summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch22
-rw-r--r--config-generic2
-rw-r--r--kernel.spec5
-rw-r--r--kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch22
-rw-r--r--sources2
5 files changed, 29 insertions, 24 deletions
diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
index 35ea8c43e..8a484b6d8 100644
--- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
+++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
@@ -1,4 +1,4 @@
-From b890a85619bee4262876ad131eb0565014ae82b0 Mon Sep 17 00:00:00 2001
+From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
@@ -26,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 414c3c3d988d..d920a6be6c8b 100644
+index 85ef051ac6fb..a042b2ece788 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
- #define EFI_CERT_X509_GUID \
- EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+@@ -600,6 +600,12 @@ typedef struct {
+ u64 table;
+ } efi_config_table_64_t;
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
@@ -41,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
+
typedef struct {
efi_guid_t guid;
- u64 table;
+ u32 table;
diff --git a/init/Kconfig b/init/Kconfig
-index 782d26f02885..bcc71c2f4b80 100644
+index 02da9f1fd9df..90c73a0564b1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1933,6 +1933,15 @@ config MODULE_SIG_ALL
+@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@@ -63,7 +63,7 @@ index 782d26f02885..bcc71c2f4b80 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
-index e0d7587e7684..566ac6bb720c 100644
+index d4988410b410..55e886239e7e 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -47,6 +47,7 @@ endif
@@ -73,8 +73,8 @@ index e0d7587e7684..566ac6bb720c 100644
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
- obj-$(CONFIG_KEXEC) += kexec.o
-@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
+ obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
+@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
obj-$(CONFIG_HAS_IOMEM) += memremap.o
diff --git a/config-generic b/config-generic
index b52f85847..6c50a5063 100644
--- a/config-generic
+++ b/config-generic
@@ -5543,6 +5543,8 @@ CONFIG_ZSMALLOC=y
# CONFIG_ZSMALLOC_STAT is not set
# CONFIG_PGTABLE_MAPPING is not set
+# CONFIG_IDLE_PAGE_TRACKING is not set
+
# CONFIG_MDIO_GPIO is not set
# CONFIG_KEYBOARD_GPIO is not set
# CONFIG_KEYBOARD_GPIO_POLLED is not set
diff --git a/kernel.spec b/kernel.spec
index a89a81774..ec1d12b96 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -67,7 +67,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 0
# The git snapshot level
-%define gitrev 12
+%define gitrev 13
# Set rpm version accordingly
%define rpmversion 4.%{upstream_sublevel}.0
%endif
@@ -2044,6 +2044,9 @@ fi
#
#
%changelog
+* Fri Sep 11 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.0-0.rc0.git13.1
+- Linux v4.2-11142-gb0a1ea51bda4
+
* Fri Sep 11 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.0-0.rc0.git12.1
- Linux v4.2-10963-g519f526d391b
diff --git a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
index 2d06dad3c..a5832ea70 100644
--- a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
+++ b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
@@ -1,7 +1,7 @@
-From 1fc498d024c07e39105c060603e40cb7bc6bd5b8 Mon Sep 17 00:00:00 2001
+From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
-Subject: [PATCH 08/20] kexec: Disable at runtime if the kernel enforces module
+Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
@@ -14,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index a785c1015e25..81d6b404f33c 100644
+index 4c5edc357923..db431971dbd4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
-@@ -36,6 +36,7 @@
- #include <linux/syscore_ops.h>
- #include <linux/compiler.h>
- #include <linux/hugetlb.h>
+@@ -10,6 +10,7 @@
+ #include <linux/mm.h>
+ #include <linux/file.h>
+ #include <linux/kexec.h>
+#include <linux/module.h>
-
- #include <asm/page.h>
- #include <asm/uaccess.h>
-@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+ #include <linux/mutex.h>
+ #include <linux/list.h>
+ #include <linux/syscalls.h>
+@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
diff --git a/sources b/sources
index a48953137..5e924832f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz
4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz
-7a96be9e875ddaa706c969d7d7c5e4db patch-4.2-git12.xz
+1682b6f2a10f97fee392d0ab40b17632 patch-4.2-git13.xz