From 9aee5ae400153e937d368c0bfe96e8c67697aa3b Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 20 Oct 2019 14:35:22 +0100 Subject: [PATCH] debian/patches/series: Apply security fixes last (except ABI maintenance) The security fixes are where we have the greatest churn, so it's convenient if they can be pushed/popped without having to go through other patches. --- debian/patches/series | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/debian/patches/series b/debian/patches/series index b0b9b263d..891d589ca 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -158,16 +158,6 @@ features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-lo features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch -# Security fixes -debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -debian/ntfs-mark-it-as-broken.patch -bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch -bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch -bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch -bugfix/all/vhost-make-sure-log_num-in_num.patch -bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch -bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch - # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch @@ -259,5 +249,15 @@ features/arm/ARM-dts-add-Raspberry-Pi-Compute-Module-3-and-IO-boa.patch features/arm64/arm64-dts-broadcom-Add-reference-to-Compute-Module-I.patch features/arm64/arm64-dts-broadcom-Use-the-.dtb-name-in-the-rule-rat.patch +# Security fixes +debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +debian/ntfs-mark-it-as-broken.patch +bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch +bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch +bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch +bugfix/all/vhost-make-sure-log_num-in_num.patch +bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch +bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch + # ABI maintenance debian/abi/powerpc-avoid-abi-change-for-disabling-tm.patch