[packages/kernel] - up to 4.14.14; SECURITY: adds retpoline which mitigates Spectre variant 2 attack

Wed Jan 17 10:57:22 CET 2018

commit 8d3d28a7c3287ebacd5ab13c2c03a9601703e67f
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Wed Jan 17 10:57:12 2018 +0100

    - up to 4.14.14; SECURITY: adds retpoline which mitigates Spectre variant 2 attack

 kernel-multiarch.config |  6 +++---
 kernel-x86.config       | 18 ++++++++++++++----
 kernel.spec             |  8 ++++----
 3 files changed, 21 insertions(+), 11 deletions(-)
---

diff --git a/kernel.spec b/kernel.spec
index 8490002f..3578b93d 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -68,9 +68,9 @@
 %define		have_pcmcia	0
 %endif
 
-%define		rel		2
+%define		rel		1
 %define		basever		4.14
-%define		postver		.13
+%define		postver		.14
 
 # define this to '-%{basever}' for longterm branch
 %define		versuffix	%{nil}
@@ -122,7 +122,7 @@ Source0:	https://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
 # Source0-md5:	bacdb9ffdcd922aa069a5e1520160e24
 %if "%{postver}" != ".0"
 Patch0:		https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5:	9ec660112113d68ab28ed0cac4ea3e91
+# Patch0-md5:	b688cbee616f4b35ab08b953519eda55
 %endif
 Source1:	kernel.sysconfig
 
@@ -237,7 +237,7 @@ BuildRequires:	binutils >= 3:2.18
 BuildRequires:	elftoaout
 %endif
 BuildRequires:	elfutils-devel
-BuildRequires:	gcc >= 5:3.2
+BuildRequires:	gcc >= 6:7.2.0-6
 BuildRequires:	gcc-plugin-devel
 BuildRequires:	hostname
 BuildRequires:	kmod >= 12-2
diff --git a/kernel-multiarch.config b/kernel-multiarch.config
index 54ca72fe..0a566dcc 100644
--- a/kernel-multiarch.config
+++ b/kernel-multiarch.config
@@ -14,7 +14,6 @@ EARLY_PRINTK_EFI all=n
 EARLY_PRINTK_USB_XDBC all=n
 EFI_MIXED all=y
 EFI_PGT_DUMP all=n
-FRAME_POINTER_UNWINDER all=n
 GCC_PLUGINS all=y
 GCC_PLUGIN_CYC_COMPLEXITY all=n
 GCC_PLUGIN_LATENT_ENTROPY all=n
@@ -31,8 +30,6 @@ IOSF_MBI_DEBUG all=y
 KEXEC_FILE all=y
 KEXEC_VERIFY_SIG all=n
 KVM_DEBUG_FS all=n
-UNWINDER_ORC all=y
-UNWINDER_FRAME_POINTER all=n
 PERF_EVENTS_AMD_POWER all=m
 PERF_EVENTS_INTEL_CSTATE all=m
 PERF_EVENTS_INTEL_RAPL all=m
@@ -43,6 +40,8 @@ RAS_CEC all=y
 REFCOUNT_FULL all=n
 SCHED_MC_PRIO all=y
 STATIC_KEYS_SELFTEST all=y
+UNWINDER_FRAME_POINTER all=n
+UNWINDER_ORC all=y
 VMAP_STACK all=y
 X86_AMD_PLATFORM_DEVICE all=y
 X86_DEBUG_FPU all=n
@@ -12182,6 +12181,7 @@ CISS_SCSI_TAPE all=y
 DM_CACHE_CLEANER all=m
 DW_DMAC_BIG_ENDIAN_IO all=n
 EDAC_MM_EDAC all=m
+FRAME_POINTER_UNWINDER all=n
 FUJITSU_LAPTOP_DEBUG all=n
 GPIO_MCP23S08 all=m
 HFI1_VERBS_31BIT_PSN all=y
diff --git a/kernel-x86.config b/kernel-x86.config
index e640bca0..98676d7a 100644
--- a/kernel-x86.config
+++ b/kernel-x86.config
@@ -19,6 +19,7 @@ SMP x86=y
 X86_X2APIC all=y
 X86_MPPARSE x86=y
 X86_BIGSMP i386=y
+RETPOLINE x86=y
 X86_EXTENDED_PLATFORM i386=y x86_64=y
 X86_NUMACHIP all=n
 X86_VSMP x86_64=n
@@ -156,11 +157,7 @@ X86_X32 x86_64=y
 #- file drivers/firmware/Kconfig goes here
 #- file fs/Kconfig goes here
 #- file arch/x86/Kconfig.debug goes here
-#-
-#- *** FILE: security/Kconfig ***
-#-
 #- file security/Kconfig goes here
-PAGE_TABLE_ISOLATION x86_64=y
 #- file crypto/Kconfig goes here
 #- file arch/x86/kvm/Kconfig goes here
 #- file lib/Kconfig goes here
@@ -386,6 +383,19 @@ IO_STRICT_DEVMEM x86=y
 ARCH_USES_HIGH_VMA_FLAGS all=y
 ARCH_HAS_PKEYS all=y
 
+#-
+#- *** FILE: security/Kconfig ***
+#-
+#- file security/keys/Kconfig goes here
+PAGE_TABLE_ISOLATION x86_64=y
+#- file security/selinux/Kconfig goes here
+#- file security/smack/Kconfig goes here
+#- file security/tomoyo/Kconfig goes here
+#- file security/apparmor/Kconfig goes here
+#- file security/loadpin/Kconfig goes here
+#- file security/yama/Kconfig goes here
+#- file security/integrity/Kconfig goes here
+
 #-
 #- *** FILE: sound/x86/Kconfig ***
 #-
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/8d3d28a7c3287ebacd5ab13c2c03a9601703e67f

