diff options
-rw-r--r-- | KEYS-Add-a-system-blacklist-keyring.patch | 4 | ||||
-rw-r--r-- | Kbuild-Add-an-option-to-enable-GCC-VTA.patch | 4 | ||||
-rw-r--r-- | MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch | 10 | ||||
-rw-r--r-- | Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch | 2 | ||||
-rw-r--r-- | config-armv7 | 1 | ||||
-rw-r--r-- | config-armv7-generic | 8 | ||||
-rw-r--r-- | config-generic | 6 | ||||
-rw-r--r-- | config-powerpc-generic | 1 | ||||
-rw-r--r-- | config-powerpc64 | 2 | ||||
-rw-r--r-- | config-powerpc64p7 | 2 | ||||
-rw-r--r-- | criu-no-expert.patch | 8 | ||||
-rw-r--r-- | kernel.spec | 11 | ||||
-rw-r--r-- | security-yama-Remove-unnecessary-selects-from-Kconfi.patch | 28 | ||||
-rw-r--r-- | sources | 2 | ||||
-rw-r--r-- | x86-Lock-down-IO-port-access-when-module-security-is.patch | 2 |
15 files changed, 40 insertions, 51 deletions
diff --git a/KEYS-Add-a-system-blacklist-keyring.patch b/KEYS-Add-a-system-blacklist-keyring.patch index ced0dec2e..74c2870dc 100644 --- a/KEYS-Add-a-system-blacklist-keyring.patch +++ b/KEYS-Add-a-system-blacklist-keyring.patch @@ -29,10 +29,10 @@ index 72665eb80692..2c7b80d31366 100644 + #endif /* _KEYS_SYSTEM_KEYRING_H */ diff --git a/init/Kconfig b/init/Kconfig -index a905b7301e10..65e1bd0bc995 100644 +index 3b9df1aa35db..0eaa8278c87b 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1747,6 +1747,15 @@ config SYSTEM_TRUSTED_KEYRING +@@ -1764,6 +1764,15 @@ config SYSTEM_TRUSTED_KEYRING Keys in this keyring are used by module signature checking. diff --git a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch index 0ac2c66a4..15122606e 100644 --- a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch +++ b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch @@ -43,10 +43,10 @@ Signed-off-by: Josh Stone <jistone@redhat.com> 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 9b76ce1e08bb..710c857e6450 100644 +index 6cc5b2434224..9e743f32d394 100644 --- a/Makefile +++ b/Makefile -@@ -706,7 +706,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer +@@ -704,7 +704,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer endif endif diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch index f2c19e463..bf630a2b5 100644 --- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch +++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch @@ -42,10 +42,10 @@ index 3dd6f4a51b9b..9cc069579351 100644 efi_guid_t guid; u64 table; diff --git a/init/Kconfig b/init/Kconfig -index 65e1bd0bc995..98af72b9a002 100644 +index 0eaa8278c87b..60ec329b1959 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1901,6 +1901,15 @@ config MODULE_SIG_ALL +@@ -1918,6 +1918,15 @@ config MODULE_SIG_ALL comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL @@ -62,10 +62,10 @@ index 65e1bd0bc995..98af72b9a002 100644 prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG diff --git a/kernel/Makefile b/kernel/Makefile -index 1408b3353a3c..8a3be67a3a15 100644 +index 0f8f8b0bc1bf..cbe268943cee 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o +@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o @@ -73,7 +73,7 @@ index 1408b3353a3c..8a3be67a3a15 100644 obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_KEXEC) += kexec.o -@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o +@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o $(obj)/configs.o: $(obj)/config_data.h diff --git a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch index fd2faacbd..d3f6ee243 100644 --- a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch +++ b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch @@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 1 file changed, 6 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index aa2fac9086b5..fb88c24ebd01 100644 +index 53fe675f9bd7..b52c88860532 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, diff --git a/config-armv7 b/config-armv7 index 079af96af..a37d238b7 100644 --- a/config-armv7 +++ b/config-armv7 @@ -371,6 +371,7 @@ CONFIG_SPMI_MSM_PMIC_ARB=m CONFIG_QCOM_SPMI_IADC=m CONFIG_QCOM_SPMI_VADC=m CONFIG_INPUT_PM8941_PWRKEY=m +CONFIG_LEDS_PM8941_WLED=m # i.MX # CONFIG_MXC_DEBUG_BOARD is not set diff --git a/config-armv7-generic b/config-armv7-generic index ed54f7bf5..041cb34ca 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -555,11 +555,18 @@ CONFIG_I2C_DESIGNWARE_PLATFORM=m CONFIG_I2C_MV64XXX=m # HW crypto and rng +CONFIG_ARM_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM=m CONFIG_CRYPTO_AES_ARM=m # CONFIG_CRYPTO_AES_ARM_BS is not set CONFIG_CRYPTO_SHA1_ARM_NEON=m CONFIG_CRYPTO_SHA512_ARM_NEON=m +# CONFIG_CRYPTO_SHA1_ARM_CE is not set +# CONFIG_CRYPTO_SHA2_ARM_CE is not set +CONFIG_CRYPTO_SHA256_ARM=m +# CONFIG_CRYPTO_AES_ARM_CE is not set +# CONFIG_CRYPTO_GHASH_ARM_CE is not set + # DMA CONFIG_TI_PRIV_EDMA=y @@ -602,6 +609,7 @@ CONFIG_EEPROM_93XX46=m # Sound CONFIG_SND_ARM=y CONFIG_SND_SOC_AC97_BUS=y +# CONFIG_SND_SOC_QCOM is not set # Displays CONFIG_BACKLIGHT_TPS65217=m diff --git a/config-generic b/config-generic index e24f33c46..c16872f29 100644 --- a/config-generic +++ b/config-generic @@ -2386,6 +2386,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m # CONFIG_TCG_INFINEON is not set # CONFIG_TCG_TIS_I2C_ST33 is not set +# CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_XEN is not set CONFIG_TELCLOCK=m @@ -4588,6 +4589,7 @@ CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_USER_API_HASH=y CONFIG_CRYPTO_USER_API_SKCIPHER=y CONFIG_CRYPTO_USER_API_RNG=y +CONFIG_CRYPTO_USER_API_AEAD=y CONFIG_CRYPTO_MANAGER=y # Note, CONFIG_CRYPTO_MANAGER_DISABLE_TESTS needs to be unset, or FIPS will be disabled. # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set @@ -4880,6 +4882,7 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y # CONFIG_SND_SOC_PCM1792A is not set # CONFIG_SND_SOC_PCM512x_I2C is not set # CONFIG_SND_SOC_PCM512x_SPI is not set +# CONFIG_SND_SOC_QCOM is not set # CONFIG_SND_SOC_SGTL5000 is not set # CONFIG_SND_SOC_SIRF_AUDIO_CODEC is not set # CONFIG_SND_SOC_TAS5086 is not set @@ -4897,6 +4900,8 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y # CONFIG_SND_SOC_WM8770 is not set # CONFIG_SND_SOC_WM8776 is not set # CONFIG_SND_SOC_WM8804 is not set +# CONFIG_SND_SOC_WM8804_I2C is not set +# CONFIG_SND_SOC_WM8804_SPI is not set # CONFIG_SND_SOC_WM8903 is not set # CONFIG_SND_SOC_WM8962 is not set # CONFIG_SND_SOC_TPA6130A2 is not set @@ -4955,6 +4960,7 @@ CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_LP8501 is not set # CONFIG_LEDS_LP8860 is not set # CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_PM8941_WLED is not set # CONFIG_LEDS_SYSCON is not set CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=m diff --git a/config-powerpc-generic b/config-powerpc-generic index 00aaace9a..07008552e 100644 --- a/config-powerpc-generic +++ b/config-powerpc-generic @@ -326,6 +326,7 @@ CONFIG_I2C_MPC=m # CONFIG_CRYPTO_DEV_FSL_CAAM is not set # CONFIG_CRYPTO_SHA1_PPC is not set +# CONFIG_CRYPTO_MD5_PPC is not set # CONFIG_CAN_FLEXCAN is not set # CONFIG_NET_VENDOR_XILINX is not set diff --git a/config-powerpc64 b/config-powerpc64 index a139271ad..87de5f203 100644 --- a/config-powerpc64 +++ b/config-powerpc64 @@ -174,6 +174,8 @@ CONFIG_CRYPTO_DEV_NX=y CONFIG_CRYPTO_842=m CONFIG_CRYPTO_DEV_NX_ENCRYPT=m CONFIG_CRYPTO_DEV_NX_COMPRESS=m +CONFIG_CRYPTO_DEV_VMX=y +CONFIG_CRYPTO_DEV_VMX_ENCRYPT=y CONFIG_CXL=m diff --git a/config-powerpc64p7 b/config-powerpc64p7 index a04513d22..2a6d6472a 100644 --- a/config-powerpc64p7 +++ b/config-powerpc64p7 @@ -164,6 +164,8 @@ CONFIG_CRYPTO_DEV_NX=y CONFIG_CRYPTO_842=m CONFIG_CRYPTO_DEV_NX_ENCRYPT=m CONFIG_CRYPTO_DEV_NX_COMPRESS=m +CONFIG_CRYPTO_DEV_VMX=y +CONFIG_CRYPTO_DEV_VMX_ENCRYPT=y CONFIG_CXL=m diff --git a/criu-no-expert.patch b/criu-no-expert.patch index 5807360f2..f0f93d60e 100644 --- a/criu-no-expert.patch +++ b/criu-no-expert.patch @@ -9,10 +9,10 @@ Upstream-status: Fedora mustard 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/init/Kconfig b/init/Kconfig -index 98af72b9a002..73f60b09ecd1 100644 +index 60ec329b1959..6a3a2f63399b 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1148,7 +1148,7 @@ config DEBUG_BLK_CGROUP +@@ -1150,7 +1150,7 @@ config DEBUG_BLK_CGROUP endif # CGROUPS config CHECKPOINT_RESTORE @@ -21,15 +21,15 @@ index 98af72b9a002..73f60b09ecd1 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1159,7 +1159,7 @@ config CHECKPOINT_RESTORE +@@ -1161,7 +1161,7 @@ config CHECKPOINT_RESTORE If unsure, say N here. menuconfig NAMESPACES - bool "Namespaces support" if EXPERT + bool "Namespaces support" + depends on MULTIUSER default !EXPERT help - Provides the way to make tasks work with different objects using -- 2.1.0 diff --git a/kernel.spec b/kernel.spec index 899310910..d2e12a6ef 100644 --- a/kernel.spec +++ b/kernel.spec @@ -67,7 +67,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 3 +%define gitrev 4 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -608,9 +608,6 @@ Patch26131: acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch #CVE-2015-0275 rhbz 1193907 1195178 Patch26138: ext4-Allocate-entire-range-in-zero-range.patch -#rhbz 1196825 -Patch26140: security-yama-Remove-unnecessary-selects-from-Kconfi.patch - #CVE-2015-2150 rhbz 1196266 1200397 Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch @@ -1337,9 +1334,6 @@ ApplyPatch acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch #CVE-2015-0275 rhbz 1193907 1195178 ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch -#rhbz 1196825 -ApplyPatch security-yama-Remove-unnecessary-selects-from-Kconfi.patch - #CVE-2015-2150 rhbz 1196266 1200397 ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch @@ -2193,6 +2187,9 @@ fi # # %changelog +* Thu Apr 16 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc0.git4.1 +- Linux v4.0-6817-geea3a00264cf + * Wed Apr 15 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc0.git3.1 - Linux v4.0-5833-g6c373ca89399 diff --git a/security-yama-Remove-unnecessary-selects-from-Kconfi.patch b/security-yama-Remove-unnecessary-selects-from-Kconfi.patch deleted file mode 100644 index aa2a0d3c2..000000000 --- a/security-yama-Remove-unnecessary-selects-from-Kconfi.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Stephen Smalley <sds@tycho.nsa.gov> -Date: Fri, 27 Feb 2015 16:23:59 -0500 -Subject: [PATCH] security/yama: Remove unnecessary selects from Kconfig. - -Yama selects SECURITYFS and SECURITY_PATH, but requires neither. -Remove them. - -Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> ---- - security/yama/Kconfig | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/security/yama/Kconfig b/security/yama/Kconfig -index 20ef5143c0c0..3123e1da2fed 100644 ---- a/security/yama/Kconfig -+++ b/security/yama/Kconfig -@@ -1,8 +1,6 @@ - config SECURITY_YAMA - bool "Yama support" - depends on SECURITY -- select SECURITYFS -- select SECURITY_PATH - default n - help - This selects Yama, which extends DAC support with additional --- -2.1.0 - @@ -1,3 +1,3 @@ a86916bd12798220da9eb4a1eec3616d linux-4.0.tar.xz d125eecce68ab6fb5f1f23523c2c04b8 perf-man-4.0.tar.gz -9af367dcd56427b7d3f5eda66a5c538c patch-4.0-git3.xz +386fb222abea7dbffaa8560a756336cf patch-4.0-git4.xz diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch index 9307136dd..42b6bb02c 100644 --- a/x86-Lock-down-IO-port-access-when-module-security-is.patch +++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch @@ -44,7 +44,7 @@ index 37dae792dbbe..1ecc03ca3c15 100644 } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 9c4fd7a8e2e5..aa2fac9086b5 100644 +index 6b1721f978c2..53fe675f9bd7 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,6 +27,7 @@ |