[linux] branch master updated (2499398 -> 54ab339)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Apr 5 13:04:19 UTC 2016


This is an automated email from the git hooks/post-receive script.

benh pushed a change to branch master
in repository linux.

      from  2499398   [mips*/octeon] Backport Octeon III CN7xxx interface detection from 4.7 queue.
      adds  7321950   Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support
      adds  c955e35   modules: Enable MODULE_SIG and MODULE_SIG_SHA256
      adds  969431b   certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules
      adds  a6aaaeb   Note added build-dependency on openssl too
      adds  f880a7f   Fix config for module signing
      adds  23d1e0f   debian/copyright: Note that extract-cert and sign-file are under LGPL 2.1
      adds  6e18d07   linux-kbuild: Add extract-cert and sign-file programs
      adds  516d9da   debian/config: Add config variable to control module signing in linux-signed
      adds  7b9f22f   debian_linux.gencontrol: Allow variable substitutions in control.source.in
      adds  76de9f0   scripts: Fix X.509 PEM support in sign-file
       new  119c44d   Merge branch 'benh/secure-boot'
       new  54ab339   Group all securelevel and Secure Boot changes together, closing #820008

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/bin/gencontrol.py                           |   1 +
 debian/certs/benh at debian.org.cert.pem              |  21 +++
 debian/changelog                                   |  11 ++
 debian/config/alpha/defines                        |   2 +
 debian/config/armel/config.marvell                 |   1 +
 debian/config/armel/defines                        |   4 +
 debian/config/config                               |  16 +-
 debian/config/defines                              |   4 +
 debian/config/hppa/defines                         |   2 +
 debian/config/kernelarch-x86/config                |   1 +
 debian/config/m68k/defines                         |   2 +
 debian/config/mips/defines                         |   2 +
 debian/config/mips64/defines                       |   2 +
 debian/config/mips64el/defines                     |   2 +
 debian/config/mipsel/defines                       |   2 +
 debian/config/powerpcspe/defines                   |   2 +
 debian/config/ppc64/defines                        |   2 +
 debian/config/sh4/defines                          |   2 +
 debian/config/sparc64/defines                      |   2 +
 debian/copyright                                   |  37 ++--
 debian/lib/python/debian_linux/gencontrol.py       |   3 +-
 ...cripts-fix-x.509-pem-support-in-sign-file.patch |  37 ++++
 ...e-acpi-table-override-if-securelevel-is-s.patch |  64 +++++++
 ...e-apei-error-injection-if-securelevel-is-.patch |  45 +++++
 ...-acpi_rsdp-kernel-parameter-when-securele.patch |  36 ++++
 ...access-to-custom_method-if-securelevel-is.patch |  36 ++++
 .../add-bsd-style-securelevel-support.patch        | 208 +++++++++++++++++++++
 ...to-automatically-set-securelevel-when-in-.patch | 148 +++++++++++++++
 ...strict-debugfs-interface-when-securelevel.patch |  57 ++++++
 ...e-secure-boot-if-shim-is-in-insecure-mode.patch |  66 +++++++
 .../enable-cold-boot-attack-mitigation.patch       |  49 +++++
 ...ule-signatures-when-securelevel-is-greate.patch |  24 +++
 ...hibernate-disable-when-securelevel-is-set.patch |  36 ++++
 ...le-at-runtime-if-securelevel-has-been-set.patch |  36 ++++
 ...copy-secure_boot-flag-in-boot-params-acro.patch |  32 ++++
 ...wn-bar-access-when-securelevel-is-enabled.patch | 108 +++++++++++
 ...v-mem-and-dev-kmem-when-securelevel-is-se.patch |  38 ++++
 .../uswsusp-disable-when-securelevel-is-set.patch  |  36 ++++
 ...wn-io-port-access-when-securelevel-is-ena.patch |  74 ++++++++
 ...strict-msr-access-when-securelevel-is-set.patch |  46 +++++
 debian/patches/series                              |  21 +++
 debian/rules.d/scripts/Makefile                    |   5 +-
 debian/templates/control.source.in                 |   2 +-
 43 files changed, 1304 insertions(+), 21 deletions(-)
 create mode 100644 debian/certs/benh at debian.org.cert.pem
 create mode 100644 debian/patches/bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch
 create mode 100644 debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch
 create mode 100644 debian/patches/features/all/securelevel/acpi-disable-apei-error-injection-if-securelevel-is-.patch
 create mode 100644 debian/patches/features/all/securelevel/acpi-ignore-acpi_rsdp-kernel-parameter-when-securele.patch
 create mode 100644 debian/patches/features/all/securelevel/acpi-limit-access-to-custom_method-if-securelevel-is.patch
 create mode 100644 debian/patches/features/all/securelevel/add-bsd-style-securelevel-support.patch
 create mode 100644 debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch
 create mode 100644 debian/patches/features/all/securelevel/asus-wmi-restrict-debugfs-interface-when-securelevel.patch
 create mode 100644 debian/patches/features/all/securelevel/efi-disable-secure-boot-if-shim-is-in-insecure-mode.patch
 create mode 100644 debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch
 create mode 100644 debian/patches/features/all/securelevel/enforce-module-signatures-when-securelevel-is-greate.patch
 create mode 100644 debian/patches/features/all/securelevel/hibernate-disable-when-securelevel-is-set.patch
 create mode 100644 debian/patches/features/all/securelevel/kexec-disable-at-runtime-if-securelevel-has-been-set.patch
 create mode 100644 debian/patches/features/all/securelevel/kexec-uefi-copy-secure_boot-flag-in-boot-params-acro.patch
 create mode 100644 debian/patches/features/all/securelevel/pci-lock-down-bar-access-when-securelevel-is-enabled.patch
 create mode 100644 debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch
 create mode 100644 debian/patches/features/all/securelevel/uswsusp-disable-when-securelevel-is-set.patch
 create mode 100644 debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch
 create mode 100644 debian/patches/features/all/securelevel/x86-restrict-msr-access-when-securelevel-is-set.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list