• Linus Torvalds's avatar
    Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · b793c005
    Linus Torvalds authored
    Pull security subsystem updates from James Morris:
     "Highlights:
    
       - PKCS#7 support added to support signed kexec, also utilized for
         module signing.  See comments in 3f1e1bea.
    
         ** NOTE: this requires linking against the OpenSSL library, which
            must be installed, e.g.  the openssl-devel on Fedora **
    
       - Smack
          - add IPv6 host labeling; ignore labels on kernel threads
          - support smack labeling mounts which use binary mount data
    
       - SELinux:
          - add ioctl whitelisting (see
            http://kernsec.org/files/lss2015/vanderstoep.pdf)
          - fix mprotect PROT_EXEC regression caused by mm change
    
       - Seccomp:
          - add ptrace options for suspend/resume"
    
    * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (57 commits)
      PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them
      Documentation/Changes: Now need OpenSSL devel packages for module signing
      scripts: add extract-cert and sign-file to .gitignore
      modsign: Handle signing key in source tree
      modsign: Use if_changed rule for extracting cert from module signing key
      Move certificate handling to its own directory
      sign-file: Fix warning about BIO_reset() return value
      PKCS#7: Add MODULE_LICENSE() to test module
      Smack - Fix build error with bringup unconfigured
      sign-file: Document dependency on OpenSSL devel libraries
      PKCS#7: Appropriately restrict authenticated attributes and content type
      KEYS: Add a name for PKEY_ID_PKCS7
      PKCS#7: Improve and export the X.509 ASN.1 time object decoder
      modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS
      extract-cert: Cope with multiple X.509 certificates in a single file
      sign-file: Generate CMS message as signature instead of PKCS#7
      PKCS#7: Support CMS messages also [RFC5652]
      X.509: Change recorded SKID & AKID to not include Subject or Issuer
      PKCS#7: Check content type and versions
      MAINTAINERS: The keyrings mailing list has moved
      ...
    b793c005
Kconfig 65.1 KB