Linux v4.2-11142-gb0a1ea51bda4
This commit is contained in:
Josh Boyer
parent
c369ee79aa
commit
d6943bfa1c
@ -1,4 +1,4 @@
|
||||
From b890a85619bee4262876ad131eb0565014ae82b0 Mon Sep 17 00:00:00 2001
|
||||
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
@ -26,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 414c3c3d988d..d920a6be6c8b 100644
|
||||
index 85ef051ac6fb..a042b2ece788 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
@@ -600,6 +600,12 @@ typedef struct {
|
||||
u64 table;
|
||||
} efi_config_table_64_t;
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
@ -41,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
u32 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 782d26f02885..bcc71c2f4b80 100644
|
||||
index 02da9f1fd9df..90c73a0564b1 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1933,6 +1933,15 @@ config MODULE_SIG_ALL
|
||||
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
@ -63,7 +63,7 @@ index 782d26f02885..bcc71c2f4b80 100644
|
||||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index e0d7587e7684..566ac6bb720c 100644
|
||||
index d4988410b410..55e886239e7e 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -47,6 +47,7 @@ endif
|
||||
@ -73,8 +73,8 @@ index e0d7587e7684..566ac6bb720c 100644
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
|
||||
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
obj-$(CONFIG_HAS_IOMEM) += memremap.o
|
||||
|
||||
|
||||
@ -5543,6 +5543,8 @@ CONFIG_ZSMALLOC=y
|
||||
# CONFIG_ZSMALLOC_STAT is not set
|
||||
# CONFIG_PGTABLE_MAPPING is not set
|
||||
|
||||
# CONFIG_IDLE_PAGE_TRACKING is not set
|
||||
|
||||
# CONFIG_MDIO_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO_POLLED is not set
|
||||
|
||||
@ -67,7 +67,7 @@ Summary: The Linux kernel
|
||||
# The rc snapshot level
|
||||
%define rcrev 0
|
||||
# The git snapshot level
|
||||
%define gitrev 12
|
||||
%define gitrev 13
|
||||
# Set rpm version accordingly
|
||||
%define rpmversion 4.%{upstream_sublevel}.0
|
||||
%endif
|
||||
@ -2044,6 +2044,9 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Sep 11 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.0-0.rc0.git13.1
|
||||
- Linux v4.2-11142-gb0a1ea51bda4
|
||||
|
||||
* Fri Sep 11 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.0-0.rc0.git12.1
|
||||
- Linux v4.2-10963-g519f526d391b
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 1fc498d024c07e39105c060603e40cb7bc6bd5b8 Mon Sep 17 00:00:00 2001
|
||||
From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH 08/20] kexec: Disable at runtime if the kernel enforces module
|
||||
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
|
||||
loading restrictions
|
||||
|
||||
kexec permits the loading and execution of arbitrary code in ring 0, which
|
||||
@ -14,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index a785c1015e25..81d6b404f33c 100644
|
||||
index 4c5edc357923..db431971dbd4 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/mm.h>
|
||||
#include <linux/file.h>
|
||||
#include <linux/kexec.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
#include <linux/mutex.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/syscalls.h>
|
||||
@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user