blob: 9401d26da067fb0a6863aeb6031e9a3baf0442a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
debian/gitignore.patch
# Disable features broken by exclusion of upstream files
debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch
debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch
debian/dfsg/drivers-net-appletalk-cops.patch
debian/dfsg/video-remove-nvidiafb-and-rivafb.patch
debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch
# Changes to support package build system
debian/version.patch
debian/uname-version-timestamp.patch
debian/kernelvariables.patch
debian/ia64-hardcode-arch-script-output.patch
debian/mips-disable-werror.patch
debian/mips-boston-disable-its.patch
debian/mips-ieee754-relaxed.patch
debian/arch-sh4-fix-uimage-build.patch
debian/tools-perf-perf-read-vdso-in-libexec.patch
debian/tools-perf-install-python-bindings.patch
debian/wireless-add-debian-wireless-regdb-certificates.patch
debian/export-symbols-needed-by-android-drivers.patch
debian/android-enable-building-ashmem-and-binder-as-modules.patch
debian/documentation-drop-sphinx-version-check.patch
debian/perf-traceevent-support-asciidoctor-for-documentatio.patch
debian/kbuild-look-for-module.lds-under-arch-directory-too.patch
debian/kbuild-abort-build-if-subdirs-used.patch
debian/module-avoid-abi-changes-when-debug-info-is-disabled.patch
debian/makefile-make-compiler-version-comparison-optional.patch
debian/fixdep-allow-overriding-hostcc-and-hostld.patch
# Fixes/improvements to firmware loading
features/all/drivers-media-dvb-usb-af9005-request_firmware.patch
debian/iwlwifi-do-not-request-unreleased-firmware.patch
bugfix/all/firmware_class-log-every-success-and-failure.patch
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
debian/firmware_class-refer-to-debian-wiki-firmware-page.patch
# Change some defaults for security reasons
debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
debian/rds-Disable-auto-loading-as-mitigation-against-local.patch
debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch
debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
debian/fs-enable-link-security-restrictions-by-default.patch
# Set various features runtime-disabled by default
debian/sched-autogroup-disabled.patch
debian/yama-disable-by-default.patch
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch
# Disable autoloading/probing of various drivers by default
debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch
debian/snd-pcsp-disable-autoload.patch
bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
debian/fjes-disable-autoload.patch
# Taint if dangerous features are used
debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch
# Arch bug fixes
bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch
bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch
bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch
# Arch features
features/x86/x86-memtest-WARN-if-bad-RAM-found.patch
features/x86/x86-make-x32-syscall-support-conditional.patch
# Miscellaneous bug fixes
bugfix/all/disable-some-marvell-phys.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch
# Miscellaneous features
# Lockdown missing pieces
features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Improve integrity platform keyring for kernel modules verification
features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
features/all/db-mok-keyring/trust-machine-keyring-by-default.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
debian/ntfs-mark-it-as-broken.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch
# Tools bug fixes
bugfix/all/usbip-document-tcp-wrappers.patch
bugfix/all/kbuild-fix-recordmcount-dependency.patch
bugfix/all/tools-perf-man-date.patch
bugfix/all/tools-perf-remove-shebangs.patch
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
bugfix/all/libapi-define-_fortify_source-as-2-not-empty.patch
bugfix/all/tools-perf-fix-missing-ldflags-for-some-programs.patch
bugfix/all/tools_lib_symbol_use_d_fortify_source_2_for_non_debug_builds.patch
bugfix/all/perf-tools-support-extra-cxxflags.patch
# debian-installer fixes
bugfix/powerpc/fbdev-offb-Update-expected-device-name.patch
# ABI maintenance
|