* Set a correct, specific Origin header for each patch, instead of a
repo URL and "cherry picked" message
* Add back Date header and Cc pseudo-headers for the second series
* Note which patches have been modified by Luca
Import patches from:
https://lore.kernel.org/patchwork/cover/933178/
that allow to also load dbx and MOKX as blacklists for modules.
These patches also disable loading MOK/MOKX when secure boot is
not enabled, as the variables will not be safe, and to check the
variables attributes before accepting them.
Import patches from:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi
that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
The lockdown code for arm64 currently fails to engage when in Secure Boot
mode. Seth Forshee noticed that this is because init_lockdown() checks
for efi_enabled(EFI_BOOT), but that bit doesn't get set until uefi_init()
is called.
Backport Amazon ENA ethernet driver version 2.0.2 from Linux 4.20
This mostly ammounts to cherry-picking the commits in the range described by
git log v4.19.5..v4.20-rc7 drivers/net/ethernet/amazon
Change e641e99f261f5203a911a9e0db54a214460d2cc4 introduced changes outside the
ena directory, but only removed a redundant #include and was trivial to scope
down.
Upstream dealt with merge conflicts in
d864991b220b7c62e81d21209e1fd978fd67352c; the resolution here was identical to
upstream.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAluhDZUACgkQ57/I7JWG
EQkLvQ//QqqAfJXjwZt3Iy+dcYieLqmhy4/KtjVvFP8EKSyfdeWl0awb3szbmMs5
cy2p5q17mafVZTx9MCppp4y1modMBZrMC6hmB9UAoU0j1GnKHNbtddzA3+uo1dmw
i2LudGseb8LSL5z6g95P4SozSNNeFPIOLSYxkGVnlG3sUdlhlRYCvYf9k8BKUEbx
sU0yDXQOhf0kBLsRXW8QfJEBHv5ivr9/Q+s9e71NUpVWaEOZwgfJacM/QWcY8+J4
2o0XlHtS9+r0Ik0RK5Zyt8eun1sH1cb4Lta9LZjvRLWpCqXNpPSus6V8qENngcyw
X9ZGWi3nMiR4OOuEMGMxbzXXzWreg9MNPyM5/kVfJKlsLi1xP7ufhnstR+j2/tTJ
guVLDw73B4RyOwH2p4Kh1Pk0hACagI9AeKfjSBTMMlv2rD6FDfuJlSgEYUIK/NLl
lsefkkKu2EZVdhIBEGDnu80+V2AuoTYXpEknvbnvlYZ1wLNXb73GIFptWu18dfOy
fZ4cEWDxuKd52nbsjKlQmaxlFGSfjmmWliorhrU84FZsRjvFARGWWPwnjk8fwcpD
+D0GASqx37iw1gQK8yNQER3dxHzVh1blIKhADgEWJXsaeHcfyDHziShX7FZ8n6G5
HQBaynaG0Qc9fWd8O6xmX6wsP/vGRFJchbWwa5Gd7L2cCmur1Vk=
=lopf
-----END PGP SIGNATURE-----
Merge tag 'debian/4.18.8-1'
Release linux (4.18.8-1).
- Drop ABI reference files and ABI maintenance patch
- Replace ccp driver patch with upstream version that applies to 4.19
Fixes lintian warning patch-file-present-but-not-mentioned-in-series.
Also preparation for using dgit, which will remove everything except
the main patch series under debian/patches.
Rename them to genpatch-{aufs,lockdown,rt}
Fixes lintian warning patch-file-present-but-not-mentioned-in-series.
Also preparation for using dgit, which will remove everything except
the main patch series under debian/patches.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAltL4ZwACgkQ57/I7JWG
EQniUw//V7Vhq6IQ5FKEg+UHcI8b12GhOVWWVJoReQErFllaIkSOJax6GDXo9UYa
EQ+xezR902ze99eetQfqJFqNm/fu9qi9Lc/Na3dIztFTkbonQmOOF5y5uM129wBi
l8WKrcnGY175yuN2aQDgRZtZgMWvNy7pbreDX3i5WliOKiOYbG7ZaJvdSEQ12CjJ
lnVctItwOhDqgXGoW8nW7YxC3Awi25Rk2dZNQNSVfa3Lq9DAA1HXsNVM7/jdMzv8
OVE32Srq2LsWqt+dK0sARKCucVXZRDTWEjie32ZxyAISUYkuzxmLOpmfYXS+CVtj
7gIe6nBPX1mnXSHh1CvFGJrHRDfKAtq7gfHoBSg255quuBYY9btCneVV/ebCuFR3
OSmupwF74Kt6QMhDpe322SFQD/40gH2OEATRzgzNjaJFnWwDTx78EZIu7/SHul9g
k6YKRyK03bGgfeTeEzsVwXUj71Fh8oF22kk1ViYpDMSEKu3xOB71poDwGmP+e11U
rH3IV+F5ECzfiekNsbehPabG7dyY/t1TIGBmu+7rnK75EDCQzFfOI0MXEJCJG5X2
c6QUBXcz8ygvR7Zec9kw4YeBRuDvUv4sXf8516kMc2dSwf7JY+BYyy+9Knb9Gy67
K/Tw/4keQIgzjg52g9GxqVqI4N/DknWoe1FT3xU4uuLIgYkEilA=
=JUfi
-----END PGP SIGNATURE-----
Merge tag 'debian/4.17.6-2'
Release linux (4.17.6-2).
- Drop the ABI maintenance patch
- Resolve conflict between changes to config file generation in sid
(delete CONFIG_BUILD_SALT) and master (putting them in
arch-dependent packages)
Closes: #872263
- kbuild: Add build salt to the kernel and modules
- [arm64,powerpc,x86] Add build salt to the vDSO
- Set BUILD_SALT equal to the release string
- Drop patches included upstream
- Drop "Don't WARN about expected W+X pages on Xen"; the problem appears
to have been fixed by upstream commits 2cc42bac1c ("x86-64/Xen: eliminate
W+X mappings") and 672c0ae09b33 ("x86/mm: Consider effective protection
attributes in W+X check")
- Drop "Kbuild: kconfig: Verbose version of --listnewconfig"; it seems
redundant with upstream commit 17baab68d337 ("kconfig: extend output of
'listnewconfig'")
- Drop lockdown patch to drivers/scsi/eata.c; the driver was removed
upstream
- Refresh various other patches