RELEASE=5.0
# also update proxmox-ve/changelog if you change KERNEL_VER or KREL
-KERNEL_VER=4.10.8
-PKGREL=6
+KERNEL_VER=4.10.15
+PKGREL=11
# also include firmware of previous version into
# the fw package: fwlist-2.6.32-PREV-pve
KREL=1
PACKAGE=pve-kernel-${KVNAME}
HDRPACKAGE=pve-headers-${KVNAME}
-ARCH=amd64
+ARCH=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
+
+# amd64/x86_64/x86 share the arch subdirectory in the kernel, 'x86' so we need
+# a mapping
+KERNEL_ARCH=x86
+ifneq (${ARCH}, amd64)
+KERNEL_ARCH=${ARCH}
+endif
+
GITVERSION:=$(shell cat .git/refs/heads/master)
CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate -lchangelog.Debian)
export SOURCE_DATE_EPOCH ?= $(shell dpkg-parsechangelog -STimestamp -lchangelog.Debian)
VIRTUAL_HDR_DEB=${VIRTUALHDRPACKAGE}_${RELEASE}-${PKGREL}_all.deb
LINUX_TOOLS_PKG=linux-tools-4.10
-LINUX_TOOLS_DEB=${LINUX_TOOLS_PKG}_${KERNEL_VER}-${PKGREL}_amd64.deb
+LINUX_TOOLS_DEB=${LINUX_TOOLS_PKG}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
DEBS=${DST_DEB} ${HDR_DEB} ${PVE_DEB} ${VIRTUAL_HDR_DEB} ${LINUX_TOOLS_DEB}
${DST_DEB}: data control.in prerm.in postinst.in postrm.in copyright changelog.Debian | fwcheck abicheck
mkdir -p data/DEBIAN
- sed -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@KVNAME@/${KVNAME}/' -e 's/@PKGREL@/${PKGREL}/' <control.in >data/DEBIAN/control
+ sed -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@KVNAME@/${KVNAME}/' -e 's/@PKGREL@/${PKGREL}/' -e 's/@ARCH@/${ARCH}/' <control.in >data/DEBIAN/control
sed -e 's/@@KVNAME@@/${KVNAME}/g' <prerm.in >data/DEBIAN/prerm
chmod 0755 data/DEBIAN/prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' <postinst.in >data/DEBIAN/postinst
mkdir tmp/boot
install -m 644 ${KERNEL_SRC}/.config tmp/boot/config-${KVNAME}
install -m 644 ${KERNEL_SRC}/System.map tmp/boot/System.map-${KVNAME}
- install -m 644 ${KERNEL_SRC}/arch/x86_64/boot/bzImage tmp/boot/vmlinuz-${KVNAME}
+ install -m 644 ${KERNEL_SRC}/arch/${KERNEL_ARCH}/boot/bzImage tmp/boot/vmlinuz-${KVNAME}
cd ${KERNEL_SRC}; make INSTALL_MOD_PATH=../tmp/ modules_install
## install latest ibg driver
install -m 644 igb.ko tmp/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/igb/
${KERNEL_SRC}/README ${KERNEL_CFG_ORG}: ${KERNEL_SRC_SUBMODULE} | submodules
rm -rf ${KERNEL_SRC}
cp -a ${KERNEL_SRC_SUBMODULE} ${KERNEL_SRC}
- cat ${KERNEL_SRC}/debian.master/config/config.common.ubuntu ${KERNEL_SRC}/debian.master/config/amd64/config.common.amd64 ${KERNEL_SRC}/debian.master/config/amd64/config.flavour.generic > ${KERNEL_CFG_ORG}
+ cat ${KERNEL_SRC}/debian.master/config/config.common.ubuntu ${KERNEL_SRC}/debian.master/config/${ARCH}/config.common.${ARCH} ${KERNEL_SRC}/debian.master/config/${ARCH}/config.flavour.generic > ${KERNEL_CFG_ORG}
cd ${KERNEL_SRC}; patch -p1 < ../uname-version-timestamp.patch
cd ${KERNEL_SRC}; patch -p1 <../bridge-patch.diff
#cd ${KERNEL_SRC}; patch -p1 <../bridge-forward-ipv6-neighbor-solicitation.patch
#cd ${KERNEL_SRC}; patch -p1 <../vhost-net-extend-device-allocation-to-vmalloc.patch
cd ${KERNEL_SRC}; patch -p1 < ../kvm-dynamic-halt-polling-disable-default.patch
cd ${KERNEL_SRC}; patch -p1 < ../cgroup-cpuset-add-cpuset.remap_cpus.patch
- cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-2596-kvm-page-reference-leakage-in-handle_vmon.patch
cd ${KERNEL_SRC}; patch -p1 < ../openvswitch-Set-internal-device-max-mtu-to-ETH_MAX_M.patch
- cd ${KERNEL_SRC}; patch -p1 < ../0001-net-sched-actions-fix-access-to-uninitialized-data.patch
- cd ${KERNEL_SRC}; patch -p1 < ../0002-net-sched-actions-decrement-module-refcount-earlier.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../0001-netfilter-nft_set_rbtree-handle-re-addition-element-.patch # DoS from within (unpriv) containers
+ cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-8890-dccp-tcp-do-not-inherit-mc_list-from-parent.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-9074-ipv6-Prevent-overrun-when-parsing-v6-header-options.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-9074-2-ipv6-Check-ip6_find_1stfragopt-return-value-properly.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-9075-sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-9076_9077-ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-9242-ipv6-fix-out-of-bound-writes-in-__ip6_append_data.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../pinctl-amd-ryzen-01-make-use-of-raw_spinlock-variants.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../pinctl-amd-ryzen-02-Use-regular-interrupt-instead-of-chained.patch
sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
touch $@
${HDR_DEB} hdr: .compile_mark headers-control.in headers-postinst.in
rm -rf $(headers_tmp)
install -d $(headers_tmp)/DEBIAN $(headers_dir)/include/
- sed -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@KVNAME@/${KVNAME}/' -e 's/@PKGREL@/${PKGREL}/' <headers-control.in >$(headers_tmp)/DEBIAN/control
+ sed -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@KVNAME@/${KVNAME}/' -e 's/@PKGREL@/${PKGREL}/' -e 's/@ARCH@/${ARCH}/' <headers-control.in >$(headers_tmp)/DEBIAN/control
sed -e 's/@@KVNAME@@/${KVNAME}/g' <headers-postinst.in >$(headers_tmp)/DEBIAN/postinst
chmod 0755 $(headers_tmp)/DEBIAN/postinst
install -D -m 644 copyright $(headers_tmp)/usr/share/doc/${HDRPACKAGE}/copyright
-name '*.sh' -o -name '*.pl' \) \
-print | cpio -pd --preserve-modification-time $(headers_dir)
cd ${KERNEL_SRC}; cp -a include scripts $(headers_dir)
- cd ${KERNEL_SRC}; (find arch/x86 -name include -type d -print | \
+ cd ${KERNEL_SRC}; (find arch/${KERNEL_ARCH} -name include -type d -print | \
xargs -n1 -i: find : -type f) | \
cpio -pd --preserve-modification-time $(headers_dir)
mkdir -p ${headers_tmp}/lib/modules/${KVNAME}
projects / pve-kernel.git / blobdiff