diff options
-rw-r--r-- | MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch | 22 | ||||
-rw-r--r-- | config-generic | 2 | ||||
-rw-r--r-- | kernel.spec | 5 | ||||
-rw-r--r-- | kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch | 22 | ||||
-rw-r--r-- | sources | 2 |
5 files changed, 29 insertions, 24 deletions
diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch index 35ea8c43e..8a484b6d8 100644 --- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch +++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch @@ -1,4 +1,4 @@ -From b890a85619bee4262876ad131eb0565014ae82b0 Mon Sep 17 00:00:00 2001 +From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@fedoraproject.org> Date: Fri, 26 Oct 2012 12:42:16 -0400 Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot @@ -26,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> create mode 100644 kernel/modsign_uefi.c diff --git a/include/linux/efi.h b/include/linux/efi.h -index 414c3c3d988d..d920a6be6c8b 100644 +index 85ef051ac6fb..a042b2ece788 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void); - #define EFI_CERT_X509_GUID \ - EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) +@@ -600,6 +600,12 @@ typedef struct { + u64 table; + } efi_config_table_64_t; +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f ) @@ -41,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644 + typedef struct { efi_guid_t guid; - u64 table; + u32 table; diff --git a/init/Kconfig b/init/Kconfig -index 782d26f02885..bcc71c2f4b80 100644 +index 02da9f1fd9df..90c73a0564b1 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1933,6 +1933,15 @@ config MODULE_SIG_ALL +@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL @@ -63,7 +63,7 @@ index 782d26f02885..bcc71c2f4b80 100644 prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG diff --git a/kernel/Makefile b/kernel/Makefile -index e0d7587e7684..566ac6bb720c 100644 +index d4988410b410..55e886239e7e 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -47,6 +47,7 @@ endif @@ -73,8 +73,8 @@ index e0d7587e7684..566ac6bb720c 100644 +obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o - obj-$(CONFIG_KEXEC) += kexec.o -@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o + obj-$(CONFIG_KEXEC_CORE) += kexec_core.o +@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o obj-$(CONFIG_HAS_IOMEM) += memremap.o diff --git a/config-generic b/config-generic index b52f85847..6c50a5063 100644 --- a/config-generic +++ b/config-generic @@ -5543,6 +5543,8 @@ CONFIG_ZSMALLOC=y # CONFIG_ZSMALLOC_STAT is not set # CONFIG_PGTABLE_MAPPING is not set +# CONFIG_IDLE_PAGE_TRACKING is not set + # CONFIG_MDIO_GPIO is not set # CONFIG_KEYBOARD_GPIO is not set # CONFIG_KEYBOARD_GPIO_POLLED is not set diff --git a/kernel.spec b/kernel.spec index a89a81774..ec1d12b96 100644 --- a/kernel.spec +++ b/kernel.spec @@ -67,7 +67,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 12 +%define gitrev 13 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -2044,6 +2044,9 @@ fi # # %changelog +* Fri Sep 11 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.0-0.rc0.git13.1 +- Linux v4.2-11142-gb0a1ea51bda4 + * Fri Sep 11 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.0-0.rc0.git12.1 - Linux v4.2-10963-g519f526d391b diff --git a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch index 2d06dad3c..a5832ea70 100644 --- a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch +++ b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch @@ -1,7 +1,7 @@ -From 1fc498d024c07e39105c060603e40cb7bc6bd5b8 Mon Sep 17 00:00:00 2001 +From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Fri, 9 Aug 2013 03:33:56 -0400 -Subject: [PATCH 08/20] kexec: Disable at runtime if the kernel enforces module +Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module loading restrictions kexec permits the loading and execution of arbitrary code in ring 0, which @@ -14,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 1 file changed, 8 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c -index a785c1015e25..81d6b404f33c 100644 +index 4c5edc357923..db431971dbd4 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -36,6 +36,7 @@ - #include <linux/syscore_ops.h> - #include <linux/compiler.h> - #include <linux/hugetlb.h> +@@ -10,6 +10,7 @@ + #include <linux/mm.h> + #include <linux/file.h> + #include <linux/kexec.h> +#include <linux/module.h> - - #include <asm/page.h> - #include <asm/uaccess.h> -@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, + #include <linux/mutex.h> + #include <linux/list.h> + #include <linux/syscalls.h> +@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, return -EPERM; /* @@ -1,3 +1,3 @@ 3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz 4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz -7a96be9e875ddaa706c969d7d7c5e4db patch-4.2-git12.xz +1682b6f2a10f97fee392d0ab40b17632 patch-4.2-git13.xz |