debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity
14,358 Commits 2 Branches 0 Tags 493 MiB
Commit Graph

2058 Commits

Author SHA1 Message Date
Harald Welte cf81848c29 Import DAHDI into kernel package 2020-10-28 16:18:09 +00:00
Ben Hutchings 06cccfd2c3 Merge branch 'bluca/linux-mod_db' into sid 
Add patches to enable loading db and MOK keys

See merge request kernel-team/linux!139
 2019-05-05 13:16:03 +01:00
Ben Hutchings f79da03296 drivers/firmware/google: Adjust configuration for 4.19 2019-05-04 22:40:59 +01:00
Luca Boccassi 188df85f5b Add patches to enable loading db and MOK keys 
Import patches from:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi

that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
 2019-05-02 22:59:42 +01:00
Romain Perier 0eb7489dad Enable coreboot memconsole (Closes: #872069) 
With this option enabled, the kernel will be able to retrieve firmware
logs by looking in the coreboot table. This can be accessed from
userspace via the sysfs file /sys/firmware/log.
 2019-04-30 16:54:11 +02:00
Ben Hutchings becaca2c80 ntfs: Disable NTFS_FS due to lack of upstream security support 2019-04-25 15:27:49 +01:00
Yves-Alexis Perez af53d158a0 certs: include both root CA and direct signing certificate. closes: #924545 
Module loading needs the issuer certificate to validate the signature,
and that certificate is not embedded in the signature itself.

For now embed both the signing certificate and the root CA.
 2019-03-14 14:16:50 +01:00
Ben Hutchings 7064a34f6e [x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT 
a.out support is now untested and occasionally results in security
bugs, and will be deprecated upstream (depends on BROKEN) for x86 in
5.1.  Disable it completely.

See:
https://lore.kernel.org/lkml/CAG48ez1RVd5mQ_Pb6eygQESaZhpQz765OAZYSoPE0kPqfZEXQg@mail.gmail.com/
https://lore.kernel.org/lkml/20190305145717.GD8256@zn.tnic/
 2019-03-13 18:31:13 +00:00
Ben Hutchings f9acfb6f08 debian/config: Note the need to set SYSTEM_TRUSTED_KEYS in featureset config 2019-03-10 22:28:08 +00:00
Ben Hutchings 16e5e055ca certs: Replace test signing certificate with production signing certificate 2019-03-10 22:28:08 +00:00
Romain Perier 6b175bc9fd Enable STRICT_MODULE_RWX 
With this option set, module text and rodata memory areas will be made
read-only. Moreover, non-text memory will be made non-executable. This
provides protection against certain security exploits. Currently, this
option is implicitly enabled in Kconfig for most configurations where it
is possible to enable it. This commit enables the option by default
explictly for all supported targets (except marvell to keep it small)
 2019-03-05 21:10:12 +01:00
Ben Hutchings b4995d6607 video: Disable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER again 
It won't work nicely unless we make the boot loader completely silent,
and we might need to update themes as well.
<https://fedoraproject.org/wiki/Changes/FlickerFreeBoot> has the full
details.
 2019-02-11 16:55:58 +00:00
Ben Hutchings fd527676dd rmi4: Disable RMI_F54 
Enabling this symbol makes rmi4_core depend on the media/v4l2
subsystem which is not only weird but also results in duplicate
modules at kernel-wedge time.
 2019-02-11 14:06:39 +00:00
Ben Hutchings 24188db823 Explicitly set various kconfig symbols to defaults (mostly disabled) 2019-02-11 01:35:21 +00:00
Ben Hutchings 1a8256e0fb Enable some more new(ish) kconfig options 
* [arm64,armhf] drm: Enable DRM_PANEL_RASPBERRYPI_TOUCHSCREEN as module
* dvb-usb-v2: Enable DVB_USB_ZD1301 as module
* gpio: Enable GPIO_EXAR, GPIO_PCI_IDIO_16, GPIO_PCIE_IDIO_24 as modules
* HID: Enable HID_ACCUTOUCH, HID_COUGAR, HID_ELAN, HID_ITE, HID_JABRA,
  HID_MAYFLASH, HID_REDRAGON, HID_RETRODE, HID_STEAM, HID_UDRAW_PS3 as
  modules
* [x86] i2c: Enable I2C_DESIGNWARE_BAYTRAIL
* media/rc: Enable IR_IMON_DECODER, IR_IMON_RAW as modules
* [x86] mfd: Enable INTEL_SOC_PMIC_BXTWC, INTEL_SOC_PMIC_CHTDC_TI as modules
* [x86] pinctrl: Enable PINCTRL_CANNONLAKE, PINCTRL_CEDARFORK,
  PINCTRL_DENVERTON, PINCTRL_GEMINILAKE, PINCTRL_ICELAKE, PINCTRL_LEWISBURG
* ptp: Change PTP_1588_CLOCK_KVM from built-in to module
* serial: Enable USB_SERIAL_F8153X, USB_SERIAL_UPD78F0730 as modules
* sound: Enable SND_FIREWIRE_MOTU, SND_FIREFACE, SND_XEN_FRONTEND as modules
* [x86] sound: Enable SND_SOC_AMD_CZ_DA7219MX98357_MACH,
  SND_SOC_AMD_CZ_RT5645_MACH, SND_SOC_INTEL_CHT_BSW_NAU8824_MACH,
  SND_SOC_INTEL_BYT_CHT_DA7213_MACH, SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH,
  SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH,
  SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH,
  SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH as modules
* thermal: Enable DEVFREQ_THERMAL, THERMAL_STATISTICS
* video: Enable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER
* watchdog: Enable WATCHDOG_PRETIMEOUT_GOV, WATCHDOG_PRETIMEOUT_GOV_NOOP,
  WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP; WATCHDOG_PRETIMEOUT_GOV_PANIC,
  WDAT_WDT as modules
* [x86] watchdog: Enable INTEL_MEI_WDT, NI903X_WDT, NIC7018_WDT as modules
 2019-02-11 01:35:14 +00:00
Ben Hutchings 1eb54c8a5e Disable various kconfig symbols per default 2019-02-10 23:16:59 +00:00
Ben Hutchings 9954895622 Enable lots of new(ish) kconfig options 
* 9p: Enable NET_9P_XEN as module
* ACPI: Enable ACPI_TAD as module
* amd-xgbe: Enable AMD_XGBE_DCB
* ath9k: Enable ATH9K_CHANNEL_CONTEXT
* block: Enable BLK_DEV_ZONED (except armel/marvell)
* bluetooth: Enable BT_HCIUART_RTL; BT_HCIUART_NOKIA, BT_MTKUART as modules
* bnxt: Enable BNXT_DCB
* ethernet: Enable HINIC, ICE, LAN743X, LIQUIDIO_VF as modules
* can: Enable CAN_VXCAN, CAN_MCBA_USB, CAN_UCAN as modules
* dm: Enable DM_UNSTRIPED, DM_WRITECACHE, DM_ZONED as modules
* gnss: Enable GNSS, GNSS_SIRF_SERIAL, GNSS_UBX_SERIAL as modules
* IB: Enable CGROUP_RDMA (except armel/marvell)
* ieee802154: Enable IEEE802154_HWSIM as module
* inet: Enable INET_RAW_DIAG as module
* input: Enable INPUT_AXP20X_PEK as module
* IPMI: Enable IPMI_SSIF as module
* joystick: Enable JOYSTICK_PXRC as module
* mlx5: Enable MLX5_FPGA, MLX5_CORE_IPOIB; MLXFW as module
* net: Enable BPF_STREAM_PARSER, XDP_SOCKETS (except armel/marvell);
  NET_FAILOVER, SMC, SMC_DIAG, VSOCKMON as modules
* net/phy: Enable LED_TRIGGER_PHY; CORTINA_PHY, DP83822_PHY, DP83TC811_PHY,
  MARVELL_10G_PHY, MICROCHIP_T1_PHY, RENESAS_PHY, ROCKCHIP_PHY as modules
* net/sched: Enable NET_SCH_CBS, NET_SCH_ETF, NET_SCH_SKBPRIO, NET_EMATCH_IPT
  as modules
* PCMCIA: Enable SCR24X as module
* [x86] rmi4: Re-enable RMI4_CORE, RMI4_SMB as modules (Closes: #875621);
  RMI4_F03, RMI4_F11, RMI4_F12, RMI4_F30, RMI4_F34, RMI4_F54, RMI4_F55
* xfrm: Enable XFRM_INTERFACE as module
* PCI: Enable PCI_PF_STUB as module
* random: Enable RANDOM_TRUST_CPU. This can be reverted using the kernel
  parameter: random.trust_cpu=off
* SCSI: Enable QEDF, QEDI as modules
* serial: Enable SERIAL_8250_EXAR as module
* tpm: Enable TCG_TIS_SPI, TCG_VTPM_PROXY as modules
* usbtouchscreen: Enable TOUCHSCREEN_USB_EASYTOUCH
* wireless: Enable MT76x0U, MT76x2E, MT76x2U, QTNFMAC_PEARL_PCIE as modules
* zram: Enable ZRAM_WRITEBACK, ZRAM_MEMORY_TRACKING
 2019-02-10 23:16:32 +00:00
Ben Hutchings 1ca5094557 drivers/firmware: Enable FW_CFG_SYSFS as module (Closes: #882208) 2019-02-10 18:13:34 +00:00
Hideki Yamane fbaa5ba879 enable CONFIG_CAN_PEAK_PCIEFD (Closes: #920809) 2019-02-04 07:20:00 +09:00
Hideki Yamane 5b1537b234 enable CONFIG_SENSORS_NCT7802 and others (Closes: #912597) 
NCT7802,NCT7904,NPCM7XX,ASPEED and W83773G
 2019-02-02 13:13:39 +09:00
Bastian Blank ddc3772e93 Enable EFI_BOOTLOADER_CONTROL, EFI_CAPSULE_LOADER 2018-12-16 18:38:21 +01:00
Bastian Blank 443f43fdf3 Enable netfilter flow table support 2018-12-16 18:21:04 +01:00
Bastian Blank b997f7d5e5 Enable IP_VS_MH 2018-12-16 18:15:09 +01:00
Bastian Blank 6069ca359b Enable NFT_CONNLIMIT, NFT_TUNNEL, NFT_SOCKET, NFT_OSF, NFT_TPROXY 2018-12-16 18:13:08 +01:00
Bastian Blank 86cbdc4d6f Clean up kconfig order 2018-12-16 18:07:59 +01:00
Christoph Anton Mitterer 52a8f5d992 Enable MORUS and AEGIS AEAD ciphers 
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
 2018-12-13 05:43:02 +01:00
Ben Hutchings 1240fb3ac3 integrity: Disable INTEGRITY_TRUSTED_KEYRING (Closes: #865277) 2018-12-08 21:34:33 +00:00
Salvatore Bonaccorso fae4befcc9 Merge branch 'sid' 2018-12-08 15:02:01 +01:00
Uwe Kleine-König 983a169e24 Enable ATH10K_USB as a module 2018-11-30 10:39:33 +01:00
Vagrant Cascadian 5a64bc1733 debian/config/config: Enable Z3FOLD as a module. 2018-11-25 20:33:58 -08:00
Ben Hutchings 998b27af2f Explicitly set various config symbols to their default values 
This covers many, but far from all, of the symbols currently not
explicitly set.
 2018-11-11 19:16:10 +00:00
Romain Perier 88f44cb9eb Enable Diffie-Hellman operations on retained keys (Closes: #911998) 2018-11-02 19:28:44 +01:00
Uwe Kleine-König 83e21a57f8 Enable Orange filesystem 2018-10-24 12:08:29 +02:00
Uwe Kleine-König 85da926d38 Revert "wip" which was pushed by mistake 
This reverts commit 331fdb5fb8.
 2018-10-16 20:18:50 +02:00
Uwe Kleine-König 331fdb5fb8 wip 2018-10-16 08:44:27 +02:00
Ben Hutchings fb685c0833 xen: Enable XEN_SCRUB_PAGES_DEFAULT, replacing XEN_SCRUB_PAGES 
This was renamed for no good reason in 4.19-rc4.
 2018-10-15 19:06:16 +01:00
Uwe Kleine-König 5155663855 enable HID_NTI as a module 2018-10-05 09:29:27 +02:00
Uwe Kleine-König 509467b7a6 enable NET_SCH_CAKE as a module 2018-10-05 09:25:43 +02:00
Ben Hutchings b9378ce266 debian/config: Clean up with the help of kconfigeditor2 
Various kconfig symbols have been renamed, removed, split or combined.
Update these files accordingly.
 2018-08-27 18:34:45 +01:00
Ben Hutchings 456cbdd991 debian/config: Clean up using kconfigeditor2 2018-08-27 18:28:13 +01:00
Ben Hutchings 4a0a6042cb netfilter: Enable NF_TABLES_SET as module, replacing the multiple set type modules that were enabled before 4.18 2018-08-27 18:27:55 +01:00
Ben Hutchings d6c050378d Release linux (4.17.17-1). 
-----BEGIN PGP SIGNATURE-----
 
 iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlt4FyhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
 ZWJpYW4ub3JnAAoJEAVMuPMTQ89EitQQAJ4S3n+2azIKz50gfxon0dgS9ybXRxeb
 2Hk/FzBXqFduVhWe9vVuZdE4ko5QsQ8ht2HR726kcEkud8pFOh0pt/7Q67IQHbQN
 t/hD3C2C6M8pKhwBEwuSZtRqsruqv3qll95xbwIqW7AWP+/AODQltzgB0AplpC6a
 8ED1nCxutDI0WrzN76UcfYxa1slRJ9sRfh+KRWQSEsU+jCSP0aD0rArYVeppXGaR
 cAy5Xku7237hFdeIzlt6goHuvfDuSlbAxpuaF944TVFtmPYwe7W+S3rRSy0OtjQY
 WzdSsIKXlXVMkMJD4t3ybFUMOyHP/jT79Tem0kp8EBn8NcPjtnLJYLiODVR0PH3A
 5XOEzR3NLGspDxkEJWdq/7IsLL4a7wVLAYn5VbkRVzo2Jxp6IpSqPrFjYwdf/KMF
 PizvbJtHTQxGFk6jPdCG+DV9hBrMOzXedcqH24qZ4yr6xUOj5WICR3+9E57DYLwH
 oJzXef8BKhx4MdkDduduyWcyWJvlH2nBae2T+q+4mwfI/I+8PeyUDnSc7Hmzx1Cc
 feeeccvQPrhnu8HAE0RmfF1YhfyXXq3GQEt4MaV5Z2h6aAS1zxm1EhBueJMeaEhh
 i6oldiPDd2qHX9rZXYLvUx109qLyTiqxbzCgJCAF3s8Bk7P/Aj/0mDADo7d5V0TY
 KsXydFzhoiTZ
 =Qmdt
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.17.17-1'

Release linux (4.17.17-1).

- Drop "gpu: host1x: Fix compiler errors by converting to dma_addr_t"
  which is already in 4.18
- Drop ABI reference files and ABI number change
 2018-08-27 14:15:27 +01:00
Ben Hutchings 35ab00b41b certs: Revert switch to production certificate 
This reverts commit b91655bf3e and part
of commit 16dec97798.

The signing service is still using secure-boot-test-key-lfaraone and
we should make at least one more upload to be signed by it.
 2018-08-18 19:59:32 +01:00
Romain Perier 46d40ea7a3 Enable CONFIG_SPI_SPIDEV (Closes: #904043) 
Currently, CONFIG_SPI is enabled globally. The purpose of SPIDEV is to
allow userspace to access SPI in a generic way, when SPI is supported on
the target. For arches that don't support SPI or disable it explicitly,
like m68k, both features will be disabled.
 2018-08-13 19:54:41 +02:00
Ben Hutchings b6e442c215 drivers/net/phy: Enable SFP as module (Closes: #906054) 2018-08-13 18:34:04 +01:00
Ben Hutchings 3a85fcdecf serdev: Enable SERIAL_DEV_BUS, SERIAL_DEV_CTRL_TTYPORT as built-in 
...(except on armel)

This results in:

- bluetooth: Re-enable BT_HCIUART_{BCM,LL} (Closes: #906048)
 2018-08-13 17:15:30 +01:00
Ben Hutchings b91655bf3e certs: Add certificate for production key used in Debian signing service 2018-08-02 13:11:02 +08:00
Ben Hutchings 16dec97798 certs: Remove certificates for test key used in Debian signing service and for my personal signing key 2018-08-02 13:08:57 +08:00
Ben Hutchings d2806c1d8d autofs: Enable AUTOFS_FS instead of AUTOFS4_FS 
AUTOFS4_FS is now a compatibility symbol which selects AUTOFS_FS.
It will be removed in a later kernel release.
 2018-07-03 18:43:23 +01:00
Ben Hutchings 7f113f9112 Release linux (4.17.3-1). 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAls6toYACgkQ57/I7JWG
 EQnUyQ/9GCNcKyhvUX+JW534f1vCai0GujvXCgEBWyDuj0AXcgthJT27cs7kXUYH
 tCfL9xTikeUIgNR+JTWFnZSHIUKaQ8RJPdR4l1KyqdDxqrEx9BqdXRW0dzS4OtTQ
 jgnVLkEfCtllgXkEh6L+ZKZ3NRFKc6OcYFrWa+Q+ovk1mY23P5y5YyPuaV4j+cKI
 8M1pMYCxTGpy9+SncKEnWHD9hq1AsySe19Q/yd5WzhDMu6kLg61S+n/iiVZJA8lK
 qHmMEhtEbiQN+/79C3dgH8nDV5yceqPZxon2GmPrUXrLTM0cX2J3VZpNFOH4SCr8
 AZa1nzzD8UXNDHVVb91QpwMGQrmjAwuLQtJPOCrOnuS71ba+q2w5ylYgjbbs7AMn
 SJpakcYBKBYoMI7fk+qKRVneBIhPDEBWe6yf//XL7N+Nfsf02bkb5k81NPTF65dE
 RESMNI/wXjhFkCWjqxZQiJqvG2mvyTGFs4iEk7NWjFfyqRz4bFNP+SbMHfGwVI1u
 xnlK2e31h25kWuFuQjq6eVXg+jyWjagM1/aa4lI1H4j2Rk9iXVU/52wVZGatmUj0
 1zbqYL2noJpD46/Q4jtbatZu9TI+ynjr+mbmZYys8BfFMNKPjL2TavW7RNWARk/p
 VmgvS7qS5JmJz22LBGRU1S5aKbDhXmyt8IcJS9LCUwEU0yL+u4U=
 =n9qI
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.17.3-1'

Release linux (4.17.3-1).
 2018-07-03 00:45:29 +01:00