[upd] bump to latest

author: dysphoria 2019-07-11 18:03:07 +0100
committer: dysphoria 2019-07-11 18:03:07 +0100
commit: 446ca38fb3057dc2e5c45dac6a18196868da3b7b (patch)
tree: 06234eca2fd8913178f9727f8b5b7d73cedef0d3
parent: 9280c2bdb5f28ea467eab1553ab78f29712c7572 (diff)
download: aur-446ca38fb3057dc2e5c45dac6a18196868da3b7b.tar.gz
5 files changed, 95 insertions, 31 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 0f658fd266a6..84782f69c084 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-lts-tomoyo
-	pkgver = 4.19.46
+	pkgver = 4.19.58
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -12,22 +12,24 @@ pkgbase = linux-lts-tomoyo
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.19.46.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.19.58.xz
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
 	source = linux-lts.preset
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+	source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = 0c68f5655528aed4f99dae71a5b259edc93239fa899e2df79c055275c21749a1
 	sha256sums = SKIP
-	sha256sums = 3df7f072065b35abaa86e752a1ee2a6488a1d980a4e116b6a5750a9112203b20
-	sha256sums = dfd03045db0fd87adeda3397ee25d6d75d22ca686ffc167161d286d5bffb38de
+	sha256sums = 018584229e0522aa94cb7af7b7f0775cf42ae3873a8d4cbc8715d807719bfad5
+	sha256sums = af7e7687a91b210e803697ef9509faaf3b7955a6094350212944a598b29f2c58
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
-	sha256sums = 36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98
+	sha256sums = bc3dab5594735fb56bdb39c1630a470fd2e65fcf0d81a5db31bab3b91944225d
+	sha256sums = 67aed9742e4281df6f0bd18dc936ae79319fee3763737f158c0e87a6948d100d
 
 pkgname = linux-lts-tomoyo
 	pkgdesc = The Linux-lts kernel with TOMOYO Linux configuration
@@ -38,14 +40,14 @@ pkgname = linux-lts-tomoyo
 	depends = mkinitcpio>=0.7
 	optdepends = crda: to set the correct wireless channels of your country
 	optdepends = tomoyo-tools-25: the TOMOYO Linux 2.5.x userspace tools
-	provides = linux-lts-tomoyo=4.19.46
+	provides = linux-lts-tomoyo=4.19.58
 	backup = etc/mkinitcpio.d/linux-lts-tomoyo.preset
 
 pkgname = linux-lts-tomoyo-headers
 	pkgdesc = Header files and scripts for building modules for Linux-lts-tomoyo kernel
-	provides = linux-lts-tomoyo-headers=4.19.46
+	provides = linux-lts-tomoyo-headers=4.19.58
 
 pkgname = linux-lts-tomoyo-docs
 	pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-lts-tomoyo kernel
-	provides = linux-lts-tomoyo-docs=4.19.46
+	provides = linux-lts-tomoyo-docs=4.19.58
 
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index a989d666aa76..d78d38ade4af 100644
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,8 +1,7 @@
-From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001
-Message-Id: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+From 96161597803746c97c43e0703ca2a059bdd7a8f7 Mon Sep 17 00:00:00 2001
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
  default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
@@ -15,10 +14,10 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
  3 files changed, 30 insertions(+)
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 500ce64517d9..35f5860958b4 100644
+index 2628f3773ca8..a2da35b446a6 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
-@@ -102,6 +102,11 @@
+@@ -103,6 +103,11 @@
  
  #define CREATE_TRACE_POINTS
  #include <trace/events/task.h>
@@ -30,7 +29,7 @@ index 500ce64517d9..35f5860958b4 100644
  
  /*
   * Minimum number of threads to boot the kernel
-@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1719,6 +1724,10 @@ static __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -41,7 +40,7 @@ index 500ce64517d9..35f5860958b4 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2554,6 +2563,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -55,10 +54,10 @@ index 500ce64517d9..35f5860958b4 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 56aca862c4f5..e8402ba393c1 100644
+index 387efbaf464a..b393beb76f34 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
-@@ -105,6 +105,9 @@ extern int core_uses_pid;
+@@ -108,6 +108,9 @@ extern int core_uses_pid;
  extern char core_pattern[];
  extern unsigned int core_pipe_limit;
  #endif
@@ -68,7 +67,7 @@ index 56aca862c4f5..e8402ba393c1 100644
  extern int pid_max;
  extern int pid_max_min, pid_max_max;
  extern int percpu_pagelist_fraction;
-@@ -513,6 +516,15 @@ static struct ctl_table kern_table[] = {
+@@ -535,6 +538,15 @@ static struct ctl_table kern_table[] = {
  		.proc_handler	= proc_dointvec,
  	},
  #endif
@@ -85,12 +84,12 @@ index 56aca862c4f5..e8402ba393c1 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index c490f1e4313b..dd03bd39d7bf 100644
+index 923414a246e9..6b9dbc257e34 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
-@@ -24,6 +24,9 @@
- #include <linux/projid.h>
- #include <linux/fs_struct.h>
+@@ -26,6 +26,9 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
  
 +/* sysctl */
 +int unprivileged_userns_clone;
@@ -99,5 +98,5 @@ index c490f1e4313b..dd03bd39d7bf 100644
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.15.1
+2.22.0
 
diff --git a/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
new file mode 100644
index 000000000000..7fa619f1c84c
--- /dev/null
+++ b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
@@ -0,0 +1,57 @@
+From 1f89ffcbd1b6b6639eb49c521ac0d308a723cd3c Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Thu, 7 Dec 2017 13:50:48 +0100
+Subject: [PATCH 2/2] ZEN: Add CONFIG for unprivileged_userns_clone
+
+This way our default behavior continues to match the vanilla kernel.
+---
+ init/Kconfig            | 16 ++++++++++++++++
+ kernel/user_namespace.c |  4 ++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index 4592bf7997c0..f3df02990aff 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1004,6 +1004,22 @@ config USER_NS
+ 
+ 	  If unsure, say N.
+ 
++config USER_NS_UNPRIVILEGED
++	bool "Allow unprivileged users to create namespaces"
++	default y
++	depends on USER_NS
++	help
++	  When disabled, unprivileged users will not be able to create
++	  new namespaces. Allowing users to create their own namespaces
++	  has been part of several recent local privilege escalation
++	  exploits, so if you need user namespaces but are
++	  paranoid^Wsecurity-conscious you want to disable this.
++
++	  This setting can be overridden at runtime via the
++	  kernel.unprivileged_userns_clone sysctl.
++
++	  If unsure, say Y.
++
+ config PID_NS
+ 	bool "PID Namespaces"
+ 	default y
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 6b9dbc257e34..107b17f0d528 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -27,7 +27,11 @@
+ #include <linux/sort.h>
+ 
+ /* sysctl */
++#ifdef CONFIG_USER_NS_UNPRIVILEGED
++int unprivileged_userns_clone = 1;
++#else
+ int unprivileged_userns_clone;
++#endif
+ 
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+-- 
+2.22.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 0f641b2aa463..9532a580a2f7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -6,7 +6,7 @@
 
 pkgbase=linux-lts-tomoyo
 _srcname=linux-4.19
-pkgver=4.19.46
+pkgver=4.19.58
 pkgrel=1
 arch=('x86_64')
 url="https://www.kernel.org/"
@@ -21,6 +21,7 @@ source=(
         '90-linux.hook'  # pacman hook for initramfs regeneration
         'linux-lts.preset'   # standard config files for mkinitcpio ramdisk
         '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
+        '0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch'
         )
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
@@ -29,12 +30,13 @@ validpgpkeys=(
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('0c68f5655528aed4f99dae71a5b259edc93239fa899e2df79c055275c21749a1'
             'SKIP'
-            '3df7f072065b35abaa86e752a1ee2a6488a1d980a4e116b6a5750a9112203b20'
-            'dfd03045db0fd87adeda3397ee25d6d75d22ca686ffc167161d286d5bffb38de'
+            '018584229e0522aa94cb7af7b7f0775cf42ae3873a8d4cbc8715d807719bfad5'
+            'af7e7687a91b210e803697ef9509faaf3b7955a6094350212944a598b29f2c58'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98')
+            'bc3dab5594735fb56bdb39c1630a470fd2e65fcf0d81a5db31bab3b91944225d'
+            '67aed9742e4281df6f0bd18dc936ae79319fee3763737f158c0e87a6948d100d')
 
 _kernelname=${pkgbase#linux}
 
@@ -50,8 +52,9 @@ prepare() {
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 
-  # disable USER_NS for non-root users by default
+  # allow disabling USER_NS via sysctl
   patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+  patch -Np1 -i ../0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
 
   cp -Tf ../config .config
 
diff --git a/config b/config
index 0ff956b05a06..a4b5a55fcab5 100644
--- a/config
+++ b/config
@@ -1,14 +1,15 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.36-1 Kernel Configuration
+# Linux/x86 4.19.55-2 Kernel Configuration
 #
 
 #
-# Compiler: gcc (GCC) 8.3.0
+# Compiler: gcc (GCC) 9.1.0
 #
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=80300
+CONFIG_GCC_VERSION=90100
 CONFIG_CLANG_VERSION=0
+CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_EXTABLE_SORT=y
 CONFIG_THREAD_INFO_IN_TASK=y
@@ -158,6 +159,7 @@ CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
 CONFIG_USER_NS=y
+CONFIG_USER_NS_UNPRIVILEGED=y
 CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 # CONFIG_CHECKPOINT_RESTORE is not set
@@ -5986,6 +5988,7 @@ CONFIG_CHASH=m
 # CONFIG_CHASH_STATS is not set
 # CONFIG_CHASH_SELFTEST is not set
 CONFIG_DRM_NOUVEAU=m
+CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 # CONFIG_NOUVEAU_DEBUG_MMU is not set
author	dysphoria	2019-07-11 18:03:07 +0100
committer	dysphoria	2019-07-11 18:03:07 +0100
commit	446ca38fb3057dc2e5c45dac6a18196868da3b7b (patch)
tree	06234eca2fd8913178f9727f8b5b7d73cedef0d3
parent	9280c2bdb5f28ea467eab1553ab78f29712c7572 (diff)
download	aur-446ca38fb3057dc2e5c45dac6a18196868da3b7b.tar.gz