update to 5.09

- resolves: #1893576

.gitignore

@@ -23,3 +23,4 @@
 /man-pages-5.06.tar.xz
 /man-pages-5.07.tar.xz
 /man-pages-5.08.tar.xz
+/man-pages-5.09.tar.xz

man-pages-5.04-kernel_lockdown.patch

@@ -1,113 +0,0 @@
-diff --git a/man7/kernel_lockdown.7 b/man7/kernel_lockdown.7
-new file mode 100644
-index 0000000..5ec4289
---- /dev/null
-+++ b/man7/kernel_lockdown.7
-@@ -0,0 +1,107 @@
-+.\"
-+.\" Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
-+.\" Written by David Howells (dhowells@redhat.com)
-+.\"
-+.\" %%%LICENSE_START(GPLv2+_SW_ONEPARA)
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version
-+.\" 2 of the License, or (at your option) any later version.
-+.\" %%%LICENSE_END
-+.\"
-+.TH "KERNEL LOCKDOWN" 7 2017-10-05 Linux "Linux Programmer's Manual"
-+.SH NAME
-+Kernel Lockdown \- Kernel image access prevention feature
-+.SH DESCRIPTION
-+The Kernel Lockdown feature is designed to prevent both direct and indirect
-+access to a running kernel image, attempting to protect against unauthorised
-+modification of the kernel image and to prevent access to security and
-+cryptographic data located in kernel memory, whilst still permitting driver
-+modules to be loaded.
-+.P
-+Lockdown is typically enabled during boot and may be terminated, if configured,
-+by typing a special key combination on a directly attached physical keyboard.
-+.P
-+If a prohibited or restricted feature is accessed or used, the kernel will emit
-+a message that looks like:
-+.P
-+.RS
-+ Lockdown: X: Y is restricted, see man kernel_lockdown.7
-+.RE
-+.P
-+where X indicates the process name and Y indicates what is restricted.
-+.P
-+On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled
-+if the system boots in EFI Secure Boot mode.
-+.P
-+If the kernel is appropriately configured, lockdown may be lifted by typing the
-+appropriate sequence on a directly attached physical keyboard.  For x86
-+machines, this is
-+.IR SysRq+x .
-+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-+.SH COVERAGE
-+When lockdown is in effect, a number of features are disabled or have their use
-+restricted.  This includes special device files and kernel services that allow
-+direct access of the kernel image:
-+.P
-+.RS
-+/dev/mem
-+.br
-+/dev/kmem
-+.br
-+/dev/kcore
-+.br
-+/dev/ioports
-+.br
-+BPF
-+.br
-+kprobes
-+.RE
-+.P
-+and the ability to directly configure and control devices, so as to prevent the
-+use of a device to access or modify a kernel image:
-+.P
-+.RS
-+The use of module parameters that directly specify hardware parameters to
-+drivers through the kernel command line or when loading a module.
-+.P
-+The use of direct PCI BAR access.
-+.P
-+The use of the ioperm and iopl instructions on x86.
-+.P
-+The use of the KD*IO console ioctls.
-+.P
-+The use of the TIOCSSERIAL serial ioctl.
-+.P
-+The alteration of MSR registers on x86.
-+.P
-+The replacement of the PCMCIA CIS.
-+.P
-+The overriding of ACPI tables.
-+.P
-+The use of ACPI error injection.
-+.P
-+The specification of the ACPI RDSP address.
-+.P
-+The use of ACPI custom methods.
-+.RE
-+.P
-+Certain facilities are restricted:
-+.P
-+.RS
-+Only validly signed modules may be loaded (waived if the module file being
-+loaded is vouched for by IMA appraisal).
-+.P
-+Only validly signed binaries may be kexec'd (waived if the binary image file to
-+be executed is vouched for by IMA appraisal).
-+.P
-+Unencrypted hibernation/suspend to swap are disallowed as the kernel image is
-+saved to a medium that can then be accessed.
-+.P
-+Use of debugfs is not permitted as this allows a whole range of actions
-+including direct configuration of, access to and driving of hardware.
-+.P
-+IMA requires the addition of the "secure_boot" rules to the policy, whether or
-+not they are specified on the command line, for both the builtin and custom
-+policies in secure boot lockdown mode.
-+.RE

man-pages.spec

@@ -6,7 +6,7 @@
 
 Summary: Linux kernel and C library user-space interface documentation
 Name: man-pages
-Version: 5.08
+Version: 5.09
 Release: 1%{?dist}
 License: GPL+ and GPLv2+ and BSD and MIT and Copyright only and IEEE
 URL: http://www.kernel.org/doc/man-pages/
@@ -41,8 +41,6 @@ Patch0: man-pages-posix-2013-a-pthread_once.patch
 # resolves: #650985
 # https://bugzilla.kernel.org/show_bug.cgi?id=53781
 Patch21: man-pages-3.42-close.patch
-# resolves: #1797591
-Patch22: man-pages-5.04-kernel_lockdown.patch
 
 %description
 A large collection of manual pages from the Linux Documentation Project (LDP).
@@ -52,7 +50,6 @@ A large collection of manual pages from the Linux Documentation Project (LDP).
 
 %patch0 -p1
 %patch21 -p1
-%patch22 -p1
 
 # rename posix README so we don't have conflict
 mv %{posix_name}/README %{posix_name}/%{posix_name}.README
@@ -118,6 +115,10 @@ fi
 %{_mandir}/man*/*
 
 %changelog
+* Mon Nov 02 2020 Nikola Forró <nforro@redhat.com> - 5.09-1
+- update to 5.09
+  resolves: #1893576
+
 * Mon Aug 17 2020 Nikola Forró <nforro@redhat.com> - 5.08-1
 - update to 5.08
   resolves: #1868674

sources

@@ -1,3 +1,3 @@
 SHA512 (man-pages-posix-2013-a.tar.xz) = e6ec8eb57269fadf368aeaac31b5a98b9c71723d4d5cc189f9c4642d6e865c88e44f77481dccbdb72e31526488eb531f624d455016361687a834ccfcac19fa14
 SHA512 (man-pages-additional-20140218.tar.xz) = c7874db32a9bdefaea6c6be6549e6e6538fa1d93260bf342dd0d9821fa05754aa79a723e701493c81b2e1f460918429eb9b5edb704b55878b1e5ed585a3ff07d
-SHA512 (man-pages-5.08.tar.xz) = fbd54c96c3ef1272f856a27d2258fefd3934d9f6ef60c243a824377769c4784b65aba54d680bb382371b0ce35fd4d065b17980cb535118e7986844f19afd7932
+SHA512 (man-pages-5.09.tar.xz) = fa5684c316326afd2056876c174e4f2c8baa18d76bfc2f63009903f09f93b4c204fb0773e0991b5247e50596b2da7e232c5087121a0c938a072af8c77848686f