIO_MF624 is not set
|
# CONFIG_UIO_MF624 is not set
|
||||||
CONFIG_UIO_HV_GENERIC=m
|
CONFIG_UIO_HV_GENERIC=m
|
||||||
|
# CONFIG_VFIO is not set
|
||||||
CONFIG_VIRT_DRIVERS=y
|
CONFIG_VIRT_DRIVERS=y
|
||||||
# CONFIG_VBOXGUEST is not set
|
# CONFIG_VBOXGUEST is not set
|
||||||
# CONFIG_NITRO_ENCLAVES is not set
|
# CONFIG_NITRO_ENCLAVES is not set
|
||||||
|
@ -3278,6 +3278,7 @@ CONFIG_HYPERV_TIMER=y
|
||||||
CONFIG_HYPERV_UTILS=m
|
CONFIG_HYPERV_UTILS=m
|
||||||
CONFIG_HYPERV_BALLOON=m
|
CONFIG_HYPERV_BALLOON=m
|
||||||
CONFIG_DXGKRNL=m
|
CONFIG_DXGKRNL=m
|
||||||
|
# CONFIG_DXGKRNL_DEBUG is not set
|
||||||
# end of Microsoft Hyper-V guest support
|
# end of Microsoft Hyper-V guest support
|
||||||
|
|
||||||
# CONFIG_GREYBUS is not set
|
# CONFIG_GREYBUS is not set
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"Signatures": {
|
"Signatures": {
|
||||||
"config": "c5426e82771a878a06758657e7442ae693f76a88994b3cad36ead19c4a48f2a5",
|
"config": "409a59c15de0b9a2417df76b89dfe9796449a2e1b45ea0d48ea09013a012c947",
|
||||||
"kernel-5.10.21.1.tar.gz": "7b5ef89649dbcd95344e5a374a3144afdc1f2613995870b1613e585fb91abff0",
|
"kernel-5.10.28.1.tar.gz": "51118e54227410d15c20246e4905d897a8b6b3ebe1326ebe44e1080d0d17c27d",
|
||||||
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f"
|
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,10 +1,10 @@
|
||||||
%global security_hardening none
|
%global security_hardening none
|
||||||
%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
|
%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
|
||||||
%define uname_r %{version}-rolling-lts-mariner-%{release}
|
%define uname_r %{version}-%{release}
|
||||||
Summary: Linux Kernel optimized for Hyper-V
|
Summary: Linux Kernel optimized for Hyper-V
|
||||||
Name: kernel-hyperv
|
Name: kernel-hyperv
|
||||||
Version: 5.10.21.1
|
Version: 5.10.28.1
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
Distribution: Mariner
|
Distribution: Mariner
|
||||||
|
@ -274,6 +274,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
||||||
%{_libdir}/perf/include/bpf/*
|
%{_libdir}/perf/include/bpf/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 08 2021 Chris Co <chrco@microsoft.com> - 5.10.28.1-1
|
||||||
|
- Update source to 5.10.28.1
|
||||||
|
- Update uname_r define to match the new value derived from the source
|
||||||
|
|
||||||
* Thu Mar 18 2021 Chris Co <chrco@microsoft.com> - 5.10.21.1-2
|
* Thu Mar 18 2021 Chris Co <chrco@microsoft.com> - 5.10.21.1-2
|
||||||
- Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS
|
- Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2020-16120 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 05acefb4872dae89e772729efb194af754c877e8
|
||||||
|
Stable: 48bd024b8a40d73ad6b086de2615738da0c7004f
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2020-27170 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
|
||||||
|
Stable: c4d37eea1c641a9319baf34253cc373abb39d3e1
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2020-27171 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 10d2bb2e6b1d8c4576c56a748f697dbeb8388899
|
||||||
|
Stable: ac1b87a18c1ffbe3d093000b762121b5aae0a3f9
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2020-35508 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
|
||||||
|
Stable: b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28375 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 20c40794eb85ea29852d7bc37c55713802a543d6
|
||||||
|
Stable: 52feb58f9b5b078b5a39ed8ba8ab3b4546e16ff2
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28660 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 74b6b20df8cfe90ada777d621b54c32e69e27cd7
|
||||||
|
Stable: d972a516958dee489911d9f57ee7a177834ef248
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28950 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 775c5033a0d164622d9d10dd0f0a5531639ed3ed
|
||||||
|
Stable: d955f13ea2120269319d6133d0dd82b66d1eeca3
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28951 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 3ebba796fa251d042be42b929a2d916ee5c34a49
|
||||||
|
Stable: 6cae8095490caae12875300243ec94b39b6a2a78
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28952 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 1c668e1c0a0f74472469cd514f40c9012b324c31
|
||||||
|
Stable: 26b08c08a5f3008fe45822d8b163f1516178c42b
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28964 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
|
||||||
|
Stable: 38ffe9eaeb7cce383525439f0948f9eb74632e1d
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28971 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: d88d05a9e0b6d9356e97129d4ff9942d765f46ea
|
||||||
|
Stable: 514ea597be8e4b6a787bc34da111c44944fbf5a5
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-28972 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: cc7a0bb058b85ea03db87169c60c7cfdd5d34678
|
||||||
|
Stable: be1f58e58f7644ab33f1413685c84173766408d3
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29264 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
|
||||||
|
Stable: b8bfda6e08b8a419097eea5a8e57671bc36f9939
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29265 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 9380afd6df70e24eacbdbde33afc6a3950965d22
|
||||||
|
Stable: ab5c3186686aa87c741381d10a948817f1deb9b2
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29266 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9
|
||||||
|
Stable: 49ca3100fbaf864853c922c8f7a8fe7090a83860
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29646 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 0217ed2848e8538bcf9172d97ed2eeb4a26041bb
|
||||||
|
Stable: 50f41f2e29ff1980f7edfca40bbf81a4336b9feb
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29647 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 50535249f624d0072cd885bcdce4e4b6fb770160
|
||||||
|
Stable: fce6fb90218935f7319265459484b3762c80d0a8
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29649 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
|
||||||
|
Stable: ccd5565feea346697c1d1e8e9cd042218b49c44b
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-29650 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: 175e476b8cdf2a4de7432583b49c871345e4f8a1
|
||||||
|
Stable: 3fdebc2d8e7965f946a3d716ffdd482e66c1f46c
|
|
@ -0,0 +1,3 @@
|
||||||
|
CVE-2021-30002 - already patched in 5.10.28.1 stable kernel
|
||||||
|
Upstream: fb18802a338b36f675a388fc03d2aa504a0d0899
|
||||||
|
Stable: 5400770e31e8b80efc25b4c1d619361255174d11
|
|
@ -1,6 +1,6 @@
|
||||||
#
|
#
|
||||||
# Automatically generated file; DO NOT EDIT.
|
# Automatically generated file; DO NOT EDIT.
|
||||||
# Linux/x86_64 5.10.21.1-rolling-lts-mariner Kernel Configuration
|
# Linux/x86_64 5.10.28.1 Kernel Configuration
|
||||||
#
|
#
|
||||||
CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0"
|
CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0"
|
||||||
CONFIG_CC_IS_GCC=y
|
CONFIG_CC_IS_GCC=y
|
||||||
|
@ -1754,7 +1754,6 @@ CONFIG_PCIEASPM_DEFAULT=y
|
||||||
CONFIG_PCIE_PME=y
|
CONFIG_PCIE_PME=y
|
||||||
# CONFIG_PCIE_DPC is not set
|
# CONFIG_PCIE_DPC is not set
|
||||||
# CONFIG_PCIE_PTM is not set
|
# CONFIG_PCIE_PTM is not set
|
||||||
# CONFIG_PCIE_BW is not set
|
|
||||||
CONFIG_PCI_MSI=y
|
CONFIG_PCI_MSI=y
|
||||||
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
||||||
CONFIG_PCI_QUIRKS=y
|
CONFIG_PCI_QUIRKS=y
|
||||||
|
@ -5507,6 +5506,7 @@ CONFIG_HYPERV_TIMER=y
|
||||||
CONFIG_HYPERV_UTILS=m
|
CONFIG_HYPERV_UTILS=m
|
||||||
CONFIG_HYPERV_BALLOON=m
|
CONFIG_HYPERV_BALLOON=m
|
||||||
CONFIG_DXGKRNL=m
|
CONFIG_DXGKRNL=m
|
||||||
|
# CONFIG_DXGKRNL_DEBUG is not set
|
||||||
# end of Microsoft Hyper-V guest support
|
# end of Microsoft Hyper-V guest support
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -5514,7 +5514,7 @@ CONFIG_DXGKRNL=m
|
||||||
#
|
#
|
||||||
CONFIG_XEN_BALLOON=y
|
CONFIG_XEN_BALLOON=y
|
||||||
CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y
|
CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y
|
||||||
CONFIG_XEN_BALLOON_MEMORY_HOTPLUG_LIMIT=512
|
CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512
|
||||||
CONFIG_XEN_SCRUB_PAGES_DEFAULT=y
|
CONFIG_XEN_SCRUB_PAGES_DEFAULT=y
|
||||||
CONFIG_XEN_DEV_EVTCHN=m
|
CONFIG_XEN_DEV_EVTCHN=m
|
||||||
CONFIG_XEN_BACKEND=y
|
CONFIG_XEN_BACKEND=y
|
||||||
|
@ -5800,7 +5800,6 @@ CONFIG_IIO_ST_ACCEL_I2C_3AXIS=m
|
||||||
# CONFIG_AD7291 is not set
|
# CONFIG_AD7291 is not set
|
||||||
# CONFIG_AD7606_IFACE_PARALLEL is not set
|
# CONFIG_AD7606_IFACE_PARALLEL is not set
|
||||||
# CONFIG_AD799X is not set
|
# CONFIG_AD799X is not set
|
||||||
# CONFIG_ADI_AXI_ADC is not set
|
|
||||||
# CONFIG_HX711 is not set
|
# CONFIG_HX711 is not set
|
||||||
# CONFIG_INA2XX_ADC is not set
|
# CONFIG_INA2XX_ADC is not set
|
||||||
# CONFIG_LTC2471 is not set
|
# CONFIG_LTC2471 is not set
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#
|
#
|
||||||
# Automatically generated file; DO NOT EDIT.
|
# Automatically generated file; DO NOT EDIT.
|
||||||
# Linux/arm64 5.10.21.1-rolling-lts-mariner Kernel Configuration
|
# Linux/arm64 5.10.28.1 Kernel Configuration
|
||||||
#
|
#
|
||||||
CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0"
|
CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.1.0"
|
||||||
CONFIG_CC_IS_GCC=y
|
CONFIG_CC_IS_GCC=y
|
||||||
|
@ -2031,7 +2031,6 @@ CONFIG_PCIEASPM_DEFAULT=y
|
||||||
CONFIG_PCIE_PME=y
|
CONFIG_PCIE_PME=y
|
||||||
CONFIG_PCIE_DPC=y
|
CONFIG_PCIE_DPC=y
|
||||||
CONFIG_PCIE_PTM=y
|
CONFIG_PCIE_PTM=y
|
||||||
# CONFIG_PCIE_BW is not set
|
|
||||||
# CONFIG_PCIE_EDR is not set
|
# CONFIG_PCIE_EDR is not set
|
||||||
CONFIG_PCI_MSI=y
|
CONFIG_PCI_MSI=y
|
||||||
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
CONFIG_PCI_MSI_IRQ_DOMAIN=y
|
||||||
|
@ -7559,6 +7558,7 @@ CONFIG_HYPERV_TIMER=y
|
||||||
CONFIG_HYPERV_UTILS=m
|
CONFIG_HYPERV_UTILS=m
|
||||||
CONFIG_HYPERV_BALLOON=y
|
CONFIG_HYPERV_BALLOON=y
|
||||||
CONFIG_DXGKRNL=y
|
CONFIG_DXGKRNL=y
|
||||||
|
# CONFIG_DXGKRNL_DEBUG is not set
|
||||||
# end of Microsoft Hyper-V guest support
|
# end of Microsoft Hyper-V guest support
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{
|
{
|
||||||
"Signatures": {
|
"Signatures": {
|
||||||
"config": "ed2ad5c004ef1a40cb8f33aa7f5a2c23fa74b4485e12f4f92a90e880002f2b6f",
|
"config": "8bee0b32b330cb87653f25b8b88ebc817ddeed9f950d4220be9e72ebb60a5c9c",
|
||||||
"config_aarch64": "f2222dc3ff9739cb08a6ef009ad8742552ab1cbc90d075f9746647df297301c4",
|
"config_aarch64": "4bc0a7d39e49ad18c68cddff33316d910edc726f0c5cb4b3bf5a6e92ec394d8a",
|
||||||
"kernel-5.10.21.1.tar.gz": "7b5ef89649dbcd95344e5a374a3144afdc1f2613995870b1613e585fb91abff0",
|
"kernel-5.10.28.1.tar.gz": "51118e54227410d15c20246e4905d897a8b6b3ebe1326ebe44e1080d0d17c27d",
|
||||||
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f"
|
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,10 +1,10 @@
|
||||||
%global security_hardening none
|
%global security_hardening none
|
||||||
%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
|
%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
|
||||||
%define uname_r %{version}-rolling-lts-mariner-%{release}
|
%define uname_r %{version}-%{release}
|
||||||
Summary: Linux Kernel
|
Summary: Linux Kernel
|
||||||
Name: kernel
|
Name: kernel
|
||||||
Version: 5.10.21.1
|
Version: 5.10.28.1
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
Distribution: Mariner
|
Distribution: Mariner
|
||||||
|
@ -136,6 +136,26 @@ Patch1107: CVE-2021-26932.nopatch
|
||||||
Patch1108: CVE-2021-27365.nopatch
|
Patch1108: CVE-2021-27365.nopatch
|
||||||
Patch1109: CVE-2021-27364.nopatch
|
Patch1109: CVE-2021-27364.nopatch
|
||||||
Patch1110: CVE-2021-27363.nopatch
|
Patch1110: CVE-2021-27363.nopatch
|
||||||
|
Patch1111: CVE-2020-27170.nopatch
|
||||||
|
Patch1112: CVE-2020-27171.nopatch
|
||||||
|
Patch1113: CVE-2021-28375.nopatch
|
||||||
|
Patch1114: CVE-2021-28660.nopatch
|
||||||
|
Patch1115: CVE-2021-28950.nopatch
|
||||||
|
Patch1116: CVE-2021-28951.nopatch
|
||||||
|
Patch1117: CVE-2021-28952.nopatch
|
||||||
|
Patch1118: CVE-2021-28971.nopatch
|
||||||
|
Patch1119: CVE-2021-28972.nopatch
|
||||||
|
Patch1120: CVE-2021-29266.nopatch
|
||||||
|
Patch1121: CVE-2021-28964.nopatch
|
||||||
|
Patch1122: CVE-2020-35508.nopatch
|
||||||
|
Patch1123: CVE-2020-16120.nopatch
|
||||||
|
Patch1124: CVE-2021-29264.nopatch
|
||||||
|
Patch1125: CVE-2021-29265.nopatch
|
||||||
|
Patch1126: CVE-2021-29646.nopatch
|
||||||
|
Patch1127: CVE-2021-29647.nopatch
|
||||||
|
Patch1128: CVE-2021-29649.nopatch
|
||||||
|
Patch1129: CVE-2021-29650.nopatch
|
||||||
|
Patch1130: CVE-2021-30002.nopatch
|
||||||
BuildRequires: audit-devel
|
BuildRequires: audit-devel
|
||||||
BuildRequires: bash
|
BuildRequires: bash
|
||||||
BuildRequires: bc
|
BuildRequires: bc
|
||||||
|
@ -474,6 +494,15 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 08 2021 Chris Co <chrco@microsoft.com> - 5.10.28.1-1
|
||||||
|
- Update source to 5.10.28.1
|
||||||
|
- Update uname_r define to match the new value derived from the source
|
||||||
|
- Address CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660,
|
||||||
|
CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971,
|
||||||
|
CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508,
|
||||||
|
CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646,
|
||||||
|
CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002
|
||||||
|
|
||||||
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
* Fri Mar 26 2021 Daniel Mihai <dmihai@microsoft.com> - 5.10.21.1-4
|
||||||
- Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR
|
- Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR
|
||||||
|
|
||||||
|
|
|
@ -1745,8 +1745,8 @@
|
||||||
"type": "other",
|
"type": "other",
|
||||||
"other": {
|
"other": {
|
||||||
"name": "hyperv-daemons",
|
"name": "hyperv-daemons",
|
||||||
"version": "5.10.21.1",
|
"version": "5.10.28.1",
|
||||||
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.21.1.tar.gz"
|
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.28.1.tar.gz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -2055,8 +2055,8 @@
|
||||||
"type": "other",
|
"type": "other",
|
||||||
"other": {
|
"other": {
|
||||||
"name": "kernel-headers",
|
"name": "kernel-headers",
|
||||||
"version": "5.10.21.1",
|
"version": "5.10.28.1",
|
||||||
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.21.1.tar.gz"
|
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.28.1.tar.gz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -2065,8 +2065,8 @@
|
||||||
"type": "other",
|
"type": "other",
|
||||||
"other": {
|
"other": {
|
||||||
"name": "kernel-hyperv",
|
"name": "kernel-hyperv",
|
||||||
"version": "5.10.21.1",
|
"version": "5.10.28.1",
|
||||||
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.21.1.tar.gz"
|
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.28.1.tar.gz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -2075,8 +2075,8 @@
|
||||||
"type": "other",
|
"type": "other",
|
||||||
"other": {
|
"other": {
|
||||||
"name": "kernel",
|
"name": "kernel",
|
||||||
"version": "5.10.21.1",
|
"version": "5.10.28.1",
|
||||||
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.21.1.tar.gz"
|
"downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.28.1.tar.gz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
filesystem-1.1-7.cm1.aarch64.rpm
|
filesystem-1.1-7.cm1.aarch64.rpm
|
||||||
kernel-headers-5.10.21.1-4.cm1.noarch.rpm
|
kernel-headers-5.10.28.1-1.cm1.noarch.rpm
|
||||||
glibc-2.28-18.cm1.aarch64.rpm
|
glibc-2.28-18.cm1.aarch64.rpm
|
||||||
glibc-devel-2.28-18.cm1.aarch64.rpm
|
glibc-devel-2.28-18.cm1.aarch64.rpm
|
||||||
glibc-i18n-2.28-18.cm1.aarch64.rpm
|
glibc-i18n-2.28-18.cm1.aarch64.rpm
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
filesystem-1.1-7.cm1.x86_64.rpm
|
filesystem-1.1-7.cm1.x86_64.rpm
|
||||||
kernel-headers-5.10.21.1-4.cm1.noarch.rpm
|
kernel-headers-5.10.28.1-1.cm1.noarch.rpm
|
||||||
glibc-2.28-18.cm1.x86_64.rpm
|
glibc-2.28-18.cm1.x86_64.rpm
|
||||||
glibc-devel-2.28-18.cm1.x86_64.rpm
|
glibc-devel-2.28-18.cm1.x86_64.rpm
|
||||||
glibc-i18n-2.28-18.cm1.x86_64.rpm
|
glibc-i18n-2.28-18.cm1.x86_64.rpm
|
||||||
|
|
|
@ -145,7 +145,7 @@ json-c-debuginfo-0.14-3.cm1.aarch64.rpm
|
||||||
json-c-devel-0.14-3.cm1.aarch64.rpm
|
json-c-devel-0.14-3.cm1.aarch64.rpm
|
||||||
kbd-2.0.4-5.cm1.aarch64.rpm
|
kbd-2.0.4-5.cm1.aarch64.rpm
|
||||||
kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm
|
kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm
|
||||||
kernel-headers-5.10.21.1-4.cm1.noarch.rpm
|
kernel-headers-5.10.28.1-1.cm1.noarch.rpm
|
||||||
kmod-25-4.cm1.aarch64.rpm
|
kmod-25-4.cm1.aarch64.rpm
|
||||||
kmod-debuginfo-25-4.cm1.aarch64.rpm
|
kmod-debuginfo-25-4.cm1.aarch64.rpm
|
||||||
kmod-devel-25-4.cm1.aarch64.rpm
|
kmod-devel-25-4.cm1.aarch64.rpm
|
||||||
|
|
|
@ -145,7 +145,7 @@ json-c-debuginfo-0.14-3.cm1.x86_64.rpm
|
||||||
json-c-devel-0.14-3.cm1.x86_64.rpm
|
json-c-devel-0.14-3.cm1.x86_64.rpm
|
||||||
kbd-2.0.4-5.cm1.x86_64.rpm
|
kbd-2.0.4-5.cm1.x86_64.rpm
|
||||||
kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm
|
kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm
|
||||||
kernel-headers-5.10.21.1-4.cm1.noarch.rpm
|
kernel-headers-5.10.28.1-1.cm1.noarch.rpm
|
||||||
kmod-25-4.cm1.x86_64.rpm
|
kmod-25-4.cm1.x86_64.rpm
|
||||||
kmod-debuginfo-25-4.cm1.x86_64.rpm
|
kmod-debuginfo-25-4.cm1.x86_64.rpm
|
||||||
kmod-devel-25-4.cm1.x86_64.rpm
|
kmod-devel-25-4.cm1.x86_64.rpm
|
||||||
|
|
|
@ -68,7 +68,7 @@ COPY [ "./toolchain-md5sums", \
|
||||||
WORKDIR $LFS/sources
|
WORKDIR $LFS/sources
|
||||||
RUN wget -nv --no-clobber --timeout=30 --no-check-certificate --continue --input-file=$LFS/tools/toolchain-local-wget-list --directory-prefix=$LFS/sources; exit 0
|
RUN wget -nv --no-clobber --timeout=30 --no-check-certificate --continue --input-file=$LFS/tools/toolchain-local-wget-list --directory-prefix=$LFS/sources; exit 0
|
||||||
RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0
|
RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0
|
||||||
RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.21.1.tar.gz -O kernel-5.10.21.1.tar.gz --directory-prefix=$LFS/sources; exit 0
|
RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.28.1.tar.gz -O kernel-5.10.28.1.tar.gz --directory-prefix=$LFS/sources; exit 0
|
||||||
USER root
|
USER root
|
||||||
RUN /tools/toolchain-jdk8-wget.sh; exit 0
|
RUN /tools/toolchain-jdk8-wget.sh; exit 0
|
||||||
RUN md5sum -c $LFS/tools/toolchain-md5sums && \
|
RUN md5sum -c $LFS/tools/toolchain-md5sums && \
|
||||||
|
|
|
@ -59,7 +59,7 @@ bc62e7df6f75357b6dd1ec34600dbeaf jdk8u212-b04-langtools.tar.bz2
|
||||||
d0272e7a6107c64dae62b80ca7ec65e2 jdk8u212-b04-nashorn.tar.bz2
|
d0272e7a6107c64dae62b80ca7ec65e2 jdk8u212-b04-nashorn.tar.bz2
|
||||||
befd51c2b53a442e1fa6644bba89a95a jdk8u212-b04.tar.bz2
|
befd51c2b53a442e1fa6644bba89a95a jdk8u212-b04.tar.bz2
|
||||||
94afc90c1f7bef4a27fdd59ece39c878 kbproto-1.0.7.tar.bz2
|
94afc90c1f7bef4a27fdd59ece39c878 kbproto-1.0.7.tar.bz2
|
||||||
385192d9be43a19ffa5a1a6074278d79 kernel-5.10.21.1.tar.gz
|
e0c6f0946012317df6dc4a56b82410e3 kernel-5.10.28.1.tar.gz
|
||||||
d953ed6b47694dadf0e6042f8f9ff451 libarchive-3.4.2.tar.gz
|
d953ed6b47694dadf0e6042f8f9ff451 libarchive-3.4.2.tar.gz
|
||||||
968ac4d42a1a71754313527be2ab5df3 libcap-2.26.tar.xz
|
968ac4d42a1a71754313527be2ab5df3 libcap-2.26.tar.xz
|
||||||
ba983eba5a9f05d152a0725b8e863151 libdmx-1.1.3.tar.bz2
|
ba983eba5a9f05d152a0725b8e863151 libdmx-1.1.3.tar.bz2
|
||||||
|
|
|
@ -57,14 +57,14 @@ set -e
|
||||||
#
|
#
|
||||||
cd /sources
|
cd /sources
|
||||||
|
|
||||||
echo Linux-5.10.21.1 API Headers
|
echo Linux-5.10.28.1 API Headers
|
||||||
tar xf kernel-5.10.21.1.tar.gz
|
tar xf kernel-5.10.28.1.tar.gz
|
||||||
pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.21.1
|
pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.28.1
|
||||||
make mrproper
|
make mrproper
|
||||||
make headers
|
make headers
|
||||||
cp -rv usr/include/* /usr/include
|
cp -rv usr/include/* /usr/include
|
||||||
popd
|
popd
|
||||||
rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.21.1
|
rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.28.1
|
||||||
touch /logs/status_kernel_headers_complete
|
touch /logs/status_kernel_headers_complete
|
||||||
|
|
||||||
echo 6.8. Man-pages-5.02
|
echo 6.8. Man-pages-5.02
|
||||||
|
|
|
@ -113,14 +113,14 @@ rm -rf gcc-9.1.0
|
||||||
|
|
||||||
touch $LFS/logs/temptoolchain/status_gcc_pass1_complete
|
touch $LFS/logs/temptoolchain/status_gcc_pass1_complete
|
||||||
|
|
||||||
echo Linux-5.10.21.1 API Headers
|
echo Linux-5.10.28.1 API Headers
|
||||||
tar xf kernel-5.10.21.1.tar.gz
|
tar xf kernel-5.10.28.1.tar.gz
|
||||||
pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.21.1
|
pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.28.1
|
||||||
make mrproper
|
make mrproper
|
||||||
make headers
|
make headers
|
||||||
cp -rv usr/include/* /tools/include
|
cp -rv usr/include/* /tools/include
|
||||||
popd
|
popd
|
||||||
rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.21.1
|
rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.10.28.1
|
||||||
|
|
||||||
touch $LFS/logs/temptoolchain/status_kernel_headers_complete
|
touch $LFS/logs/temptoolchain/status_kernel_headers_complete
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче