diff --git a/config.tar.bz2 b/config.tar.bz2 index b253f9ca..456ca700 100644 --- a/config.tar.bz2 +++ b/config.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1206597af5c7e843e35816a3b208f11400c09d620992a80b7c8c1198592c591f -size 213703 +oid sha256:5e59edc7c43c8ab775b9791d34c41679a9447d5af1a0574a9f03fa05a9291397 +size 213759 diff --git a/dtb-aarch64.changes b/dtb-aarch64.changes index c6b122b2..341a5da8 100644 --- a/dtb-aarch64.changes +++ b/dtb-aarch64.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/dtb-aarch64.spec b/dtb-aarch64.spec index 9b9b0607..c4adea70 100644 --- a/dtb-aarch64.spec +++ b/dtb-aarch64.spec @@ -31,7 +31,7 @@ Name: dtb-aarch64 Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif diff --git a/dtb-armv6l.changes b/dtb-armv6l.changes index c6b122b2..341a5da8 100644 --- a/dtb-armv6l.changes +++ b/dtb-armv6l.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/dtb-armv6l.spec b/dtb-armv6l.spec index 996778ec..38794a6b 100644 --- a/dtb-armv6l.spec +++ b/dtb-armv6l.spec @@ -31,7 +31,7 @@ Name: dtb-armv6l Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif diff --git a/dtb-armv7l.changes b/dtb-armv7l.changes index c6b122b2..341a5da8 100644 --- a/dtb-armv7l.changes +++ b/dtb-armv7l.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/dtb-armv7l.spec b/dtb-armv7l.spec index 935173e1..ac9910ec 100644 --- a/dtb-armv7l.spec +++ b/dtb-armv7l.spec @@ -31,7 +31,7 @@ Name: dtb-armv7l Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif diff --git a/kernel-64kb.changes b/kernel-64kb.changes index c6b122b2..341a5da8 100644 --- a/kernel-64kb.changes +++ b/kernel-64kb.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-64kb.spec b/kernel-64kb.spec index cf4e2be0..59131482 100644 --- a/kernel-64kb.spec +++ b/kernel-64kb.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh diff --git a/kernel-debug.changes b/kernel-debug.changes index c6b122b2..341a5da8 100644 --- a/kernel-debug.changes +++ b/kernel-debug.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-debug.spec b/kernel-debug.spec index a411de41..ff8fe65f 100644 --- a/kernel-debug.spec +++ b/kernel-debug.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 diff --git a/kernel-default.changes b/kernel-default.changes index c6b122b2..341a5da8 100644 --- a/kernel-default.changes +++ b/kernel-default.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-default.spec b/kernel-default.spec index 39fc5ff0..ad5191e4 100644 --- a/kernel-default.spec +++ b/kernel-default.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 diff --git a/kernel-docs.changes b/kernel-docs.changes index c6b122b2..341a5da8 100644 --- a/kernel-docs.changes +++ b/kernel-docs.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-docs.spec b/kernel-docs.spec index 9dd92557..255365df 100644 --- a/kernel-docs.spec +++ b/kernel-docs.spec @@ -33,7 +33,7 @@ License: GPL-2.0 Group: Documentation/Man Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -63,7 +63,7 @@ BuildRequires: texlive-zapfding %endif Url: http://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz diff --git a/kernel-kvmsmall.changes b/kernel-kvmsmall.changes index c6b122b2..341a5da8 100644 --- a/kernel-kvmsmall.changes +++ b/kernel-kvmsmall.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-kvmsmall.spec b/kernel-kvmsmall.spec index 99c32a9e..f5d0ff75 100644 --- a/kernel-kvmsmall.spec +++ b/kernel-kvmsmall.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh diff --git a/kernel-lpae.changes b/kernel-lpae.changes index c6b122b2..341a5da8 100644 --- a/kernel-lpae.changes +++ b/kernel-lpae.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-lpae.spec b/kernel-lpae.spec index 697f450a..e1e375e7 100644 --- a/kernel-lpae.spec +++ b/kernel-lpae.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes index c6b122b2..341a5da8 100644 --- a/kernel-obs-build.changes +++ b/kernel-obs-build.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec index cf06fb60..bde2bd56 100644 --- a/kernel-obs-build.spec +++ b/kernel-obs-build.spec @@ -45,7 +45,7 @@ BuildRequires: util-linux %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash-533dae19dd625d5978c3334db69118d063a58630 +BuildRequires: kernel%kernel_flavor-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %if 0%{?rhel_version} BuildRequires: kernel @@ -66,7 +66,7 @@ License: GPL-2.0 Group: SLES Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes index c6b122b2..341a5da8 100644 --- a/kernel-obs-qa.changes +++ b/kernel-obs-qa.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec index e5c929b2..a5ad91e2 100644 --- a/kernel-obs-qa.spec +++ b/kernel-obs-qa.spec @@ -38,7 +38,7 @@ License: GPL-2.0 Group: SLES Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif diff --git a/kernel-pae.changes b/kernel-pae.changes index c6b122b2..341a5da8 100644 --- a/kernel-pae.changes +++ b/kernel-pae.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-pae.spec b/kernel-pae.spec index 6a1eef7f..b2e5294a 100644 --- a/kernel-pae.spec +++ b/kernel-pae.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 diff --git a/kernel-source.changes b/kernel-source.changes index c6b122b2..341a5da8 100644 --- a/kernel-source.changes +++ b/kernel-source.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-source.spec b/kernel-source.spec index 7db8039c..950393fa 100644 --- a/kernel-source.spec +++ b/kernel-source.spec @@ -32,7 +32,7 @@ License: GPL-2.0 Group: Development/Sources Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -43,7 +43,7 @@ BuildRequires: fdupes BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d Provides: linux Provides: multiversion(kernel) Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz diff --git a/kernel-syms.changes b/kernel-syms.changes index c6b122b2..341a5da8 100644 --- a/kernel-syms.changes +++ b/kernel-syms.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-syms.spec b/kernel-syms.spec index a4b9c07e..d1646c4a 100644 --- a/kernel-syms.spec +++ b/kernel-syms.spec @@ -27,7 +27,7 @@ Group: Development/Sources Version: 5.2.11 %if %using_buildservice %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -52,7 +52,7 @@ Requires: kernel-pae-devel = %version-%source_rel %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel diff --git a/kernel-vanilla.changes b/kernel-vanilla.changes index c6b122b2..341a5da8 100644 --- a/kernel-vanilla.changes +++ b/kernel-vanilla.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-vanilla.spec b/kernel-vanilla.spec index 3ca23485..8412d6b2 100644 --- a/kernel-vanilla.spec +++ b/kernel-vanilla.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh diff --git a/kernel-zfcpdump.changes b/kernel-zfcpdump.changes index c6b122b2..341a5da8 100644 --- a/kernel-zfcpdump.changes +++ b/kernel-zfcpdump.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 3 12:47:56 CEST 2019 - mkubecek@suse.cz + +- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365) + Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x + (where the feature is not available). This extends the number of functions + which are protected by "stack canary" check to catch functions writing past + their stack frame. + This change was requested by SUSE security to make our kernels more + resistant to some types of stack overflow attacks. Tests performed by + kernel performance teams confirmed that performance impact is acceptable. +- commit d6e8aab + ------------------------------------------------------------------- Thu Aug 29 08:41:19 CEST 2019 - jslaby@suse.cz diff --git a/kernel-zfcpdump.spec b/kernel-zfcpdump.spec index 0b134fec..bdc0b65e 100644 --- a/kernel-zfcpdump.spec +++ b/kernel-zfcpdump.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: System/Kernel Version: 5.2.11 %if 0%{?is_kotd} -Release: .g533dae1 +Release: .gd6e8aab %else Release: 0 %endif @@ -171,10 +171,10 @@ Conflicts: hyper-v < 4 Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-533dae19dd625d5978c3334db69118d063a58630 -Provides: kernel-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: kernel-%build_flavor-base-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d +Provides: kernel-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d # END COMMON DEPS -Provides: %name-srchash-533dae19dd625d5978c3334db69118d063a58630 +Provides: %name-srchash-d6e8aab45978d5943878ae13ab2b290e693aff4d %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh diff --git a/source-timestamp b/source-timestamp index b7eb5a30..860ca210 100644 --- a/source-timestamp +++ b/source-timestamp @@ -1,3 +1,3 @@ -2019-09-03 09:43:17 +0000 -GIT Revision: 533dae19dd625d5978c3334db69118d063a58630 +2019-09-04 06:10:12 +0000 +GIT Revision: d6e8aab45978d5943878ae13ab2b290e693aff4d GIT Branch: stable