diff options
-rw-r--r-- | Add-option-to-automatically-enforce-module-signature.patch | 8 | ||||
-rw-r--r-- | Add-sysrq-option-to-disable-secure-boot-mode.patch | 4 | ||||
-rw-r--r-- | KEYS-Add-a-system-blacklist-keyring.patch | 4 | ||||
-rw-r--r-- | MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch | 4 | ||||
-rw-r--r-- | config-armv7-generic | 1 | ||||
-rw-r--r-- | config-generic | 4 | ||||
-rw-r--r-- | config-x86-generic | 2 | ||||
-rw-r--r-- | criu-no-expert.patch | 6 | ||||
-rw-r--r-- | drm-i915-hush-check-crtc-state.patch | 4 | ||||
-rw-r--r-- | drm-vmwgfx-Fix-drm.h-include.patch | 34 | ||||
-rw-r--r-- | efi-Add-EFI_SECURE_BOOT-bit.patch | 4 | ||||
-rw-r--r-- | efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch | 4 | ||||
-rw-r--r-- | fs-Add-a-missing-permission-check-to-do_umount.patch | 31 | ||||
-rw-r--r-- | kbuild-AFTER_LINK.patch | 2 | ||||
-rw-r--r-- | kernel.spec | 17 | ||||
-rw-r--r-- | kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch | 2 | ||||
-rw-r--r-- | mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch | 4 | ||||
-rw-r--r-- | sources | 2 | ||||
-rw-r--r-- | watchdog-Disable-watchdog-on-virtual-machines.patch | 6 |
19 files changed, 37 insertions, 106 deletions
diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch index 9bf38ea02..9d3f95e4d 100644 --- a/Add-option-to-automatically-enforce-module-signature.patch +++ b/Add-option-to-automatically-enforce-module-signature.patch @@ -33,10 +33,10 @@ index 199f453cb4de..ec38acf00b40 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 3eb8a41509b3..e46dc01f5904 100644 +index f2327e88e07c..4ba047a782fd 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1577,6 +1577,16 @@ config EFI_MIXED +@@ -1607,6 +1607,16 @@ config EFI_MIXED If unsure, say N. @@ -129,10 +129,10 @@ index 225b0988043a..90dbfb73e11f 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 41ead8d3bc0b..5a5cf7395724 100644 +index 235cfd39e0d7..13c0835f907a 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1151,6 +1151,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); diff --git a/Add-sysrq-option-to-disable-secure-boot-mode.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch index fc59af3c1..ca9c990e4 100644 --- a/Add-sysrq-option-to-disable-secure-boot-mode.patch +++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch @@ -15,7 +15,7 @@ Upstream-status: Fedora mustard 7 files changed, 65 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index fb282ff6a802..d291d16ba257 100644 +index fbae2bf99a47..f3960a8c2627 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -70,6 +70,11 @@ @@ -30,7 +30,7 @@ index fb282ff6a802..d291d16ba257 100644 #include <video/edid.h> #include <asm/mtrr.h> -@@ -1268,6 +1273,37 @@ void __init i386_reserve_resources(void) +@@ -1277,6 +1282,37 @@ void __init i386_reserve_resources(void) #endif /* CONFIG_X86_32 */ diff --git a/KEYS-Add-a-system-blacklist-keyring.patch b/KEYS-Add-a-system-blacklist-keyring.patch index 6e1f3015c..0f02211a4 100644 --- a/KEYS-Add-a-system-blacklist-keyring.patch +++ b/KEYS-Add-a-system-blacklist-keyring.patch @@ -29,10 +29,10 @@ index 72665eb80692..2c7b80d31366 100644 + #endif /* _KEYS_SYSTEM_KEYRING_H */ diff --git a/init/Kconfig b/init/Kconfig -index 1c505e090422..4fb572ae7423 100644 +index 3ee28ae02cc8..0bba9555e5ef 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1732,6 +1732,15 @@ config SYSTEM_TRUSTED_KEYRING +@@ -1733,6 +1733,15 @@ config SYSTEM_TRUSTED_KEYRING Keys in this keyring are used by module signature checking. diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch index 26cf0d3e7..47ce05447 100644 --- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch +++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch @@ -42,10 +42,10 @@ index 41359e548bcb..db9e6118575e 100644 efi_guid_t guid; u64 table; diff --git a/init/Kconfig b/init/Kconfig -index 4fb572ae7423..b0138f178c7c 100644 +index 0bba9555e5ef..0e1e8a14175a 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1886,6 +1886,15 @@ config MODULE_SIG_ALL +@@ -1887,6 +1887,15 @@ config MODULE_SIG_ALL comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL diff --git a/config-armv7-generic b/config-armv7-generic index dc996e098..55c2bc8bf 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -297,6 +297,7 @@ CONFIG_CHARGER_MAX8997=m CONFIG_LEDS_MAX8997=m CONFIG_RTC_DRV_MAX8997=m CONFIG_RTC_DRV_MAX77686=m +CONFIG_RTC_DRV_MAX77802=m CONFIG_EXTCON_MAX8997=m # Tegra diff --git a/config-generic b/config-generic index 5ca47dfc0..16791f173 100644 --- a/config-generic +++ b/config-generic @@ -5199,7 +5199,7 @@ CONFIG_PSTORE_RAM=m # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_FTRACE is not set -# CONFIG_TEST_MODULE is not set +# CONFIG_TEST_LKM is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_BPF is not set # CONFIG_TEST_UDELAY is not set @@ -5245,6 +5245,8 @@ CONFIG_FMC_CHARDEV=m # CONFIG_ARM_ARCH_TIMER_EVTSTREAM is not set +# CONFIG_HMC_DRV is not set + # CONFIG_PM_DEVFREQ is not set # CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND is not set # CONFIG_DEVFREQ_GOV_PERFORMANCE is not set diff --git a/config-x86-generic b/config-x86-generic index 2815f88fa..719f3e4b3 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -483,6 +483,8 @@ CONFIG_NFC_MICROREAD_MEI=m # CONFIG_X86_GOLDFISH is not set CONFIG_X86_INTEL_LPSS=y +CONFIG_IOSF_MBI=m +# CONFIG_IOSF_MBI_DEBUG is not set CONFIG_PWM_LPSS=m CONFIG_PINCTRL=y CONFIG_PINCTRL_BAYTRAIL=y diff --git a/criu-no-expert.patch b/criu-no-expert.patch index a32c53dcd..3eadcc74a 100644 --- a/criu-no-expert.patch +++ b/criu-no-expert.patch @@ -9,10 +9,10 @@ Upstream-status: Fedora mustard 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/init/Kconfig b/init/Kconfig -index b0138f178c7c..faf5ff3b26ae 100644 +index 0e1e8a14175a..71cd7226a78f 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1148,7 +1148,7 @@ config DEBUG_BLK_CGROUP +@@ -1149,7 +1149,7 @@ config DEBUG_BLK_CGROUP endif # CGROUPS config CHECKPOINT_RESTORE @@ -21,7 +21,7 @@ index b0138f178c7c..faf5ff3b26ae 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1159,7 +1159,7 @@ config CHECKPOINT_RESTORE +@@ -1160,7 +1160,7 @@ config CHECKPOINT_RESTORE If unsure, say N here. menuconfig NAMESPACES diff --git a/drm-i915-hush-check-crtc-state.patch b/drm-i915-hush-check-crtc-state.patch index b4bea5f76..ddcf314db 100644 --- a/drm-i915-hush-check-crtc-state.patch +++ b/drm-i915-hush-check-crtc-state.patch @@ -14,10 +14,10 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index d8324c69fa86..ee0ca36930f8 100644 +index 507370513f3d..fa5bc89a4c93 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -10656,7 +10656,7 @@ check_crtc_state(struct drm_device *dev) +@@ -10966,7 +10966,7 @@ check_crtc_state(struct drm_device *dev) if (active && !intel_pipe_config_compare(dev, &crtc->config, &pipe_config)) { diff --git a/drm-vmwgfx-Fix-drm.h-include.patch b/drm-vmwgfx-Fix-drm.h-include.patch deleted file mode 100644 index 9e6929b9d..000000000 --- a/drm-vmwgfx-Fix-drm.h-include.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Josh Boyer <jwboyer@fedoraproject.org> -Date: Fri, 5 Sep 2014 13:19:59 -0400 -Subject: [PATCH] drm/vmwgfx: Fix drm.h include - -The userspace drm.h include doesn't prefix the drm directory. This can lead -to compile failures as /usr/include/drm/ isn't in the standard gcc include -paths. Fix it to be <drm/drm.h>, which matches the rest of the driver drm -header files that get installed into /usr/include/drm. - -Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1138759 - -Fixes: 1d7a5cbf8f74e -Reported-by: Jeffrey Bastian <jbastian@redhat.com> -Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> ---- - include/uapi/drm/vmwgfx_drm.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/uapi/drm/vmwgfx_drm.h b/include/uapi/drm/vmwgfx_drm.h -index 4fc66f6b12ce..c472bedbe38e 100644 ---- a/include/uapi/drm/vmwgfx_drm.h -+++ b/include/uapi/drm/vmwgfx_drm.h -@@ -29,7 +29,7 @@ - #define __VMWGFX_DRM_H__ - - #ifndef __KERNEL__ --#include <drm.h> -+#include <drm/drm.h> - #endif - - #define DRM_VMW_MAX_SURFACE_FACES 6 --- -1.9.3 - diff --git a/efi-Add-EFI_SECURE_BOOT-bit.patch b/efi-Add-EFI_SECURE_BOOT-bit.patch index 8f49e006a..4148da049 100644 --- a/efi-Add-EFI_SECURE_BOOT-bit.patch +++ b/efi-Add-EFI_SECURE_BOOT-bit.patch @@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 5a5cf7395724..fb282ff6a802 100644 +index 13c0835f907a..fbae2bf99a47 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p) +@@ -1153,7 +1153,9 @@ void __init setup_arch(char **cmdline_p) #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE if (boot_params.secure_boot) { diff --git a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch index 0f1082cbe..3e5166a82 100644 --- a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch +++ b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch @@ -11,10 +11,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index e46dc01f5904..738c295ac3c3 100644 +index 4ba047a782fd..749f58ba7e36 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1578,7 +1578,8 @@ config EFI_MIXED +@@ -1608,7 +1608,8 @@ config EFI_MIXED If unsure, say N. config EFI_SECURE_BOOT_SIG_ENFORCE diff --git a/fs-Add-a-missing-permission-check-to-do_umount.patch b/fs-Add-a-missing-permission-check-to-do_umount.patch deleted file mode 100644 index ce9de6641..000000000 --- a/fs-Add-a-missing-permission-check-to-do_umount.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Andy Lutomirski <luto@amacapital.net> -Date: Wed, 8 Oct 2014 12:37:46 -0700 -Subject: [PATCH] fs: Add a missing permission check to do_umount - -Accessing do_remount_sb should require global CAP_SYS_ADMIN, but -only one of the two call sites was appropriately protected. - -Fixes CVE-2014-7975. - -Cc: stable@vger.kernel.org -Signed-off-by: Andy Lutomirski <luto@amacapital.net> ---- - fs/namespace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/fs/namespace.c b/fs/namespace.c -index c8e3034ff4b2..fbba8b17330d 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -1439,6 +1439,8 @@ static int do_umount(struct mount *mnt, int flags) - * Special case for "unmounting" root ... - * we just try to remount it readonly. - */ -+ if (!capable(CAP_SYS_ADMIN)) -+ return -EPERM; - down_write(&sb->s_umount); - if (!(sb->s_flags & MS_RDONLY)) - retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); --- -1.9.3 - diff --git a/kbuild-AFTER_LINK.patch b/kbuild-AFTER_LINK.patch index 603e0e053..f686a6365 100644 --- a/kbuild-AFTER_LINK.patch +++ b/kbuild-AFTER_LINK.patch @@ -106,7 +106,7 @@ index 5a4affe025e8..8ff38ce94c8e 100644 VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \ $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh -index 86a4fe75f453..161637ed5611 100644 +index 86a4fe75f453..161637ed5611 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -65,6 +65,10 @@ vmlinux_link() diff --git a/kernel.spec b/kernel.spec index 669721193..5e8bda5a2 100644 --- a/kernel.spec +++ b/kernel.spec @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 7 +%define gitrev 8 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -599,17 +599,11 @@ Patch22000: weird-root-dentry-name-debug.patch # Patch series from Hans for various backlight and platform driver fixes Patch26002: samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch -#rhbz 1138759 -Patch26021: drm-vmwgfx-Fix-drm.h-include.patch - Patch26032: Revert-pinctrl-qcom-use-restart_notifier-mechanism-f.patch #CVE-2014-7970 rhbz 1151095 1151484 Patch26033: mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch -#CVE-2014-7975 rhbz 1151108 1152025 -Patch26034: fs-Add-a-missing-permission-check-to-do_umount.patch - Patch26035: nf_reject_ipv4-module-license-unspecified-taints-ker.patch # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel @@ -1323,17 +1317,11 @@ ApplyPatch ath9k-rx-dma-stop-check.patch # Patch series from Hans for various backlight and platform driver fixes ApplyPatch samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch -#rhbz 1138759 -ApplyPatch drm-vmwgfx-Fix-drm.h-include.patch - ApplyPatch Revert-pinctrl-qcom-use-restart_notifier-mechanism-f.patch #CVE-2014-7970 rhbz 1151095 1151484 ApplyPatch mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch -#CVE-2014-7975 rhbz 1151108 1152025 -ApplyPatch fs-Add-a-missing-permission-check-to-do_umount.patch - ApplyPatch nf_reject_ipv4-module-license-unspecified-taints-ker.patch %if 0%{?aarch64patches} @@ -2204,6 +2192,9 @@ fi # ||----w | # || || %changelog +* Tue Oct 14 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.18.0-0.rc0.git8.1 +- Linux v3.17-9283-g2d65a9f48fcd + * Tue Oct 14 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.18.0-0.rc0.git7.1 - Linux v3.17-8307-gf1d0d14120a8 diff --git a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch index b33213738..f6f72ada5 100644 --- a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch +++ b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch @@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 1 file changed, 8 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c -index 2bee072268d9..891477dbfee0 100644 +index 2abf9f6e9a61..417bd0599024 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -36,6 +36,7 @@ diff --git a/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch b/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch index b89527ff7..be3660125 100644 --- a/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch +++ b/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch @@ -26,10 +26,10 @@ Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 1 file changed, 3 insertions(+) diff --git a/fs/namespace.c b/fs/namespace.c -index 348562f14e93..c8e3034ff4b2 100644 +index 2651328d1790..fbba8b17330d 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -2913,6 +2913,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2915,6 +2915,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, /* make sure we can reach put_old from new_root */ if (!is_path_reachable(old_mnt, old.dentry, &new)) goto out4; @@ -1,3 +1,3 @@ fb30d0f29214d75cddd2faa94f73d5cf linux-3.17.tar.xz 159e969cbc27201d8e2fa0f609dc722f perf-man-3.17.tar.gz -992c678dad773514a9c3ae553fe50d1c patch-3.17-git7.xz +6377140a0dc23037b33bc1e6bc625cbb patch-3.17-git8.xz diff --git a/watchdog-Disable-watchdog-on-virtual-machines.patch b/watchdog-Disable-watchdog-on-virtual-machines.patch index b37f14144..b386ee1b9 100644 --- a/watchdog-Disable-watchdog-on-virtual-machines.patch +++ b/watchdog-Disable-watchdog-on-virtual-machines.patch @@ -20,7 +20,7 @@ Signed-off-by: Dave Jones <davej@redhat.com> 1 file changed, 29 insertions(+) diff --git a/kernel/watchdog.c b/kernel/watchdog.c -index ff7fd80bef99..88aebd38b92f 100644 +index 49e9537f3673..a800af056510 100644 --- a/kernel/watchdog.c +++ b/kernel/watchdog.c @@ -19,6 +19,7 @@ @@ -31,7 +31,7 @@ index ff7fd80bef99..88aebd38b92f 100644 #include <asm/irq_regs.h> #include <linux/kvm_para.h> -@@ -108,6 +109,32 @@ static int __init softlockup_all_cpu_backtrace_setup(char *str) +@@ -135,6 +136,32 @@ static int __init softlockup_all_cpu_backtrace_setup(char *str) __setup("softlockup_all_cpu_backtrace=", softlockup_all_cpu_backtrace_setup); #endif @@ -64,7 +64,7 @@ index ff7fd80bef99..88aebd38b92f 100644 /* * Hard-lockup warnings should be triggered after just a few seconds. Soft- * lockups can have false positives under extreme conditions. So we generally -@@ -658,6 +685,8 @@ out: +@@ -704,6 +731,8 @@ out: void __init lockup_detector_init(void) { |