From 6b034e3aa468fc4b60499c7406043c61d7c36621 Mon Sep 17 00:00:00 2001 From: Jenkins OS Date: Mon, 7 Aug 2017 20:39:43 +0000 Subject: [PATCH] sys-kernel/coreos-sources: bump to 4.12.5 --- ....12.4-r1.ebuild => coreos-kernel-4.12.5.ebuild} | 2 +- ...12.4-r1.ebuild => coreos-modules-4.12.5.ebuild} | 2 +- .../sys-kernel/coreos-sources/Manifest | 2 +- ...12.4-r1.ebuild => coreos-sources-4.12.5.ebuild} | 0 .../4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch | 8 ++++---- ...lity-to-lock-down-access-to-the-running-k.patch | 14 +++++++------- ...wn-the-kernel-if-booted-in-secure-boot-mo.patch | 8 ++++---- ...ule-signatures-if-the-kernel-is-locked-do.patch | 6 +++--- ...v-mem-and-dev-kmem-when-the-kernel-is-loc.patch | 6 +++--- ...le-at-runtime-if-the-kernel-is-locked-dow.patch | 6 +++--- ..._boot-flag-in-boot-params-across-kexec-re.patch | 6 +++--- ...Disable-at-runtime-if-securelevel-has-bee.patch | 6 +++--- ...te-Disable-when-the-kernel-is-locked-down.patch | 6 +++--- ...sp-Disable-when-the-kernel-is-locked-down.patch | 6 +++--- ...wn-BAR-access-when-the-kernel-is-locked-d.patch | 10 +++++----- ...wn-IO-port-access-when-the-kernel-is-lock.patch | 8 ++++---- ...t-MSR-access-when-the-kernel-is-locked-do.patch | 6 +++--- ...strict-debugfs-interface-when-the-kernel-.patch | 6 +++--- ...access-to-custom_method-when-the-kernel-i.patch | 6 +++--- ...-acpi_rsdp-kernel-param-when-the-kernel-h.patch | 6 +++--- ...e-ACPI-table-override-if-the-kernel-is-lo.patch | 6 +++--- ...e-APEI-error-injection-if-the-kernel-is-l.patch | 6 +++--- ...t-kernel-image-access-functions-when-the-.patch | 6 +++--- .../z0020-scsi-Lock-down-the-eata-driver.patch | 6 +++--- ...MCIA-CIS-storage-when-the-kernel-is-locke.patch | 6 +++--- .../files/4.12/z0022-Lock-down-TIOCSSERIAL.patch | 6 +++--- ...ve-relative-path-for-KBUILD_SRC-from-CURD.patch | 6 +++--- .../4.12/z0024-Add-arm64-coreos-verity-hash.patch | 6 +++--- ...g-commit-link-status-change-after-propose.patch | 6 +++--- ...io_net-fix-truesize-for-mergeable-buffers.patch | 6 +++--- 30 files changed, 90 insertions(+), 90 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.12.4-r1.ebuild => coreos-kernel-4.12.5.ebuild} (98%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-4.12.4-r1.ebuild => coreos-modules-4.12.5.ebuild} (98%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.12.4-r1.ebuild => coreos-sources-4.12.5.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.4-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.5.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.4-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.5.ebuild index 9a05b45bc9..090cb5ec8a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.4-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.12.5.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="-r1" +COREOS_SOURCE_REVISION="" inherit coreos-kernel DESCRIPTION="CoreOS Linux kernel" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.4-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.5.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.4-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.5.ebuild index 5f7ad1c646..763d6d9dfe 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.4-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.12.5.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="-r1" +COREOS_SOURCE_REVISION="" inherit coreos-kernel savedconfig DESCRIPTION="CoreOS Linux kernel modules" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index ee58da1257..2bfa7a3539 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,2 +1,2 @@ DIST linux-4.12.tar.xz 99186576 SHA256 a45c3becd4d08ce411c14628a949d08e2433d8cdeca92036c7013980e93858ab SHA512 8e81b41b253e63233e92948941f44c6482acb52aa3a3fd172f03a38a86f2c35b2ad4fd407acd1bc3964673eba344fe104d3a03e3ff4bf9cd1f22bd44263bd728 WHIRLPOOL 3b97da251c2ba4ace4a27b708f2b1dcf94cb1b59aaeded6acb74bd98f0d3e33f1df83670665e4186d99a55daa84c88d539d93e20f0ff18a6d46ef326c48dd375 -DIST patch-4.12.4.xz 98592 SHA256 7cabddeaba0f9bd85278254ddd6e8af883539df70ec0ed1bda18ce83f57b304a SHA512 8a6b72524050733c166524230d85f808275a65c28f06444350ebb8c64dd4cab666f8629ef1d1d2b6c25c1f36820a1fd114510af5a38509df55f9c3071543e647 WHIRLPOOL 46d6e9dd62209fd8b1a3b1dfa9d97f15598e88f4ff4ce3126252fe2e8b108061a50772a9deb752cf06d839eeca4b089a893d666f9ef3e2f576b2f1b795af6656 +DIST patch-4.12.5.xz 106572 SHA256 8eb42889cd1f41a4350a0227e0dae544acdfa0ddf5a5ec671dd9c64ca917c132 SHA512 b9e74f148a0bd76df8c52e6384933b9eddd8477c713b14389a34655538abab70ffa70e99b504a60d0adf1937c771d9bb3879511e6c3666c345d490848eb4f113 WHIRLPOOL bb7737918932ff23d6c1cd98a2c9c5952b57e72870de2df1e89bab16aed25c17f9fd36ed2194b1fb3f1d7593e86dd624ed723f076b244a5aa2192387039e8003 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.4-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.5.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.4-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.12.5.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch index ac2ec03bf6..3bc8ede9f7 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch @@ -1,4 +1,4 @@ -From 8bc2cecfd74015c23051dc35f2923cd05767b51a Mon Sep 17 00:00:00 2001 +From ce3175a0cc48f722fa2cd41722e29059b71bb9a9 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 21 Nov 2016 23:55:55 +0000 Subject: [PATCH 01/26] efi: Add EFI_SECURE_BOOT bit @@ -18,7 +18,7 @@ Signed-off-by: David Howells 2 files changed, 2 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 36646f19d40b..87ef54e64842 100644 +index 36646f1..87ef54e 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1190,6 +1190,7 @@ void __init setup_arch(char **cmdline_p) @@ -30,7 +30,7 @@ index 36646f19d40b..87ef54e64842 100644 break; default: diff --git a/include/linux/efi.h b/include/linux/efi.h -index ec36f42a2add..381b3f6670d3 100644 +index ec36f42..381b3f6 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1069,6 +1069,7 @@ extern int __init efi_setup_pcdp_console(char *); @@ -42,5 +42,5 @@ index ec36f42a2add..381b3f6670d3 100644 #ifdef CONFIG_EFI /* -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch index bfc4a6f01c..72e201273e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch @@ -1,4 +1,4 @@ -From 9f93a1ebd276e37181a80ffec89568e88a1ddaaa Mon Sep 17 00:00:00 2001 +From 9f4e6a47c74ed8a659e0f7498d0c10482c2cfbaf Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 21 Nov 2016 23:36:17 +0000 Subject: [PATCH 02/26] Add the ability to lock down access to the running @@ -21,7 +21,7 @@ Signed-off-by: David Howells create mode 100644 security/lock_down.c diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index 13bc08aba704..282a1684d6e8 100644 +index 13bc08a..282a168 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -276,6 +276,15 @@ extern int oops_may_print(void); @@ -41,7 +41,7 @@ index 13bc08aba704..282a1684d6e8 100644 int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res); int __must_check _kstrtol(const char *s, unsigned int base, long *res); diff --git a/include/linux/security.h b/include/linux/security.h -index af675b576645..68bab18ddd57 100644 +index af675b5..68bab18 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1698,5 +1698,16 @@ static inline void free_secdata(void *secdata) @@ -62,7 +62,7 @@ index af675b576645..68bab18ddd57 100644 #endif /* ! __LINUX_SECURITY_H */ diff --git a/security/Kconfig b/security/Kconfig -index 93027fdf47d1..4baac4aab277 100644 +index 93027fd..4baac4a 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -189,6 +189,21 @@ config STATIC_USERMODEHELPER_PATH @@ -88,7 +88,7 @@ index 93027fdf47d1..4baac4aab277 100644 source security/smack/Kconfig source security/tomoyo/Kconfig diff --git a/security/Makefile b/security/Makefile -index f2d71cdb8e19..8c4a43e3d4e0 100644 +index f2d71cd..8c4a43e 100644 --- a/security/Makefile +++ b/security/Makefile @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o @@ -100,7 +100,7 @@ index f2d71cdb8e19..8c4a43e3d4e0 100644 +obj-$(CONFIG_LOCK_DOWN_KERNEL) += lock_down.o diff --git a/security/lock_down.c b/security/lock_down.c new file mode 100644 -index 000000000000..5788c60ff4e1 +index 0000000..5788c60 --- /dev/null +++ b/security/lock_down.c @@ -0,0 +1,40 @@ @@ -145,5 +145,5 @@ index 000000000000..5788c60ff4e1 +} +EXPORT_SYMBOL(kernel_is_locked_down); -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index 21fb8d3e7e..53c09b1a57 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -1,4 +1,4 @@ -From 2c1331c4ba6e6df752e4c7068d84dc6d5bd1eba6 Mon Sep 17 00:00:00 2001 +From fe6eb63a38a0e5f99d73e4b4cb2f4bbd8f127723 Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 21 Nov 2016 23:55:55 +0000 Subject: [PATCH 03/26] efi: Lock down the kernel if booted in secure boot mode @@ -16,7 +16,7 @@ Signed-off-by: David Howells 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 0efb4c9497bc..4d1c53bb8411 100644 +index 0efb4c9..4d1c53b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1827,6 +1827,18 @@ config EFI_MIXED @@ -39,7 +39,7 @@ index 0efb4c9497bc..4d1c53bb8411 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 87ef54e64842..4c4d758d4be1 100644 +index 87ef54e..4c4d758 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -69,6 +69,7 @@ @@ -65,5 +65,5 @@ index 87ef54e64842..4c4d758d4be1 100644 default: pr_info("Secure boot could not be determined\n"); -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch index 0908ac17cc..2a985da790 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch @@ -1,4 +1,4 @@ -From 6080dd6abf77372d59d4b7b1f56fa0fa0cee8fe9 Mon Sep 17 00:00:00 2001 +From d7e6ff962e25a9a4c7900dcae3c325d68b0b01ad Mon Sep 17 00:00:00 2001 From: David Howells Date: Wed, 23 Nov 2016 13:22:22 +0000 Subject: [PATCH 04/26] Enforce module signatures if the kernel is locked down @@ -12,7 +12,7 @@ Signed-off-by: David Howells 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c -index 4a3665f8f837..3f1de34c6d10 100644 +index 4a3665f..3f1de34 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2777,7 +2777,7 @@ static int module_sig_check(struct load_info *info, int flags) @@ -25,5 +25,5 @@ index 4a3665f8f837..3f1de34c6d10 100644 return err; -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch index 826938a598..5acc8f1d3d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch @@ -1,4 +1,4 @@ -From 964b821d7a5f54197ef6d41d41da58a051ad0ffc Mon Sep 17 00:00:00 2001 +From 4c9d9cc8455fc46e6a5171df2367cc89171894e8 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:16 +0000 Subject: [PATCH 05/26] Restrict /dev/mem and /dev/kmem when the kernel is @@ -15,7 +15,7 @@ Signed-off-by: David Howells 1 file changed, 6 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 593a8818aca9..ba68add9677f 100644 +index 593a881..ba68add 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -179,6 +179,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, @@ -39,5 +39,5 @@ index 593a8818aca9..ba68add9677f 100644 unsigned long to_write = min_t(unsigned long, count, (unsigned long)high_memory - p); -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch index 40f098ffec..8dbca78ff5 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch @@ -1,4 +1,4 @@ -From 9fe3ac82c10eb3bcc3a9c0a9dd797862a8aeb6d1 Mon Sep 17 00:00:00 2001 +From eebae3db37325d6ca57d1b006f904437a59580f6 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:15 +0000 Subject: [PATCH 06/26] kexec: Disable at runtime if the kernel is locked down @@ -17,7 +17,7 @@ Signed-off-by: David Howells 1 file changed, 7 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c -index 980936a90ee6..46de8e6b42f4 100644 +index 980936a..46de8e6 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -194,6 +194,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, @@ -35,5 +35,5 @@ index 980936a90ee6..46de8e6b42f4 100644 * This leaves us room for future extensions. */ -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch index 92d281e7a0..28ed1b9d0e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch @@ -1,4 +1,4 @@ -From 10c1542768bc3ff9f655da4315401065c600ea8b Mon Sep 17 00:00:00 2001 +From cc3ff81651b05bfeeeda80928837019d67a7b1cc Mon Sep 17 00:00:00 2001 From: Dave Young Date: Tue, 22 Nov 2016 08:46:15 +0000 Subject: [PATCH 07/26] Copy secure_boot flag in boot params across kexec @@ -22,7 +22,7 @@ Signed-off-by: David Howells 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c -index 9d7fd5e6689a..7e6f00ae8322 100644 +index 9d7fd5e..7e6f00a 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -179,6 +179,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr, @@ -34,5 +34,5 @@ index 9d7fd5e6689a..7e6f00ae8322 100644 ei->efi_systab = current_ei->efi_systab; ei->efi_systab_hi = current_ei->efi_systab_hi; -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch index 0c9d55a68c..60df4036ac 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch @@ -1,4 +1,4 @@ -From 477e5612e6446d3b1df9ed49efee42d319721e74 Mon Sep 17 00:00:00 2001 +From 11cdd5d6f82dc648da689d0d5df80415aa6ccfdb Mon Sep 17 00:00:00 2001 From: "Lee, Chun-Yi" Date: Wed, 23 Nov 2016 13:49:19 +0000 Subject: [PATCH 08/26] kexec_file: Disable at runtime if securelevel has been @@ -18,7 +18,7 @@ Signed-off-by: David Howells 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c -index b118735fea9d..f6937eecd1eb 100644 +index b118735..f6937ee 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, @@ -35,5 +35,5 @@ index b118735fea9d..f6937eecd1eb 100644 if (flags != (flags & KEXEC_FILE_FLAGS)) return -EINVAL; -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch index ef7308db84..b8d994dd59 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch @@ -1,4 +1,4 @@ -From ef8d6a280865af7b555327c33543f8b1ebb23902 Mon Sep 17 00:00:00 2001 +From e066547b800fe128b1490bed96ce05485308a4ac Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 22 Nov 2016 08:46:15 +0000 Subject: [PATCH 09/26] hibernate: Disable when the kernel is locked down @@ -15,7 +15,7 @@ Signed-off-by: David Howells 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c -index a8b978c35a6a..50cca5dcb62f 100644 +index a8b978c..50cca5d 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops; @@ -28,5 +28,5 @@ index a8b978c35a6a..50cca5dcb62f 100644 /** -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch index 05db71d662..6f57b55c76 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch @@ -1,4 +1,4 @@ -From c2cf47ce26f820f0c9d3ad6112b179c6c884e415 Mon Sep 17 00:00:00 2001 +From 56b9aa60591fcda67ed2343781feae65d4b644e0 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Wed, 23 Nov 2016 13:28:17 +0000 Subject: [PATCH 10/26] uswsusp: Disable when the kernel is locked down @@ -14,7 +14,7 @@ Signed-off-by: David Howells 1 file changed, 3 insertions(+) diff --git a/kernel/power/user.c b/kernel/power/user.c -index 22df9f7ff672..e4b926d329b7 100644 +index 22df9f7..e4b926d 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) @@ -28,5 +28,5 @@ index 22df9f7ff672..e4b926d329b7 100644 if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch index 241f4d8b90..28d8ceed11 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch @@ -1,4 +1,4 @@ -From a8175632e2d54fff6093cc5793d257b1968b8bf8 Mon Sep 17 00:00:00 2001 +From 376f41a9e72da16e71afae479db0ddfdb3b00648 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:15 +0000 Subject: [PATCH 11/26] PCI: Lock down BAR access when the kernel is locked @@ -19,7 +19,7 @@ Signed-off-by: David Howells 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 31e99613a12e..559556047d66 100644 +index 31e9961..5595560 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -754,6 +754,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, @@ -53,7 +53,7 @@ index 31e99613a12e..559556047d66 100644 } diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 098360d7ff81..ef16fccb1923 100644 +index 098360d..ef16fcc 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c @@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf, @@ -86,7 +86,7 @@ index 098360d7ff81..ef16fccb1923 100644 if (fpriv->mmap_state == pci_mmap_io) { diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c -index 9bf993e1f71e..c09524738ceb 100644 +index 9bf993e..c095247 100644 --- a/drivers/pci/syscall.c +++ b/drivers/pci/syscall.c @@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn, @@ -99,5 +99,5 @@ index 9bf993e1f71e..c09524738ceb 100644 dev = pci_get_bus_and_slot(bus, dfn); -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch index e17c1f1e61..0a89b464d3 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch @@ -1,4 +1,4 @@ -From df08e412dc65f840fd2f17a38ca90e3c41bd39e0 Mon Sep 17 00:00:00 2001 +From 95073d14a7f72af389cf7ae17967918f5fa69807 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:16 +0000 Subject: [PATCH 12/26] x86: Lock down IO port access when the kernel is locked @@ -20,7 +20,7 @@ Signed-off-by: David Howells 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c -index 9c3cf0944bce..4a613fed94b6 100644 +index 9c3cf09..4a613fe 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -30,7 +30,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) @@ -42,7 +42,7 @@ index 9c3cf0944bce..4a613fed94b6 100644 } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index ba68add9677f..5e2a260fb89f 100644 +index ba68add..5e2a260 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -768,6 +768,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) @@ -55,5 +55,5 @@ index ba68add9677f..5e2a260fb89f 100644 } -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch index 7553cdbe17..14528013ec 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch @@ -1,4 +1,4 @@ -From acce1508e26594ecc21c388f57390cde3fbae4d9 Mon Sep 17 00:00:00 2001 +From 772e7b9176b7ddcce9cef71b2e79ed705916342f Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:17 +0000 Subject: [PATCH 13/26] x86: Restrict MSR access when the kernel is locked down @@ -15,7 +15,7 @@ Signed-off-by: David Howells 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index ef688804f80d..fbcce028e502 100644 +index ef68880..fbcce02 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -84,6 +84,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, @@ -40,5 +40,5 @@ index ef688804f80d..fbcce028e502 100644 err = -EFAULT; break; -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch index 7c5ba7c45b..16581d0e39 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch @@ -1,4 +1,4 @@ -From 7d73bb9bb6c50eaeb32dd6cb1f11f4ab815384df Mon Sep 17 00:00:00 2001 +From e08b26f76b182ac6e12a6b9d50b493d2fedd34fc Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:16 +0000 Subject: [PATCH 14/26] asus-wmi: Restrict debugfs interface when the kernel is @@ -17,7 +17,7 @@ Signed-off-by: David Howells 1 file changed, 9 insertions(+) diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index 6c7d86074b38..57b82cbc9a6b 100644 +index 6c7d860..57b82cb 100644 --- a/drivers/platform/x86/asus-wmi.c +++ b/drivers/platform/x86/asus-wmi.c @@ -1905,6 +1905,9 @@ static int show_dsts(struct seq_file *m, void *data) @@ -51,5 +51,5 @@ index 6c7d86074b38..57b82cbc9a6b 100644 1, asus->debug.method_id, &input, &output); -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch index 2537a38aae..bd189ee4e8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch @@ -1,4 +1,4 @@ -From f4dde9c46875e6b5c0bde36af5888b8096398e7e Mon Sep 17 00:00:00 2001 +From 47a2d3bcc537f52e09d195cd5ae6c1546dfb2cdc Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 22 Nov 2016 08:46:16 +0000 Subject: [PATCH 15/26] ACPI: Limit access to custom_method when the kernel is @@ -15,7 +15,7 @@ Signed-off-by: David Howells 1 file changed, 3 insertions(+) diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c -index c68e72414a67..e4d721c330c0 100644 +index c68e724..e4d721c 100644 --- a/drivers/acpi/custom_method.c +++ b/drivers/acpi/custom_method.c @@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, @@ -29,5 +29,5 @@ index c68e72414a67..e4d721c330c0 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch index 648e003c61..430aa1e270 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch @@ -1,4 +1,4 @@ -From ede9a80c123614264dbf20f3e4f98ac6c9553930 Mon Sep 17 00:00:00 2001 +From 9e4a043b792c4599a313aeb81b548e4a65b85f3f Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 22 Nov 2016 08:46:16 +0000 Subject: [PATCH 16/26] acpi: Ignore acpi_rsdp kernel param when the kernel has @@ -15,7 +15,7 @@ Signed-off-by: David Howells 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index db78d353bab1..d4d4ba348451 100644 +index db78d35..d4d4ba3 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) @@ -28,5 +28,5 @@ index db78d353bab1..d4d4ba348451 100644 #endif -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch index c553fcce8e..dc3967c853 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch @@ -1,4 +1,4 @@ -From d785b547deba4fcd1c84124a0093afd23103f134 Mon Sep 17 00:00:00 2001 +From e0ff61fba4dd9e26a6744446a6e133eac094b6ee Mon Sep 17 00:00:00 2001 From: Linn Crosetto Date: Wed, 23 Nov 2016 13:32:27 +0000 Subject: [PATCH 17/26] acpi: Disable ACPI table override if the kernel is @@ -21,7 +21,7 @@ Signed-off-by: David Howells 1 file changed, 5 insertions(+) diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c -index ff425390bfa8..c72bfa97888a 100644 +index ff42539..c72bfa9 100644 --- a/drivers/acpi/tables.c +++ b/drivers/acpi/tables.c @@ -526,6 +526,11 @@ void __init acpi_table_upgrade(void) @@ -37,5 +37,5 @@ index ff425390bfa8..c72bfa97888a 100644 memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS, all_tables_size, PAGE_SIZE); -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch index cc09592190..30b69161d9 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch @@ -1,4 +1,4 @@ -From ba162f6166b691dd390cff53080574b570f0c1a5 Mon Sep 17 00:00:00 2001 +From 7f0ec497364d309fdddb96ced1a83a9890b86baa Mon Sep 17 00:00:00 2001 From: Linn Crosetto Date: Wed, 23 Nov 2016 13:39:41 +0000 Subject: [PATCH 18/26] acpi: Disable APEI error injection if the kernel is @@ -26,7 +26,7 @@ Signed-off-by: David Howells 1 file changed, 3 insertions(+) diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c -index ec50c32ea3da..e082718d01c2 100644 +index ec50c32..e082718 100644 --- a/drivers/acpi/apei/einj.c +++ b/drivers/acpi/apei/einj.c @@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2, @@ -40,5 +40,5 @@ index ec50c32ea3da..e082718d01c2 100644 if (flags && (flags & ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF))) -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch index 489e5ccb98..9b774d6b07 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch @@ -1,4 +1,4 @@ -From f75cba8e764cc7247b6237c80af6e73b3303aaee Mon Sep 17 00:00:00 2001 +From 1670abea3f18938e2bd3407c47e6d1b0b66d3bc2 Mon Sep 17 00:00:00 2001 From: "Lee, Chun-Yi" Date: Wed, 23 Nov 2016 13:52:16 +0000 Subject: [PATCH 19/26] bpf: Restrict kernel image access functions when the @@ -17,7 +17,7 @@ Signed-off-by: David Howells 1 file changed, 11 insertions(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c -index 460a031c77e5..58eb33d5d6ae 100644 +index 460a031..58eb33d 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr) @@ -53,5 +53,5 @@ index 460a031c77e5..58eb33d5d6ae 100644 for (i = 0; i < fmt_size; i++) { if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i])) -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch index c2e8dc05c9..e9587411e4 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0020-scsi-Lock-down-the-eata-driver.patch @@ -1,4 +1,4 @@ -From 275c37641a64fdb13c2bf5b7c8c6c240080e7ee8 Mon Sep 17 00:00:00 2001 +From 6c9effad0058286f8bb4d01ac247ef92be727b40 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 22 Nov 2016 10:10:34 +0000 Subject: [PATCH 20/26] scsi: Lock down the eata driver @@ -24,7 +24,7 @@ cc: linux-scsi@vger.kernel.org 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c -index 227dd2c2ec2f..5c036d10c18b 100644 +index 227dd2c..5c036d1 100644 --- a/drivers/scsi/eata.c +++ b/drivers/scsi/eata.c @@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt) @@ -43,5 +43,5 @@ index 227dd2c2ec2f..5c036d10c18b 100644 #if defined(MODULE) /* io_port could have been modified when loading as a module */ -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch index c03d2b166d..e206543e22 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch @@ -1,4 +1,4 @@ -From ab6c3943aaf0b45b422d77b8ef6e817e33758619 Mon Sep 17 00:00:00 2001 +From df81e03770883fd556ba9591ab30e74097f0229f Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 25 Nov 2016 14:37:45 +0000 Subject: [PATCH 21/26] Prohibit PCMCIA CIS storage when the kernel is locked @@ -13,7 +13,7 @@ Signed-off-by: David Howells 1 file changed, 5 insertions(+) diff --git a/drivers/pcmcia/cistpl.c b/drivers/pcmcia/cistpl.c -index 55ef7d1fd8da..193e4f7b73b1 100644 +index 55ef7d1..193e4f7 100644 --- a/drivers/pcmcia/cistpl.c +++ b/drivers/pcmcia/cistpl.c @@ -1578,6 +1578,11 @@ static ssize_t pccard_store_cis(struct file *filp, struct kobject *kobj, @@ -29,5 +29,5 @@ index 55ef7d1fd8da..193e4f7b73b1 100644 if (off) -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch index b60d763dbb..b809511845 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0022-Lock-down-TIOCSSERIAL.patch @@ -1,4 +1,4 @@ -From 1fcbe5b939cec829f80dca667f6a1629cd7f8ac8 Mon Sep 17 00:00:00 2001 +From d17a0012c78e29a87b949f30f175267fd91ff525 Mon Sep 17 00:00:00 2001 From: David Howells Date: Wed, 7 Dec 2016 10:28:39 +0000 Subject: [PATCH 22/26] Lock down TIOCSSERIAL @@ -15,7 +15,7 @@ Signed-off-by: David Howells 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 13bfd5dcffce..45fb7689bc1c 100644 +index 13bfd5d..45fb768 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -821,6 +821,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, @@ -32,5 +32,5 @@ index 13bfd5dcffce..45fb7689bc1c 100644 retval = -EPERM; if (change_irq || change_port || -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index 0b750ff97f..834a77ffaa 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,4 +1,4 @@ -From 498ba076f1f149e03dfd9fc4c52741f063d006f6 Mon Sep 17 00:00:00 2001 +From d21200af07c733bfc29d16883443a5207dd623eb Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 Subject: [PATCH 23/26] kbuild: derive relative path for KBUILD_SRC from CURDIR @@ -12,7 +12,7 @@ by some undesirable path component. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index bfdc92c2e47a..2d56a7441e02 100644 +index 382e967..e5aa822 100644 --- a/Makefile +++ b/Makefile @@ -149,7 +149,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make @@ -26,5 +26,5 @@ index bfdc92c2e47a..2d56a7441e02 100644 # Leave processing to above invocation of make -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch index ac589fe5ea..d307611203 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0024-Add-arm64-coreos-verity-hash.patch @@ -1,4 +1,4 @@ -From de896f01efda42dddf52e0362db62d7f26a43b28 Mon Sep 17 00:00:00 2001 +From 94f8291a354361a902bfaa9aefc9de9cbbe8bacb Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Fri, 11 Nov 2016 17:28:52 -0800 Subject: [PATCH 24/26] Add arm64 coreos verity hash @@ -9,7 +9,7 @@ Signed-off-by: Geoff Levand 1 file changed, 5 insertions(+) diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S -index 613fc3000677..fdaf86c78332 100644 +index 613fc30..fdaf86c 100644 --- a/arch/arm64/kernel/efi-header.S +++ b/arch/arm64/kernel/efi-header.S @@ -103,6 +103,11 @@ section_table: @@ -25,5 +25,5 @@ index 613fc3000677..fdaf86c78332 100644 /* * The debug table is referenced via its Relative Virtual Address (RVA), -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch index c10e4311ca..21038e68bf 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0025-bonding-commit-link-status-change-after-propose.patch @@ -1,4 +1,4 @@ -From 3849236f6d4900e255fea0c609887fc5901f9837 Mon Sep 17 00:00:00 2001 +From 0d1fedc72064771c52e3bd8947b9a52b81f239fb Mon Sep 17 00:00:00 2001 From: WANG Cong Date: Tue, 25 Jul 2017 09:44:25 -0700 Subject: [PATCH 25/26] bonding: commit link status change after propose @@ -20,7 +20,7 @@ Signed-off-by: David S. Miller 1 file changed, 2 insertions(+) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 8ab6bdbe1682..0eab2fdff8d7 100644 +index 8ab6bdb..0eab2fd 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -2047,6 +2047,7 @@ static int bond_miimon_inspect(struct bonding *bond) @@ -40,5 +40,5 @@ index 8ab6bdbe1682..0eab2fdff8d7 100644 if (slave->delay) { -- -2.13.0 +2.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0026-virtio_net-fix-truesize-for-mergeable-buffers.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0026-virtio_net-fix-truesize-for-mergeable-buffers.patch index 0d1b6eedd2..5408a1854e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0026-virtio_net-fix-truesize-for-mergeable-buffers.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.12/z0026-virtio_net-fix-truesize-for-mergeable-buffers.patch @@ -1,4 +1,4 @@ -From 53e714799440efa994d43e8ac7e3325cda3405d5 Mon Sep 17 00:00:00 2001 +From b24f16f597586d794bb66c08f09b4e83579da916 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 31 Jul 2017 21:49:49 +0300 Subject: [PATCH 26/26] virtio_net: fix truesize for mergeable buffers @@ -27,7 +27,7 @@ Signed-off-by: Michael S. Tsirkin 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c -index 6633dd4bb649..acb754eb1ccb 100644 +index 6633dd4..acb754e 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -889,21 +889,20 @@ static int add_recvbuf_mergeable(struct virtnet_info *vi, @@ -55,5 +55,5 @@ index 6633dd4bb649..acb754eb1ccb 100644 if (err < 0) put_page(virt_to_head_page(buf)); -- -2.13.0 +2.10.2