Ben Hutchings
7e79e9a13a
README.Debian: Change more URLs to use https: scheme
2016-04-25 00:52:47 +02:00
Ben Hutchings
35602a868b
linux-source: Fix up module signing configuration in included kernel config files
...
Our signing certificate isn't included in the source tarball and would
be pointless to include in custom kernels. Custom kernels also won't
have a separate signing stage. So remove our settings for
CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and
CONFIG_SYSTEM_TRUSTED_KEYS. This should cause custom kernels based on
the included configs to follow the upstream default for signing, which
is to use a new key pair for each build.
2016-04-25 00:48:09 +02:00
Ben Hutchings
56d41759a0
Add module signature fix to the changelog
2016-04-23 20:52:24 +02:00
Ben Hutchings
5f6cfd0660
[x86] sound/soc/intel: Enable many more drivers ( Closes : #822267 )
2016-04-22 22:19:57 +02:00
Ben Hutchings
8a0b066e92
Note closure of #821442
2016-04-22 16:46:48 +02:00
Ben Hutchings
2d9dcd6be6
atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
2016-04-22 08:10:30 +01:00
Ben Hutchings
b20f5e22b0
[armel/marvell] dts: kirkwood: fix SD slot default configuration for OpenRD ( Closes : #811351 )
2016-04-22 08:06:49 +01:00
Ben Hutchings
fe835b64b1
Update to 4.5.2
...
As this includes changes to header_ops and dentry_operations, bump
the ABI number to 2.
2016-04-22 08:05:48 +01:00
Aurelien Jarno
c5cec59895
[mips*] Emulate unaligned LDXC1 and SDXC1 instructions.
2016-04-22 00:01:29 +02:00
Salvatore Bonaccorso
9c63adf133
[x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955)
2016-04-19 16:30:27 +02:00
Ben Hutchings
690df616c2
fs: Consolidate softdep declarations in each module
2016-04-14 20:40:33 +01:00
Salvatore Bonaccorso
92f972094e
[x86] xen: suppress hugetlbfs in PV guests (CVE-2016-3961)
2016-04-14 20:57:52 +02:00
Ben Hutchings
95034e0acb
Prepare to release linux (4.5.1-1).
2016-04-14 12:30:56 +01:00
Ben Hutchings
315743de11
[armhf] usb-modules: Add modules required for BeagleBoard-X15 ( Closes : #815848 )
...
Thanks to Vagrant Cascadian
2016-04-14 00:07:03 +01:00
Ben Hutchings
debb03a542
Note that #817816 was fixed in 4.5.1
2016-04-14 00:05:26 +01:00
Ben Hutchings
a8c2d3c699
nbd: Create size change events for userspace ( Closes : #812487 )
2016-04-13 23:23:32 +01:00
Ben Hutchings
e3395a2405
[armhf] watchdog: Enable S3C2410_WATCHDOG as module ( Closes : #819377 )
2016-04-13 23:12:44 +01:00
Ben Hutchings
f782f13c81
[armhf] Add support for octa-core big.LITTLE systems including Exynos ( Closes : #819379 )
2016-04-13 23:11:02 +01:00
Ben Hutchings
1d7f287b7a
[x86] ACPI / processor: Request native thermal interrupt handling via _OSC ( Closes : #817016 , #819336 )
2016-04-13 23:06:17 +01:00
Ben Hutchings
f2cd4c8e5a
Re-enabling ZONE_DMA fixes the b44 and floppy drivers too ( Closes : #819385 , #820890 )
2016-04-13 23:06:00 +01:00
Ben Hutchings
a6c63dfcf4
aufs: Update support patches to aufs4.5-20160328 ( Closes : #819748 )
2016-04-13 22:21:26 +01:00
Ben Hutchings
df965c4112
fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers ( Closes : #819725 )
2016-04-13 22:17:00 +01:00
Ben Hutchings
aac56d9572
[x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672)
2016-04-13 21:26:06 +01:00
Ben Hutchings
e01d7b854c
ipv4: Don't do expensive useless work during inetdev destroy (CVE-2016-3156)
2016-04-13 21:24:19 +01:00
Ben Hutchings
3f1372dedd
Add more CVE IDs for 4.5.1
2016-04-13 21:22:24 +01:00
Ben Hutchings
d0292c6f67
netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs (CVE-2016-3134)
2016-04-13 21:11:40 +01:00
Ben Hutchings
c972e924a7
Prepare for unstable upload: set ABI to 1 and drop ~exp1 from the version
2016-04-13 20:53:11 +01:00
Ben Hutchings
2b5668bad8
linux-support: Include udeb configuration from debian/installer
...
This will be used by the linux-signed package.
2016-04-13 20:53:05 +01:00
Ben Hutchings
74940e0a05
Disable UNUSED_SYMBOLS; it is now itself unused
2016-04-13 20:52:59 +01:00
Ben Hutchings
68c5c5997c
Merge remote-tracking branch 'alioth/sid'
...
Merge open changelog entry for 4.4.6-2 into our open changelog entry.
Refresh the new patches.
2016-04-13 20:52:01 +01:00
Ben Hutchings
6e05e68d7a
Update to 4.5.1
2016-04-13 20:49:29 +01:00
Roger Shimizu
dfd9a83664
[armhf/armmp] Enable DW_WATCHDOG as module
...
Enable DW_WATCHDOG as module, used on Firefly-RK3288.
Patch by Vagrant Cascadian.
(Closes : #820834 )
2016-04-13 22:37:43 +09:00
Roger Shimizu
5c3489a433
[armel/marvell] Add DT support for "Buffalo/Revogear Kurobox Pro"
2016-04-08 08:33:27 +09:00
Aurelien Jarno
062efc4b3f
[mips*/octeon] Enable CRYPTO_MD5_OCTEON, CRYPTO_SHA1_OCTEON, CRYPTO_SHA256 and CRYPTO_SHA512_OCTEON.
2016-04-06 13:08:06 +02:00
Aurelien Jarno
4f0dd22673
[mips*/octeon] Bump CONFIG_NR_CPUS to 32 to accomodate recent Octeon III SoCs.
2016-04-06 12:27:15 +02:00
Aurelien Jarno
c068d48b25
[mips*/octeon] udeb: Add ahci_octeon and ahci_platform modules to sata-modules.
2016-04-06 00:06:31 +02:00
Aurelien Jarno
511d4cedbc
[mips*/octeon] Enable SPI_OCTEON.
2016-04-05 23:58:00 +02:00
Ben Hutchings
54ab3395af
Group all securelevel and Secure Boot changes together, closing #820008
2016-04-05 14:03:57 +01:00
Ben Hutchings
119c44d06d
Merge branch 'benh/secure-boot'
2016-04-05 13:59:42 +01:00
Aurelien Jarno
7836b549be
[mips*/octeon] Backport OCTEON SATA controller support from 4.6-rc1. Enable AHCI_OCTEON.
2016-04-04 22:51:11 +02:00
Aurelien Jarno
d514efc4cc
[mipsel/mips/config.loongson-2f] Disable VIDEO_CX23885, VIDEO_IVTV, VIDEO_CX231XX, VIDEO_PVRUSB2 (fixes FTBFS).
...
This workaround the failed compilation of cx25840-core.c:
| {standard input}: Assembler messages:
| {standard input}:583: Error: branch out of range
| {standard input}:636: Error: branch out of range
| {standard input}:40094: Error: branch out of range
These are caused by the -Wa,-mfix-loongson2f-jump, which replaces the
"jalr t9" instruction by the "or t9, t9, 0x80000000; jalr t9"
instructions, thus causing an increase in code size.
This is probably the best way to workaround the FTBFS, especially given
that the loongson-2e/2f flavour are likely going to be removed for
stretch.
2016-04-04 22:20:30 +02:00
Ben Hutchings
76de9f06e0
scripts: Fix X.509 PEM support in sign-file
...
DER format works but it's easier if we can use PEM everywhere.
2016-04-04 19:28:26 +01:00
Ben Hutchings
6e18d075e9
linux-kbuild: Add extract-cert and sign-file programs
2016-04-04 10:41:48 +01:00
Ben Hutchings
23d1e0f3c2
debian/copyright: Note that extract-cert and sign-file are under LGPL 2.1
...
This is significant because they link with OpenSSL.
2016-04-04 10:41:48 +01:00
Ben Hutchings
f880a7ff25
Fix config for module signing
...
Replace my pubkey with an X.509 (PEM encoded) certificate as actually
required. Add quotes around the filenames in kconfig.
2016-04-04 10:41:46 +01:00
Ben Hutchings
a6aaaeb263
Note added build-dependency on openssl too
2016-04-04 02:04:53 +01:00
Ben Hutchings
969431b952
certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules
...
Also set MODULE_SIG_KEY to empty string to avoid including a build-
time generated key.
2016-04-03 13:12:23 +01:00
Ben Hutchings
c955e35c32
modules: Enable MODULE_SIG and MODULE_SIG_SHA256
...
...but not MODULE_SIG_ALL as signatures will be packaged separately
2016-04-03 13:12:23 +01:00
Ben Hutchings
7321950826
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support
2016-04-03 04:31:52 +01:00
Ben Hutchings
ea7af96b4d
Merge branch 'benh/merge-linux-tools'
...
The primary reason not to build userland tools from src:linux was that
it allowed building with a minimal cross-toolchain and without the
target's glibc development files. In particular, the CI system at
kernel-archive.buildserver.net used such minimal cross-toolchains.
It is been a long time since kernel-archive.buildserver.net was
running, so the original reason for the separation no longer exists.
If we implement CI using similarly limited toolchains again, we can use
a build-profile to exclude userland builds, as these are now well
supported.
This merges the full history of both source packages together,
including in debian/changelog (which looks rather weird). The binary
packages resulting from this merge appear to be functionally the same,
though I can't be certain there's no regression.
2016-04-02 15:13:23 +01:00