commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4

OBS-URL: https://build.opensuse.org/package/show/Kernel:slowroll/kernel-source-longterm?expand=0&rev=4
This commit is contained in:
Kernel Bugs 2023-12-18 07:06:03 +00:00 committed by Git OBS Bridge
parent d3a99611a1
commit eeec1f708b
10 changed files with 86 additions and 12 deletions

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:54e341b3ec5eb2f5b8b5c9b510629ef7bcf016d9e45825728e532790f74479c0
size 62685
oid sha256:71cdf3a6b0d92d5141e0ed2ce2084b580f6f0280a81cedfa4b08dce0ae960d0a
size 62709

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Fri Dec 15 11:22:01 CET 2023 - rfrohl@suse.com
- KEYS: Make use of platform keyring for module signature verify
(FATE#314508, FATE#316531, bsc#1209006).
- commit d8ec790
-------------------------------------------------------------------
Thu Dec 14 13:08:40 CET 2023 - rfrohl@suse.com
- efi: Lock down the kernel at the integrity level if booted in
secure boot mode (jsc#SLE-9870 boo#1217741).
- Update config files.
- efi: Lock down the kernel if booted in secure boot mode
(jsc#SLE-9870 boo#1217741).
- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
(jsc#SLE-9870 boo#1217741).
- security: lockdown: expose a hook to lock the kernel down
(jsc#SLE-9870 boo#1217741).
- commit 2fb56b9
-------------------------------------------------------------------
Thu Dec 14 11:44:20 CET 2023 - rfrohl@suse.com

View File

@ -19,7 +19,7 @@
%define srcversion 6.1
%define patchversion 6.1.68
%define git_commit e2d741cef0471025440ebcccd404bbf178a465bc
%define git_commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4
%define variant -longterm%{nil}
%define compress_modules zstd
%define compress_vmlinux xz
@ -115,7 +115,7 @@ License: GPL-2.0-only
Group: System/Kernel
Version: 6.1.68
%if 0%{?is_kotd}
Release: <RELEASE>.ge2d741c
Release: <RELEASE>.gd8ec790
%else
Release: 0
%endif

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Fri Dec 15 11:22:01 CET 2023 - rfrohl@suse.com
- KEYS: Make use of platform keyring for module signature verify
(FATE#314508, FATE#316531, bsc#1209006).
- commit d8ec790
-------------------------------------------------------------------
Thu Dec 14 13:08:40 CET 2023 - rfrohl@suse.com
- efi: Lock down the kernel at the integrity level if booted in
secure boot mode (jsc#SLE-9870 boo#1217741).
- Update config files.
- efi: Lock down the kernel if booted in secure boot mode
(jsc#SLE-9870 boo#1217741).
- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
(jsc#SLE-9870 boo#1217741).
- security: lockdown: expose a hook to lock the kernel down
(jsc#SLE-9870 boo#1217741).
- commit 2fb56b9
-------------------------------------------------------------------
Thu Dec 14 11:44:20 CET 2023 - rfrohl@suse.com

View File

@ -18,7 +18,7 @@
%define srcversion 6.1
%define patchversion 6.1.68
%define git_commit e2d741cef0471025440ebcccd404bbf178a465bc
%define git_commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4
%define variant -longterm%{nil}
%include %_sourcedir/kernel-spec-macros
@ -33,7 +33,7 @@
Name: kernel-source-longterm
Version: 6.1.68
%if 0%{?is_kotd}
Release: <RELEASE>.ge2d741c
Release: <RELEASE>.gd8ec790
%else
Release: 0
%endif

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Fri Dec 15 11:22:01 CET 2023 - rfrohl@suse.com
- KEYS: Make use of platform keyring for module signature verify
(FATE#314508, FATE#316531, bsc#1209006).
- commit d8ec790
-------------------------------------------------------------------
Thu Dec 14 13:08:40 CET 2023 - rfrohl@suse.com
- efi: Lock down the kernel at the integrity level if booted in
secure boot mode (jsc#SLE-9870 boo#1217741).
- Update config files.
- efi: Lock down the kernel if booted in secure boot mode
(jsc#SLE-9870 boo#1217741).
- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
(jsc#SLE-9870 boo#1217741).
- security: lockdown: expose a hook to lock the kernel down
(jsc#SLE-9870 boo#1217741).
- commit 2fb56b9
-------------------------------------------------------------------
Thu Dec 14 11:44:20 CET 2023 - rfrohl@suse.com

View File

@ -16,7 +16,7 @@
#
%define git_commit e2d741cef0471025440ebcccd404bbf178a465bc
%define git_commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4
%define variant -longterm%{nil}
%include %_sourcedir/kernel-spec-macros
@ -28,7 +28,7 @@ Group: Development/Sources
Version: 6.1.68
%if %using_buildservice
%if 0%{?is_kotd}
Release: <RELEASE>.ge2d741c
Release: <RELEASE>.gd8ec790
%else
Release: 0
%endif

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:db46fe0bbcf07a0169fa5294b3685e4351e8f61dfe8509e655e601b319bb40f4
size 40001
oid sha256:12a83696278849146ec63c424045c476bebe8b8466d647f6bf98254daa726013
size 43940

View File

@ -12213,6 +12213,17 @@
# Security
########################################################
# Module signing / secure boot
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
# Bug 1198101 - VUL-0: shim: openSUSE tumbleweed not fully locked down? Add opensuse-cert-prompt back to openSUSE shim
# Bug 1217741 - slowroll kernel missing lockdown patches
# Lock down functions for secure boot
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch
# crypto
########################################################

View File

@ -1,3 +1,3 @@
2023-12-14 10:47:15 +0000
GIT Revision: e2d741cef0471025440ebcccd404bbf178a465bc
2023-12-15 10:22:01 +0000
GIT Revision: d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4
GIT Branch: slowroll