diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-07-30 20:38:35 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-07-30 20:38:35 -0300 |
commit | 15247b8595a5a378c8be0043bb785f8fb4eb47f1 (patch) | |
tree | 066608dd9a55239b300b1e9dd09ec093a2604571 /libre/linux-libre-grsec/PKGBUILD | |
parent | 6fb74af4b079b3a8213d61ca0b440e0647231683 (diff) | |
download | abslibre-15247b8595a5a378c8be0043bb785f8fb4eb47f1.tar.gz abslibre-15247b8595a5a378c8be0043bb785f8fb4eb47f1.tar.bz2 abslibre-15247b8595a5a378c8be0043bb785f8fb4eb47f1.zip |
linux-libre-grsec-3.15.7.201407282112-2: updating version
* enable CONFIG_USER_NS, but revert the commit allowing unprivileged user namespaces to avoid adding attack surface
Diffstat (limited to 'libre/linux-libre-grsec/PKGBUILD')
-rw-r--r-- | libre/linux-libre-grsec/PKGBUILD | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 9d404588d..60f60a8b4 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -13,13 +13,13 @@ pkgbase=linux-libre-grsec # Build stock -libre-grsec kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.15 -_sublevel=6 +_sublevel=7 _grsecver=3.0 -_timestamp=201407280729 +_timestamp=201407282112 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} -pkgrel=1 -_lxopkgver=${_basekernel}.6 # nearly always the same as pkgver +pkgrel=2 +_lxopkgver=${_basekernel}.7 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') @@ -37,23 +37,23 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'Kbuild.platforms' 'boot-logo.patch' 'change-default-console-loglevel.patch' - '0013-efistub-fix.patch' + 'Revert-userns-Allow-unprivileged-users-to-create-use.patch' 'sysctl.conf' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688' - '1966964395bd9331843c8d6dacbf661c9061e90c81bf8609d995ed458d57e358' - '28f31111afab6e7d23c1bf486537c68ef0bb72f90e8504ef7202d6cb85b27cfd' + 'ffc3b2c30f38bcdaac32f2236651d1339ef4a9c2a70669938cdc1768440ce5d0' + '6f9c45339b6801e7021505c569c47b480fcde1f36aba34b89b3615fec0a59532' 'SKIP' - '9d926dcaf6ae07359619337ba2e17e36e8b23837b9e423e391f304f21c95de75' - '5037a8058ee020195d99b7c127d8634e77a281e31fa56c656b7d8661cac63665' + '346723e7937fc11550ed341eccd7170b9d7fa04a5c700e3f9f0dafca4333dccc' + '2c882c979bc20fab3782357aefddd083d3255832afb8dc76ab0724284d517ffe' '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486' 'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b' '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9' 'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6' 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' - '937dc895b4f5948381775a75bd198ed2f157a9f356da0ab5a5006f9f1dacde5c' + '1b3651558fcd497c72af3d483febb21fff98cbb9fbcb456da19b24304c40c754' 'd4d4ae0b9c510547f47d94582e4ca08a7f12e9baf324181cb54d328027305e31' - '38beb22b3d9f548fff897c0690dad330443ef24e48d414cf8dbc682f40501fab') + '78a6e45c598d89475c8e7768e3965d3ab184c067fd6211adca272ac91b8e5e14') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -85,9 +85,8 @@ prepare() { # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" - # fix efistub hang #33745 - # https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/patch/?id=c7fb93ec51d462ec3540a729ba446663c26a0505 - patch -Np1 -i "${srcdir}/0013-efistub-fix.patch" + # forbid unprivileged user namespaces + patch -p1 -i "$srcdir/Revert-userns-Allow-unprivileged-users-to-create-use.patch" if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile |