diff options
author | alzeih | 2018-03-05 10:03:38 +1300 |
---|---|---|
committer | alzeih | 2018-03-05 10:05:02 +1300 |
commit | 58b14b707bec6c536923d9b0a25c85e4043f59af (patch) | |
tree | 00e6697f4ccd6c42c5775d871a2e01143a1b4c8c | |
parent | dd61910ad2738069e332bec798307dc71704618b (diff) | |
download | aur-58b14b707bec6c536923d9b0a25c85e4043f59af.tar.gz |
updpkg: linux-apparmor 4.15.5-1
Signed-off-by: alzeih <alzeih@users.noreply.github.com>
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 8 | ||||
-rw-r--r-- | 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 12 | ||||
-rw-r--r-- | 0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch | 80 | ||||
-rw-r--r-- | PKGBUILD | 15 | ||||
-rw-r--r-- | config | 26 |
6 files changed, 30 insertions, 127 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-apparmor - pkgver = 4.15.4 + pkgver = 4.15.5 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -12,8 +12,8 @@ pkgbase = linux-apparmor options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.15.4.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.15.4.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.15.5.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.15.5.sign source = config source = 60-linux.hook source = 90-linux.hook @@ -21,21 +21,19 @@ pkgbase = linux-apparmor source = config.fragment source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch - source = 0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha256sums = 5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769 sha256sums = SKIP - sha256sums = 5f8344fcc6b15be5f53001bb18df342bf5877563239f03271c236e3a40db89e8 + sha256sums = b5dc7021bd0c08e4a58b59035f9b757ce6909b46067950ac56d2ad68c1b69dd1 sha256sums = SKIP - sha256sums = 617d1a2b0160fc72098524a51501531556050cab0e466c9dbae5d60a78991bd2 + sha256sums = f38927db126ec7141ea2dd70cabb2ef378552672b31db4ab621493928497abd7 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 sha256sums = 728ea88383ce6c542e2969246036f454395d5412779ffb5299639610b82b21f1 - sha256sums = c7951a3dfa6dcfd6f7c56d8d5c7c89cceb0e612ce3e6134d3fe23d1202b69863 - sha256sums = b1485882a9d26fe49b9fb2530259c2c39e03a3346ff63edcbc746f47ef693676 - sha256sums = 54380eafa1dfb42f7860a5eee9f521c14aa5fd2c9f5bfaa6e0537d75800225b7 + sha256sums = 19b17156ea5aec86e4eb87fc855789375a5184faf564b4ac2cd0f279de7b3bf9 + sha256sums = f49e23e2a00357f8a5f6cc5caadd56a4df2b0a3e2b53d76a514ca508f25a62a7 pkgname = linux-apparmor pkgdesc = The Linux-apparmor kernel and modules diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index f155e964b1e2..1385f92d2797 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,8 @@ -From 05a43fb8b36cdaf6a3580f46cab334f2c2796544 Mon Sep 17 00:00:00 2001 -Message-Id: <05a43fb8b36cdaf6a3580f46cab334f2c2796544.1518828081.git.jan.steffens@gmail.com> +From 16305718ac69980301a803f32373cd0d80473a1c Mon Sep 17 00:00:00 2001 +Message-Id: <16305718ac69980301a803f32373cd0d80473a1c.1519311274.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> @@ -99,5 +99,5 @@ index 246d4d4ce5c7..f64432b45cec 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.16.1 +2.16.2 diff --git a/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch index 97848fc18593..7338383117fe 100644 --- a/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch +++ b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -1,10 +1,10 @@ -From 9ae12d036a480aa5352118c982ba76f2fb1640a3 Mon Sep 17 00:00:00 2001 -Message-Id: <9ae12d036a480aa5352118c982ba76f2fb1640a3.1518828081.git.jan.steffens@gmail.com> -In-Reply-To: <05a43fb8b36cdaf6a3580f46cab334f2c2796544.1518828081.git.jan.steffens@gmail.com> -References: <05a43fb8b36cdaf6a3580f46cab334f2c2796544.1518828081.git.jan.steffens@gmail.com> +From caccd577f10e4618e87c8b21bb14ab867208df04 Mon Sep 17 00:00:00 2001 +Message-Id: <caccd577f10e4618e87c8b21bb14ab867208df04.1519311274.git.jan.steffens@gmail.com> +In-Reply-To: <16305718ac69980301a803f32373cd0d80473a1c.1519311274.git.jan.steffens@gmail.com> +References: <16305718ac69980301a803f32373cd0d80473a1c.1519311274.git.jan.steffens@gmail.com> From: Jim Bride <jim.bride@linux.intel.com> Date: Mon, 6 Nov 2017 13:38:57 -0800 -Subject: [PATCH 2/3] drm/i915/edp: Only use the alternate fixed mode if it's +Subject: [PATCH 2/2] drm/i915/edp: Only use the alternate fixed mode if it's asked for In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for @@ -38,5 +38,5 @@ index add4b2434aa3..14a8bef9fdfe 100644 } -- -2.16.1 +2.16.2 diff --git a/0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch b/0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch deleted file mode 100644 index 4b490730e3c3..000000000000 --- a/0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch +++ /dev/null @@ -1,80 +0,0 @@ -From cd0c80aa02dbfe649c743fa98fcc0d9f427e0827 Mon Sep 17 00:00:00 2001 -Message-Id: <cd0c80aa02dbfe649c743fa98fcc0d9f427e0827.1518828081.git.jan.steffens@gmail.com> -In-Reply-To: <05a43fb8b36cdaf6a3580f46cab334f2c2796544.1518828081.git.jan.steffens@gmail.com> -References: <05a43fb8b36cdaf6a3580f46cab334f2c2796544.1518828081.git.jan.steffens@gmail.com> -From: Juergen Gross <jgross@suse.com> -Date: Thu, 1 Feb 2018 13:40:19 +0100 -Subject: [PATCH 3/3] x86/xen: init %gs very early to avoid page faults with - stack protector - -When running as Xen pv guest %gs is initialized some time after -C code is started. Depending on stack protector usage this might be -too late, resulting in page faults. - -So setup %gs and MSR_GS_BASE in assembly code already. - -Cc: stable@vger.kernel.org -Signed-off-by: Juergen Gross <jgross@suse.com> -Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Tested-by: Chris Patterson <cjp256@gmail.com> -Signed-off-by: Juergen Gross <jgross@suse.com> ---- - arch/x86/xen/xen-head.S | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S -index 497cc55a0c16..96f26e026783 100644 ---- a/arch/x86/xen/xen-head.S -+++ b/arch/x86/xen/xen-head.S -@@ -9,32 +9,48 @@ - - #include <asm/boot.h> - #include <asm/asm.h> -+#include <asm/msr.h> - #include <asm/page_types.h> -+#include <asm/percpu.h> - #include <asm/unwind_hints.h> - - #include <xen/interface/elfnote.h> - #include <xen/interface/features.h> - #include <xen/interface/xen.h> - #include <xen/interface/xen-mca.h> - #include <asm/xen/interface.h> - - #ifdef CONFIG_XEN_PV - __INIT - ENTRY(startup_xen) - UNWIND_HINT_EMPTY - cld - - /* Clear .bss */ - xor %eax,%eax - mov $__bss_start, %_ASM_DI - mov $__bss_stop, %_ASM_CX - sub %_ASM_DI, %_ASM_CX - shr $__ASM_SEL(2, 3), %_ASM_CX - rep __ASM_SIZE(stos) - - mov %_ASM_SI, xen_start_info - mov $init_thread_union+THREAD_SIZE, %_ASM_SP - -+#ifdef CONFIG_X86_64 -+ /* Set up %gs. -+ * -+ * The base of %gs always points to the bottom of the irqstack -+ * union. If the stack protector canary is enabled, it is -+ * located at %gs:40. Note that, on SMP, the boot cpu uses -+ * init data section till per cpu areas are set up. -+ */ -+ movl $MSR_GS_BASE,%ecx -+ movq $INIT_PER_CPU_VAR(irq_stack_union),%rax -+ cdq -+ wrmsr -+#endif -+ - jmp xen_start_kernel - END(startup_xen) - __FINIT --- -2.16.1 - @@ -3,7 +3,7 @@ pkgbase=linux-apparmor _srcname=linux-4.15 -pkgver=4.15.4 +pkgver=4.15.5 pkgrel=1 arch=('x86_64') url="https://www.kernel.org/" @@ -20,7 +20,6 @@ source=( 'config.fragment' 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch - 0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -28,16 +27,15 @@ validpgpkeys=( ) sha256sums=('5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769' 'SKIP' - '5f8344fcc6b15be5f53001bb18df342bf5877563239f03271c236e3a40db89e8' + 'b5dc7021bd0c08e4a58b59035f9b757ce6909b46067950ac56d2ad68c1b69dd1' 'SKIP' - '617d1a2b0160fc72098524a51501531556050cab0e466c9dbae5d60a78991bd2' + 'f38927db126ec7141ea2dd70cabb2ef378552672b31db4ab621493928497abd7' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' '728ea88383ce6c542e2969246036f454395d5412779ffb5299639610b82b21f1' - 'c7951a3dfa6dcfd6f7c56d8d5c7c89cceb0e612ce3e6134d3fe23d1202b69863' - 'b1485882a9d26fe49b9fb2530259c2c39e03a3346ff63edcbc746f47ef693676' - '54380eafa1dfb42f7860a5eee9f521c14aa5fd2c9f5bfaa6e0537d75800225b7') + '19b17156ea5aec86e4eb87fc855789375a5184faf564b4ac2cd0f279de7b3bf9' + 'f49e23e2a00357f8a5f6cc5caadd56a4df2b0a3e2b53d76a514ca508f25a62a7') _kernelname=${pkgbase#linux} : ${_kernelname:=-ARCH} @@ -57,9 +55,6 @@ prepare() { # https://bugs.archlinux.org/task/56711 patch -Np1 -i ../0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch - # https://bugs.archlinux.org/task/57500 - patch -Np1 -i ../0003-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch - cat ../config - >.config <<END CONFIG_LOCALVERSION="${_kernelname}" CONFIG_LOCALVERSION_AUTO=n @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.15.3-1 Kernel Configuration +# Linux/x86 4.15.5-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -1040,7 +1040,6 @@ CONFIG_TCP_CONG_DCTCP=m CONFIG_TCP_CONG_CDG=m CONFIG_TCP_CONG_BBR=m CONFIG_DEFAULT_CUBIC=y -# CONFIG_DEFAULT_BBR is not set # CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_TCP_MD5SIG=y @@ -5878,7 +5877,7 @@ CONFIG_FB=y CONFIG_FIRMWARE_EDID=y CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y -CONFIG_FB_DDC=m +# CONFIG_FB_DDC is not set CONFIG_FB_BOOT_VESA_SUPPORT=y CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y @@ -5906,30 +5905,21 @@ CONFIG_FB_TILEBLITTING=y # CONFIG_FB_ARC is not set # CONFIG_FB_ASILIANT is not set # CONFIG_FB_IMSTT is not set -CONFIG_FB_VGA16=m -CONFIG_FB_UVESA=m +# CONFIG_FB_VGA16 is not set +# CONFIG_FB_UVESA is not set CONFIG_FB_VESA=y CONFIG_FB_EFI=y # CONFIG_FB_N411 is not set # CONFIG_FB_HGA is not set # CONFIG_FB_OPENCORES is not set # CONFIG_FB_S1D13XXX is not set -CONFIG_FB_NVIDIA=m -CONFIG_FB_NVIDIA_I2C=y -# CONFIG_FB_NVIDIA_DEBUG is not set -CONFIG_FB_NVIDIA_BACKLIGHT=y -CONFIG_FB_RIVA=m -CONFIG_FB_RIVA_I2C=y -# CONFIG_FB_RIVA_DEBUG is not set -CONFIG_FB_RIVA_BACKLIGHT=y +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set # CONFIG_FB_I740 is not set # CONFIG_FB_LE80578 is not set # CONFIG_FB_INTEL is not set # CONFIG_FB_MATROX is not set -CONFIG_FB_RADEON=m -CONFIG_FB_RADEON_I2C=y -CONFIG_FB_RADEON_BACKLIGHT=y -# CONFIG_FB_RADEON_DEBUG is not set +# CONFIG_FB_RADEON is not set # CONFIG_FB_ATY128 is not set # CONFIG_FB_ATY is not set # CONFIG_FB_S3 is not set @@ -6003,7 +5993,7 @@ CONFIG_BACKLIGHT_GPIO=m CONFIG_BACKLIGHT_LV5207LP=m CONFIG_BACKLIGHT_BD6107=m CONFIG_BACKLIGHT_ARCXCNN=m -CONFIG_VGASTATE=m +# CONFIG_VGASTATE is not set CONFIG_VIDEOMODE_HELPERS=y CONFIG_HDMI=y |