[linux] branch master updated (d85c3a3 -> 0e0b29a)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Apr 20 01:43:47 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a change to branch master
in repository linux.
from d85c3a3 Complete forward-porting of "arm64: add kernel config option to set securelevel ..."
new 327c328 Update to 4.11-rc7 (and credit Lukas for his previous work)
new be339dd aufs: Update support patchset to aufs4.x-rcN-20170410
new 0e0b29a [arm64,x86] Replace securelevel patch set with lockdown patch set
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 9 +-
debian/config/arm64/config | 2 +-
debian/config/config | 2 +-
debian/config/kernelarch-x86/config | 2 +-
debian/patches/features/all/aufs4/aufs4-base.patch | 40 +-
debian/patches/features/all/aufs4/aufs4-mmap.patch | 66 +-
.../features/all/aufs4/aufs4-standalone.patch | 72 +-
...dule-params-that-specify-hardware-paramet.patch | 117 ++++
...rdware-config-module-parameters-in-arch-x.patch | 51 ++
...rdware-config-module-parameters-in-driver.patch | 85 +++
...rdware-config-module-parameters-in-driver.patch | 51 ++
...rdware-config-module-parameters-in-driver.patch | 49 ++
...rdware-config-module-parameters-in-driver.patch | 48 ++
...rdware-config-module-parameters-in-driver.patch | 48 ++
...rdware-config-module-parameters-in-driver.patch | 124 ++++
...rdware-config-module-parameters-in-driver.patch | 157 +++++
...rdware-config-module-parameters-in-driver.patch | 61 ++
...rdware-config-module-parameters-in-driver.patch | 79 +++
...rdware-config-module-parameters-in-driver.patch | 88 +++
...rdware-config-module-parameters-in-driver.patch | 83 +++
...rdware-config-module-parameters-in-driver.patch | 45 ++
...rdware-config-module-parameters-in-driver.patch | 55 ++
...rdware-config-module-parameters-in-driver.patch | 47 ++
...rdware-config-module-parameters-in-driver.patch | 81 +++
...rdware-config-module-parameters-in-driver.patch | 87 +++
...rdware-config-module-parameters-in-driver.patch | 234 +++++++
...rdware-config-module-parameters-in-driver.patch | 111 ++++
...rdware-config-module-parameters-in-driver.patch | 125 ++++
...rdware-config-module-parameters-in-driver.patch | 112 ++++
...rdware-config-module-parameters-in-driver.patch | 50 ++
...rdware-config-module-parameters-in-driver.patch | 55 ++
...rdware-config-module-parameters-in-driver.patch | 48 ++
...rdware-config-module-parameters-in-driver.patch | 75 +++
...rdware-config-module-parameters-in-driver.patch | 131 ++++
...rdware-config-module-parameters-in-driver.patch | 53 ++
...rdware-config-module-parameters-in-driver.patch | 76 +++
...rdware-config-module-parameters-in-driver.patch | 61 ++
...rdware-config-module-parameters-in-driver.patch | 144 ++++
...rdware-config-module-parameters-in-driver.patch | 80 +++
...rdware-config-module-parameters-in-driver.patch | 111 ++++
...rdware-config-module-parameters-in-fs-pst.patch | 48 ++
...rdware-config-module-parameters-in-sound-.patch | 84 +++
...rdware-config-module-parameters-in-sound-.patch | 731 +++++++++++++++++++++
...rdware-config-module-parameters-in-sound-.patch | 320 +++++++++
...rdware-config-module-parameters-in-sound-.patch | 154 +++++
.../0039-efi-Add-EFI_SECURE_BOOT-bit.patch | 43 ++
...lity-to-lock-down-access-to-the-running-k.patch | 146 ++++
...wn-the-kernel-if-booted-in-secure-boot-mo.patch | 66 ++
...ule-signatures-if-the-kernel-is-locked-do.patch | 26 +
...v-mem-and-dev-kmem-when-the-kernel-is-loc.patch | 40 ++
...d-a-sysrq-option-to-exit-secure-boot-mode.patch | 249 +++++++
...le-at-runtime-if-the-kernel-is-locked-dow.patch | 36 +
...boot-flag-in-boot-params-across-kexec-re.patch} | 20 +-
...Disable-at-runtime-if-securelevel-has-bee.patch | 35 +
...te-Disable-when-the-kernel-is-locked-down.patch | 29 +
...sp-Disable-when-the-kernel-is-locked-down.patch | 29 +
...wn-BAR-access-when-the-kernel-is-locked-d.patch | 99 +++
...wn-IO-port-access-when-the-kernel-is-lock.patch | 55 ++
...t-MSR-access-when-the-kernel-is-locked-do.patch | 41 ++
...strict-debugfs-interface-when-the-kernel-.patch | 52 ++
...access-to-custom_method-when-the-kernel-i.patch | 30 +
...-acpi_rsdp-kernel-param-when-the-kernel-h.patch | 29 +
...e-ACPI-table-override-if-the-kernel-is-lo.patch | 38 ++
...-APEI-error-injection-if-the-kernel-is-l.patch} | 32 +-
...t-kernel-image-access-functions-when-the-.patch | 54 ++
.../0059-scsi-Lock-down-the-eata-driver.patch | 44 ++
...MCIA-CIS-storage-when-the-kernel-is-locke.patch | 30 +
.../all/lockdown/0061-Lock-down-TIOCSSERIAL.patch | 33 +
...odule-params-that-specify-hardware-parame.patch | 81 +++
...d-kernel-config-option-to-lock-down-when.patch} | 49 +-
.../enable-cold-boot-attack-mitigation.patch | 16 +-
...disable-slram-and-phram-when-locked-down.patch} | 28 +-
...e-acpi-table-override-if-securelevel-is-s.patch | 75 ---
...-acpi_rsdp-kernel-parameter-when-securele.patch | 34 -
...access-to-custom_method-if-securelevel-is.patch | 36 -
.../add-bsd-style-securelevel-support.patch | 208 ------
...to-automatically-set-securelevel-when-in-.patch | 85 ---
...strict-debugfs-interface-when-securelevel.patch | 57 --
...ule-signatures-when-securelevel-is-greate.patch | 24 -
...hibernate-disable-when-securelevel-is-set.patch | 36 -
...le-at-runtime-if-securelevel-has-been-set.patch | 36 -
...wn-bar-access-when-securelevel-is-enabled.patch | 109 ---
...v-mem-and-dev-kmem-when-securelevel-is-se.patch | 37 --
.../uswsusp-disable-when-securelevel-is-set.patch | 34 -
...wn-io-port-access-when-securelevel-is-ena.patch | 74 ---
...strict-msr-access-when-securelevel-is-set.patch | 46 --
debian/patches/series | 88 ++-
87 files changed, 5666 insertions(+), 1095 deletions(-)
create mode 100644 debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch
create mode 100644 debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch
create mode 100644 debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch
create mode 100644 debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch
create mode 100644 debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch
create mode 100644 debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch
create mode 100644 debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch
create mode 100644 debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch
create mode 100644 debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch
create mode 100644 debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
create mode 100644 debian/patches/features/all/lockdown/0042-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
create mode 100644 debian/patches/features/all/lockdown/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
create mode 100644 debian/patches/features/all/lockdown/0044-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
create mode 100644 debian/patches/features/all/lockdown/0045-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
rename debian/patches/features/all/{securelevel/kexec-uefi-copy-secure_boot-flag-in-boot-params-acro.patch => lockdown/0046-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch} (61%)
create mode 100644 debian/patches/features/all/lockdown/0047-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
create mode 100644 debian/patches/features/all/lockdown/0048-hibernate-Disable-when-the-kernel-is-locked-down.patch
create mode 100644 debian/patches/features/all/lockdown/0049-uswsusp-Disable-when-the-kernel-is-locked-down.patch
create mode 100644 debian/patches/features/all/lockdown/0050-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
create mode 100644 debian/patches/features/all/lockdown/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
create mode 100644 debian/patches/features/all/lockdown/0052-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
create mode 100644 debian/patches/features/all/lockdown/0053-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
create mode 100644 debian/patches/features/all/lockdown/0054-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
create mode 100644 debian/patches/features/all/lockdown/0055-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
create mode 100644 debian/patches/features/all/lockdown/0056-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
rename debian/patches/features/all/{securelevel/acpi-disable-apei-error-injection-if-securelevel-is-.patch => lockdown/0057-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch} (59%)
create mode 100644 debian/patches/features/all/lockdown/0058-bpf-Restrict-kernel-image-access-functions-when-the-.patch
create mode 100644 debian/patches/features/all/lockdown/0059-scsi-Lock-down-the-eata-driver.patch
create mode 100644 debian/patches/features/all/lockdown/0060-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
create mode 100644 debian/patches/features/all/lockdown/0061-Lock-down-TIOCSSERIAL.patch
create mode 100644 debian/patches/features/all/lockdown/0062-Lock-down-module-params-that-specify-hardware-parame.patch
rename debian/patches/features/all/{securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch => lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch} (68%)
rename debian/patches/features/all/{securelevel => lockdown}/enable-cold-boot-attack-mitigation.patch (80%)
rename debian/patches/features/all/{securelevel/mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch => lockdown/mtd-disable-slram-and-phram-when-locked-down.patch} (58%)
delete mode 100644 debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch
delete mode 100644 debian/patches/features/all/securelevel/acpi-ignore-acpi_rsdp-kernel-parameter-when-securele.patch
delete mode 100644 debian/patches/features/all/securelevel/acpi-limit-access-to-custom_method-if-securelevel-is.patch
delete mode 100644 debian/patches/features/all/securelevel/add-bsd-style-securelevel-support.patch
delete mode 100644 debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch
delete mode 100644 debian/patches/features/all/securelevel/asus-wmi-restrict-debugfs-interface-when-securelevel.patch
delete mode 100644 debian/patches/features/all/securelevel/enforce-module-signatures-when-securelevel-is-greate.patch
delete mode 100644 debian/patches/features/all/securelevel/hibernate-disable-when-securelevel-is-set.patch
delete mode 100644 debian/patches/features/all/securelevel/kexec-disable-at-runtime-if-securelevel-has-been-set.patch
delete mode 100644 debian/patches/features/all/securelevel/pci-lock-down-bar-access-when-securelevel-is-enabled.patch
delete mode 100644 debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch
delete mode 100644 debian/patches/features/all/securelevel/uswsusp-disable-when-securelevel-is-set.patch
delete mode 100644 debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch
delete mode 100644 debian/patches/features/all/securelevel/x86-restrict-msr-access-when-securelevel-is-set.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list