%define name linux-2.6
%define module_version_varname sublevel
-%define taglevel 12
+%define taglevel 16
%define sublevel 32
+
+%if ("%{distro}" == "Fedora" && %{distrorelease} >= 12) || ("%{distro}" == "SL" && %{distrorelease} >= 6) || ("%{distro}" == "CentOS" && %{distrorelease} >= 6)
+%define modern_distro 1
+%else
+%define modern_distro 0
+%endif
#### Planet-Lab ####
Summary: The Linux kernel
%define rhel 1
%if %{rhel}
-%define distro_build 71.18.1
+%define distro_build 71.24.1
#### Planet-Lab ####
%define signmodules 0
#### Planet-Lab ####
# Don't stare at the awk too long, you'll go blind.
%define fedora_cvs_origin 1462
%define fedora_cvs_revision() %2
-%global distro_build %(echo %{fedora_cvs_origin}.%{fedora_cvs_revision $Revision: 1.18.2.18 $} | awk -F . '{ OFS = "."; ORS = ""; print $3 - $1 ; i = 4 ; OFS = ""; while (i <= NF) { print ".", $i ; i++} }')
+%global distro_build %(echo %{fedora_cvs_origin}.%{fedora_cvs_revision $Revision: 1.18.2.25 $} | awk -F . '{ OFS = "."; ORS = ""; print $3 - $1 ; i = 4 ; OFS = ""; while (i <= NF) { print ".", $i ; i++} }')
%define distro_build %{fedora_build}
%define signmodules 0
%endif
%define with_vdso_install %{?_without_vdso_install: 0} %{?!_without_vdso_install: 1}
#### Planet-Lab ####
# Use dracut instead of mkinitrd for initrd image generation
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 12
+%if %{modern_distro}
%define with_dracut %{?_without_dracut: 0} %{?!_without_dracut: 1}
%else
%define with_dracut %{?_without_dracut: 1} %{?!_without_dracut: 0}
%endif
# The kernel tarball/base version
-%define kversion 2.6.32-71.18.1.el6
+%define kversion 2.6.32-71.24.1.el6
%define make_target bzImage
# integration in the distro harder than needed.
#
#### Planet-Lab ####
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 12
+%if %{modern_distro}
%define package_conflicts initscripts < 7.23, udev < 145-11, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 1.25.3-14, squashfs-tools < 4.0, wireless-tools < 29-3
%else
%define package_conflicts initscripts < 7.23, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 1.25.3-14, squashfs-tools < 4.0, wireless-tools < 29-3
# scripts use them.
#
#### Planet-Lab ####
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 12
+%if %{modern_distro}
%define kernel_prereq fileutils, module-init-tools, initscripts >= 8.11.1-1, grubby >= 7.0.4-1
%else
%define kernel_prereq fileutils, module-init-tools, initscripts >= 8.11.1-1,
%define initrd_prereq dracut-kernel >= 002-18.git413bcf78
%else
#### Planet-Lab ####
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 12
+%if %{modern_distro}
%define initrd_prereq mkinitrd >= 6.0.61-1
%else
%define initrd_prereq mkinitrd >= 5.1
BuildRequires: bzip2, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config
#### Planet-Lab ####
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 14
-BuildRequires: net-tools, patchutils, rpm-build >= 4.8.0-7
-%else
BuildRequires: net-tools, patchutils, rpm-build
-%endif
#### Planet-Lab ####
%if %{with_doc}
BuildRequires: xmlto
%define debuginfo_args --strict-build-id
%endif
-Source0: linux-2.6.32-71.18.1.el6.tar.bz2
+Source0: linux-2.6.32-71.24.1.el6.tar.bz2
Source1: Makefile.common
Source79: config-debug-rhel
Source80: config-generic-rhel
Source81: config-powerpc64
+Source82: config-s390x-debug
+Source83: config-s390x-debug-rhel
-Patch1: patch-2.6.32-71.18.1.el6-vs2.3.0.36.29.4.diff
-Patch2: linux-2.6-220-delta-ptrace-fix01.patch
+Patch1: patch-2.6.32-71.24.1.el6-vs2.3.0.36.29.6.diff
+Patch2: linux-2.6-255-vserver-delta-cow-fix23.diff
Patch3: linux-2.6-250-ipsets.patch
Patch4: linux-2.6-510-ipod.patch
Patch5: linux-2.6-521-packet-tagging.patch
make -f %{SOURCE20} VERSION=%{version} configs
#### Planet-Lab ####
-ApplyPatch patch-2.6.32-71.18.1.el6-vs2.3.0.36.29.4.diff
-ApplyPatch linux-2.6-220-delta-ptrace-fix01.patch
+ApplyPatch patch-2.6.32-71.24.1.el6-vs2.3.0.36.29.6.diff
ApplyPatch linux-2.6-250-ipsets.patch
+ApplyPatch linux-2.6-255-vserver-delta-cow-fix23.diff
ApplyPatch linux-2.6-510-ipod.patch
ApplyPatch linux-2.6-521-packet-tagging.patch
ApplyPatch linux-2.6-522-iptables-connection-tagging.patch
%if %{with_dracut}\
/sbin/new-kernel-pkg --package kernel%{?1:-%{1}} --mkinitrd --dracut --depmod --update %{KVERREL}%{?1:.%{1}} $NEWKERNARGS || exit $?\
%else\
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 12\
+%if %{modern_distro}\
/sbin/new-kernel-pkg --package kernel%{?1:-%{1}} --mkinitrd --depmod --update %{KVERREL}%{?1:.%{1}} $NEWKERNARGS || exit $?\
%else\
/sbin/new-kernel-pkg --mkinitrd --depmod --install %{KVERREL}%{?1:.%{1}} || exit $?\
%endif\
%endif}\
-%if "%{distro}" == "Fedora" && %{distrorelease} >= 12\
+%if %{modern_distro}\
/sbin/new-kernel-pkg --package kernel%{?1:-%{1}} --rpmposttrans %{KVERREL}%{?1:.%{1}} || exit $?\
if [ -x /sbin/weak-modules ]\
then\
%endif
%changelog
+* Sat Apr 09 2011 S.Çağlar Onur <caglar@verivue.com> - linux-2.6-32-16
+- bump to 2.6.32-71.24.1.el6, see https://rhn.redhat.com/errata/RHSA-2011-0421.html
+
+* Wed Mar 30 2011 S.Çağlar Onur <caglar@verivue.com> - linux-2.6-32-15
+- refresh vs patch against latest upstream release (aka. vs2.3.0.36.29.4 --> vs2.3.0.36.29.6)
+
+* Sat Mar 26 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.24.1.el6]
+- [fs] Revert "[fs] inotify: stop kernel memory leak on file creation failure" (Eric Paris) [656831 656832] {CVE-2010-4250}
+
+* Thu Mar 24 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.23.1.el6]
+- [x86] Revert "[x86] mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD CPUs" (Frank Arnold) [683813 652208]
+
+* Wed Mar 23 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.22.1.el6]
+- rebuild
+
+* Thu Mar 17 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.21.1.el6]
+- [netdrv] ixgbe: limit VF access to network traffic (Frantisek Hrbata) [684129 678717]
+- [netdrv] ixgbe: work around for DDP last buffer size (Frantisek Hrbata) [684129 678717]
+- [net] gro: reset dev and skb_iff on skb reuse (Andy Gospodarek) [688311 681970]
+- [x86] mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD CPUs (Frank Arnold) [683813 652208]
+- [virt] virtio_net: Add schedule check to napi_enable call (Michael S. Tsirkin) [684268 676579]
+- [s390x] mm: add devmem_is_allowed() for STRICT_DEVMEM checking (Hendrik Brueckner) [684267 647365]
+- [powerpc] Don't use kernel stack with translation off (Steve Best) [684266 628951]
+- [powerpc] Initialise paca->kstack before early_setup_secondary (Steve Best) [684266 628951]
+
+* Wed Mar 16 2011 S.Çağlar Onur <caglar@verivue.com> - linux-2.6-32-14
+- Do not enable CONFIG_SYSFS_DEPRECATED* options for Scientific Linux
+
+* Mon Mar 14 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.20.1.el6]
+- [dvb] kernel: av7110 negative array offset (Mauro Carvalho Chehab) [672403 672404] {CVE-2011-0521}
+- [fs] sunrpc: Correct a misapplied patch (J. Bruce Fields) [678094 678146] {CVE-2011-0714}
+- [netdrv] orinoco: fix TKIP countermeasure behaviour (Stanislaw Gruszka) [667908 667909] {CVE-2010-4648}
+- [kernel] /proc/vmcore: speed up access to vmcore file (Neil Horman) [683442 672937]
+- [netdrv] cnic: Fix big endian bug (Steve Best) [678484 676640]
+- [scsi] fcoe: drop FCoE LOGO in FIP mode (Mike Christie) [683814 668114]
+- [s390x] remove task_show_regs (Danny Feng) [677854 677855] {CVE-2011-0710}
+- [ib] cm: Bump reference count on cm_id before invoking callback (Doug Ledford) [676190 676191] {CVE-2011-0695}
+- [rdma] cm: Fix crash in request handlers (Doug Ledford) [676190 676191] {CVE-2011-0695}
+- [net] bridge: Fix mglist corruption that leads to memory corruption (Herbert Xu) [678172 659421] {CVE-2011-0716}
+- [netdrv] r8169: use RxFIFO overflow workaround and prevent RxFIFO induced infinite loops (Ivan Vecera) [680080 630810]
+- [s390x] kernel: nohz vs cpu hotplug system hang (Hendrik Brueckner) [683815 668470]
+- [netdrv] cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory (Doug Ledford) [633156 633157] {CVE-2010-3296}
+- [configs] redhat: added CONFIG_SECURITY_DMESG_RESTRICT option (Frantisek Hrbata) [683822 653245]
+- [kernel] restrict unprivileged access to kernel syslog (Frantisek Hrbata) [683822 653245]
+- [fs] cifs: allow matching of tcp sessions in CifsNew state (Jeff Layton) [683812 629085]
+- [fs] cifs: fix potential double put of TCP session reference (Jeff Layton) [683812 629085]
+- [fs] cifs: prevent possible memory corruption in cifs_demultiplex_thread (Jeff Layton) [683812 629085]
+- [fs] cifs: eliminate some more premature cifsd exits (Jeff Layton) [683812 629085]
+- [fs] cifs: prevent cifsd from exiting prematurely (Jeff Layton) [683812 629085]
+- [fs] CIFS: Make cifs_convert_address() take a const src pointer and a length (Jeff Layton) [683812 629085]
+- [kdump] kexec: accelerate vmcore copies by marking oldmem in /proc/vmcore as cached (Neil Horman) [683445 641315]
+- [virt] KVM: VMX: Disallow NMI while blocked by STI (Avi Kivity) [683783 616296]
+- [virt] kvm: write protect memory after slot swap (Michael S. Tsirkin) [683781 647367]
+
+* Thu Mar 10 2011 S.Çağlar Onur <caglar@verivue.com> - linux-2.6-32-13
+- bump to 2.6.32-71.18.2.el6, see https://rhn.redhat.com/errata/RHSA-2011-0329.html
+
+* Wed Mar 2 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.18.2.el6]
+- [fs] sunrpc: Correct a misapplied patch (J. Bruce Fields) [678094 678146]
+
+* Fri Feb 25 2011 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-71.19.1.el6]
+- [crypto] sha-s390: Reset index after processing partial block (Herbert Xu) [678996 626515]
+- [net] clear heap allocations for privileged ethtool actions (Jiri Pirko) [672434 672435] {CVE-2010-4655}
+- [usb] iowarrior: don't trust report_size for buffer size (Don Zickus) [672421 672422] {CVE-2010-4656}
+- [virt] virtio: console: Wake up outvq on host notifications (Amit Shah) [678558 643750]
+- [fs] inotify: stop kernel memory leak on file creation failure (Eric Paris) [656831 656832] {CVE-2010-4250}
+- [net] sctp: fix kernel panic resulting from mishandling of icmp dest unreachable msg (Neil Horman) [667028 667029] {CVE-2010-4526}
+- [mm] install_special_mapping skips security_file_mmap check (Frantisek Hrbata) [662198 662199] {CVE-2010-4346}
+- [kdump] vt-d: Handle previous faults after enabling fault handling (Takao Indoh) [678485 617137]
+- [kdump] Enable the intr-remap fault handling after local apic setup (Takao Indoh) [678485 617137]
+- [kdump] vt-d: Fix the vt-d fault handling irq migration in the x2apic mode (Takao Indoh) [678485 617137]
+- [kdump] vt-d: Quirk for masking vtd spec errors to platform error handling logic (Takao Indoh) [678485 617137]
+- [virt] virtio: console: Don't block entire guest if host doesn't read data (Amit Shah) [678562 643751]
+- [virt] virtio: console: Prevent userspace from submitting NULL buffers (Amit Shah) [678559 635535]
+- [virt] virtio: console: Fix poll blocking even though there is data to read (Amit Shah) [678561 634232]
+
* Wed Feb 23 2011 S.Çağlar Onur <caglar@verivue.com> - linux-2.6-32-12
- bump to 2.6.32-71.18.1.el6, see https://rhn.redhat.com/errata/RHSA-2011-0283.html