summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid P <megver83@parabola.nu>2019-02-23 16:16:52 -0300
committerDavid P <megver83@parabola.nu>2019-02-23 16:16:52 -0300
commitfc593ede99dcc95360a447e30abefbd8067e2173 (patch)
tree48290d348beba674596a0bf6e06de1757f14ac99
parente992bb10b168e5f57113d0b2613ffcff8d347fe0 (diff)
downloadabslibre-fc593ede99dcc95360a447e30abefbd8067e2173.tar.gz
abslibre-fc593ede99dcc95360a447e30abefbd8067e2173.tar.bz2
abslibre-fc593ede99dcc95360a447e30abefbd8067e2173.zip
upgpkg: libre/linux-libre 4.20.11_gnu-1
Signed-off-by: David P <megver83@parabola.nu>
-rw-r--r--libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch13
-rw-r--r--libre/linux-libre/0002-net-crypto-set-sk-to-NULL-when-af_alg_release.patch121
-rw-r--r--libre/linux-libre/0003-exec-Fix-mem-leak-in-kernel_read_file.patch49
-rw-r--r--libre/linux-libre/PKGBUILD54
-rw-r--r--libre/linux-libre/config.armv7h5
-rw-r--r--libre/linux-libre/config.i68627
-rw-r--r--libre/linux-libre/config.x86_6428
7 files changed, 258 insertions, 39 deletions
diff --git a/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 1acba9de4..fd287af36 100644
--- a/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,7 +1,8 @@
-From c0e9080c8b76a81fb0f5d2cbd920a24b7f17d11e Mon Sep 17 00:00:00 2001
+From aa38734a9d06dd75d61819e884742be9eadbc143 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
+Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by
+ default
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
@@ -13,7 +14,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
3 files changed, 30 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
-index e2a5156bc9c3..74d59b69d494 100644
+index 906cd0c13d15..0d1d30ad91e7 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -104,6 +104,11 @@
@@ -28,7 +29,7 @@ index e2a5156bc9c3..74d59b69d494 100644
/*
* Minimum number of threads to boot the kernel
-@@ -1698,6 +1703,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -39,7 +40,7 @@ index e2a5156bc9c3..74d59b69d494 100644
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
-@@ -2522,6 +2531,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@@ -53,7 +54,7 @@ index e2a5156bc9c3..74d59b69d494 100644
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 5fc724e4e454..bea075b4bb48 100644
+index 9ee261fce89e..ab26ddeab33d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -106,6 +106,9 @@ extern int core_uses_pid;
diff --git a/libre/linux-libre/0002-net-crypto-set-sk-to-NULL-when-af_alg_release.patch b/libre/linux-libre/0002-net-crypto-set-sk-to-NULL-when-af_alg_release.patch
new file mode 100644
index 000000000..b88dd07df
--- /dev/null
+++ b/libre/linux-libre/0002-net-crypto-set-sk-to-NULL-when-af_alg_release.patch
@@ -0,0 +1,121 @@
+From 39ed3f341657277612ad6879fbc460198c6e5396 Mon Sep 17 00:00:00 2001
+From: Mao Wenan <maowenan@huawei.com>
+Date: Mon, 18 Feb 2019 10:44:44 +0800
+Subject: [PATCH 2/3] net: crypto set sk to NULL when af_alg_release.
+
+KASAN has found use-after-free in sockfs_setattr.
+The existed commit 6d8c50dcb029 ("socket: close race condition between sock_close()
+and sockfs_setattr()") is to fix this simillar issue, but it seems to ignore
+that crypto module forgets to set the sk to NULL after af_alg_release.
+
+KASAN report details as below:
+BUG: KASAN: use-after-free in sockfs_setattr+0x120/0x150
+Write of size 4 at addr ffff88837b956128 by task syz-executor0/4186
+
+CPU: 2 PID: 4186 Comm: syz-executor0 Not tainted xxx + #1
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
+1.10.2-1ubuntu1 04/01/2014
+Call Trace:
+ dump_stack+0xca/0x13e
+ print_address_description+0x79/0x330
+ ? vprintk_func+0x5e/0xf0
+ kasan_report+0x18a/0x2e0
+ ? sockfs_setattr+0x120/0x150
+ sockfs_setattr+0x120/0x150
+ ? sock_register+0x2d0/0x2d0
+ notify_change+0x90c/0xd40
+ ? chown_common+0x2ef/0x510
+ chown_common+0x2ef/0x510
+ ? chmod_common+0x3b0/0x3b0
+ ? __lock_is_held+0xbc/0x160
+ ? __sb_start_write+0x13d/0x2b0
+ ? __mnt_want_write+0x19a/0x250
+ do_fchownat+0x15c/0x190
+ ? __ia32_sys_chmod+0x80/0x80
+ ? trace_hardirqs_on_thunk+0x1a/0x1c
+ __x64_sys_fchownat+0xbf/0x160
+ ? lockdep_hardirqs_on+0x39a/0x5e0
+ do_syscall_64+0xc8/0x580
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x462589
+Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89
+f7 48 89 d6 48 89
+ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3
+48 c7 c1 bc ff ff
+ff f7 d8 64 89 01 48
+RSP: 002b:00007fb4b2c83c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000104
+RAX: ffffffffffffffda RBX: 000000000072bfa0 RCX: 0000000000462589
+RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000007
+RBP: 0000000000000005 R08: 0000000000001000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb4b2c846bc
+R13: 00000000004bc733 R14: 00000000006f5138 R15: 00000000ffffffff
+
+Allocated by task 4185:
+ kasan_kmalloc+0xa0/0xd0
+ __kmalloc+0x14a/0x350
+ sk_prot_alloc+0xf6/0x290
+ sk_alloc+0x3d/0xc00
+ af_alg_accept+0x9e/0x670
+ hash_accept+0x4a3/0x650
+ __sys_accept4+0x306/0x5c0
+ __x64_sys_accept4+0x98/0x100
+ do_syscall_64+0xc8/0x580
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+Freed by task 4184:
+ __kasan_slab_free+0x12e/0x180
+ kfree+0xeb/0x2f0
+ __sk_destruct+0x4e6/0x6a0
+ sk_destruct+0x48/0x70
+ __sk_free+0xa9/0x270
+ sk_free+0x2a/0x30
+ af_alg_release+0x5c/0x70
+ __sock_release+0xd3/0x280
+ sock_close+0x1a/0x20
+ __fput+0x27f/0x7f0
+ task_work_run+0x136/0x1b0
+ exit_to_usermode_loop+0x1a7/0x1d0
+ do_syscall_64+0x461/0x580
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+Syzkaller reproducer:
+r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0,
+0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0,
+0xffffffffffffffff, 0x0)
+r1 = socket$alg(0x26, 0x5, 0x0)
+getrusage(0x0, 0x0)
+bind(r1, &(0x7f00000001c0)=@alg={0x26, 'hash\x00', 0x0, 0x0,
+'sha256-ssse3\x00'}, 0x80)
+r2 = accept(r1, 0x0, 0x0)
+r3 = accept4$unix(r2, 0x0, 0x0, 0x0)
+r4 = dup3(r3, r0, 0x0)
+fchownat(r4, &(0x7f00000000c0)='\x00', 0x0, 0x0, 0x1000)
+
+Fixes: 6d8c50dcb029 ("socket: close race condition between sock_close() and sockfs_setattr()")
+Signed-off-by: Mao Wenan <maowenan@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ crypto/af_alg.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/af_alg.c b/crypto/af_alg.c
+index 17eb09d222ff..ec78a04eb136 100644
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -122,8 +122,10 @@ static void alg_do_release(const struct af_alg_type *type, void *private)
+
+ int af_alg_release(struct socket *sock)
+ {
+- if (sock->sk)
++ if (sock->sk) {
+ sock_put(sock->sk);
++ sock->sk = NULL;
++ }
+ return 0;
+ }
+ EXPORT_SYMBOL_GPL(af_alg_release);
+--
+2.20.1
+
diff --git a/libre/linux-libre/0003-exec-Fix-mem-leak-in-kernel_read_file.patch b/libre/linux-libre/0003-exec-Fix-mem-leak-in-kernel_read_file.patch
new file mode 100644
index 000000000..e8c87ad80
--- /dev/null
+++ b/libre/linux-libre/0003-exec-Fix-mem-leak-in-kernel_read_file.patch
@@ -0,0 +1,49 @@
+From 3096ba94fa87b22664baa91e71a55ce698bb8aed Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Tue, 19 Feb 2019 10:10:38 +0800
+Subject: [PATCH 3/3] exec: Fix mem leak in kernel_read_file
+
+syzkaller report this:
+BUG: memory leak
+unreferenced object 0xffffc9000488d000 (size 9195520):
+ comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s)
+ hex dump (first 32 bytes):
+ ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................
+ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z.....
+ backtrace:
+ [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline]
+ [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
+ [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831
+ [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924
+ [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993
+ [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895
+ [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+ [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ [<00000000241f889b>] 0xffffffffffffffff
+
+It should goto 'out_free' lable to free allocated buf while kernel_read
+fails.
+
+Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ fs/exec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/exec.c b/fs/exec.c
+index fc281b738a98..20c33029a062 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
+ bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
+ if (bytes < 0) {
+ ret = bytes;
+- goto out;
++ goto out_free;
+ }
+
+ if (bytes == 0)
+--
+2.20.1
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index e7aa48fcb..acac2224b 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -12,7 +12,7 @@
pkgbase=linux-libre # Build stock kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_srcbasever=4.20-gnu
-_srcver=4.20.10-gnu
+_srcver=4.20.11-gnu
_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
_replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -22,7 +22,7 @@ _srcname=linux-${_srcbasever%-*}
_archpkgver=${_srcver%-*}
pkgver=${_srcver//-/_}
pkgrel=1
-rcnrel=armv7-x6
+rcnrel=armv7-x7
arch=(i686 x86_64 armv7h)
url="https://linux-libre.fsfla.org/"
license=(GPL2)
@@ -36,28 +36,30 @@ source=(
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig}
# the main kernel config files
- 'config.i686' 'config.x86_64' 'config.armv7h'
+ config.i686 config.x86_64 config.armv7h
# pacman hooks for depmod and initramfs regeneration
- '60-linux.hook' '90-linux.hook'
+ 60-linux.hook 90-linux.hook
# standard config files for mkinitcpio ramdisk
- 'linux.preset'
+ linux.preset
# files for signing Chromebooks kernels
- 'kernel.its' 'kernel.keyblock' 'kernel_data_key.vbprivk'
+ kernel.its kernel.keyblock kernel_data_key.vbprivk
# armv7h patches
"https://repo.parabola.nu/other/rcn-libre/patches/${_srcver%-*}/rcn-libre-${_srcver%-*}-$rcnrel.patch"{,.sig}
- '0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch'
- '0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch'
- '0003-SMILE-Plug-device-tree-file.patch'
- '0004-fix-mvsdio-eMMC-timing.patch'
- '0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch'
- '0006-set-default-cubietruck-led-triggers.patch'
- '0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch'
- '0008-ARM-dove-enable-ethernet-on-D3Plug.patch'
- '0009-media-s5p-mfc-fix-incorrect-bus-assignment-in-virtua.patch'
+ 0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch
+ 0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch
+ 0003-SMILE-Plug-device-tree-file.patch
+ 0004-fix-mvsdio-eMMC-timing.patch
+ 0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch
+ 0006-set-default-cubietruck-led-triggers.patch
+ 0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch
+ 0008-ARM-dove-enable-ethernet-on-D3Plug.patch
+ 0009-media-s5p-mfc-fix-incorrect-bus-assignment-in-virtua.patch
# other patches
- '0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch'
- '0002-fix-Atmel-maXTouch-touchscreen-support.patch'
- '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
+ 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
+ 0002-fix-Atmel-maXTouch-touchscreen-support.patch
+ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+ 0002-net-crypto-set-sk-to-NULL-when-af_alg_release.patch
+ 0003-exec-Fix-mem-leak-in-kernel_read_file.patch
)
validpgpkeys=(
'474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
@@ -65,7 +67,7 @@ validpgpkeys=(
)
sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c22c211e47fca2509d5d75d64626fb28e9bbc8ccadc565f27fe9c8e47e12dc4'
'SKIP'
- '93cbaa78de8c2f4375965e3ec5192e53eb835df2a83156f051fe01e27d0af6258912478aef5f4a864306d4e557dead2a1d038f5415ea11505fcbb57416f502dc'
+ '3cb387665734be799f3c833939f0938e17216f08aff5113a85a845dcf382d997f3574e8ea30c0fb6d5e85295106a347324c3b50858939d4568b6fa25c40a05ff'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -73,16 +75,16 @@ sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c2
'SKIP'
'7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
'SKIP'
- 'e26a6847d36177f4f242a69cb0d4a5f9641d4004f5143e5b13727fad55b539d099c0fa9fdec46e459f3fd0a768e7edbafd8eef621041e4f7bb70886de1e2319d'
- 'ff751e8b4d4a4b4988a5a2e2d451790440f9be3cf8d7f27c242ea1e5b1db3f2c9cfcad19b2d9256dccf911f75925f65a826c1f11ca0258741ce25eed5e5f7cfd'
- 'e5e47da752a6bed9755338dea784acb52ac081c7679c2567073b228272318e849c86832755f53a94d12908e1683dc4d898972fccfa3f17c6a8a60320d7178a43'
+ '86823b1e2e838a00323215029a9d0d3a0b756e5a93b2a1f570f3aa18a93c657a8eb29db261e30f015480d4d77c7d311f6df74ea259795960f93c00399710e504'
+ '57a551ed21d37caca08409139183feac42111f5f6a2b110aa4dbdbbd5ede88b8fbec74060511c83ca02c9748760b1f9ef72da37899f0c33ddde804a431049105'
+ '9c34ec064a4763f238fd9721beeb3021d138ea038bd583f65eed49f49b524e2a04190e5653a8607e8613e82000cb76a8b18855ad00f644f603e39261ffb990d3'
'7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
'2718b58dbbb15063bacb2bde6489e5b3c59afac4c0e0435b97fe720d42c711b6bcba926f67a8687878bd51373c9cf3adb1915a11666d79ccb220bf36e0788ab7'
'2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
'167bc73c6c1c63931806238905dc44c7d87c5a5c0f6293159f2133dfe717fb44081018d810675716d1605ec7dff5e8333b87b19e09e2de21d0448e447437873b'
'bb6718984a7357c9b00c37e4788480e5b8b75018c172ecc1441bc3fc5d2d42444eb5d8c7f9d2e3a7d6fed6d03acb565e3c0559486e494c40a7fe6bd0570c9ede'
'143dea30c6da00e504c99984a98a0eb2411f558fcdd9dfa7f607d6c14e9e7dffff9cb00121d9317044b07e3e210808286598c785ee854084b993ec9cb14d8232'
- 'cf61447790bba8d3cffc95c2b415d673c4cb5907fd3e0fd40f85644fcad0d568fc8c7b8c1391ae2b23696da65f037d966538a5cfe2f770e5d6a71a2193f62bbb'
+ '82375afd5217b8d86a3d0da646af31330bf6bb91531e9b2462a96efb64a618e64696c4710a6bc220e9bf626dcd5c1015b6fd9b8b9c229c67a47cf58ee7aa4dd6'
'SKIP'
'a1d15484cc68e1ce6919ecde2172d458641bcbb4fca467d3ecb3daa576f26173574c782c89120dab4c6e0d7277aa72695ea5197db47c9ff6964cdd62991bdaeb'
'5cc794a821e68b089a09a0083c4971d9c11a057f2cc06c39b7e0c6ba9838cd2e0f2a299a1525725f2b8e462a200e108be97c5b9015d520978e5c61fa932add12'
@@ -95,7 +97,9 @@ sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c2
'1834eff6ff158ae05d059e8e20d33a950ec0c4dc5fb60fd215f9e7202e9efb14231f3d5e312e826e097dff131fb399e6a9d4e8d4069a1ccf6e2966364f453c0d'
'02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
- '9d24dff68a11aee6b5f1b6b003b27603a8c431e76c3cb638e852cd8c0ccd2a298b1116bbad0dc816e9de7d987dcf329a5d250673067ec125760eee543f65eed5')
+ 'bac4951f03f9ec3882f1afbb3a35a5980d9e8a321056cc00294f91f0e496922a82f2403f8e99950c053866837bd7382e18cda936d9eca58bc408f6903453c89c'
+ '67710358e51ffd30aaf64351e6c3542bdfa9e4e3db43ee38fca8b15357d71be3cd18db0180d196c8b2d44781ce2625e5b709d496dea0723d0616ebdfb048028a'
+ 'e81e85b98f126a1e298d54a289659e648582070db617194a8ed13796535341f3a052e3103ee87c4d9bd797103429b883ae2e761cb6f4b61b15f0c0fea017ff95')
_kernelname=${pkgbase#linux-libre}
_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
@@ -140,6 +144,8 @@ prepare() {
# Arch's linux patches
patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+ patch -p1 -i ../0002-net-crypto-set-sk-to-NULL-when-af_alg_release.patch
+ patch -p1 -i ../0003-exec-Fix-mem-leak-in-kernel_read_file.patch
# maintain the TTY over USB disconnects
# http://www.coreboot.org/EHCI_Gadget_Debug
diff --git a/libre/linux-libre/config.armv7h b/libre/linux-libre/config.armv7h
index 79480834c..b9f080fa1 100644
--- a/libre/linux-libre/config.armv7h
+++ b/libre/linux-libre/config.armv7h
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.20.10-gnu Kernel Configuration
+# Linux/arm 4.20.11-gnu Kernel Configuration
#
#
@@ -7045,7 +7045,7 @@ CONFIG_UIO_AEC=m
CONFIG_UIO_SERCOS3=m
CONFIG_UIO_PCI_GENERIC=m
CONFIG_UIO_NETX=m
-# CONFIG_UIO_PRUSS is not set
+CONFIG_UIO_PRUSS=m
CONFIG_UIO_MF624=m
# CONFIG_VFIO is not set
# CONFIG_VIRT_DRIVERS is not set
@@ -7419,7 +7419,6 @@ CONFIG_SOC_TEGRA_PMC=y
CONFIG_SOC_TI=y
# CONFIG_KEYSTONE_NAVIGATOR_QMSS is not set
# CONFIG_KEYSTONE_NAVIGATOR_DMA is not set
-CONFIG_TI_PRUSS=m
#
# Xilinx SoC drivers
diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686
index 1216b8be3..2f0e80b7d 100644
--- a/libre/linux-libre/config.i686
+++ b/libre/linux-libre/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.20.10-gnu Kernel Configuration
+# Linux/x86 4.20.11-gnu Kernel Configuration
#
#
@@ -465,7 +465,10 @@ CONFIG_PM_SLEEP_DEBUG=y
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
CONFIG_PM_CLK=y
+CONFIG_PM_GENERIC_DOMAINS=y
CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
+CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
+CONFIG_PM_GENERIC_DOMAINS_OF=y
CONFIG_ARCH_SUPPORTS_ACPI=y
CONFIG_ACPI=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
@@ -5909,6 +5912,7 @@ CONFIG_DRM_TTM=m
CONFIG_DRM_GEM_CMA_HELPER=y
CONFIG_DRM_KMS_CMA_HELPER=y
CONFIG_DRM_VM=y
+CONFIG_DRM_SCHED=m
#
# I2C encoder or helper chips
@@ -5917,16 +5921,33 @@ CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
CONFIG_DRM_I2C_NXP_TDA998X=m
# CONFIG_DRM_I2C_NXP_TDA9950 is not set
-# CONFIG_DRM_RADEON is not set
-# CONFIG_DRM_AMDGPU is not set
+CONFIG_DRM_RADEON=m
+CONFIG_DRM_RADEON_USERPTR=y
+CONFIG_DRM_AMDGPU=m
+# CONFIG_DRM_AMDGPU_SI is not set
+# CONFIG_DRM_AMDGPU_CIK is not set
+CONFIG_DRM_AMDGPU_USERPTR=y
+# CONFIG_DRM_AMDGPU_GART_DEBUGFS is not set
#
# ACP (Audio CoProcessor) Configuration
#
+CONFIG_DRM_AMD_ACP=y
+
+#
+# Display Engine Configuration
+#
+CONFIG_DRM_AMD_DC=y
+CONFIG_DRM_AMD_DC_DCN1_0=y
+CONFIG_DRM_AMD_DC_DCN1_01=y
+# CONFIG_DEBUG_KERNEL_DC is not set
#
# AMD Library routines
#
+CONFIG_CHASH=m
+# CONFIG_CHASH_STATS is not set
+# CONFIG_CHASH_SELFTEST is not set
CONFIG_DRM_NOUVEAU=m
CONFIG_NOUVEAU_DEBUG=5
CONFIG_NOUVEAU_DEBUG_DEFAULT=3
diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64
index 3bd9fe9e2..77c721b1d 100644
--- a/libre/linux-libre/config.x86_64
+++ b/libre/linux-libre/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.20.10-gnu Kernel Configuration
+# Linux/x86 4.20.11-gnu Kernel Configuration
#
#
@@ -488,7 +488,10 @@ CONFIG_PM_SLEEP_DEBUG=y
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
CONFIG_PM_CLK=y
+CONFIG_PM_GENERIC_DOMAINS=y
CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
+CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
+CONFIG_PM_GENERIC_DOMAINS_OF=y
CONFIG_ARCH_SUPPORTS_ACPI=y
CONFIG_ACPI=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
@@ -5901,6 +5904,7 @@ CONFIG_DRM_TTM=m
CONFIG_DRM_GEM_CMA_HELPER=y
CONFIG_DRM_KMS_CMA_HELPER=y
CONFIG_DRM_VM=y
+CONFIG_DRM_SCHED=m
#
# I2C encoder or helper chips
@@ -5909,16 +5913,34 @@ CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
CONFIG_DRM_I2C_NXP_TDA998X=m
CONFIG_DRM_I2C_NXP_TDA9950=m
-# CONFIG_DRM_RADEON is not set
-# CONFIG_DRM_AMDGPU is not set
+CONFIG_DRM_RADEON=m
+CONFIG_DRM_RADEON_USERPTR=y
+CONFIG_DRM_AMDGPU=m
+# CONFIG_DRM_AMDGPU_SI is not set
+# CONFIG_DRM_AMDGPU_CIK is not set
+CONFIG_DRM_AMDGPU_USERPTR=y
+# CONFIG_DRM_AMDGPU_GART_DEBUGFS is not set
#
# ACP (Audio CoProcessor) Configuration
#
+CONFIG_DRM_AMD_ACP=y
+
+#
+# Display Engine Configuration
+#
+CONFIG_DRM_AMD_DC=y
+CONFIG_DRM_AMD_DC_DCN1_0=y
+CONFIG_DRM_AMD_DC_DCN1_01=y
+# CONFIG_DEBUG_KERNEL_DC is not set
+CONFIG_HSA_AMD=y
#
# AMD Library routines
#
+CONFIG_CHASH=m
+# CONFIG_CHASH_STATS is not set
+# CONFIG_CHASH_SELFTEST is not set
CONFIG_DRM_NOUVEAU=m
CONFIG_NOUVEAU_DEBUG=5
CONFIG_NOUVEAU_DEBUG_DEFAULT=3