Update to 4.20.12-3

author: graysky 2019-02-23 06:52:04 -0500
committer: graysky 2019-02-23 06:52:04 -0500
commit: 0411bf0858d2ef16a450915e02619f4389806175 (patch)
tree: 681c9521fd7f1258fac7058aa9441b4d76a1a15f
parent: 6e3b66b8781265128a8cd617d3dc667baa66f28a (diff)
download: aur-0411bf0858d2ef16a450915e02619f4389806175.tar.gz
5 files changed, 10 insertions, 116 deletions
diff --git a/.SRCINFO b/.SRCINFO
index e172f10d13e8..a74f4c49c313 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,8 @@
 # Generated by mksrcinfo v8
-# Sat Feb 23 11:15:07 UTC 2019
+# Sat Feb 23 11:52:03 UTC 2019
 pkgbase = linux-ck
 	pkgver = 4.20.12
-	pkgrel = 2
+	pkgrel = 3
 	url = https://wiki.archlinux.org/index.php/Linux-ck
 	arch = x86_64
 	license = GPL2
@@ -19,9 +19,8 @@ pkgbase = linux-ck
 	source = linux.preset
 	source = enable_additional_cpu_optimizations-20180509.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20180509.tar.gz
 	source = http://ck.kolivas.org/patches/4.0/4.20/4.20-ck1/patch-4.20-ck1.xz
-	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-	source = 0002-exec-Fix-mem-leak-in-kernel_read_file.patch
-	source = 0003-unfuck-ck1-for-kvm-intel-symbol.patch
+	source = 0000-unfuck-ck1-for-kvm-intel-symbol.patch
+	source = 0001-exec-Fix-mem-leak-in-kernel_read_file.patch
 	sha256sums = 1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504
 	sha256sums = SKIP
 	sha256sums = 4ff10c16fa729f808e812e3ff53ef8087ab9c220c84d860676d3bfb5c1c63c5d
@@ -30,9 +29,8 @@ pkgbase = linux-ck
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
 	sha256sums = 226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d
 	sha256sums = 4bd614333fcbe509118b5362889f76d241e1d33e1ee691bd24fd82384ce7f2de
-	sha256sums = b6eea702f203632f12fa9edd4a38781d66498c20b1baedb23722537930b9a863
-	sha256sums = a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb
 	sha256sums = 3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64
+	sha256sums = a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb
 
 pkgname = linux-ck
 	pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler v0.185
diff --git a/0003-unfuck-ck1-for-kvm-intel-symbol.patch b/0000-unfuck-ck1-for-kvm-intel-symbol.patch
index fd8568a24ab4..fd8568a24ab4 100644
--- a/0003-unfuck-ck1-for-kvm-intel-symbol.patch
+++ b/0000-unfuck-ck1-for-kvm-intel-symbol.patch
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
deleted file mode 100644
index 215dc6c12bba..000000000000
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From aa38734a9d06dd75d61819e884742be9eadbc143 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge.hallyn@canonical.com>
-Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
- default
-
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
-[bwh: Remove unneeded binary sysctl bits]
-Signed-off-by: Daniel Micay <danielmicay@gmail.com>
----
- kernel/fork.c           | 15 +++++++++++++++
- kernel/sysctl.c         | 12 ++++++++++++
- kernel/user_namespace.c |  3 +++
- 3 files changed, 30 insertions(+)
-
-diff --git a/kernel/fork.c b/kernel/fork.c
-index 906cd0c13d15..0d1d30ad91e7 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -104,6 +104,11 @@
- 
- #define CREATE_TRACE_POINTS
- #include <trace/events/task.h>
-+#ifdef CONFIG_USER_NS
-+extern int unprivileged_userns_clone;
-+#else
-+#define unprivileged_userns_clone 0
-+#endif
- 
- /*
-  * Minimum number of threads to boot the kernel
-@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process(
- 	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
- 		return ERR_PTR(-EINVAL);
- 
-+	if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
-+		if (!capable(CAP_SYS_ADMIN))
-+			return ERR_PTR(-EPERM);
-+
- 	/*
- 	 * Thread groups must share signals as well, and detached threads
- 	 * can only be started up within the thread group.
-@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags)
- 	if (unshare_flags & CLONE_NEWNS)
- 		unshare_flags |= CLONE_FS;
- 
-+	if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
-+		err = -EPERM;
-+		if (!capable(CAP_SYS_ADMIN))
-+			goto bad_unshare_out;
-+	}
-+
- 	err = check_unshare_flags(unshare_flags);
- 	if (err)
- 		goto bad_unshare_out;
-diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 9ee261fce89e..ab26ddeab33d 100644
---- a/kernel/sysctl.c
-+++ b/kernel/sysctl.c
-@@ -106,6 +106,9 @@ extern int core_uses_pid;
- extern char core_pattern[];
- extern unsigned int core_pipe_limit;
- #endif
-+#ifdef CONFIG_USER_NS
-+extern int unprivileged_userns_clone;
-+#endif
- extern int pid_max;
- extern int pid_max_min, pid_max_max;
- extern int percpu_pagelist_fraction;
-@@ -515,6 +518,15 @@ static struct ctl_table kern_table[] = {
- 		.proc_handler	= proc_dointvec,
- 	},
- #endif
-+#ifdef CONFIG_USER_NS
-+	{
-+		.procname	= "unprivileged_userns_clone",
-+		.data		= &unprivileged_userns_clone,
-+		.maxlen		= sizeof(int),
-+		.mode		= 0644,
-+		.proc_handler	= proc_dointvec,
-+	},
-+#endif
- #ifdef CONFIG_PROC_SYSCTL
- 	{
- 		.procname	= "tainted",
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 923414a246e9..6b9dbc257e34 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -26,6 +26,9 @@
- #include <linux/bsearch.h>
- #include <linux/sort.h>
- 
-+/* sysctl */
-+int unprivileged_userns_clone;
-+
- static struct kmem_cache *user_ns_cachep __read_mostly;
- static DEFINE_MUTEX(userns_state_mutex);
- 
--- 
-2.20.1
-
diff --git a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/0001-exec-Fix-mem-leak-in-kernel_read_file.patch
index bed047b765a2..bed047b765a2 100644
--- a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch
+++ b/0001-exec-Fix-mem-leak-in-kernel_read_file.patch
diff --git a/PKGBUILD b/PKGBUILD
index fa1def81850a..d5737dc5e5fd 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -63,7 +63,7 @@ _localmodcfg=
 pkgbase=linux-ck
 _srcver=4.20.12-arch1
 pkgver=${_srcver%-*}
-pkgrel=2
+pkgrel=3
 _ckpatchversion=1
 arch=(x86_64)
 url="https://wiki.archlinux.org/index.php/Linux-ck"
@@ -80,9 +80,8 @@ source=(
   linux.preset   # standard config files for mkinitcpio ramdisk
   "enable_additional_cpu_optimizations-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/$_gcc_more_v.tar.gz"
   "http://ck.kolivas.org/patches/4.0/4.20/4.20-ck${_ckpatchversion}/$_ckpatch.xz"
-  0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-  0002-exec-Fix-mem-leak-in-kernel_read_file.patch
-  0003-unfuck-ck1-for-kvm-intel-symbol.patch
+  0000-unfuck-ck1-for-kvm-intel-symbol.patch
+  0001-exec-Fix-mem-leak-in-kernel_read_file.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -96,9 +95,8 @@ sha256sums=('1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
             '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d'
             '4bd614333fcbe509118b5362889f76d241e1d33e1ee691bd24fd82384ce7f2de'
-            'b6eea702f203632f12fa9edd4a38781d66498c20b1baedb23722537930b9a863'
-            'a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb'
-            '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64')
+            '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64'
+            'a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb')
 
 _kernelname=${pkgbase#linux}
 : ${_kernelname:=-ARCH}
author	graysky	2019-02-23 06:52:04 -0500
committer	graysky	2019-02-23 06:52:04 -0500
commit	0411bf0858d2ef16a450915e02619f4389806175 (patch)
tree	681c9521fd7f1258fac7058aa9441b4d76a1a15f
parent	6e3b66b8781265128a8cd617d3dc667baa66f28a (diff)
download	aur-0411bf0858d2ef16a450915e02619f4389806175.tar.gz