diff options
| author | Justin M. Forbes <jforbes@redhat.com> | 2012-10-05 10:47:26 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@redhat.com> | 2012-10-05 10:47:26 -0500 |
| commit | 1ae0b0fe93f0c4e6166fc45a7d43a2d0bffd51fc (patch) | |
| tree | 0256a07e5e7b98481a8a482eb4d387a747792dd2 | |
| parent | fc85362a27e6f8ea343d1e201a01c311781d2a09 (diff) | |
| parent | 8c0399628afc54985b89fd8c856f442a110230b8 (diff) | |
| download | kernel-1ae0b0fe93f0c4e6166fc45a7d43a2d0bffd51fc.tar.gz kernel-1ae0b0fe93f0c4e6166fc45a7d43a2d0bffd51fc.tar.xz kernel-1ae0b0fe93f0c4e6166fc45a7d43a2d0bffd51fc.zip | |
merge fixup
| -rw-r--r-- | config-arm-generic | 7 | ||||
| -rw-r--r-- | config-arm-kirkwood | 4 | ||||
| -rw-r--r-- | config-arm-omap | 9 | ||||
| -rw-r--r-- | config-arm-tegra | 8 | ||||
| -rw-r--r-- | kernel.spec | 19 | ||||
| -rw-r--r-- | modsign-post-KS-jwb.patch | 174 |
6 files changed, 218 insertions, 3 deletions
diff --git a/config-arm-generic b/config-arm-generic index 5f4fbf42..e2e6a771 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -19,6 +19,8 @@ CONFIG_SMP_ON_UP=y CONFIG_ARM_ARCH_TIMER=y +CONFIG_CMDLINE="" + # CONFIG_FPE_NWFPE is not set CONFIG_FPE_FASTFPE=y @@ -32,12 +34,15 @@ CONFIG_ZBOOT_ROM_BSS=0 CONFIG_ATAGS_PROC=y +#CONFIG_XIP_KERNEL is not set + # DeviceTree CONFIG_USE_OF=y # CONFIG_OF_SELFTEST is not set CONFIG_PROC_DEVICETREE=y CONFIG_ARM_APPENDED_DTB=y CONFIG_I2C_MUX_PINCTRL=m +CONFIG_ARM_ATAG_DTB_COMPAT=y # Generic options we want for ARM that aren't defualt CONFIG_HIGHMEM=y @@ -116,6 +121,8 @@ CONFIG_GENERIC_GPIO=y CONFIG_MTD=m CONFIG_MTD_TESTS=m CONFIG_MTD_CMDLINE_PARTS=y +CONFIG_MTD_OF_PARTS=y +CONFIG_MTD_PHYSMAP_OF=y # CONFIG_MTD_AFS_PARTS is not set CONFIG_MTD_CHAR=m CONFIG_MTD_BLKDEVS=m diff --git a/config-arm-kirkwood b/config-arm-kirkwood index 4d6dbf8c..7b5d758e 100644 --- a/config-arm-kirkwood +++ b/config-arm-kirkwood @@ -2,15 +2,19 @@ CONFIG_ARCH_KIRKWOOD=y CONFIG_ARCH_KIRKWOOD_DT=y # CONFIG_SMP is not set # CONFIG_VFP is not set + CONFIG_MACH_DB88F6281_BP=y CONFIG_MACH_RD88F6192_NAS=y CONFIG_MACH_RD88F6281=y CONFIG_MACH_MV88F6281GTW_GE=y CONFIG_MACH_SHEEVAPLUG=y CONFIG_MACH_ESATA_SHEEVAPLUG=y +CONFIG_MACH_DLINK_KIRKWOOD_DT=y CONFIG_MACH_GURUPLUG=y CONFIG_MACH_DREAMPLUG_DT=y CONFIG_MACH_DOCKSTAR=y +CONFIG_MACH_ICONNECT_DT=y +CONFIG_MACH_IB62X0_DT=y CONFIG_MACH_TS219=y CONFIG_MACH_TS41X=y CONFIG_MACH_OPENRD_BASE=y diff --git a/config-arm-omap b/config-arm-omap index b698e484..ae328f19 100644 --- a/config-arm-omap +++ b/config-arm-omap @@ -247,6 +247,15 @@ CONFIG_USB_MUSB_HDRC=y # CONFIG_USB_GADGET_OMAP is not set # CONFIG_ISP1301_OMAP is not set + +# This block is temporary until we work out why the MMC modules don't work as modules +CONFIG_MMC=y +CONFIG_MMC_BLOCK=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_PLTFM=y +CONFIG_MMC_SDHCI_OF=y +CONFIG_MMC_SPI=y + CONFIG_MMC_OMAP=y CONFIG_MMC_OMAP_HS=y CONFIG_TWL4030_USB=y diff --git a/config-arm-tegra b/config-arm-tegra index 5ec5a676..015af431 100644 --- a/config-arm-tegra +++ b/config-arm-tegra @@ -27,6 +27,14 @@ CONFIG_TEGRA_IOMMU_SMMU=y CONFIG_I2C_TEGRA=y +# This block is temporary until we work out why the MMC modules don't work as modules +CONFIG_MMC=y +CONFIG_MMC_BLOCK=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_PLTFM=y +CONFIG_MMC_SDHCI_OF=y +CONFIG_MMC_SPI=y + CONFIG_MMC_SDHCI_TEGRA=y # CONFIG_RCU_BOOST is not set diff --git a/kernel.spec b/kernel.spec index 0001efb8..2b4671c0 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 3 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -690,7 +690,7 @@ Patch1100: handle-efi-roms.patch # DRM #atch1700: drm-edid-try-harder-to-fix-up-broken-headers.patch -Patch1800: drm-vgem.patch +#Patch1800: drm-vgem.patch # nouveau + drm fixes # intel drm is all merged upstream @@ -887,6 +887,7 @@ Requires: kernel-tools = %{version}-%{release} Provides: cpupowerutils-devel = 1:009-0.6.p1 Obsoletes: cpupowerutils-devel < 1:009-0.6.p1 Requires: kernel-tools-libs = %{version}-%{release} +Provides: kernel-tools-devel %description -n kernel-tools-libs-devel This package contains the development files for the tools/ directory from the kernel source. @@ -1409,7 +1410,7 @@ ApplyPatch secure-boot-20120924.patch # DRM core #ApplyPatch drm-edid-try-harder-to-fix-up-broken-headers.patch -ApplyPatch drm-vgem.patch +#ApplyPatch drm-vgem.patch # Nouveau DRM @@ -2316,6 +2317,18 @@ fi - v3.6-6670-gecefbd9 - Reenable debugging options. +* Fri Oct 5 2012 Peter Robinson <pbrobinson@fedoraproject.org> +- Build MMC in on OMAP and Tegra until we work out why modules don't work + +* Wed Oct 03 2012 Adam Jackson <ajax@redhat.com> +- Drop vgem patches, not doing anything yet. + +* Wed Oct 03 2012 Josh Boyer <jwboyer@redhat.com> +- Make sure kernel-tools-libs-devel provides kernel-tools-devel + +* Tue Oct 02 2012 Josh Boyer <jwboyer@redhat.com> +- Patch from David Howells to fix overflow on 32-bit X.509 certs (rhbz 861322) + * Tue Oct 2 2012 Peter Robinson <pbrobinson@fedoraproject.org> - Update ARM configs for 3.6 final - Add highbank SATA driver for stability diff --git a/modsign-post-KS-jwb.patch b/modsign-post-KS-jwb.patch index ed5a41f0..f528a2b6 100644 --- a/modsign-post-KS-jwb.patch +++ b/modsign-post-KS-jwb.patch @@ -9152,3 +9152,177 @@ index 83eb505..2beea56 100644 -- 1.7.11.4 +The current choice of lifetime for the autogenerated X.509 of 100 years, +putting the validTo date in 2112, causes problems on 32-bit systems where a +32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected. + +This can result in something like: + + Loading module verification certificates + X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired + MODSIGN: Problem loading in-kernel X.509 certificate (-127) + +Or: + + X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid + MODSIGN: Problem loading in-kernel X.509 certificate (-129) + +Instead of turning the dates into time_t values and comparing, turn the system +clock and the ASN.1 dates into tm structs and compare those piecemeal instead. + +Reported-by: Rusty Russell <rusty@rustcorp.com.au> +Signed-off-by: David Howells <dhowells@redhat.com> +--- + + crypto/asymmetric_keys/x509_cert_parser.c | 25 ++++++++--------- + crypto/asymmetric_keys/x509_parser.h | 4 +-- + crypto/asymmetric_keys/x509_public_key.c | 42 ++++++++++++++++++++++++++--- + 3 files changed, 51 insertions(+), 20 deletions(-) + + +diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c +index 8fcac94..db07e8c 100644 +--- a/crypto/asymmetric_keys/x509_cert_parser.c ++++ b/crypto/asymmetric_keys/x509_cert_parser.c +@@ -434,11 +434,10 @@ int x509_process_extension(void *context, size_t hdrlen, + /* + * Record a certificate time. + */ +-static int x509_note_time(time_t *_time, size_t hdrlen, ++static int x509_note_time(struct tm *tm, size_t hdrlen, + unsigned char tag, + const unsigned char *value, size_t vlen) + { +- unsigned YY, MM, DD, hh, mm, ss; + const unsigned char *p = value; + + #define dec2bin(X) ((X) - '0') +@@ -448,30 +447,30 @@ static int x509_note_time(time_t *_time, size_t hdrlen, + /* UTCTime: YYMMDDHHMMSSZ */ + if (vlen != 13) + goto unsupported_time; +- YY = DD2bin(p); +- if (YY > 50) +- YY += 1900; ++ tm->tm_year = DD2bin(p); ++ if (tm->tm_year >= 50) ++ tm->tm_year += 1900; + else +- YY += 2000; ++ tm->tm_year += 2000; + } else if (tag == ASN1_GENTIM) { + /* GenTime: YYYYMMDDHHMMSSZ */ + if (vlen != 15) + goto unsupported_time; +- YY = DD2bin(p) * 100 + DD2bin(p); ++ tm->tm_year = DD2bin(p) * 100 + DD2bin(p); + } else { + goto unsupported_time; + } + +- MM = DD2bin(p); +- DD = DD2bin(p); +- hh = DD2bin(p); +- mm = DD2bin(p); +- ss = DD2bin(p); ++ tm->tm_year -= 1900; ++ tm->tm_mon = DD2bin(p) - 1; ++ tm->tm_mday = DD2bin(p); ++ tm->tm_hour = DD2bin(p); ++ tm->tm_min = DD2bin(p); ++ tm->tm_sec = DD2bin(p); + + if (*p != 'Z') + goto unsupported_time; + +- *_time = mktime(YY, MM, DD, hh, mm, ss); + return 0; + + unsupported_time: +diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h +index 635053f..f86dc5f 100644 +--- a/crypto/asymmetric_keys/x509_parser.h ++++ b/crypto/asymmetric_keys/x509_parser.h +@@ -18,8 +18,8 @@ struct x509_certificate { + char *subject; /* Name of certificate subject */ + char *fingerprint; /* Key fingerprint as hex */ + char *authority; /* Authority key fingerprint as hex */ +- time_t valid_from; +- time_t valid_to; ++ struct tm valid_from; ++ struct tm valid_to; + enum pkey_algo pkey_algo : 8; /* Public key algorithm */ + enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */ + enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */ +diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c +index 716917c..5ab736d 100644 +--- a/crypto/asymmetric_keys/x509_public_key.c ++++ b/crypto/asymmetric_keys/x509_public_key.c +@@ -106,7 +106,7 @@ error_no_sig: + static int x509_key_preparse(struct key_preparsed_payload *prep) + { + struct x509_certificate *cert; +- time_t now; ++ struct tm now; + size_t srlen, sulen; + char *desc = NULL; + int ret; +@@ -118,7 +118,14 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) + pr_devel("Cert Issuer: %s\n", cert->issuer); + pr_devel("Cert Subject: %s\n", cert->subject); + pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]); +- pr_devel("Cert Valid: %lu - %lu\n", cert->valid_from, cert->valid_to); ++ printk("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n", ++ cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1, ++ cert->valid_from.tm_mday, cert->valid_from.tm_hour, ++ cert->valid_from.tm_min, cert->valid_from.tm_sec); ++ printk("Cert Valid To: %04ld-%02d-%02d %02d:%02d:%02d\n", ++ cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1, ++ cert->valid_to.tm_mday, cert->valid_to.tm_hour, ++ cert->valid_to.tm_min, cert->valid_to.tm_sec); + pr_devel("Cert Signature: %s + %s\n", + pkey_algo[cert->sig_pkey_algo], + pkey_hash_algo[cert->sig_hash_algo]); +@@ -130,13 +137,38 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) + goto error_free_cert; + } + +- now = CURRENT_TIME.tv_sec; +- if (now < cert->valid_from) { ++ time_to_tm(CURRENT_TIME.tv_sec, 0, &now); ++ printk("Now: %04ld-%02d-%02d %02d:%02d:%02d\n", ++ now.tm_year + 1900, now.tm_mon + 1, now.tm_mday, ++ now.tm_hour, now.tm_min, now.tm_sec); ++ if (now.tm_year < cert->valid_from.tm_year || ++ (now.tm_year == cert->valid_from.tm_year && ++ (now.tm_mon < cert->valid_from.tm_mon || ++ (now.tm_mon == cert->valid_from.tm_mon && ++ (now.tm_mday < cert->valid_from.tm_mday || ++ (now.tm_mday == cert->valid_from.tm_mday && ++ (now.tm_hour < cert->valid_from.tm_hour || ++ (now.tm_hour == cert->valid_from.tm_hour && ++ (now.tm_min < cert->valid_from.tm_min || ++ (now.tm_min == cert->valid_from.tm_min && ++ (now.tm_sec < cert->valid_from.tm_sec ++ ))))))))))) { + pr_warn("Cert %s is not yet valid\n", cert->fingerprint); + ret = -EKEYREJECTED; + goto error_free_cert; + } +- if (now >= cert->valid_to) { ++ if (now.tm_year > cert->valid_to.tm_year || ++ (now.tm_year == cert->valid_to.tm_year && ++ (now.tm_mon > cert->valid_to.tm_mon || ++ (now.tm_mon == cert->valid_to.tm_mon && ++ (now.tm_mday > cert->valid_to.tm_mday || ++ (now.tm_mday == cert->valid_to.tm_mday && ++ (now.tm_hour > cert->valid_to.tm_hour || ++ (now.tm_hour == cert->valid_to.tm_hour && ++ (now.tm_min > cert->valid_to.tm_min || ++ (now.tm_min == cert->valid_to.tm_min && ++ (now.tm_sec > cert->valid_to.tm_sec ++ ))))))))))) { + pr_warn("Cert %s has expired\n", cert->fingerprint); + ret = -EKEYEXPIRED; + goto error_free_cert; + |