linux/include
Linus Torvalds b0e22b47f6 Fix CVE-2020-26541
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmBKRxMACgkQ+7dXa6fL
 C2trYg/7Brf6d0JUAw/MbjCcPVL5SmTHRGJwmKq7+du/Z4yqz3VcL/flk2cyvMr3
 lvGQK+KTWTZLidovQA42e54XIaUh3cqwUhz9H3+X61gY7kWJvioEhvg1tD007L7O
 DrMMkRhh9nnAV5GOhHj1nxIcgmxwrKNkzevf157RRKWnm9VBNmeZsu0kd2Ffx0i0
 EqsejQU+sP6MgeKjTTKXKVpvH2GGB0NJRrpQCJSR4t9GrAt+rGlcNJFdqqmyxhpj
 cGtEhtNO7MiigGHxCbzpK0g6l6f31si+WIAywdxF65DGQOF3gcgxHQlPDcNiC/RH
 PLPEchUH2fOv4koDQWM8HJ4XDS5eRZmYSh6WPrSxJwuNH/NDyWxKSxrBXGhRWTfx
 RaMe2wQcQq9Rge+e6PwR+nJEbdSL2BHxdAaBDqBlxY9A0c6onTy+XzVSLTKYUJ5u
 /Y/fND3eHvMPZt4WMMZDQzHVnHscXFYPI4y1EMDLcAof9ltNG5zLAJZ6mHi6rqGl
 q+VhSPFi6equ7szdV2cZ5ltSROdAnwkbycs1LgeSzh8LWe83Tkq0eDEHSTjGpQFY
 VWGBs6JGl1QPdQdSc3uqki1LdTYUy5w0Pr3h0Ff6L3NS9fUrzCMtsN+/4aQNzS+C
 cP22WM2IRDtN17pRASNjI4/6sL7X7/rLQ8KNq/QpQeD4+ZkINaI=
 =fLQY
 -----END PGP SIGNATURE-----

Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull x509 dbx/mokx UEFI support from David Howells:
 "Here's a set of patches from Eric Snowberg[1] that add support for
  EFI_CERT_X509_GUID entries in the dbx and mokx UEFI tables (such
  entries cause matching certificates to be rejected).

  These are currently ignored and only the hash entries are made use of.

  Additionally Eric included his patches to allow such certificates to
  be preloaded.

  These patches deal with CVE-2020-26541.

  To quote Eric:
       'This is the fifth patch series for adding support for
        EFI_CERT_X509_GUID entries [2]. It has been expanded to not only
        include dbx entries but also entries in the mokx. Additionally
        my series to preload these certificate [3] has also been
        included'"

Link: https://lore.kernel.org/r/20210122181054.32635-1-eric.snowberg@oracle.com [1]
Link: https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/ [2]
Link: https://lore.kernel.org/patchwork/cover/1315485/ [3]

* tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  integrity: Load mokx variables into the blacklist keyring
  certs: Add ability to preload revocation certs
  certs: Move load_system_certificate_list to a common function
  certs: Add EFI_CERT_X509_GUID support for dbx entries
2021-04-26 08:38:10 -07:00
..
acpi ACPI: scan: Use unique number for instance_no 2021-03-22 17:45:53 +01:00
asm-generic RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
clocksource
crypto Keyrings miscellany 2021-02-23 16:09:23 -08:00
drm drm/ttm: make ttm_bo_unpin more defensive 2021-03-15 16:02:30 +01:00
dt-bindings treewide: change my e-mail address, fix my name 2021-04-09 14:54:23 -07:00
keys Fix CVE-2020-26541 2021-04-26 08:38:10 -07:00
kunit
kvm KVM: arm64: Turn kvm_arm_support_pmu_v3() into a static key 2021-03-06 04:18:40 -05:00
linux tpmdd updates for Linux v5.13 2021-04-26 08:27:59 -07:00
math-emu
media media: rc: compile rc-cec.c into rc-core 2021-03-11 11:40:28 +01:00
memory
misc
net ipv6: report errors for iftoken via netlink extack 2021-04-08 13:52:36 -07:00
pcmcia
ras
rdma RDMA/ipoib: Remove racy Subnet Manager sendonly join checks 2021-02-16 14:42:58 -04:00
scsi scsi: iscsi: Fix race condition between login and sync thread 2021-03-29 21:17:45 -04:00
soc RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
sound ALSA/ASoC/SOF/SoundWire: fix Kconfig issues 2021-03-02 18:30:07 +01:00
target scsi: target: core: Add cmd length set before cmd complete 2021-02-22 22:21:29 -05:00
trace workqueue/tracing: Copy workqueue name to buffer in trace event 2021-03-18 12:57:37 -04:00
uapi capabilities: require CAP_SETFCAP to map uid 0 2021-04-20 14:28:33 -07:00
vdso
video
xen Xen/gnttab: introduce common INVALID_GRANT_{HANDLE,REF} 2021-03-10 16:39:29 -06:00