debian/gitignore.patch

# Disable features broken by exclusion of upstream files
debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch
debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch
debian/dfsg/vs6624-disable.patch
debian/dfsg/drivers-net-appletalk-cops.patch
debian/dfsg/video-remove-nvidiafb-and-rivafb.patch
debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch

# Changes to support package build system
debian/version.patch
debian/uname-version-timestamp.patch
debian/kernelvariables.patch
debian/ia64-hardcode-arch-script-output.patch
debian/mips-disable-werror.patch
debian/mips-boston-disable-its.patch
debian/mips-ieee754-relaxed.patch
debian/arch-sh4-fix-uimage-build.patch
debian/tools-perf-version.patch
debian/tools-perf-install.patch
debian/wireless-add-debian-wireless-regdb-certificates.patch
debian/export-symbols-needed-by-android-drivers.patch
debian/android-enable-building-ashmem-and-binder-as-modules.patch
debian/documentation-drop-sphinx-version-check.patch
debian/perf-traceevent-support-asciidoctor-for-documentatio.patch
debian/kbuild-look-for-module.lds-under-arch-directory-too.patch
debian/kbuild-abort-build-if-subdirs-used.patch

# Fixes/improvements to firmware loading
features/all/drivers-media-dvb-usb-af9005-request_firmware.patch
debian/iwlwifi-do-not-request-unreleased-firmware.patch
bugfix/all/firmware_class-log-every-success-and-failure.patch
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
debian/firmware_class-refer-to-debian-wiki-firmware-page.patch

# Patches from aufs5 repository, imported with debian/bin/genpatch-aufs.
# These are only the changes needed to allow aufs to be built out-of-tree.
#features/all/aufs5/aufs5-base.patch
#features/all/aufs5/aufs5-mmap.patch
#features/all/aufs5/aufs5-standalone.patch

# Change some defaults for security reasons
debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
debian/rds-Disable-auto-loading-as-mitigation-against-local.patch
debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch
debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
debian/fs-enable-link-security-restrictions-by-default.patch

# Set various features runtime-disabled by default
debian/sched-autogroup-disabled.patch
debian/yama-disable-by-default.patch
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch

# Disable autoloading/probing of various drivers by default
debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch
debian/snd-pcsp-disable-autoload.patch
bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
debian/fjes-disable-autoload.patch

# Taint if dangerous features are used
debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch

# Arch bug fixes
bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch
bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch
bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch
bugfix/arm/ARM-dts-sun8i-h3-orangepi-plus-Fix-ethernet-phy-mode.patch
bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch
bugfix/s390x/s390-sclp_vt220-fix-console-name-to-match-device.patch

# Arch features
features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch
features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch
features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch
features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch
features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch
features/arm64/arm64-dts-rockchip-disable-USB-type-c-DisplayPort.patch
features/x86/x86-memtest-WARN-if-bad-RAM-found.patch
features/x86/x86-make-x32-syscall-support-conditional.patch

# Miscellaneous bug fixes
bugfix/all/disable-some-marvell-phys.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch
bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch
bugfix/all/Revert-PCI-PM-Do-not-read-power-state-in-pci_enable_.patch
bugfix/all/swiotlb-manipulate-orig_addr-when-tlb_addr-has-offse.patch
bugfix/all/Revert-drm-amdgpu-gfx9-fix-the-doorbell-missing-when.patch
bugfix/all/Revert-drm-amdgpu-gfx10-enlarge-CP_MEC_DOORBELL_RANG.patch
bugfix/all/block-return-the-correct-bvec-when-checking-for-gaps.patch
bugfix/all/netfilter-nftables-avoid-potential-overflows-on-32bi.patch
bugfix/all/netfilter-nf_tables-initialize-set-before-expression.patch
bugfix/all/netfilter-nftables-clone-set-element-expression-temp.patch
bugfix/all/bnx2x-Fix-enabling-network-interfaces-without-VFs.patch

# Miscellaneous features

# Lockdown missing pieces
features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch

# Improve integrity platform keyring for kernel modules verification
features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch
features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch
features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch
features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch
features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch

# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
debian/ntfs-mark-it-as-broken.patch
bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch
bugfix/all/can-bcm-delay-release-of-struct-bcm_op-after-synchro.patch
bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch
bugfix/all/seq_file-Disallow-extremely-large-seq-buffer-allocat.patch
bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch
bugfix/all/sctp-validate-from_addr_param-return.patch
bugfix/all/sctp-add-size-validation-when-walking-chunks.patch
bugfix/all/sctp-fix-return-value-check-in-__sctp_rcv_asconf_loo.patch
bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch
bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch
bugfix/all/bpf-remove-superfluous-aux-sanitation-on-subprog-rejection.patch
bugfix/all/bpf-Add-kconfig-knob-for-disabling-unpriv-bpf-by-def.patch
bugfix/all/bpf-verifier-allocate-idmap-scratch-in-verifier-env.patch
bugfix/all/bpf-fix-pointer-arithmetic-mask-tightening-under-state-pruning.patch
bugfix/all/virtio_console-Assure-used-length-from-device-is-lim.patch
bugfix/all/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch
bugfix/all/tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch
bugfix/powerpc/KVM-PPC-Book3S-Fix-H_RTAS-rets-buffer-overflow.patch
bugfix/all/ovl-prevent-private-clone-if-bind-mount-is-not-allow.patch
bugfix/x86/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch
bugfix/x86/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested-.patch
bugfix/all/bpf-Fix-integer-overflow-involving-bucket_size.patch
bugfix/all/ath-Use-safer-key-clearing-with-key-cache-entries.patch
bugfix/all/ath9k-Clear-key-cache-explicitly-on-disabling-hardwa.patch
bugfix/all/ath-Export-ath_hw_keysetmac.patch
bugfix/ath-Modify-ath_key_delete-to-not-need-full-key-entry.patch
bugfix/all/ath9k-Postpone-key-cache-entry-deletion-for-TXQ-fram.patch
bugfix/all/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch
bugfix/all/net-qrtr-fix-another-OOB-Read-in-qrtr_endpoint_post.patch
bugfix/all/vt_kdsetmode-extend-console-locking.patch
bugfix/all/ext4-fix-race-writing-to-an-inline_data-file-while-i.patch
bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch
bugfix/all/io_uring-ensure-symmetry-in-handling-iter-types-in-l.patch

# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch

# Tools bug fixes
bugfix/all/usbip-document-tcp-wrappers.patch
bugfix/all/kbuild-fix-recordmcount-dependency.patch
bugfix/all/tools-perf-man-date.patch
bugfix/all/tools-perf-remove-shebangs.patch
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
bugfix/all/cpupower-bump-soname-version.patch
bugfix/all/libcpupower-hide-private-function.patch
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch
bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch
bugfix/all/tools-include-uapi-fix-errno.h.patch

# overlay: allow mounting in user namespaces
debian/overlayfs-permit-mounts-in-userns.patch

# ABI maintenance
