summaryrefslogtreecommitdiff
path: root/kernels
diff options
context:
space:
mode:
authorLuke Shumaker <LukeShu@sbcglobal.net>2012-12-09 17:00:33 -0500
committerLuke Shumaker <LukeShu@sbcglobal.net>2012-12-09 17:00:33 -0500
commitbf7b1c01ce324e441d85d9706dfca6208c824f9d (patch)
treee856afb7f1f6dd2c3c50b4c1a71400ae2a29aca4 /kernels
parent918b51b44f8d1a299f7f0fbce1f58491804c9f80 (diff)
parenta16a7fa77c16e8e6c5abcdca28a2970f77ea8650 (diff)
downloadabslibre-bf7b1c01ce324e441d85d9706dfca6208c824f9d.tar.gz
abslibre-bf7b1c01ce324e441d85d9706dfca6208c824f9d.tar.bz2
abslibre-bf7b1c01ce324e441d85d9706dfca6208c824f9d.zip
Merge branch 'master' of ssh://parabolagnulinux.org:1863/srv/git/abslibre
Diffstat (limited to 'kernels')
-rwxr-xr-xkernels/linux-libre-grsec/PKGBUILD26
-rw-r--r--kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch16
-rwxr-xr-xkernels/linux-libre-grsec/linux-libre-grsec.install2
-rw-r--r--kernels/linux-libre-grsec/module-init-wait-3.6.patch77
-rw-r--r--kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch66
-rwxr-xr-xkernels/linux-libre-lts-grsec/PKGBUILD18
-rwxr-xr-xkernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install4
-rw-r--r--kernels/paxutils/PKGBUILD6
-rwxr-xr-xkernels/paxutils/paxutils26
9 files changed, 40 insertions, 201 deletions
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD
index d586f77f7..873b96b91 100755
--- a/kernels/linux-libre-grsec/PKGBUILD
+++ b/kernels/linux-libre-grsec/PKGBUILD
@@ -9,12 +9,12 @@
pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.6
-_sublevel=8
+_sublevel=9
_grsecver=2.9.1
-_timestamp=201212011309
+_timestamp=201212061820
pkgver=${_basekernel}.${_sublevel}
pkgrel=3
-_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
license=('GPL2')
@@ -31,13 +31,10 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'Kbuild.platforms'
'boot-logo.patch'
'change-default-console-loglevel.patch'
- #'module-symbol-waiting-3.6.patch'
- #'module-init-wait-3.6.patch'
- #'irq_cfg_pointer-3.6.6.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
md5sums=('a2312edd0265b5b07bd4b50afae2b380'
- '3f4d630f49a12079598a3601dd2adb24'
- '404f94ed95983191b673f3462715bd64'
+ '2127e118d09154c7a44dd2dfed2cfecd'
+ '5a7ac3d736bda40cd459865a13263e7d'
'9b4ec887671d9242eba16be5cba4f9dc'
'55695d7853abe483f4db189877fd5e36'
'5f66bed97a5c37e48eb2f71b2d354b9a'
@@ -45,10 +42,7 @@ md5sums=('a2312edd0265b5b07bd4b50afae2b380'
'8267264d9a8966e57fdacd1fa1fc65c4'
'86d3c12bdb77173617d2b9e170522ee0'
'9d3c56a4b999c8bfbd4018089a62f662'
- #'670931649c60fcb3ef2e0119ed532bd4'
- #'8a71abc4224f575008f974a099b5cf6f'
- #'4909a0271af4e5f373136b382826717f'
- 'acc79d1934fe9710acd9039dcd4e8b30')
+ '2f3ae0624acb4a4b12ea2c008b964bd2')
if [ "$CARCH" != "mips64el" ]; then
# Don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
@@ -77,14 +71,6 @@ build() {
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch"
-# # fix module initialisation
-# # https://bugs.archlinux.org/task/32122
-# patch -Np1 -i "${srcdir}/module-symbol-waiting-3.6.patch"
-# patch -Np1 -i "${srcdir}/module-init-wait-3.6.patch"
-
-# # fix FS#32615 - Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt
-# patch -Np1 -i "${srcdir}/irq_cfg_pointer-3.6.6.patch"
-
if [ "$CARCH" == "mips64el" ]; then
sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
diff --git a/kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch b/kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch
deleted file mode 100644
index 32583c0ac..000000000
--- a/kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux.git;a=blobdiff_plain;f=arch%2Fx86%2Fkernel%2Fapic%2Fio_apic.c;h=1817fa911024f07151d3edf91bd350722c9f79f8;hp=c265593ec2cdc3df35fda1586aaf91514fab62fa;hb=94777fc51b3ad85ff9f705ddf7cdd0eb3bbad5a6;hpb=3e8fa263a97079c74880675c451587bb6899e661
-
-diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index c265593..1817fa9 100644
---- a/arch/x86/kernel/apic/io_apic.c
-+++ b/arch/x86/kernel/apic/io_apic.c
-@@ -2257,6 +2257,9 @@ asmlinkage void smp_irq_move_cleanup_interrupt(void)
- continue;
-
- cfg = irq_cfg(irq);
-+ if (!cfg)
-+ continue;
-+
- raw_spin_lock(&desc->lock);
-
- /*
diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install
index 4c65c9783..640b32e25 100755
--- a/kernels/linux-libre-grsec/linux-libre-grsec.install
+++ b/kernels/linux-libre-grsec/linux-libre-grsec.install
@@ -2,7 +2,7 @@
# arg 2: the old package version
KERNEL_NAME=-grsec
-KERNEL_VERSION=3.6.7-4-LIBRE-GRSEC
+KERNEL_VERSION=3.6.9-3-LIBRE-GRSEC
_fix_permissions() {
/usr/bin/paxutils
diff --git a/kernels/linux-libre-grsec/module-init-wait-3.6.patch b/kernels/linux-libre-grsec/module-init-wait-3.6.patch
deleted file mode 100644
index 1bcfd2491..000000000
--- a/kernels/linux-libre-grsec/module-init-wait-3.6.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From: Rusty Russell <rusty@rustcorp.com.au>
-Date: Fri, 28 Sep 2012 05:01:03 +0000 (+0930)
-Subject: module: wait when loading a module which is currently initializing.
-X-Git-Tag: v3.7-rc1~2^2~32
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=9bb9c3be568346538
-
-module: wait when loading a module which is currently initializing.
-
-The original module-init-tools module loader used a fnctl lock on the
-.ko file to avoid attempts to simultaneously load a module.
-Unfortunately, you can't get an exclusive fcntl lock on a read-only
-fd, making this not work for read-only mounted filesystems.
-module-init-tools has a hacky sleep-and-loop for this now.
-
-It's not that hard to wait in the kernel, and only return -EEXIST once
-the first module has finished loading (or continue loading the module
-if the first one failed to initialize for some reason). It's also
-consistent with what we do for dependent modules which are still loading.
-
-Suggested-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
-Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
----
-
-diff --git a/kernel/module.c b/kernel/module.c
-index 63cf6e7..74bc195 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -2845,6 +2845,20 @@ static int post_relocation(struct module *mod, const struct load_info *info)
- return module_finalize(info->hdr, info->sechdrs, mod);
- }
-
-+/* Is this module of this name done loading? No locks held. */
-+static bool finished_loading(const char *name)
-+{
-+ struct module *mod;
-+ bool ret;
-+
-+ mutex_lock(&module_mutex);
-+ mod = find_module(name);
-+ ret = !mod || mod->state != MODULE_STATE_COMING;
-+ mutex_unlock(&module_mutex);
-+
-+ return ret;
-+}
-+
- /* Allocate and load the module: note that size of section 0 is always
- zero, and we rely on this for optional sections. */
- static struct module *load_module(void __user *umod,
-@@ -2852,7 +2866,7 @@ static struct module *load_module(void __user *umod,
- const char __user *uargs)
- {
- struct load_info info = { NULL, };
-- struct module *mod;
-+ struct module *mod, *old;
- long err;
-
- pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n",
-@@ -2918,8 +2932,18 @@ static struct module *load_module(void __user *umod,
- * function to insert in a way safe to concurrent readers.
- * The mutex protects against concurrent writers.
- */
-+again:
- mutex_lock(&module_mutex);
-- if (find_module(mod->name)) {
-+ if ((old = find_module(mod->name)) != NULL) {
-+ if (old->state == MODULE_STATE_COMING) {
-+ /* Wait in case it fails to load. */
-+ mutex_unlock(&module_mutex);
-+ err = wait_event_interruptible(module_wq,
-+ finished_loading(mod->name));
-+ if (err)
-+ goto free_arch_cleanup;
-+ goto again;
-+ }
- err = -EEXIST;
- goto unlock;
- }
diff --git a/kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch b/kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch
deleted file mode 100644
index b87a38ff5..000000000
--- a/kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From: Rusty Russell <rusty@rustcorp.com.au>
-Date: Fri, 28 Sep 2012 05:01:03 +0000 (+0930)
-Subject: module: fix symbol waiting when module fails before init
-X-Git-Tag: v3.7-rc1~2^2~33
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=6f13909f4fe9652f1
-
-module: fix symbol waiting when module fails before init
-
-We use resolve_symbol_wait(), which blocks if the module containing
-the symbol is still loading. However:
-
-1) The module_wq we use is only woken after calling the modules' init
- function, but there are other failure paths after the module is
- placed in the linked list where we need to do the same thing.
-
-2) wake_up() only wakes one waiter, and our waitqueue is shared by all
- modules, so we need to wake them all.
-
-3) wake_up_all() doesn't imply a memory barrier: I feel happier calling
- it after we've grabbed and dropped the module_mutex, not just after
- the state assignment.
-
-Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
----
-
-diff --git a/kernel/module.c b/kernel/module.c
-index 7f2ee45f..63cf6e7 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -2959,7 +2959,7 @@ static struct module *load_module(void __user *umod,
- /* Unlink carefully: kallsyms could be walking list. */
- list_del_rcu(&mod->list);
- module_bug_cleanup(mod);
--
-+ wake_up_all(&module_wq);
- ddebug:
- dynamic_debug_remove(info.debug);
- unlock:
-@@ -3034,7 +3034,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
- blocking_notifier_call_chain(&module_notify_list,
- MODULE_STATE_GOING, mod);
- free_module(mod);
-- wake_up(&module_wq);
-+ wake_up_all(&module_wq);
- return ret;
- }
- if (ret > 0) {
-@@ -3046,9 +3046,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
- dump_stack();
- }
-
-- /* Now it's a first class citizen! Wake up anyone waiting for it. */
-+ /* Now it's a first class citizen! */
- mod->state = MODULE_STATE_LIVE;
-- wake_up(&module_wq);
- blocking_notifier_call_chain(&module_notify_list,
- MODULE_STATE_LIVE, mod);
-
-@@ -3071,6 +3070,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
- mod->init_ro_size = 0;
- mod->init_text_size = 0;
- mutex_unlock(&module_mutex);
-+ wake_up_all(&module_wq);
-
- return 0;
- }
diff --git a/kernels/linux-libre-lts-grsec/PKGBUILD b/kernels/linux-libre-lts-grsec/PKGBUILD
index 9e3ef91ce..e6ea24827 100755
--- a/kernels/linux-libre-lts-grsec/PKGBUILD
+++ b/kernels/linux-libre-lts-grsec/PKGBUILD
@@ -10,9 +10,9 @@ pkgbase=linux-libre-lts-grsec # Build stock -LIBRE-LTS-GRSEC kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.2
_grsecver=2.9.1
-_timestamp=201211251859
-pkgver=${_basekernel}.34
-pkgrel=3
+_timestamp=201212061818
+pkgver=${_basekernel}.35
+pkgrel=1
_lxopkgver=${_basekernel}.34 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
@@ -20,7 +20,7 @@ license=('GPL2')
makedepends=('xmlto' 'docbook-xsl')
options=('!strip')
source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gnu/linux-libre-${_basekernel}-gnu.tar.xz"
- "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}-gnu/patch-${_basekernel}-gnu-${_pkgver}-gnu.xz"
+ "http://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver}-gnu/patch-${_basekernel}-gnu-${pkgver}-gnu.xz"
"http://grsecurity.net/stable/grsecurity-$_grsecver-$pkgver-$_timestamp.patch"
# the main kernel config files
'config.i686' 'config.x86_64'
@@ -34,14 +34,14 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'ext4-options.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
md5sums=('65c669b6e4888db84a80882461851867'
- 'cb77e85201da7df05a1c0609e5c91740'
- '31b0af1369d602537bcce58141f37645'
+ '11cd72c1febacfa98e3c6162fee86ba9'
+ '27c45c7b29406bea785a8bef77ebfaf2'
'9cdc3506425c2f5ca4a05493c0c8dec9'
'969fb7ac31e86521d1d854b7d5a3fa18'
'243221bb1898f996dcf2020c015f6fd0'
'2967cecc3af9f954ccc822fd63dca6ff'
'8267264d9a8966e57fdacd1fa1fc65c4'
- '04b21c79df0a952c22d681dd4f4562df'
+ '86d3c12bdb77173617d2b9e170522ee0'
'9d3c56a4b999c8bfbd4018089a62f662'
'263725f20c0b9eb9c353040792d644e5'
'f36222e7ce20c8e4dc27376f9be60f6c'
@@ -60,11 +60,11 @@ build() {
cd "${srcdir}/linux-${_basekernel}"
if [ "${_basekernel}" != "${pkgver}" ]; then
- patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${_pkgver}-gnu"
+ patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu"
fi
# Add grsecurity patches
- patch -Np1 -i $srcdir/grsecurity-$_grsecver-$pkgver-$_timestamp.patch
+ patch -Np1 -i ${srcdir}/grsecurity-${_grsecver}-${pkgver}-${_timestamp}.patch
rm localversion-grsec
# Add freedo as boot logo
diff --git a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
index 87abae14c..18b408248 100755
--- a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
+++ b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
@@ -2,7 +2,7 @@
# arg 2: the old package version
KERNEL_NAME=-lts-grsec
-KERNEL_VERSION=3.2.34-1-LIBRE-LTS-GRSEC
+KERNEL_VERSION=3.2.35-1-LIBRE-LTS-GRSEC
# set a sane PATH to ensure that critical utils like depmod will be found
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
@@ -17,7 +17,7 @@ post_install () {
fi
# compat symlinks for the official kernels only
- if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-lts-rt" ]; then
+ if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-lts-grsec" ]; then
loaders="$(find /boot -name syslinux.cfg -or -name extlinux.conf -or -name grub.cfg -or -name menu.lst)"
[ -f /etc/lilo.conf ] && loaders="$loaders /etc/lilo.conf"
if [ -n "${loaders}" ] && grep -q -e vmlinuz26 -e kernel26.img -e kernel26-fallback.img $loaders; then
diff --git a/kernels/paxutils/PKGBUILD b/kernels/paxutils/PKGBUILD
index 3d6d1e772..66896a32a 100644
--- a/kernels/paxutils/PKGBUILD
+++ b/kernels/paxutils/PKGBUILD
@@ -3,8 +3,8 @@
pkgname=paxutils
pkgdesc='PaX utilities to configure flags for several binaries to work with PaX kernels'
-pkgver=0.1.0
-pkgrel=2
+pkgver=0.1.1
+pkgrel=1
arch=(any)
url='https://projects.parabolagnulinux.org/abslibre.git/tree/kernels/paxutils/'
license=(GPL2)
@@ -13,7 +13,7 @@ replaces=('linux-pax-flags' 'linux-libre-pax-flags')
conflicts=('linux-pax-flags' 'linux-libre-pax-flags')
provides=('linux-pax-flags' 'linux-libre-pax-flags')
source=($pkgname)
-sha256sums=(bf1fda4919e7ed8052711c91933d9da5d86945ba44133c94e1952dedb4d1759b)
+sha256sums=(a47ebcde9ecb0a5d16825cdca3710ea8ab4fd111abae72216d44e1b0294e043a)
build() {
return 0
diff --git a/kernels/paxutils/paxutils b/kernels/paxutils/paxutils
index 22f5a8171..69662a646 100755
--- a/kernels/paxutils/paxutils
+++ b/kernels/paxutils/paxutils
@@ -1,14 +1,25 @@
#!/bin/bash
-[ "$UID" = "0" ] || {
- sudo $0
- exit $!
+function usage() {
+ echo $(basename $0) \[options\] >&2
+ echo
+ echo ' -h This help.'
+ echo ' -y Do not ask before changes.'
+ echo
+ exit 1
}
function homedir() {
egrep ^$1 /etc/passwd | cut -d: -f 6
}
+[ "$1" = '-h' ] && usage
+
+[ "$UID" = "0" ] || {
+ sudo $0 $@
+ exit $!
+}
+
declare -A perms
perms=(
@@ -19,6 +30,7 @@ perms=(
# MPROTECT and RANDMMAP off
['cPSmXEr']='
/usr/bin/elinks
+ /usr/bin/gnome-shell
/usr/bin/pyrogenesis
/usr/lib/iceweasel/iceweasel
/usr/lib/iceweasel/plugin-container
@@ -148,22 +160,22 @@ echo configuration for the following binaries:
for perm in ${!perms[@]}; do
for path in ${perms[$perm]}; do
- [ -f $path ] && echo " * $path"
+ [ -f "$path" ] && echo " * $path"
done
done
echo
echo Continue writing PaX headers? \[Y/n\]
-read a
+[ "$1" = '-y' ] && a=y || read a
case $a in
"Y"|"y"|"")
for perm in ${!perms[@]}; do
for path in ${perms[$perm]}; do
- [ -f $path ] && {
+ [ -f "$path" ] && {
echo $perm $path
- paxctl -$perm $path
+ paxctl -$perm "$path"
}
done
done