mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-22 06:51:26 +02:00
sys-kernel/coreos-sources: bump to 4.12.8
This commit is contained in:
parent
33da0a5d36
commit
d7bf9f1a1f
@ -1,2 +1,2 @@
|
||||
DIST linux-4.12.tar.xz 99186576 SHA256 a45c3becd4d08ce411c14628a949d08e2433d8cdeca92036c7013980e93858ab SHA512 8e81b41b253e63233e92948941f44c6482acb52aa3a3fd172f03a38a86f2c35b2ad4fd407acd1bc3964673eba344fe104d3a03e3ff4bf9cd1f22bd44263bd728 WHIRLPOOL 3b97da251c2ba4ace4a27b708f2b1dcf94cb1b59aaeded6acb74bd98f0d3e33f1df83670665e4186d99a55daa84c88d539d93e20f0ff18a6d46ef326c48dd375
|
||||
DIST patch-4.12.7.xz 144316 SHA256 fe0a0b7c071978839f4b941d655df93e3c0e60bd3e49237f7e7a8635cb38ff8e SHA512 22d6b937796298e9bb83d216b5cfa8b6910c8efe7bf5c4628c5fac42f73f916a5ba29b519fed1007542faa033c39d34175961731dfae88cd36c29fc6177fddcf WHIRLPOOL 11864cd062a84ca50e0783617304253082dc196371a2af51a143f44221e120460e2a65bf77dc463a19b2ac081cedfa0e315137ce8dc2db7fc88e9b21f3b0275b
|
||||
DIST patch-4.12.8.xz 161064 SHA256 32b860911a3bafd5cd5bc813a427c90fad6eafdf607fa64e1b763b16ab605636 SHA512 44e2417fe1379977b4891f74b227c2c6d6588f3726b598ad8c8a52ecaea32f56cf222b877230fc87c043583a6f230f3044fe3c9b293c67699e1743c0161004cf WHIRLPOOL e9c6493b4c9743b031bdd0c49ab06057a6c4ba25812955189508a48be08c2b4836e999c2b7662ae049ccc8de41c3d639fe51841e3d1eaa23fda1dce5872c01cf
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 5399a52c0ee144f7a15307131b25b005341f9bb6 Mon Sep 17 00:00:00 2001
|
||||
From 4e2f9eda0169ec4c6eac1499aeca816ed13fb22d Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
|
||||
@ -42,5 +42,5 @@ index ec36f42a2add..381b3f6670d3 100644
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b44f162401351534bb7914ca4efc0bd2e4eadf2e Mon Sep 17 00:00:00 2001
|
||||
From 2501f1d32a7739cc573f78dc1bfd84b8b698a9f7 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:36:17 +0000
|
||||
Subject: [PATCH 02/24] Add the ability to lock down access to the running
|
||||
@ -145,5 +145,5 @@ index 000000000000..5788c60ff4e1
|
||||
+}
|
||||
+EXPORT_SYMBOL(kernel_is_locked_down);
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From fb4e29f6ef6927590b788b802b8a3b4ddeb4442d Mon Sep 17 00:00:00 2001
|
||||
From 658a0724dcd6f78a873dde6529d173a14912cfa4 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode
|
||||
@ -65,5 +65,5 @@ index 87ef54e64842..4c4d758d4be1 100644
|
||||
default:
|
||||
pr_info("Secure boot could not be determined\n");
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 1642935f9d310e474266ede79ee53ed2f3812f36 Mon Sep 17 00:00:00 2001
|
||||
From c24c03a43f605a9a2eebd6c3127233e1e6a11f47 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 23 Nov 2016 13:22:22 +0000
|
||||
Subject: [PATCH 04/24] Enforce module signatures if the kernel is locked down
|
||||
@ -25,5 +25,5 @@ index 4a3665f8f837..3f1de34c6d10 100644
|
||||
|
||||
return err;
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 1edaa110730f45ba745ba5c1d7f4dee3f216c055 Mon Sep 17 00:00:00 2001
|
||||
From bf0386cef0f2d98d50633f58f74d35be5d443857 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is
|
||||
@ -39,5 +39,5 @@ index 593a8818aca9..ba68add9677f 100644
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c789e8f60cfc490ba89519a5fc3d7dec1272c909 Mon Sep 17 00:00:00 2001
|
||||
From 9da0efbc7e61210ad676ed61192c6ca90c09d4a1 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 06/24] kexec: Disable at runtime if the kernel is locked down
|
||||
@ -35,5 +35,5 @@ index 980936a90ee6..46de8e6b42f4 100644
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d85876dd641ec9fea002ddf0426f08cee13ae5ed Mon Sep 17 00:00:00 2001
|
||||
From fc8d8b030d2ca4bf45ff0773ecd22fb889ef7bd3 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Young <dyoung@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 07/24] Copy secure_boot flag in boot params across kexec
|
||||
@ -34,5 +34,5 @@ index 9d7fd5e6689a..7e6f00ae8322 100644
|
||||
ei->efi_systab = current_ei->efi_systab;
|
||||
ei->efi_systab_hi = current_ei->efi_systab_hi;
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 22e71ee96f7221f6c1cc863655adbcd46d8ec0cd Mon Sep 17 00:00:00 2001
|
||||
From 4278fb032961f619a8d9605efc98fe88b43f68c8 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:49:19 +0000
|
||||
Subject: [PATCH 08/24] kexec_file: Disable at runtime if securelevel has been
|
||||
@ -35,5 +35,5 @@ index b118735fea9d..f6937eecd1eb 100644
|
||||
if (flags != (flags & KEXEC_FILE_FLAGS))
|
||||
return -EINVAL;
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ccc595e605c37108cd97f23cab2836011a47fe4b Mon Sep 17 00:00:00 2001
|
||||
From eb3bd4fc83774bb5f0a8b95c273fac07a912dcc5 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 09/24] hibernate: Disable when the kernel is locked down
|
||||
@ -28,5 +28,5 @@ index a8b978c35a6a..50cca5dcb62f 100644
|
||||
|
||||
/**
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From becbe9882ae9da6eaabddf7bc07f4e5ad8600e60 Mon Sep 17 00:00:00 2001
|
||||
From 5e24aa7d6d87d9579604d9fb9b0a423748e6e879 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <mjg59@srcf.ucam.org>
|
||||
Date: Wed, 23 Nov 2016 13:28:17 +0000
|
||||
Subject: [PATCH 10/24] uswsusp: Disable when the kernel is locked down
|
||||
@ -28,5 +28,5 @@ index 22df9f7ff672..e4b926d329b7 100644
|
||||
|
||||
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 0d542e53695f58cf5368a0c0441a50429574b7bf Mon Sep 17 00:00:00 2001
|
||||
From f2972226aac2cfcdaa79a2814ec2d6dc76898dcd Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 11/24] PCI: Lock down BAR access when the kernel is locked
|
||||
@ -99,5 +99,5 @@ index 9bf993e1f71e..c09524738ceb 100644
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 6b243c98630fb4291f610ad04c7176145b48faed Mon Sep 17 00:00:00 2001
|
||||
From 484812949960307a41ac09edbc0cdf3760067008 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 12/24] x86: Lock down IO port access when the kernel is locked
|
||||
@ -55,5 +55,5 @@ index ba68add9677f..5e2a260fb89f 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From fbbf9d01e58110cce3be4d5ebb5c5b43ccdeca01 Mon Sep 17 00:00:00 2001
|
||||
From c476d98c6d2e7f6bd5614e65d6beccedc9f2de0a Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:17 +0000
|
||||
Subject: [PATCH 13/24] x86: Restrict MSR access when the kernel is locked down
|
||||
@ -40,5 +40,5 @@ index ef688804f80d..fbcce028e502 100644
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d6533f050c7cca6bcdfdc439d2e0ef98e260a78d Mon Sep 17 00:00:00 2001
|
||||
From 14820764b607846accbf8976d150a9d4694c6926 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 14/24] asus-wmi: Restrict debugfs interface when the kernel is
|
||||
@ -51,5 +51,5 @@ index 6c7d86074b38..57b82cbc9a6b 100644
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 5a19ceeda4df04b37490a9cd79929d01598fcf2e Mon Sep 17 00:00:00 2001
|
||||
From 42ed5afba86d6f44ac77e7eda7ffdb18969db24d Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 15/24] ACPI: Limit access to custom_method when the kernel is
|
||||
@ -29,5 +29,5 @@ index c68e72414a67..e4d721c330c0 100644
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 3e8654136365669cc91a2428e7d4930c91bafe11 Mon Sep 17 00:00:00 2001
|
||||
From e735d109ecc0a688d015e7e1b47e2bd7565a3706 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 16/24] acpi: Ignore acpi_rsdp kernel param when the kernel has
|
||||
@ -28,5 +28,5 @@ index db78d353bab1..d4d4ba348451 100644
|
||||
#endif
|
||||
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 03fbe544eae5e02f40418ae5789795e5bb1f48a5 Mon Sep 17 00:00:00 2001
|
||||
From d02deefe966da9ce7b24a634461a55a48a26f5c4 Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:32:27 +0000
|
||||
Subject: [PATCH 17/24] acpi: Disable ACPI table override if the kernel is
|
||||
@ -37,5 +37,5 @@ index ff425390bfa8..c72bfa97888a 100644
|
||||
memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
|
||||
all_tables_size, PAGE_SIZE);
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 493aaae45aca76a1dcad82a71baeef9a1875783d Mon Sep 17 00:00:00 2001
|
||||
From d57dc54e42838cc52b3d622cfdf8fc9146d223fb Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:39:41 +0000
|
||||
Subject: [PATCH 18/24] acpi: Disable APEI error injection if the kernel is
|
||||
@ -40,5 +40,5 @@ index ec50c32ea3da..e082718d01c2 100644
|
||||
if (flags && (flags &
|
||||
~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF)))
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ce933ae1a94cf0ab432bdd919460c2cd125948f8 Mon Sep 17 00:00:00 2001
|
||||
From f9f91a7b1673ed43f430dc5b5acc5add311fffb2 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <jlee@suse.com>
|
||||
Date: Wed, 23 Nov 2016 13:52:16 +0000
|
||||
Subject: [PATCH 19/24] bpf: Restrict kernel image access functions when the
|
||||
@ -53,5 +53,5 @@ index 460a031c77e5..58eb33d5d6ae 100644
|
||||
for (i = 0; i < fmt_size; i++) {
|
||||
if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i]))
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 06bce719f7b0001840a6881a19214852078e1007 Mon Sep 17 00:00:00 2001
|
||||
From 5cb364215e15f7b2261a4a080bc47034c0420602 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 10:10:34 +0000
|
||||
Subject: [PATCH 20/24] scsi: Lock down the eata driver
|
||||
@ -43,5 +43,5 @@ index 227dd2c2ec2f..5c036d10c18b 100644
|
||||
#if defined(MODULE)
|
||||
/* io_port could have been modified when loading as a module */
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 3c7e170559884cfc9f4bc92e038aa3676bfacca6 Mon Sep 17 00:00:00 2001
|
||||
From a71e61219464413efec0989992de9156807cfae8 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 25 Nov 2016 14:37:45 +0000
|
||||
Subject: [PATCH 21/24] Prohibit PCMCIA CIS storage when the kernel is locked
|
||||
@ -29,5 +29,5 @@ index 55ef7d1fd8da..193e4f7b73b1 100644
|
||||
|
||||
if (off)
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 88ccec7a5ad506fe97a55fb11a1373d0744e6099 Mon Sep 17 00:00:00 2001
|
||||
From 8630a903079e06b279c544242a0bef5c446a5cce Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 7 Dec 2016 10:28:39 +0000
|
||||
Subject: [PATCH 22/24] Lock down TIOCSSERIAL
|
||||
@ -32,5 +32,5 @@ index 13bfd5dcffce..45fb7689bc1c 100644
|
||||
retval = -EPERM;
|
||||
if (change_irq || change_port ||
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 42f6fef780fe1b49724a9d289f0b195f4ccd48da Mon Sep 17 00:00:00 2001
|
||||
From fc70365d40918461359916508605676073ce26d6 Mon Sep 17 00:00:00 2001
|
||||
From: Vito Caputo <vito.caputo@coreos.com>
|
||||
Date: Wed, 25 Nov 2015 02:59:45 -0800
|
||||
Subject: [PATCH 23/24] kbuild: derive relative path for KBUILD_SRC from CURDIR
|
||||
@ -12,7 +12,7 @@ by some undesirable path component.
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index ebe69a704bca..5e290fd0f639 100644
|
||||
index 6da481d08441..9087044d964c 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -149,7 +149,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
|
||||
@ -26,5 +26,5 @@ index ebe69a704bca..5e290fd0f639 100644
|
||||
|
||||
# Leave processing to above invocation of make
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 4958cc96a215c001beb215b3eb9d28e5791bbaf7 Mon Sep 17 00:00:00 2001
|
||||
From d824d0b5ff849b21152a3c26bb22f9efa248eee9 Mon Sep 17 00:00:00 2001
|
||||
From: Geoff Levand <geoff@infradead.org>
|
||||
Date: Fri, 11 Nov 2016 17:28:52 -0800
|
||||
Subject: [PATCH 24/24] Add arm64 coreos verity hash
|
||||
@ -25,5 +25,5 @@ index 613fc3000677..fdaf86c78332 100644
|
||||
/*
|
||||
* The debug table is referenced via its Relative Virtual Address (RVA),
|
||||
--
|
||||
2.13.4
|
||||
2.13.5
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user