# Changes to support package build system debian/version.patch debian/uname-version-timestamp.patch debian/kernelvariables.patch debian/gitignore.patch debian/mips-disable-werror.patch debian/arch-sh4-fix-uimage-build.patch debian/powerpcspe-omit-uimage.patch features/all/Kbuild-kconfig-Verbose-version-of-listnewconfig.patch debian/modpost-symbol-prefix.patch debian/tools-perf-version.patch debian/tools-perf-install.patch # Fixes/improvements to firmware loading features/all/drivers-media-dvb-usb-af9005-request_firmware.patch debian/iwlwifi-do-not-request-unreleased-firmware.patch bugfix/all/firmware_class-log-every-success-and-failure.patch bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch # Patches from aufs4 repository, imported with # debian/patches/features/all/aufs4/gen-patch. These are only the # changes needed to allow aufs to be built out-of-tree. features/all/aufs4/aufs4-base.patch features/all/aufs4/aufs4-mmap.patch features/all/aufs4/aufs4-standalone.patch # Change some defaults for security reasons debian/af_802154-Disable-auto-loading-as-mitigation-against.patch debian/rds-Disable-auto-loading-as-mitigation-against-local.patch debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch debian/fs-enable-link-security-restrictions-by-default.patch # Set various features runtime-disabled by default debian/sched-autogroup-disabled.patch debian/yama-disable-by-default.patch debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch features/all/security-perf-allow-further-restriction-of-perf_event_open.patch # Disable autoloading/probing of various drivers by default debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch debian/snd-pcsp-disable-autoload.patch bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch debian/fjes-disable-autoload.patch # Taint if dangerous features are used debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch # Reduce noise for bug #852324 debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch # Arch bug fixes bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-310-15ikb-to.patch bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v310-15isk-t.patch bugfix/x86/platform-x86-ideapad-laptop-add-y520-15ikbn-to-no_hw.patch bugfix/x86/platform-x86-ideapad-laptop-add-y720-15ikbn-to-no_hw.patch bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch debian/revert-gpu-host1x-add-iommu-support.patch bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch bugfix/arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch bugfix/x86/mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch # Arch features features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch features/x86/x86-memtest-WARN-if-bad-RAM-found.patch features/x86/x86-make-x32-syscall-support-conditional.patch # Miscellaneous bug fixes bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch bugfix/all/i40e-fix-flags-declaration.patch bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch bugfix/all/e1000e-fix-e1000_check_for_copper_link_ich8lan-return-value.patch bugfix/all/libsas-Disable-asynchronous-aborts-for-SATA-devices.patch bugfix/all/drm-nouveau-disp-gf119-add-missing-drive-vfunc-ptr.patch # Miscellaneous features # Lockdown (formerly 'securelevel') patchset features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch # some missing pieces features/all/lockdown/enable-cold-boot-attack-mitigation.patch features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch bugfix/all/bpf-encapsulate-verifier-log-state-into-a-structure.patch bugfix/all/bpf-move-global-verifier-log-into-verifier-environme.patch bugfix/all/bpf-fix-integer-overflows.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch # Tools bug fixes bugfix/all/usbip-document-tcp-wrappers.patch bugfix/all/kbuild-fix-recordmcount-dependency.patch bugfix/all/tools-perf-man-date.patch bugfix/all/tools-perf-remove-shebangs.patch bugfix/all/tools-lib-traceevent-use-ldflags.patch bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch bugfix/all/cpupower-bump-soname-version.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/tools-lib-lockdep-define-pr_cont.patch # Backport patches from 4.15.x to support dwmac-sun8i features/arm/dwmac-sun8i/0001-net-stmmac-dwmac-sun8i-Handle-integrated-external-MD.patch features/arm/dwmac-sun8i/0002-net-stmmac-sun8i-Restore-the-compatibles.patch features/arm/dwmac-sun8i/0003-arm64-dts-allwinner-A64-Restore-EMAC-changes.patch features/arm/dwmac-sun8i/0004-arm64-dts-allwinner-add-snps-dwmac-mdio-compatible-t.patch features/arm/dwmac-sun8i/0005-arm64-dts-allwinner-H5-Restore-EMAC-changes.patch features/arm/dwmac-sun8i/0006-ARM-dts-sunxi-Restore-EMAC-changes-boards.patch features/arm/dwmac-sun8i/0007-arm-dts-sunxi-h3-h5-Restore-EMAC-changes.patch features/arm/dwmac-sun8i/0008-ARM-dts-sunxi-h3-h5-represent-the-mdio-switch-used-b.patch # Backport patches from linux-next (next-20180103) to support SMP on tegra210 systems features/arm64/tegra210-smp/0001-arm64-tegra-Add-CPU-and-PSCI-nodes-for-NVIDIA-Tegra2.patch # ABI maintenance