This is an automated email from the git hooks/post-receive script.

unknown user pushed a change to branch master in repository linux.

from 298fb76a5583 Merge tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux new b36f281f4a31 ima: initialize the "template" field with the default template new c8424e776b09 MODSIGN: Export module signature definitions new 2a7bf671186e PKCS#7: Refactor verify_pkcs7_signature() new e201af16d1ec PKCS#7: Introduce pkcs7_get_digest() new cf38fed1e183 integrity: Select CONFIG_KEYS instead of depending on it new 9044d627fd18 ima: Add modsig appraise_type option for module-style appe [...] new a5fbeb615ca4 ima: Factor xattr_verify() out of ima_appraise_measurement() new 39b07096364a ima: Implement support for module-style appended signatures new 15588227e086 ima: Collect modsig new 3878d505aa71 ima: Define ima-modsig template new e5092255bb39 ima: Store the measurement again when appraising a modsig new f5e1040196db ima: always return negative code for error new 4ece3125f21b ima: fix freeing ongoing ahash_request new 70433f67ec3a MODSIGN: make new include file self contained new 556d971bdae6 ima: Fix use after free in ima_read_modsig() new cbc0425d3dd3 sefltest/ima: support appended signatures (modsig) new fa5b57175364 ima: use struct_size() in kzalloc() new 2a7f0e53daf2 ima: ima_api: Use struct_size() in kzalloc() new f1f2f614d535 Merge branch 'next-integrity' of git://git.kernel.org/pub/ [...]

The 19 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.

Summary of changes: Documentation/ABI/testing/ima_policy | 6 +- Documentation/security/IMA-templates.rst | 3 + arch/s390/Kconfig | 2 +- arch/s390/kernel/machine_kexec_file.c | 24 +-- certs/system_keyring.c | 61 +++++-- crypto/asymmetric_keys/pkcs7_verify.c | 33 ++++ include/crypto/pkcs7.h | 4 + include/linux/module.h | 3 - include/linux/module_signature.h | 46 +++++ include/linux/verification.h | 10 ++ init/Kconfig | 6 +- kernel/Makefile | 1 + kernel/module.c | 1 + kernel/module_signature.c | 46 +++++ kernel/module_signing.c | 56 +----- scripts/Makefile | 2 +- security/integrity/Kconfig | 2 +- security/integrity/digsig.c | 43 ++++- security/integrity/ima/Kconfig | 13 ++ security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 60 ++++++- security/integrity/ima/ima_api.c | 27 ++- security/integrity/ima/ima_appraise.c | 194 ++++++++++++++------- security/integrity/ima/ima_crypto.c | 10 +- security/integrity/ima/ima_main.c | 24 ++- security/integrity/ima/ima_modsig.c | 168 ++++++++++++++++++ security/integrity/ima/ima_policy.c | 71 ++++++-- security/integrity/ima/ima_template.c | 31 +++- security/integrity/ima/ima_template_lib.c | 64 ++++++- security/integrity/ima/ima_template_lib.h | 4 + security/integrity/integrity.h | 20 +++ .../selftests/kexec/test_kexec_file_load.sh | 38 +++- 32 files changed, 871 insertions(+), 203 deletions(-) create mode 100644 include/linux/module_signature.h create mode 100644 kernel/module_signature.c create mode 100644 security/integrity/ima/ima_modsig.c