Linux v4.11.3
This commit is contained in:
parent
51402ab09f
commit
21ab0c2a00
|
@ -1,4 +1,4 @@
|
|||
From df7d76ae50f18d4465e59fdf7f19d3df44906cb5 Mon Sep 17 00:00:00 2001
|
||||
From 85255f3885abdd1d2e5dc9f6e51f2fc9db075843 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 07/32] efi: Add EFI_SECURE_BOOT bit
|
||||
|
@ -18,10 +18,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 69780ed..447905e 100644
|
||||
index 4bf0c89..396285b 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1182,6 +1182,7 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1184,6 +1184,7 @@ void __init setup_arch(char **cmdline_p)
|
||||
pr_info("Secure boot disabled\n");
|
||||
break;
|
||||
case efi_secureboot_mode_enabled:
|
||||
|
@ -42,13 +42,13 @@ index 94d34e0..6049600 100644
|
|||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From f05a90c19a9613d8d50597319ed91f691e25b689 Mon Sep 17 00:00:00 2001
|
||||
From 341507e80b888b5b587bdb60f0d95275dbbcad89 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:36:17 +0000
|
||||
Subject: [PATCH 09/32] Add the ability to lock down access to the running
|
||||
kernel image
|
||||
Subject: [PATCH 09/32] Add the ability to lock down access to the running kernel
|
||||
image
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
should be locked down, thereby disallowing various accesses that might
|
||||
|
@ -67,10 +67,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
create mode 100644 security/lock_down.c
|
||||
|
||||
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
|
||||
index cb09238..3cd3be9 100644
|
||||
index 4c26dc3..b820a80 100644
|
||||
--- a/include/linux/kernel.h
|
||||
+++ b/include/linux/kernel.h
|
||||
@@ -273,6 +273,15 @@ extern int oops_may_print(void);
|
||||
@@ -275,6 +275,15 @@ extern int oops_may_print(void);
|
||||
void do_exit(long error_code) __noreturn;
|
||||
void complete_and_exit(struct completion *, long) __noreturn;
|
||||
|
||||
|
@ -87,10 +87,10 @@ index cb09238..3cd3be9 100644
|
|||
int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res);
|
||||
int __must_check _kstrtol(const char *s, unsigned int base, long *res);
|
||||
diff --git a/include/linux/security.h b/include/linux/security.h
|
||||
index d3868f2..187b74b 100644
|
||||
index 96899fa..5808570 100644
|
||||
--- a/include/linux/security.h
|
||||
+++ b/include/linux/security.h
|
||||
@@ -1679,5 +1679,16 @@ static inline void free_secdata(void *secdata)
|
||||
@@ -1678,5 +1678,16 @@ static inline void free_secdata(void *secdata)
|
||||
{ }
|
||||
#endif /* CONFIG_SECURITY */
|
||||
|
||||
|
@ -191,9 +191,9 @@ index 0000000..5788c60
|
|||
+}
|
||||
+EXPORT_SYMBOL(kernel_is_locked_down);
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From fb6feb38e297260d050fc477c72683ac51d07ae3 Mon Sep 17 00:00:00 2001
|
||||
From dfabd5c5acc95a2de69d44f794e6f1ce894fd3ff Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 10/32] efi: Lock down the kernel if booted in secure boot mode
|
||||
|
@ -211,10 +211,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
2 files changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 874c123..a315974 100644
|
||||
index cc98d5a..21f3985 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1816,6 +1816,18 @@ config EFI_MIXED
|
||||
@@ -1817,6 +1817,18 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
|
@ -234,7 +234,7 @@ index 874c123..a315974 100644
|
|||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 447905e..d44e60e 100644
|
||||
index 396285b..85dfa74 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -69,6 +69,7 @@
|
||||
|
@ -245,7 +245,7 @@ index 447905e..d44e60e 100644
|
|||
|
||||
#include <video/edid.h>
|
||||
|
||||
@@ -1183,7 +1184,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1185,7 +1186,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
break;
|
||||
case efi_secureboot_mode_enabled:
|
||||
set_bit(EFI_SECURE_BOOT, &efi.flags);
|
||||
|
@ -260,9 +260,9 @@ index 447905e..d44e60e 100644
|
|||
default:
|
||||
pr_info("Secure boot could not be determined\n");
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 7182f2f5b254d6dc6d3105d2f99219a76adf9de0 Mon Sep 17 00:00:00 2001
|
||||
From 0329e34894da0599619b03fa6cb16d575bfc68d4 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 23 Nov 2016 13:22:22 +0000
|
||||
Subject: [PATCH 11/32] Enforce module signatures if the kernel is locked down
|
||||
|
@ -289,13 +289,13 @@ index 7eba6de..3331f2e 100644
|
|||
|
||||
return err;
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 7e97c58bcd0b4c082b889fb093a2779147532b9f Mon Sep 17 00:00:00 2001
|
||||
From 236e7dcbf5eb7b27416a819d6cb69d3006481cef Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 12/32] Restrict /dev/mem and /dev/kmem when the kernel is
|
||||
locked down
|
||||
Subject: [PATCH 12/32] Restrict /dev/mem and /dev/kmem when the kernel is locked
|
||||
down
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel to
|
||||
be subverted, avoiding module loading restrictions. Prevent this when the
|
||||
|
@ -308,10 +308,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 6d9cc2d..f814404 100644
|
||||
index 6e0cbe0..a97b22f 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
@@ -179,6 +179,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
if (p != *ppos)
|
||||
return -EFBIG;
|
||||
|
||||
|
@ -321,7 +321,7 @@ index 6d9cc2d..f814404 100644
|
|||
if (!valid_phys_addr_range(p, count))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
@@ -540,6 +543,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
||||
int err = 0;
|
||||
|
||||
|
@ -332,9 +332,9 @@ index 6d9cc2d..f814404 100644
|
|||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From b83b68a9a13120664eaabf21a7b3ff0b065bd5b2 Mon Sep 17 00:00:00 2001
|
||||
From 58a5ca7a67b9091800f61c1c411b3f411fcd857b Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:55:56 +0000
|
||||
Subject: [PATCH 13/32] Add a sysrq option to exit secure boot mode
|
||||
|
@ -354,10 +354,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
7 files changed, 68 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index a315974..6931e68 100644
|
||||
index 21f3985..457c049 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1828,6 +1828,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
|
||||
@@ -1829,6 +1829,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
|
||||
image. Say Y here to automatically lock down the kernel when a
|
||||
system boots with UEFI Secure Boot enabled.
|
||||
|
||||
|
@ -375,7 +375,7 @@ index a315974..6931e68 100644
|
|||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index d44e60e..f7635d0 100644
|
||||
index 85dfa74..a415a48 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -71,6 +71,11 @@
|
||||
|
@ -390,7 +390,7 @@ index d44e60e..f7635d0 100644
|
|||
#include <video/edid.h>
|
||||
|
||||
#include <asm/mtrr.h>
|
||||
@@ -1328,6 +1333,32 @@ void __init i386_reserve_resources(void)
|
||||
@@ -1330,6 +1335,32 @@ void __init i386_reserve_resources(void)
|
||||
|
||||
#endif /* CONFIG_X86_32 */
|
||||
|
||||
|
@ -436,10 +436,10 @@ index 022be0e..4a054a5 100644
|
|||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index 7113674..e1addc3 100644
|
||||
index c6fc714..0c96cf6 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -479,6 +479,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
@@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
/* x: May be registered on mips for TLB dump */
|
||||
/* x: May be registered on ppc/powerpc for xmon */
|
||||
/* x: May be registered on sparc64 for global PMU dump */
|
||||
|
@ -447,7 +447,7 @@ index 7113674..e1addc3 100644
|
|||
NULL, /* x */
|
||||
/* y: May be registered on sparc64 for global register dump */
|
||||
NULL, /* y */
|
||||
@@ -522,7 +523,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
@@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
sysrq_key_table[i] = op_p;
|
||||
}
|
||||
|
||||
|
@ -456,7 +456,7 @@ index 7113674..e1addc3 100644
|
|||
{
|
||||
struct sysrq_key_op *op_p;
|
||||
int orig_log_level;
|
||||
@@ -542,11 +543,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
|
||||
op_p = __sysrq_get_key_op(key);
|
||||
if (op_p) {
|
||||
|
@ -473,7 +473,7 @@ index 7113674..e1addc3 100644
|
|||
pr_cont("%s\n", op_p->action_msg);
|
||||
console_loglevel = orig_log_level;
|
||||
op_p->handler(key);
|
||||
@@ -578,7 +583,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
void handle_sysrq(int key)
|
||||
{
|
||||
if (sysrq_on())
|
||||
|
@ -482,7 +482,7 @@ index 7113674..e1addc3 100644
|
|||
}
|
||||
EXPORT_SYMBOL(handle_sysrq);
|
||||
|
||||
@@ -659,7 +664,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
@@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
static void sysrq_handle_reset_request(struct sysrq_state *state)
|
||||
{
|
||||
if (state->reset_requested)
|
||||
|
@ -491,7 +491,7 @@ index 7113674..e1addc3 100644
|
|||
|
||||
if (sysrq_reset_downtime_ms)
|
||||
mod_timer(&state->keyreset_timer,
|
||||
@@ -810,8 +815,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
@@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
|
||||
default:
|
||||
if (sysrq->active && value && value != 2) {
|
||||
|
@ -503,7 +503,7 @@ index 7113674..e1addc3 100644
|
|||
}
|
||||
break;
|
||||
}
|
||||
@@ -1095,7 +1102,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
@@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
|
||||
if (get_user(c, buf))
|
||||
return -EFAULT;
|
||||
|
@ -570,10 +570,10 @@ index 387fa7d..f7c52a9 100644
|
|||
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
|
||||
struct sysrq_key_op *__sysrq_get_key_op(int key);
|
||||
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
|
||||
index ca18391..c4524b8 100644
|
||||
index c8146d5..b480cad 100644
|
||||
--- a/kernel/debug/kdb/kdb_main.c
|
||||
+++ b/kernel/debug/kdb/kdb_main.c
|
||||
@@ -1967,7 +1967,7 @@ static int kdb_sr(int argc, const char **argv)
|
||||
@@ -1970,7 +1970,7 @@ static int kdb_sr(int argc, const char **argv)
|
||||
return KDB_ARGCOUNT;
|
||||
|
||||
kdb_trap_printk++;
|
||||
|
@ -583,9 +583,9 @@ index ca18391..c4524b8 100644
|
|||
|
||||
return 0;
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 8884bd44932e595323fcddfb09c2a2a586134cdf Mon Sep 17 00:00:00 2001
|
||||
From 1b5f90719268c27616172f00cde6e1078eb413c5 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 14/32] kexec: Disable at runtime if the kernel is locked down
|
||||
|
@ -622,13 +622,12 @@ index 980936a..46de8e6 100644
|
|||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From cace563d1743c3d2faf1e46bd4df8e63e2310207 Mon Sep 17 00:00:00 2001
|
||||
From 85eaf32ad6cb1ce6ab88601daac8e601386929bb Mon Sep 17 00:00:00 2001
|
||||
From: Dave Young <dyoung@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 15/32] Copy secure_boot flag in boot params across kexec
|
||||
reboot
|
||||
Subject: [PATCH] Copy secure_boot flag in boot params across kexec reboot
|
||||
|
||||
Kexec reboot in case secure boot being enabled does not keep the secure
|
||||
boot mode in new kernel, so later one can load unsigned kernel via legacy
|
||||
|
@ -660,13 +659,12 @@ index d0a814a..3551bca 100644
|
|||
ei->efi_systab = current_ei->efi_systab;
|
||||
ei->efi_systab_hi = current_ei->efi_systab_hi;
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 08a3467acbc28bb469d1eebd0f5fd40b944d984a Mon Sep 17 00:00:00 2001
|
||||
From 421f4933387c7663b99d63624bdc23d4037e9c26 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:49:19 +0000
|
||||
Subject: [PATCH 16/32] kexec_file: Disable at runtime if securelevel has been
|
||||
set
|
||||
Subject: [PATCH 16/32] kexec_file: Disable at runtime if securelevel has been set
|
||||
|
||||
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
|
||||
through kexec_file systemcall if securelevel has been set.
|
||||
|
@ -682,7 +680,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
|
||||
index b56a558..003cade 100644
|
||||
index b118735..f6937ee 100644
|
||||
--- a/kernel/kexec_file.c
|
||||
+++ b/kernel/kexec_file.c
|
||||
@@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
|
||||
|
@ -699,9 +697,9 @@ index b56a558..003cade 100644
|
|||
if (flags != (flags & KEXEC_FILE_FLAGS))
|
||||
return -EINVAL;
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 925fd10d7a99a6f999dde76daf2b1ef1238b251a Mon Sep 17 00:00:00 2001
|
||||
From 0376070dd24c4226e047cf5ab8d68c8341b8d521 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 17/32] hibernate: Disable when the kernel is locked down
|
||||
|
@ -718,10 +716,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index 86385af..1629798 100644
|
||||
index a8b978c..50cca5d 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -67,7 +67,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
@@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
|
||||
bool hibernation_available(void)
|
||||
{
|
||||
|
@ -731,12 +729,12 @@ index 86385af..1629798 100644
|
|||
|
||||
/**
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From b14fb5fcd60c84a09a15bd7ec974b6fbce68335c Mon Sep 17 00:00:00 2001
|
||||
From fff7953fd653f695d0a43872726086637cad224b Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <mjg59@srcf.ucam.org>
|
||||
Date: Wed, 23 Nov 2016 13:28:17 +0000
|
||||
Subject: [PATCH 18/32] uswsusp: Disable when the kernel is locked down
|
||||
Subject: [PATCH] uswsusp: Disable when the kernel is locked down
|
||||
|
||||
uswsusp allows a user process to dump and then restore kernel state, which
|
||||
makes it possible to modify the running kernel. Disable this if the kernel
|
||||
|
@ -763,13 +761,12 @@ index 22df9f7..e4b926d 100644
|
|||
|
||||
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From d8167273e7562e5aa866d2b65e25bb1962de972c Mon Sep 17 00:00:00 2001
|
||||
From a4cb6a7d28d27aa8166b7e0d5f75fe16f2f18ac8 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 19/32] PCI: Lock down BAR access when the kernel is locked
|
||||
down
|
||||
Subject: [PATCH 19/32] PCI: Lock down BAR access when the kernel is locked down
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down in
|
||||
order to avoid it being possible for an attacker to modify kernel code,
|
||||
|
@ -786,10 +783,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
3 files changed, 17 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 0666287..b10992c 100644
|
||||
index 7ac258f..7d29b03 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -718,6 +718,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
@@ -727,6 +727,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
|
@ -799,7 +796,7 @@ index 0666287..b10992c 100644
|
|||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -1009,6 +1012,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
@@ -1022,6 +1025,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
resource_size_t start, end;
|
||||
int i;
|
||||
|
||||
|
@ -809,7 +806,7 @@ index 0666287..b10992c 100644
|
|||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||
if (res == &pdev->resource[i])
|
||||
break;
|
||||
@@ -1108,6 +1114,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
@@ -1121,6 +1127,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
|
@ -820,7 +817,7 @@ index 0666287..b10992c 100644
|
|||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index f82710a..139d6f0 100644
|
||||
index dc8912e..e2c5eff 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
|
@ -845,13 +842,13 @@ index f82710a..139d6f0 100644
|
|||
ret = pci_domain_nr(dev->bus);
|
||||
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct pci_filp_private *fpriv = file->private_data;
|
||||
int i, ret, write_combine;
|
||||
int i, ret, write_combine = 0, res_bit;
|
||||
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down())
|
||||
return -EPERM;
|
||||
|
||||
/* Make sure the caller is mapping a real resource for this device */
|
||||
if (fpriv->mmap_state == pci_mmap_io)
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index 9bf993e..c095247 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
|
@ -866,13 +863,12 @@ index 9bf993e..c095247 100644
|
|||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 169d13e0c5240ac6aad13aace5ecbdb3de2cfada Mon Sep 17 00:00:00 2001
|
||||
From 4f9b39483a30ae4bd6e9c90caaf3a0466161d024 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 20/32] x86: Lock down IO port access when the kernel is locked
|
||||
down
|
||||
Subject: [PATCH 20/32] x86: Lock down IO port access when the kernel is locked down
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO
|
||||
|
@ -890,10 +886,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||
index b01bc8517..4ccaace 100644
|
||||
index 9c3cf09..4a613fe 100644
|
||||
--- a/arch/x86/kernel/ioport.c
|
||||
+++ b/arch/x86/kernel/ioport.c
|
||||
@@ -29,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
@@ -30,7 +30,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
|
||||
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
||||
return -EINVAL;
|
||||
|
@ -902,7 +898,7 @@ index b01bc8517..4ccaace 100644
|
|||
return -EPERM;
|
||||
|
||||
/*
|
||||
@@ -113,7 +113,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
|
||||
@@ -120,7 +120,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
|
||||
return -EINVAL;
|
||||
/* Trying to gain more privileges? */
|
||||
if (level > old) {
|
||||
|
@ -912,10 +908,10 @@ index b01bc8517..4ccaace 100644
|
|||
}
|
||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index f814404..9afebb6 100644
|
||||
index a97b22f..8705f8f 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -741,6 +741,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
|
||||
@@ -768,6 +768,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
|
||||
|
||||
static int open_port(struct inode *inode, struct file *filp)
|
||||
{
|
||||
|
@ -925,9 +921,9 @@ index f814404..9afebb6 100644
|
|||
}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From efd24f7e9af624b62f39efce4f60b31f0ca643d8 Mon Sep 17 00:00:00 2001
|
||||
From b746ba587c937240794cd7006c15a0fb3b2f8128 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:17 +0000
|
||||
Subject: [PATCH 21/32] x86: Restrict MSR access when the kernel is locked down
|
||||
|
@ -969,9 +965,9 @@ index ef68880..fbcce02 100644
|
|||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 62ebdffbcb0726b98562e9f1173a6d5967755764 Mon Sep 17 00:00:00 2001
|
||||
From 5aff4c16ee0a6441b1abbf6e80a5da9cf2007469 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 22/32] asus-wmi: Restrict debugfs interface when the kernel is
|
||||
|
@ -990,10 +986,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 43cb680..9be3e08 100644
|
||||
index 8fe5890..feef250 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1898,6 +1898,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
@@ -1900,6 +1900,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
|
@ -1003,7 +999,7 @@ index 43cb680..9be3e08 100644
|
|||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||
|
||||
if (err < 0)
|
||||
@@ -1914,6 +1917,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
@@ -1916,6 +1919,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
|
@ -1013,7 +1009,7 @@ index 43cb680..9be3e08 100644
|
|||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||
&retval);
|
||||
|
||||
@@ -1938,6 +1944,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
@@ -1940,6 +1946,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
union acpi_object *obj;
|
||||
acpi_status status;
|
||||
|
||||
|
@ -1024,13 +1020,13 @@ index 43cb680..9be3e08 100644
|
|||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 31f493d03dde1854fa9e540f87a751fbeeb41cb9 Mon Sep 17 00:00:00 2001
|
||||
From f0b27fdb42b57c2044ea3cf49371f786acc7b58e Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 23/32] ACPI: Limit access to custom_method when the kernel is
|
||||
locked down
|
||||
Subject: [PATCH 23/32] ACPI: Limit access to custom_method when the kernel is locked
|
||||
down
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
|
@ -1057,13 +1053,13 @@ index c68e724..e4d721c 100644
|
|||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 1dec5dc62c78f78b9efe44aac3d6119d97b67017 Mon Sep 17 00:00:00 2001
|
||||
From d67f882220ae3d969b496ad93fcbbcd3b09288cd Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 24/32] acpi: Ignore acpi_rsdp kernel param when the kernel has
|
||||
been locked down
|
||||
Subject: [PATCH 24/32] acpi: Ignore acpi_rsdp kernel param when the kernel has been
|
||||
locked down
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
|
@ -1089,13 +1085,13 @@ index db78d35..d4d4ba3 100644
|
|||
#endif
|
||||
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 96eaf04100d7365d93f898013175351c7d2702a6 Mon Sep 17 00:00:00 2001
|
||||
From 15b10045321ac2af988918726a461178237d2d24 Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:32:27 +0000
|
||||
Subject: [PATCH 25/32] acpi: Disable ACPI table override if the kernel is
|
||||
locked down
|
||||
Subject: [PATCH 25/32] acpi: Disable ACPI table override if the kernel is locked
|
||||
down
|
||||
|
||||
From the kernel documentation (initrd_table_override.txt):
|
||||
|
||||
|
@ -1130,13 +1126,13 @@ index 2604189..601096d 100644
|
|||
memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
|
||||
all_tables_size, PAGE_SIZE);
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 521979b819b853f7578ba8edef8b33bc2077026d Mon Sep 17 00:00:00 2001
|
||||
From dec3a108f63021d82b132847a02e8496f613ac6f Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:39:41 +0000
|
||||
Subject: [PATCH 26/32] acpi: Disable APEI error injection if the kernel is
|
||||
locked down
|
||||
Subject: [PATCH 26/32] acpi: Disable APEI error injection if the kernel is locked
|
||||
down
|
||||
|
||||
ACPI provides an error injection mechanism, EINJ, for debugging and testing
|
||||
the ACPI Platform Error Interface (APEI) and other RAS features. If
|
||||
|
@ -1174,9 +1170,9 @@ index ec50c32..e082718 100644
|
|||
if (flags && (flags &
|
||||
~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF)))
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From fe597dad1cba83345d62c4079c0d8861c426698c Mon Sep 17 00:00:00 2001
|
||||
From dcc51d5b69c23c3f955b332d959f13cb61b4500c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <mjg59@coreos.com>
|
||||
Date: Wed, 23 Nov 2016 13:41:23 +0000
|
||||
Subject: [PATCH 27/32] Enable cold boot attack mitigation
|
||||
|
@ -1232,13 +1228,13 @@ index 801c7a1..ef9409b 100644
|
|||
* If the boot loader gave us a value for secure_boot then we use that,
|
||||
* otherwise we ask the BIOS.
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 04fac895731801bc6cb26a6061f1c353c80a866c Mon Sep 17 00:00:00 2001
|
||||
From 6cff44c809671affbf65ac2e0d0c2b0a0f705756 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <jlee@suse.com>
|
||||
Date: Wed, 23 Nov 2016 13:52:16 +0000
|
||||
Subject: [PATCH 28/32] bpf: Restrict kernel image access functions when the
|
||||
kernel is locked down
|
||||
Subject: [PATCH 28/32] bpf: Restrict kernel image access functions when the kernel
|
||||
is locked down
|
||||
|
||||
There are some bpf functions can be used to read kernel memory:
|
||||
bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
|
||||
|
@ -1289,9 +1285,9 @@ index cee9802..7fde851 100644
|
|||
for (i = 0; i < fmt_size; i++) {
|
||||
if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i]))
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 707d0e14c2c0d6c3139ff4bcb16ee22c462b4304 Mon Sep 17 00:00:00 2001
|
||||
From 9c7dd48309e4d8e18a9979f6c0cbf9c7b8bf4ea1 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 10:10:34 +0000
|
||||
Subject: [PATCH 29/32] scsi: Lock down the eata driver
|
||||
|
@ -1317,7 +1313,7 @@ cc: linux-scsi@vger.kernel.org
|
|||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
|
||||
index 227dd2c..5c036d10 100644
|
||||
index 227dd2c..5c036d1 100644
|
||||
--- a/drivers/scsi/eata.c
|
||||
+++ b/drivers/scsi/eata.c
|
||||
@@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
|
||||
|
@ -1336,13 +1332,12 @@ index 227dd2c..5c036d10 100644
|
|||
#if defined(MODULE)
|
||||
/* io_port could have been modified when loading as a module */
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From 07e05e0b7d806a05eba55092630bb75a92311344 Mon Sep 17 00:00:00 2001
|
||||
From 5e2b99e099ba52131c7a87695b294961a0bf54f1 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 25 Nov 2016 14:37:45 +0000
|
||||
Subject: [PATCH 30/32] Prohibit PCMCIA CIS storage when the kernel is locked
|
||||
down
|
||||
Subject: [PATCH 30/32] Prohibit PCMCIA CIS storage when the kernel is locked down
|
||||
|
||||
Prohibit replacement of the PCMCIA Card Information Structure when the
|
||||
kernel is locked down.
|
||||
|
@ -1369,9 +1364,9 @@ index 55ef7d1..193e4f7 100644
|
|||
|
||||
if (off)
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
From cf1e877adbe35c5f72a9d85570b494aa3f35be6a Mon Sep 17 00:00:00 2001
|
||||
From 6d6e052a6c2df0a7a492439efe1ac6d62498e0d4 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 7 Dec 2016 10:28:39 +0000
|
||||
Subject: [PATCH 31/32] Lock down TIOCSSERIAL
|
||||
|
@ -1388,10 +1383,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
|
||||
index 9939c3d..7c040e2 100644
|
||||
index 3fe5689..4181b00 100644
|
||||
--- a/drivers/tty/serial/serial_core.c
|
||||
+++ b/drivers/tty/serial/serial_core.c
|
||||
@@ -820,6 +820,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
|
||||
@@ -821,6 +821,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
|
||||
new_flags = new_info->flags;
|
||||
old_custom_divisor = uport->custom_divisor;
|
||||
|
||||
|
@ -1405,5 +1400,5 @@ index 9939c3d..7c040e2 100644
|
|||
retval = -EPERM;
|
||||
if (change_irq || change_port ||
|
||||
--
|
||||
2.7.4
|
||||
2.7.5
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 2
|
||||
%define stable_update 3
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -552,9 +552,6 @@ Patch437: bcm283x-hdmi-audio.patch
|
|||
# https://www.spinics.net/lists/arm-kernel/msg554183.html
|
||||
Patch438: arm-imx6-hummingboard2.patch
|
||||
|
||||
# https://lkml.org/lkml/2017/4/4/316
|
||||
Patch339: media-cec-Fix-runtime-BUG-when-CONFIG_RC_CORE-CEC_CAP_RC.patch
|
||||
|
||||
Patch440: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch
|
||||
|
||||
Patch460: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
@ -2200,6 +2197,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu May 25 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.3-300
|
||||
- Linux v4.11.3
|
||||
|
||||
* Wed May 24 2017 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Various ARM updates
|
||||
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
From patchwork Tue Apr 4 12:32:19 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [2/2, media] cec: Fix runtime BUG when (CONFIG_RC_CORE && !CEC_CAP_RC)
|
||||
From: Lee Jones <lee.jones@linaro.org>
|
||||
X-Patchwork-Id: 9661691
|
||||
Message-Id: <20170404123219.22040-2-lee.jones@linaro.org>
|
||||
To: hans.verkuil@cisco.com,
|
||||
mchehab@kernel.org
|
||||
Cc: benjamin.gaignard@st.com, patrice.chotard@st.com,
|
||||
linux-kernel@vger.kernel.org, kernel@stlinux.com,
|
||||
Lee Jones <lee.jones@linaro.org>, linux-arm-kernel@lists.infradead.org,
|
||||
linux-media@vger.kernel.org
|
||||
Date: Tue, 4 Apr 2017 13:32:19 +0100
|
||||
|
||||
Currently when the RC Core is enabled (reachable) core code located
|
||||
in cec_register_adapter() attempts to populate the RC structure with
|
||||
a pointer to the 'parent' passed in by the caller.
|
||||
|
||||
Unfortunately if the caller did not specify RC capibility when calling
|
||||
cec_allocate_adapter(), then there will be no RC structure to populate.
|
||||
|
||||
This causes a "NULL pointer dereference" error.
|
||||
|
||||
Fixes: f51e80804f0 ("[media] cec: pass parent device in register(), not allocate()")
|
||||
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
||||
---
|
||||
drivers/media/cec/cec-core.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/media/cec/cec-core.c b/drivers/media/cec/cec-core.c
|
||||
index 06a312c..d64937b 100644
|
||||
--- a/drivers/media/cec/cec-core.c
|
||||
+++ b/drivers/media/cec/cec-core.c
|
||||
@@ -286,8 +286,8 @@ int cec_register_adapter(struct cec_adapter *adap,
|
||||
adap->devnode.dev.parent = parent;
|
||||
|
||||
#if IS_REACHABLE(CONFIG_RC_CORE)
|
||||
- adap->rc->dev.parent = parent;
|
||||
if (adap->capabilities & CEC_CAP_RC) {
|
||||
+ adap->rc->dev.parent = parent;
|
||||
res = rc_register_device(adap->rc);
|
||||
|
||||
if (res) {
|
2
sources
2
sources
|
@ -1,3 +1,3 @@
|
|||
SHA512 (perf-man-4.11.tar.gz) = 0b070d2f10a743329de2f532e2d7e19ef385a3e6ef3c700b591ae2697604dbe542b36e31121b3e37517ee8071ab800386fa8663c24a5b36520a18e096c6eefc8
|
||||
SHA512 (linux-4.11.tar.xz) = 6610eed97ffb7207c71771198c36179b8244ace7222bebb109507720e26c5f17d918079a56d5febdd8605844d67fb2df0ebe910fa2f2f53690daf6e2a8ad09c3
|
||||
SHA512 (patch-4.11.2.xz) = e090598bb339f04a92febe9c03317b76e51f67c2e3bfebaddb97177b19a2c195332477333be29e9f46483ff937fc85fd63fea1bb4ae18dec0fbe5bc1738afbcb
|
||||
SHA512 (patch-4.11.3.xz) = d1beb9b48ce12e87bb6ec53f0cf03d5650fd421edd8757d31dda20821c9a9f5b5c3dc8f131058ea8b9de45d67c43424ad246baf5c33e0174372f952cce26ad72
|
||||
|
|
Loading…
Reference in New Issue