merge fixup
This commit is contained in:
Justin M. Forbes
commit
1ae0b0fe93
|
|
@ -19,6 +19,8 @@ CONFIG_SMP_ON_UP=y
|
|||
|
||||
CONFIG_ARM_ARCH_TIMER=y
|
||||
|
||||
CONFIG_CMDLINE=""
|
||||
|
||||
# CONFIG_FPE_NWFPE is not set
|
||||
CONFIG_FPE_FASTFPE=y
|
||||
|
||||
|
|
@ -32,12 +34,15 @@ CONFIG_ZBOOT_ROM_BSS=0
|
|||
|
||||
CONFIG_ATAGS_PROC=y
|
||||
|
||||
#CONFIG_XIP_KERNEL is not set
|
||||
|
||||
# DeviceTree
|
||||
CONFIG_USE_OF=y
|
||||
# CONFIG_OF_SELFTEST is not set
|
||||
CONFIG_PROC_DEVICETREE=y
|
||||
CONFIG_ARM_APPENDED_DTB=y
|
||||
CONFIG_I2C_MUX_PINCTRL=m
|
||||
CONFIG_ARM_ATAG_DTB_COMPAT=y
|
||||
|
||||
# Generic options we want for ARM that aren't defualt
|
||||
CONFIG_HIGHMEM=y
|
||||
|
|
@ -116,6 +121,8 @@ CONFIG_GENERIC_GPIO=y
|
|||
CONFIG_MTD=m
|
||||
CONFIG_MTD_TESTS=m
|
||||
CONFIG_MTD_CMDLINE_PARTS=y
|
||||
CONFIG_MTD_OF_PARTS=y
|
||||
CONFIG_MTD_PHYSMAP_OF=y
|
||||
# CONFIG_MTD_AFS_PARTS is not set
|
||||
CONFIG_MTD_CHAR=m
|
||||
CONFIG_MTD_BLKDEVS=m
|
||||
|
|
|
|||
|
|
@ -2,15 +2,19 @@ CONFIG_ARCH_KIRKWOOD=y
|
|||
CONFIG_ARCH_KIRKWOOD_DT=y
|
||||
# CONFIG_SMP is not set
|
||||
# CONFIG_VFP is not set
|
||||
|
||||
CONFIG_MACH_DB88F6281_BP=y
|
||||
CONFIG_MACH_RD88F6192_NAS=y
|
||||
CONFIG_MACH_RD88F6281=y
|
||||
CONFIG_MACH_MV88F6281GTW_GE=y
|
||||
CONFIG_MACH_SHEEVAPLUG=y
|
||||
CONFIG_MACH_ESATA_SHEEVAPLUG=y
|
||||
CONFIG_MACH_DLINK_KIRKWOOD_DT=y
|
||||
CONFIG_MACH_GURUPLUG=y
|
||||
CONFIG_MACH_DREAMPLUG_DT=y
|
||||
CONFIG_MACH_DOCKSTAR=y
|
||||
CONFIG_MACH_ICONNECT_DT=y
|
||||
CONFIG_MACH_IB62X0_DT=y
|
||||
CONFIG_MACH_TS219=y
|
||||
CONFIG_MACH_TS41X=y
|
||||
CONFIG_MACH_OPENRD_BASE=y
|
||||
|
|
|
|||
|
|
@ -247,6 +247,15 @@ CONFIG_USB_MUSB_HDRC=y
|
|||
|
||||
# CONFIG_USB_GADGET_OMAP is not set
|
||||
# CONFIG_ISP1301_OMAP is not set
|
||||
|
||||
# This block is temporary until we work out why the MMC modules don't work as modules
|
||||
CONFIG_MMC=y
|
||||
CONFIG_MMC_BLOCK=y
|
||||
CONFIG_MMC_SDHCI=y
|
||||
CONFIG_MMC_SDHCI_PLTFM=y
|
||||
CONFIG_MMC_SDHCI_OF=y
|
||||
CONFIG_MMC_SPI=y
|
||||
|
||||
CONFIG_MMC_OMAP=y
|
||||
CONFIG_MMC_OMAP_HS=y
|
||||
CONFIG_TWL4030_USB=y
|
||||
|
|
|
|||
|
|
@ -27,6 +27,14 @@ CONFIG_TEGRA_IOMMU_SMMU=y
|
|||
|
||||
CONFIG_I2C_TEGRA=y
|
||||
|
||||
# This block is temporary until we work out why the MMC modules don't work as modules
|
||||
CONFIG_MMC=y
|
||||
CONFIG_MMC_BLOCK=y
|
||||
CONFIG_MMC_SDHCI=y
|
||||
CONFIG_MMC_SDHCI_PLTFM=y
|
||||
CONFIG_MMC_SDHCI_OF=y
|
||||
CONFIG_MMC_SPI=y
|
||||
|
||||
CONFIG_MMC_SDHCI_TEGRA=y
|
||||
|
||||
# CONFIG_RCU_BOOST is not set
|
||||
|
|
|
|||
19
kernel.spec
19
kernel.spec
|
|
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 1
|
||||
%global baserelease 3
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
|
@ -690,7 +690,7 @@ Patch1100: handle-efi-roms.patch
|
|||
|
||||
# DRM
|
||||
#atch1700: drm-edid-try-harder-to-fix-up-broken-headers.patch
|
||||
Patch1800: drm-vgem.patch
|
||||
#Patch1800: drm-vgem.patch
|
||||
|
||||
# nouveau + drm fixes
|
||||
# intel drm is all merged upstream
|
||||
|
|
@ -887,6 +887,7 @@ Requires: kernel-tools = %{version}-%{release}
|
|||
Provides: cpupowerutils-devel = 1:009-0.6.p1
|
||||
Obsoletes: cpupowerutils-devel < 1:009-0.6.p1
|
||||
Requires: kernel-tools-libs = %{version}-%{release}
|
||||
Provides: kernel-tools-devel
|
||||
%description -n kernel-tools-libs-devel
|
||||
This package contains the development files for the tools/ directory from
|
||||
the kernel source.
|
||||
|
|
@ -1409,7 +1410,7 @@ ApplyPatch secure-boot-20120924.patch
|
|||
|
||||
# DRM core
|
||||
#ApplyPatch drm-edid-try-harder-to-fix-up-broken-headers.patch
|
||||
ApplyPatch drm-vgem.patch
|
||||
#ApplyPatch drm-vgem.patch
|
||||
|
||||
# Nouveau DRM
|
||||
|
||||
|
|
@ -2316,6 +2317,18 @@ fi
|
|||
- v3.6-6670-gecefbd9
|
||||
- Reenable debugging options.
|
||||
|
||||
* Fri Oct 5 2012 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Build MMC in on OMAP and Tegra until we work out why modules don't work
|
||||
|
||||
* Wed Oct 03 2012 Adam Jackson <ajax@redhat.com>
|
||||
- Drop vgem patches, not doing anything yet.
|
||||
|
||||
* Wed Oct 03 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Make sure kernel-tools-libs-devel provides kernel-tools-devel
|
||||
|
||||
* Tue Oct 02 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Patch from David Howells to fix overflow on 32-bit X.509 certs (rhbz 861322)
|
||||
|
||||
* Tue Oct 2 2012 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Update ARM configs for 3.6 final
|
||||
- Add highbank SATA driver for stability
|
||||
|
|
|
|||
|
|
@ -9152,3 +9152,177 @@ index 83eb505..2beea56 100644
|
|||
--
|
||||
1.7.11.4
|
||||
|
||||
The current choice of lifetime for the autogenerated X.509 of 100 years,
|
||||
putting the validTo date in 2112, causes problems on 32-bit systems where a
|
||||
32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected.
|
||||
|
||||
This can result in something like:
|
||||
|
||||
Loading module verification certificates
|
||||
X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired
|
||||
MODSIGN: Problem loading in-kernel X.509 certificate (-127)
|
||||
|
||||
Or:
|
||||
|
||||
X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid
|
||||
MODSIGN: Problem loading in-kernel X.509 certificate (-129)
|
||||
|
||||
Instead of turning the dates into time_t values and comparing, turn the system
|
||||
clock and the ASN.1 dates into tm structs and compare those piecemeal instead.
|
||||
|
||||
Reported-by: Rusty Russell <rusty@rustcorp.com.au>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
|
||||
crypto/asymmetric_keys/x509_cert_parser.c | 25 ++++++++---------
|
||||
crypto/asymmetric_keys/x509_parser.h | 4 +--
|
||||
crypto/asymmetric_keys/x509_public_key.c | 42 ++++++++++++++++++++++++++---
|
||||
3 files changed, 51 insertions(+), 20 deletions(-)
|
||||
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
|
||||
index 8fcac94..db07e8c 100644
|
||||
--- a/crypto/asymmetric_keys/x509_cert_parser.c
|
||||
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
|
||||
@@ -434,11 +434,10 @@ int x509_process_extension(void *context, size_t hdrlen,
|
||||
/*
|
||||
* Record a certificate time.
|
||||
*/
|
||||
-static int x509_note_time(time_t *_time, size_t hdrlen,
|
||||
+static int x509_note_time(struct tm *tm, size_t hdrlen,
|
||||
unsigned char tag,
|
||||
const unsigned char *value, size_t vlen)
|
||||
{
|
||||
- unsigned YY, MM, DD, hh, mm, ss;
|
||||
const unsigned char *p = value;
|
||||
|
||||
#define dec2bin(X) ((X) - '0')
|
||||
@@ -448,30 +447,30 @@ static int x509_note_time(time_t *_time, size_t hdrlen,
|
||||
/* UTCTime: YYMMDDHHMMSSZ */
|
||||
if (vlen != 13)
|
||||
goto unsupported_time;
|
||||
- YY = DD2bin(p);
|
||||
- if (YY > 50)
|
||||
- YY += 1900;
|
||||
+ tm->tm_year = DD2bin(p);
|
||||
+ if (tm->tm_year >= 50)
|
||||
+ tm->tm_year += 1900;
|
||||
else
|
||||
- YY += 2000;
|
||||
+ tm->tm_year += 2000;
|
||||
} else if (tag == ASN1_GENTIM) {
|
||||
/* GenTime: YYYYMMDDHHMMSSZ */
|
||||
if (vlen != 15)
|
||||
goto unsupported_time;
|
||||
- YY = DD2bin(p) * 100 + DD2bin(p);
|
||||
+ tm->tm_year = DD2bin(p) * 100 + DD2bin(p);
|
||||
} else {
|
||||
goto unsupported_time;
|
||||
}
|
||||
|
||||
- MM = DD2bin(p);
|
||||
- DD = DD2bin(p);
|
||||
- hh = DD2bin(p);
|
||||
- mm = DD2bin(p);
|
||||
- ss = DD2bin(p);
|
||||
+ tm->tm_year -= 1900;
|
||||
+ tm->tm_mon = DD2bin(p) - 1;
|
||||
+ tm->tm_mday = DD2bin(p);
|
||||
+ tm->tm_hour = DD2bin(p);
|
||||
+ tm->tm_min = DD2bin(p);
|
||||
+ tm->tm_sec = DD2bin(p);
|
||||
|
||||
if (*p != 'Z')
|
||||
goto unsupported_time;
|
||||
|
||||
- *_time = mktime(YY, MM, DD, hh, mm, ss);
|
||||
return 0;
|
||||
|
||||
unsupported_time:
|
||||
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
|
||||
index 635053f..f86dc5f 100644
|
||||
--- a/crypto/asymmetric_keys/x509_parser.h
|
||||
+++ b/crypto/asymmetric_keys/x509_parser.h
|
||||
@@ -18,8 +18,8 @@ struct x509_certificate {
|
||||
char *subject; /* Name of certificate subject */
|
||||
char *fingerprint; /* Key fingerprint as hex */
|
||||
char *authority; /* Authority key fingerprint as hex */
|
||||
- time_t valid_from;
|
||||
- time_t valid_to;
|
||||
+ struct tm valid_from;
|
||||
+ struct tm valid_to;
|
||||
enum pkey_algo pkey_algo : 8; /* Public key algorithm */
|
||||
enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */
|
||||
enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
|
||||
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
|
||||
index 716917c..5ab736d 100644
|
||||
--- a/crypto/asymmetric_keys/x509_public_key.c
|
||||
+++ b/crypto/asymmetric_keys/x509_public_key.c
|
||||
@@ -106,7 +106,7 @@ error_no_sig:
|
||||
static int x509_key_preparse(struct key_preparsed_payload *prep)
|
||||
{
|
||||
struct x509_certificate *cert;
|
||||
- time_t now;
|
||||
+ struct tm now;
|
||||
size_t srlen, sulen;
|
||||
char *desc = NULL;
|
||||
int ret;
|
||||
@@ -118,7 +118,14 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
||||
pr_devel("Cert Issuer: %s\n", cert->issuer);
|
||||
pr_devel("Cert Subject: %s\n", cert->subject);
|
||||
pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]);
|
||||
- pr_devel("Cert Valid: %lu - %lu\n", cert->valid_from, cert->valid_to);
|
||||
+ printk("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
|
||||
+ cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,
|
||||
+ cert->valid_from.tm_mday, cert->valid_from.tm_hour,
|
||||
+ cert->valid_from.tm_min, cert->valid_from.tm_sec);
|
||||
+ printk("Cert Valid To: %04ld-%02d-%02d %02d:%02d:%02d\n",
|
||||
+ cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
|
||||
+ cert->valid_to.tm_mday, cert->valid_to.tm_hour,
|
||||
+ cert->valid_to.tm_min, cert->valid_to.tm_sec);
|
||||
pr_devel("Cert Signature: %s + %s\n",
|
||||
pkey_algo[cert->sig_pkey_algo],
|
||||
pkey_hash_algo[cert->sig_hash_algo]);
|
||||
@@ -130,13 +137,38 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
||||
goto error_free_cert;
|
||||
}
|
||||
|
||||
- now = CURRENT_TIME.tv_sec;
|
||||
- if (now < cert->valid_from) {
|
||||
+ time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
|
||||
+ printk("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
|
||||
+ now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
|
||||
+ now.tm_hour, now.tm_min, now.tm_sec);
|
||||
+ if (now.tm_year < cert->valid_from.tm_year ||
|
||||
+ (now.tm_year == cert->valid_from.tm_year &&
|
||||
+ (now.tm_mon < cert->valid_from.tm_mon ||
|
||||
+ (now.tm_mon == cert->valid_from.tm_mon &&
|
||||
+ (now.tm_mday < cert->valid_from.tm_mday ||
|
||||
+ (now.tm_mday == cert->valid_from.tm_mday &&
|
||||
+ (now.tm_hour < cert->valid_from.tm_hour ||
|
||||
+ (now.tm_hour == cert->valid_from.tm_hour &&
|
||||
+ (now.tm_min < cert->valid_from.tm_min ||
|
||||
+ (now.tm_min == cert->valid_from.tm_min &&
|
||||
+ (now.tm_sec < cert->valid_from.tm_sec
|
||||
+ ))))))))))) {
|
||||
pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
|
||||
ret = -EKEYREJECTED;
|
||||
goto error_free_cert;
|
||||
}
|
||||
- if (now >= cert->valid_to) {
|
||||
+ if (now.tm_year > cert->valid_to.tm_year ||
|
||||
+ (now.tm_year == cert->valid_to.tm_year &&
|
||||
+ (now.tm_mon > cert->valid_to.tm_mon ||
|
||||
+ (now.tm_mon == cert->valid_to.tm_mon &&
|
||||
+ (now.tm_mday > cert->valid_to.tm_mday ||
|
||||
+ (now.tm_mday == cert->valid_to.tm_mday &&
|
||||
+ (now.tm_hour > cert->valid_to.tm_hour ||
|
||||
+ (now.tm_hour == cert->valid_to.tm_hour &&
|
||||
+ (now.tm_min > cert->valid_to.tm_min ||
|
||||
+ (now.tm_min == cert->valid_to.tm_min &&
|
||||
+ (now.tm_sec > cert->valid_to.tm_sec
|
||||
+ ))))))))))) {
|
||||
pr_warn("Cert %s has expired\n", cert->fingerprint);
|
||||
ret = -EKEYEXPIRED;
|
||||
goto error_free_cert;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue