Commit Graph

172 Commits

Author SHA1 Message Date
Fabian Grünbichler
b4ecde23e8 build: add abiupdate target
to automatically extract and commit the ABI data from a built
pve-headers binary package.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
330d1c9ea1 bump version to 4.15-2, bump ABI to 4.15.10-1-pve
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
faa3d7515d build: rename ABI file
to track previous ABI to automatically skip ABI checks on ABI bumps.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
2454b79d7a switch to in-tree intel drivers
as the out-of-tree ones are not compatible with 4.15
2018-03-09 15:28:03 +01:00
Fabian Grünbichler
1e99f45be0 build: replace 4.13 with 4.15
as well as artful with bionic, and reset KREL/PKGREL accordingly
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
320c823e91 bump version to 4.13.13-42 2018-03-09 11:57:49 +01:00
Fabian Grünbichler
44403fcc69 update README 2018-03-09 11:57:24 +01:00
Fabian Grünbichler
12aaf1a2f7 build: cleanup directory handling 2018-03-09 11:56:22 +01:00
Fabian Grünbichler
66aed5b89f build: remove exported variables
in favor of generated rules.d snippet. this allows calling
dpkg-buildpackage in the build directory manually without setting up the
environment to match.
2018-03-09 11:56:22 +01:00
Fabian Grünbichler
f3acafc70e build: add pmg to upload target 2018-03-09 09:19:58 +01:00
Fabian Grünbichler
e96d2ab3a1 build: move build and packaging to debian/
the top-level Makefile now only prepares the build directory by copying
and patching sources and generating the real files from debian/*.in

the actual build and packaging happens in debian/rules
2018-03-09 09:19:58 +01:00
Fabian Grünbichler
89102957f9 bump version to 4.13-41 2018-02-21 10:08:20 +01:00
Fabian Grünbichler
8a8c16e218 bump version to 4.13-40 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
eb7f659548 bump version to 4.13-39, bump ABI to 4.13.13-6-pve 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
7f4d14b06f buildsys: check for indirect/RETPOLINE gcc support
copied from arch/x86/Makefile
2018-02-16 09:58:12 +01:00
Fabian Grünbichler
57ff4c945b bump version to 4.13-38 2018-01-26 10:48:16 +01:00
Fabian Grünbichler
c1178a874f bump version to 4.13-37 2018-01-19 12:45:45 +01:00
Fabian Grünbichler
5c85c0455e bump version to 4.13-36, bump ABI to 4.13.13-5-pve 2018-01-15 14:05:27 +01:00
Fabian Grünbichler
9c34463e8c bump version to 4.13-35, bump ABI to 4.13.13-4-pve 2018-01-08 11:51:24 +01:00
Fabian Grünbichler
597fd67073 bump version to 4.13-34, bump ABI to 4.13.13-3-pve 2018-01-07 13:21:02 +01:00
Fabian Grünbichler
6ecf746bac enable KPTI 2018-01-07 13:18:22 +01:00
Fabian Grünbichler
e414beae5f default to FRAME_POINTER unwinder again
the new default was changed in 4.14 and was cherry-picked together with
KPTI, but the ORC_UNWINDER seems to break ZFS
2018-01-07 13:18:22 +01:00
Fabian Grünbichler
4536c7a7ed bump version to 4.13-33 2018-01-02 10:04:21 +01:00
Fabian Grünbichler
f783f68d2c bump version to 4.13-32, bump ABI to 4.13.13-2-pve 2017-12-21 10:22:24 +01:00
Fabian Grünbichler
bfd0cd3fe0 bump version to 4.13-31, bump ABI to 4.13.13-1-pve 2017-12-11 11:24:58 +01:00
Fabian Grünbichler
cba3f72b57 bump version to 4.13-30 2017-12-05 13:07:11 +01:00
Fabian Grünbichler
6eb123031d revert igb to 5.3.5.10
because 5.3.5.12 broke JUMBO_FRAMES (again)
2017-12-05 13:05:16 +01:00
Fabian Grünbichler
6749ef5ad2 bump version to 4.13-29, bump ABI to 4.13.8-3-pve 2017-12-04 09:36:58 +01:00
Fabian Grünbichler
8345558924 bump version to 4.13-28, bump ABI to 4.13.8-2-pve 2017-11-29 10:23:18 +01:00
Fabian Grünbichler
350f641023 bump version to 4.13-27, bump ABI to 4.13.8-1-pve 2017-11-22 09:47:25 +01:00
Fabian Grünbichler
25c35b26a1 update intel drivers to latest upstream releases 2017-11-22 09:47:25 +01:00
Fabian Grünbichler
d060c84f4d drop patches applied upstream 2017-11-17 11:59:22 +01:00
Fabian Grünbichler
2a26cde588 bump version to 4.13-26 2017-11-06 11:24:17 +01:00
Fabian Grünbichler
3572537ff8 bump version to 5.1-25 2017-10-23 09:39:36 +02:00
Fabian Grünbichler
da64a9b95a bump version to 4.13-25, bump ABI to 4.13.4-1-pve 2017-10-13 11:33:03 +02:00
Fabian Grünbichler
0e3176e76f fix CVE-2017-12188: nested KVM stack overflow 2017-10-13 11:33:03 +02:00
Fabian Grünbichler
2e38f6f987 update ZFS/SPL to 0.7.2
and switch submodule to simplify patch handling
2017-10-13 11:33:03 +02:00
Fabian Grünbichler
a6dd515e43 build: rename submodules target to submodule 2017-10-13 08:41:42 +02:00
Fabian Grünbichler
2a1d389df6 bump version to 4.13-2, bump ABI to 4.13.3-1 2017-09-27 14:32:08 +02:00
Fabian Grünbichler
262ff4236b bump version to 4.13.1-1
kernel and header only, no meta packages
2017-09-27 10:08:57 +02:00
Fabian Grünbichler
d84d9cdc47 ZFS/SPL: add 4.13 compat patches 2017-09-27 10:06:33 +02:00
Fabian Grünbichler
a8ee21761c ixgbe: add 4.13 compat patch 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
628004c405 igb: add 4.12 compat patch 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
8021de509c intel: drop patches which are no longer needed 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
85507ee2c5 update igb to 5.3.5.10 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
f3bad6d2b0 update ixgbe to 5.2.3 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
b46edee600 update e1000e to 3.3.5.10 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
2f7beffd96 build: move intel NIC patches 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
b9e76370ab build: rebase and refactor kernel patches 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
6c7fba28d9 drop cpuset patch
to be replaced with backport of cgroup v2 functionality
2017-09-26 10:46:35 +02:00
Fabian Grünbichler
a350540ee9 drop patches applied upstream 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
0194915336 build: update for 4.13/artful 2017-09-26 10:38:27 +02:00
Fabian Grünbichler
54a9e5a210 bump version to 4.10.17-23 2017-09-19 09:44:04 +02:00
Fabian Grünbichler
6aebbe9122 drop patches applied upstream 2017-09-19 09:43:03 +02:00
Fabian Grünbichler
212d9d415f revert LP#1705447 fix
see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1715609
2017-09-19 09:41:58 +02:00
Fabian Grünbichler
3e1f7b2f8e bump version to 4.10.17-22 2017-09-18 10:39:28 +02:00
Fabian Grünbichler
6029760ee4 cherry-pick tcp reset bug fix 2017-09-18 10:38:27 +02:00
Fabian Grünbichler
d799ad3bc2 bump version to 4.10.17-21, bump ABI to 4.10.17-3-pve 2017-09-01 09:03:47 +02:00
Fabian Grünbichler
d6a36c6f72 bump version to 4.10.17-20 2017-08-14 11:23:56 +02:00
Fabian Grünbichler
ca36280078 zfs/spl: update to 0.6.5.11-1, switch submodules 2017-08-14 11:19:31 +02:00
Fabian Grünbichler
07dcf16338 bump version to 4.10.17-19, bump ABI to 4.10.17-2-pve 2017-08-04 14:08:58 +02:00
Fabian Grünbichler
11ce3c4a4b drop patches applied upstream 2017-08-04 13:39:30 +02:00
Fabian Grünbichler
c1fc04f4d1 add follow-up fix for NVME driver
fixes a BUG_ON triggered by Samsung SM960 Pro NVME devices
2017-08-04 13:09:45 +02:00
Fabian Grünbichler
1e9f438872 build: drop bash from fwcheck target 2017-08-02 14:46:11 +02:00
Fabian Grünbichler
bdfc6d28fc build: add deb target 2017-08-02 14:45:53 +02:00
Fabian Grünbichler
7153d8134a build: dynamically choose number of jobs 2017-08-02 14:45:36 +02:00
Thomas Lamprecht
5aecf10b77 bump version to 4.10.17-18
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Changed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  * fixed changelog user name
  * adapt wording of nic driver change message to the one from
    the release originally removing them
  * removed duplicate 'Ubuntu' text
2017-07-28 14:09:06 +02:00
Thomas Lamprecht
22fa3dbdcc drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Thomas Lamprecht
9722965770 Revert "remove outdated intel nic drivers"
This reverts commit 7beee5f3eb.

While they repositories of those drivers state that the in kernel one
should be used, as they are newer, it seems they do not provide the
same functionallity. So revert to the out of tree drivers for now.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Wolfgang Bumiller
0ee4a967cb bump version to 4.10.17-17 2017-07-19 12:38:48 +02:00
Wolfgang Bumiller
58a18ce39d buildsys: fix parallel builds 2017-07-19 12:38:48 +02:00
Thomas Lamprecht
4c390211d8 add CVE fixes
CVE-2017-1000364 (rather bugfix for the original CVE fix):
 * mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
 * mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack

CVE-2017-1000365: fs/exec.c: account for argv/envp pointers

CVE-2017-10810: drm/virtio: don't leak bo on drm_gem_object_init
 failure

CVE-2017-7482: rxrpc: Fix several cases where a padded len isn't
 checked in ticket decode

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-19 09:46:19 +02:00
Thomas Lamprecht
a7f181d4b0 bump version to 4.10.17-16, bump ABI to 4.10.17-1-pve
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 09:07:40 +02:00
Dietmar Maurer
7beee5f3eb remove outdated intel nic drivers 2017-07-13 09:06:03 +02:00
Thomas Lamprecht
d513484f62 add CVE fixes
CVE-2014-9900: net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
CVE-2017-7346: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVE-2017-9605: drm/vmwgfx: Make sure backup_handle is always valid
CVE-2017-1000380:
 * ALSA: timer: Fix race between read and ioctl
 * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Thomas Lamprecht
ea91ce10d6 drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Fabian Grünbichler
dc2b2ba06c bump version to 4.10.15-15 2017-06-23 08:58:04 +02:00
Fabian Grünbichler
b4b8080506 replace Stack-Clash fix with upstream version
sicne the Ubuntu / Suse one seems to have some segfaulting
issues.
2017-06-23 08:57:04 +02:00
Fabian Grünbichler
02ad7886ad bump version to 4.10.15-14 2017-06-22 09:24:04 +02:00
Fabian Grünbichler
7c01aa8df7 add follow-up fix for CVE-2017-100364 fix 2017-06-22 09:23:11 +02:00
Fabian Grünbichler
3905cd6842 bump version to 4.10.15-13 2017-06-20 09:58:25 +02:00
Fabian Grünbichler
97d6ca37ca build: use git to get GITVERSION 2017-06-20 09:51:41 +02:00
Fabian Grünbichler
47d1503892 bump version to 4.10.15-12 2017-06-12 13:25:16 +02:00
Fabian Grünbichler
5aa54b7501 fix #1366: pinctl fix for AMD Ryzen on Gigabyte MBs 2017-06-12 13:24:57 +02:00
Fabian Grünbichler
d8cc30e0cd bump version to 4.10.15-11 2017-06-09 11:40:10 +02:00
Fabian Grünbichler
c1f358be22 add fix for CVE-2017-9074 fix 2017-06-09 11:39:33 +02:00
Fabian Grünbichler
05806a84a3 bump version to 4.10.15-10, bump ABI to 4.10.15-1-pve 2017-06-08 14:22:03 +02:00
Fabian Grünbichler
0f831b3cf2 add CVE fixes
CVE-2017-8890: dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9076/CVE-2017-9077: ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9242: ipv6: fix out of bound writes in __ip6_append_data()
2017-06-08 14:22:03 +02:00
Fabian Grünbichler
674abe87c8 drop patches applied upstream 2017-06-07 10:35:40 +02:00
Fabian Grünbichler
fd5c21692a bump version to 4.10.11-9 2017-05-22 10:00:43 +02:00
Fabian Grünbichler
88582bb094 add fix for DoS via nftables 2017-05-22 09:59:35 +02:00
Fabian Grünbichler
c73cc23929 bump version to 4.10.11-8, bump ABI to 4.10.11-1-pve 2017-05-18 11:22:00 +02:00
Fabian Grünbichler
1e165a112f drop patches applied upstream 2017-05-18 11:22:00 +02:00
Thomas Lamprecht
6490543bf7 add mapping from DEB_BUILD_ARCH to kernel arch subdirectory
and fix the rest of the architecture-hardcoded paths
2017-05-11 08:50:39 +02:00
Thomas Lamprecht
37d1225d09 build-sys: replace fixed architecture use where possible 2017-05-11 08:50:39 +02:00
Fabian Grünbichler
aa785972db bump version to 4.10.8-7 2017-05-05 09:19:50 +02:00
Fabian Grünbichler
2b834b083d add proposed fix for LP#1674838
Patches and rationale by Seth Forshee[1]:

My testing shows that the "POWER9: Additional power9
patches" patches are responsible, two of them in particular:

 - mm: introduce page_vma_mapped_walk()
 - mm, ksm: convert write_protect_page() to use page_vma_mapped_walk()

These patches don't appear to be included for any
functionality they provide, but rather to make "mm/ksm:
handle protnone saved writes when making page write protect"
a clean cherry pick instead of a backport. But the backport
isn't that difficult, so as far as I can tell we can do away
with the other two patches.

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1674838/comments/108
2017-05-05 09:12:20 +02:00
Fabian Grünbichler
7f0f6370be update fix for CVE-2017-7979 to final version
cherry-picked from Ubuntu Zesty's master-next
2017-05-05 09:06:44 +02:00
Fabian Grünbichler
95cebd4144 build: export SOURCE_DATE_EPOCH
SOURCE_DATE_EPOCH is used to set various timestamps in build
products, and was introduced as part of the reproducible
builds efforts.

this is a great help for future build system restructuring,
as the "diffoscope"-diff of the produced .debs is now small
enough to catch unintended changes.
2017-05-04 15:40:21 +02:00
Fabian Grünbichler
a6c22e7b57 build: re-add kernel build symlink check
but in a way which works for regular users, not only root
2017-05-04 09:14:55 +02:00