From ebbc6b06796b6ecc6d340b29fce97f5f4f5145f6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 24 Jan 2018 08:09:33 +0100 Subject: [PATCH] - up to 4.4.113; SECURITY: spectre v2 mitigations --- kernel-x86.config | 18 ++++++++++++++---- kernel.spec | 8 ++++---- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/kernel-x86.config b/kernel-x86.config index 595aa296..d170f377 100644 --- a/kernel-x86.config +++ b/kernel-x86.config @@ -19,6 +19,7 @@ SMP x86=y X86_X2APIC all=y X86_MPPARSE x86=y X86_BIGSMP i386=y +RETPOLINE x86=y X86_EXTENDED_PLATFORM i386=y x86_64=y X86_NUMACHIP all=n X86_VSMP x86_64=n @@ -154,11 +155,8 @@ X86_X32 x86_64=y #- file drivers/firmware/Kconfig goes here #- file fs/Kconfig goes here #- file arch/x86/Kconfig.debug goes here -#- -#- *** FILE: security/Kconfig *** -#- +#- file kernel/vserver/Kconfig goes here #- file security/Kconfig goes here -PAGE_TABLE_ISOLATION x86_64=y #- file crypto/Kconfig goes here #- file arch/x86/kvm/Kconfig goes here #- file lib/Kconfig goes here @@ -370,6 +368,18 @@ MEMTEST x86=n #- file samples/Kconfig goes here #- file lib/Kconfig.kgdb goes here +#- +#- *** FILE: security/Kconfig *** +#- +#- file security/keys/Kconfig goes here +PAGE_TABLE_ISOLATION x86_64=y +#- file security/selinux/Kconfig goes here +#- file security/smack/Kconfig goes here +#- file security/tomoyo/Kconfig goes here +#- file security/apparmor/Kconfig goes here +#- file security/yama/Kconfig goes here +#- file security/integrity/Kconfig goes here + #- #- *** PROBABLY REMOVED OPTIONS *** #- diff --git a/kernel.spec b/kernel.spec index 4053e867..0b2552d1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -70,9 +70,9 @@ %define have_pcmcia 0 %endif -%define rel 2 +%define rel 1 %define basever 4.4 -%define postver .112 +%define postver .113 # define this to '-%{basever}' for longterm branch %define versuffix -%{basever} @@ -124,7 +124,7 @@ Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz # Source0-md5: 9a78fa2eb6c68ca5a40ed5af08142599 %if "%{postver}" != ".0" Patch0: http://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz -# Patch0-md5: ed2aeb222d60effac008e8ed99618122 +# Patch0-md5: b480cea7675b9f0394ecb99061bb0793 %endif Source1: kernel.sysconfig @@ -252,7 +252,7 @@ BuildRequires: elftoaout BuildRequires: uboot-mkimage %endif BuildRequires: /sbin/depmod -BuildRequires: gcc >= 5:3.2 +BuildRequires: gcc >= 6:7.2.0-6 BuildRequires: xz >= 1:4.999.7 AutoReqProv: no BuildRequires: hostname -- 2.44.0