diff --git a/debian/patches/debian/fjes-disable-autoload.patch b/debian/patches/debian/fjes-disable-autoload.patch index 0461fadb0..049dfb50b 100644 --- a/debian/patches/debian/fjes-disable-autoload.patch +++ b/debian/patches/debian/fjes-disable-autoload.patch @@ -2,6 +2,7 @@ From: Ben Hutchings Date: Sat, 18 Mar 2017 20:47:58 +0000 Subject: fjes: Disable auto-loading Bug-Debian: https://bugs.debian.org/853976 +Forwarded: no fjes matches a generic ACPI device ID, and relies on its probe function to distinguish whether that really corresponds to a supported diff --git a/debian/patches/debian/userns-avoid-abi-change-for-cve-2017-6874-fix.patch b/debian/patches/debian/userns-avoid-abi-change-for-cve-2017-6874-fix.patch index 58a6a588d..3e7572bf1 100644 --- a/debian/patches/debian/userns-avoid-abi-change-for-cve-2017-6874-fix.patch +++ b/debian/patches/debian/userns-avoid-abi-change-for-cve-2017-6874-fix.patch @@ -1,6 +1,7 @@ From: Ben Hutchings Date: Tue, 14 Mar 2017 21:35:33 +0000 Subject: userns: Avoid ABI change for CVE-2017-6874 fix +Forwarded: not-needed The type of ucounts::count changed from atomic_t to int. But they're the same size, and it's only accessed within kernel/ucount.c, so hide diff --git a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch index 92f505762..761838b10 100644 --- a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch +++ b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch @@ -1,6 +1,8 @@ From: Linn Crosetto Date: Tue, 30 Aug 2016 11:54:38 -0600 Subject: arm64: add kernel config option to set securelevel when in Secure Boot mode +Bug-Debian: https://bugs.debian.org/831827 +Forwarded: no Add a kernel configuration option to enable securelevel, to restrict userspace's ability to modify the running kernel when UEFI Secure Boot is diff --git a/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch b/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch index 59fd4226b..0430f0c93 100644 --- a/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch +++ b/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch @@ -1,6 +1,8 @@ From: Linn Crosetto Date: Mon, 22 Feb 2016 12:54:37 -0700 Subject: arm64/efi: Disable secure boot if shim is in insecure mode +Bug-Debian: https://bugs.debian.org/831827 +Forwarded: no Port to arm64 a patch originally written by Josh Boyer for the x86 EFI stub. diff --git a/debian/patches/features/all/securelevel/mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch b/debian/patches/features/all/securelevel/mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch index b8b2e33e8..40adb44e2 100644 --- a/debian/patches/features/all/securelevel/mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch +++ b/debian/patches/features/all/securelevel/mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch @@ -1,6 +1,7 @@ From: Ben Hutchings Date: Fri, 03 Jun 2016 00:48:39 +0100 Subject: mtd: Disable slram and phram when securelevel is enabled +Forwarded: no The slram and phram drivers both allow mapping regions of physical address space such that they can then be read and written by userland