Update to 5.1.9rc1-1

author: graysky 2019-06-11 14:58:22 -0400
committer: graysky 2019-06-11 14:58:48 -0400
commit: 99703a2c47af22581eb91ed767969d350b3b8a35 (patch)
tree: 0eeef6ab5e929767cd5866d5386dee82f3cdf8f8
parent: 7d7da59a5963bd2459b9d3b1e7c1cf81bf235b46 (diff)
download: aur-99703a2c47af22581eb91ed767969d350b3b8a35.tar.gz
4 files changed, 78 insertions, 15 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 92ebf4b2111f..71aa8d3fcb84 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-rc
-	pkgver = 5.1.8rc1
+	pkgver = 5.1.9rc1
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -9,26 +9,28 @@ pkgbase = linux-rc
 	makedepends = bc
 	makedepends = libelf
 	options = !strip
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.7.tar.xz
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.7.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.8-rc1.xz
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.8-rc1.sign
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.8.tar.xz
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.8.tar.sign
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.9-rc1.xz
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.9-rc1.sign
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
 	source = linux.preset
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+	source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
-	sha256sums = 0246d04df2b799bd0adbde8f24fcb0daa18819fa5442e9bdd6992979b7adf3a6
+	sha256sums = d0164ffcc6e2ab3a96cc771d3fbdf2f8b49a2597ec4da9a06df590b0fe87a6ec
 	sha256sums = SKIP
-	sha256sums = e15a44b8bf320be64b987e30abea8184dab57d25d2323399fdf14c842c6be27e
+	sha256sums = f2e99c56db408c7f695fa80507201036e4828f23e202800d4cac94d46e13517f
 	sha256sums = SKIP
-	sha256sums = 02390efe7637927502bc834daf3f413ea5e2cb084bca125372e70dc9438e824c
+	sha256sums = 2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
 	sha256sums = 4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629
+	sha256sums = 1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec
 
 pkgname = linux-rc
 	pkgdesc = The release candidate kernel and modules
diff --git a/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
new file mode 100644
index 000000000000..6c25e34545bd
--- /dev/null
+++ b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
@@ -0,0 +1,57 @@
+From d279aeda16b4cc525a0a2c4747946d87683e3e51 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Thu, 7 Dec 2017 13:50:48 +0100
+Subject: [PATCH 2/3] ZEN: Add CONFIG for unprivileged_userns_clone
+
+This way our default behavior continues to match the vanilla kernel.
+---
+ init/Kconfig            | 16 ++++++++++++++++
+ kernel/user_namespace.c |  4 ++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index 4592bf7997c0..f3df02990aff 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1004,6 +1004,22 @@ config USER_NS
+ 
+ 	  If unsure, say N.
+ 
++config USER_NS_UNPRIVILEGED
++	bool "Allow unprivileged users to create namespaces"
++	default y
++	depends on USER_NS
++	help
++	  When disabled, unprivileged users will not be able to create
++	  new namespaces. Allowing users to create their own namespaces
++	  has been part of several recent local privilege escalation
++	  exploits, so if you need user namespaces but are
++	  paranoid^Wsecurity-conscious you want to disable this.
++
++	  This setting can be overridden at runtime via the
++	  kernel.unprivileged_userns_clone sysctl.
++
++	  If unsure, say Y.
++
+ config PID_NS
+ 	bool "PID Namespaces"
+ 	default y
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 6b9dbc257e34..107b17f0d528 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -27,7 +27,11 @@
+ #include <linux/sort.h>
+ 
+ /* sysctl */
++#ifdef CONFIG_USER_NS_UNPRIVILEGED
++int unprivileged_userns_clone = 1;
++#else
+ int unprivileged_userns_clone;
++#endif
+ 
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+-- 
+2.22.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 9579a3f92a51..0567e8d1f8d3 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,8 +5,8 @@
 pkgbase=linux-rc
 pkgrel=1
 _srcname=linux-5.1
-_stable=5.1.7
-_patchver=5.1.8
+_stable=5.1.8
+_patchver=5.1.9
 _rcver=1
 pkgver=${_patchver}rc${_rcver}
 _rcpatch=patch-${_patchver}-rc${_rcver}
@@ -23,21 +23,23 @@ source=(
   90-linux.hook  # pacman hook for initramfs regeneration
   linux.preset   # standard config files for mkinitcpio ramdisk
   0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+  0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
   # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
-sha256sums=('0246d04df2b799bd0adbde8f24fcb0daa18819fa5442e9bdd6992979b7adf3a6'
+sha256sums=('d0164ffcc6e2ab3a96cc771d3fbdf2f8b49a2597ec4da9a06df590b0fe87a6ec'
             'SKIP'
-            'e15a44b8bf320be64b987e30abea8184dab57d25d2323399fdf14c842c6be27e'
+            'f2e99c56db408c7f695fa80507201036e4828f23e202800d4cac94d46e13517f'
             'SKIP'
-            '02390efe7637927502bc834daf3f413ea5e2cb084bca125372e70dc9438e824c'
+            '2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629')
+            '4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629'
+            '1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec')
 
 _kernelname=${pkgbase#linux}
 
diff --git a/config b/config
index f9f36d1da9e1..4fa789c11f30 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.1.0-arch1 Kernel Configuration
+# Linux/x86 5.1.8-arch1 Kernel Configuration
 #
 
 #
@@ -167,6 +167,7 @@ CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
 CONFIG_USER_NS=y
+CONFIG_USER_NS_UNPRIVILEGED=y
 CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 CONFIG_CHECKPOINT_RESTORE=y
@@ -780,6 +781,7 @@ CONFIG_HAVE_RELIABLE_STACKTRACE=y
 CONFIG_ISA_BUS_API=y
 CONFIG_OLD_SIGSUSPEND3=y
 CONFIG_COMPAT_OLD_SIGACTION=y
+CONFIG_64BIT_TIME=y
 CONFIG_COMPAT_32BIT_TIME=y
 CONFIG_HAVE_ARCH_VMAP_STACK=y
 CONFIG_VMAP_STACK=y
author	graysky	2019-06-11 14:58:22 -0400
committer	graysky	2019-06-11 14:58:48 -0400
commit	99703a2c47af22581eb91ed767969d350b3b8a35 (patch)
tree	0eeef6ab5e929767cd5866d5386dee82f3cdf8f8
parent	7d7da59a5963bd2459b9d3b1e7c1cf81bf235b46 (diff)
download	aur-99703a2c47af22581eb91ed767969d350b3b8a35.tar.gz