Adding debian version 4.19.249-2.debian/4.19.249-2debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 28 insertions, 0 deletions

diff --git a/debian/patches/features/all/db-mok-keyring/0007-modsign-Use-secondary-trust-keyring-for-module-signi.patch b/debian/patches/features/all/db-mok-keyring/0007-modsign-Use-secondary-trust-keyring-for-module-signi.patch
new file mode 100644
index 000000000..b831869e4
--- /dev/null
+++ b/debian/patches/features/all/db-mok-keyring/0007-modsign-Use-secondary-trust-keyring-for-module-signi.patch
@@ -0,0 +1,28 @@
+From: Ke Wu <mikewu@google.com>
+Date: Tue, 6 Nov 2018 15:21:30 -0800
+Subject: modsign: use all trusted keys to verify module signature
+Origin: https://git.kernel.org/linus/e84cd7ee630e44a2cc8ae49e85920a271b214cb3
+
+Make mod_verify_sig to use all trusted keys. This allows keys in
+secondary_trusted_keys to be used to verify PKCS#7 signature on a
+kernel module.
+
+Signed-off-by: Ke Wu <mikewu@google.com>
+Signed-off-by: Jessica Yu <jeyu@kernel.org>
+---
+ kernel/module_signing.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: linux/kernel/module_signing.c
+===================================================================
+--- linux.orig/kernel/module_signing.c
++++ linux/kernel/module_signing.c
+@@ -83,6 +83,7 @@ int mod_verify_sig(const void *mod, stru
+ 	}
+ 
+ 	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+-				      NULL, VERIFYING_MODULE_SIGNATURE,
++				      VERIFY_USE_SECONDARY_KEYRING,
++				      VERIFYING_MODULE_SIGNATURE,
+ 				      NULL, NULL);
+ }