commit 8d3d28a7c3287ebacd5ab13c2c03a9601703e67f Author: Arkadiusz MiĆkiewicz <ar...@maven.pl> Date: Wed Jan 17 10:57:12 2018 +0100
- up to 4.14.14; SECURITY: adds retpoline which mitigates Spectre variant 2 attack kernel-multiarch.config | 6 +++--- kernel-x86.config | 18 ++++++++++++++---- kernel.spec | 8 ++++---- 3 files changed, 21 insertions(+), 11 deletions(-) --- diff --git a/kernel.spec b/kernel.spec index 8490002f..3578b93d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -68,9 +68,9 @@ %define have_pcmcia 0 %endif -%define rel 2 +%define rel 1 %define basever 4.14 -%define postver .13 +%define postver .14 # define this to '-%{basever}' for longterm branch %define versuffix %{nil} @@ -122,7 +122,7 @@ Source0: https://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz # Source0-md5: bacdb9ffdcd922aa069a5e1520160e24 %if "%{postver}" != ".0" Patch0: https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz -# Patch0-md5: 9ec660112113d68ab28ed0cac4ea3e91 +# Patch0-md5: b688cbee616f4b35ab08b953519eda55 %endif Source1: kernel.sysconfig @@ -237,7 +237,7 @@ BuildRequires: binutils >= 3:2.18 BuildRequires: elftoaout %endif BuildRequires: elfutils-devel -BuildRequires: gcc >= 5:3.2 +BuildRequires: gcc >= 6:7.2.0-6 BuildRequires: gcc-plugin-devel BuildRequires: hostname BuildRequires: kmod >= 12-2 diff --git a/kernel-multiarch.config b/kernel-multiarch.config index 54ca72fe..0a566dcc 100644 --- a/kernel-multiarch.config +++ b/kernel-multiarch.config @@ -14,7 +14,6 @@ EARLY_PRINTK_EFI all=n EARLY_PRINTK_USB_XDBC all=n EFI_MIXED all=y EFI_PGT_DUMP all=n -FRAME_POINTER_UNWINDER all=n GCC_PLUGINS all=y GCC_PLUGIN_CYC_COMPLEXITY all=n GCC_PLUGIN_LATENT_ENTROPY all=n @@ -31,8 +30,6 @@ IOSF_MBI_DEBUG all=y KEXEC_FILE all=y KEXEC_VERIFY_SIG all=n KVM_DEBUG_FS all=n -UNWINDER_ORC all=y -UNWINDER_FRAME_POINTER all=n PERF_EVENTS_AMD_POWER all=m PERF_EVENTS_INTEL_CSTATE all=m PERF_EVENTS_INTEL_RAPL all=m @@ -43,6 +40,8 @@ RAS_CEC all=y REFCOUNT_FULL all=n SCHED_MC_PRIO all=y STATIC_KEYS_SELFTEST all=y +UNWINDER_FRAME_POINTER all=n +UNWINDER_ORC all=y VMAP_STACK all=y X86_AMD_PLATFORM_DEVICE all=y X86_DEBUG_FPU all=n @@ -12182,6 +12181,7 @@ CISS_SCSI_TAPE all=y DM_CACHE_CLEANER all=m DW_DMAC_BIG_ENDIAN_IO all=n EDAC_MM_EDAC all=m +FRAME_POINTER_UNWINDER all=n FUJITSU_LAPTOP_DEBUG all=n GPIO_MCP23S08 all=m HFI1_VERBS_31BIT_PSN all=y diff --git a/kernel-x86.config b/kernel-x86.config index e640bca0..98676d7a 100644 --- a/kernel-x86.config +++ b/kernel-x86.config @@ -19,6 +19,7 @@ SMP x86=y X86_X2APIC all=y X86_MPPARSE x86=y X86_BIGSMP i386=y +RETPOLINE x86=y X86_EXTENDED_PLATFORM i386=y x86_64=y X86_NUMACHIP all=n X86_VSMP x86_64=n @@ -156,11 +157,7 @@ X86_X32 x86_64=y #- file drivers/firmware/Kconfig goes here #- file fs/Kconfig goes here #- file arch/x86/Kconfig.debug goes here -#- -#- *** FILE: security/Kconfig *** -#- #- file security/Kconfig goes here -PAGE_TABLE_ISOLATION x86_64=y #- file crypto/Kconfig goes here #- file arch/x86/kvm/Kconfig goes here #- file lib/Kconfig goes here @@ -386,6 +383,19 @@ IO_STRICT_DEVMEM x86=y ARCH_USES_HIGH_VMA_FLAGS all=y ARCH_HAS_PKEYS all=y +#- +#- *** FILE: security/Kconfig *** +#- +#- file security/keys/Kconfig goes here +PAGE_TABLE_ISOLATION x86_64=y +#- file security/selinux/Kconfig goes here +#- file security/smack/Kconfig goes here +#- file security/tomoyo/Kconfig goes here +#- file security/apparmor/Kconfig goes here +#- file security/loadpin/Kconfig goes here +#- file security/yama/Kconfig goes here +#- file security/integrity/Kconfig goes here + #- #- *** FILE: sound/x86/Kconfig *** #- ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/8d3d28a7c3287ebacd5ab13c2c03a9601703e67f _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit