Linux v5.1.6

Fix CVE-2019-12378 CVE-2019-3846 CVE-2019-12380 CVE-2019-12381 CVE-2019-12382 CVE-2019-12379

scripts/rawhide-rc.sh

@@ -22,19 +22,20 @@ BASE=`grep "%define base_sublevel" kernel.spec| cut -d ' ' -f 3`
 OLDBASE=$BASE
 # See comment in kernel.spec about the base numbering
 BASE=$(($BASE+1))
+MAJORVER=5
 
 # Kill all patches
 awk '!/patch/ { print $0 }' < sources > sources.tmp
 mv sources.tmp sources
 
 # Grab the tarball
-if [ ! -f patch-4.$BASE-rc$RC.xz ]; then
-	wget -O patch-4.$BASE-rc$RC https://git.kernel.org/torvalds/p/v4.$BASE-rc$RC/v4.$OLDBASE
+if [ ! -f patch-$MAJORVER.$BASE-rc$RC.xz ]; then
+	wget -O patch-$MAJORVER.$BASE-rc$RC https://git.kernel.org/torvalds/p/v$MAJORVER.$BASE-rc$RC/v$MAJORVER.$OLDBASE
 	if [ ! $? -eq 0 ]; then
 		exit 1
 	fi
-	xz -9 patch-4.$BASE-rc$RC
-	fedpkg upload patch-4.$BASE-rc$RC.xz
+	xz -9 patch-$MAJORVER.$BASE-rc$RC
+	fedpkg upload patch-$MAJORVER.$BASE-rc$RC.xz
 fi
 
 # bump rcrev in the spec and set git snapshot to 0
@@ -44,6 +45,6 @@ perl -p -i -e 's|%define gitrev.*|%define gitrev 0|' kernel.spec
 
 perl -p -i -e 's|%global baserelease.*|%global baserelease 0|' kernel.spec
 
-rpmdev-bumpspec -c "Linux v4.$BASE-rc$RC" kernel.spec
+rpmdev-bumpspec -c "Linux v$MAJORVER.$BASE-rc$RC" kernel.spec
 
 echo "Don't forget to bump kernel-tools"

scripts/stable-update.sh

@@ -42,6 +42,23 @@ if [ ! -f patch-$1.xz ]; then
 	fi
 fi
 
+# This all needs to be updated for the new generation system
+#
+# if [ ! -f "patch-$1.sign" ]; then
+#        wget "https://cdn.kernel.org/pub/linux/kernel/v4.x/patch-$1.sign"
+#        if [ ! $? -eq 0 ]; then
+#                echo "Signature download failed"
+#                exit 1
+#        fi
+# fi
+
+# xzcat "patch-$1.xz" | gpg2 --verify "patch-$1.sign" -
+# if [ ! $? -eq 0 ]; then
+#        echo "Patch file has invalid or untrusted signature!"
+#        echo "See https://www.kernel.org/category/signatures.html"
+#        exit 1
+# fi
+
 grep $1 sources &> /dev/null
 if [ ! $? -eq 0 ]; then
 	fedpkg upload patch-$1.xz