From 0d33fc27e26e4a8606752c4d77693bcdd71c2cb6 Mon Sep 17 00:00:00 2001 From: "zhao.shuai" Date: Mon, 15 Jul 2019 23:21:11 +0800 Subject: [PATCH] Upgrade kernel to version kernel-3.10.0-957.21.3.el7 Security Fix(es): (CVE-2019-11477)- An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11478)- Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service. (CVE-2019-11479)- Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service. Details: https://access.redhat.com/errata/RHSA-2019:1481 https://access.redhat.com/errata/RHSA-2019:1486 https://nvd.nist.gov/vuln/detail/ Closes-Bug: 1836685 Depends-On: https://review.opendev.org/670856 Change-Id: I150bdf60cec23058e656c60a3fdd677a14259795 Signed-off-by: zhao.shuai --- kernel/kernel-std/centos/build_srpm.data | 2 +- .../Build-logic-and-sources-for-TiC.patch | 13 +++++++------ .../centos/meta_patches/Compile-issues.patch | 12 ++++++------ .../Kernel-source-patches-for-TiC.patch | 14 +++++++------- kernel/kernel-std/centos/srpm_path | 2 +- 5 files changed, 22 insertions(+), 21 deletions(-) diff --git a/kernel/kernel-std/centos/build_srpm.data b/kernel/kernel-std/centos/build_srpm.data index 2ed119b61..c06f85d68 100644 --- a/kernel/kernel-std/centos/build_srpm.data +++ b/kernel/kernel-std/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST="files/*" -TIS_PATCH_VER=3 +TIS_PATCH_VER=1 BUILD_IS_BIG=11 BUILD_IS_SLOW=12 diff --git a/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch index a17ef217e..77556b507 100644 --- a/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch @@ -4,12 +4,13 @@ Date: Fri, 20 Apr 2018 14:51:56 -0400 Subject: [PATCH] Build logic and sources for TiC Signed-off-by: Jim Somerville +Signed-off-by: zhao.shuai --- SPECS/kernel.spec | 73 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 60 insertions(+), 13 deletions(-) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec -index 1c3a765..f2499b4 100644 +index 852fd10..e42177e 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -5,7 +5,8 @@ Summary: The Linux kernel @@ -26,13 +27,13 @@ index 1c3a765..f2499b4 100644 %global distro_build 957 %define rpmversion 3.10.0 --%define pkgrelease 957.12.2.el7 -+%define _pkgrelease 957.12.2 +-%define pkgrelease 957.21.3.el7 ++%define _pkgrelease 957.21.3 +%define pkgrelease %{_pkgrelease}.el7 + # allow pkg_release to have configurable %%{?dist} tag - %define specrelease 957.12.2%{?dist} + %define specrelease 957.21.3%{?dist} -%define pkg_release %{specrelease}%{?buildid} +%define pkg_release %{specrelease}%{buildid} @@ -224,8 +225,8 @@ index 1c3a765..f2499b4 100644 +%endif + %changelog - * Tue May 14 2019 CentOS Sources - 3.10.0-957.12.2.el7 + * Mon Jun 17 2019 CentOS Sources - 3.10.0-957.21.3.el7 - Apply debranding changes -- -2.7.4 +1.8.3.1 diff --git a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch index 268920ea7..68d89242f 100644 --- a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch @@ -1,15 +1,15 @@ -From e49a8758922e1f23c4e77dd19cf4eb1f80263763 Mon Sep 17 00:00:00 2001 -From: Bin Yang -Date: Wed, 31 Jul 2019 10:50:03 +0800 +From a38da63c3677f78c33b3896699788bd5eb77116e Mon Sep 17 00:00:00 2001 +From: "zhao.shuai" +Date: Tue, 6 Aug 2019 16:18:04 +0800 Subject: [PATCH 3/3] Compile issues -Signed-off-by: Bin Yang +Signed-off-by: zhao.shuai --- SPECS/kernel.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec -index 9149019..b8fb9f9 100644 +index 418cdd0..a5de0aa 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -491,6 +491,12 @@ Patch40025: dpt_i2o-fix-build-warning.patch @@ -36,5 +36,5 @@ index 9149019..b8fb9f9 100644 # Any further pre-build tree manipulations happen here. -- -2.7.4 +1.8.3.1 diff --git a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch index c42f38405..77681ffef 100644 --- a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -1,15 +1,15 @@ -From 7191a6f784f12e295e508f105da4cfde518a64e7 Mon Sep 17 00:00:00 2001 -From: Bin Yang -Date: Wed, 31 Jul 2019 10:49:20 +0800 -Subject: [PATCH 2/3] Kernel source patches for TiC +From e9f7eeea6002b26912b6434c324ac19c2987afe8 Mon Sep 17 00:00:00 2001 +From: "zhao.shuai" +Date: Mon, 5 Aug 2019 17:55:01 +0800 +Subject: [PATCH 2/3] Kernel-source-patches-for-TiC -Signed-off-by: Bin Yang +Signed-off-by: zhao.shuai --- SPECS/kernel.spec | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec -index 5b93a98..9149019 100644 +index e42177e..418cdd0 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -460,6 +460,38 @@ Patch1002: debrand-rh-i686-cpu.patch @@ -88,5 +88,5 @@ index 5b93a98..9149019 100644 chmod +x scripts/checkpatch.pl -- -2.7.4 +1.8.3.1 diff --git a/kernel/kernel-std/centos/srpm_path b/kernel/kernel-std/centos/srpm_path index 8cef82565..badd8eb66 100644 --- a/kernel/kernel-std/centos/srpm_path +++ b/kernel/kernel-std/centos/srpm_path @@ -1,2 +1,2 @@ -mirror:Source/kernel-3.10.0-957.12.2.el7.src.rpm +mirror:Source/kernel-3.10.0-957.21.3.el7.src.rpm