10 files changed, 339 insertions, 413 deletions
diff --git a/libre/linux-libre-lts/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index d78d38ade..f93022e50 100644
--- a/libre/linux-libre-lts/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/libre/linux-libre-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,23 +1,49 @@
-From 96161597803746c97c43e0703ca2a059bdd7a8f7 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge.hallyn@canonical.com>
-Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
- default
+From 6136ffb3d88e9f044260f8288d2d0a1edd64379e Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Mon, 16 Sep 2019 04:53:20 +0200
+Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged
+ CLONE_NEWUSER
 
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
-[bwh: Remove unneeded binary sysctl bits]
-Signed-off-by: Daniel Micay <danielmicay@gmail.com>
+Our default behavior continues to match the vanilla kernel.
 ---
+ init/Kconfig            | 16 ++++++++++++++++
  kernel/fork.c           | 15 +++++++++++++++
  kernel/sysctl.c         | 12 ++++++++++++
- kernel/user_namespace.c |  3 +++
- 3 files changed, 30 insertions(+)
+ kernel/user_namespace.c |  7 +++++++
+ 4 files changed, 50 insertions(+)
 
+diff --git a/init/Kconfig b/init/Kconfig
+index bd7d650d4a99..658f9c052151 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1091,6 +1091,22 @@ config USER_NS
+ 
+ 	  If unsure, say N.
+ 
++config USER_NS_UNPRIVILEGED
++	bool "Allow unprivileged users to create namespaces"
++	default y
++	depends on USER_NS
++	help
++	  When disabled, unprivileged users will not be able to create
++	  new namespaces. Allowing users to create their own namespaces
++	  has been part of several recent local privilege escalation
++	  exploits, so if you need user namespaces but are
++	  paranoid^Wsecurity-conscious you want to disable this.
++
++	  This setting can be overridden at runtime via the
++	  kernel.unprivileged_userns_clone sysctl.
++
++	  If unsure, say Y.
++
+ config PID_NS
+ 	bool "PID Namespaces"
+ 	default y
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 2628f3773ca8..a2da35b446a6 100644
+index 541fd805fb88..ffd57c812153 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
-@@ -103,6 +103,11 @@
+@@ -106,6 +106,11 @@
  
  #define CREATE_TRACE_POINTS
  #include <trace/events/task.h>
@@ -29,7 +55,7 @@ index 2628f3773ca8..a2da35b446a6 100644
  
  /*
   * Minimum number of threads to boot the kernel
-@@ -1719,6 +1724,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1788,6 +1793,10 @@ static __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -40,7 +66,7 @@ index 2628f3773ca8..a2da35b446a6 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -2554,6 +2563,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2819,6 +2828,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -54,10 +80,10 @@ index 2628f3773ca8..a2da35b446a6 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 387efbaf464a..b393beb76f34 100644
+index 078950d9605b..baead3605bbe 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
-@@ -108,6 +108,9 @@ extern int core_uses_pid;
+@@ -110,6 +110,9 @@ extern int core_uses_pid;
  extern char core_pattern[];
  extern unsigned int core_pipe_limit;
  #endif
@@ -67,7 +93,7 @@ index 387efbaf464a..b393beb76f34 100644
  extern int pid_max;
  extern int pid_max_min, pid_max_max;
  extern int percpu_pagelist_fraction;
-@@ -535,6 +538,15 @@ static struct ctl_table kern_table[] = {
+@@ -545,6 +548,15 @@ static struct ctl_table kern_table[] = {
  		.proc_handler	= proc_dointvec,
  	},
  #endif
@@ -84,19 +110,23 @@ index 387efbaf464a..b393beb76f34 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 923414a246e9..6b9dbc257e34 100644
+index 8eadadc478f9..c36ecd19562c 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
-@@ -26,6 +26,9 @@
+@@ -21,6 +21,13 @@
  #include <linux/bsearch.h>
  #include <linux/sort.h>
  
 +/* sysctl */
++#ifdef CONFIG_USER_NS_UNPRIVILEGED
++int unprivileged_userns_clone = 1;
++#else
 +int unprivileged_userns_clone;
++#endif
 +
  static struct kmem_cache *user_ns_cachep __read_mostly;
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.22.0
+2.23.0
 
diff --git a/libre/linux-libre-lts/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/libre/linux-libre-lts/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
deleted file mode 100644
index 7fa619f1c..000000000
--- a/libre/linux-libre-lts/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 1f89ffcbd1b6b6639eb49c521ac0d308a723cd3c Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
-Date: Thu, 7 Dec 2017 13:50:48 +0100
-Subject: [PATCH 2/2] ZEN: Add CONFIG for unprivileged_userns_clone
-
-This way our default behavior continues to match the vanilla kernel.
----
- init/Kconfig            | 16 ++++++++++++++++
- kernel/user_namespace.c |  4 ++++
- 2 files changed, 20 insertions(+)
-
-diff --git a/init/Kconfig b/init/Kconfig
-index 4592bf7997c0..f3df02990aff 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1004,6 +1004,22 @@ config USER_NS
- 
- 	  If unsure, say N.
- 
-+config USER_NS_UNPRIVILEGED
-+	bool "Allow unprivileged users to create namespaces"
-+	default y
-+	depends on USER_NS
-+	help
-+	  When disabled, unprivileged users will not be able to create
-+	  new namespaces. Allowing users to create their own namespaces
-+	  has been part of several recent local privilege escalation
-+	  exploits, so if you need user namespaces but are
-+	  paranoid^Wsecurity-conscious you want to disable this.
-+
-+	  This setting can be overridden at runtime via the
-+	  kernel.unprivileged_userns_clone sysctl.
-+
-+	  If unsure, say Y.
-+
- config PID_NS
- 	bool "PID Namespaces"
- 	default y
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 6b9dbc257e34..107b17f0d528 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -27,7 +27,11 @@
- #include <linux/sort.h>
- 
- /* sysctl */
-+#ifdef CONFIG_USER_NS_UNPRIVILEGED
-+int unprivileged_userns_clone = 1;
-+#else
- int unprivileged_userns_clone;
-+#endif
- 
- static struct kmem_cache *user_ns_cachep __read_mostly;
- static DEFINE_MUTEX(userns_state_mutex);
--- 
-2.22.0
-
diff --git a/libre/linux-libre-lts/60-linux.hook b/libre/linux-libre-lts/60-linux.hook
deleted file mode 100644
index b33873c85..000000000
--- a/libre/linux-libre-lts/60-linux.hook
+++ /dev/null
@@ -1,12 +0,0 @@
-[Trigger]
-Type = File
-Operation = Install
-Operation = Upgrade
-Operation = Remove
-Target = usr/lib/modules/%KERNVER%/*
-Target = usr/lib/modules/%EXTRAMODULES%/*
-
-[Action]
-Description = Updating %PKGBASE% module dependencies...
-When = PostTransaction
-Exec = /usr/bin/depmod %KERNVER%
diff --git a/libre/linux-libre-lts/90-linux.hook b/libre/linux-libre-lts/90-linux.hook
deleted file mode 100644
index be0d88653..000000000
--- a/libre/linux-libre-lts/90-linux.hook
+++ /dev/null
@@ -1,11 +0,0 @@
-[Trigger]
-Type = File
-Operation = Install
-Operation = Upgrade
-Target = boot/vmlinuz-%PKGBASE%
-Target = usr/lib/initcpio/*
-
-[Action]
-Description = Updating %PKGBASE% initcpios...
-When = PostTransaction
-Exec = /usr/bin/mkinitcpio -p %PKGBASE%
diff --git a/libre/linux-libre-lts/PKGBUILD b/libre/linux-libre-lts/PKGBUILD
index bca37259b..4e167f537 100644
--- a/libre/linux-libre-lts/PKGBUILD
+++ b/libre/linux-libre-lts/PKGBUILD
@@ -9,35 +9,54 @@
 
 # Based on linux-lts package
 
+_replacesarchkernel=('linux%') # '%' gets replaced with kernel suffix
+_replacesoldkernels=() # '%' gets replaced with kernel suffix
+_replacesoldmodules=() # '%' gets replaced with kernel suffix
+
 pkgbase=linux-libre-lts
 _srcbasever=4.19-gnu
-_srcver=4.19.75-gnu
-
-_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
-_replacesoldkernels=() # '%' gets replaced with _kernelname
-_replacesoldmodules=() # '%' gets replaced with _kernelname
-
+_srcver=4.19.81-gnu
 _srcname=linux-${_srcbasever%-*}
-_archpkgver=${_srcver%-*}
 pkgver=${_srcver//-/_}
-pkgrel=1
+pkgrel=3
 rcnver=4.19.72
 rcnrel=armv7-x39
-arch=('x86_64' 'i686' 'armv7h')
 url='https://linux-libre.fsfla.org/'
-license=('GPL2')
-makedepends=('xmlto' 'kmod' 'inetutils' 'bc' 'libelf')
+arch=(i686 x86_64 armv7h)
+license=(GPL2)
+makedepends=(
+  xmlto kmod inetutils bc libelf
+  python-sphinx python-sphinx_rtd_theme graphviz imagemagick
+)
 options=('!strip')
 source=(
-  "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcbasever}/linux-libre-${_srcbasever}.tar.xz"{,.sign}
-  "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcver}/patch-${_srcbasever}-${_srcver}.xz"{,.sign}
+  "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcbasever/linux-libre-$_srcbasever.tar.xz"{,.sign}
+  "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcver/patch-$_srcbasever-$_srcver.xz"{,.sign}
   "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig}
   config.i686 config.x86_64 config.armv7h    # the main kernel config files
-  60-linux.hook                              # pacman hook for depmod
-  90-linux.hook                              # pacman hook for initramfs regeneration
-  linux-lts.preset                           # standard config files for mkinitcpio ramdisk
-  # armv7h patches
-  "https://repo.parabola.nu/other/rcn-libre/patches/${rcnver}/rcn-libre-${rcnver}-${rcnrel}.patch"{,.sig}
+  linux-armv7h.preset                        # armv7h preset file for mkinitcpio ramdisk
+
+  # maintain the TTY over USB disconnects
+  # http://www.coreboot.org/EHCI_Gadget_Debug
+  0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
+  # fix Atmel maXTouch touchscreen support
+  # https://labs.parabola.nu/issues/877
+  # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
+  0002-fix-Atmel-maXTouch-touchscreen-support.patch
+
+  # Arch's custom linux patches
+  0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+)
+source_armv7h=(
+  # armv7h patches, put in the source_armv7h variable just for a more comfortable loop patching
+
+  # RCN patch (CM3 firmware deblobbed and AUFS/WireGuard removed)
+  # Note: For stability reasons, AUFS has been removed in the RCN patch.
+  # We are supporting AUFS in linux-libre-pck through PCK patch.
+  # See https://wiki.parabola.nu/PCK for further details.
+  "https://repo.parabola.nu/other/rcn-libre/patches/${rcnver}/rcn-libre-${rcnver}-$rcnrel.patch"{,.sig}
+
+  # Arch Linux ARM patches
   0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch
   0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch
   0003-SMILE-Plug-device-tree-file.patch
@@ -47,11 +66,6 @@ source=(
   0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch
   0008-ARM-dove-enable-ethernet-on-D3Plug.patch
   0009-usb-dwc2-disable-power_down-on-rockchip-devices.patch
-  # other patches
-  0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
-  0002-fix-Atmel-maXTouch-touchscreen-support.patch
-  0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-  0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
 )
 validpgpkeys=(
   '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
@@ -59,7 +73,7 @@ validpgpkeys=(
 )
 sha512sums=('5bc800b3beff43a8c15bd5515f4e0babe2beb5fa600491b7b37110e22d9b739d293f1e38753ed681be289c51390e0e64b3e60ce0db0a3bfe1f94ee5c014579a3'
             'SKIP'
-            '10ba20a102b6238b818755685cc6492c30d77177f7eaa8d949e6ab564c5c1905ce1049d65c2a66f4d97ac823cf3469556b38ec7c7d24232ecfff8713c6bc68e4'
+            '93b5702c07394ccaa31b055fe24c0888a34bf09e7921fc0e8acad0bd3f5b49d0fdb73277a7a9b0abc6b54d14b7c61461a214c575517adf5f272907640d595eaf'
             'SKIP'
             '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
             'SKIP'
@@ -67,316 +81,279 @@ sha512sums=('5bc800b3beff43a8c15bd5515f4e0babe2beb5fa600491b7b37110e22d9b739d293
             'SKIP'
             '267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1'
             'SKIP'
-            '32fddeab0ef9934fbbb2bbbfb416c40ae515b0bb3228655904edfd719e9a094044769938c33c8283c2f043a7b557737ce0a7910b2fd13fc6333d0c028a81f42b'
-            'ecaeb192c11efe9e61c49bb7eb163980c01a9ba5bfc2c8ccacdc007dc2a04e7776a71f2195c022b6a8fb4d3ac47c3058f748097b8c43f64ebbf1dc1b2d7f8052'
-            '309fead206abf03dd4832f720108974ecc935b376fab6fca0c1d9197aea44bf074348768ae469c82d30b388678b72017db5e4aebac0f2a85f8691bbf13fd00e7'
-            '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
-            '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
-            '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
-            'c08532b4246ef2f4c25a5b3358ceb5dbf294fadd7ede5711de92d6f9d8fae5ab0238e0d902c821c7cdcee39332db229f6df943b27fe63e66a96bac296808c174'
-            'SKIP'
-            '60aa432465eb3ac10f565799d3dfecea21aaf08e83909c1161d9359e932626edbd1353e712d616c3d785c65a0f699e9c45df35bd9e86365c25399c6b2d45b9e4'
-            '86809feb5ae2759b449ec0cb7a6b3fb457874ed82a72dfda00607e8819c804a0714b5d6a17cbbba44996a36872224af42d1b85f1b3932f43bccb419041d25dc7'
-            '746acff348d62b3ed4e62cd9976ddf0af47f87bd3cffda90cbb00a6b57d589ccb681fcd9541ee5bdd179d95dad71d57c77cb1a60faee1c6cef518e4055c3456f'
-            'c945e871fa456b521ced77cae9081bcdc47d836ecdabe6766e373681fe11fda3e5a7a3c16f70c586be64a1eb5c9136c43b0a44df897298940fd8703b50b0a543'
-            '054e98a2d1ea83cece1fe55ae087b282f25593022f252c74612d4aeb2a547f84ea626e3d982098ca798271af55f3b733ac2aea2fc0d9cad031802d2901dfe4ca'
-            '4433f9e780a72347313916c8a9cbcbce3a8c40e1b299e887dc748d257879fb5fab8f1683936339f73a4d4b4ef668b1ed6cc0d9a19ed4bd99039a1613ac08610e'
-            'd1361d23ae79599e3fa94cba206bd40764f9eee0c584e639af13828dabb7f0dfa361792c098b5afae0bb350407b2dc47a1d67580daeade7a4f3e3e55e42c8470'
-            'c1653f91067d31801a23450175e47968add147477caf20aec6092831739641312f4ad995af43c7e55545007279016b5f62a0720d31e4591b4421a65b8bd5b398'
-            'a123747792417d3760ca40d7f913c2cdd194da2ea5778352eedebc80097b7b8dce4428a8fe8bd75cab92972f599c25bcf18a740856fc2990351234b0d7ebf9f5'
+            'f96a654f5f3988cadad28f9849900fe1c6e76d52ffefc3cf71253468d5fca07ffd7ffa18fa5054e88787114026b8ae15f035fee7b39b1dc8534d5fff3ae25128'
+            '78ce426957dfe14d3f0e58ad736489647b1930e8ad43eda27fbbae33bf53cda082295e3e33d6ddb9e58824a29fc069fcafeb8d9f8cd9aa32f3550e9e747f4a7d'
+            '861a83cb9746b6d981e07d18b0293298c0e7a5d10ad592bb8defbd235a0efac30ce6c2328f34a162943aa33fa05f2b4367adf394aa815875eda0103bdf4e172c'
+            'aca591b5a2e838754e3c5fd2c0e50098ad54c2d0f990de5bf9cff8608e881daf0e37132294ed1a0e0a7b9e1c194c0b89f95da001d94febdb25a01c409060e3ac'
             '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
             'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
-            'ded54d11289f9080995c81446d377052b528e99ff119c163031153c5af2e3bb92c3879c225d1b7ecb76d2c9ea45e002b21eae304f0f702facd6f9f75941fcbcb'
-            '9b0fb3d51b4c1ef576eb1bae59d1508c483aa0e46ecfeb7b55028b0c7ce6b3a309f377decfd3a94ac68b944c7b8724a4b3927e396bc5c7f16b3624c103194bd7')
-
-_kernelname=${pkgbase#linux-libre}
-_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
-_replacesoldkernels=("${_replacesoldkernels[@]/\%/${_kernelname}}")
-_replacesoldmodules=("${_replacesoldmodules[@]/\%/${_kernelname}}")
-
-case "${CARCH}" in
+            '5f196378d50dd737d727e424d8f31b7fa8a6b92ba88f0a1467ef79bc37a097160da1fc1fd5cfb4b8983f36f2afdf27eb229ec61b35a15ac2343d660eb416a230')
+sha512sums_armv7h=('c08532b4246ef2f4c25a5b3358ceb5dbf294fadd7ede5711de92d6f9d8fae5ab0238e0d902c821c7cdcee39332db229f6df943b27fe63e66a96bac296808c174'
+                   'SKIP'
+                   '60aa432465eb3ac10f565799d3dfecea21aaf08e83909c1161d9359e932626edbd1353e712d616c3d785c65a0f699e9c45df35bd9e86365c25399c6b2d45b9e4'
+                   '86809feb5ae2759b449ec0cb7a6b3fb457874ed82a72dfda00607e8819c804a0714b5d6a17cbbba44996a36872224af42d1b85f1b3932f43bccb419041d25dc7'
+                   '746acff348d62b3ed4e62cd9976ddf0af47f87bd3cffda90cbb00a6b57d589ccb681fcd9541ee5bdd179d95dad71d57c77cb1a60faee1c6cef518e4055c3456f'
+                   'c945e871fa456b521ced77cae9081bcdc47d836ecdabe6766e373681fe11fda3e5a7a3c16f70c586be64a1eb5c9136c43b0a44df897298940fd8703b50b0a543'
+                   '054e98a2d1ea83cece1fe55ae087b282f25593022f252c74612d4aeb2a547f84ea626e3d982098ca798271af55f3b733ac2aea2fc0d9cad031802d2901dfe4ca'
+                   '4433f9e780a72347313916c8a9cbcbce3a8c40e1b299e887dc748d257879fb5fab8f1683936339f73a4d4b4ef668b1ed6cc0d9a19ed4bd99039a1613ac08610e'
+                   'd1361d23ae79599e3fa94cba206bd40764f9eee0c584e639af13828dabb7f0dfa361792c098b5afae0bb350407b2dc47a1d67580daeade7a4f3e3e55e42c8470'
+                   'c1653f91067d31801a23450175e47968add147477caf20aec6092831739641312f4ad995af43c7e55545007279016b5f62a0720d31e4591b4421a65b8bd5b398'
+                   'a123747792417d3760ca40d7f913c2cdd194da2ea5778352eedebc80097b7b8dce4428a8fe8bd75cab92972f599c25bcf18a740856fc2990351234b0d7ebf9f5')
+
+_replacesarchkernel=("${_replacesarchkernel[@]/\%/${pkgbase#linux-libre}}")
+_replacesoldkernels=("${_replacesoldkernels[@]/\%/${pkgbase#linux-libre}}")
+_replacesoldmodules=("${_replacesoldmodules[@]/\%/${pkgbase#linux-libre}}")
+
+case "$CARCH" in
   i686|x86_64) KARCH=x86;;
   armv7h) KARCH=arm;;
 esac
 
+export KBUILD_BUILD_HOST=parabola
+export KBUILD_BUILD_USER=$pkgbase
+export KBUILD_BUILD_TIMESTAMP="@${SOURCE_DATE_EPOCH:-$(date +%s)}"
+
 prepare() {
-  cd ${_srcname}
+  cd $_srcname
 
   # add upstream patch
-  if [ "${_srcbasever}" != "${_srcver}" ]; then
-    patch -p1 -i ../patch-${_srcbasever}-${_srcver}
-  fi
-  chmod +x tools/objtool/sync-check.sh  # GNU patch doesn't support git-style file mode
-
-  if [ "${CARCH}" = "armv7h" ]; then
-    # RCN patch (CM3 firmware deblobbed and AUFS/WireGuard removed)
-    # Note: For stability reasons, AUFS has been removed in the RCN patch.
-    # We are supporting AUFS in linux-libre-pck through PCK patch.
-    # See https://wiki.parabola.nu/PCK for further details.
-    patch -p1 -i ../rcn-libre-${rcnver}-${rcnrel}.patch
-
-    # ALARM patches
-    patch -p1 -i ../0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch
-    patch -p1 -i ../0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch
-    patch -p1 -i ../0003-SMILE-Plug-device-tree-file.patch
-    patch -p1 -i ../0004-fix-mvsdio-eMMC-timing.patch
-    patch -p1 -i ../0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch
-    patch -p1 -i ../0006-set-default-cubietruck-led-triggers.patch
-    patch -p1 -i ../0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch
-    patch -p1 -i ../0008-ARM-dove-enable-ethernet-on-D3Plug.patch
-    patch -p1 -i ../0009-usb-dwc2-disable-power_down-on-rockchip-devices.patch
+  if [ "$_srcbasever" != "$_srcver" ]; then
+    patch -p1 -i ../patch-$_srcbasever-$_srcver
   fi
 
   # add freedo as boot logo
   install -m644 -t drivers/video/logo \
     ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
 
-  # security patches
-
-  # add latest fixes from stable queue, if needed
-  # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
-
-  # allow disabling USER_NS via sysctl
-  patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-  patch -Np1 -i ../0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
-
-  # maintain the TTY over USB disconnects
-  # http://www.coreboot.org/EHCI_Gadget_Debug
-  patch -p1 -i ../0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
-
-  # fix Atmel maXTouch touchscreen support
-  # https://labs.parabola.nu/issues/877
-  # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
-  patch -p1 -i ../0002-fix-Atmel-maXTouch-touchscreen-support.patch
-
-  cp -Tf ../config.$CARCH .config
-
-  if [ "${_kernelname}" != "" ]; then
-    sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_kernelname}\"|g" ./.config
-    sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config
+  msg2 "Setting version..."
+  scripts/setlocalversion --save-scmversion
+  echo "-$pkgrel" > localversion.10-pkgrel
+  echo "${pkgbase#linux-libre}" > localversion.20-pkgname
+
+  if [ "$CARCH" = "armv7h" ]; then
+    local src_armv7h
+    for src_armv7h in "${source_armv7h[@]}"; do
+      src_armv7h="${src_armv7h%%::*}"
+      src_armv7h="${src_armv7h##*/}"
+      [[ $src_armv7h = *.patch ]] || continue
+      msg2 "Applying patch $src_armv7h..."
+      patch -Np1 < "../$src_armv7h"
+    done
   fi
 
-  # append pkgrel to extraversion
-  sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${pkgrel}|" Makefile
-
-  # don't run depmod on 'make install'. We'll do this ourselves in packaging
-  sed -i '2iexit 0' scripts/depmod.sh
-
-  # get kernel version
-  make prepare
+  local src
+  for src in "${source[@]}"; do
+    src="${src%%::*}"
+    src="${src##*/}"
+    [[ $src = *.patch ]] || continue
+    msg2 "Applying patch $src..."
+    patch -Np1 < "../$src"
+  done
 
-  # load configuration
-  # Configure the kernel. Replace the line below with one of your choice.
-  #make menuconfig # CLI menu for configuration
-  #make nconfig # new CLI menu for configuration
-  #make xconfig # X-based configuration
-  #make oldconfig # using old config from previous kernel version
-  # ... or manually edit .config
+  msg2 "Setting config..."
+  cp ../config.$CARCH .config
+  make olddefconfig
 
-  # rewrite configuration
-  yes "" | make config >/dev/null
+  make -s kernelrelease > version
+  msg2 "Prepared %s version %s" "$pkgbase" "$(<version)"
 }
 
 build() {
-  cd ${_srcname}
-
-  if [ "${CARCH}" = "armv7h" ]; then
-    make ${MAKEFLAGS} LOCALVERSION= zImage modules dtbs
-  elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
-    make ${MAKEFLAGS} LOCALVERSION= bzImage modules
+  cd $_srcname
+  if [ "$CARCH" = "armv7h" ]; then
+    make zImage modules htmldocs dtbs
+  else
+    make bzImage modules htmldocs
   fi
 }
 
 _package() {
-  pkgdesc="The ${pkgbase^} kernel and modules - stable longtime supported kernel package suitable for servers"
-  [ "${pkgbase}" = "linux-libre" ] && groups=('base' 'base-openrc')
-  depends=('coreutils' 'linux-libre-firmware' 'kmod' 'mkinitcpio>=0.7')
-  optdepends=('crda: to set the correct wireless channels of your country')
-  provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}" "LINUX-ABI_VERSION=${_srcver%%-*}")
+  pkgdesc="The ${pkgbase^} kernel and modules"
+  depends=(coreutils kmod initramfs)
+  optdepends=('crda: to set the correct wireless channels of your country'
+              'linux-libre-firmware: firmware images needed for some devices')
+  provides=("${_replacesarchkernel[@]/%/=${_srcver%%-*}}" "LINUX-ABI_VERSION=${_srcver%%-*}")
   conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
   replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
-  backup=("etc/mkinitcpio.d/${pkgbase}.preset")
-  install=linux-lts.install
-
-  cd ${_srcname}
-
-  # get kernel version
-  _kernver="$(make LOCALVERSION= kernelrelease)"
-  _basekernel=${_kernver%%-*}
-  _basekernel=${_basekernel%.*}
-
-  mkdir -p "${pkgdir}"/{boot,usr/lib/modules}
-  make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}/usr" modules_install
-  if [ "${CARCH}" = "armv7h" ]; then
-    make LOCALVERSION= INSTALL_DTBS_PATH="${pkgdir}/boot/dtbs/${pkgbase}" dtbs_install
-    cp arch/$KARCH/boot/zImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
-  elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
-    cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
-  fi
 
+  cd $_srcname
+  local kernver="$(<version)"
+  local modulesdir="$pkgdir/usr/lib/modules/$kernver"
+
+  msg2 "Installing boot image..."
+  if [ "$CARCH" = "armv7h" ]; then
+    make INSTALL_DTBS_PATH="$pkgdir/boot/dtbs/$pkgbase" dtbs_install
+  fi
   # systemd expects to find the kernel here to allow hibernation
   # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
-  ln -sr "${pkgdir}/boot/vmlinuz-${pkgbase}" "${pkgdir}/usr/lib/modules/${_kernver}/vmlinuz"
+  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
 
-  # make room for external modules
-  local _extramodules="extramodules-${_basekernel}${_kernelname:--lts}"
-  ln -s "../${_extramodules}" "${pkgdir}/usr/lib/modules/${_kernver}/extramodules"
+  # Used by mkinitcpio to name the kernel
+  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
 
-  # add real version for building modules and running depmod from hook
-  echo "${_kernver}" |
-    install -Dm644 /dev/stdin "${pkgdir}/usr/lib/modules/${_extramodules}/version"
+  msg2 "Installing modules..."
+  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
 
-  # remove build and source links
-  rm "${pkgdir}"/usr/lib/modules/${_kernver}/{source,build}
-
-  # now we call depmod...
-  depmod -b "${pkgdir}/usr" -F System.map "${_kernver}"
-
-  # add vmlinux
-  install -Dt "${pkgdir}/usr/lib/modules/${_kernver}/build" -m644 vmlinux
-
-  # sed expression for following substitutions
-  if [ "${CARCH}" = "armv7h" ]; then
-  local _subst="
-    s|/boot/vmlinuz-%PKGBASE%|${_kernver}|g
-    s|%PKGBASE%|${pkgbase}|g
-    s|%KERNVER%|${_kernver}|g
-    s|%EXTRAMODULES%|${_extramodules}|g
-  "
-  else
-  local _subst="
-    s|%PKGBASE%|${pkgbase}|g
-    s|%KERNVER%|${_kernver}|g
-    s|%EXTRAMODULES%|${_extramodules}|g
-  "
-  fi
+  # armv7h presets only work with ALL_kver=$kernver
+  if [ "$CARCH" = "armv7h" ]; then
+    backup=("etc/mkinitcpio.d/$pkgbase.preset")
 
-  # hack to allow specifying an initially nonexisting install file
-  sed "${_subst}" "${startdir}/${install}" > "${startdir}/${install}.pkg"
-  true && install=${install}.pkg
+    msg2 "Installing mkinitcpio preset..."
+    sed "s|%PKGBASE%|$pkgbase|g;s|%KERNVER%|$kernver|g" ../linux-armv7h.preset \
+      | install -Dm644 /dev/stdin "$pkgdir/etc/mkinitcpio.d/$pkgbase.preset"
+  fi
 
-  # install mkinitcpio preset file
-  sed "${_subst}" ../linux-lts.preset |
-    install -Dm644 /dev/stdin "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+  # remove build and source links
+  rm "$modulesdir"/{source,build}
 
-  # install pacman hooks
-  sed "${_subst}" ../60-linux.hook |
-    install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/60-${pkgbase}.hook"
-  sed "${_subst}" ../90-linux.hook |
-    install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/90-${pkgbase}.hook"
+  msg2 "Fixing permissions..."
+  chmod -Rc u=rwX,go=rX "$pkgdir"
 }
 
 _package-headers() {
   pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel"
-  provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}")
+  provides=("${_replacesarchkernel[@]/%/-headers=${_srcver%%-*}}")
   conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
   replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
 
-  cd ${_srcname}
-  local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build"
+  cd $_srcname
+  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
 
-  install -Dt "${_builddir}" -m644 Makefile .config Module.symvers
-  install -Dt "${_builddir}/kernel" -m644 kernel/Makefile
+  msg2 "Installing build files..."
+  install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
+    localversion.* version vmlinux
+  install -Dt "$builddir/kernel" -m644 kernel/Makefile
+  install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile
+  if [[ $CARCH = i686 ]]; then
+    install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile_32.cpu
+  fi
+  cp -t "$builddir" -a scripts
 
-  mkdir "${_builddir}/.tmp_versions"
+  # add objtool for external module building and enabled VALIDATION_STACK option
+  if [[ -e tools/objtool/objtool ]]; then
+    install -Dt "$builddir/tools/objtool" tools/objtool/objtool
+  fi
 
-  cp -t "${_builddir}" -a include scripts
+  # add xfs and shmem for aufs building
+  mkdir -p "$builddir"/{fs/xfs,mm}
 
-  install -Dt "${_builddir}/arch/${KARCH}" -m644 arch/${KARCH}/Makefile
-  if [[ ${CARCH} = i686 ]]; then
-    install -Dt "${_builddir}/arch/${KARCH}" -m644 arch/${KARCH}/Makefile_32.cpu
-  fi
-  install -Dt "${_builddir}/arch/${KARCH}/kernel" -m644 arch/${KARCH}/kernel/asm-offsets.s
+  # this is gone in v5.3
+  mkdir "$builddir/.tmp_versions"
 
-  cp -t "${_builddir}/arch/${KARCH}" -a arch/${KARCH}/include
+  msg2 "Installing headers..."
+  cp -t "$builddir" -a include
+  cp -t "$builddir/arch/$KARCH" -a arch/$KARCH/include
+  install -Dt "$builddir/arch/$KARCH/kernel" -m644 arch/$KARCH/kernel/asm-offsets.s
 
-  install -Dt "${_builddir}/drivers/md" -m644 drivers/md/*.h
-  install -Dt "${_builddir}/net/mac80211" -m644 net/mac80211/*.h
+  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
+  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
 
   # http://bugs.archlinux.org/task/13146
-  install -Dt "${_builddir}/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
+  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
 
   # http://bugs.archlinux.org/task/20402
-  install -Dt "${_builddir}/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
-  install -Dt "${_builddir}/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
-  install -Dt "${_builddir}/drivers/media/tuners" -m644 drivers/media/tuners/*.h
-
-  # add xfs and shmem for aufs building
-  mkdir -p "${_builddir}"/{fs/xfs,mm}
-
-  # copy in Kconfig files
-  find . -name Kconfig\* -exec install -Dm644 {} "${_builddir}/{}" \;
-
-  # add objtool for external module building and enabled VALIDATION_STACK option
-  if [[ -e tools/objtool/objtool ]]; then
-    install -Dt "${_builddir}/tools/objtool" tools/objtool/objtool
-  fi
-  
-  # remove unneeded architectures
-  local _arch
-  for _arch in "${_builddir}"/arch/*/; do
-    [[ ${_arch} == */${KARCH}/ ]] && continue
-    rm -r "${_arch}"
+  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
+  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
+  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
+
+  msg2 "Installing KConfig files..."
+  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
+
+  msg2 "Removing unneeded architectures..."
+  local arch
+  for arch in "$builddir"/arch/*/; do
+    [[ $arch = */$KARCH/ ]] && continue
+    echo "Removing $(basename "$arch")"
+    rm -r "$arch"
   done
 
-  # remove files already in linux-docs package
-  rm -r "${_builddir}/Documentation"
-  
+  msg2 "Removing documentation..."
+  rm -r "$builddir/Documentation"
+
   # Parabola changes
   # 
   # since we don't want to diverge too much from Arch's PKGBUILD, we'll
   # start marking our changes as such
-  if [ "${CARCH}" = "armv7h" ]; then
+  if [ "$CARCH" = "armv7h" ]; then
     for i in dove exynos omap2; do
-      mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/mach-${i}"
-      cp -a arch/${KARCH}/mach-${i}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/mach-${i}/"
+      mkdir -p "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/mach-$i"
+      cp -a arch/$KARCH/mach-$i/include "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/mach-$i/"
     done
     for i in omap orion samsung versatile; do
-      mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/plat-${i}"
-      cp -a arch/${KARCH}/plat-${i}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/plat-${i}/"
+      mkdir -p "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/plat-$i"
+      cp -a arch/$KARCH/plat-$i/include "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/plat-$i/"
     done
   fi
   # end of Parabola changes
 
-  # remove now broken symlinks
-  find -L "${_builddir}" -type l -printf 'Removing %P\n' -delete
+  msg2 "Removing broken symlinks..."
+  find -L "$builddir" -type l -printf 'Removing %P\n' -delete
+
+  msg2 "Removing loose objects..."
+  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
+
+  msg2 "Stripping build tools..."
+  local file
+  while read -rd '' file; do
+    case "$(file -bi "$file")" in
+      application/x-sharedlib\;*)      # Libraries (.so)
+        strip -v $STRIP_SHARED "$file" ;;
+      application/x-archive\;*)        # Libraries (.a)
+        strip -v $STRIP_STATIC "$file" ;;
+      application/x-executable\;*)     # Binaries
+        strip -v $STRIP_BINARIES "$file" ;;
+      application/x-pie-executable\;*) # Relocatable binaries
+        strip -v $STRIP_SHARED "$file" ;;
+    esac
+  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
 
-  # Fix permissions
-  chmod -R u=rwX,go=rX "${_builddir}"
+  msg2 "Adding symlink..."
+  mkdir -p "$pkgdir/usr/src"
+  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
 
-  # strip scripts directory
-  local _binary _strip
-  while read -rd '' _binary; do
-    case "$(file -bi "${_binary}")" in
-      *application/x-sharedlib*)  _strip="${STRIP_SHARED}"   ;; # Libraries (.so)
-      *application/x-archive*)    _strip="${STRIP_STATIC}"   ;; # Libraries (.a)
-      *application/x-executable*) _strip="${STRIP_BINARIES}" ;; # Binaries
-      *) continue ;;
-    esac
-    /usr/bin/strip ${_strip} "${_binary}"
-  done < <(find "${_builddir}/scripts" -type f -perm -u+w -print0 2>/dev/null)
+  msg2 "Fixing permissions..."
+  chmod -Rc u=rwX,go=rX "$pkgdir"
 }
 
 _package-docs() {
   pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel"
-  provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
+  provides=("${_replacesarchkernel[@]/%/-docs=${_srcver%%-*}}")
   conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
   replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
-
-  cd ${_srcname}
-  local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build"
-
-  mkdir -p "${_builddir}"
-  cp -t "${_builddir}" -a Documentation
-
-  # Fix permissions
-  chmod -R u=rwX,go=rX "${_builddir}"
+  
+  cd $_srcname
+  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
+
+  msg2 "Installing documentation..."
+  mkdir -p "$builddir"
+  cp -t "$builddir" -a Documentation
+
+  msg2 "Removing doctrees..."
+  rm -r "$builddir/Documentation/output/.doctrees"
+
+  msg2 "Moving HTML docs..."
+  local src dst
+  while read -rd '' src; do
+    dst="$builddir/Documentation/${src#$builddir/Documentation/output/}"
+    mkdir -p "${dst%/*}"
+    mv "$src" "$dst"
+    rmdir -p --ignore-fail-on-non-empty "${src%/*}"
+  done < <(find "$builddir/Documentation/output" -type f -print0)
+
+  msg2 "Adding symlink..."
+  mkdir -p "$pkgdir/usr/share/doc"
+  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
+
+  msg2 "Fixing permissions..."
+  chmod -Rc u=rwX,go=rX "$pkgdir"
 }
 
-pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
-for _p in ${pkgname[@]}; do
-  eval "package_${_p}() {
-    $(declare -f "_package${_p#${pkgbase}}")
-    _package${_p#${pkgbase}}
+pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
+for _p in "${pkgname[@]}"; do
+  eval "package_$_p() {
+    $(declare -f "_package${_p#$pkgbase}")
+    _package${_p#$pkgbase}
   }"
 done
+
+# vim:set ts=8 sts=2 sw=2 et:
diff --git a/libre/linux-libre-lts/config.armv7h b/libre/linux-libre-lts/config.armv7h
index c1b27d000..c61d13362 100644
--- a/libre/linux-libre-lts/config.armv7h
+++ b/libre/linux-libre-lts/config.armv7h
@@ -1,13 +1,13 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.19.59-gnu Kernel Configuration
+# Linux/arm 4.19.81-gnu Kernel Configuration
 #
 
 #
-# Compiler: gcc (GCC) 9.1.0
+# Compiler: gcc (GCC) 9.2.0
 #
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=90100
+CONFIG_GCC_VERSION=90200
 CONFIG_CLANG_VERSION=0
 CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_IRQ_WORK=y
@@ -18,8 +18,8 @@ CONFIG_BUILDTIME_EXTABLE_SORT=y
 #
 CONFIG_INIT_ENV_ARG_LIMIT=32
 # CONFIG_COMPILE_TEST is not set
-CONFIG_LOCALVERSION="-lts"
-# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
 CONFIG_BUILD_SALT=""
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_LZMA=y
diff --git a/libre/linux-libre-lts/config.i686 b/libre/linux-libre-lts/config.i686
index 1ac301877..a37846478 100644
--- a/libre/linux-libre-lts/config.i686
+++ b/libre/linux-libre-lts/config.i686
@@ -1,13 +1,13 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.75-gnu Kernel Configuration
+# Linux/x86 4.19.81-gnu Kernel Configuration
 #
 
 #
-# Compiler: gcc (GCC) 9.1.0
+# Compiler: gcc (GCC) 9.2.0
 #
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=90100
+CONFIG_GCC_VERSION=90200
 CONFIG_CLANG_VERSION=0
 CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_IRQ_WORK=y
@@ -19,8 +19,8 @@ CONFIG_THREAD_INFO_IN_TASK=y
 #
 CONFIG_INIT_ENV_ARG_LIMIT=32
 # CONFIG_COMPILE_TEST is not set
-CONFIG_LOCALVERSION="-lts"
-# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
 CONFIG_BUILD_SALT=""
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y
diff --git a/libre/linux-libre-lts/config.x86_64 b/libre/linux-libre-lts/config.x86_64
index 69294da1b..d736037e7 100644
--- a/libre/linux-libre-lts/config.x86_64
+++ b/libre/linux-libre-lts/config.x86_64
@@ -1,13 +1,13 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.75-gnu Kernel Configuration
+# Linux/x86 4.19.81-gnu Kernel Configuration
 #
 
 #
-# Compiler: gcc (GCC) 9.1.0
+# Compiler: gcc (GCC) 9.2.0
 #
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=90100
+CONFIG_GCC_VERSION=90200
 CONFIG_CLANG_VERSION=0
 CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_IRQ_WORK=y
@@ -19,8 +19,8 @@ CONFIG_THREAD_INFO_IN_TASK=y
 #
 CONFIG_INIT_ENV_ARG_LIMIT=32
 # CONFIG_COMPILE_TEST is not set
-CONFIG_LOCALVERSION="-lts"
-# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
 CONFIG_BUILD_SALT=""
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y
@@ -146,12 +146,12 @@ CONFIG_CFS_BANDWIDTH=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_RDMA=y
 CONFIG_CGROUP_FREEZER=y
-# CONFIG_CGROUP_HUGETLB is not set
+CONFIG_CGROUP_HUGETLB=y
 CONFIG_CPUSETS=y
 CONFIG_PROC_PID_CPUSET=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
-# CONFIG_CGROUP_PERF is not set
+CONFIG_CGROUP_PERF=y
 CONFIG_CGROUP_BPF=y
 # CONFIG_CGROUP_DEBUG is not set
 CONFIG_SOCK_CGROUP_DATA=y
@@ -162,7 +162,7 @@ CONFIG_USER_NS=y
 CONFIG_USER_NS_UNPRIVILEGED=y
 CONFIG_PID_NS=y
 CONFIG_NET_NS=y
-# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_CHECKPOINT_RESTORE=y
 CONFIG_SCHED_AUTOGROUP=y
 # CONFIG_SYSFS_DEPRECATED is not set
 CONFIG_RELAY=y
@@ -183,10 +183,10 @@ CONFIG_SYSCTL_EXCEPTION_TRACE=y
 CONFIG_HAVE_PCSPKR_PLATFORM=y
 CONFIG_BPF=y
 CONFIG_EXPERT=y
-CONFIG_UID16=y
+# CONFIG_UID16 is not set
 CONFIG_MULTIUSER=y
 CONFIG_SGETMASK_SYSCALL=y
-CONFIG_SYSFS_SYSCALL=y
+# CONFIG_SYSFS_SYSCALL is not set
 # CONFIG_SYSCTL_SYSCALL is not set
 CONFIG_FHANDLE=y
 CONFIG_POSIX_TIMERS=y
@@ -212,7 +212,7 @@ CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
-CONFIG_USERFAULTFD=y
+# CONFIG_USERFAULTFD is not set
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
 CONFIG_RSEQ=y
 # CONFIG_DEBUG_RSEQ is not set
@@ -332,7 +332,7 @@ CONFIG_X86_CMPXCHG64=y
 CONFIG_X86_CMOV=y
 CONFIG_X86_MINIMUM_CPU_FAMILY=64
 CONFIG_X86_DEBUGCTLMSR=y
-# CONFIG_PROCESSOR_SELECT is not set
+CONFIG_PROCESSOR_SELECT=y
 CONFIG_CPU_SUP_INTEL=y
 CONFIG_CPU_SUP_AMD=y
 CONFIG_CPU_SUP_CENTAUR=y
@@ -432,10 +432,10 @@ CONFIG_PHYSICAL_START=0x1000000
 CONFIG_RELOCATABLE=y
 CONFIG_RANDOMIZE_BASE=y
 CONFIG_X86_NEED_RELOCS=y
-CONFIG_PHYSICAL_ALIGN=0x1000000
+CONFIG_PHYSICAL_ALIGN=0x200000
 CONFIG_DYNAMIC_MEMORY_LAYOUT=y
 CONFIG_RANDOMIZE_MEMORY=y
-CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
+CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x1
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
@@ -900,7 +900,7 @@ CONFIG_MODULES=y
 CONFIG_MODULE_FORCE_LOAD=y
 CONFIG_MODULE_UNLOAD=y
 CONFIG_MODULE_FORCE_UNLOAD=y
-CONFIG_MODVERSIONS=y
+# CONFIG_MODVERSIONS is not set
 CONFIG_MODULE_SRCVERSION_ALL=y
 CONFIG_MODULE_SIG=y
 # CONFIG_MODULE_SIG_FORCE is not set
@@ -1050,6 +1050,7 @@ CONFIG_TRANSPARENT_HUGE_PAGECACHE=y
 CONFIG_CLEANCACHE=y
 CONFIG_FRONTSWAP=y
 # CONFIG_CMA is not set
+# CONFIG_MEM_SOFT_DIRTY is not set
 CONFIG_ZSWAP=y
 CONFIG_ZPOOL=y
 CONFIG_ZBUD=y
@@ -2067,7 +2068,6 @@ CONFIG_REGMAP_SPMI=m
 CONFIG_REGMAP_W1=m
 CONFIG_REGMAP_MMIO=y
 CONFIG_REGMAP_IRQ=y
-CONFIG_REGMAP_SOUNDWIRE=m
 CONFIG_DMA_SHARED_BUFFER=y
 # CONFIG_DMA_FENCE_TRACE is not set
 
@@ -2139,8 +2139,8 @@ CONFIG_MTD_COMPLEX_MAPPINGS=y
 CONFIG_MTD_PHYSMAP=m
 # CONFIG_MTD_PHYSMAP_COMPAT is not set
 CONFIG_MTD_PHYSMAP_OF=m
-CONFIG_MTD_PHYSMAP_OF_VERSATILE=y
-CONFIG_MTD_PHYSMAP_OF_GEMINI=y
+# CONFIG_MTD_PHYSMAP_OF_VERSATILE is not set
+# CONFIG_MTD_PHYSMAP_OF_GEMINI is not set
 CONFIG_MTD_SBC_GXX=m
 CONFIG_MTD_AMD76XROM=m
 CONFIG_MTD_ICHXROM=m
@@ -3734,8 +3734,8 @@ CONFIG_JOYSTICK_INTERACT=m
 CONFIG_JOYSTICK_SIDEWINDER=m
 CONFIG_JOYSTICK_TMDC=m
 CONFIG_JOYSTICK_IFORCE=m
-CONFIG_JOYSTICK_IFORCE_USB=y
-CONFIG_JOYSTICK_IFORCE_232=y
+# CONFIG_JOYSTICK_IFORCE_USB is not set
+# CONFIG_JOYSTICK_IFORCE_232 is not set
 CONFIG_JOYSTICK_WARRIOR=m
 CONFIG_JOYSTICK_MAGELLAN=m
 CONFIG_JOYSTICK_SPACEORB=m
@@ -5183,7 +5183,7 @@ CONFIG_MEDIA_RADIO_SUPPORT=y
 CONFIG_MEDIA_SDR_SUPPORT=y
 CONFIG_MEDIA_CEC_SUPPORT=y
 CONFIG_MEDIA_CONTROLLER=y
-# CONFIG_MEDIA_CONTROLLER_DVB is not set
+CONFIG_MEDIA_CONTROLLER_DVB=y
 CONFIG_VIDEO_DEV=m
 CONFIG_VIDEO_V4L2_SUBDEV_API=y
 CONFIG_VIDEO_V4L2=m
@@ -6932,7 +6932,6 @@ CONFIG_USB_EMI62=m
 CONFIG_USB_EMI26=m
 CONFIG_USB_ADUTUX=m
 CONFIG_USB_SEVSEG=m
-CONFIG_USB_RIO500=m
 CONFIG_USB_LEGOTOWER=m
 CONFIG_USB_LCD=m
 CONFIG_USB_CYPRESS_CY7C63=m
@@ -7796,6 +7795,9 @@ CONFIG_MTD_SPINAND_ONDIEECC=y
 CONFIG_DGNC=m
 CONFIG_GS_FPGABOOT=m
 CONFIG_UNISYSSPAR=y
+# CONFIG_UNISYS_VISORNIC is not set
+# CONFIG_UNISYS_VISORINPUT is not set
+# CONFIG_UNISYS_VISORHBA is not set
 CONFIG_COMMON_CLK_XLNX_CLKWZRD=m
 # CONFIG_FB_TFT is not set
 CONFIG_WILC1000=m
@@ -7980,7 +7982,7 @@ CONFIG_IOMMU_SUPPORT=y
 CONFIG_IOMMU_IOVA=y
 CONFIG_OF_IOMMU=y
 CONFIG_AMD_IOMMU=y
-CONFIG_AMD_IOMMU_V2=m
+CONFIG_AMD_IOMMU_V2=y
 CONFIG_DMAR_TABLE=y
 CONFIG_INTEL_IOMMU=y
 CONFIG_INTEL_IOMMU_SVM=y
@@ -8006,7 +8008,6 @@ CONFIG_SOUNDWIRE=y
 #
 # SoundWire Devices
 #
-CONFIG_SOUNDWIRE_BUS=m
 CONFIG_SOUNDWIRE_CADENCE=m
 CONFIG_SOUNDWIRE_INTEL=m
 
@@ -8666,7 +8667,7 @@ CONFIG_MUX_ADGS1408=m
 CONFIG_MUX_GPIO=m
 CONFIG_MUX_MMIO=m
 CONFIG_PM_OPP=y
-# CONFIG_UNISYS_VISORBUS is not set
+CONFIG_UNISYS_VISORBUS=m
 CONFIG_SIOX=m
 CONFIG_SIOX_BUS_GPIO=m
 CONFIG_SLIMBUS=m
@@ -8740,7 +8741,7 @@ CONFIG_EXPORTFS=y
 CONFIG_EXPORTFS_BLOCK_OPS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_MANDATORY_FILE_LOCKING is not set
-CONFIG_FS_ENCRYPTION=m
+CONFIG_FS_ENCRYPTION=y
 CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
 CONFIG_INOTIFY_USER=y
@@ -9059,8 +9060,16 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
-# CONFIG_SECURITY_SMACK is not set
-# CONFIG_SECURITY_TOMOYO is not set
+CONFIG_SECURITY_SMACK=y
+CONFIG_SECURITY_SMACK_BRINGUP=y
+CONFIG_SECURITY_SMACK_NETFILTER=y
+CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y
+CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_APPARMOR_HASH=y
@@ -9074,6 +9083,8 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_SMACK is not set
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
@@ -9149,14 +9160,14 @@ CONFIG_CRYPTO_ECHAINIV=m
 #
 # Block modes
 #
-CONFIG_CRYPTO_CBC=m
+CONFIG_CRYPTO_CBC=y
 CONFIG_CRYPTO_CFB=m
 CONFIG_CRYPTO_CTR=y
-CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_CTS=y
 CONFIG_CRYPTO_ECB=y
 CONFIG_CRYPTO_LRW=m
 CONFIG_CRYPTO_PCBC=m
-CONFIG_CRYPTO_XTS=m
+CONFIG_CRYPTO_XTS=y
 CONFIG_CRYPTO_KEYWRAP=m
 
 #
@@ -9625,7 +9636,7 @@ CONFIG_LKDTM=m
 # CONFIG_BACKTRACE_SELF_TEST is not set
 # CONFIG_RBTREE_TEST is not set
 # CONFIG_INTERVAL_TREE_TEST is not set
-CONFIG_PERCPU_TEST=m
+# CONFIG_PERCPU_TEST is not set
 # CONFIG_ATOMIC64_SELFTEST is not set
 # CONFIG_ASYNC_RAID6_TEST is not set
 # CONFIG_TEST_HEXDUMP is not set
diff --git a/libre/linux-libre-lts/linux-lts.preset b/libre/linux-libre-lts/linux-armv7h.preset
index 66709a8c1..3cec18ca9 100644
--- a/libre/linux-libre-lts/linux-lts.preset
+++ b/libre/linux-libre-lts/linux-armv7h.preset
@@ -1,7 +1,7 @@
 # mkinitcpio preset file for the '%PKGBASE%' package
 
 ALL_config="/etc/mkinitcpio.conf"
-ALL_kver="/boot/vmlinuz-%PKGBASE%"
+ALL_kver="%KERNVER%"
 
 PRESETS=('default' 'fallback')
 
diff --git a/libre/linux-libre-lts/linux-lts.install b/libre/linux-libre-lts/linux-lts.install
deleted file mode 100644
index f1f033b4e..000000000
--- a/libre/linux-libre-lts/linux-lts.install
+++ /dev/null
@@ -1,12 +0,0 @@
-post_upgrade() {
-  if [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
-    if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then
-      echo "WARNING: /boot appears to be a separate partition but is not mounted."
-    fi
-  fi
-}
-
-post_remove() {
-  rm -f boot/initramfs-%PKGBASE%.img
-  rm -f boot/initramfs-%PKGBASE%-fallback.img
-}