Linus Torvalds b0e22b47f6 Fix CVE-2020-26541 ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmBKRxMACgkQ+7dXa6fL C2trYg/7Brf6d0JUAw/MbjCcPVL5SmTHRGJwmKq7+du/Z4yqz3VcL/flk2cyvMr3 lvGQK+KTWTZLidovQA42e54XIaUh3cqwUhz9H3+X61gY7kWJvioEhvg1tD007L7O DrMMkRhh9nnAV5GOhHj1nxIcgmxwrKNkzevf157RRKWnm9VBNmeZsu0kd2Ffx0i0 EqsejQU+sP6MgeKjTTKXKVpvH2GGB0NJRrpQCJSR4t9GrAt+rGlcNJFdqqmyxhpj cGtEhtNO7MiigGHxCbzpK0g6l6f31si+WIAywdxF65DGQOF3gcgxHQlPDcNiC/RH PLPEchUH2fOv4koDQWM8HJ4XDS5eRZmYSh6WPrSxJwuNH/NDyWxKSxrBXGhRWTfx RaMe2wQcQq9Rge+e6PwR+nJEbdSL2BHxdAaBDqBlxY9A0c6onTy+XzVSLTKYUJ5u /Y/fND3eHvMPZt4WMMZDQzHVnHscXFYPI4y1EMDLcAof9ltNG5zLAJZ6mHi6rqGl q+VhSPFi6equ7szdV2cZ5ltSROdAnwkbycs1LgeSzh8LWe83Tkq0eDEHSTjGpQFY VWGBs6JGl1QPdQdSc3uqki1LdTYUy5w0Pr3h0Ff6L3NS9fUrzCMtsN+/4aQNzS+C cP22WM2IRDtN17pRASNjI4/6sL7X7/rLQ8KNq/QpQeD4+ZkINaI= =fLQY -----END PGP SIGNATURE----- Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull x509 dbx/mokx UEFI support from David Howells: "Here's a set of patches from Eric Snowberg[1] that add support for EFI_CERT_X509_GUID entries in the dbx and mokx UEFI tables (such entries cause matching certificates to be rejected). These are currently ignored and only the hash entries are made use of. Additionally Eric included his patches to allow such certificates to be preloaded. These patches deal with CVE-2020-26541. To quote Eric: 'This is the fifth patch series for adding support for EFI_CERT_X509_GUID entries [2]. It has been expanded to not only include dbx entries but also entries in the mokx. Additionally my series to preload these certificate [3] has also been included'" Link: https://lore.kernel.org/r/20210122181054.32635-1-eric.snowberg@oracle.com [1] Link: https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/ [2] Link: https://lore.kernel.org/patchwork/cover/1315485/ [3] * tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: integrity: Load mokx variables into the blacklist keyring certs: Add ability to preload revocation certs certs: Move load_system_certificate_list to a common function certs: Add EFI_CERT_X509_GUID support for dbx entries		2021-04-26 08:38:10 -07:00
..
apparmor	apparmor: handle idmapped mounts	2021-01-24 14:27:20 +01:00
bpf	bpf: Implement task local storage	2020-11-06 08:08:37 -08:00
integrity	Fix CVE-2020-26541	2021-04-26 08:38:10 -07:00
keys	KEYS: trusted tpmdd-queue on 20210423	2021-04-26 08:31:03 -07:00
loadpin	LSM: Add "contents" flag to kernel_read_file hook	2020-10-05 13:37:03 +02:00
lockdown	Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2020-06-02 17:36:24 -07:00
safesetid	LSM: SafeSetID: Fix warnings reported by test bot	2020-10-13 09:17:36 -07:00
selinux	selinux/stable-5.12 PR 20210409	2021-04-09 11:51:06 -07:00
smack	idmapped-mounts-v5.12	2021-02-23 13:39:45 -08:00
tomoyo	tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD	2021-03-28 13:11:29 +09:00
yama	task_work: cleanup notification modes	2020-10-17 15:05:30 -06:00
commoncap.c	Revert 95ebabde38 ("capabilities: Don't allow writing ambiguous v3 file capabilities")	2021-03-12 15:27:14 -06:00
device_cgroup.c	device_cgroup: Fix RCU list debugging warning	2020-08-20 11:25:03 -07:00
inode.c	Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2019-07-19 10:42:02 -07:00
Kconfig	Replace HTTP links with HTTPS ones: security	2020-08-06 12:00:05 -07:00
Kconfig.hardening	kasan: remove redundant config option	2021-04-16 16:10:36 -07:00
lsm_audit.c	make dump_common_audit_data() safe to be called from RCU pathwalk	2021-01-16 15:12:08 -05:00
Makefile	device_cgroup: Cleanup cgroup eBPF device filter code	2020-04-13 14:41:54 -04:00
min_addr.c	sysctl: pass kernel pointers to ->proc_handler	2020-04-27 02:07:40 -04:00
security.c	idmapped-mounts-v5.12	2021-02-23 13:39:45 -08:00