Add 4.2 kernel source

Add an ebuild for Linux 4.2 and bring over the relevant patches

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.2.0-r1.ebuild

@@ -27,6 +27,4 @@ ${PATCH_DIR}/10-Add-option-to-automatically-enforce-module-signature.patch \
 ${PATCH_DIR}/12-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \
 ${PATCH_DIR}/13-efi-Add-EFI_SECURE_BOOT-bit.patch \
 ${PATCH_DIR}/14-hibernate-Disable-in-a-signed-modules-environment.patch \
-${PATCH_DIR}/15-cpuset-use-trialcs-mems_allowed-as-a-temp-variable.patch \
-${PATCH_DIR}/udp-fix-dst-races-with-multicast-early-demux.patch \
 ${PATCH_DIR}/net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch"

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.1/15-cpuset-use-trialcs-mems_allowed-as-a-temp-variable.patch

@@ -1,51 +0,0 @@
-cpuset: use trialcs->mems_allowed as a temp variable
-
-The comment says it's using trialcs->mems_allowed as a temp variable but
-it didn't match the code. Change the code to match the comment.
-
-This fixes an issue when writing in cpuset.mems when a sub-directory
-exists: we need to write several times for the information to persist:
-
-| root@alban:/sys/fs/cgroup/cpuset# mkdir footest9
-| root@alban:/sys/fs/cgroup/cpuset# cd footest9
-| root@alban:/sys/fs/cgroup/cpuset/footest9# mkdir aa
-| root@alban:/sys/fs/cgroup/cpuset/footest9# cat cpuset.mems
-|
-| root@alban:/sys/fs/cgroup/cpuset/footest9# echo 0 > cpuset.mems
-| root@alban:/sys/fs/cgroup/cpuset/footest9# cat cpuset.mems
-|
-| root@alban:/sys/fs/cgroup/cpuset/footest9# echo 0 > cpuset.mems
-| root@alban:/sys/fs/cgroup/cpuset/footest9# cat cpuset.mems
-| 0
-| root@alban:/sys/fs/cgroup/cpuset/footest9# cat aa/cpuset.mems
-|
-| root@alban:/sys/fs/cgroup/cpuset/footest9# echo 0 > aa/cpuset.mems
-| root@alban:/sys/fs/cgroup/cpuset/footest9# cat aa/cpuset.mems
-| 0
-| root@alban:/sys/fs/cgroup/cpuset/footest9#
-
-This should help to fix the following issue in Docker:
-https://github.com/opencontainers/runc/issues/133
-In some conditions, a Docker container needs to be started twice in
-order to work.
-
-Signed-off-by: Alban Crequy <alban@endocode.com>
-Tested-by: Iago López Galeiras <iago@endocode.com>
----
- kernel/cpuset.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/cpuset.c b/kernel/cpuset.c
-index ee14e3a..f0acff0 100644
---- a/kernel/cpuset.c
-+++ b/kernel/cpuset.c
-@@ -1223,7 +1223,7 @@ static int update_nodemask(struct cpuset *cs, struct cpuset *trialcs,
- 	spin_unlock_irq(&callback_lock);
-
- 	/* use trialcs->mems_allowed as a temp variable */
--	update_nodemasks_hier(cs, &cs->mems_allowed);
-+	update_nodemasks_hier(cs, &trialcs->mems_allowed);
- done:
- 	return retval;
- }
---

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.1/udp-fix-dst-races-with-multicast-early-demux.patch

@@ -1,62 +0,0 @@
-From 10e2eb878f3ca07ac2f05fa5ca5e6c4c9174a27a Mon Sep 17 00:00:00 2001
-From: Eric Dumazet <edumazet@google.com>
-Date: Sat, 1 Aug 2015 12:14:33 +0200
-Subject: [PATCH] udp: fix dst races with multicast early demux
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Multicast dst are not cached. They carry DST_NOCACHE.
-
-As mentioned in commit f8864972126899 ("ipv4: fix dst race in
-sk_dst_get()"), these dst need special care before caching them
-into a socket.
-
-Caching them is allowed only if their refcnt was not 0, ie we
-must use atomic_inc_not_zero()
-
-Also, we must use READ_ONCE() to fetch sk->sk_rx_dst, as mentioned
-in commit d0c294c53a771 ("tcp: prevent fetching dst twice in early demux
-code")
-
-Fixes: 421b3885bf6d ("udp: ipv4: Add udp early demux")
-Tested-by: Gregory Hoggarth <Gregory.Hoggarth@alliedtelesis.co.nz>
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Reported-by: Gregory Hoggarth <Gregory.Hoggarth@alliedtelesis.co.nz>
-Reported-by: Alex Gartrell <agartrell@fb.com>
-Cc: Michal Kubeček <mkubecek@suse.cz>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/ipv4/udp.c | 13 ++++++++++---
- 1 file changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 83aa604..1b8c5ba 100644
---- a/net/ipv4/udp.c
-+++ b/net/ipv4/udp.c
-@@ -1995,12 +1995,19 @@ void udp_v4_early_demux(struct sk_buff *skb)
- 
- 	skb->sk = sk;
- 	skb->destructor = sock_efree;
--	dst = sk->sk_rx_dst;
-+	dst = READ_ONCE(sk->sk_rx_dst);
- 
- 	if (dst)
- 		dst = dst_check(dst, 0);
--	if (dst)
--		skb_dst_set_noref(skb, dst);
-+	if (dst) {
-+		/* DST_NOCACHE can not be used without taking a reference */
-+		if (dst->flags & DST_NOCACHE) {
-+			if (likely(atomic_inc_not_zero(&dst->__refcnt)))
-+				skb_dst_set(skb, dst);
-+		} else {
-+			skb_dst_set_noref(skb, dst);
-+		}
-+	}
- }
- 
- int udp_rcv(struct sk_buff *skb)
--- 
-2.4.6
-

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/01-Add-secure_modules-call.patch

@@ -1,4 +1,4 @@
-From 936a56597be7d12ca65e1d4df38f3e1d39308318 Mon Sep 17 00:00:00 2001
+From 6067a76dca90f315916621a657a8a6379b1d0c3b Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 01/14] Add secure_modules() call
@@ -12,28 +12,27 @@ Upstream-status: Fedora mustard.  Replaced by securelevels, but that was nak'd
 
 Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
 ---
- include/linux/module.h |  7 +++++++
+ include/linux/module.h |  6 ++++++
  kernel/module.c        | 10 ++++++++++
- 2 files changed, 17 insertions(+)
+ 2 files changed, 16 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index c883b86..cdc46a7 100644
+index 3a19c79..db38634 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -508,6 +508,8 @@ int unregister_module_notifier(struct notifier_block *nb);
- 
- extern void print_modules(void);
+@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
+ 	return module && module->async_probe_requested;
+ }
  
 +extern bool secure_modules(void);
 +
  #else /* !CONFIG_MODULES... */
  
  /* Given an address, look for it in the exception tables. */
-@@ -618,6 +620,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
- static inline void print_modules(void)
- {
+@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
+ 	return false;
  }
-+
+ 
 +static inline bool secure_modules(void)
 +{
 +	return false;
@@ -42,10 +41,10 @@ index c883b86..cdc46a7 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index cfc9e84..1773828 100644
+index b86b7bf..7f04524 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -3915,3 +3915,13 @@ void module_layout(struct module *mod,
+@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -60,5 +59,5 @@ index cfc9e84..1773828 100644
 +}
 +EXPORT_SYMBOL(secure_modules);
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/02-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch

@@ -1,4 +1,4 @@
-From b0000803ff4c4c769aefc37f2d8196756eeb0bb1 Mon Sep 17 00:00:00 2001
+From 1d82a694eb7508eef1e25c4c4dfe5e4ae9206454 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
 Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
@@ -114,5 +114,5 @@ index b91c4da..98f5637 100644
  
  	dev = pci_get_bus_and_slot(bus, dfn);
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/03-x86-Lock-down-IO-port-access-when-module-security-is.patch

@@ -1,4 +1,4 @@
-From a86490e90244d673cf1705dbfeb705cca4d5322e Mon Sep 17 00:00:00 2001
+From dcddff58bc08a34053c033131bc800e16210a071 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
 Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
@@ -68,5 +68,5 @@ index 6b1721f..53fe675 100644
  		return -EFAULT;
  	while (count-- > 0 && i < 65536) {
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/04-ACPI-Limit-access-to-custom_method.patch

@@ -1,4 +1,4 @@
-From ab99ed435205e3d47265a572c22226c62db1923a Mon Sep 17 00:00:00 2001
+From c2c125a4fdabc50a25952e5a81c0fd2b46fde688 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 04/14] ACPI: Limit access to custom_method
@@ -27,5 +27,5 @@ index c68e724..4277938 100644
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/05-asus-wmi-Restrict-debugfs-interface-when-module-load.patch

@@ -1,4 +1,4 @@
-From d410f5739b850b6ad738ad042e88cd76c26a95f3 Mon Sep 17 00:00:00 2001
+From 9adc395ee42eb155a05fc82ca07cb3d77f19abe6 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
@@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index 7543a56..93b5a69 100644
+index efbc3f0..071171b 100644
 --- a/drivers/platform/x86/asus-wmi.c
 +++ b/drivers/platform/x86/asus-wmi.c
-@@ -1589,6 +1589,9 @@ static int show_dsts(struct seq_file *m, void *data)
+@@ -1868,6 +1868,9 @@ static int show_dsts(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -29,7 +29,7 @@ index 7543a56..93b5a69 100644
  	err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
  
  	if (err < 0)
-@@ -1605,6 +1608,9 @@ static int show_devs(struct seq_file *m, void *data)
+@@ -1884,6 +1887,9 @@ static int show_devs(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -39,7 +39,7 @@ index 7543a56..93b5a69 100644
  	err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
  				    &retval);
  
-@@ -1629,6 +1635,9 @@ static int show_call(struct seq_file *m, void *data)
+@@ -1908,6 +1914,9 @@ static int show_call(struct seq_file *m, void *data)
  	union acpi_object *obj;
  	acpi_status status;
  
@@ -50,5 +50,5 @@ index 7543a56..93b5a69 100644
  				     1, asus->debug.method_id,
  				     &input, &output);
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/06-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch

@@ -1,4 +1,4 @@
-From f463770943d3f1f6881fab3c9268fe1013cdf34a Mon Sep 17 00:00:00 2001
+From 2ca28096b959a2f53a3a761426418aea7a4d48f6 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
 Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
@@ -38,5 +38,5 @@ index 53fe675..b52c888 100644
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/07-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch

@@ -1,4 +1,4 @@
-From a9f8a4bbb86570f8f418e400eb9cfe284b8f62ea Mon Sep 17 00:00:00 2001
+From 9f838b6efbbabccbef59f278c13381c332e5b992 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 7ccba39..9cbdbcc 100644
+index 3b8963f..a5ae6a7 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
 @@ -44,6 +44,7 @@
@@ -25,7 +25,7 @@ index 7ccba39..9cbdbcc 100644
  
  #include <asm/io.h>
  #include <asm/uaccess.h>
-@@ -252,7 +253,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
  acpi_physical_address __init acpi_os_get_root_pointer(void)
  {
  #ifdef CONFIG_KEXEC
@@ -35,5 +35,5 @@ index 7ccba39..9cbdbcc 100644
  #endif
  
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/08-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch

@@ -1,4 +1,4 @@
-From a79e89146431a294b7afe9ad4f170c9e263f36c2 Mon Sep 17 00:00:00 2001
+From 9b3e6387aadd3baa76e5c1abd7c9071b4871885a Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 03:33:56 -0400
 Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
@@ -14,7 +14,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 8 insertions(+)
 
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 7a36fdc..22d30d7 100644
+index a785c10..81d6b40 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
 @@ -36,6 +36,7 @@
@@ -25,7 +25,7 @@ index 7a36fdc..22d30d7 100644
  
  #include <asm/page.h>
  #include <asm/uaccess.h>
-@@ -1247,6 +1248,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
  		return -EPERM;
  
  	/*
@@ -40,5 +40,5 @@ index 7a36fdc..22d30d7 100644
  	 * This leaves us room for future extensions.
  	 */
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/09-x86-Restrict-MSR-access-when-module-loading-is-restr.patch

@@ -1,4 +1,4 @@
-From 204575347e0f12cafb44b09e95f1512417c2bff2 Mon Sep 17 00:00:00 2001
+From 54cae7b82dc43c871e0cba995d1cf14c5afd7a49 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 09/14] x86: Restrict MSR access when module loading is
@@ -40,5 +40,5 @@ index 113e707..26c2f83 100644
  			err = -EFAULT;
  			break;
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/10-Add-option-to-automatically-enforce-module-signature.patch

@@ -1,4 +1,4 @@
-From 51778d46aa09dd60ae2e4025ed87f17674beaa53 Mon Sep 17 00:00:00 2001
+From 20d26ef5fc1f9686c8ef9965785227b8ce78e159 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
 Subject: [PATCH 10/14] Add option to automatically enforce module signatures
@@ -34,10 +34,10 @@ index 82fbdbc..a811210 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 226d569..6a8f880 100644
+index b3a1a5d..e6680fb 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1697,6 +1697,16 @@ config EFI_MIXED
+@@ -1704,6 +1704,16 @@ config EFI_MIXED
  
  	   If unsure, say N.
  
@@ -55,7 +55,7 @@ index 226d569..6a8f880 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 48304b8..2ff1901 100644
+index 7d69afd..03bfc83 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -104,7 +104,7 @@ index 48304b8..2ff1901 100644
  /*
   * See if we have Graphics Output Protocol
   */
-@@ -1408,6 +1440,10 @@ struct boot_params *efi_main(struct efi_config *c,
+@@ -1416,6 +1448,10 @@ struct boot_params *efi_main(struct efi_config *c,
  	else
  		setup_boot_services32(efi_early);
  
@@ -130,10 +130,10 @@ index ab456dc..74ba408 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index d74ac33..88dad73 100644
+index 80f874b..c2e4f52 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1156,6 +1156,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -147,10 +147,10 @@ index d74ac33..88dad73 100644
  	 * Parse the ACPI tables for possible boot-time SMP configuration.
  	 */
 diff --git a/include/linux/module.h b/include/linux/module.h
-index cdc46a7..0c1edd3 100644
+index db38634..4b8df91 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
+@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
  
  struct notifier_block;
  
@@ -164,10 +164,10 @@ index cdc46a7..0c1edd3 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 1773828..e7065d6 100644
+index 7f04524..2b403ab 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -3916,6 +3916,13 @@ void module_layout(struct module *mod,
+@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
@@ -182,5 +182,5 @@ index 1773828..e7065d6 100644
  {
  #ifdef CONFIG_MODULE_SIG
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/11-efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch

@@ -1,4 +1,4 @@
-From 0a0fa32050ac4335b919bae16038acdea35ba55f Mon Sep 17 00:00:00 2001
+From 4095f969830267114c73cbef05fc3b984f34bc34 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 5 Feb 2013 19:25:05 -0500
 Subject: [PATCH 11/14] efi: Disable secure boot if shim is in insecure mode
@@ -15,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 19 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 2ff1901..35268ab 100644
+index 03bfc83..1e80f3a 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -830,8 +830,9 @@ out:
@@ -54,5 +54,5 @@ index 2ff1901..35268ab 100644
  }
  
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/12-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch

@@ -1,4 +1,4 @@
-From 05994fcab209f56472d8a8ec75a48f1d92e37440 Mon Sep 17 00:00:00 2001
+From 6435d27b9b072307909802f9417882d3b0a1f554 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
 Subject: [PATCH 12/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
@@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 6a8f880..d3c21e9 100644
+index e6680fb..2c4b0e7 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1698,7 +1698,8 @@ config EFI_MIXED
+@@ -1705,7 +1705,8 @@ config EFI_MIXED
  	   If unsure, say N.
  
  config EFI_SECURE_BOOT_SIG_ENFORCE
@@ -26,5 +26,5 @@ index 6a8f880..d3c21e9 100644
  	---help---
  	  UEFI Secure Boot provides a mechanism for ensuring that the
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/13-efi-Add-EFI_SECURE_BOOT-bit.patch

@@ -1,4 +1,4 @@
-From e029a605d5db033c5349142ef8a051658f586238 Mon Sep 17 00:00:00 2001
+From 0925cb3f7afbf104e9b5df5dea02dd0d8cdb0c2e Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
 Subject: [PATCH 13/14] efi: Add EFI_SECURE_BOOT bit
@@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 88dad73..d99c8c3 100644
+index c2e4f52..5def6b4 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1158,7 +1158,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -27,10 +27,10 @@ index 88dad73..d99c8c3 100644
  #endif
  
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index af5be03..aa4ee20 100644
+index 85ef051..de3e450 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -943,6 +943,7 @@ extern int __init efi_setup_pcdp_console(char *);
+@@ -959,6 +959,7 @@ extern int __init efi_setup_pcdp_console(char *);
  #define EFI_PARAVIRT		6	/* Access is via a paravirt interface */
  #define EFI_ARCH_1		7	/* First arch-specific bit */
  #define EFI_DBG			8	/* Print additional debug info at runtime */
@@ -39,5 +39,5 @@ index af5be03..aa4ee20 100644
  #ifdef CONFIG_EFI
  /*
 -- 
-2.3.6
+2.4.3
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.2/14-hibernate-Disable-in-a-signed-modules-environment.patch

@@ -1,4 +1,4 @@
-From 4c471f14d2964118b1cbc7ec4440872215701c5f Mon Sep 17 00:00:00 2001
+From f77ad7f8cdc798a27a4e1f3f1951df958547265f Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
 Subject: [PATCH 14/14] hibernate: Disable in a signed modules environment
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index 2329daa..48a8e82 100644
+index 690f78f..037303a 100644
 --- a/kernel/power/hibernate.c
 +++ b/kernel/power/hibernate.c
 @@ -29,6 +29,7 @@
@@ -35,5 +35,5 @@ index 2329daa..48a8e82 100644
  
  /**
 -- 
-2.3.6
+2.4.3