%global security_hardening none %global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh %define uname_r %{version}-%{release} # find_debuginfo.sh arguments are set by default in rpm's macros. # The default arguments regenerate the build-id for vmlinux in the # debuginfo package causing a mismatch with the build-id for vmlinuz in # the kernel package. Therefore, explicilty set the relevant default # settings to prevent this behavior. %undefine _unique_build_ids %undefine _unique_debug_names %global _missing_build_ids_terminate_build 1 %global _no_recompute_build_ids 1 %ifarch x86_64 %define arch x86_64 %define archdir x86 %define config_source %{SOURCE1} %endif %ifarch aarch64 %global __provides_exclude_from %{_libdir}/debug/.build-id/ %define arch arm64 %define archdir arm64 %define config_source %{SOURCE2} %endif Summary: Linux Kernel Name: kernel-azure Version: 5.15.167.1 Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Kernel URL: https://github.com/microsoft/CBL-Mariner-Linux-Kernel Source0: https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/%{version}.tar.gz#/kernel-%{version}.tar.gz Source1: config Source2: config_aarch64 Source3: sha512hmac-openssl.sh Source4: cbl-mariner-ca-20211013.pem BuildRequires: audit-devel BuildRequires: bash BuildRequires: bc BuildRequires: cpio BuildRequires: diffutils BuildRequires: dwarves BuildRequires: elfutils-libelf-devel BuildRequires: glib-devel BuildRequires: grub2-rpm-macros BuildRequires: kbd BuildRequires: kmod-devel BuildRequires: libdnet-devel BuildRequires: libmspack-devel BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: procps-ng-devel BuildRequires: python3-devel BuildRequires: sed %ifarch x86_64 BuildRequires: pciutils-devel %endif Requires: filesystem Requires: kmod Requires(post): coreutils Requires(postun): coreutils # When updating the config files it is important to sanitize them. # Steps for updating a config file: # 1. Extract the linux sources into a folder # 2. Add the current config file to the folder # 3. Run `make menuconfig` to edit the file (Manually editing is not recommended) # 4. Save the config file # 5. Copy the config file back into the kernel spec folder # 6. Revert any undesired changes (GCC related changes, etc) # 8. Build the kernel package # 9. Apply the changes listed in the log file (if any) to the config file # 10. Verify the rest of the config file looks ok # If there are significant changes to the config file, disable the config check and build the # kernel rpm. The final config file is included in /boot in the rpm. %description The kernel package contains the Linux kernel. %package devel Summary: Kernel Dev Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} Requires: gawk Requires: python3 Obsoletes: linux-dev %description devel This package contains the Linux kernel dev files %package drivers-accessibility Summary: Kernel accessibility modules Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} %description drivers-accessibility This package contains the Linux kernel accessibility support %package drivers-gpu Summary: Kernel gpu modules Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} %description drivers-gpu This package contains the Linux kernel gpu support %package drivers-sound Summary: Kernel Sound modules Group: System Environment/Kernel Requires: %{name} = %{version}-%{release} %description drivers-sound This package contains the Linux kernel sound support %package docs Summary: Kernel docs Group: System Environment/Kernel Requires: python3 %description docs This package contains the Linux kernel doc files %package tools Summary: This package contains the 'perf' performance analysis tools for Linux kernel Group: System/Tools Requires: %{name} = %{version}-%{release} Requires: audit %description tools This package contains the 'perf' performance analysis tools for Linux kernel. %package -n python3-perf Summary: Python 3 extension for perf tools Requires: python3 %description -n python3-perf This package contains the Python 3 extension for the 'perf' performance analysis tools for Linux kernel. %package dtb Summary: This package contains common device tree blobs (dtb) Group: System Environment/Kernel %description dtb This package contains common device tree blobs (dtb) %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps %description -n bpftool This package contains the bpftool, which allows inspection and simple manipulation of eBPF programs and maps. %prep %setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-%{version} make mrproper cp %{config_source} .config # Add CBL-Mariner cert into kernel's trusted keyring cp %{SOURCE4} certs/mariner.pem sed -i 's#CONFIG_SYSTEM_TRUSTED_KEYS=""#CONFIG_SYSTEM_TRUSTED_KEYS="certs/mariner.pem"#' .config cp .config current_config sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{release}"/' .config make LC_ALL= ARCH=%{arch} oldconfig # Verify the config files match cp .config new_config sed -i 's/CONFIG_LOCALVERSION=".*"/CONFIG_LOCALVERSION=""/' new_config diff --unified new_config current_config > config_diff || true if [ -s config_diff ]; then printf "\n\n\n\n\n\n\n\n" cat config_diff printf "\n\n\n\n\n\n\n\n" echo "Config file has unexpected changes" echo "Update config file to set changed values explicitly" # (DISABLE THIS IF INTENTIONALLY UPDATING THE CONFIG FILE) exit 1 fi %build make VERBOSE=1 KBUILD_BUILD_VERSION="1" KBUILD_BUILD_HOST="CBL-Mariner" ARCH=%{arch} %{?_smp_mflags} # Compile perf, python3-perf make -C tools/perf PYTHON=%{python3} all %ifarch x86_64 make -C tools turbostat cpupower %endif #Compile bpftool make -C tools/bpf/bpftool %define __modules_install_post \ for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \ ./scripts/sign-file sha512 certs/signing_key.pem certs/signing_key.x509 $MODULE \ rm -f $MODULE.{sig,dig} \ xz $MODULE \ done \ %{nil} # We want to compress modules after stripping. Extra step is added to # the default __spec_install_post. %define __spec_install_post\ %{?__debug_package:%{__debug_install_post}}\ %{__arch_install_post}\ %{__os_install_post}\ %{__modules_install_post}\ %{nil} %install install -vdm 755 %{buildroot}%{_sysconfdir} install -vdm 700 %{buildroot}/boot install -vdm 755 %{buildroot}%{_defaultdocdir}/linux-%{uname_r} install -vdm 755 %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} install -vdm 755 %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r} make INSTALL_MOD_PATH=%{buildroot} modules_install %ifarch x86_64 install -vm 600 arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r} %endif %ifarch aarch64 install -vm 600 arch/arm64/boot/Image %{buildroot}/boot/vmlinuz-%{uname_r} install -D -m 640 arch/arm64/boot/dts/freescale/imx8mq-evk.dtb %{buildroot}/boot/dtb/fsl-imx8mq-evk.dtb %endif # Restrict the permission on System.map-X file install -vm 400 System.map %{buildroot}/boot/System.map-%{uname_r} install -vm 600 .config %{buildroot}/boot/config-%{uname_r} cp -r Documentation/* %{buildroot}%{_defaultdocdir}/linux-%{uname_r} install -vm 744 vmlinux %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r}/vmlinux-%{uname_r} # `perf test vmlinux` needs it ln -s vmlinux-%{uname_r} %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r}/vmlinux cat > %{buildroot}/boot/linux-%{uname_r}.cfg << "EOF" # GRUB Environment Block mariner_cmdline=init=/lib/systemd/systemd ro loglevel=3 no-vmw-sta crashkernel=256M mariner_linux=vmlinuz-%{uname_r} mariner_initrd=initrd.img-%{uname_r} EOF chmod 600 %{buildroot}/boot/linux-%{uname_r}.cfg # hmac sign the kernel for FIPS %{sha512hmac} %{buildroot}/boot/vmlinuz-%{uname_r} | sed -e "s,$RPM_BUILD_ROOT,," > %{buildroot}/boot/.vmlinuz-%{uname_r}.hmac cp %{buildroot}/boot/.vmlinuz-%{uname_r}.hmac %{buildroot}/lib/modules/%{uname_r}/.vmlinuz.hmac # Register myself to initramfs mkdir -p %{buildroot}/%{_localstatedir}/lib/initramfs/kernel cat > %{buildroot}/%{_localstatedir}/lib/initramfs/kernel/%{uname_r} << "EOF" --add-drivers "xen-scsifront xen-blkfront xen-acpi-processor xen-evtchn xen-gntalloc xen-gntdev xen-privcmd xen-pciback xenfs hv_utils hv_vmbus hv_storvsc hv_netvsc hv_sock hv_balloon virtio_blk virtio-rng virtio_console virtio_crypto virtio_mem vmw_vsock_virtio_transport vmw_vsock_virtio_transport_common 9pnet_virtio vrf" EOF # Symlink /lib/modules/uname/vmlinuz to boot partition ln -s /boot/vmlinuz-%{uname_r} %{buildroot}/lib/modules/%{uname_r}/vmlinuz # Cleanup dangling symlinks rm -rf %{buildroot}/lib/modules/%{uname_r}/source rm -rf %{buildroot}/lib/modules/%{uname_r}/build find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy find arch/%{archdir}/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy find $(find arch/%{archdir} -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy find arch/%{archdir}/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy %ifarch x86_64 # CONFIG_STACK_VALIDATION=y requires objtool to build external modules install -vsm 755 tools/objtool/objtool %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ install -vsm 755 tools/objtool/fixdep %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ %endif cp .config %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be ln -sf "%{_prefix}/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x %ifarch aarch64 cp scripts/module.lds %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/scripts/module.lds %endif # disable (JOBS=1) parallel build to fix this issue: # fixdep: error opening depfile: ./.plugin_cfg80211.o.d: No such file or directory # Linux version that was affected is 4.4.26 make -C tools JOBS=1 DESTDIR=%{buildroot} prefix=%{_prefix} perf_install # Install python3-perf make -C tools/perf DESTDIR=%{buildroot} prefix=%{_prefix} install-python_ext # Install bpftool make -C tools/bpf/bpftool DESTDIR=%{buildroot} prefix=%{_prefix} bash_compdir=%{_sysconfdir}/bash_completion.d/ mandir=%{_mandir} install %ifarch x86_64 # Install turbostat cpupower make -C tools DESTDIR=%{buildroot} prefix=%{_prefix} bash_compdir=%{_sysconfdir}/bash_completion.d/ mandir=%{_mandir} turbostat_install cpupower_install %endif # Remove trace (symlink to perf). This file causes duplicate identical debug symbols rm -vf %{buildroot}%{_bindir}/trace %triggerin -- initramfs mkdir -p %{_localstatedir}/lib/rpm-state/initramfs/pending touch %{_localstatedir}/lib/rpm-state/initramfs/pending/%{uname_r} echo "initrd generation of kernel %{uname_r} will be triggered later" >&2 %triggerun -- initramfs rm -rf %{_localstatedir}/lib/rpm-state/initramfs/pending/%{uname_r} rm -rf /boot/initrd.img-%{uname_r} echo "initrd of kernel %{uname_r} removed" >&2 %postun if [ ! -e /boot/mariner.cfg ] then ls /boot/linux-*.cfg 1> /dev/null 2>&1 if [ $? -eq 0 ] then list=`ls -tu /boot/linux-*.cfg | head -n1` test -n "$list" && ln -sf "$list" /boot/mariner.cfg fi fi %grub2_postun %post /sbin/depmod -a %{uname_r} ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %grub2_post %post drivers-accessibility /sbin/depmod -a %{uname_r} %post drivers-gpu /sbin/depmod -a %{uname_r} %post drivers-sound /sbin/depmod -a %{uname_r} %files %defattr(-,root,root) %license COPYING %exclude %dir /usr/lib/debug /boot/System.map-%{uname_r} /boot/config-%{uname_r} /boot/vmlinuz-%{uname_r} /boot/.vmlinuz-%{uname_r}.hmac %config(noreplace) /boot/linux-%{uname_r}.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %defattr(0644,root,root) /lib/modules/%{uname_r}/* /lib/modules/%{uname_r}/.vmlinuz.hmac %exclude /lib/modules/%{uname_r}/build %exclude /lib/modules/%{uname_r}/kernel/drivers/accessibility %exclude /lib/modules/%{uname_r}/kernel/drivers/gpu %exclude /lib/modules/%{uname_r}/kernel/sound %files docs %defattr(-,root,root) %{_defaultdocdir}/linux-%{uname_r}/* %files devel %defattr(-,root,root) /lib/modules/%{uname_r}/build %{_prefix}/src/linux-headers-%{uname_r} %files drivers-accessibility %defattr(-,root,root) /lib/modules/%{uname_r}/kernel/drivers/accessibility %files drivers-gpu %defattr(-,root,root) /lib/modules/%{uname_r}/kernel/drivers/gpu %files drivers-sound %defattr(-,root,root) /lib/modules/%{uname_r}/kernel/sound %files tools %defattr(-,root,root) %{_libexecdir} %exclude %dir %{_libdir}/debug %ifarch x86_64 %{_sbindir}/cpufreq-bench %{_lib64dir}/traceevent %{_lib64dir}/libperf-jvmti.so %{_lib64dir}/libcpupower.so* %{_sysconfdir}/cpufreq-bench.conf %{_includedir}/cpuidle.h %{_includedir}/cpufreq.h %{_mandir}/man1/cpupower*.gz %{_mandir}/man8/turbostat*.gz %{_datadir}/locale/*/LC_MESSAGES/cpupower.mo %{_datadir}/bash-completion/completions/cpupower %endif %ifarch aarch64 %{_libdir}/traceevent %{_libdir}/libperf-jvmti.so %endif %{_bindir} %{_sysconfdir}/bash_completion.d/* %{_datadir}/perf-core/strace/groups/file %{_datadir}/perf-core/strace/groups/string %{_docdir}/* %{_libdir}/perf/examples/bpf/* %{_libdir}/perf/include/bpf/* %{_includedir}/perf/perf_dlfilter.h %files -n python3-perf %{python3_sitearch}/* %ifarch aarch64 %files dtb /boot/dtb/fsl-imx8mq-evk.dtb %endif %files -n bpftool %{_sbindir}/bpftool %{_sysconfdir}/bash_completion.d/bpftool %changelog * Wed Sep 18 2024 CBL-Mariner Servicing Account - 5.15.167.1-1 - Auto-upgrade to 5.15.167.1 * Thu Aug 29 2024 CBL-Mariner Servicing Account - 5.15.165.1-1 - Auto-upgrade to 5.15.165.1 * Fri Aug 09 2024 CBL-Mariner Servicing Account - 5.15.164.1-1 - Auto-upgrade to 5.15.164.1 * Wed Jul 17 2024 CBL-Mariner Servicing Account - 5.15.162.2-1 - Auto-upgrade to 5.15.162.2 * Thu Jul 11 2024 CBL-Mariner Servicing Account - 5.15.162.1-1 - Auto-upgrade to 5.15.162.1 * Sat Jun 08 2024 CBL-Mariner Servicing Account - 5.15.160.1-1 - Auto-upgrade to 5.15.160.1 * Fri Jun 07 2024 Rachel Menge - 5.15.158.2-1 - Revert to 5.15.158.2 * Wed May 22 2024 CBL-Mariner Servicing Account - 5.15.159.1-1 - Auto-upgrade to 5.15.159.1 * Fri May 10 2024 CBL-Mariner Servicing Account - 5.15.158.1-1 - Auto-upgrade to 5.15.158.1 * Tue Apr 30 2024 CBL-Mariner Servicing Account - 5.15.157.1-1 - Auto-upgrade to 5.15.157.1 * Wed Mar 27 2024 CBL-Mariner Servicing Account - 5.15.153.1-1 - Auto-upgrade to 5.15.153.1 * Mon Mar 25 2024 Rachel Menge - 5.15.151.2-1 - Upgrade to 5.15.151.2 * Wed Mar 13 2024 CBL-Mariner Servicing Account - 5.15.151.1-1 - Auto-upgrade to 5.15.151.1 * Sat Mar 02 2024 CBL-Mariner Servicing Account - 5.15.150.1-1 - Auto-upgrade to 5.15.150.1 * Thu Feb 08 2024 CBL-Mariner Servicing Account - 5.15.148.2-1 - Auto-upgrade to 5.15.148.2 * Tue Jan 30 2024 CBL-Mariner Servicing Account - 5.15.148.1-1 - Auto-upgrade to 5.15.148.1 * Thu Jan 25 2024 CBL-Mariner Servicing Account - 5.15.147.1-1 - Auto-upgrade to 5.15.147.1 * Tue Jan 16 2024 Gary Swalling - 5.15.145.2-1 - Update to 5.15.145.2 * Tue Dec 05 2023 CBL-Mariner Servicing Account - 5.15.139.1-1 - Auto-upgrade to 5.15.139.1 * Tue Nov 21 2023 CBL-Mariner Servicing Account - 5.15.138.1-1 - Auto-upgrade to 5.15.138.1 * Mon Nov 20 2023 Rachel Menge - 5.15.137.1-2 - Add missing BuildRequires cpio * Mon Nov 06 2023 CBL-Mariner Servicing Account - 5.15.137.1-1 - Auto-upgrade to 5.15.137.1 * Tue Oct 17 2023 CBL-Mariner Servicing Account - 5.15.135.1-1 - Auto-upgrade to 5.15.135.1 * Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 - Auto-upgrade to 5.15.133.1 * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Call grub2-mkconfig to regenerate configs only if the user has previously used grub2-mkconfig for boot configuration. * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) * Fri Sep 08 2023 CBL-Mariner Servicing Account - 5.15.131.1-1 - Auto-upgrade to 5.15.131.1 * Mon Aug 14 2023 CBL-Mariner Servicing Account - 5.15.126.1-1 - Auto-upgrade to 5.15.126.1 * Wed Aug 09 2023 CBL-Mariner Servicing Account - 5.15.125.1-1 - Auto-upgrade to 5.15.125.1 * Tue Aug 01 2023 CBL-Mariner Servicing Account - 5.15.123.1-1 - Auto-upgrade to 5.15.123.1 * Wed Jul 26 2023 CBL-Mariner Servicing Account - 5.15.122.1-1 - Auto-upgrade to 5.15.122.1 * Wed Jun 28 2023 CBL-Mariner Servicing Account - 5.15.118.1-1 - Auto-upgrade to 5.15.118.1 * Tue Jun 13 2023 CBL-Mariner Servicing Account - 5.15.116.1-1 - Auto-upgrade to 5.15.116.1 * Tue May 23 2023 CBL-Mariner Servicing Account - 5.15.112.1-1 - Auto-upgrade to 5.15.112.1 * Mon May 15 2023 CBL-Mariner Servicing Account - 5.15.111.1-1 - Auto-upgrade to 5.15.111.1 * Mon May 01 2023 CBL-Mariner Servicing Account - 5.15.110.1-1 - Auto-upgrade to 5.15.110.1 * Wed Apr 19 2023 Rachel Menge - 5.15.107.1-2 - Disable rpm's debuginfo defaults which regenerate build-ids * Tue Apr 18 2023 CBL-Mariner Servicing Account - 5.15.107.1-1 - Auto-upgrade to 5.15.107.1 * Tue Mar 14 2023 CBL-Mariner Servicing Account - 5.15.102.1-1 - Auto-upgrade to 5.15.102.1 * Mon Mar 06 2023 CBL-Mariner Servicing Account - 5.15.98.1-1 - Auto-upgrade to 5.15.98.1 * Sat Feb 25 2023 CBL-Mariner Servicing Account - 5.15.95.1-1 - Auto-upgrade to 5.15.95.1 * Wed Feb 22 2023 CBL-Mariner Servicing Account - 5.15.94.1-1 - Auto-upgrade to 5.15.94.1 * Wed Feb 15 2023 Rachel Menge - 5.15.92.1-2 - Install vmlinux as root executable for debuginfo * Mon Feb 06 2023 CBL-Mariner Servicing Account - 5.15.92.1-1 - Auto-upgrade to 5.15.92.1 * Thu Jan 05 2023 Rachel Menge - 5.15.86.1-1 - Create kernel-azure from kernel RPM * Fri Dec 23 2022 CBL-Mariner Servicing Account - 5.15.85.1-1 - Auto-upgrade to 5.15.85.1 * Mon Dec 19 2022 Betty Lakes - 5.15.82.1-2 - Turn on Generic Target Core Mod * Tue Dec 13 2022 CBL-Mariner Servicing Account - 5.15.82.1-1 - Auto-upgrade to 5.15.82.1 * Wed Dec 07 2022 CBL-Mariner Servicing Account - 5.15.81.1-1 - Auto-upgrade to 5.15.81.1 * Mon Dec 05 2022 Betty Lakes - 5.15.80.1-2 - Turn on hibernation and its dependencies * Tue Nov 29 2022 CBL-Mariner Servicing Account - 5.15.80.1-1 - Auto-upgrade to 5.15.80.1 * Fri Nov 18 2022 CBL-Mariner Servicing Account - 5.15.79.1-1 - Auto-upgrade to 5.15.79.1 * Tue Nov 08 2022 CBL-Mariner Servicing Account - 5.15.77.1-1 - Auto-upgrade to 5.15.77.1 * Wed Oct 26 2022 Rachel Menge - 5.15.74.1-3 - Turn on Configs for different TCP algorithms * Mon Oct 24 2022 Cameron Baird - 5.15.74.1-2 - Package gpu kernel modules in new package kernel-drivers-gpu * Wed Oct 19 2022 CBL-Mariner Servicing Account - 5.15.74.1-1 - Upgrade to 5.15.74.1 * Fri Oct 07 2022 CBL-Mariner Servicing Account - 5.15.72.1-1 - Upgrade to 5.15.72.1 * Tue Sep 27 2022 CBL-Mariner Servicing Account - 5.15.70.1-1 - Upgrade to 5.15.70.1 * Mon Sep 26 2022 CBL-Mariner Servicing Account - 5.15.69.1-1 - Upgrade to 5.15.69.1 * Thu Sep 22 2022 Chris Co - 5.15.67.1-4 - Enable SCSI logging facility * Tue Sep 20 2022 Chris Co - 5.15.67.1-3 - Enable 32-bit time syscall support * Fri Sep 16 2022 Cameron Baird - 5.15.67.1-2 - Enable CONFIG_NETFILTER_XT_TARGET_TRACE as a module * Thu Sep 15 2022 CBL-Mariner Servicing Account - 5.15.67.1-1 - Upgrade to 5.15.67.1 * Thu Sep 15 2022 Adit Jha - 5.15.63.1-4 - Setting vfat module in kernel config to Y to be baked in * Tue Sep 13 2022 Saul Paredes - 5.15.63.1-3 - Adjust crashkernel param to crash, dump memory to a file, and recover correctly * Tue Sep 06 2022 Nikola Bojanic - 5.15.63.1-2 - Enable CRIU support: https://criu.org/Linux_kernel * Mon Aug 29 2022 CBL-Mariner Servicing Account - 5.15.63.1-1 - Upgrade to 5.15.63.1 * Wed Aug 17 2022 Cameron Baird - 5.15.60.2-1 - Upgrade to 5.15.60.2 to fix arm64 builds * Tue Aug 02 2022 Rachel Menge - 5.15.57.1-3 - Turn on CONFIG_SECURITY_LANDLOCK * Mon Aug 01 2022 Rachel Menge - 5.15.57.1-2 - Turn on CONFIG_BLK_DEV_ZONED * Tue Jul 26 2022 CBL-Mariner Servicing Account - 5.15.57.1-1 - Upgrade to 5.15.57.1 * Fri Jul 22 2022 CBL-Mariner Servicing Account - 5.15.55.1-1 - Upgrade to 5.15.55.1 * Thu Jul 21 2022 Henry Li - 5.15.48.1-6 - Add turbostat and cpupower to kernel-tools * Fri Jul 08 2022 Francis Laniel - 5.15.48.1-5 - Add back CONFIG_FTRACE_SYSCALLS to enable eBPF CO-RE syscalls tracers. - Add CONFIG_IKHEADERS=m to enable eBPF standard tracers. * Mon Jun 27 2022 Neha Agarwal - 5.15.48.1-4 - Remove 'quiet' from commandline to enable verbose log * Mon Jun 27 2022 Henry Beberman - 5.15.48.1-3 - Enable CONFIG_VIRTIO_FS=m and CONFIG_FUSE_DAX=y - Symlink /lib/modules/uname/vmlinuz to /boot/vmlinuz-uname to improve compat with scripts seeking the kernel. * Wed Jun 22 2022 Max Brodeur-Urbas - 5.15.48.1-2 - Enabling Vgem driver in config. * Fri Jun 17 2022 Neha Agarwal - 5.15.48.1-1 - Update source to 5.15.48.1 * Tue Jun 14 2022 Pawel Winogrodzki - 5.15.45.1-2 - Moving ".config" update and check steps into the %%prep section. * Thu Jun 09 2022 Cameron Baird - 5.15.45.1-1 - Update source to 5.15.45.1 - Address CVE-2022-32250 with a nopatch * Mon Jun 06 2022 Max Brodeur-Urbas - 5.15.41.1-4 - Compiling ptp_kvm driver as a module * Wed Jun 01 2022 Pawel Winogrodzki - 5.15.41.1-3 - Enabling "LIVEPATCH" config option. * Thu May 26 2022 Minghe Ren - 5.15.41.1-2 - Disable SMACK kernel configuration * Tue May 24 2022 Cameron Baird - 5.15.41.1-1 - Update source to 5.15.41.1 - Nopatch CVE-2020-35501, CVE-2022-28893, CVE-2022-29581 * Mon May 23 2022 Neha Agarwal - 5.15.37.1-3 - Fix configs to bring down initrd boot time * Mon May 16 2022 Neha Agarwal - 5.15.37.1-2 - Fix cdrom, hyperv-mouse, kexec and crash-on-demand config in aarch64 * Mon May 09 2022 Neha Agarwal - 5.15.37.1-1 - Update source to 5.15.37.1 - Nopatch CVE-2021-4095, CVE-2022-0500, CVE-2022-0998, CVE-2022-28796, CVE-2022-29582, CVE-2022-1048, CVE-2022-1195, CVE-2022-1353, CVE-2022-29968, CVE-2022-1015 - Enable IFB config * Tue Apr 19 2022 Cameron Baird - 5.15.34.1-1 - Update source to 5.15.34.1 - Clean up nopatches in Patch list, no longer needed for CVE automation - Nopatch CVE-2022-28390, CVE-2022-28389, CVE-2022-28388, CVE-2022-28356, CVE-2022-0435, CVE-2021-4202, CVE-2022-27950, CVE-2022-0433, CVE-2022-0494, CVE-2022-0330, CVE-2022-0854, CVE-2021-4197, CVE-2022-29156 * Tue Apr 19 2022 Max Brodeur-Urbas - 5.15.32.1-3 - Remove kernel lockdown config from grub envblock * Tue Apr 12 2022 Andrew Phelps - 5.15.32.1-2 - Remove trace symlink from _bindir - Exclude files and directories under the debug folder from kernel and kernel-tools packages - Remove BR for xerces-c-devel * Fri Apr 08 2022 Neha Agarwal - 5.15.32.1-1 - Update source to 5.15.32.1 - Address CVES: 2022-0516, 2022-26878, 2022-27223, 2022-24958, 2022-0742, 2022-1011, 2022-26490, 2021-4002 - Enable MANA driver config - Address CVEs 2022-0995, 2022-1055, 2022-27666 * Tue Apr 05 2022 Henry Li - 5.15.26.1-4 - Add Dell devices support * Mon Mar 28 2022 Rachel Menge - 5.15.26.1-3 - Remove hardcoded mariner.pem from configs and instead insert during the build phase * Mon Mar 14 2022 Vince Perri - 5.15.26.1-2 - Add support for compressed firmware * Tue Mar 08 2022 cameronbaird - 5.15.26.1-1 - Update source to 5.15.26.1 - Address CVES: 2022-0617, 2022-25375, 2022-25258, 2021-4090, 2022-25265, 2021-45402, 2022-0382, 2022-0185, 2021-44879, 2022-24959, 2022-0264, 2022-24448, 2022-24122, 2021-20194, 2022-0847, 1999-0524, 2008-4609, 2010-0298, 2010-4563, 2011-0640, 2022-0492, 2021-3743, 2022-26966 * Mon Mar 07 2022 George Mileka - 5.15.18.1-5 - Enabled vfio noiommu. * Fri Feb 25 2022 Henry Li - 5.15.18.1-4 - Enable CONFIG_DEVMEM, CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM * Thu Feb 24 2022 Cameron Baird - 5.15.18.1-3 - CONFIG_BPF_UNPRIV_DEFAULT_OFF=y * Thu Feb 24 2022 Suresh Babu Chalamalasetty - 5.15.18.1-2 - Add usbip required kernel configs CONFIG_USBIP_CORE CONFIG_USBIP_VHCI_HCD * Mon Feb 07 2022 Cameron Baird - 5.15.18.1-1 - Update source to 5.15.18.1 - Address CVE-2010-0309, CVE-2018-1000026, CVE-2018-16880, CVE-2019-3016, CVE-2019-3819, CVE-2019-3887, CVE-2020-25672, CVE-2021-3564, CVE-2021-45095, CVE-2021-45469, CVE-2021-45480 * Thu Feb 03 2022 Henry Li - 5.15.2.1-5 - Enable CONFIG_X86_SGX and CONFIG_X86_SGX_KVM * Wed Feb 02 2022 Rachel Menge - 5.15.2.1-4 - Add libperf-jvmti.so to tools package * Thu Jan 27 2022 Daniel Mihai - 5.15.2.1-3 - Enable kdb frontend for kgdb * Sun Jan 23 2022 Chris Co - 5.15.2.1-2 - Rotate Mariner cert * Thu Jan 06 2022 Rachel Menge - 5.15.2.1-1 - Update source to 5.15.2.1 * Tue Jan 04 2022 Suresh Babu Chalamalasetty - 5.10.78.1-3 - Add provides exclude for debug build-id for aarch64 to generate debuginfo rpm - Fix missing brackets for __os_install_post. * Tue Dec 28 2021 Suresh Babu Chalamalasetty - 5.10.78.1-2 - Enable CONFIG_COMPAT kernel configs * Tue Nov 23 2021 Rachel Menge - 5.10.78.1-1 - Update source to 5.10.78.1 - Address CVE-2021-43267, CVE-2021-42739, CVE-2021-42327, CVE-2021-43389 - Add patch to fix SPDX-License-Identifier in headers * Mon Nov 15 2021 Thomas Crain - 5.10.74.1-4 - Add python3-perf subpackage and add python3-devel to build-time requirements - Exclude accessibility modules from main package to avoid subpackage conflict - Remove redundant License tag from bpftool subpackage * Thu Nov 04 2021 Andrew Phelps - 5.10.74.1-3 - Update configs for gcc 11.2.0 and binutils 2.37 updates * Tue Oct 26 2021 Rachel Menge - 5.10.74.1-2 - Update configs for eBPF support - Add dwarves Build-requires * Tue Oct 19 2021 Rachel Menge - 5.10.74.1-1 - Update source to 5.10.74.1 - Address CVE-2021-41864, CVE-2021-42252 - License verified * Thu Oct 07 2021 Rachel Menge - 5.10.69.1-1 - Update source to 5.10.69.1 - Address CVE-2021-38300, CVE-2021-41073, CVE-2021-3653, CVE-2021-42008 * Wed Sep 22 2021 Rachel Menge - 5.10.64.1-2 - Enable CONFIG_NET_VRF - Add vrf to drivers argument for dracut * Mon Sep 20 2021 Rachel Menge - 5.10.64.1-1 - Update source to 5.10.64.1 * Fri Sep 17 2021 Rachel Menge - 5.10.60.1-1 - Remove cn from dracut drivers argument - Update source to 5.10.60.1 - Address CVE-2021-38166, CVE-2021-38205, CVE-2021-3573 CVE-2021-37576, CVE-2021-34556, CVE-2021-35477, CVE-2021-28691, CVE-2021-3564, CVE-2020-25639, CVE-2021-29657, CVE-2021-38199, CVE-2021-38201, CVE-2021-38202, CVE-2021-38207, CVE-2021-38204, CVE-2021-38206, CVE-2021-38208, CVE-2021-38200, CVE-2021-38203, CVE-2021-38160, CVE-2021-3679, CVE-2021-38198, CVE-2021-38209, CVE-2021-3655 - Add patch to fix VDSO in HyperV * Thu Sep 09 2021 Muhammad Falak - 5.10.52.1-2 - Export `bpftool` subpackage * Tue Jul 20 2021 Rachel Menge - 5.10.52.1-1 - Update source to 5.10.52.1 - Address CVE-2021-35039, CVE-2021-33909 * Mon Jul 19 2021 Chris Co - 5.10.47.1-2 - Enable CONFIG_CONNECTOR and CONFIG_PROC_EVENTS * Tue Jul 06 2021 Rachel Menge - 5.10.47.1-1 - Update source to 5.10.47.1 - Address CVE-2021-34693, CVE-2021-33624 * Wed Jun 30 2021 Chris Co - 5.10.42.1-4 - Enable legacy mcelog config * Tue Jun 22 2021 Suresh Babu Chalamalasetty - 5.10.42.1-3 - Enable CONFIG_IOSCHED_BFQ and CONFIG_BFQ_GROUP_IOSCHED configs * Wed Jun 16 2021 Chris Co - 5.10.42.1-2 - Enable CONFIG_CROSS_MEMORY_ATTACH * Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 - Update source to 5.10.42.1 - Address CVE-2021-33200 * Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 - Address CVE-2020-25672 * Fri May 28 2021 Rachel Menge - 5.10.37.1-1 - Update source to 5.10.37.1 - Address CVE-2021-23134, CVE-2021-29155, CVE-2021-31829, CVE-2021-31916, CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-3483 CVE-2021-3501, CVE-2021-3506 * Thu May 27 2021 Chris Co - 5.10.32.1-7 - Set lockdown=integrity by default * Wed May 26 2021 Chris Co - 5.10.32.1-6 - Add Mariner cert into the trusted kernel keyring * Tue May 25 2021 Daniel Mihai - 5.10.32.1-5 - Enable kernel debugger * Thu May 20 2021 Nicolas Ontiveros - 5.10.32.1-4 - Bump release number to match kernel-signed update * Mon May 17 2021 Andrew Phelps - 5.10.32.1-3 - Update CONFIG_LD_VERSION for binutils 2.36.1 - Remove build-id match check * Thu May 13 2021 Rachel Menge - 5.10.32.1-2 - Add CONFIG_AS_HAS_LSE_ATOMICS=y * Mon May 03 2021 Rachel Menge - 5.10.32.1-1 - Update source to 5.10.32.1 - Address CVE-2021-23133, CVE-2021-29154, CVE-2021-30178 * Thu Apr 22 2021 Chris Co - 5.10.28.1-4 - Disable CONFIG_EFI_DISABLE_PCI_DMA. It can cause boot issues on some hardware. * Mon Apr 19 2021 Chris Co - 5.10.28.1-3 - Bump release number to match kernel-signed update * Thu Apr 15 2021 Rachel Menge - 5.10.28.1-2 - Address CVE-2021-29648 * Thu Apr 08 2021 Chris Co - 5.10.28.1-1 - Update source to 5.10.28.1 - Update uname_r define to match the new value derived from the source - Address CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660, CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971, CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508, CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646, CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002 * Fri Mar 26 2021 Daniel Mihai - 5.10.21.1-4 - Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR * Thu Mar 18 2021 Chris Co - 5.10.21.1-3 - Address CVE-2021-27365, CVE-2021-27364, CVE-2021-27363 - Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS * Wed Mar 17 2021 Nicolas Ontiveros - 5.10.21.1-2 - Disable QAT kernel configs * Thu Mar 11 2021 Chris Co - 5.10.21.1-1 - Update source to 5.10.21.1 - Add virtio drivers to be installed into initrd - Address CVE-2021-26930, CVE-2020-35499, CVE-2021-26931, CVE-2021-26932 * Fri Mar 05 2021 Chris Co - 5.10.13.1-4 - Enable kernel lockdown config * Thu Mar 04 2021 Suresh Babu Chalamalasetty - 5.10.13.1-3 - Add configs for CONFIG_BNXT bnxt_en and MSR drivers * Mon Feb 22 2021 Thomas Crain - 5.10.13.1-2 - Add configs for speakup and uinput drivers - Add kernel-drivers-accessibility subpackage * Thu Feb 18 2021 Chris Co - 5.10.13.1-1 - Update source to 5.10.13.1 - Remove patch to publish efi tpm event log on ARM. Present in updated source. - Remove patch for arm64 hyperv support. Present in updated source. - Account for new module.lds location on aarch64 - Remove CONFIG_GCC_PLUGIN_RANDSTRUCT - Add CONFIG_SCSI_SMARTPQI=y * Thu Feb 11 2021 Nicolas Ontiveros - 5.4.91-5 - Add configs to enable tcrypt in FIPS mode * Tue Feb 09 2021 Nicolas Ontiveros - 5.4.91-4 - Use OpenSSL to perform HMAC calc * Thu Jan 28 2021 Nicolas Ontiveros - 5.4.91-3 - Add configs for userspace crypto support - HMAC calc the kernel for FIPS * Wed Jan 27 2021 Daniel McIlvaney - 5.4.91-2 - Enable dm-verity boot support with FEC * Wed Jan 20 2021 Chris Co - 5.4.91-1 - Update source to 5.4.91 - Address CVE-2020-29569, CVE-2020-28374, CVE-2020-36158 - Remove patch to fix GUI installer crash. Fixed in updated source. * Tue Jan 12 2021 Rachel Menge - 5.4.83-4 - Add imx8mq support * Sat Jan 09 2021 Andrew Phelps - 5.4.83-3 - Add patch to fix GUI installer crash * Mon Dec 28 2020 Nicolas Ontiveros - 5.4.83-2 - Address CVE-2020-27777 * Tue Dec 15 2020 Henry Beberman - 5.4.83-1 - Update source to 5.4.83 - Address CVE-2020-14351, CVE-2020-14381, CVE-2020-25656, CVE-2020-25704, CVE-2020-29534, CVE-2020-29660, CVE-2020-29661 * Fri Dec 04 2020 Chris Co - 5.4.81-1 - Update source to 5.4.81 - Remove patch for kexec in HyperV. Integrated in 5.4.81. - Address CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368, CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915, CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372, CVE-2020-27194, CVE-2020-27152 * Wed Nov 25 2020 Chris Co - 5.4.72-5 - Add patch to publish efi tpm event log on ARM * Mon Nov 23 2020 Chris Co - 5.4.72-4 - Apply patch to fix kexec in HyperV * Mon Nov 16 2020 Suresh Babu Chalamalasetty - 5.4.72-3 - Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact * Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 - Enable kernel configs for Arm64 HyperV, Ampere and Cavium SoCs support * Mon Oct 26 2020 Chris Co - 5.4.72-1 - Update source to 5.4.72 - Remove patch to support CometLake e1000e ethernet. Integrated in 5.4.72. - Add license file - Lint spec - Address CVE-2018-1000026, CVE-2018-16880, CVE-2020-12464, CVE-2020-12465, CVE-2020-12659, CVE-2020-15780, CVE-2020-14356, CVE-2020-14386, CVE-2020-25645, CVE-2020-25643, CVE-2020-25211, CVE-2020-25212, CVE-2008-4609, CVE-2020-14331, CVE-2010-0298, CVE-2020-10690, CVE-2020-25285, CVE-2020-10711, CVE-2019-3887, CVE-2020-14390, CVE-2019-19338, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10781, CVE-2020-12768, CVE-2020-14314, CVE-2020-14385, CVE-2020-25641, CVE-2020-26088, CVE-2020-10942, CVE-2020-12826, CVE-2019-3016, CVE-2019-3819, CVE-2020-16166, CVE-2020-11608, CVE-2020-11609, CVE-2020-25284, CVE-2020-12888, CVE-2017-8244, CVE-2017-8245, CVE-2017-8246, CVE-2009-4484, CVE-2015-5738, CVE-2007-4998, CVE-2010-0309, CVE-2011-0640, CVE-2020-12656, CVE-2011-2519, CVE-1999-0656, CVE-2010-4563, CVE-2019-20794, CVE-1999-0524 * Fri Oct 16 2020 Suresh Babu Chalamalasetty - 5.4.51-11 - Enable QAT kernel configs * Fri Oct 02 2020 Chris Co - 5.4.51-10 - Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 * Fri Oct 02 2020 Chris Co - 5.4.51-9 - Fix aarch64 build error * Wed Sep 30 2020 Emre Girgin - 5.4.51-8 - Update postun script to deal with removal in case of another installed kernel. * Fri Sep 25 2020 Suresh Babu Chalamalasetty - 5.4.51-7 - Enable Mellanox kernel configs * Wed Sep 23 2020 Daniel McIlvaney - 5.4.51-6 - Enable CONFIG_IMA (measurement only) and associated configs * Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-5 - Add code to check for missing config flags in the checked in configs * Thu Sep 03 2020 Chris Co - 5.4.51-4 - Apply additional kernel hardening configs * Thu Sep 03 2020 Chris Co - 5.4.51-3 - Bump release number due to kernel-signed- package update - Minor aarch64 config and changelog cleanup * Tue Sep 01 2020 Chris Co - 5.4.51-2 - Update source hash * Wed Aug 19 2020 Chris Co - 5.4.51-1 - Update source to 5.4.51 - Enable DXGKRNL config - Address CVE-2020-11494, CVE-2020-11565, CVE-2020-12655, CVE-2020-12771, CVE-2020-13974, CVE-2020-15393, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, CVE-2020-9383, CVE-2020-11725 * Wed Aug 19 2020 Chris Co - 5.4.42-12 - Remove the signed package depends * Tue Aug 18 2020 Chris Co - 5.4.42-11 - Remove signed subpackage * Mon Aug 17 2020 Chris Co - 5.4.42-10 - Enable BPF, PC104, userfaultfd, SLUB sysfs, SMC, XDP sockets monitoring configs * Fri Aug 07 2020 Mateusz Malisz - 5.4.42-9 - Add crashkernel=128M to the kernel cmdline - Update config to support kexec and kexec_file_load * Tue Aug 04 2020 Pawel Winogrodzki - 5.4.42-8 - Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct distribution name. * Wed Jul 22 2020 Chris Co - 5.4.42-7 - Address CVE-2020-8992, CVE-2020-12770, CVE-2020-13143, CVE-2020-11884 * Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-6 - Enable CONFIG_MLX5_CORE_IPOIB and CONFIG_INFINIBAND_IPOIB config flags * Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-5 - Adding XDP config flag * Thu Jul 09 2020 Anand Muthurajan - 5.4.42-4 - Enable CONFIG_QED, CONFIG_QEDE, CONFIG_QED_SRIOV and CONFIG_QEDE_VXLAN flags * Wed Jun 24 2020 Chris Co - 5.4.42-3 - Regenerate input config files * Fri Jun 19 2020 Chris Co - 5.4.42-2 - Add kernel-secure subpackage and macros for adding offline signed kernels * Fri Jun 12 2020 Chris Co - 5.4.42-1 - Update source to 5.4.42 * Thu Jun 11 2020 Chris Co - 5.4.23-17 - Enable PAGE_POISONING configs - Disable PROC_KCORE config - Enable RANDOM_TRUST_CPU config for x86_64 * Fri Jun 05 2020 Suresh Babu Chalamalasetty - 5.4.23-16 - Adding BPF config flags * Thu Jun 04 2020 Chris Co - 5.4.23-15 - Add config support for USB video class devices * Wed Jun 03 2020 Nicolas Ontiveros - 5.4.23-14 - Add CONFIG_CRYPTO_XTS=y to config. * Wed Jun 03 2020 Chris Co - 5.4.23-13 - Add patch to support CometLake e1000e ethernet - Remove drivers-gpu subpackage - Inline the initramfs trigger and postun source files - Remove rpi3 dtb and ls1012 dtb subpackages * Wed May 27 2020 Chris Co - 5.4.23-12 - Update arm64 security configs - Disable devmem in x86_64 config * Tue May 26 2020 Daniel Mihai - 5.4.23-11 - Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). * Fri May 22 2020 Emre Girgin - 5.4.23-10 - Change /boot directory permissions to 600. * Thu May 21 2020 Chris Co - 5.4.23-9 - Update x86_64 security configs * Wed May 20 2020 Suresh Babu Chalamalasetty - 5.4.23-8 - Adding InfiniBand config flags * Mon May 11 2020 Anand Muthurajan - 5.4.23-7 - Adding PPP config flags * Tue Apr 28 2020 Emre Girgin - 5.4.23-6 - Renaming Linux-PAM to pam * Tue Apr 28 2020 Emre Girgin - 5.4.23-5 - Renaming linux to kernel * Tue Apr 14 2020 Emre Girgin - 5.4.23-4 - Remove linux-aws and linux-esx references. - Remove kat_build usage. - Remove ENA module. * Fri Apr 10 2020 Emre Girgin - 5.4.23-3 - Remove xml-security-c dependency. * Wed Apr 08 2020 Nicolas Ontiveros - 5.4.23-2 - Remove toybox and only use coreutils for requires. * Tue Dec 10 2019 Chris Co - 5.4.23-1 - Update to Microsoft Linux Kernel 5.4.23 - Remove patches - Update ENA module to 2.1.2 to work with Linux 5.4.23 - Remove xr module - Remove Xen tmem module from dracut module list to fix initramfs creation - Add patch to fix missing trans_pgd header in aarch64 build * Fri Oct 11 2019 Henry Beberman - 4.19.52-8 - Enable Hyper-V TPM in config * Tue Sep 03 2019 Mateusz Malisz - 4.19.52-7 - Initial CBL-Mariner import from Photon (license: Apache2). * Thu Jul 25 2019 Keerthana K - 4.19.52-6 - Fix postun scriplet. * Thu Jul 11 2019 Keerthana K - 4.19.52-5 - Enable kernel configs necessary for BPF Compiler Collection (BCC). * Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 - Deprecate linux-aws-tools in favor of linux-tools. * Tue Jul 02 2019 Alexey Makhalov - 4.19.52-3 - Fix 9p vsock 16bit port issue. * Thu Jun 20 2019 Tapas Kundu - 4.19.52-2 - Enabled CONFIG_I2C_CHARDEV to support lm-sensors * Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 - Update to version 4.19.52 - Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, - CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 * Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 - Change default I/O scheduler to 'deadline' to fix performance issue. * Tue May 14 2019 Keerthana K - 4.19.40-2 - Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if - mulitple kernels are installed and current linux kernel is removed. * Tue May 07 2019 Ajay Kaher - 4.19.40-1 - Update to version 4.19.40 * Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 - Update config_aarch64 to fix ARM64 build. * Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 - Fix CVE-2019-10125 * Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 - Update to version 4.19.32 * Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 - Update to version 4.19.29 * Tue Mar 05 2019 Ajay Kaher - 4.19.26-1 - Update to version 4.19.26 * Thu Feb 21 2019 Him Kalyan Bordoloi - 4.19.15-3 - Fix CVE-2019-8912 * Thu Jan 24 2019 Alexey Makhalov - 4.19.15-2 - Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. * Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 - Update to version 4.19.15 * Fri Jan 11 2019 Srinidhi Rao - 4.19.6-7 - Add Network support for NXP LS1012A board. * Wed Jan 09 2019 Ankit Jain - 4.19.6-6 - Enable following for x86_64 and aarch64: - Enable Kernel Address Space Layout Randomization. - Enable CONFIG_SECURITY_NETWORK_XFRM * Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 - Enable AppArmor by default. * Wed Jan 02 2019 Alexey Makhalov - 4.19.6-4 - .config: added Compulab fitlet2 device drivers - .config_aarch64: added gpio sysfs support - renamed -sound to -drivers-sound * Tue Jan 01 2019 Ajay Kaher - 4.19.6-3 - .config: Enable CONFIG_PCI_HYPERV driver * Wed Dec 19 2018 Srinidhi Rao - 4.19.6-2 - Add NXP LS1012A support. * Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 - Update to version 4.19.6 * Fri Dec 07 2018 Alexey Makhalov - 4.19.1-3 - .config: added qmi wwan module * Mon Nov 12 2018 Ajay Kaher - 4.19.1-2 - Fix config_aarch64 for 4.19.1 * Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 - Update to version 4.19.1 * Tue Oct 16 2018 Him Kalyan Bordoloi - 4.18.9-5 - Change in config to enable drivers for zigbee and GPS * Fri Oct 12 2018 Ajay Kaher - 4.18.9-4 - Enable LAN78xx for aarch64 rpi3 * Fri Oct 5 2018 Ajay Kaher - 4.18.9-3 - Fix config_aarch64 for 4.18.9 - Add module.lds for aarch64 * Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 - Use updated steal time accounting patch. - .config: Enable CONFIG_CPU_ISOLATION and a few networking options - that got accidentally dropped in the last update. * Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 - Update to version 4.18.9 * Tue Sep 25 2018 Ajay Kaher - 4.14.67-2 - Build hang (at make oldconfig) fix in config_aarch64 * Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 - Update to version 4.14.67 * Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 - Add rdrand-based RNG driver to enhance kernel entropy. * Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 - Add full retpoline support by building with retpoline-enabled gcc. * Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 - Apply out-of-tree patches needed for AppArmor. * Wed Aug 22 2018 Alexey Makhalov - 4.14.54-4 - Fix overflow kernel panic in rsi driver. - .config: enable BT stack, enable GPIO sysfs. - Add Exar USB serial driver. * Fri Aug 17 2018 Ajay Kaher - 4.14.54-3 - Enabled USB PCI in config_aarch64 - Build hang (at make oldconfig) fix in config_aarch64 * Thu Jul 19 2018 Alexey Makhalov - 4.14.54-2 - .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m * Mon Jul 09 2018 Him Kalyan Bordoloi - 4.14.54-1 - Update to version 4.14.54 * Fri Jan 26 2018 Alexey Makhalov - 4.14.8-2 - Added vchiq entry to rpi3 dts - Added dtb-rpi3 subpackage * Fri Dec 22 2017 Alexey Makhalov - 4.14.8-1 - Version update * Wed Dec 13 2017 Alexey Makhalov - 4.9.66-4 - KAT build support * Thu Dec 07 2017 Alexey Makhalov - 4.9.66-3 - Aarch64 support * Tue Dec 05 2017 Alexey Makhalov - 4.9.66-2 - Sign and compress modules after stripping. fips=1 requires signed modules * Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 - Version update * Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 - Version update * Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 - Version update * Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 - Add patch "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD" to fix CVE-2017-1000252. * Tue Oct 10 2017 Alexey Makhalov - 4.9.53-2 - Build hang (at make oldconfig) fix. * Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 - Version update * Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 - Allow privileged CLONE_NEWUSER from nested user namespaces. * Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 - Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) * Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 - Version update * Mon Sep 18 2017 Alexey Makhalov - 4.9.47-2 - Requires coreutils or toybox * Mon Sep 04 2017 Alexey Makhalov - 4.9.47-1 - Fix CVE-2017-11600 * Tue Aug 22 2017 Anish Swaminathan - 4.9.43-2 - Add missing xen block drivers * Mon Aug 14 2017 Alexey Makhalov - 4.9.43-1 - Version update - [feature] new sysctl option unprivileged_userns_clone * Wed Aug 09 2017 Alexey Makhalov - 4.9.41-2 - Fix CVE-2017-7542 - [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid panic on modprobe tcrypt * Mon Aug 07 2017 Alexey Makhalov - 4.9.41-1 - Version update * Fri Aug 04 2017 Bo Gan - 4.9.38-6 - Fix initramfs triggers * Tue Aug 01 2017 Anish Swaminathan - 4.9.38-5 - Allow some algorithms in FIPS mode - Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports - bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree - Enable additional NF features * Fri Jul 21 2017 Anish Swaminathan - 4.9.38-4 - Add patches in Hyperv codebase * Fri Jul 21 2017 Anish Swaminathan - 4.9.38-3 - Add missing hyperv drivers * Thu Jul 20 2017 Alexey Makhalov - 4.9.38-2 - Disable scheduler beef up patch * Tue Jul 18 2017 Alexey Makhalov - 4.9.38-1 - Fix CVE-2017-11176 and CVE-2017-10911 * Mon Jul 03 2017 Xiaolin Li - 4.9.34-3 - Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires * Thu Jun 29 2017 Divya Thaluru - 4.9.34-2 - Added obsolete for deprecated linux-dev package * Wed Jun 28 2017 Alexey Makhalov - 4.9.34-1 - [feature] 9P FS security support - [feature] DM Delay target support - Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 * Thu Jun 8 2017 Alexey Makhalov - 4.9.31-1 - Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 CVE-2017-9077 and CVE-2017-9242 - [feature] IPV6 netfilter NAT table support * Fri May 26 2017 Alexey Makhalov - 4.9.30-1 - Added ENA driver for AMI - Fix CVE-2017-7487 and CVE-2017-9059 * Wed May 17 2017 Vinay Kulkarni - 4.9.28-2 - Enable IPVLAN module. * Tue May 16 2017 Alexey Makhalov - 4.9.28-1 - Version update * Wed May 10 2017 Alexey Makhalov - 4.9.27-1 - Version update * Sun May 7 2017 Alexey Makhalov - 4.9.26-1 - Version update - Removed version suffix from config file name * Thu Apr 27 2017 Bo Gan - 4.9.24-2 - Support dynamic initrd generation * Tue Apr 25 2017 Alexey Makhalov - 4.9.24-1 - Fix CVE-2017-6874 and CVE-2017-7618. - Fix audit-devel BuildRequires. - .config: build nvme and nvme-core in kernel. * Mon Mar 6 2017 Alexey Makhalov - 4.9.13-2 - .config: NSX requirements for crypto and netfilter * Tue Feb 28 2017 Alexey Makhalov - 4.9.13-1 - Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 * Thu Feb 09 2017 Alexey Makhalov - 4.9.9-1 - Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576. - .config: added CRYPTO_FIPS support. * Tue Jan 10 2017 Alexey Makhalov - 4.9.2-1 - Update to linux-4.9.2 to fix CVE-2016-10088 - Move linux-tools.spec to linux.spec as -tools subpackage * Mon Dec 19 2016 Xiaolin Li - 4.9.0-2 - BuildRequires Linux-PAM-devel * Mon Dec 12 2016 Alexey Makhalov - 4.9.0-1 - Update to linux-4.9.0 - Add paravirt stolen time accounting feature (from linux-esx), but disable it by default (no-vmw-sta cmdline parameter) * Thu Dec 8 2016 Alexey Makhalov - 4.4.35-3 - net-packet-fix-race-condition-in-packet_set_ring.patch to fix CVE-2016-8655 * Wed Nov 30 2016 Alexey Makhalov - 4.4.35-2 - Expand `uname -r` with release number - Check for build-id matching - Added syscalls tracing support - Compress modules * Mon Nov 28 2016 Alexey Makhalov - 4.4.35-1 - Update to linux-4.4.35 - vfio-pci-fix-integer-overflows-bitmask-check.patch to fix CVE-2016-9083 * Tue Nov 22 2016 Alexey Makhalov - 4.4.31-4 - net-9p-vsock.patch * Thu Nov 17 2016 Alexey Makhalov - 4.4.31-3 - tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch to fix CVE-2015-8964 * Tue Nov 15 2016 Alexey Makhalov - 4.4.31-2 - .config: add cgrup_hugetlb support - .config: add netfilter_xt_{set,target_ct} support - .config: add netfilter_xt_match_{cgroup,ipvs} support * Thu Nov 10 2016 Alexey Makhalov - 4.4.31-1 - Update to linux-4.4.31 * Fri Oct 21 2016 Alexey Makhalov - 4.4.26-1 - Update to linux-4.4.26 * Wed Oct 19 2016 Alexey Makhalov - 4.4.20-6 - net-add-recursion-limit-to-GRO.patch - scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch * Tue Oct 18 2016 Alexey Makhalov - 4.4.20-5 - ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch - tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch * Mon Oct 3 2016 Alexey Makhalov - 4.4.20-4 - Package vmlinux with PROGBITS sections in -debuginfo subpackage * Tue Sep 27 2016 Alexey Makhalov - 4.4.20-3 - .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m * Tue Sep 20 2016 Alexey Makhalov - 4.4.20-2 - Add -release number for /boot/* files - Use initrd.img with version and release number - Rename -dev subpackage to -devel * Wed Sep 7 2016 Alexey Makhalov - 4.4.20-1 - Update to linux-4.4.20 - apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch - keys-fix-asn.1-indefinite-length-object-parsing.patch * Thu Aug 25 2016 Alexey Makhalov - 4.4.8-11 - vmxnet3 patches to bumpup a version to 1.4.8.0 * Wed Aug 10 2016 Alexey Makhalov - 4.4.8-10 - Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch - .config: pmem hotplug + ACPI NFIT support - .config: enable EXPERT mode, disable UID16 syscalls * Thu Jul 07 2016 Alexey Makhalov - 4.4.8-9 - .config: pmem + fs_dax support * Fri Jun 17 2016 Alexey Makhalov - 4.4.8-8 - patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch - .config: disable rt group scheduling - not supported by systemd * Wed Jun 15 2016 Harish Udaiya Kumar - 4.4.8-7 - fixed the capitalization for - System.map * Thu May 26 2016 Alexey Makhalov - 4.4.8-6 - patch: REVERT-sched-fair-Beef-up-wake_wide.patch * Tue May 24 2016 Priyesh Padmavilasom - 4.4.8-5 - GA - Bump release of all rpms * Mon May 23 2016 Harish Udaiya Kumar - 4.4.8-4 - Fixed generation of debug symbols for kernel modules & vmlinux. * Mon May 23 2016 Divya Thaluru - 4.4.8-3 - Added patches to fix CVE-2016-3134, CVE-2016-3135 * Wed May 18 2016 Harish Udaiya Kumar - 4.4.8-2 - Enabled CONFIG_UPROBES in config as needed by ktap * Wed May 04 2016 Alexey Makhalov - 4.4.8-1 - Update to linux-4.4.8 - Added net-Drivers-Vmxnet3-set-... patch * Tue May 03 2016 Vinay Kulkarni - 4.2.0-27 - Compile Intel GigE and VMXNET3 as part of kernel. * Thu Apr 28 2016 Nick Shi - 4.2.0-26 - Compile cramfs.ko to allow mounting cramfs image * Tue Apr 12 2016 Vinay Kulkarni - 4.2.0-25 - Revert network interface renaming disable in kernel. * Tue Mar 29 2016 Alexey Makhalov - 4.2.0-24 - Support kmsg dumping to vmware.log on panic - sunrpc: xs_bind uses ip_local_reserved_ports * Mon Mar 28 2016 Harish Udaiya Kumar - 4.2.0-23 - Enabled Regular stack protection in Linux kernel in config * Thu Mar 17 2016 Harish Udaiya Kumar - 4.2.0-22 - Restrict the permissions of the /boot/System.map-X file * Fri Mar 04 2016 Alexey Makhalov - 4.2.0-21 - Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. * Wed Mar 02 2016 Alexey Makhalov - 4.2.0-20 - Patch: SUNRPC: Ensure that we wait for connections to complete before retrying * Fri Feb 26 2016 Alexey Makhalov - 4.2.0-19 - Disable watchdog under VMware hypervisor. * Thu Feb 25 2016 Alexey Makhalov - 4.2.0-18 - Added rpcsec_gss_krb5 and nfs_fscache * Mon Feb 22 2016 Alexey Makhalov - 4.2.0-17 - Added sysctl param to control weighted_cpuload() behavior * Thu Feb 18 2016 Divya Thaluru - 4.2.0-16 - Disabling network renaming * Sun Feb 14 2016 Alexey Makhalov - 4.2.0-15 - veth patch: don’t modify ip_summed * Thu Feb 11 2016 Alexey Makhalov - 4.2.0-14 - Full tickless -> idle tickless + simple CPU time accounting - SLUB -> SLAB - Disable NUMA balancing - Disable stack protector - No build_forced no-CBs CPUs - Disable Expert configuration mode - Disable most of debug features from 'Kernel hacking' * Mon Feb 08 2016 Alexey Makhalov - 4.2.0-13 - Double tcp_mem limits, patch is added. * Wed Feb 03 2016 Anish Swaminathan - 4.2.0-12 - Fixes for CVE-2015-7990/6937 and CVE-2015-8660. * Tue Jan 26 2016 Anish Swaminathan - 4.2.0-11 - Revert CONFIG_HZ=250 * Fri Jan 22 2016 Alexey Makhalov - 4.2.0-10 - Fix for CVE-2016-0728 * Wed Jan 13 2016 Alexey Makhalov - 4.2.0-9 - CONFIG_HZ=250 * Tue Jan 12 2016 Mahmoud Bassiouny - 4.2.0-8 - Remove rootfstype from the kernel parameter. * Mon Jan 04 2016 Harish Udaiya Kumar - 4.2.0-7 - Disabled all the tracing options in kernel config. - Disabled preempt. - Disabled sched autogroup. * Thu Dec 17 2015 Harish Udaiya Kumar - 4.2.0-6 - Enabled kprobe for systemtap & disabled dynamic function tracing in config * Fri Dec 11 2015 Harish Udaiya Kumar - 4.2.0-5 - Added oprofile kernel driver sub-package. * Fri Nov 13 2015 Mahmoud Bassiouny - 4.2.0-4 - Change the linux image directory. * Wed Nov 11 2015 Harish Udaiya Kumar - 4.2.0-3 - Added the build essential files in the dev sub-package. * Mon Nov 09 2015 Vinay Kulkarni - 4.2.0-2 - Enable Geneve module support for generic kernel. * Fri Oct 23 2015 Harish Udaiya Kumar - 4.2.0-1 - Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. * Tue Sep 22 2015 Harish Udaiya Kumar - 4.0.9-5 - Added driver support for frame buffer devices and ACPI * Wed Sep 2 2015 Alexey Makhalov - 4.0.9-4 - Added mouse ps/2 module. * Fri Aug 14 2015 Alexey Makhalov - 4.0.9-3 - Use photon.cfg as a symlink. * Thu Aug 13 2015 Alexey Makhalov - 4.0.9-2 - Added environment file(photon.cfg) for grub. * Wed Aug 12 2015 Sharath George - 4.0.9-1 - Upgrading kernel version. * Wed Aug 12 2015 Alexey Makhalov - 3.19.2-5 - Updated OVT to version 10.0.0. - Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. - Added -sound package/ * Tue Aug 11 2015 Anish Swaminathan - 3.19.2-4 - Removed Requires dependencies. * Fri Jul 24 2015 Harish Udaiya Kumar - 3.19.2-3 - Updated the config file to include graphics drivers. * Mon May 18 2015 Touseef Liaqat - 3.13.3-2 - Update according to UsrMove. * Wed Nov 5 2014 Divya Thaluru - 3.13.3-1 - Initial build. First version