starlingx/integ
Code Issues Proposed changes

Upgrade kernel to version kernel-3.10.0-957.21.3.el7

Browse Source 
Security Fix(es):
(CVE-2019-11477)-
An integer overflow flaw was found in the way
the Linux kernel's networking subsystem processed
TCP Selective Acknowledgment (SACK) segments.
While processing SACK segments,
the Linux kernel's socket buffer (SKB) data structure
becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes.
To efficiently process SACK blocks, the Linux kernel merges
multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments.
A remote attacker could use this flaw to crash the Linux kernel
by sending a crafted sequence of SACK segments on a TCP
connection with small value of TCP MSS,
resulting in a denial of service (DoS).

(CVE-2019-11478)-
Kernel: tcp: excessive resource consumption while processing SACK
blocks allows remote denial of service.

(CVE-2019-11479)-
Kernel: tcp: excessive resource consumption for TCP connections with low MSS
allows remote denial of service.

Details:
https://access.redhat.com/errata/RHSA-2019:1481
https://access.redhat.com/errata/RHSA-2019:1486
https://nvd.nist.gov/vuln/detail/

Closes-Bug: 1836685
Depends-On: https://review.opendev.org/670856
Change-Id: I150bdf60cec23058e656c60a3fdd677a14259795
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
This commit is contained in:
zhao.shuai 2019-07-15 23:21:11 +08:00
parent c57df403ce
commit 0d33fc27e2
5 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/kernel-std/centos/build_srpm.data
View File

@ -1,4 +1,4 @@
COPY_LIST="files/*"
TIS_PATCH_VER=3
TIS_PATCH_VER=1
BUILD_IS_BIG=11
BUILD_IS_SLOW=12

13
kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch
View File

@ -4,12 +4,13 @@ Date: Fri, 20 Apr 2018 14:51:56 -0400
Subject: [PATCH] Build logic and sources for TiC
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
---
SPECS/kernel.spec | 73 +++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 60 insertions(+), 13 deletions(-)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 1c3a765..f2499b4 100644
index 852fd10..e42177e 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -5,7 +5,8 @@ Summary: The Linux kernel
@ -26,13 +27,13 @@ index 1c3a765..f2499b4 100644
%global distro_build 957
%define rpmversion 3.10.0
-%define pkgrelease 957.12.2.el7
+%define _pkgrelease 957.12.2
-%define pkgrelease 957.21.3.el7
+%define _pkgrelease 957.21.3
+%define pkgrelease %{_pkgrelease}.el7
+
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 957.12.2%{?dist}
%define specrelease 957.21.3%{?dist}
-%define pkg_release %{specrelease}%{?buildid}
+%define pkg_release %{specrelease}%{buildid}
@ -224,8 +225,8 @@ index 1c3a765..f2499b4 100644
+%endif
+
%changelog
* Tue May 14 2019 CentOS Sources <bugs@centos.org> - 3.10.0-957.12.2.el7
* Mon Jun 17 2019 CentOS Sources <bugs@centos.org> - 3.10.0-957.21.3.el7
- Apply debranding changes
--
2.7.4
1.8.3.1

12
kernel/kernel-std/centos/meta_patches/Compile-issues.patch
View File

@ -1,15 +1,15 @@
From e49a8758922e1f23c4e77dd19cf4eb1f80263763 Mon Sep 17 00:00:00 2001
From: Bin Yang <bin.yang@intel.com>
Date: Wed, 31 Jul 2019 10:50:03 +0800
From a38da63c3677f78c33b3896699788bd5eb77116e Mon Sep 17 00:00:00 2001
From: "zhao.shuai" <zhaos@neusoft.com>
Date: Tue, 6 Aug 2019 16:18:04 +0800
Subject: [PATCH 3/3] Compile issues
Signed-off-by: Bin Yang <bin.yang@intel.com>
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
---
SPECS/kernel.spec | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 9149019..b8fb9f9 100644
index 418cdd0..a5de0aa 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -491,6 +491,12 @@ Patch40025: dpt_i2o-fix-build-warning.patch
@ -36,5 +36,5 @@ index 9149019..b8fb9f9 100644
# Any further pre-build tree manipulations happen here.
--
2.7.4
1.8.3.1

14
kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch
View File

@ -1,15 +1,15 @@
From 7191a6f784f12e295e508f105da4cfde518a64e7 Mon Sep 17 00:00:00 2001
From: Bin Yang <bin.yang@intel.com>
Date: Wed, 31 Jul 2019 10:49:20 +0800
Subject: [PATCH 2/3] Kernel source patches for TiC
From e9f7eeea6002b26912b6434c324ac19c2987afe8 Mon Sep 17 00:00:00 2001
From: "zhao.shuai" <zhaos@neusoft.com>
Date: Mon, 5 Aug 2019 17:55:01 +0800
Subject: [PATCH 2/3] Kernel-source-patches-for-TiC
Signed-off-by: Bin Yang <bin.yang@intel.com>
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
---
SPECS/kernel.spec | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 5b93a98..9149019 100644
index e42177e..418cdd0 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -460,6 +460,38 @@ Patch1002: debrand-rh-i686-cpu.patch
@ -88,5 +88,5 @@ index 5b93a98..9149019 100644
chmod +x scripts/checkpatch.pl
--
2.7.4
1.8.3.1

2
kernel/kernel-std/centos/srpm_path
View File

@ -1,2 +1,2 @@
mirror:Source/kernel-3.10.0-957.12.2.el7.src.rpm
mirror:Source/kernel-3.10.0-957.21.3.el7.src.rpm