diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-09-08 15:41:25 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-09-08 15:41:25 -0400 |
| commit | b793c005ceabf6db0b17494b0ec67ade6796bb34 (patch) | |
| tree | 080c884f04254403ec9564742f591a9fd9b7e95a /scripts/Makefile | |
| parent | 6f0a2fc1feb19bd142961a39dc118e7e55418b3f (diff) | |
| parent | 07f081fb5057b2ea98baeca3a47bf0eb33e94aa1 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
- PKCS#7 support added to support signed kexec, also utilized for
module signing. See comments in 3f1e1bea.
** NOTE: this requires linking against the OpenSSL library, which
must be installed, e.g. the openssl-devel on Fedora **
- Smack
- add IPv6 host labeling; ignore labels on kernel threads
- support smack labeling mounts which use binary mount data
- SELinux:
- add ioctl whitelisting (see
http://kernsec.org/files/lss2015/vanderstoep.pdf)
- fix mprotect PROT_EXEC regression caused by mm change
- Seccomp:
- add ptrace options for suspend/resume"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (57 commits)
PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them
Documentation/Changes: Now need OpenSSL devel packages for module signing
scripts: add extract-cert and sign-file to .gitignore
modsign: Handle signing key in source tree
modsign: Use if_changed rule for extracting cert from module signing key
Move certificate handling to its own directory
sign-file: Fix warning about BIO_reset() return value
PKCS#7: Add MODULE_LICENSE() to test module
Smack - Fix build error with bringup unconfigured
sign-file: Document dependency on OpenSSL devel libraries
PKCS#7: Appropriately restrict authenticated attributes and content type
KEYS: Add a name for PKEY_ID_PKCS7
PKCS#7: Improve and export the X.509 ASN.1 time object decoder
modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS
extract-cert: Cope with multiple X.509 certificates in a single file
sign-file: Generate CMS message as signature instead of PKCS#7
PKCS#7: Support CMS messages also [RFC5652]
X.509: Change recorded SKID & AKID to not include Subject or Issuer
PKCS#7: Check content type and versions
MAINTAINERS: The keyrings mailing list has moved
...
Diffstat (limited to 'scripts/Makefile')
| -rw-r--r-- | scripts/Makefile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/Makefile b/scripts/Makefile index 2016a64497ab..1b2661712d44 100644 --- a/scripts/Makefile +++ b/scripts/Makefile | |||
| @@ -16,9 +16,13 @@ hostprogs-$(CONFIG_VT) += conmakehash | |||
| 16 | hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount | 16 | hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount |
| 17 | hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable | 17 | hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable |
| 18 | hostprogs-$(CONFIG_ASN1) += asn1_compiler | 18 | hostprogs-$(CONFIG_ASN1) += asn1_compiler |
| 19 | hostprogs-$(CONFIG_MODULE_SIG) += sign-file | ||
| 20 | hostprogs-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert | ||
| 19 | 21 | ||
| 20 | HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include | 22 | HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include |
| 21 | HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include | 23 | HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include |
| 24 | HOSTLOADLIBES_sign-file = -lcrypto | ||
| 25 | HOSTLOADLIBES_extract-cert = -lcrypto | ||
| 22 | 26 | ||
| 23 | always := $(hostprogs-y) $(hostprogs-m) | 27 | always := $(hostprogs-y) $(hostprogs-m) |
| 24 | 28 | ||