# that the kernel isn't the stock distribution kernel, for example,
# by setting the define to ".local" or ".bz123456"
#
-%define buildid .mos64
+# % define buildid .local
-%define distro_build 504.1.3
+%define distro_build 504.16.2
%define signmodules 1
# if patch fuzzy patch applying will be forbidden
%endif
# The kernel tarball/base version
-%define kversion 2.6.32-504.1.3.el6
+%define kversion 2.6.32-504.16.2.el6
%define make_target bzImage
%define all_arch_configs kernel-%{version}-i?86*.config
%define image_install_path boot
%define kernel_image arch/x86/boot/bzImage
-%define with_perf 1
-%define with_firmware 1
%endif
%ifarch x86_64
%define all_arch_configs kernel-%{version}-x86_64*.config
%define image_install_path boot
%define kernel_image arch/x86/boot/bzImage
-%define with_perf 1
-%define with_firmware 1
%endif
%ifarch ppc64
BuildRequires: bzip2, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config
BuildRequires: net-tools, patchutils, rpm-build >= 4.8.0-7
-BuildRequires: xmlto, asciidoc, kernel-headers
+BuildRequires: xmlto, asciidoc
%if %{with_sparse}
BuildRequires: sparse >= 0.4.1
%endif
%define strip_cmd strip
%endif
-Source0: linux-2.6.32-504.1.3.el6.tar.bz2
+Source0: linux-2.6.32-504.16.2.el6.tar.bz2
Source1: Makefile.common
Source85: config-powerpc64-debug-rhel
Source86: config-s390x-debug-rhel
-# Fix LP#1456605
-Patch1: fix-do_tcp_sendpages.patch
# empty final patch file to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
Obsoletes: kabi-whitelists
Provides: kabi-whitelists
%description -n kernel-abi-whitelists
-The kABI package contains information pertaining to the CentOS
+The kABI package contains information pertaining to the CentOS
Linux kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement.
# Dynamically generate kernel .config files from config-* files
make -f %{SOURCE20} VERSION=%{version} configs
-ApplyPatch fix-do_tcp_sendpages.patch
ApplyOptionalPatch linux-kernel-test.patch
# Any further pre-build tree manipulations happen here.
cd linux-%{KVERREL}
-#HACK for obs to access rights for find-provides script
-chmod +x %_sourcedir/find-provides
-
%if %{with_up}
BuildKernel %make_target %kernel_image
%endif
%endif
%changelog
-* Tue Nov 11 2014 Johnny Hughes <johnny@centos.org> [2.6.32-504.1.3.el6]
+* Tue Apr 21 2015 Johnny Hughes <johnny@centos.org> [2.6.32-504.16.2.el6]
- Roll in CentOS Branding
-* Fri Oct 31 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.1.3.el6]
+* Tue Mar 10 2015 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-504.16.2.el6]
+- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
+
+* Mon Mar 09 2015 Frantisek Hrbata <fhrbata@redhat.com> [2.6.32-504.16.1.el6]
+- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559]
+- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529}
+- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}
+- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559]
+- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334]
+- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013]
+- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395]
+- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395]
+- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314]
+- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115]
+- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690}
+- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584}
+- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763]
+- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884}
+- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825}
+- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831]
+- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]
+- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925]
+- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398]
+- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061]
+- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
+- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}
+- [security] Add PR_<GET, SET>_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}
+
+* Wed Mar 04 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.15.1.el6]
+- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061]
+- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540]
+- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540]
+- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]
+- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540]
+- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]
+- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540]
+- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]
+- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540]
+- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168]
+
+* Wed Feb 18 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.14.1.el6]
+- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137]
+- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059]
+- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059]
+- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059]
+- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405]
+- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405]
+
+* Sun Feb 08 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.13.1.el6]
+- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]
+- [scsi] Revert "fix our current target reap infrastructure" (David Milburn) [1188941 1168072]
+- [scsi] Revert "dual scan thread bug fix" (David Milburn) [1188941 1168072]
+- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289]
+- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289]
+- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289]
+- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289]
+- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]
+- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]
+- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289]
+
+* Fri Jan 30 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.12.1.el6]
+- [fs] splice: perform generic write checks (Eric Sandeen) [1163798 1155900] {CVE-2014-7822}
+
+* Tue Jan 27 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.11.1.el6]
+- [virt] kvm: excessive pages un-pinning in kvm_iommu_map error path (Jacob Tanenbaum) [1156520 1156521] {CVE-2014-8369}
+- [x86] crypto: Add support for 192 & 256 bit keys to AESNI RFC4106 (Jarod Wilson) [1184332 1176211]
+- [block] nvme: Clear QUEUE_FLAG_STACKABLE (David Milburn) [1180555 1155715]
+- [net] netfilter: conntrack: disable generic tracking for known protocols (Daniel Borkmann) [1182071 1114697] {CVE-2014-8160}
+- [xen] pvhvm: Fix vcpu hotplugging hanging (Vitaly Kuznetsov) [1179343 1164278]
+- [xen] pvhvm: Don't point per_cpu(xen_vpcu, 33 and larger) to shared_info (Vitaly Kuznetsov) [1179343 1164278]
+- [xen] enable PVHVM VCPU placement when using more than 32 CPUs (Vitaly Kuznetsov) [1179343 1164278]
+- [xen] support large numbers of CPUs with vcpu info placement (Vitaly Kuznetsov) [1179343 1164278]
+
+* Thu Jan 22 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.10.1.el6]
+- [netdrv] tg3: Change nvram command timeout value to 50ms (Ivan Vecera) [1182903 1176230]
+
+* Thu Jan 08 2015 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.9.1.el6]
+- [net] ipv6: increase ip6_rt_max_size to 16384 (Hannes Frederic Sowa) [1177581 1112946]
+- [net] ipv6: don't set DST_NOCOUNT for remotely added routes (Hannes Frederic Sowa) [1177581 1112946]
+- [net] ipv6: don't count addrconf generated routes against gc limit (Hannes Frederic Sowa) [1177581 1112946]
+- [net] ipv6: Don't put artificial limit on routing table size (Hannes Frederic Sowa) [1177581 1112946]
+- [scsi] bnx2fc: fix tgt spinlock locking (Maurizio Lombardi) [1179098 1079656]
+
+* Fri Dec 19 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.8.1.el6]
+- [crypto] crc32c: Kill pointless CRYPTO_CRC32C_X86_64 option (Jarod Wilson) [1175509 1036212]
+- [crypto] testmgr: add larger crc32c test vector to test FPU path in crc32c_intel (Jarod Wilson) [1175509 1036212]
+- [crypto] tcrypt: Added speed test in tcrypt for crc32c (Jarod Wilson) [1175509 1036212]
+- [crypto] crc32c: Optimize CRC32C calculation with PCLMULQDQ instruction (Jarod Wilson) [1175509 1036212]
+- [crypto] crc32c: Rename crc32c-intel.c to crc32c-intel_glue.c (Jarod Wilson) [1175509 1036212]
+
+* Mon Dec 15 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.7.1.el6]
+- [kernel] ipc/sem: Fully initialize sem_array before making it visible (Rik van Riel) [1172029 1165277]
+- [kernel] ipc/sem: synchronize semop and semctl with IPC_RMID (Rik van Riel) [1172029 1165277]
+- [kernel] ipc/sem: update sem_otime for all operations (Larry Woodman) [1172025 1168588]
+- [fs] fuse: prevent null nd panic on dentry revalidate (Brian Foster) [1172022 1162782]
+- [net] netfilter: ipset: timeout values corrupted on set resize (Marcelo Leitner) [1172764 1152754]
+- [net] netfilter: fix xt_TCPOPTSTRIP in forwarding path (Marcelo Leitner) [1172027 1135650]
+- [usb] ehci: Fix panic on hotplug race condition (Don Zickus) [1172024 1107010]
+- [usb] usb_wwan: replace release and disconnect with a port_remove hook (Stanislaw Gruszka) [1172030 1148615]
+- [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322}
+
+* Tue Dec 09 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.6.1.el6]
+- [fs] ext4: don't count external journal blocks as overhead (Eric Sandeen) [1168504 1163811]
+- [net] sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [1163090 1153980] {CVE-2014-7841}
+- [netdrv] e100: fix typo in MDI/MDI-X eeprom check in e100_phy_init (John Greene) [1165985 1156417]
+- [powerpc] Add smp_mb()s to arch_spin_unlock_wait() (Gustavo Duarte) [1165986 1136224]
+- [powerpc] Add smp_mb() to arch_spin_is_locked() (Gustavo Duarte) [1165986 1136224]
+- [kernel] cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags (Aaron Tomlin) [1165002 1045310]
+- [documentation] cpuset: Update the cpuset flag file (Aaron Tomlin) [1165002 1045310]
+- [alsa] control: Make sure that id->index does not overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656}
+- [alsa] control: Handle numid overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656}
+- [s390] mm: fix SIGBUS handling (Hendrik Brueckner) [1169433 1145070]
+- [fs] gfs2: fix bad inode i_goal values during block allocation (Abhijith Das) [1165001 1130684]
+- [md] dm-thin: fix pool_io_hints to avoid looking at max_hw_sectors (Mike Snitzer) [1161420 1161421 1142773 1145230]
+
+* Tue Dec 02 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.5.1.el6]
+- [fs] nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG entry (J. Bruce Fields) [1168129 1150675]
+
+* Tue Nov 18 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.4.1.el6]
+- [fs] nfs: Make sure pre_change_attr is initialized correctly (Scott Mayhew) [1163214 1160042]
+- [usb] ehci: Fix a regression in the ISO scheduler (Gustavo Duarte) [1162072 1145805]
+
+* Thu Nov 13 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.3.1.el6]
+- [s390] zcrypt: toleration of new crypto adapter hardware (Hendrik Brueckner) [1158311 1134984]
+- [s390] zcrypt: support for extended number of ap domains (Hendrik Brueckner) [1158311 1134984]
+- [md] dm-thin: fix potential for infinite loop in pool_io_hints (Mike Snitzer) [1161420 1161421 1142773 1145230]
+
+* Sun Nov 09 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.2.1.el6]
+- [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142319 1142320] {CVE-2014-6410}
+- [fs] isofs: unbound recursion when processing relocated directories (Jacob Tanenbaum) [1142268 1142269] {CVE-2014-5472 CVE-2014-5471}
+- [net] ipv6: delete expired route in ip6_pmtu_deliver (Hannes Frederic Sowa) [1161418 1156137]
+- [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155746 1154676] {CVE-2014-3688}
+- [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155733 1154676] {CVE-2014-3687}
+- [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147857 1154676] {CVE-2014-3673}
+- [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147857 1154676]
+- [md] dm-thin: refactor requeue_io to eliminate spinlock bouncing (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: optimize retry_bios_on_resume (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: sort the deferred cells (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: direct dispatch when breaking sharing (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: remap the bios in a cell immediately (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: defer whole cells rather than individual bios (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: factor out remap_and_issue_overwrite (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: performance improvement to discard processing (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: grab a virtual cell before looking up the mapping (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: implement thin_merge (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm: improve documentation and code clarity in dm_merge_bvec (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: adjust max_sectors_kb based on thinp blocksize (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] block: fix alignment_offset math that assumes io_min is a power-of-2 (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: throttle incoming IO (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: prefetch missing metadata pages (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-transaction-manager: add support for prefetching blocks of metadata (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin-metadata: change dm_thin_find_block to allow blocking, but not issuing, IO (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-bio-prison: switch to using a red black tree (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-bufio: evict buffers that are past the max age but retain some buffers (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-bufio: switch from a huge hash table to an rbtree (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-bufio: update last_accessed when relinking a buffer (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-bufio: use kzalloc when allocating dm_bufio_client (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin-metadata: do not allow the data block size to change (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: cleanup noflush_work to use a proper completion (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [md] dm-thin: fix DMERR typo in pool_status error path (Mike Snitzer) [1161420 1161421 1142773 1145230]
+- [fs] xfs: xlog_cil_force_lsn doesn't always wait correctly (Eric Sandeen) [1158325 1133304]
+- [netdrv] ixgbe: allow TXDCTL.WRTHRESH to be 1 will small ITR values (John Greene) [1158326 1132267]
+- [netdrv] ixgbe: Intel Change to allow itr changes without CONFIG_BQL support (John Greene) [1158326 1132267]
+- [video] offb: Fix setting of the pseudo-palette for >8bpp (Gerd Hoffmann) [1158328 1142450]
+- [video] offb: Add palette hack for qemu "standard vga" framebuffer (Gerd Hoffmann) [1158328 1142450]
+- [video] offb: Fix bug in calculating requested vram size (Gerd Hoffmann) [1158328 1142450]
+- [net] sock_queue_err_skb() dont mess with sk_forward_alloc (Jiri Benc) [1155427 1148257]
+- [net] guard tcp_set_keepalive() to tcp sockets (Florian Westphal) [1141744 1141746] {CVE-2012-6657}
- Revert: [net] revert "bridge: Set vlan_features to allow offloads on vlans" (Vlad Yasevich) [1144442 1121991]
-
-* Wed Oct 15 2014 Radomir Vrbovsky <rvrbovsk@redhat.com> [2.6.32-504.1.2.el6]
- [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611}
- [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645}