From 93eb69cd4b4981eecbeee163813c28b1a1824d08 Mon Sep 17 00:00:00 2001
From: Jenkins OS <team-os@coreos.com>
Date: Mon, 11 Sep 2017 17:40:27 +0000
Subject: [PATCH] sys-kernel/coreos-sources: bump to 4.13.1

---
 ...-4.13.0-r1.ebuild => coreos-kernel-4.13.1.ebuild} |  0
 ...4.13.0-r1.ebuild => coreos-modules-4.13.1.ebuild} |  0
 .../sys-kernel/coreos-sources/Manifest               |  1 +
 ...es-4.13.0.ebuild => coreos-sources-4.13.1.ebuild} |  0
 .../4.13/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch     |  4 ++--
 ...bility-to-lock-down-access-to-the-running-k.patch |  4 ++--
 ...down-the-kernel-if-booted-in-secure-boot-mo.patch |  4 ++--
 ...odule-signatures-if-the-kernel-is-locked-do.patch |  4 ++--
 ...dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch |  4 ++--
 ...able-at-runtime-if-the-kernel-is-locked-dow.patch | 12 ++++++------
 ...re_boot-flag-in-boot-params-across-kexec-re.patch |  4 ++--
 ...e-Disable-at-runtime-if-securelevel-has-bee.patch |  4 ++--
 ...nate-Disable-when-the-kernel-is-locked-down.patch |  4 ++--
 ...susp-Disable-when-the-kernel-is-locked-down.patch |  4 ++--
 ...down-BAR-access-when-the-kernel-is-locked-d.patch |  4 ++--
 ...down-IO-port-access-when-the-kernel-is-lock.patch |  4 ++--
 ...ict-MSR-access-when-the-kernel-is-locked-do.patch |  4 ++--
 ...Restrict-debugfs-interface-when-the-kernel-.patch |  4 ++--
 ...t-access-to-custom_method-when-the-kernel-i.patch |  4 ++--
 ...re-acpi_rsdp-kernel-param-when-the-kernel-h.patch |  4 ++--
 ...ble-ACPI-table-override-if-the-kernel-is-lo.patch |  4 ++--
 ...ble-APEI-error-injection-if-the-kernel-is-l.patch |  4 ++--
 ...ict-kernel-image-access-functions-when-the-.patch |  4 ++--
 .../4.13/z0020-scsi-Lock-down-the-eata-driver.patch  |  4 ++--
 ...PCMCIA-CIS-storage-when-the-kernel-is-locke.patch |  4 ++--
 .../files/4.13/z0022-Lock-down-TIOCSSERIAL.patch     |  4 ++--
 ...rive-relative-path-for-KBUILD_SRC-from-CURD.patch |  6 +++---
 .../4.13/z0024-Add-arm64-coreos-verity-hash.patch    |  4 ++--
 28 files changed, 54 insertions(+), 53 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.13.0-r1.ebuild => coreos-kernel-4.13.1.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-4.13.0-r1.ebuild => coreos-modules-4.13.1.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.13.0.ebuild => coreos-sources-4.13.1.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.13.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.13.1.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.13.0-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.13.1.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.13.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.13.1.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.13.0-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.13.1.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index 6fcd80a85a..df01e1371e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1 +1,2 @@
 DIST linux-4.13.tar.xz 100579888 SHA256 2db3d6066c3ad93eb25b973a3d2951e022a7e975ee2fa7cbe5bddf84d9a49a2c SHA512 a557c2f0303ae618910b7106ff63d9978afddf470f03cb72aa748213e099a0ecd5f3119aea6cbd7b61df30ca6ef3ec57044d524b7babbaabddf8b08b8bafa7d2 WHIRLPOOL d3d332e02cd3c5056c76c28cf1f81504c6f7b8f2caed7238e7dd7866747fb03154b88d8d7aec4d0eddf5760624bc7d6c5485fb52a3e32d098a2742eba96c0d05
+DIST patch-4.13.1.xz 15512 SHA256 6664b089bdb6513b006bfe65c6fee45d38ddfe17f6ccc87a720e831d4c215b4d SHA512 392ba115d4728730d73e3c66e07f0230894f44ae71851c26ec9707d5f26bc093a6f7043592232deddf2619d2c7d305e62b168b52a142c59f10970f22bf3fbe7e WHIRLPOOL c6e8c796d7d14436274aa4b944495178d461f267e1b7a85f320a461dd6db54593b2bb9943db09eb1c2122c3b65bff1458928a05228c82ec6f61395863ba20a83
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.13.0.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.13.1.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.13.0.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.13.1.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch
index 2b6dd8eea4..ed16643763 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0001-efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,4 +1,4 @@
-From ec1fe6dec14b1bc198aabb4c53ce0784d7309f63 Mon Sep 17 00:00:00 2001
+From a032ca112b1d4b9b48b2f86d1040fd761336cd11 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Mon, 21 Nov 2016 23:55:55 +0000
 Subject: [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
@@ -42,5 +42,5 @@ index 8269bcb8ccf7..7952dd3ffa73 100644
  #ifdef CONFIG_EFI
  /*
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch
index cc34447787..0d808c33a4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0002-Add-the-ability-to-lock-down-access-to-the-running-k.patch
@@ -1,4 +1,4 @@
-From f96c513dc36e427920bdf02c08ac2948010f13ee Mon Sep 17 00:00:00 2001
+From 495c37aed46e6726389d42feb2f74fad9720c38a Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Mon, 21 Nov 2016 23:36:17 +0000
 Subject: [PATCH 02/24] Add the ability to lock down access to the running
@@ -145,5 +145,5 @@ index 000000000000..5788c60ff4e1
 +}
 +EXPORT_SYMBOL(kernel_is_locked_down);
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
index 96da094497..d505f345ce 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -1,4 +1,4 @@
-From c135f676e3463ce343a83e6122ba59f3feddd387 Mon Sep 17 00:00:00 2001
+From baf6387f7db01a3ed1f13804be996575c15cb8cd Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Mon, 21 Nov 2016 23:55:55 +0000
 Subject: [PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode
@@ -65,5 +65,5 @@ index 319995f58345..d0128aef43ce 100644
  		default:
  			pr_info("Secure boot could not be determined\n");
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
index 4d82e308c6..164d8f84b2 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
@@ -1,4 +1,4 @@
-From 889644193accc15e10f57d196d8ccee078a4c418 Mon Sep 17 00:00:00 2001
+From ffb48493f840bf056b2087d5e2cc39417cd3b28f Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Wed, 23 Nov 2016 13:22:22 +0000
 Subject: [PATCH 04/24] Enforce module signatures if the kernel is locked down
@@ -25,5 +25,5 @@ index 40f983cbea81..e5b878b26906 100644
  
  	return err;
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
index 88f162c06d..db895b7dae 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0005-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
@@ -1,4 +1,4 @@
-From 229c2b74434896dad965d923b9aa75720f791e5b Mon Sep 17 00:00:00 2001
+From 537dae2d82923542ea9f7cbe18e28969b6dbeb41 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is
@@ -39,5 +39,5 @@ index 593a8818aca9..ba68add9677f 100644
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
index 63a8396665..46a9658c5d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
@@ -1,4 +1,4 @@
-From 748399214b99f8efd3e27a76988071edf04008bc Mon Sep 17 00:00:00 2001
+From 5d7fb119ef5f3043274e02d5a81ff72b5233c54c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 06/24] kexec: Disable at runtime if the kernel is locked down
@@ -20,20 +20,20 @@ diff --git a/kernel/kexec.c b/kernel/kexec.c
 index e62ec4dc6620..37f75d0b75de 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
-@@ -202,6 +202,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+@@ -201,6 +201,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+ 	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
  		return -EPERM;
  
- 	/*
++	/*
 +	 * kexec can be used to circumvent module loading restrictions, so
 +	 * prevent loading in that case
 +	 */
 +	if (kernel_is_locked_down())
 +		return -EPERM;
 +
-+	/*
+ 	/*
  	 * Verify we have a legal set of flags
  	 * This leaves us room for future extensions.
- 	 */
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
index a1bbfa8aa4..1aea45aa75 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
@@ -1,4 +1,4 @@
-From 802f8fed34b68241584664b7189a09f8c32edc3d Mon Sep 17 00:00:00 2001
+From ddc437b9994f88ed8e1d0a9be149dd95404e0278 Mon Sep 17 00:00:00 2001
 From: Dave Young <dyoung@redhat.com>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 07/24] Copy secure_boot flag in boot params across kexec
@@ -34,5 +34,5 @@ index fb095ba0c02f..7d0fac5bcbbe 100644
  	ei->efi_systab = current_ei->efi_systab;
  	ei->efi_systab_hi = current_ei->efi_systab_hi;
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
index a6df49a2f8..5363020310 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0008-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
@@ -1,4 +1,4 @@
-From 462f23bde4a08fab36b9b546949b978f9dedad64 Mon Sep 17 00:00:00 2001
+From 434c77ad6645cda8715efbb3645949847eb14e80 Mon Sep 17 00:00:00 2001
 From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
 Date: Wed, 23 Nov 2016 13:49:19 +0000
 Subject: [PATCH 08/24] kexec_file: Disable at runtime if securelevel has been
@@ -35,5 +35,5 @@ index 9f48f4412297..7da87007c202 100644
  	if (flags != (flags & KEXEC_FILE_FLAGS))
  		return -EINVAL;
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
index f7e0066823..9ec5413aa4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
@@ -1,4 +1,4 @@
-From adec41f7b31b22baa7fb51d1adb5498d9dfef467 Mon Sep 17 00:00:00 2001
+From 254bd92749f1831bd9277f011c69dde275a67bd4 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 09/24] hibernate: Disable when the kernel is locked down
@@ -28,5 +28,5 @@ index e1914c7b85b1..7859ba79e181 100644
  
  /**
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
index 575765917e..899aeaed5e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
@@ -1,4 +1,4 @@
-From 6665456476b2c40c3108ed7951b92e78ddb27e38 Mon Sep 17 00:00:00 2001
+From 2a7ec566d2df745dde6c0ffeac49e3afc9101efb Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@srcf.ucam.org>
 Date: Wed, 23 Nov 2016 13:28:17 +0000
 Subject: [PATCH 10/24] uswsusp: Disable when the kernel is locked down
@@ -28,5 +28,5 @@ index 22df9f7ff672..e4b926d329b7 100644
  
  	if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
index 94db6f16df..d2cd796545 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
@@ -1,4 +1,4 @@
-From 8b4d747ed0d0812f800ee0924db8fe9c6789a801 Mon Sep 17 00:00:00 2001
+From 2cfffb7bc9349c57cbe4bc7131b9e883ff962e28 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:15 +0000
 Subject: [PATCH 11/24] PCI: Lock down BAR access when the kernel is locked
@@ -99,5 +99,5 @@ index 9bf993e1f71e..c09524738ceb 100644
  
  	dev = pci_get_bus_and_slot(bus, dfn);
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
index f339cc77d1..01feeecf0f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
@@ -1,4 +1,4 @@
-From 6af309032ff6cf9ce48af8479a3284e72659a339 Mon Sep 17 00:00:00 2001
+From 5967918f09610c750b08a986c4cafcdd7c5ddb1c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 12/24] x86: Lock down IO port access when the kernel is locked
@@ -55,5 +55,5 @@ index ba68add9677f..5e2a260fb89f 100644
  }
  
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
index bd92001b7d..9c8187ff21 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0013-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
@@ -1,4 +1,4 @@
-From 4e02fe5bfe717f58166a75cd2d1cb5ce48fad314 Mon Sep 17 00:00:00 2001
+From 05c6f427ebfb61351093e4fa0fbc41687e64c742 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:17 +0000
 Subject: [PATCH 13/24] x86: Restrict MSR access when the kernel is locked down
@@ -40,5 +40,5 @@ index ef688804f80d..fbcce028e502 100644
  			err = -EFAULT;
  			break;
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
index ebf6c9a76c..bc4e827ccc 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
@@ -1,4 +1,4 @@
-From df735d38937440c3e435fd709f76dad2405382fc Mon Sep 17 00:00:00 2001
+From 9e22dfcdcf70705a9e31deb52c423d8776e80226 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 14/24] asus-wmi: Restrict debugfs interface when the kernel is
@@ -51,5 +51,5 @@ index 709e3a67391a..2d8db47698b2 100644
  				     1, asus->debug.method_id,
  				     &input, &output);
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
index 28af0fdd72..037997d743 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
@@ -1,4 +1,4 @@
-From b49436f51c26e3d7c0dbe8c31bf3dfa94d53a92f Mon Sep 17 00:00:00 2001
+From f6c3d482bcaa3c2770623ed39424cbf9375bfd21 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 15/24] ACPI: Limit access to custom_method when the kernel is
@@ -29,5 +29,5 @@ index c68e72414a67..e4d721c330c0 100644
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
index b31793da3a..9466663af2 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
@@ -1,4 +1,4 @@
-From 7460f37c986ef84262c5bd87660d7b0a5067955e Mon Sep 17 00:00:00 2001
+From 8bcc73613a6886a32d6b3277dc94174ec513cd61 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Tue, 22 Nov 2016 08:46:16 +0000
 Subject: [PATCH 16/24] acpi: Ignore acpi_rsdp kernel param when the kernel has
@@ -28,5 +28,5 @@ index db78d353bab1..d4d4ba348451 100644
  #endif
  
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
index 4e7a223069..13bd0902a5 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
@@ -1,4 +1,4 @@
-From 33f17551b5a59c82c4817e44debf7b71ed252a00 Mon Sep 17 00:00:00 2001
+From 9992e2504db0cdda955178c0f213186937468b65 Mon Sep 17 00:00:00 2001
 From: Linn Crosetto <linn@hpe.com>
 Date: Wed, 23 Nov 2016 13:32:27 +0000
 Subject: [PATCH 17/24] acpi: Disable ACPI table override if the kernel is
@@ -37,5 +37,5 @@ index ff425390bfa8..c72bfa97888a 100644
  		memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
  				       all_tables_size, PAGE_SIZE);
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
index ecbcd0a02a..af6e507d6d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
@@ -1,4 +1,4 @@
-From c8cb46ce6461cf117a371c5bf2fce791ac837dba Mon Sep 17 00:00:00 2001
+From 73b3e2a2495fceb5d98e79abc51e0f6c6e5ea7f9 Mon Sep 17 00:00:00 2001
 From: Linn Crosetto <linn@hpe.com>
 Date: Wed, 23 Nov 2016 13:39:41 +0000
 Subject: [PATCH 18/24] acpi: Disable APEI error injection if the kernel is
@@ -40,5 +40,5 @@ index ec50c32ea3da..e082718d01c2 100644
  	if (flags && (flags &
  		~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF)))
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch
index 4563a30605..fee625f0b6 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0019-bpf-Restrict-kernel-image-access-functions-when-the-.patch
@@ -1,4 +1,4 @@
-From 8b30ffff90c994ef2c385f17068cc5a2580be9ef Mon Sep 17 00:00:00 2001
+From e880a3ac94f7d18f0b5823a1965702c5c86aa075 Mon Sep 17 00:00:00 2001
 From: "Lee, Chun-Yi" <jlee@suse.com>
 Date: Wed, 23 Nov 2016 13:52:16 +0000
 Subject: [PATCH 19/24] bpf: Restrict kernel image access functions when the
@@ -53,5 +53,5 @@ index dc498b605d5d..fb240222b89b 100644
  	for (i = 0; i < fmt_size; i++) {
  		if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i]))
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0020-scsi-Lock-down-the-eata-driver.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0020-scsi-Lock-down-the-eata-driver.patch
index f16b06756b..cfb143ba7a 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0020-scsi-Lock-down-the-eata-driver.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0020-scsi-Lock-down-the-eata-driver.patch
@@ -1,4 +1,4 @@
-From 932083ba187c582a6e927f8a23c4bf7f1ffc8b57 Mon Sep 17 00:00:00 2001
+From a6a10fc8621844458d601931199723110fd69c5b Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 22 Nov 2016 10:10:34 +0000
 Subject: [PATCH 20/24] scsi: Lock down the eata driver
@@ -43,5 +43,5 @@ index 227dd2c2ec2f..5c036d10c18b 100644
  #if defined(MODULE)
  	/* io_port could have been modified when loading as a module */
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
index 8ea93a5f22..30e22c5a1d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0021-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
@@ -1,4 +1,4 @@
-From dd3ea039825bb0568ef9f8eac9349c72018ee7fa Mon Sep 17 00:00:00 2001
+From b033945096f19c5f40cbc0db69ca89a37e0bc037 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Fri, 25 Nov 2016 14:37:45 +0000
 Subject: [PATCH 21/24] Prohibit PCMCIA CIS storage when the kernel is locked
@@ -29,5 +29,5 @@ index 55ef7d1fd8da..193e4f7b73b1 100644
  
  	if (off)
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0022-Lock-down-TIOCSSERIAL.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0022-Lock-down-TIOCSSERIAL.patch
index 89a9123ae4..cfe67d6ebb 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0022-Lock-down-TIOCSSERIAL.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0022-Lock-down-TIOCSSERIAL.patch
@@ -1,4 +1,4 @@
-From 6c17f65a64524be9a61751a9127d2bc871bfc08b Mon Sep 17 00:00:00 2001
+From 0795e2bc180d56a36de0e4bf6457f7f2f224de76 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Wed, 7 Dec 2016 10:28:39 +0000
 Subject: [PATCH 22/24] Lock down TIOCSSERIAL
@@ -32,5 +32,5 @@ index f534a40aebde..e32c0179f423 100644
  		retval = -EPERM;
  		if (change_irq || change_port ||
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 19db915fdf..ef8ac83228 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,4 +1,4 @@
-From 84d16a6c02b47b5e6238e09f327f440fd06fba48 Mon Sep 17 00:00:00 2001
+From edac9bd209fa04bc262db060442d50df0ab4cdac Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
 Subject: [PATCH 23/24] kbuild: derive relative path for KBUILD_SRC from CURDIR
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index ed65d7278bb3..52be2df62294 100644
+index 41a976854cad..c628fd19abe2 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -142,7 +142,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
@@ -26,5 +26,5 @@ index ed65d7278bb3..52be2df62294 100644
  
  # Leave processing to above invocation of make
 -- 
-2.13.5
+2.14.1
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0024-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0024-Add-arm64-coreos-verity-hash.patch
index 0a40a3c19b..646f3b7342 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0024-Add-arm64-coreos-verity-hash.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.13/z0024-Add-arm64-coreos-verity-hash.patch
@@ -1,4 +1,4 @@
-From 45ba5af301c5e81a4fba46fdad20ef10022838f7 Mon Sep 17 00:00:00 2001
+From d65a9c5913d87a69837e7bf1c15cc116868e6dfe Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Fri, 11 Nov 2016 17:28:52 -0800
 Subject: [PATCH 24/24] Add arm64 coreos verity hash
@@ -25,5 +25,5 @@ index 613fc3000677..fdaf86c78332 100644
  	/*
  	 * The debug table is referenced via its Relative Virtual Address (RVA),
 -- 
-2.13.5
+2.14.1