diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index d8c80f54a..5d360bc4d 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -7,7 +7,7 @@ name: Debian env: GPG_KEY_ID: 56C464BAAC421453 - KERNEL_VERSION: 5.18.4 + KERNEL_VERSION: 5.18.5 KERNEL_REVISION: 1 LOCALVERSION: -surface MAINLINE_REPO: git://git.launchpad.net/~ubuntu-kernel-test/ubuntu/+source/linux/+git/mainline-crack diff --git a/pkg/arch/kernel/PKGBUILD b/pkg/arch/kernel/PKGBUILD index 600d31c2c..b9fde5dce 100644 --- a/pkg/arch/kernel/PKGBUILD +++ b/pkg/arch/kernel/PKGBUILD @@ -2,7 +2,7 @@ # Maintainer: Jan Alexander Steffens (heftig) pkgbase=linux-surface -pkgver=5.18.4.arch1 +pkgver=5.18.5.arch1 pkgrel=1 pkgdesc='Linux' _shortver=${pkgver%.*} diff --git a/pkg/arch/kernel/config b/pkg/arch/kernel/config index 4ea27336a..d714a9b05 100644 --- a/pkg/arch/kernel/config +++ b/pkg/arch/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.18.1-arch1 Kernel Configuration +# Linux/x86 5.18.5-arch1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0" CONFIG_CC_IS_GCC=y @@ -15,6 +15,7 @@ CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y CONFIG_PAHOLE_VERSION=123 @@ -496,7 +497,9 @@ CONFIG_SCHED_HRTICK=y CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y CONFIG_ARCH_HAS_KEXEC_PURGATORY=y -# CONFIG_KEXEC_SIG is not set +CONFIG_KEXEC_SIG=y +# CONFIG_KEXEC_SIG_FORCE is not set +CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y CONFIG_CRASH_DUMP=y CONFIG_KEXEC_JUMP=y CONFIG_PHYSICAL_START=0x1000000 @@ -2337,6 +2340,7 @@ CONFIG_UEFI_CPER_X86=y CONFIG_EFI_DEV_PATH_PARSER=y CONFIG_EFI_EARLYCON=y CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +# CONFIG_EFI_DISABLE_RUNTIME is not set # # Tegra firmware driver @@ -5086,9 +5090,6 @@ CONFIG_SENSORS_NPCM7XX=m CONFIG_SENSORS_NZXT_KRAKEN2=m CONFIG_SENSORS_NZXT_SMART2=m CONFIG_SENSORS_PCF8591=m -CONFIG_SENSORS_PECI_CPUTEMP=m -CONFIG_SENSORS_PECI_DIMMTEMP=m -CONFIG_SENSORS_PECI=m CONFIG_PMBUS=m CONFIG_SENSORS_PMBUS=m CONFIG_SENSORS_ADM1266=m @@ -5932,7 +5933,7 @@ CONFIG_DVB_BUDGET_CI=m CONFIG_DVB_BUDGET_AV=m CONFIG_VIDEO_IPU3_CIO2=m CONFIG_CIO2_BRIDGE=y -CONFIG_RADIO_ADAPTERS=y +CONFIG_RADIO_ADAPTERS=m CONFIG_RADIO_MAXIRADIO=m CONFIG_RADIO_SAA7706H=m CONFIG_RADIO_SHARK=m @@ -9737,8 +9738,7 @@ CONFIG_MOST=m CONFIG_MOST_USB_HDM=m CONFIG_MOST_CDEV=m CONFIG_MOST_SND=m -CONFIG_PECI=m -CONFIG_PECI_CPU=m +# CONFIG_PECI is not set # end of Device Drivers # @@ -10204,14 +10204,24 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set CONFIG_SECURITY_LANDLOCK=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="landlock,lockdown,yama,bpf" +CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" # # Kernel hardening options @@ -10619,6 +10629,7 @@ CONFIG_LRU_CACHE=m CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_SIGNATURE=y CONFIG_DIMLIB=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y diff --git a/pkg/fedora/kernel-surface/kernel-surface.spec b/pkg/fedora/kernel-surface/kernel-surface.spec index d97618908..7f00ee51d 100755 --- a/pkg/fedora/kernel-surface/kernel-surface.spec +++ b/pkg/fedora/kernel-surface/kernel-surface.spec @@ -2,8 +2,8 @@ # Definitions to configure the kernel we want to build # -%global kernel_tag_fc36 kernel-5.18.4-201.fc36 -%global kernel_tag_fc35 kernel-5.18.4-101.fc35 +%global kernel_tag_fc36 kernel-5.18.5-200.fc36 +%global kernel_tag_fc35 kernel-5.18.5-100.fc35 %global kernel_release_fc36 1 %global kernel_release_fc35 1