summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2014-08-11 16:33:29 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2014-08-11 16:35:35 -0300
commitd733fc26b31fb2fd30c080762e588d502f3de4f5 (patch)
tree7a764e9930c24738e0f563b9d552ea438711bd5a
parentb21daa0fd8fe26e15e810258efeaa8a5e559c0cd (diff)
downloadabslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.tar.gz
abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.tar.bz2
abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.zip
linux-libre-grsec-3.15.9.201408110025-1: updating version
* rely on grsecurity to disable unprivileged user namespaces
-rw-r--r--libre/linux-libre-grsec/PKGBUILD25
-rw-r--r--libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch41
-rw-r--r--libre/linux-libre-grsec/config.i6864
-rw-r--r--libre/linux-libre-grsec/config.x86_644
4 files changed, 16 insertions, 58 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 3ca2f6e7b..285bdfbe2 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 116869 2014-08-04 21:40:54Z thestinger $
+# $Id: PKGBUILD 117133 2014-08-11 09:27:22Z thestinger $
# Maintainer (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>
@@ -14,13 +14,13 @@
pkgbase=linux-libre-grsec # Build stock -libre-grsec kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.15
-_sublevel=8
+_sublevel=9
_grsecver=3.0
-_timestamp=201408040708
+_timestamp=201408110025
_pkgver=${_basekernel}.${_sublevel}
pkgver=${_basekernel}.${_sublevel}.${_timestamp}
-pkgrel=2
-_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver
+pkgrel=1
+_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="https://grsecurity.net/"
license=('GPL2')
@@ -38,21 +38,19 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'Kbuild.platforms'
'boot-logo.patch'
'change-default-console-loglevel.patch'
- 'Revert-userns-Allow-unprivileged-users-to-create-use.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688'
- '6dfa7e972f54feef3a40047704495c00b4e163d7f164c133aaaa70871ab61afe'
- 'f85023b7d061365a08139743e68082e3f61b178173528a0d9e39c07ddeef0ad6'
+ '8809e70094b8c63010ee090cf8c53cdfc11a6c52bb3707170fadcafd285a22c3'
+ 'ebe1eeefe65dfe12e64941e0727c3cc9c37d2547d3eb8c01031d449be00c1e5f'
'SKIP'
- '83b59a9479df821cf3d3c594aa5306acbd46f9d1cdb2329fca941a258852ad9e'
- 'd650440267b0fabe1e2481b74fe21448aa8b68cc3ee370059e2138797c189efd'
+ '92a3aa5c168aea61cd910748e7f52493f275549c851a0bfe4a72cfd9da742a90'
+ 'c46b0b3750318651c3a12da8dc10ffc5805d0147e0dc56a87a2df37d1503b899'
'9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486'
'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b'
'55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9'
'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6'
'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
- '1b3651558fcd497c72af3d483febb21fff98cbb9fbcb456da19b24304c40c754'
- '2b514ce7d678919bc923fc3a4beef38f4a757a6275717dfe7147544c2e9964f0')
+ '1a0c1d5e3c46306766304663e9d4503ca452c4f93d5154a4ca43a03588e20d00')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
@@ -84,9 +82,6 @@ prepare() {
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
- # forbid unprivileged user namespaces
- patch -p1 -i "$srcdir/Revert-userns-Allow-unprivileged-users-to-create-use.patch"
-
if [ "$CARCH" == "mips64el" ]; then
sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
diff --git a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch b/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch
deleted file mode 100644
index 5713dbb20..000000000
--- a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From e3da68be55914bfeedb8866f191cc0958579611d Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Wed, 13 Nov 2013 10:21:18 -0500
-Subject: [PATCH] Revert "userns: Allow unprivileged users to create user
- namespaces."
-
-This reverts commit 5eaf563e53294d6696e651466697eb9d491f3946.
-
-Conflicts:
- kernel/fork.c
----
- kernel/fork.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/kernel/fork.c b/kernel/fork.c
-index f6d11fc..e04c9a7 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -1573,6 +1573,19 @@ long do_fork(unsigned long clone_flags,
- long nr;
-
- /*
-+ * Do some preliminary argument and permissions checking before we
-+ * actually start allocating stuff
-+ */
-+ if (clone_flags & CLONE_NEWUSER) {
-+ /* hopefully this check will go away when userns support is
-+ * complete
-+ */
-+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
-+ !capable(CAP_SETGID))
-+ return -EPERM;
-+ }
-+
-+ /*
- * Determine whether and which event to report to ptracer. When
- * called from kernel_thread or CLONE_UNTRACED is explicitly
- * requested, no event is reported; otherwise, report if the event
---
-1.8.3.1
-
diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686
index 140c017a7..b51548d1f 100644
--- a/libre/linux-libre-grsec/config.i686
+++ b/libre/linux-libre-grsec/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.15.8.201408010648-1 Kernel Configuration
+# Linux/x86 3.15.9.201408110025-1 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -414,6 +414,8 @@ CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
CONFIG_VM86=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX32=y
CONFIG_TOSHIBA=m
CONFIG_I8K=m
CONFIG_X86_REBOOTFIXUPS=y
diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64
index 8830b5eb0..2cd6a6b53 100644
--- a/libre/linux-libre-grsec/config.x86_64
+++ b/libre/linux-libre-grsec/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.15.8.201408010648-1 Kernel Configuration
+# Linux/x86 3.15.9.201408110025-1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -405,6 +405,8 @@ CONFIG_X86_MCE_AMD=y
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
CONFIG_I8K=m
CONFIG_MICROCODE=m
# CONFIG_MICROCODE_INTEL is not set