diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-08-11 16:33:29 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-08-11 16:35:35 -0300 |
commit | d733fc26b31fb2fd30c080762e588d502f3de4f5 (patch) | |
tree | 7a764e9930c24738e0f563b9d552ea438711bd5a | |
parent | b21daa0fd8fe26e15e810258efeaa8a5e559c0cd (diff) | |
download | abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.tar.gz abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.tar.bz2 abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.zip |
linux-libre-grsec-3.15.9.201408110025-1: updating version
* rely on grsecurity to disable unprivileged user namespaces
-rw-r--r-- | libre/linux-libre-grsec/PKGBUILD | 25 | ||||
-rw-r--r-- | libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch | 41 | ||||
-rw-r--r-- | libre/linux-libre-grsec/config.i686 | 4 | ||||
-rw-r--r-- | libre/linux-libre-grsec/config.x86_64 | 4 |
4 files changed, 16 insertions, 58 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 3ca2f6e7b..285bdfbe2 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 116869 2014-08-04 21:40:54Z thestinger $ +# $Id: PKGBUILD 117133 2014-08-11 09:27:22Z thestinger $ # Maintainer (Arch): Daniel Micay <danielmicay@gmail.com> # Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org> # Contributor (Arch): Thomas Baechler <thomas@archlinux.org> @@ -14,13 +14,13 @@ pkgbase=linux-libre-grsec # Build stock -libre-grsec kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.15 -_sublevel=8 +_sublevel=9 _grsecver=3.0 -_timestamp=201408040708 +_timestamp=201408110025 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} -pkgrel=2 -_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver +pkgrel=1 +_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') @@ -38,21 +38,19 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'Kbuild.platforms' 'boot-logo.patch' 'change-default-console-loglevel.patch' - 'Revert-userns-Allow-unprivileged-users-to-create-use.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688' - '6dfa7e972f54feef3a40047704495c00b4e163d7f164c133aaaa70871ab61afe' - 'f85023b7d061365a08139743e68082e3f61b178173528a0d9e39c07ddeef0ad6' + '8809e70094b8c63010ee090cf8c53cdfc11a6c52bb3707170fadcafd285a22c3' + 'ebe1eeefe65dfe12e64941e0727c3cc9c37d2547d3eb8c01031d449be00c1e5f' 'SKIP' - '83b59a9479df821cf3d3c594aa5306acbd46f9d1cdb2329fca941a258852ad9e' - 'd650440267b0fabe1e2481b74fe21448aa8b68cc3ee370059e2138797c189efd' + '92a3aa5c168aea61cd910748e7f52493f275549c851a0bfe4a72cfd9da742a90' + 'c46b0b3750318651c3a12da8dc10ffc5805d0147e0dc56a87a2df37d1503b899' '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486' 'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b' '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9' 'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6' 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' - '1b3651558fcd497c72af3d483febb21fff98cbb9fbcb456da19b24304c40c754' - '2b514ce7d678919bc923fc3a4beef38f4a757a6275717dfe7147544c2e9964f0') + '1a0c1d5e3c46306766304663e9d4503ca452c4f93d5154a4ca43a03588e20d00') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -84,9 +82,6 @@ prepare() { # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" - # forbid unprivileged user namespaces - patch -p1 -i "$srcdir/Revert-userns-Allow-unprivileged-users-to-create-use.patch" - if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ diff --git a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch b/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch deleted file mode 100644 index 5713dbb20..000000000 --- a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch +++ /dev/null @@ -1,41 +0,0 @@ -From e3da68be55914bfeedb8866f191cc0958579611d Mon Sep 17 00:00:00 2001 -From: Josh Boyer <jwboyer@fedoraproject.org> -Date: Wed, 13 Nov 2013 10:21:18 -0500 -Subject: [PATCH] Revert "userns: Allow unprivileged users to create user - namespaces." - -This reverts commit 5eaf563e53294d6696e651466697eb9d491f3946. - -Conflicts: - kernel/fork.c ---- - kernel/fork.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/kernel/fork.c b/kernel/fork.c -index f6d11fc..e04c9a7 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -1573,6 +1573,19 @@ long do_fork(unsigned long clone_flags, - long nr; - - /* -+ * Do some preliminary argument and permissions checking before we -+ * actually start allocating stuff -+ */ -+ if (clone_flags & CLONE_NEWUSER) { -+ /* hopefully this check will go away when userns support is -+ * complete -+ */ -+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || -+ !capable(CAP_SETGID)) -+ return -EPERM; -+ } -+ -+ /* - * Determine whether and which event to report to ptracer. When - * called from kernel_thread or CLONE_UNTRACED is explicitly - * requested, no event is reported; otherwise, report if the event --- -1.8.3.1 - diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686 index 140c017a7..b51548d1f 100644 --- a/libre/linux-libre-grsec/config.i686 +++ b/libre/linux-libre-grsec/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.15.8.201408010648-1 Kernel Configuration +# Linux/x86 3.15.9.201408110025-1 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -414,6 +414,8 @@ CONFIG_X86_MCE_THRESHOLD=y # CONFIG_X86_MCE_INJECT is not set CONFIG_X86_THERMAL_VECTOR=y CONFIG_VM86=y +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX32=y CONFIG_TOSHIBA=m CONFIG_I8K=m CONFIG_X86_REBOOTFIXUPS=y diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64 index 8830b5eb0..2cd6a6b53 100644 --- a/libre/linux-libre-grsec/config.x86_64 +++ b/libre/linux-libre-grsec/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.15.8.201408010648-1 Kernel Configuration +# Linux/x86 3.15.9.201408110025-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -405,6 +405,8 @@ CONFIG_X86_MCE_AMD=y CONFIG_X86_MCE_THRESHOLD=y # CONFIG_X86_MCE_INJECT is not set CONFIG_X86_THERMAL_VECTOR=y +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y CONFIG_I8K=m CONFIG_MICROCODE=m # CONFIG_MICROCODE_INTEL is not set |