iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b0e22b47f6
linux/scripts
History
Linus Torvalds b0e22b47f6 Fix CVE-2020-26541 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmBKRxMACgkQ+7dXa6fL
 C2trYg/7Brf6d0JUAw/MbjCcPVL5SmTHRGJwmKq7+du/Z4yqz3VcL/flk2cyvMr3
 lvGQK+KTWTZLidovQA42e54XIaUh3cqwUhz9H3+X61gY7kWJvioEhvg1tD007L7O
 DrMMkRhh9nnAV5GOhHj1nxIcgmxwrKNkzevf157RRKWnm9VBNmeZsu0kd2Ffx0i0
 EqsejQU+sP6MgeKjTTKXKVpvH2GGB0NJRrpQCJSR4t9GrAt+rGlcNJFdqqmyxhpj
 cGtEhtNO7MiigGHxCbzpK0g6l6f31si+WIAywdxF65DGQOF3gcgxHQlPDcNiC/RH
 PLPEchUH2fOv4koDQWM8HJ4XDS5eRZmYSh6WPrSxJwuNH/NDyWxKSxrBXGhRWTfx
 RaMe2wQcQq9Rge+e6PwR+nJEbdSL2BHxdAaBDqBlxY9A0c6onTy+XzVSLTKYUJ5u
 /Y/fND3eHvMPZt4WMMZDQzHVnHscXFYPI4y1EMDLcAof9ltNG5zLAJZ6mHi6rqGl
 q+VhSPFi6equ7szdV2cZ5ltSROdAnwkbycs1LgeSzh8LWe83Tkq0eDEHSTjGpQFY
 VWGBs6JGl1QPdQdSc3uqki1LdTYUy5w0Pr3h0Ff6L3NS9fUrzCMtsN+/4aQNzS+C
 cP22WM2IRDtN17pRASNjI4/6sL7X7/rLQ8KNq/QpQeD4+ZkINaI=
 =fLQY
 -----END PGP SIGNATURE-----

Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull x509 dbx/mokx UEFI support from David Howells:
 "Here's a set of patches from Eric Snowberg[1] that add support for
  EFI_CERT_X509_GUID entries in the dbx and mokx UEFI tables (such
  entries cause matching certificates to be rejected).

  These are currently ignored and only the hash entries are made use of.

  Additionally Eric included his patches to allow such certificates to
  be preloaded.

  These patches deal with CVE-2020-26541.

  To quote Eric:
       'This is the fifth patch series for adding support for
        EFI_CERT_X509_GUID entries [2]. It has been expanded to not only
        include dbx entries but also entries in the mokx. Additionally
        my series to preload these certificate [3] has also been
        included'"

Link: https://lore.kernel.org/r/20210122181054.32635-1-eric.snowberg@oracle.com [1]
Link: https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/ [2]
Link: https://lore.kernel.org/patchwork/cover/1315485/ [3]

* tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  integrity: Load mokx variables into the blacklist keyring
  certs: Add ability to preload revocation certs
  certs: Move load_system_certificate_list to a common function
  certs: Add EFI_CERT_X509_GUID support for dbx entries
2021-04-26 08:38:10 -07:00
..
atomic locking/atomics: Regenerate the atomics-check SHA1's 2020-11-07 13:20:41 +01:00
basic kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
clang-tools gen_compile_commands: prune some directories 2021-02-16 22:23:56 +09:00
coccinelle of: Remove of_dev_{get,put}() 2021-02-12 19:23:39 -06:00
dtc Devicetree fixes for v5.12-rc: 2021-03-05 12:12:28 -08:00
dummy-tools kbuild: dummy-tools: adjust to scripts/cc-version.sh 2021-03-11 14:52:54 +09:00
gcc-plugins kbuild: rebuild GCC plugins when the compiler is upgraded 2021-03-11 14:40:50 +09:00
gdb scripts/gdb: fix list_for_each 2021-02-26 09:41:05 -08:00
genksyms genksyms: remove useless case DOTS 2021-02-16 12:01:45 +09:00
kconfig kconfig: unify rule of config, menuconfig, nconfig, gconfig, xconfig 2021-02-24 15:12:06 +09:00
ksymoops
mod Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
package builddeb: Fix rootless build in setuid/setgid directory 2020-11-02 11:31:00 +09:00
selinux scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-17 20:42:00 -04:00
tracing tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
.gitignore kbuild: preprocess module linker script 2020-09-25 00:36:41 +09:00
adjust_autoksyms.sh kbuild: do not include include/config/auto.conf from adjust_autoksyms.sh 2021-02-28 15:22:02 +09:00
asn1_compiler.c
bin2c.c
bloat-o-meter scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
bootgraph.pl
bpf_helpers_doc.py bpf: Add a bpf_sock_from_file helper 2020-12-04 22:32:40 +01:00
cc-can-link.sh
cc-version.sh kbuild: check the minimum compiler version in Kconfig 2021-02-16 12:01:32 +09:00
check_extable.sh
check-sysctl-docs docs: add a script to check sysctl docs 2020-02-25 03:35:16 -07:00
checkincludes.pl
checkkconfigsymbols.py kconfig: remove '---help---' support 2020-08-14 13:30:03 +09:00
checkpatch.pl checkpatch: do not apply "initialise globals to 0" check to BPF progs 2021-02-26 09:41:04 -08:00
checkstack.pl scripts/checkstack.pl: fix arm sp regex 2020-05-26 00:03:16 +09:00
checksyscalls.sh
checkversion.pl
cleanfile
cleanpatch
coccicheck scripts: coccicheck: Correct usage of make coccicheck 2020-12-24 12:59:43 +01:00
config kconfig: config script: add a little user help 2021-01-04 10:38:11 +09:00
const_structs.checkpatch const_structs.checkpatch: add pinctrl_ops and pinmux_ops 2020-10-16 11:11:21 -07:00
decode_stacktrace.sh scripts/decode_stacktrace.sh: guess path to vmlinux by release name 2020-08-07 11:33:21 -07:00
decodecode scripts/decodecode: add the capability to supply the program counter 2020-10-13 18:38:26 -07:00
depmod.sh depmod: handle the case of /sbin/depmod without /sbin in PATH 2021-01-01 12:26:39 -08:00
dev-needs.sh scripts/dev-needs: Add script to list device dependencies 2020-09-04 18:19:37 +02:00
diffconfig scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
documentation-file-ref-check scripts: documentation-file-ref-check: Add line break before exit 2020-04-15 15:13:13 -06:00
export_report.pl modpost: move the namespace field in Module.symvers last 2020-03-17 08:59:03 +09:00
extract_xc3028.pl
extract-cert.c extract-cert: add static to local data 2020-08-18 20:16:46 +09:00
extract-ikconfig
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux
faddr2line
file-size.sh
find-unused-docs.sh scripts/find-unused-docs: Fix massive false positives 2020-01-27 14:25:06 -07:00
gcc-goto.sh
gcc-ld
gcc-x86_32-has-stack-protector.sh
gcc-x86_64-has-stack-protector.sh
gen_autoksyms.sh kbuild: fix UNUSED_KSYMS_WHITELIST for Clang LTO 2021-02-28 15:19:21 +09:00
gen_ksymdeps.sh
generate_initcall_order.pl init: lto: ensure initcall ordering 2021-01-14 08:21:09 -08:00
get_abi.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
get_dvb_firmware
get_feat.pl scripts: get_feat.pl: reduce table width for all features output 2020-12-04 14:34:27 -07:00
get_maintainer.pl get_maintainer: exclude MAINTAINERS file(s) from --git-fallback 2020-10-16 11:11:19 -07:00
gfp-translate
headerdep.pl
headers_check.pl
headers_install.sh Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
insert-sys-cert.c
jobserver-exec kbuild: remove PYTHON variable 2021-02-01 10:37:19 +09:00
kallsyms.c kallsyms: fix nonconverging kallsyms table with lld 2021-02-05 17:53:28 +09:00
Kbuild.include kbuild: remove ld-version macro 2021-02-22 08:22:04 +09:00
Kconfig.include kbuild: check the minimum linker version in Kconfig 2021-02-22 08:22:04 +09:00
kernel-doc scripts: kernel-doc: fix array element capture in pointer-to-func parsing 2021-02-22 14:20:36 -07:00
ld-version.sh kbuild: fix ld-version.sh to not be affected by locale 2021-03-13 11:12:13 +09:00
leaking_addresses.pl
Lindent
link-vmlinux.sh kbuild: lto: postpone objtool 2021-02-23 12:46:57 -08:00
Makefile Fix CVE-2020-26541 2021-04-26 08:38:10 -07:00
Makefile.asm-generic
Makefile.build Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
Makefile.clean kbuild: remove deprecated 'always' and 'hostprogs-y/m' 2021-02-24 15:12:06 +09:00
Makefile.dtbinst kbuild: Add support to build overlays (%.dtbo) 2021-02-04 09:00:04 -06:00
Makefile.extrawarn Makefile.extrawarn: remove -Wnested-externs warning 2020-12-08 23:30:05 +09:00
Makefile.gcc-plugins gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving 2020-06-24 07:48:28 -07:00
Makefile.headersinst kbuild: move headers_check rule to usr/include/Makefile 2019-11-15 00:23:10 +09:00
Makefile.host kbuild: sort hostprogs before passing it to ifneq 2020-08-10 01:32:59 +09:00
Makefile.kasan kasan: remove redundant config option 2021-04-16 16:10:36 -07:00
Makefile.kcov kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled 2020-08-10 01:32:59 +09:00
Makefile.kcsan Kbuild updates for v5.10 2020-10-22 13:13:57 -07:00
Makefile.lib kbuild: remove meaningless parameter to $(call if_changed_rule,dtc) 2021-03-11 18:22:48 +09:00
Makefile.modfinal kbuild: lto: postpone objtool 2021-02-23 12:46:57 -08:00
Makefile.modinst kbuild: modinst: read modules.order instead of $(MODVERDIR)/*.mod 2019-07-17 22:39:27 +09:00
Makefile.modpost kbuild: lto: fix module versioning 2021-01-14 08:21:08 -08:00
Makefile.modsign kbuild: modsign: read modules.order instead of $(MODVERDIR)/*.mod 2019-07-17 22:39:27 +09:00
Makefile.package kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables 2020-06-11 20:14:41 +09:00
Makefile.ubsan ubsan: remove overflow checks 2021-02-26 09:41:05 -08:00
Makefile.userprogs kbuild: add infrastructure to build userspace programs 2020-05-17 18:52:01 +09:00
makelst
markup_oops.pl
mkcompile_h kbuild: Use uname for LINUX_COMPILE_HOST detection 2020-10-21 00:46:04 +09:00
mkmakefile kbuild: get rid of $(realpath ...) from scripts/mkmakefile 2019-08-29 23:54:29 +09:00
mksysmap mksysmap: Fix the mismatch of '.L' symbols in System.map 2020-06-06 23:39:20 +09:00
mkuboot.sh
module.lds.S kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is enabled 2021-04-01 14:15:59 -07:00
modules-check.sh kbuild: make module name conflict fatal error 2020-05-26 00:03:16 +09:00
nsdeps kbuild: do not use scripts/ld-version.sh for checking spatch version 2020-12-12 18:31:29 +01:00
objdiff
parse-maintainers.pl parse-maintainers: Do not sort section content by default 2020-03-26 15:08:27 -07:00
patch-kernel
profile2linkerlist.pl
prune-kernel
recordmcount.c ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount 2021-03-02 17:27:18 -05:00
recordmcount.h recordmcount: support >64k sections 2020-06-16 21:21:00 -04:00
recordmcount.pl scripts/recordmcount.pl: support big endian for ARCH sh 2021-02-13 11:42:40 -08:00
setlocalversion scripts/setlocalversion: make git describe output more reliable 2020-09-25 02:28:12 +09:00
show_delta tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
sign-file.c
sorttable.c s390/kernel: expand exception table logic to allow new handling options 2020-07-20 10:55:50 +02:00
sorttable.h scripts/sorttable: Implement build-time ORC unwind table sorting 2019-12-13 10:47:58 +01:00
spdxcheck-test.sh
spdxcheck.py spdxcheck.py: Use Python 3 2021-01-27 14:50:12 +01:00
spelling.txt scripts/spelling.txt: add more spellings to spelling.txt 2021-02-24 13:38:26 -08:00
sphinx-pre-install Docs: drop Python 2 support 2021-02-01 17:17:14 -07:00
split-man.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
stackdelta
stackusage
subarch.include
syscallhdr.sh scripts: add generic syscallhdr.sh 2021-02-22 08:22:04 +09:00
syscalltbl.sh scripts: add generic syscalltbl.sh 2021-02-22 08:22:03 +09:00
tags.sh Merge branch 'locking/urgent' into locking/core, to pick up fixes 2020-10-09 08:55:17 +02:00
test_dwarf5_support.sh Kconfig: allow explicit opt in to DWARF v5 2021-02-16 12:01:45 +09:00
tools-support-relr.sh scripts/tools-support-relr.sh: un-quote variables 2019-11-13 10:52:05 +00:00
unifdef.c
ver_linux ver_linux: Eliminate duplicate code in ldconfig processing logic 2021-01-27 14:54:42 +01:00
xen-hypercalls.sh
xz_wrap.sh kbuild: add variables for compression tools 2020-06-06 23:42:01 +09:00