Ben Hutchings
7064a34f6e
[x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
...
a.out support is now untested and occasionally results in security
bugs, and will be deprecated upstream (depends on BROKEN) for x86 in
5.1. Disable it completely.
See:
https://lore.kernel.org/lkml/CAG48ez1RVd5mQ_Pb6eygQESaZhpQz765OAZYSoPE0kPqfZEXQg@mail.gmail.com/
https://lore.kernel.org/lkml/20190305145717.GD8256@zn.tnic/
2019-03-13 18:31:13 +00:00
Ben Hutchings
f9acfb6f08
debian/config: Note the need to set SYSTEM_TRUSTED_KEYS in featureset config
2019-03-10 22:28:08 +00:00
Ben Hutchings
16e5e055ca
certs: Replace test signing certificate with production signing certificate
2019-03-10 22:28:08 +00:00
Romain Perier
6b175bc9fd
Enable STRICT_MODULE_RWX
...
With this option set, module text and rodata memory areas will be made
read-only. Moreover, non-text memory will be made non-executable. This
provides protection against certain security exploits. Currently, this
option is implicitly enabled in Kconfig for most configurations where it
is possible to enable it. This commit enables the option by default
explictly for all supported targets (except marvell to keep it small)
2019-03-05 21:10:12 +01:00
Ben Hutchings
b4995d6607
video: Disable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER again
...
It won't work nicely unless we make the boot loader completely silent,
and we might need to update themes as well.
<https://fedoraproject.org/wiki/Changes/FlickerFreeBoot > has the full
details.
2019-02-11 16:55:58 +00:00
Ben Hutchings
fd527676dd
rmi4: Disable RMI_F54
...
Enabling this symbol makes rmi4_core depend on the media/v4l2
subsystem which is not only weird but also results in duplicate
modules at kernel-wedge time.
2019-02-11 14:06:39 +00:00
Ben Hutchings
24188db823
Explicitly set various kconfig symbols to defaults (mostly disabled)
2019-02-11 01:35:21 +00:00
Ben Hutchings
1a8256e0fb
Enable some more new(ish) kconfig options
...
* [arm64,armhf] drm: Enable DRM_PANEL_RASPBERRYPI_TOUCHSCREEN as module
* dvb-usb-v2: Enable DVB_USB_ZD1301 as module
* gpio: Enable GPIO_EXAR, GPIO_PCI_IDIO_16, GPIO_PCIE_IDIO_24 as modules
* HID: Enable HID_ACCUTOUCH, HID_COUGAR, HID_ELAN, HID_ITE, HID_JABRA,
HID_MAYFLASH, HID_REDRAGON, HID_RETRODE, HID_STEAM, HID_UDRAW_PS3 as
modules
* [x86] i2c: Enable I2C_DESIGNWARE_BAYTRAIL
* media/rc: Enable IR_IMON_DECODER, IR_IMON_RAW as modules
* [x86] mfd: Enable INTEL_SOC_PMIC_BXTWC, INTEL_SOC_PMIC_CHTDC_TI as modules
* [x86] pinctrl: Enable PINCTRL_CANNONLAKE, PINCTRL_CEDARFORK,
PINCTRL_DENVERTON, PINCTRL_GEMINILAKE, PINCTRL_ICELAKE, PINCTRL_LEWISBURG
* ptp: Change PTP_1588_CLOCK_KVM from built-in to module
* serial: Enable USB_SERIAL_F8153X, USB_SERIAL_UPD78F0730 as modules
* sound: Enable SND_FIREWIRE_MOTU, SND_FIREFACE, SND_XEN_FRONTEND as modules
* [x86] sound: Enable SND_SOC_AMD_CZ_DA7219MX98357_MACH,
SND_SOC_AMD_CZ_RT5645_MACH, SND_SOC_INTEL_CHT_BSW_NAU8824_MACH,
SND_SOC_INTEL_BYT_CHT_DA7213_MACH, SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH,
SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH,
SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH,
SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH as modules
* thermal: Enable DEVFREQ_THERMAL, THERMAL_STATISTICS
* video: Enable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER
* watchdog: Enable WATCHDOG_PRETIMEOUT_GOV, WATCHDOG_PRETIMEOUT_GOV_NOOP,
WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP; WATCHDOG_PRETIMEOUT_GOV_PANIC,
WDAT_WDT as modules
* [x86] watchdog: Enable INTEL_MEI_WDT, NI903X_WDT, NIC7018_WDT as modules
2019-02-11 01:35:14 +00:00
Ben Hutchings
1eb54c8a5e
Disable various kconfig symbols per default
2019-02-10 23:16:59 +00:00
Ben Hutchings
9954895622
Enable lots of new(ish) kconfig options
...
* 9p: Enable NET_9P_XEN as module
* ACPI: Enable ACPI_TAD as module
* amd-xgbe: Enable AMD_XGBE_DCB
* ath9k: Enable ATH9K_CHANNEL_CONTEXT
* block: Enable BLK_DEV_ZONED (except armel/marvell)
* bluetooth: Enable BT_HCIUART_RTL; BT_HCIUART_NOKIA, BT_MTKUART as modules
* bnxt: Enable BNXT_DCB
* ethernet: Enable HINIC, ICE, LAN743X, LIQUIDIO_VF as modules
* can: Enable CAN_VXCAN, CAN_MCBA_USB, CAN_UCAN as modules
* dm: Enable DM_UNSTRIPED, DM_WRITECACHE, DM_ZONED as modules
* gnss: Enable GNSS, GNSS_SIRF_SERIAL, GNSS_UBX_SERIAL as modules
* IB: Enable CGROUP_RDMA (except armel/marvell)
* ieee802154: Enable IEEE802154_HWSIM as module
* inet: Enable INET_RAW_DIAG as module
* input: Enable INPUT_AXP20X_PEK as module
* IPMI: Enable IPMI_SSIF as module
* joystick: Enable JOYSTICK_PXRC as module
* mlx5: Enable MLX5_FPGA, MLX5_CORE_IPOIB; MLXFW as module
* net: Enable BPF_STREAM_PARSER, XDP_SOCKETS (except armel/marvell);
NET_FAILOVER, SMC, SMC_DIAG, VSOCKMON as modules
* net/phy: Enable LED_TRIGGER_PHY; CORTINA_PHY, DP83822_PHY, DP83TC811_PHY,
MARVELL_10G_PHY, MICROCHIP_T1_PHY, RENESAS_PHY, ROCKCHIP_PHY as modules
* net/sched: Enable NET_SCH_CBS, NET_SCH_ETF, NET_SCH_SKBPRIO, NET_EMATCH_IPT
as modules
* PCMCIA: Enable SCR24X as module
* [x86] rmi4: Re-enable RMI4_CORE, RMI4_SMB as modules (Closes : #875621 );
RMI4_F03, RMI4_F11, RMI4_F12, RMI4_F30, RMI4_F34, RMI4_F54, RMI4_F55
* xfrm: Enable XFRM_INTERFACE as module
* PCI: Enable PCI_PF_STUB as module
* random: Enable RANDOM_TRUST_CPU. This can be reverted using the kernel
parameter: random.trust_cpu=off
* SCSI: Enable QEDF, QEDI as modules
* serial: Enable SERIAL_8250_EXAR as module
* tpm: Enable TCG_TIS_SPI, TCG_VTPM_PROXY as modules
* usbtouchscreen: Enable TOUCHSCREEN_USB_EASYTOUCH
* wireless: Enable MT76x0U, MT76x2E, MT76x2U, QTNFMAC_PEARL_PCIE as modules
* zram: Enable ZRAM_WRITEBACK, ZRAM_MEMORY_TRACKING
2019-02-10 23:16:32 +00:00
Ben Hutchings
1ca5094557
drivers/firmware: Enable FW_CFG_SYSFS as module ( Closes : #882208 )
2019-02-10 18:13:34 +00:00
Hideki Yamane
fbaa5ba879
enable CONFIG_CAN_PEAK_PCIEFD ( Closes : #920809 )
2019-02-04 07:20:00 +09:00
Hideki Yamane
5b1537b234
enable CONFIG_SENSORS_NCT7802 and others ( Closes : #912597 )
...
NCT7802,NCT7904,NPCM7XX,ASPEED and W83773G
2019-02-02 13:13:39 +09:00
Bastian Blank
ddc3772e93
Enable EFI_BOOTLOADER_CONTROL, EFI_CAPSULE_LOADER
2018-12-16 18:38:21 +01:00
Bastian Blank
443f43fdf3
Enable netfilter flow table support
2018-12-16 18:21:04 +01:00
Bastian Blank
b997f7d5e5
Enable IP_VS_MH
2018-12-16 18:15:09 +01:00
Bastian Blank
6069ca359b
Enable NFT_CONNLIMIT, NFT_TUNNEL, NFT_SOCKET, NFT_OSF, NFT_TPROXY
2018-12-16 18:13:08 +01:00
Bastian Blank
86cbdc4d6f
Clean up kconfig order
2018-12-16 18:07:59 +01:00
Christoph Anton Mitterer
52a8f5d992
Enable MORUS and AEGIS AEAD ciphers
...
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
2018-12-13 05:43:02 +01:00
Ben Hutchings
1240fb3ac3
integrity: Disable INTEGRITY_TRUSTED_KEYRING ( Closes : #865277 )
2018-12-08 21:34:33 +00:00
Salvatore Bonaccorso
fae4befcc9
Merge branch 'sid'
2018-12-08 15:02:01 +01:00
Uwe Kleine-König
983a169e24
Enable ATH10K_USB as a module
2018-11-30 10:39:33 +01:00
Vagrant Cascadian
5a64bc1733
debian/config/config: Enable Z3FOLD as a module.
2018-11-25 20:33:58 -08:00
Ben Hutchings
998b27af2f
Explicitly set various config symbols to their default values
...
This covers many, but far from all, of the symbols currently not
explicitly set.
2018-11-11 19:16:10 +00:00
Romain Perier
88f44cb9eb
Enable Diffie-Hellman operations on retained keys ( Closes : #911998 )
2018-11-02 19:28:44 +01:00
Uwe Kleine-König
83e21a57f8
Enable Orange filesystem
2018-10-24 12:08:29 +02:00
Uwe Kleine-König
85da926d38
Revert "wip" which was pushed by mistake
...
This reverts commit 331fdb5fb8
.
2018-10-16 20:18:50 +02:00
Uwe Kleine-König
331fdb5fb8
wip
2018-10-16 08:44:27 +02:00
Ben Hutchings
fb685c0833
xen: Enable XEN_SCRUB_PAGES_DEFAULT, replacing XEN_SCRUB_PAGES
...
This was renamed for no good reason in 4.19-rc4.
2018-10-15 19:06:16 +01:00
Uwe Kleine-König
5155663855
enable HID_NTI as a module
2018-10-05 09:29:27 +02:00
Uwe Kleine-König
509467b7a6
enable NET_SCH_CAKE as a module
2018-10-05 09:25:43 +02:00
Ben Hutchings
b9378ce266
debian/config: Clean up with the help of kconfigeditor2
...
Various kconfig symbols have been renamed, removed, split or combined.
Update these files accordingly.
2018-08-27 18:34:45 +01:00
Ben Hutchings
456cbdd991
debian/config: Clean up using kconfigeditor2
2018-08-27 18:28:13 +01:00
Ben Hutchings
4a0a6042cb
netfilter: Enable NF_TABLES_SET as module, replacing the multiple set type modules that were enabled before 4.18
2018-08-27 18:27:55 +01:00
Ben Hutchings
d6c050378d
Release linux (4.17.17-1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlt4FyhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EitQQAJ4S3n+2azIKz50gfxon0dgS9ybXRxeb
2Hk/FzBXqFduVhWe9vVuZdE4ko5QsQ8ht2HR726kcEkud8pFOh0pt/7Q67IQHbQN
t/hD3C2C6M8pKhwBEwuSZtRqsruqv3qll95xbwIqW7AWP+/AODQltzgB0AplpC6a
8ED1nCxutDI0WrzN76UcfYxa1slRJ9sRfh+KRWQSEsU+jCSP0aD0rArYVeppXGaR
cAy5Xku7237hFdeIzlt6goHuvfDuSlbAxpuaF944TVFtmPYwe7W+S3rRSy0OtjQY
WzdSsIKXlXVMkMJD4t3ybFUMOyHP/jT79Tem0kp8EBn8NcPjtnLJYLiODVR0PH3A
5XOEzR3NLGspDxkEJWdq/7IsLL4a7wVLAYn5VbkRVzo2Jxp6IpSqPrFjYwdf/KMF
PizvbJtHTQxGFk6jPdCG+DV9hBrMOzXedcqH24qZ4yr6xUOj5WICR3+9E57DYLwH
oJzXef8BKhx4MdkDduduyWcyWJvlH2nBae2T+q+4mwfI/I+8PeyUDnSc7Hmzx1Cc
feeeccvQPrhnu8HAE0RmfF1YhfyXXq3GQEt4MaV5Z2h6aAS1zxm1EhBueJMeaEhh
i6oldiPDd2qHX9rZXYLvUx109qLyTiqxbzCgJCAF3s8Bk7P/Aj/0mDADo7d5V0TY
KsXydFzhoiTZ
=Qmdt
-----END PGP SIGNATURE-----
Merge tag 'debian/4.17.17-1'
Release linux (4.17.17-1).
- Drop "gpu: host1x: Fix compiler errors by converting to dma_addr_t"
which is already in 4.18
- Drop ABI reference files and ABI number change
2018-08-27 14:15:27 +01:00
Ben Hutchings
35ab00b41b
certs: Revert switch to production certificate
...
This reverts commit b91655bf3e
and part
of commit 16dec97798
.
The signing service is still using secure-boot-test-key-lfaraone and
we should make at least one more upload to be signed by it.
2018-08-18 19:59:32 +01:00
Romain Perier
46d40ea7a3
Enable CONFIG_SPI_SPIDEV ( Closes : #904043 )
...
Currently, CONFIG_SPI is enabled globally. The purpose of SPIDEV is to
allow userspace to access SPI in a generic way, when SPI is supported on
the target. For arches that don't support SPI or disable it explicitly,
like m68k, both features will be disabled.
2018-08-13 19:54:41 +02:00
Ben Hutchings
b6e442c215
drivers/net/phy: Enable SFP as module ( Closes : #906054 )
2018-08-13 18:34:04 +01:00
Ben Hutchings
3a85fcdecf
serdev: Enable SERIAL_DEV_BUS, SERIAL_DEV_CTRL_TTYPORT as built-in
...
...(except on armel)
This results in:
- bluetooth: Re-enable BT_HCIUART_{BCM,LL} (Closes : #906048 )
2018-08-13 17:15:30 +01:00
Ben Hutchings
b91655bf3e
certs: Add certificate for production key used in Debian signing service
2018-08-02 13:11:02 +08:00
Ben Hutchings
16dec97798
certs: Remove certificates for test key used in Debian signing service and for my personal signing key
2018-08-02 13:08:57 +08:00
Ben Hutchings
d2806c1d8d
autofs: Enable AUTOFS_FS instead of AUTOFS4_FS
...
AUTOFS4_FS is now a compatibility symbol which selects AUTOFS_FS.
It will be removed in a later kernel release.
2018-07-03 18:43:23 +01:00
Ben Hutchings
7f113f9112
Release linux (4.17.3-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAls6toYACgkQ57/I7JWG
EQnUyQ/9GCNcKyhvUX+JW534f1vCai0GujvXCgEBWyDuj0AXcgthJT27cs7kXUYH
tCfL9xTikeUIgNR+JTWFnZSHIUKaQ8RJPdR4l1KyqdDxqrEx9BqdXRW0dzS4OtTQ
jgnVLkEfCtllgXkEh6L+ZKZ3NRFKc6OcYFrWa+Q+ovk1mY23P5y5YyPuaV4j+cKI
8M1pMYCxTGpy9+SncKEnWHD9hq1AsySe19Q/yd5WzhDMu6kLg61S+n/iiVZJA8lK
qHmMEhtEbiQN+/79C3dgH8nDV5yceqPZxon2GmPrUXrLTM0cX2J3VZpNFOH4SCr8
AZa1nzzD8UXNDHVVb91QpwMGQrmjAwuLQtJPOCrOnuS71ba+q2w5ylYgjbbs7AMn
SJpakcYBKBYoMI7fk+qKRVneBIhPDEBWe6yf//XL7N+Nfsf02bkb5k81NPTF65dE
RESMNI/wXjhFkCWjqxZQiJqvG2mvyTGFs4iEk7NWjFfyqRz4bFNP+SbMHfGwVI1u
xnlK2e31h25kWuFuQjq6eVXg+jyWjagM1/aa4lI1H4j2Rk9iXVU/52wVZGatmUj0
1zbqYL2noJpD46/Q4jtbatZu9TI+ynjr+mbmZYys8BfFMNKPjL2TavW7RNWARk/p
VmgvS7qS5JmJz22LBGRU1S5aKbDhXmyt8IcJS9LCUwEU0yL+u4U=
=n9qI
-----END PGP SIGNATURE-----
Merge tag 'debian/4.17.3-1'
Release linux (4.17.3-1).
2018-07-03 00:45:29 +01:00
Ben Hutchings
b20d268c2a
Update config for 4.18 using kconfigeditor2
...
- Various config symbols were removed, renamed or split
- HOTPLUG_PCI_SHPC is now boolean, so set it to built-in
- The stack protector config symbols were changed to two booleans
with different names
2018-07-02 17:51:27 +01:00
Ben Hutchings
6fcfc170b9
dm: Enable DM_INTEGRITY as module (except on armel) ( Closes : #896649 )
2018-07-01 03:49:54 +01:00
Ben Hutchings
5df1ad8e8b
Clean up kconfig with kconfigeditor2
...
Drop one long-obsolete and one automatic symbol that were wrongly
added recently.
2018-06-22 17:55:54 +01:00
Ben Hutchings
5316cb1c19
[amd64,arm64,armhf] android: Build modules to support Anbox ( Closes : #901492 )
2018-06-22 17:47:56 +01:00
Bastian Blank
793d0ba52e
Release linux (4.16.16-1)
...
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEER3HMN63jdS1rqjxLbZOIhYpp/lEFAlspVJURHHdhbGRpQGRl
Ymlhbi5vcmcACgkQbZOIhYpp/lFk8ggAvgwAw3CSdFCGSLvd8cBjZa2mqpxqOILN
BbuXT0qRTibN19qtjeHvk0SQUQuBBIoP9DVGu0j1UIBfpQcVsEg+tM2FTqrPI5DT
1LPdMcOEyNpD9FlmEljd7lkjetyils/0T87+hHXxhBP2d2DkuUjcaY1t09+6kKW0
A2XXeEGeJmDbLEuY7R/WxGHsT20nvvLD0on5691mF8yW7wLDavekwGk9JJlFjOID
XkwxAj2nFVDCWB6hmi1ETGYahmnFXgK1kX2X0lTAi6FM1mql4oha6LNxQSYc8hAd
03nWnzwh+BmsAJjapp1PkkGEj7SHw9AHl8EUS+cqaAzigB4LjSPffw==
=4gVf
-----END PGP SIGNATURE-----
Merge tag 'debian/4.16.16-1'
Release linux (4.16.16-1)
2018-06-19 21:50:55 +02:00
Yves-Alexis Perez
f569e56cd1
enable REFCOUNT_FULL only on x86
2018-05-21 14:44:26 +02:00
Yves-Alexis Perez
674ae81ed9
use "is not set" syntax
2018-05-21 14:41:01 +02:00