7e79e9a13a
README.Debian: Change more URLs to use https: scheme
2016-04-25 00:52:47 +02:00
35602a868b
linux-source: Fix up module signing configuration in included kernel config files
...
Our signing certificate isn't included in the source tarball and would
be pointless to include in custom kernels. Custom kernels also won't
have a separate signing stage. So remove our settings for
CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and
CONFIG_SYSTEM_TRUSTED_KEYS. This should cause custom kernels based on
the included configs to follow the upstream default for signing, which
is to use a new key pair for each build.
2016-04-25 00:48:09 +02:00
56d41759a0
Add module signature fix to the changelog
2016-04-23 20:52:24 +02:00
5f6cfd0660
[x86] sound/soc/intel: Enable many more drivers ( Closes : #822267 )
2016-04-22 22:19:57 +02:00
8a0b066e92
Note closure of #821442
2016-04-22 16:46:48 +02:00
2d9dcd6be6
atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
2016-04-22 08:10:30 +01:00
b20f5e22b0
[armel/marvell] dts: kirkwood: fix SD slot default configuration for OpenRD ( Closes : #811351 )
2016-04-22 08:06:49 +01:00
fe835b64b1
Update to 4.5.2
...
As this includes changes to header_ops and dentry_operations, bump
the ABI number to 2.
2016-04-22 08:05:48 +01:00
c5cec59895
[mips*] Emulate unaligned LDXC1 and SDXC1 instructions.
2016-04-22 00:01:29 +02:00
9c63adf133
[x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955)
2016-04-19 16:30:27 +02:00
690df616c2
fs: Consolidate softdep declarations in each module
2016-04-14 20:40:33 +01:00
92f972094e
[x86] xen: suppress hugetlbfs in PV guests (CVE-2016-3961)
2016-04-14 20:57:52 +02:00
95034e0acb
Prepare to release linux (4.5.1-1).
2016-04-14 12:30:56 +01:00
315743de11
[armhf] usb-modules: Add modules required for BeagleBoard-X15 ( Closes : #815848 )
...
Thanks to Vagrant Cascadian
2016-04-14 00:07:03 +01:00
debb03a542
Note that #817816 was fixed in 4.5.1
2016-04-14 00:05:26 +01:00
a8c2d3c699
nbd: Create size change events for userspace ( Closes : #812487 )
2016-04-13 23:23:32 +01:00
e3395a2405
[armhf] watchdog: Enable S3C2410_WATCHDOG as module ( Closes : #819377 )
2016-04-13 23:12:44 +01:00
f782f13c81
[armhf] Add support for octa-core big.LITTLE systems including Exynos ( Closes : #819379 )
2016-04-13 23:11:02 +01:00
1d7f287b7a
[x86] ACPI / processor: Request native thermal interrupt handling via _OSC ( Closes : #817016 , #819336 )
2016-04-13 23:06:17 +01:00
f2cd4c8e5a
Re-enabling ZONE_DMA fixes the b44 and floppy drivers too ( Closes : #819385 , #820890 )
2016-04-13 23:06:00 +01:00
a6c63dfcf4
aufs: Update support patches to aufs4.5-20160328 ( Closes : #819748 )
2016-04-13 22:21:26 +01:00
df965c4112
fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers ( Closes : #819725 )
2016-04-13 22:17:00 +01:00
aac56d9572
[x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672)
2016-04-13 21:26:06 +01:00
e01d7b854c
ipv4: Don't do expensive useless work during inetdev destroy (CVE-2016-3156)
2016-04-13 21:24:19 +01:00
3f1372dedd
Add more CVE IDs for 4.5.1
2016-04-13 21:22:24 +01:00
d0292c6f67
netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs (CVE-2016-3134)
2016-04-13 21:11:40 +01:00
c972e924a7
Prepare for unstable upload: set ABI to 1 and drop ~exp1 from the version
2016-04-13 20:53:11 +01:00
2b5668bad8
linux-support: Include udeb configuration from debian/installer
...
This will be used by the linux-signed package.
2016-04-13 20:53:05 +01:00
74940e0a05
Disable UNUSED_SYMBOLS; it is now itself unused
2016-04-13 20:52:59 +01:00
68c5c5997c
Merge remote-tracking branch 'alioth/sid'
...
Merge open changelog entry for 4.4.6-2 into our open changelog entry.
Refresh the new patches.
2016-04-13 20:52:01 +01:00
6e05e68d7a
Update to 4.5.1
2016-04-13 20:49:29 +01:00
dfd9a83664
[armhf/armmp] Enable DW_WATCHDOG as module
...
Enable DW_WATCHDOG as module, used on Firefly-RK3288.
Patch by Vagrant Cascadian.
(Closes : #820834 )
2016-04-13 22:37:43 +09:00
5c3489a433
[armel/marvell] Add DT support for "Buffalo/Revogear Kurobox Pro"
2016-04-08 08:33:27 +09:00
062efc4b3f
[mips*/octeon] Enable CRYPTO_MD5_OCTEON, CRYPTO_SHA1_OCTEON, CRYPTO_SHA256 and CRYPTO_SHA512_OCTEON.
2016-04-06 13:08:06 +02:00
4f0dd22673
[mips*/octeon] Bump CONFIG_NR_CPUS to 32 to accomodate recent Octeon III SoCs.
2016-04-06 12:27:15 +02:00
c068d48b25
[mips*/octeon] udeb: Add ahci_octeon and ahci_platform modules to sata-modules.
2016-04-06 00:06:31 +02:00
511d4cedbc
[mips*/octeon] Enable SPI_OCTEON.
2016-04-05 23:58:00 +02:00
54ab3395af
Group all securelevel and Secure Boot changes together, closing #820008
2016-04-05 14:03:57 +01:00
119c44d06d
Merge branch 'benh/secure-boot'
2016-04-05 13:59:42 +01:00
7836b549be
[mips*/octeon] Backport OCTEON SATA controller support from 4.6-rc1. Enable AHCI_OCTEON.
2016-04-04 22:51:11 +02:00
d514efc4cc
[mipsel/mips/config.loongson-2f] Disable VIDEO_CX23885, VIDEO_IVTV, VIDEO_CX231XX, VIDEO_PVRUSB2 (fixes FTBFS).
...
This workaround the failed compilation of cx25840-core.c:
| {standard input}: Assembler messages:
| {standard input}:583: Error: branch out of range
| {standard input}:636: Error: branch out of range
| {standard input}:40094: Error: branch out of range
These are caused by the -Wa,-mfix-loongson2f-jump, which replaces the
"jalr t9" instruction by the "or t9, t9, 0x80000000; jalr t9"
instructions, thus causing an increase in code size.
This is probably the best way to workaround the FTBFS, especially given
that the loongson-2e/2f flavour are likely going to be removed for
stretch.
2016-04-04 22:20:30 +02:00
76de9f06e0
scripts: Fix X.509 PEM support in sign-file
...
DER format works but it's easier if we can use PEM everywhere.
2016-04-04 19:28:26 +01:00
6e18d075e9
linux-kbuild: Add extract-cert and sign-file programs
2016-04-04 10:41:48 +01:00
23d1e0f3c2
debian/copyright: Note that extract-cert and sign-file are under LGPL 2.1
...
This is significant because they link with OpenSSL.
2016-04-04 10:41:48 +01:00
f880a7ff25
Fix config for module signing
...
Replace my pubkey with an X.509 (PEM encoded) certificate as actually
required. Add quotes around the filenames in kconfig.
2016-04-04 10:41:46 +01:00
a6aaaeb263
Note added build-dependency on openssl too
2016-04-04 02:04:53 +01:00
969431b952
certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules
...
Also set MODULE_SIG_KEY to empty string to avoid including a build-
time generated key.
2016-04-03 13:12:23 +01:00
c955e35c32
modules: Enable MODULE_SIG and MODULE_SIG_SHA256
...
...but not MODULE_SIG_ALL as signatures will be packaged separately
2016-04-03 13:12:23 +01:00
7321950826
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support
2016-04-03 04:31:52 +01:00
ea7af96b4d
Merge branch 'benh/merge-linux-tools'
...
The primary reason not to build userland tools from src:linux was that
it allowed building with a minimal cross-toolchain and without the
target's glibc development files. In particular, the CI system at
kernel-archive.buildserver.net used such minimal cross-toolchains.
It is been a long time since kernel-archive.buildserver.net was
running, so the original reason for the separation no longer exists.
If we implement CI using similarly limited toolchains again, we can use
a build-profile to exclude userland builds, as these are now well
supported.
This merges the full history of both source packages together,
including in debian/changelog (which looks rather weird). The binary
packages resulting from this merge appear to be functionally the same,
though I can't be certain there's no regression.
2016-04-02 15:13:23 +01:00
Ben Hutchings
Aurelien Jarno
Salvatore Bonaccorso
Roger Shimizu