diff options
author | Josh Boyer <jwboyer@redhat.com> | 2014-04-02 08:21:25 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@redhat.com> | 2014-04-02 08:21:25 -0400 |
commit | 9ed75fbd4f54d1ce199cdda951141662475c182a (patch) | |
tree | 31ee3b91f7a3d50535baedbf9517199f62f043ff | |
parent | 9969f4229cb12c59b85a05173822dbd70f5e931e (diff) | |
download | kernel-9ed75fbd4f54d1ce199cdda951141662475c182a.tar.gz kernel-9ed75fbd4f54d1ce199cdda951141662475c182a.tar.xz kernel-9ed75fbd4f54d1ce199cdda951141662475c182a.zip |
Linux v3.14-3893-gc12e69c6aaf7
-rw-r--r-- | Bluetooth-allocate-static-minor-for-vhci.patch | 22 | ||||
-rw-r--r-- | config-armv7 | 3 | ||||
-rw-r--r-- | config-armv7-generic | 38 | ||||
-rw-r--r-- | config-generic | 17 | ||||
-rw-r--r-- | config-x86-generic | 1 | ||||
-rw-r--r-- | kernel.spec | 5 | ||||
-rw-r--r-- | secure-modules.patch | 62 | ||||
-rw-r--r-- | sources | 2 |
8 files changed, 109 insertions, 41 deletions
diff --git a/Bluetooth-allocate-static-minor-for-vhci.patch b/Bluetooth-allocate-static-minor-for-vhci.patch index 8acfb308f..8e468e4fe 100644 --- a/Bluetooth-allocate-static-minor-for-vhci.patch +++ b/Bluetooth-allocate-static-minor-for-vhci.patch @@ -1,10 +1,10 @@ Bugzilla: 1051748 Upstream-status: Queued for 3.15 -From b075dd40c95d11c2c8690f6c4d6232fc0d9e7f56 Mon Sep 17 00:00:00 2001 +From ae77280ec0111a8728f52a27e480324935b97ae1 Mon Sep 17 00:00:00 2001 From: Lucas De Marchi <lucas.demarchi@intel.com> Date: Tue, 18 Feb 2014 05:19:26 +0000 -Subject: Bluetooth: allocate static minor for vhci +Subject: [PATCH] Bluetooth: allocate static minor for vhci Commit bfacbb9 (Bluetooth: Use devname:vhci module alias for virtual HCI driver) added the module alias to hci_vhci module so it's possible to @@ -25,8 +25,13 @@ Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> --- + Documentation/devices.txt | 1 + + drivers/bluetooth/hci_vhci.c | 3 ++- + include/linux/miscdevice.h | 1 + + 3 files changed, 4 insertions(+), 1 deletion(-) + diff --git a/Documentation/devices.txt b/Documentation/devices.txt -index 10378cc..04356f5 100644 +index 087d2122b204..d154147d0015 100644 --- a/Documentation/devices.txt +++ b/Documentation/devices.txt @@ -353,6 +353,7 @@ Your cooperation is appreciated. @@ -38,7 +43,7 @@ index 10378cc..04356f5 100644 140 = /dev/relay8 Berkshire Products Octal relay card 141 = /dev/relay16 Berkshire Products ISO-16 relay card diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c -index 1ef6990..add1c6a 100644 +index 1ef6990a5c7e..add1c6a72063 100644 --- a/drivers/bluetooth/hci_vhci.c +++ b/drivers/bluetooth/hci_vhci.c @@ -359,7 +359,7 @@ static const struct file_operations vhci_fops = { @@ -56,7 +61,7 @@ index 1ef6990..add1c6a 100644 MODULE_ALIAS("devname:vhci"); +MODULE_ALIAS_MISCDEV(VHCI_MINOR); diff --git a/include/linux/miscdevice.h b/include/linux/miscdevice.h -index 3737f72..7bb6148 100644 +index 2cf1547096d9..51e26f3cd3b3 100644 --- a/include/linux/miscdevice.h +++ b/include/linux/miscdevice.h @@ -23,6 +23,7 @@ @@ -65,7 +70,8 @@ index 3737f72..7bb6148 100644 #define EFI_RTC_MINOR 136 /* EFI Time services */ +#define VHCI_MINOR 137 #define SUN_OPENPROM_MINOR 139 - #define DMAPI_MINOR 140 /* DMAPI */ + #define DMAPI_MINOR 140 /* unused */ #define NVRAM_MINOR 144 --- -cgit v0.9.2 +-- +1.8.5.3 + diff --git a/config-armv7 b/config-armv7 index d609bc65d..09d5bc52c 100644 --- a/config-armv7 +++ b/config-armv7 @@ -51,6 +51,7 @@ CONFIG_MVEBU_MBUS=y CONFIG_PHY_MVEBU_SATA=y CONFIG_ARMADA_THERMAL=m CONFIG_DRM_ARMADA=m +# CONFIG_SND_KIRKWOOD_SOC is not set # omap CONFIG_ARCH_OMAP2PLUS_TYPICAL=y @@ -382,6 +383,7 @@ CONFIG_SND_SOC_IMX_SGTL5000=m CONFIG_SND_SOC_IMX_WM8962=m CONFIG_SND_SOC_IMX_MC13783=m CONFIG_SND_SOC_IMX_SPDIF=m +CONFIG_SND_SOC_EUKREA_TLV320=m CONFIG_USB_IMX21_HCD=m CONFIG_USB_MXS_PHY=m @@ -569,6 +571,7 @@ CONFIG_DRM_TEGRA_STAGING=y CONFIG_DRM_PANEL=y CONFIG_DRM_PANEL_SIMPLE=m +CONFIG_TEGRA_WATCHDOG=m CONFIG_CRYPTO_DEV_TEGRA_AES=m diff --git a/config-armv7-generic b/config-armv7-generic index 66a5f6bd5..b562e4265 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -312,6 +312,8 @@ CONFIG_SPI_XCOMM=m CONFIG_SPI_XILINX=m CONFIG_SPI_DESIGNWARE=m CONFIG_SPI_TLE62X0=m +CONFIG_SPI_SUN4I=m +CONFIG_SPI_SUN6I=m # CONFIG_SPI_FSL_SPI is not set CONFIG_NFC_NCI_SPI=y @@ -408,6 +410,42 @@ CONFIG_SND_DMAENGINE_PCM=m CONFIG_SND_JACK=y CONFIG_SND_SIMPLE_CARD=m CONFIG_SND_SOC_ALL_CODECS=m +# CONFIG_SND_SOC_ADAU1701 is not set +# CONFIG_SND_SOC_AK4104 is not set +# CONFIG_SND_SOC_AK4554 is not set +# CONFIG_SND_SOC_AK4642 is not set +# CONFIG_SND_SOC_AK5386 is not set +# CONFIG_SND_SOC_CS42L52 is not set +# CONFIG_SND_SOC_CS42L73 is not set +# CONFIG_SND_SOC_CS4270 is not set +# CONFIG_SND_SOC_CS4271 is not set +# CONFIG_SND_SOC_CS42XX8_I2C is not set +# CONFIG_SND_SOC_HDMI_CODEC is not set +# CONFIG_SND_SOC_PCM1681 is not set +# CONFIG_SND_SOC_PCM1792A is not set +# CONFIG_SND_SOC_PCM512x_I2C is not set +# CONFIG_SND_SOC_PCM512x_SPI is not set +# CONFIG_SND_SOC_SGTL5000 is not set +# CONFIG_SND_SOC_SIRF_AUDIO_CODEC is not set +# CONFIG_SND_SOC_SPDIF is not set +# CONFIG_SND_SOC_TAS5086 is not set +# CONFIG_SND_SOC_TLV320AIC3X is not set +# CONFIG_SND_SOC_WM8510 is not set +# CONFIG_SND_SOC_WM8523 is not set +# CONFIG_SND_SOC_WM8580 is not set +# CONFIG_SND_SOC_WM8711 is not set +# CONFIG_SND_SOC_WM8728 is not set +# CONFIG_SND_SOC_WM8731 is not set +# CONFIG_SND_SOC_WM8737 is not set +# CONFIG_SND_SOC_WM8741 is not set +# CONFIG_SND_SOC_WM8750 is not set +# CONFIG_SND_SOC_WM8753 is not set +# CONFIG_SND_SOC_WM8770 is not set +# CONFIG_SND_SOC_WM8776 is not set +# CONFIG_SND_SOC_WM8804 is not set +# CONFIG_SND_SOC_WM8903 is not set +# CONFIG_SND_SOC_WM8962 is not set +# CONFIG_SND_SOC_TPA6130A2 is not set CONFIG_SND_SOC_CACHE_LZO=y CONFIG_SND_SOC_DMIC=m CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y diff --git a/config-generic b/config-generic index 11661840c..9d3b29795 100644 --- a/config-generic +++ b/config-generic @@ -216,6 +216,8 @@ CONFIG_EXTRA_FIRMWARE="" # CONFIG_SPI is not set +# CONFIG_SPMI is not set + # # Memory Technology Devices (MTD) # @@ -602,6 +604,7 @@ CONFIG_PATA_VIA=m CONFIG_PATA_WINBOND=m CONFIG_PATA_ATP867X=m +# CONFIG_MCB is not set # # Multi-device support (RAID and LVM) @@ -2404,6 +2407,7 @@ CONFIG_SENSORS_ABITUGURU=m CONFIG_SENSORS_ABITUGURU3=m CONFIG_SENSORS_AD7414=m CONFIG_SENSORS_AD7418=m +CONFIG_SENSORS_ADC128D818=m CONFIG_SENSORS_ADM1021=m CONFIG_SENSORS_ADM1025=m CONFIG_SENSORS_ADM1026=m @@ -2457,6 +2461,9 @@ CONFIG_SENSORS_LM92=m CONFIG_SENSORS_LM93=m CONFIG_SENSORS_LM95234=m CONFIG_SENSORS_LTC4245=m +CONFIG_SENSORS_LTC2945=m +CONFIG_SENSORS_LTC4222=m +CONFIG_SENSORS_LTC4260=m CONFIG_SENSORS_MAX1619=m CONFIG_SENSORS_MAX6650=m CONFIG_SENSORS_MAX6697=m @@ -2567,12 +2574,15 @@ CONFIG_HID_SENSOR_ENUM_BASE_QUIRKS=y # CONFIG_GP2AP020A00F is not set # CONFIG_TSL2583 is not set # CONFIG_TSL2x7x is not set +# CONFIG_LTR501 is not set # CONFIG_TCS3472 is not set # CONFIG_TSL4531 is not set # CONFIG_NAU7802 is not set # CONFIG_TI_ADC081C is not set # CONFIG_EXYNOS_ADC is not set # CONFIG_VIPERBOARD_ADC is not set +# CONFIG_VF610_ADC is not set +# CONFIG_XILINX_XADC is not set # CONFIG_INV_MPU6050_IIO is not set CONFIG_IIO_ST_GYRO_3AXIS=m CONFIG_IIO_ST_MAGN_3AXIS=m @@ -2584,6 +2594,7 @@ CONFIG_HID_SENSOR_INCLINOMETER_3D=m # CONFIG_AK8975 is not set # CONFIG_MAG3110 is not set # CONFIG_TMP006 is not set +# CONFIG_HID_SENSOR_PRESS is not set # CONFIG_IIO_ST_PRESS is not set # CONFIG_KXSD9 is not set # CONFIG_AD7266 is not set @@ -2617,6 +2628,7 @@ CONFIG_HID_SENSOR_INCLINOMETER_3D=m # CONFIG_ADIS16480 is not set # CONFIG_DHT11 is not set # CONFIG_MPL3115 is not set +# CONFIG_SI7005 is not set # staging IIO drivers # CONFIG_AD7291 is not set @@ -2749,6 +2761,7 @@ CONFIG_WM831X_WATCHDOG=m CONFIG_W83697UG_WDT=m # CONFIG_MEN_A21_WDT is not set # CONFIG_GPIO_WATCHDOG is not set +# CONFIG_XILINX_WATCHDOG is not set CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM_TIMERIOMEM=m @@ -3569,6 +3582,7 @@ CONFIG_HID_SENSOR_HUB=m CONFIG_HID_SENSOR_GYRO_3D=m CONFIG_HID_SENSOR_MAGNETOMETER_3D=m CONFIG_HID_SENSOR_ALS=m +# CONFIG_HID_SENSOR_PROX is not set CONFIG_HID_SENSOR_ACCEL_3D=m CONFIG_HID_EMS_FF=m CONFIG_HID_ELECOM=m @@ -4966,6 +4980,9 @@ CONFIG_ALTERA_STAPL=m # CONFIG_DGAP is not set # CONFIG_DGNC is not set # CONFIG_RTS5208 is not set +# CONFIG_GS_FPGABOOT is not set +# CONFIG_BT_NOKIA_H4P is not set +# CONFIG_UNISYSSPAR is not set # END OF STAGING # diff --git a/config-x86-generic b/config-x86-generic index 0e2916bb8..963584cc3 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -440,6 +440,7 @@ CONFIG_RCU_FANOUT_LEAF=16 CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m +CONFIG_INTEL_MEI_TXE=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_PN544_MEI=m diff --git a/kernel.spec b/kernel.spec index 5d7e0dc11..d19a1e14d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -61,7 +61,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 2 +%define gitrev 3 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -2080,6 +2080,9 @@ fi # ||----w | # || || %changelog +* Wed Apr 02 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git3.1 +- Linux v3.14-3893-gc12e69c6aaf7 + * Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git2.1 - CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280) diff --git a/secure-modules.patch b/secure-modules.patch index 9c44ea47a..0c93fa51b 100644 --- a/secure-modules.patch +++ b/secure-modules.patch @@ -1,7 +1,7 @@ Bugzilla: N/A Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd -From 8c5bcdba1c1ff54913679e435e90f6084b15e8bf Mon Sep 17 00:00:00 2001 +From b0466e5c5483957f8ca30b8f1bcf60bbad9d40aa Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Aug 2013 17:58:15 -0400 Subject: [PATCH 01/14] Add secure_modules() call @@ -63,7 +63,7 @@ index 8dc7f5e80dd8..62f9b72bf85e 100644 1.8.5.3 -From 07a3bcd38cc1056dd6c58ba58316296c4df38fb0 Mon Sep 17 00:00:00 2001 +From 3df1daaa8cd3c8450fd8fda62ff4836eddbf0f09 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Thu, 8 Mar 2012 10:10:38 -0500 Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is @@ -83,7 +83,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 276ef9c18802..acd1d61247c8 100644 +index 4e0acefb7565..01b56d13d021 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -29,6 +29,7 @@ @@ -94,7 +94,7 @@ index 276ef9c18802..acd1d61247c8 100644 #include "pci.h" static int sysfs_initialized; /* = 0 */ -@@ -663,6 +664,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, +@@ -652,6 +653,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8*) buf; @@ -104,7 +104,7 @@ index 276ef9c18802..acd1d61247c8 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -969,6 +973,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -958,6 +962,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -114,7 +114,7 @@ index 276ef9c18802..acd1d61247c8 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1076,6 +1083,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1065,6 +1072,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { @@ -182,7 +182,7 @@ index 24750a1b39b6..fa57896b97dd 100644 1.8.5.3 -From ec91151858b2610fab98eaee045718f83b95b182 Mon Sep 17 00:00:00 2001 +From c14a3599cdf71ccd6ea47e8b404412b8e7a5c1b3 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Thu, 8 Mar 2012 10:35:59 -0500 Subject: [PATCH 03/14] x86: Lock down IO port access when module security is @@ -230,7 +230,7 @@ index 4ddaf66ea35f..00b440307419 100644 } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 92c5937f80c3..9d67b702bee5 100644 +index 917403fe10da..cdf839f9defe 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,6 +27,7 @@ @@ -241,7 +241,7 @@ index 92c5937f80c3..9d67b702bee5 100644 #include <asm/uaccess.h> -@@ -562,6 +563,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, +@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, unsigned long i = *ppos; const char __user *tmp = buf; @@ -255,7 +255,7 @@ index 92c5937f80c3..9d67b702bee5 100644 1.8.5.3 -From 6a1ba9b8e21747505e3242edec5eb32b34151197 Mon Sep 17 00:00:00 2001 +From ccbc02eee179074b13acc2d7dfd17835726a579a Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Mar 2012 08:39:37 -0500 Subject: [PATCH 04/14] ACPI: Limit access to custom_method @@ -287,7 +287,7 @@ index c68e72414a67..4277938af700 100644 1.8.5.3 -From 3b4277dc7a3dfefe3e27405e497eed0f90359141 Mon Sep 17 00:00:00 2001 +From b40f05f5ec470bc59f41ca7ce66ea09614db60ea Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Mar 2012 08:46:50 -0500 Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module @@ -342,7 +342,7 @@ index c5e082fb82fa..03c57fc8de8a 100644 1.8.5.3 -From a04a8ae989b90585a242eb19a8567e70419be27b Mon Sep 17 00:00:00 2001 +From bfa6f400f5e0f98772f3c77b60d8ac3d39b080a8 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Mar 2012 09:28:15 -0500 Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is @@ -358,12 +358,12 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 1 file changed, 6 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 9d67b702bee5..9116f10eec5e 100644 +index cdf839f9defe..c63cf93b00eb 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c -@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, - unsigned long copied; - void *ptr; +@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + if (p != *ppos) + return -EFBIG; + if (secure_modules()) + return -EPERM; @@ -371,7 +371,7 @@ index 9d67b702bee5..9116f10eec5e 100644 if (!valid_phys_addr_range(p, count)) return -EFAULT; -@@ -496,6 +499,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, +@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ int err = 0; @@ -385,7 +385,7 @@ index 9d67b702bee5..9116f10eec5e 100644 1.8.5.3 -From 9aac939b874fc53c4021baf88914292448dcb0f6 Mon Sep 17 00:00:00 2001 +From e399403d8b74cbbb23ead4e43b70b4d82ee00402 Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@redhat.com> Date: Mon, 25 Jun 2012 19:57:30 -0400 Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module @@ -401,7 +401,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index fc1aa7909690..ee9f123db960 100644 +index 27f84af4e337..bd3ac0947890 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -44,6 +44,7 @@ @@ -425,7 +425,7 @@ index fc1aa7909690..ee9f123db960 100644 1.8.5.3 -From 7105897db69bf40f7a860d962d6364f44b184a99 Mon Sep 17 00:00:00 2001 +From 686268dea5fa802409d99f964005bc57d62f6b04 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Aug 2013 03:33:56 -0400 Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module @@ -470,7 +470,7 @@ index 45601cf41bee..d5819bb45bec 100644 1.8.5.3 -From 396802aea251e2b6d73b8af6107bf5b15319c5d9 Mon Sep 17 00:00:00 2001 +From 4a1068eb94b99cab1d31a8a87eea9aafb39bcea0 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 3 Sep 2013 11:23:29 -0400 Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted @@ -510,7 +510,7 @@ index 98d357584cd6..efe99dee9510 100644 1.8.5.3 -From a35665548d4a0a2e56692f6d8e1a85097f8a1d78 Mon Sep 17 00:00:00 2001 +From 569d0384d6846dae76910d5104666f11597a6a78 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 8 Feb 2013 11:12:13 -0800 Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is @@ -555,7 +555,7 @@ index 05266b5aae22..e2bd647f676e 100644 1.8.5.3 -From e6666519c5267410c85d8271c69a421eb735f58e Mon Sep 17 00:00:00 2001 +From bca29272512c8646bf2feaf304a0eceb05c0d0c0 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Aug 2013 18:36:30 -0400 Subject: [PATCH 11/14] Add option to automatically enforce module signatures @@ -591,10 +591,10 @@ index 199f453cb4de..ec38acf00b40 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 8453fe1342ea..ba517988f087 100644 +index 26237934ac87..e27b78bcca34 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1599,6 +1599,16 @@ config EFI_MIXED +@@ -1597,6 +1597,16 @@ config EFI_MIXED If unsure, say N. @@ -742,7 +742,7 @@ index 62f9b72bf85e..dcfb07ae5e4e 100644 1.8.5.3 -From 00f0cb47385ccf3b3dab4d94a1a286c9d2327cf3 Mon Sep 17 00:00:00 2001 +From 67ff850d16232e30c39109d29510d2a4aef34de9 Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@redhat.com> Date: Tue, 5 Feb 2013 19:25:05 -0500 Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode @@ -801,7 +801,7 @@ index b00745ff398a..bf42cc5f083d 100644 1.8.5.3 -From e058a830573fcf283ae17b412d10313140f489a4 Mon Sep 17 00:00:00 2001 +From 53645ba848224ee81978b17c5e5328dca798466f Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@fedoraproject.org> Date: Tue, 27 Aug 2013 13:28:43 -0400 Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI @@ -815,10 +815,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index ba517988f087..34144e88208e 100644 +index e27b78bcca34..dfd068b32cdc 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1600,7 +1600,8 @@ config EFI_MIXED +@@ -1598,7 +1598,8 @@ config EFI_MIXED If unsure, say N. config EFI_SECURE_BOOT_SIG_ENFORCE @@ -832,7 +832,7 @@ index ba517988f087..34144e88208e 100644 1.8.5.3 -From a523b1823cbde3933269ccf10c147f7f1961a7cc Mon Sep 17 00:00:00 2001 +From e5b7eaf1b5d04ec739464b6e2df21c666d060c69 Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@fedoraproject.org> Date: Tue, 27 Aug 2013 13:33:03 -0400 Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit @@ -847,7 +847,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index aa227f68687c..9991a533f3e1 100644 +index aa227f68687c..c7cf7919b3c4 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1145,7 +1145,9 @@ void __init setup_arch(char **cmdline_p) @@ -1,3 +1,3 @@ b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz -d3007f1995961ff098f7a60c1897d2a7 patch-3.14-git2.xz +a4353e0273eb8fac9105813a8789fb77 patch-3.14-git3.xz |