[packages/kernel/LINUX_4_9] - up to 4.9.77; SECURITY: adds retpoline which mitigates Spectre variant 2 attack

arekm arekm at pld-linux.org
Wed Jan 17 12:10:35 CET 2018


commit 4bcca095908575ddd797ec049278074a3f4ebff6
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Wed Jan 17 12:10:28 2018 +0100

    - up to 4.9.77; SECURITY: adds retpoline which mitigates Spectre variant 2 attack

 kernel-x86.config | 34 +++++++++++++++++++++++++++-------
 kernel.spec       |  8 ++++----
 2 files changed, 31 insertions(+), 11 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 35fd9a6b..4e8a7699 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -71,9 +71,9 @@
 %define		have_pcmcia	0
 %endif
 
-%define		rel		4
+%define		rel		1
 %define		basever		4.9
-%define		postver		.76
+%define		postver		.77
 
 # define this to '-%{basever}' for longterm branch
 %define		versuffix	-%{basever}
@@ -125,7 +125,7 @@ Source0:	https://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
 # Source0-md5:	0a68ef3615c64bd5ee54a3320e46667d
 %if "%{postver}" != ".0"
 Patch0:		https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5:	3cb57f9904fdd7a1e277ad76e70c9a3c
+# Patch0-md5:	c3efd958632ac0ec812206a359ee530e
 %endif
 Source1:	kernel.sysconfig
 
@@ -242,7 +242,7 @@ BuildRequires:	binutils >= 3:2.18
 BuildRequires:	elftoaout
 %endif
 BuildRequires:	elfutils-devel
-BuildRequires:	gcc >= 5:3.2
+BuildRequires:	gcc >= 6:7.2.0-6
 BuildRequires:	hostname
 BuildRequires:	kmod >= 12-2
 BuildRequires:	openssl-devel
diff --git a/kernel-x86.config b/kernel-x86.config
index cfb6dd77..04875b80 100644
--- a/kernel-x86.config
+++ b/kernel-x86.config
@@ -19,6 +19,7 @@ SMP x86=y
 X86_X2APIC all=y
 X86_MPPARSE x86=y
 X86_BIGSMP i386=y
+RETPOLINE x86=y
 X86_EXTENDED_PLATFORM i386=y x86_64=y
 X86_NUMACHIP all=n
 X86_VSMP x86_64=n
@@ -60,6 +61,7 @@ X86_MCE_INTEL all=y
 X86_MCE_AMD all=y
 X86_ANCIENT_MCE all=y
 X86_MCE_INJECT x86=m
+#- file arch/x86/events/Kconfig goes here
 X86_LEGACY_VM86 i386=n
 VM86 i386=y
 X86_VSYSCALL_EMULATION x86=y
@@ -148,17 +150,13 @@ RAPIDIO all=y
 IA32_EMULATION x86_64=y
 IA32_AOUT x86_64=y
 X86_X32 x86_64=y
-VMD all=m
 #- file net/Kconfig goes here
 #- file drivers/Kconfig goes here
 #- file drivers/firmware/Kconfig goes here
 #- file fs/Kconfig goes here
 #- file arch/x86/Kconfig.debug goes here
-#-
-#- *** FILE: security/Kconfig ***
-#-
+#- file kernel/vserver/Kconfig goes here
 #- file security/Kconfig goes here
-PAGE_TABLE_ISOLATION x86_64=y
 #- file crypto/Kconfig goes here
 #- file arch/x86/kvm/Kconfig goes here
 #- file lib/Kconfig goes here
@@ -295,7 +293,6 @@ GPIO_STA2X11 all=y
 #- *** FILE: drivers/iommu/Kconfig ***
 #-
 AMD_IOMMU x86_64=y
-AMD_IOMMU_STATS x86_64=n
 
 #-
 #- *** FILE: drivers/media/pci/sta2x11/Kconfig ***
@@ -316,6 +313,11 @@ V4L_RADIO_ISA_DRIVERS all=y
 NET_VENDOR_CIRRUS all=y
 CS89x0_PLATFORM all=y
 
+#-
+#- *** FILE: drivers/pci/host/Kconfig ***
+#-
+VMD all=m
+
 #-
 #- *** FILE: drivers/staging/comedi/Kconfig ***
 #-
@@ -363,7 +365,6 @@ DEBUG_STACKOVERFLOW x86=n
 #- file lib/Kconfig.kmemcheck goes here
 #- file lib/Kconfig.kasan goes here
 KCOV all=n
-DEBUG_STRICT_USER_COPY_CHECKS x86=n
 #- file kernel/trace/Kconfig goes here
 MEMTEST x86=n
 #- file samples/Kconfig goes here
@@ -377,3 +378,22 @@ IO_STRICT_DEVMEM x86=y
 #-
 ARCH_USES_HIGH_VMA_FLAGS all=y
 ARCH_HAS_PKEYS all=y
+
+#-
+#- *** FILE: security/Kconfig ***
+#-
+#- file security/keys/Kconfig goes here
+PAGE_TABLE_ISOLATION x86_64=y
+#- file security/selinux/Kconfig goes here
+#- file security/smack/Kconfig goes here
+#- file security/tomoyo/Kconfig goes here
+#- file security/apparmor/Kconfig goes here
+#- file security/loadpin/Kconfig goes here
+#- file security/yama/Kconfig goes here
+#- file security/integrity/Kconfig goes here
+
+#-
+#- *** PROBABLY REMOVED OPTIONS ***
+#-
+AMD_IOMMU_STATS x86_64=n
+DEBUG_STRICT_USER_COPY_CHECKS x86=n
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/4bcca095908575ddd797ec049278074a3f4ebff6



More information about the pld-cvs-commit mailing list