Merge branch 'master' of ssh://gparabola/srv/git/abslibre

10 files changed, 60 insertions, 7 deletions

diff --git a/kernels/linux-libre-lts-grsec/.directory b/kernels/linux-libre-lts-grsec/.directory
deleted file mode 100755
index b766bba88..000000000
--- a/kernels/linux-libre-lts-grsec/.directory
+++ /dev/null
@@ -1,3 +0,0 @@
-[Dolphin]
-Timestamp=2012,12,3,14,0,37
-Version=3
diff --git a/kernels/linux-libre-lts-grsec/Kbuild b/kernels/linux-libre-lts-grsec/Kbuild
index 8a9d7dceb..8a9d7dceb 100755..100644
--- a/kernels/linux-libre-lts-grsec/Kbuild
+++ b/kernels/linux-libre-lts-grsec/Kbuild
diff --git a/kernels/linux-libre-lts-grsec/Kbuild.platforms b/kernels/linux-libre-lts-grsec/Kbuild.platforms
index 90a226888..90a226888 100755..100644
--- a/kernels/linux-libre-lts-grsec/Kbuild.platforms
+++ b/kernels/linux-libre-lts-grsec/Kbuild.platforms
diff --git a/kernels/linux-libre-lts-grsec/PKGBUILD b/kernels/linux-libre-lts-grsec/PKGBUILD
index e6ea24827..55b6c41f5 100755..100644
--- a/kernels/linux-libre-lts-grsec/PKGBUILD
+++ b/kernels/linux-libre-lts-grsec/PKGBUILD
@@ -10,9 +10,9 @@ pkgbase=linux-libre-lts-grsec  # Build stock -LIBRE-LTS-GRSEC kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.2
 _grsecver=2.9.1
-_timestamp=201212061818
+_timestamp=201212151420
 pkgver=${_basekernel}.35
-pkgrel=1
+pkgrel=2
 _lxopkgver=${_basekernel}.34 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
@@ -35,7 +35,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
 md5sums=('65c669b6e4888db84a80882461851867'
          '11cd72c1febacfa98e3c6162fee86ba9'
-         '27c45c7b29406bea785a8bef77ebfaf2'
+         'cb8b68478cd26bcdef1aba5617aa4cb2'
          '9cdc3506425c2f5ca4a05493c0c8dec9'
          '969fb7ac31e86521d1d854b7d5a3fa18'
          '243221bb1898f996dcf2020c015f6fd0'
diff --git a/kernels/linux-libre-lts-grsec/boot-logo.patch b/kernels/linux-libre-lts-grsec/boot-logo.patch
index 6a3c68550..6a3c68550 100755..100644
--- a/kernels/linux-libre-lts-grsec/boot-logo.patch
+++ b/kernels/linux-libre-lts-grsec/boot-logo.patch
diff --git a/kernels/linux-libre-lts-grsec/change-default-console-loglevel.patch b/kernels/linux-libre-lts-grsec/change-default-console-loglevel.patch
index 63435d84f..63435d84f 100755..100644
--- a/kernels/linux-libre-lts-grsec/change-default-console-loglevel.patch
+++ b/kernels/linux-libre-lts-grsec/change-default-console-loglevel.patch
diff --git a/kernels/linux-libre-lts-grsec/ext4-options.patch b/kernels/linux-libre-lts-grsec/ext4-options.patch
index ef1b2417d..ef1b2417d 100755..100644
--- a/kernels/linux-libre-lts-grsec/ext4-options.patch
+++ b/kernels/linux-libre-lts-grsec/ext4-options.patch
diff --git a/kernels/linux-libre-lts-grsec/i915-fix-ghost-tv-output.patch b/kernels/linux-libre-lts-grsec/i915-fix-ghost-tv-output.patch
index 3b631361a..3b631361a 100755..100644
--- a/kernels/linux-libre-lts-grsec/i915-fix-ghost-tv-output.patch
+++ b/kernels/linux-libre-lts-grsec/i915-fix-ghost-tv-output.patch
diff --git a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
index 18b408248..05662cb18 100755..100644
--- a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
+++ b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
@@ -2,7 +2,45 @@
 # arg 2:  the old package version
 
 KERNEL_NAME=-lts-grsec
-KERNEL_VERSION=3.2.35-1-LIBRE-LTS-GRSEC
+KERNEL_VERSION=3.2.35-2-LIBRE-LTS-GRSEC
+
+_fix_permissions() {
+  /usr/bin/paxutils
+
+  echo
+  echo You can repeat this process after updating or installing affected
+  echo binaries by running "paxutils".
+}
+
+_add_proc_group() {
+  if ! getent group proc-trusted >/dev/null; then
+    groupadd -g 9998 -r proc-trusted
+    useradd -g 9998 -r proc-trusted
+  fi
+}
+
+_add_tpe_group() {
+  if getent group grsec-trusted >/dev/null; then
+    groupmod -n tpe-trusted grsec-trusted
+  fi
+
+  if ! getent group tpe-trusted >/dev/null; then
+    groupadd -g 9999 -r tpe-trusted
+    useradd -g 9999 -r tpe-trusted
+  fi
+}
+
+_help() {
+  echo
+  echo For group tpe-trusted, Trusted Path Execution is disabled. For group
+  echo proc-trusted, the access to /proc is not restricted. Think carefully
+  echo before adding a normal user to this group.
+  echo
+  echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\".
+  echo
+  echo There is an extensive wikibook on grsecurity:
+  echo http://en.wikibooks.org/wiki/Grsecurity
+}
 
 # set a sane PATH to ensure that critical utils like depmod will be found
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
@@ -28,6 +66,12 @@ post_install () {
       ln -sf vmlinuz-linux-libre${KERNEL_NAME} /boot/vmlinuz26${KERNEL_NAME}
     fi
   fi
+
+  _add_proc_group
+  _add_tpe_group
+  _fix_permissions
+  
+  _help
 }
 
 post_upgrade() {
@@ -60,10 +104,22 @@ post_upgrade() {
     echo ">>> Generating initial ramdisk, using mkinitcpio.  Please wait..."
     mkinitcpio -p linux-libre${KERNEL_NAME}
   fi
+
+  _add_proc_group
+  _add_tpe_group
+  _fix_permissions
+
+  _help
 }
 
 post_remove() {
   # also remove the compat symlinks
   rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img
   rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img
+
+  for group in grsec-trusted proc-trusted tpe-trusted; do
+    if getent group $group >/dev/null; then
+	  groupdel $group
+    fi
+  done
 }
diff --git a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.preset b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.preset
index a18d292a2..a18d292a2 100755..100644
--- a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.preset
+++ b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.preset