# Changes to support package build system debian/version.patch debian/uname-version-timestamp.patch debian/kernelvariables.patch debian/gitignore.patch debian/mips-disable-werror.patch debian/arch-sh4-fix-uimage-build.patch debian/powerpcspe-omit-uimage.patch features/all/Kbuild-kconfig-Verbose-version-of-listnewconfig.patch debian/modpost-symbol-prefix.patch debian/tools-perf-version.patch debian/tools-perf-install.patch # Fixes/improvements to firmware loading features/all/drivers-media-dvb-usb-af9005-request_firmware.patch debian/iwlwifi-do-not-request-unreleased-firmware.patch bugfix/all/firmware_class-log-every-success-and-failure.patch bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch # Patches from aufs4 repository, imported with # debian/patches/features/all/aufs4/gen-patch. These are only the # changes needed to allow aufs to be built out-of-tree. features/all/aufs4/aufs4-base.patch features/all/aufs4/aufs4-mmap.patch features/all/aufs4/aufs4-standalone.patch # Change some defaults for security reasons debian/af_802154-Disable-auto-loading-as-mitigation-against.patch debian/rds-Disable-auto-loading-as-mitigation-against-local.patch debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch debian/fs-enable-link-security-restrictions-by-default.patch # Set various features runtime-disabled by default debian/sched-autogroup-disabled.patch debian/yama-disable-by-default.patch debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch features/all/security-perf-allow-further-restriction-of-perf_event_open.patch # Disable autoloading/probing of various drivers by default debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch debian/snd-pcsp-disable-autoload.patch bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch debian/fjes-disable-autoload.patch # Taint if dangerous features are used debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch # Reduce noise for bug #852324 debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch # Arch bug fixes bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-310-15ikb-to.patch bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v310-15isk-t.patch bugfix/x86/platform-x86-ideapad-laptop-add-y520-15ikbn-to-no_hw.patch bugfix/x86/platform-x86-ideapad-laptop-add-y720-15ikbn-to-no_hw.patch bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch debian/revert-gpu-host1x-add-iommu-support.patch bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch bugfix/arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch # Arch features features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch features/x86/x86-memtest-WARN-if-bad-RAM-found.patch features/x86/x86-make-x32-syscall-support-conditional.patch features/arm64/ARM64-dts-marvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch # Miscellaneous bug fixes bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch bugfix/all/bfq-re-enable-auto-loading-when-built-as-a-module.patch ## Jose/Metztli IT 10-15-2017 ## bugfix/all/mac80211-fix-deadlock-in-driver-managed-RX-BA-sessio.patch # Miscellaneous features # Lockdown (formerly 'securelevel') patchset features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch # some missing pieces features/all/lockdown/enable-cold-boot-attack-mitigation.patch features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch # Jose/Metztli IT 10-15-2017 ## bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch ## bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch ## bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch ## bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch ## bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch ## bugfix/all/fix-infoleak-in-waitid-2.patch ## bugfix/all/brcmfmac-add-length-check-in-brcmf_cfg80211_escan_ha.patch ## bugfix/all/powerpc-64s-Use-emergency-stack-for-kernel-TM-Bad-Th.patch ## bugfix/all/powerpc-tm-Fix-illegal-TM-state-in-signal-handler.patch ## bugfix/all/KEYS-prevent-KEYCTL_READ-on-negative-key.patch ## bugfix/all/waitid-Add-missing-access_ok-checks.patch bugfix/all/ALSA-seq-Fix-use-after-free-at-creating-a-port.patch bugfix/x86/KVM-nVMX-update-last_nonleaf_level-when-initializing.patch bugfix/x86/KVM-MMU-always-terminate-page-walks-at-level-1.patch # Fix exported symbol versions bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch bugfix/all/module-disable-matching-missing-version-crc.patch # ABI maintenance # Tools bug fixes bugfix/all/usbip-document-tcp-wrappers.patch bugfix/all/kbuild-fix-recordmcount-dependency.patch bugfix/all/tools-perf-man-date.patch bugfix/all/tools-perf-remove-shebangs.patch bugfix/all/tools-lib-traceevent-use-ldflags.patch bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch bugfix/all/cpupower-bump-soname-version.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/tools-lib-lockdep-define-pr_cont.patch