Commit Graph

669 Commits

Author SHA1 Message Date
Thomas Lamprecht
ff71f8b949 update patches for 5.0.8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 14:11:57 +02:00
Thomas Lamprecht
117c2cd60c move from ubuntu-bionic to ubuntu-disco submodule
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 13:52:55 +02:00
Thomas Lamprecht
a06fbd44c7 bump version to 4.15.18-40
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 20:43:47 +02:00
Thomas Lamprecht
91bc0e0e0c update sources to Ubuntu-4.15.0-51.55
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 17:21:44 +02:00
Thomas Lamprecht
afc295f5e9 bump version to 4.15.18-39
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:57:38 +02:00
Thomas Lamprecht
c98ed5b4e3 fail if kernel patches to not apply
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:56:10 +02:00
Thomas Lamprecht
a599f53da3 rebase patches on top of Ubuntu-4.15.0-50.54
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:55:36 +02:00
Thomas Lamprecht
6f58e3c81d update sources to Ubuntu-4.15.0-50.54
It mainly comes with some mitigation for MDS[1][3][4][5], for best
result a microupdate of the CPU is required, else the kernel falls
back to some "best effort mitigation", trying to clear the CPU
buffers on kernel/userspace, hypervisor/guest and C-state (idle)
transitions.

With this applied you will have a new file in sysfs to get the
mitigation state of the server regarding MDS:
 $ cat /sys/devices/system/cpu/vulnerabilities/mds

Microcode updates should come available in stretch with
3.20190514.1~deb9u1 [2] version currently only tagged[2], but not yet
released.

[1]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#mitigation-strategy
[2]: https://salsa.debian.org/hmh/intel-microcode/commits/debian/3.20190514.1_deb9u1
[3]: https://mdsattacks.com/
[4]: https://cpu.fail/
[5]: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:54:30 +02:00
Thomas Lamprecht
e560b66842 update ABI file for 4.15.18-14-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 14:07:31 +02:00
Thomas Lamprecht
8ba6ec4ad4 bump version to 4.15.18-38
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 13:52:32 +02:00
Thomas Lamprecht
075873666c update submodule to Ubuntu-4.15.0-49.53
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 13:52:32 +02:00
Thomas Lamprecht
81801c5658 update patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 12:10:08 +02:00
Thomas Lamprecht
8713734e79 fix #2008: kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
clean backport from kernel mainline commit
0e1b869fff60c81b510c2d00602d778f8f59dd9a  [0]

[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e1b869fff60c81b510c2d00602d778f8f59dd9a

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-16 17:48:59 +02:00
Thomas Lamprecht
1e7994545c update ABI file for 4.15.18-13-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 22:00:24 +02:00
Thomas Lamprecht
90eff7b943 bump version to 4.15.18-37
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 22:00:24 +02:00
Thomas Lamprecht
2b3306dee4 update ABI file for 4.15.18-12-pve
Late followup for commit 61f33dc8f2
bump version to 4.15.18-35
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 21:59:02 +02:00
Thomas Lamprecht
a4ea6fb33c bump version to 4.15.18-36
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-11 13:06:49 +02:00
Thomas Lamprecht
2de599de08 rebase patches on top of Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:18:45 +02:00
Thomas Lamprecht
4cb71ccc3b update sources to Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:17:43 +02:00
Thomas Lamprecht
61f33dc8f2 bump version to 4.15.18-35
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 08:40:24 +01:00
Thomas Lamprecht
89d8eaee98 rebase patches on top of Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
c19df7fe61 update sources to Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
67bef33bd4 update zfsonlinux to 0.7.13
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-08 06:57:18 +01:00
Fabian Grünbichler
62307a081a ZFS/SPL: rework submodule and build
to follow changes made to our zfsonlinux repository.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-02-27 15:38:52 +01:00
Thomas Lamprecht
9bd09ca97a bump version to 4.15.18-34
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 15:31:07 +01:00
Thomas Lamprecht
4e6465dfa5 backport fixes for multiple KVM vulnerabilities
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 14:51:28 +01:00
Thomas Lamprecht
cf6ea5cf34 backport: net: crypto set sk to NULL when af_alg_release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-21 14:39:03 +01:00
David Limbeck
c774433e2a add patch to fix ipset memory exhaustion
Add a patch from upstream until it is fixed in the Ubuntu 4.15 kernel.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
2019-02-20 15:43:31 +01:00
Thomas Lamprecht
3ec7f4d1ea add *.prepared to .gitignore
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:29 +01:00
Thomas Lamprecht
7c03f8fe85 update ABI file for 4.15.18-11-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:04 +01:00
Thomas Lamprecht
c47b16cb68 bump version to 4.15.18-33
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:04 +01:00
Thomas Lamprecht
91b336e761 backport i40e fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:42:55 +01:00
Thomas Lamprecht
322691b072 rebase patches on top of Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:41:14 +01:00
Thomas Lamprecht
a7aea31f47 update sources to Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:07:36 +01:00
Thomas Lamprecht
4adf30b011 bump version to 4.15.18-32
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:11:14 +01:00
Thomas Lamprecht
835a39ebaa add fix for possible NULL pointer dereference in net/ipip
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:10:33 +01:00
Thomas Lamprecht
f4922eba0c update ABI file for 4.15.18-10-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 14:51:46 +01:00
Thomas Lamprecht
da7def12fd bump version to 4.15.18-31
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 14:00:25 +01:00
Thomas Lamprecht
4618decfe0 update ACS capabillities patch context
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
05c4f2217f drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
99413e5a07 Update sources to Ubuntu-4.15.0-44.47
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Stoiko Ivanov
3db86f1084 bump version to 4.15.18-30
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-15 13:33:28 +01:00
Stoiko Ivanov
5e543c74cf update ZFS on Linux to 0.7.12 2018-11-14 18:33:19 +01:00
Stoiko Ivanov
47f3b8990f Add 3 Patches addressing security issues
* CVE-2018-18955 (https://launchpad.net/bugs/1801924) is addressed by
  0009-userns-also-map-extents-in-the-reverse-map-to-kernel.patch
* https://launchpad.net/bugs/1789161 is addressed by the other 2 patches. (see
  the link for a reproducer)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-11-14 18:29:55 +01:00
Thomas Lamprecht
64e7e7daff update ABI file for 4.15.18-9-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 16:02:59 +01:00
Thomas Lamprecht
89a09f9102 bump version to 4.15.18-29
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 16:01:40 +01:00
Thomas Lamprecht
9aa2d28ebb rebase patches on top of Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
c7bb6c514f update sources to Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
645ef9e161 bump version to 4.15.18-28
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:28:06 +01:00
Thomas Lamprecht
84fe105196 update ABI file for 4.15.18-8-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:28:06 +01:00