From 5bd2b519288130f42d01128e17aa671c44939f48 Mon Sep 17 00:00:00 2001 From: David P Date: Thu, 25 Jun 2020 13:38:29 -0400 Subject: updpkg: libre/linux-libre-lts 5.4.48-1 Signed-off-by: David P --- ...ctl-and-CONFIG-to-disallow-unprivileged-C.patch | 132 +++++++++++++++++++++ ...-and-CONFIG-for-unprivileged_userns_clone.patch | 132 --------------------- .../0001-gcc-common.h-Update-for-GCC-10.patch | 92 -------------- ...ile-disallow-data-races-on-gcc-10-as-well.patch | 32 ----- ...6-Fix-early-boot-crash-on-gcc-10-next-try.patch | 131 -------------------- libre/linux-libre-lts/PKGBUILD | 20 ++-- libre/linux-libre-lts/config.armv7h | 1 - libre/linux-libre-lts/config.i686 | 1 - libre/linux-libre-lts/config.x86_64 | 1 - 9 files changed, 139 insertions(+), 403 deletions(-) create mode 100644 libre/linux-libre-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch delete mode 100644 libre/linux-libre-lts/0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch delete mode 100644 libre/linux-libre-lts/0001-gcc-common.h-Update-for-GCC-10.patch delete mode 100644 libre/linux-libre-lts/0002-Makefile-disallow-data-races-on-gcc-10-as-well.patch delete mode 100644 libre/linux-libre-lts/0003-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch (limited to 'libre/linux-libre-lts') diff --git a/libre/linux-libre-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/libre/linux-libre-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch new file mode 100644 index 000000000..29abaacc2 --- /dev/null +++ b/libre/linux-libre-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -0,0 +1,132 @@ +From f4b254de5d2b75143dd7c225e58afb3f5ee3bae6 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" +Date: Mon, 16 Sep 2019 04:53:20 +0200 +Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged + CLONE_NEWUSER + +Our default behavior continues to match the vanilla kernel. +--- + init/Kconfig | 16 ++++++++++++++++ + kernel/fork.c | 15 +++++++++++++++ + kernel/sysctl.c | 12 ++++++++++++ + kernel/user_namespace.c | 7 +++++++ + 4 files changed, 50 insertions(+) + +diff --git a/init/Kconfig b/init/Kconfig +index 6db3e310a5e4..2dd7dd1b6b0d 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1083,6 +1083,22 @@ config USER_NS + + If unsure, say N. + ++config USER_NS_UNPRIVILEGED ++ bool "Allow unprivileged users to create namespaces" ++ default y ++ depends on USER_NS ++ help ++ When disabled, unprivileged users will not be able to create ++ new namespaces. Allowing users to create their own namespaces ++ has been part of several recent local privilege escalation ++ exploits, so if you need user namespaces but are ++ paranoid^Wsecurity-conscious you want to disable this. ++ ++ This setting can be overridden at runtime via the ++ kernel.unprivileged_userns_clone sysctl. ++ ++ If unsure, say Y. ++ + config PID_NS + bool "PID Namespaces" + default y +diff --git a/kernel/fork.c b/kernel/fork.c +index 9180f4416dba..a02f83b1d9b4 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -106,6 +106,11 @@ + + #define CREATE_TRACE_POINTS + #include ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -1779,6 +1784,10 @@ static __latent_entropy struct task_struct *copy_process( + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -2837,6 +2846,12 @@ int ksys_unshare(unsigned long unshare_flags) + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 70665934d53e..9797869ed829 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -110,6 +110,9 @@ extern int core_uses_pid; + extern char core_pattern[]; + extern unsigned int core_pipe_limit; + #endif ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif + extern int pid_max; + extern int pid_max_min, pid_max_max; + extern int percpu_pagelist_fraction; +@@ -546,6 +549,15 @@ static struct ctl_table kern_table[] = { + .proc_handler = proc_dointvec, + }, + #endif ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, ++#endif + #ifdef CONFIG_PROC_SYSCTL + { + .procname = "tainted", +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 8eadadc478f9..c36ecd19562c 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -21,6 +21,13 @@ + #include + #include + ++/* sysctl */ ++#ifdef CONFIG_USER_NS_UNPRIVILEGED ++int unprivileged_userns_clone = 1; ++#else ++int unprivileged_userns_clone; ++#endif ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + +-- +2.26.2 + diff --git a/libre/linux-libre-lts/0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch b/libre/linux-libre-lts/0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch deleted file mode 100644 index f93022e50..000000000 --- a/libre/linux-libre-lts/0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6136ffb3d88e9f044260f8288d2d0a1edd64379e Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" -Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged - CLONE_NEWUSER - -Our default behavior continues to match the vanilla kernel. ---- - init/Kconfig | 16 ++++++++++++++++ - kernel/fork.c | 15 +++++++++++++++ - kernel/sysctl.c | 12 ++++++++++++ - kernel/user_namespace.c | 7 +++++++ - 4 files changed, 50 insertions(+) - -diff --git a/init/Kconfig b/init/Kconfig -index bd7d650d4a99..658f9c052151 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1091,6 +1091,22 @@ config USER_NS - - If unsure, say N. - -+config USER_NS_UNPRIVILEGED -+ bool "Allow unprivileged users to create namespaces" -+ default y -+ depends on USER_NS -+ help -+ When disabled, unprivileged users will not be able to create -+ new namespaces. Allowing users to create their own namespaces -+ has been part of several recent local privilege escalation -+ exploits, so if you need user namespaces but are -+ paranoid^Wsecurity-conscious you want to disable this. -+ -+ This setting can be overridden at runtime via the -+ kernel.unprivileged_userns_clone sysctl. -+ -+ If unsure, say Y. -+ - config PID_NS - bool "PID Namespaces" - default y -diff --git a/kernel/fork.c b/kernel/fork.c -index 541fd805fb88..ffd57c812153 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -106,6 +106,11 @@ - - #define CREATE_TRACE_POINTS - #include -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1788,6 +1793,10 @@ static __latent_entropy struct task_struct *copy_process( - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2819,6 +2828,12 @@ int ksys_unshare(unsigned long unshare_flags) - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 078950d9605b..baead3605bbe 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -110,6 +110,9 @@ extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -545,6 +548,15 @@ static struct ctl_table kern_table[] = { - .proc_handler = proc_dointvec, - }, - #endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+#endif - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 8eadadc478f9..c36ecd19562c 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -21,6 +21,13 @@ - #include - #include - -+/* sysctl */ -+#ifdef CONFIG_USER_NS_UNPRIVILEGED -+int unprivileged_userns_clone = 1; -+#else -+int unprivileged_userns_clone; -+#endif -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - --- -2.23.0 - diff --git a/libre/linux-libre-lts/0001-gcc-common.h-Update-for-GCC-10.patch b/libre/linux-libre-lts/0001-gcc-common.h-Update-for-GCC-10.patch deleted file mode 100644 index 1eef6746f..000000000 --- a/libre/linux-libre-lts/0001-gcc-common.h-Update-for-GCC-10.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 1a84040203e73d1bccfdb99aed98042efe3ecd16 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= - -Date: Tue, 7 Apr 2020 13:32:59 +0200 -Subject: [PATCH 1/3] gcc-common.h: Update for GCC 10 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Remove "params.h" include, which has been dropped in GCC 10. - -Remove is_a_helper() macro, which is now defined in gimple.h, as seen -when running './scripts/gcc-plugin.sh g++ g++ gcc': - -In file included from :1: -./gcc-plugins/gcc-common.h:852:13: error: redefinition of ‘static bool is_a_helper::test(U*) [with U = const gimple; T = const ggoto*]’ - 852 | inline bool is_a_helper::test(const_gimple gs) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -In file included from ./gcc-plugins/gcc-common.h:125, - from :1: -/usr/lib/gcc/x86_64-redhat-linux/10/plugin/include/gimple.h:1037:1: note: ‘static bool is_a_helper::test(U*) [with U = const gimple; T = const ggoto*]’ previously declared here - 1037 | is_a_helper ::test (const gimple *gs) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Add -Wno-format-diag to scripts/gcc-plugins/Makefile to avoid -meaningless warnings from error() formats used by plugins: - -scripts/gcc-plugins/structleak_plugin.c: In function ‘int plugin_init(plugin_name_args*, plugin_gcc_version*)’: -scripts/gcc-plugins/structleak_plugin.c:253:12: warning: unquoted sequence of 2 consecutive punctuation characters ‘'-’ in format [-Wformat-diag] - 253 | error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Signed-off-by: Frédéric Pierret (fepitre) -Link: https://lore.kernel.org/r/20200407113259.270172-1-frederic.pierret@qubes-os.org -[kees: include -Wno-format-diag for plugin builds] -Signed-off-by: Kees Cook ---- - scripts/gcc-plugins/Makefile | 1 + - scripts/gcc-plugins/gcc-common.h | 4 ++++ - 2 files changed, 5 insertions(+) - -diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile -index aa0d0ec6936d..9e95862f2788 100644 ---- a/scripts/gcc-plugins/Makefile -+++ b/scripts/gcc-plugins/Makefile -@@ -11,6 +11,7 @@ else - HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti - HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb - HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable -+ HOST_EXTRACXXFLAGS += -Wno-format-diag - export HOST_EXTRACXXFLAGS - endif - -diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h -index 17f06079a712..9ad76b7f3f10 100644 ---- a/scripts/gcc-plugins/gcc-common.h -+++ b/scripts/gcc-plugins/gcc-common.h -@@ -35,7 +35,9 @@ - #include "ggc.h" - #include "timevar.h" - -+#if BUILDING_GCC_VERSION < 10000 - #include "params.h" -+#endif - - #if BUILDING_GCC_VERSION <= 4009 - #include "pointer-set.h" -@@ -847,19 +849,21 @@ static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree l - return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT); - } - -+#if BUILDING_GCC_VERSION < 10000 - template <> - template <> - inline bool is_a_helper::test(const_gimple gs) - { - return gs->code == GIMPLE_GOTO; - } - - template <> - template <> - inline bool is_a_helper::test(const_gimple gs) - { - return gs->code == GIMPLE_RETURN; - } -+#endif - - static inline gasm *as_a_gasm(gimple stmt) - { --- -2.26.2 - diff --git a/libre/linux-libre-lts/0002-Makefile-disallow-data-races-on-gcc-10-as-well.patch b/libre/linux-libre-lts/0002-Makefile-disallow-data-races-on-gcc-10-as-well.patch deleted file mode 100644 index b6676eed6..000000000 --- a/libre/linux-libre-lts/0002-Makefile-disallow-data-races-on-gcc-10-as-well.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6a183a41a1945cb79660a78536182ce9c2568291 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich -Date: Tue, 17 Mar 2020 00:07:18 +0000 -Subject: [PATCH 2/3] Makefile: disallow data races on gcc-10 as well - -gcc-10 will rename --param=allow-store-data-races=0 -to -fno-allow-store-data-races. - -The flag change happened at https://gcc.gnu.org/PR92046. - -Signed-off-by: Sergei Trofimovich -Acked-by: Jiri Kosina -Signed-off-by: Masahiro Yamada ---- - Makefile | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile b/Makefile -index ff2b90ddc9bc..c8dc1357079b 100644 ---- a/Makefile -+++ b/Makefile -@@ -713,6 +713,7 @@ endif - - # Tell gcc to never replace conditional load with a non-conditional one - KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -+KBUILD_CFLAGS += $(call cc-option,-fno-allow-store-data-races) - - include scripts/Makefile.kcov - include scripts/Makefile.gcc-plugins --- -2.26.2 - diff --git a/libre/linux-libre-lts/0003-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch b/libre/linux-libre-lts/0003-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch deleted file mode 100644 index 4d954fb92..000000000 --- a/libre/linux-libre-lts/0003-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 2f18ace75890ccd9681f210efdb58662db0cb4c4 Mon Sep 17 00:00:00 2001 -From: Borislav Petkov -Date: Wed, 22 Apr 2020 18:11:30 +0200 -Subject: [PATCH 3/3] x86: Fix early boot crash on gcc-10, next try -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... or the odyssey of trying to disable the stack protector for the -function which generates the stack canary value. - -The whole story started with Sergei reporting a boot crash with a kernel -built with gcc-10: - - Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary - CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139 - Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013 - Call Trace: - dump_stack - panic - ? start_secondary - __stack_chk_fail - start_secondary - secondary_startup_64 - -—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary - -This happens because gcc-10 tail-call optimizes the last function call -in start_secondary() - cpu_startup_entry() - and thus emits a stack -canary check which fails because the canary value changes after the -boot_init_stack_canary() call. - -To fix that, the initial attempt was to mark the one function which -generates the stack canary with: - - __attribute__((optimize("-fno-stack-protector"))) ... start_secondary(void *unused) - -however, using the optimize attribute doesn't work cumulatively -as the attribute does not add to but rather replaces previously -supplied optimization options - roughly all -fxxx options. - -The key one among them being -fno-omit-frame-pointer and thus leading to -not present frame pointer - frame pointer which the kernel needs. - -The next attempt to prevent compilers from tail-call optimizing -the last function call cpu_startup_entry(), shy of carving out -start_secondary() into a separate compilation unit and building it with --fno-stack-protector, is this one. - -The current solution is short and sweet, and reportedly, is supported by -both compilers so let's see how far we'll get this time. - -Reported-by: Sergei Trofimovich -Signed-off-by: Borislav Petkov -Reviewed-by: Nick Desaulniers -Reviewed-by: Kees Cook -Link: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@gentoo.org ---- - arch/x86/include/asm/stackprotector.h | 7 ++++++- - arch/x86/kernel/smpboot.c | 8 ++++++++ - arch/x86/xen/smp_pv.c | 1 + - include/linux/compiler.h | 6 ++++++ - 4 files changed, 21 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h -index 91e29b6a86a5..9804a7957f4e 100644 ---- a/arch/x86/include/asm/stackprotector.h -+++ b/arch/x86/include/asm/stackprotector.h -@@ -55,8 +55,13 @@ - /* - * Initialize the stackprotector canary value. - * -- * NOTE: this must only be called from functions that never return, -+ * NOTE: this must only be called from functions that never return - * and it must always be inlined. -+ * -+ * In addition, it should be called from a compilation unit for which -+ * stack protector is disabled. Alternatively, the caller should not end -+ * with a function call which gets tail-call optimized as that would -+ * lead to checking a modified canary value. - */ - static __always_inline void boot_init_stack_canary(void) - { -diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 69881b2d446c..9674321ce3a3 100644 ---- a/arch/x86/kernel/smpboot.c -+++ b/arch/x86/kernel/smpboot.c -@@ -262,6 +262,14 @@ static void notrace start_secondary(void *unused) - - wmb(); - cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); -+ -+ /* -+ * Prevent tail call to cpu_startup_entry() because the stack protector -+ * guard has been changed a couple of function calls up, in -+ * boot_init_stack_canary() and must not be checked before tail calling -+ * another function. -+ */ -+ prevent_tail_call_optimization(); - } - - /** -diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c -index 802ee5bba66c..0cebe5db691d 100644 ---- a/arch/x86/xen/smp_pv.c -+++ b/arch/x86/xen/smp_pv.c -@@ -92,6 +92,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void) - cpu_bringup(); - boot_init_stack_canary(); - cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); -+ prevent_tail_call_optimization(); - } - - void xen_smp_intr_free_pv(unsigned int cpu) -diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 034b0a644efc..732754d96039 100644 ---- a/include/linux/compiler.h -+++ b/include/linux/compiler.h -@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off) - /* &a[0] degrades to a pointer: a different type from an array */ - #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) - -+/* -+ * This is needed in functions which generate the stack canary, see -+ * arch/x86/kernel/smpboot.c::start_secondary() for an example. -+ */ -+#define prevent_tail_call_optimization() asm("") -+ - #endif /* __LINUX_COMPILER_H */ --- -2.26.2 - diff --git a/libre/linux-libre-lts/PKGBUILD b/libre/linux-libre-lts/PKGBUILD index c41c71cc2..27def27f3 100644 --- a/libre/linux-libre-lts/PKGBUILD +++ b/libre/linux-libre-lts/PKGBUILD @@ -14,7 +14,7 @@ _replacesoldkernels=() # '%' gets replaced with kernel suffix _replacesoldmodules=() # '%' gets replaced with kernel suffix pkgbase=linux-libre-lts -pkgver=5.4.41 +pkgver=5.4.48 pkgrel=1 pkgdesc='LTS Linux-libre' rcnver=5.4.40 @@ -43,10 +43,7 @@ source=( # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html 0002-fix-Atmel-maXTouch-touchscreen-support.patch # Arch Linux patches - 0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch - 0001-gcc-common.h-Update-for-GCC-10.patch - 0002-Makefile-disallow-data-races-on-gcc-10-as-well.patch - 0003-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch + 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch sphinx-workaround.patch ) source_armv7h=( @@ -69,7 +66,7 @@ validpgpkeys=( ) sha512sums=('0d0915133864eb031adfc6700066147dcf3e768a50a31c39754950c95ef4fd322dc701cd50af49c403ef0325adfcb07e354d5e46c1be3dcdd719a7a55c963f37' 'SKIP' - '0d2b68b42bf3332fe1f0ace81873d599cc12a845f2001764fd8fbdb5f635e57d41917d1b6fdb11770c489ca8bda8a772fd3f218df8672e9d514484476c1ae14b' + 'ba170654fbc6d12e2654852578c6c7f4f8ba9615008752140ed97879f3241ca18676ad3e70628ddcaec185becc9ca95aa643c25846d93760144b4195bd6a0445' 'SKIP' '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' 'SKIP' @@ -77,16 +74,13 @@ sha512sums=('0d0915133864eb031adfc6700066147dcf3e768a50a31c39754950c95ef4fd322dc 'SKIP' '267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1' 'SKIP' - '2f1d1f927245cc52091ab91e7e523cb6f91cdd435059d087c0268856d1ce8a6ec2af9295a8bdcaa018a40af0ac9a2940900f981b3df5f412a1c059f994e3bf3f' - '384c81ce24e30d1bbd32e0b6bdfb0409f7f1f9dbb3d7faf438f15d5971ee8fe378659aee831b7ae102d4a7f0a4e7568c45cf603ef85509b2867ed67be0d3f0dc' - '1079d81e3eb69273022c601b50fce575b41a8042d8f91f95618ffce4cd01f948c69d52fbb2d3b05d9efe58e12fcef1b06498399dc0bda4bef38ab288047b18e1' + '7192d452c4e9b5a1032107c8b8a4b4b6ed09f7f12a6ea7a426af5237ac02ba150acd6380fd931ca77a29d88df6269cbe75ff32717fba91bf8d39131b74ead61b' + '5576b632853b070eeff175807ce67662d0dd34012ca12e16c4e207f44fadc7865580e1370a6d60a09a84272f50c753695390e0f93c8a8f2dbc78ec2e704b59e6' + '4d7e613ada85e48c9b57f9ea17b8445bd96fd6d16662186dba5073b40afc2b43de0bef5977afdaa82f789bfb7df3f99db1b2babd7588099df213fe60f00fed70' '53103bf55b957b657039510527df0df01279dec59cda115a4d6454e4135025d4546167fa30bdc99107f232561c1e096d8328609ab5a876cf7017176f92ad3e0b' '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af' 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168' - '5f196378d50dd737d727e424d8f31b7fa8a6b92ba88f0a1467ef79bc37a097160da1fc1fd5cfb4b8983f36f2afdf27eb229ec61b35a15ac2343d660eb416a230' - 'aab1da6c0aae0535fd6ea5115f95fc52c4bbc0cea6580ced62f9c45dd96a392a98173a6f0a15381366d25f1441fb7ad804b36ca639a9219c01e4b911471e7e62' - 'df9306b6d5ee501bd72cd44911441ab34ddca74b4d14601c7e2e001aa451b49c20d0fc6c999d29f03d1b61602f2010460191099c5aae5c0c88809eae4cc1e82a' - '4c471f5f760261d344c3133429d8c2ddb1615afef5b8c0420d66006124bea8158a61b5100e4ba2a144f8b658493dd81cc05ca564ca813c3331a34eeafdcc86a8' + '763fbab9ffac713f6534ecdcd70319e2fe12b5dbaf8e20a7231c0cd809e1864f642615ecfc7ec0a9fcf903e1f5544175eb922f03f4d42af83279ee1f9c3564be' '8081673a6594e5fc2fddc98fa434e99817aa822f7136d3c14c8d465fa7b93c9ac5d3a4150a5b632e25b1dc76a814dfa19d8aede37d58b935db288465b6585c58') sha512sums_armv7h=('8171a88b29bd58866dfb53fa74bcbcb84dbec755da6d0dd2aad54b1aa696c0334a5a87dfee4636c358026ab6b8c83ac75ebe3c5ce625a87fc2d46ebb58c94210' 'SKIP' diff --git a/libre/linux-libre-lts/config.armv7h b/libre/linux-libre-lts/config.armv7h index 995b8758e..aaee80648 100644 --- a/libre/linux-libre-lts/config.armv7h +++ b/libre/linux-libre-lts/config.armv7h @@ -11,7 +11,6 @@ CONFIG_GCC_VERSION=90200 CONFIG_CLANG_VERSION=0 CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y diff --git a/libre/linux-libre-lts/config.i686 b/libre/linux-libre-lts/config.i686 index 086e962e8..b30f363d3 100644 --- a/libre/linux-libre-lts/config.i686 +++ b/libre/linux-libre-lts/config.i686 @@ -12,7 +12,6 @@ CONFIG_CLANG_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y diff --git a/libre/linux-libre-lts/config.x86_64 b/libre/linux-libre-lts/config.x86_64 index d4f056910..663de0fa6 100644 --- a/libre/linux-libre-lts/config.x86_64 +++ b/libre/linux-libre-lts/config.x86_64 @@ -12,7 +12,6 @@ CONFIG_CLANG_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y -- cgit v1.2.3