diff options
author | Joakim Hernberg | 2019-01-11 10:34:32 +0100 |
---|---|---|
committer | Joakim Hernberg | 2019-01-11 10:34:32 +0100 |
commit | 12ea151033e1b0a71c47c250cf4da39070e95356 (patch) | |
tree | 54ee004078eab5553eda57e9a922026499f49c86 | |
parent | 2f65bbf4e609e4973bb221e3ecc02cb9c43801f6 (diff) | |
download | aur-12ea151033e1b0a71c47c250cf4da39070e95356.tar.gz |
bump to 4.19.13_rt10-1, use only source tarballs instead of the archlinux kernel repo
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 101 | ||||
-rw-r--r-- | PKGBUILD | 33 | ||||
-rw-r--r-- | config | 33 |
4 files changed, 147 insertions, 40 deletions
@@ -1,9 +1,9 @@ # Generated by makepkg 5.1.1 -# Tue Jan 8 14:24:35 UTC 2019 +# Fri Jan 11 09:30:33 UTC 2019 pkgbase = linux-rt - pkgver = 4.19.10_rt8 + pkgver = 4.19.13_rt10 pkgrel = 1 - url = https://git.archlinux.org/linux.git/log/?h=v4.19.10-arch1 + url = https://git.archlinux.org/linux.git/log/?h=v arch = x86_64 license = GPL2 makedepends = xmlto @@ -15,9 +15,11 @@ pkgbase = linux-rt makedepends = python-sphinx makedepends = graphviz options = !strip - source = archlinux-linux::git+https://git.archlinux.org/linux.git?signed#tag=v4.19.10-arch1 - source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.10-rt8.patch.xz - source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.10-rt8.patch.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.13.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.13.tar.sign + source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.13-rt10.patch.xz + source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.13-rt10.patch.sign + source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch source = config source = 60-linux-rt.hook @@ -29,11 +31,13 @@ pkgbase = linux-rt validpgpkeys = 64254695FFF0AA4466CC19E67B96E8162A8CF5D1 validpgpkeys = 5ED9A48FC54C0A22D1D0804CEBC26CDB5A56DE73 validpgpkeys = E644E2F1D45FA0B2EAA02F33109F098506FF0B14 + sha256sums = f50a77fc40e13fc406791346fa91926394205874cd50246c7c2374006bacc0c2 sha256sums = SKIP - sha256sums = 5a281c91eb3afb8df9b3c5debc3b5b1a0f4076daf3b080e5ec2b6c1a615ebecd + sha256sums = 7b4d463d0ab872b5d003e39237edca6934fded8ae6c70b747c45a098479b5dba sha256sums = SKIP + sha256sums = 75aa8dd708ca5a0137fbf7cddc9cafefe6aac6b8e0638c06c156d412d05af4bc sha256sums = 85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06 - sha256sums = 59c7fb7512eb52a088eb32169ec6d538cb68ccad901a338bb3a050d02cd15619 + sha256sums = 464d6682d4b30e153d66c17c43894d3bd083366ae2d0b72538f63992947485ce sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch new file mode 100644 index 000000000000..e57df3b15ce6 --- /dev/null +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -0,0 +1,101 @@ +From 1a47eb71988a919e811ce558f6f58855155c6218 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn <serge.hallyn@canonical.com> +Date: Fri, 31 May 2013 19:12:12 +0100 +Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default + +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> +[bwh: Remove unneeded binary sysctl bits] +Signed-off-by: Daniel Micay <danielmicay@gmail.com> +--- + kernel/fork.c | 15 +++++++++++++++ + kernel/sysctl.c | 12 ++++++++++++ + kernel/user_namespace.c | 3 +++ + 3 files changed, 30 insertions(+) + +diff --git a/kernel/fork.c b/kernel/fork.c +index 8ed48ca2cc43..e02823819ab7 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -103,6 +103,11 @@ + + #define CREATE_TRACE_POINTS + #include <trace/events/task.h> ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -1625,6 +1630,10 @@ static __latent_entropy struct task_struct *copy_process( + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -2421,6 +2430,12 @@ int ksys_unshare(unsigned long unshare_flags) + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 2d9837c0aff4..eb5236c069fc 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -105,6 +105,9 @@ extern int core_uses_pid; + extern char core_pattern[]; + extern unsigned int core_pipe_limit; + #endif ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif + extern int pid_max; + extern int pid_max_min, pid_max_max; + extern int percpu_pagelist_fraction; +@@ -519,6 +522,15 @@ static struct ctl_table kern_table[] = { + .proc_handler = proc_dointvec, + }, + #endif ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, ++#endif + #ifdef CONFIG_PROC_SYSCTL + { + .procname = "tainted", +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index e5222b5fb4fe..c941a66e51d1 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -26,6 +26,9 @@ + #include <linux/bsearch.h> + #include <linux/sort.h> + ++/* sysctl */ ++int unprivileged_userns_clone; ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + +-- +2.19.0 + @@ -7,9 +7,8 @@ #pkgbase=linux # Build stock -ARCH kernel pkgbase=linux-rt # Build kernel with a different name -_srcver=4.19.10-arch1 -_rtpatchver=rt8 -_pkgver=${_srcver//-arch1/} +_pkgver=4.19.13 +_rtpatchver=rt10 pkgver=${_pkgver}_${_rtpatchver} pkgrel=1 arch=(x86_64) @@ -17,11 +16,13 @@ url="https://git.archlinux.org/linux.git/log/?h=v$_srcver" license=(GPL2) makedepends=(xmlto kmod inetutils bc libelf git python-sphinx graphviz) options=('!strip') -_srcname=archlinux-linux +_srcname=linux-${_pkgver} source=( - "$_srcname::git+https://git.archlinux.org/linux.git?signed#tag=v$_srcver" + "https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.xz" + "https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.sign" "https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-${_pkgver}-${_rtpatchver}.patch.xz" "https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-${_pkgver}-${_rtpatchver}.patch.sign" + 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch config # the main kernel config file 60-${pkgbase}.hook # pacman hook for depmod @@ -36,11 +37,13 @@ validpgpkeys=( '5ED9A48FC54C0A22D1D0804CEBC26CDB5A56DE73' # Steven Rostedt 'E644E2F1D45FA0B2EAA02F33109F098506FF0B14' # Thomas Gleixner ) -sha256sums=('SKIP' - '5a281c91eb3afb8df9b3c5debc3b5b1a0f4076daf3b080e5ec2b6c1a615ebecd' +sha256sums=('f50a77fc40e13fc406791346fa91926394205874cd50246c7c2374006bacc0c2' 'SKIP' + '7b4d463d0ab872b5d003e39237edca6934fded8ae6c70b747c45a098479b5dba' + 'SKIP' + '75aa8dd708ca5a0137fbf7cddc9cafefe6aac6b8e0638c06c156d412d05af4bc' '85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06' - '59c7fb7512eb52a088eb32169ec6d538cb68ccad901a338bb3a050d02cd15619' + '464d6682d4b30e153d66c17c43894d3bd083366ae2d0b72538f63992947485ce' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65') @@ -55,10 +58,10 @@ prepare() { msg "applying patch-${_pkgver}-${_rtpatchver}.patch" patch -Np1 -i ../patch-${_pkgver}-${_rtpatchver}.patch -# msg2 "Setting version..." -# scripts/setlocalversion --save-scmversion -# echo "-$pkgrel" > localversion.10-pkgrel -# echo "$_kernelname" > localversion.20-pkgname + msg2 "Setting version..." + scripts/setlocalversion --save-scmversion + echo "-$pkgrel" > localversion.10-pkgrel + echo "$_kernelname" > localversion.20-pkgname local src for src in "${source[@]}"; do @@ -71,12 +74,8 @@ prepare() { msg2 "Setting config..." cp ../config .config - sed -e "/^CONFIG_LOCALVERSION =/s/=.*/=-${pkgrel}${_kernelname}/" -i .config - sed -e "/^EXTRAVERSION =/s/=.*/=/" -i Makefile - touch .scmversion - make olddefconfig -# make menuconfig + #make menuconfig # CLI menu for configuration make -s kernelrelease > ../version msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)" @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.10 Kernel Configuration +# Linux/x86 4.19.13 Kernel Configuration # # @@ -18,7 +18,7 @@ CONFIG_THREAD_INFO_IN_TASK=y # CONFIG_INIT_ENV_ARG_LIMIT=32 # CONFIG_COMPILE_TEST is not set -CONFIG_LOCALVERSION="-rt" +CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y CONFIG_BUILD_SALT="" CONFIG_HAVE_KERNEL_GZIP=y @@ -33,7 +33,7 @@ CONFIG_HAVE_KERNEL_LZ4=y CONFIG_KERNEL_XZ=y # CONFIG_KERNEL_LZO is not set # CONFIG_KERNEL_LZ4 is not set -CONFIG_DEFAULT_HOSTNAME="archlinux" +CONFIG_DEFAULT_HOSTNAME="archlinux-rt" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y @@ -102,6 +102,7 @@ CONFIG_PREEMPT_COUNT=y CONFIG_VIRT_CPU_ACCOUNTING=y CONFIG_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_SCHED_AVG_IRQ=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y CONFIG_TASKSTATS=y @@ -1940,7 +1941,7 @@ CONFIG_MAC80211=m CONFIG_MAC80211_HAS_RC=y CONFIG_MAC80211_RC_MINSTREL=y CONFIG_MAC80211_RC_MINSTREL_HT=y -# CONFIG_MAC80211_RC_MINSTREL_VHT is not set +CONFIG_MAC80211_RC_MINSTREL_VHT=y CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_MESH=y @@ -2194,7 +2195,7 @@ CONFIG_MTD_NAND_DISKONCHIP=m # CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0 CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE=y -# CONFIG_MTD_NAND_DOCG4 is not set +CONFIG_MTD_NAND_DOCG4=m CONFIG_MTD_NAND_CAFE=m CONFIG_MTD_NAND_NANDSIM=m CONFIG_MTD_NAND_PLATFORM=m @@ -2255,7 +2256,7 @@ CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m CONFIG_ZRAM=m CONFIG_ZRAM_WRITEBACK=y # CONFIG_ZRAM_MEMORY_TRACKING is not set -# CONFIG_BLK_DEV_DAC960 is not set +CONFIG_BLK_DEV_DAC960=m CONFIG_BLK_DEV_UMEM=m CONFIG_BLK_DEV_LOOP=m CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 @@ -2665,7 +2666,7 @@ CONFIG_MD_FAULTY=m CONFIG_MD_CLUSTER=m CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=m -# CONFIG_DM_MQ_DEFAULT is not set +CONFIG_DM_MQ_DEFAULT=y CONFIG_DM_DEBUG=y CONFIG_DM_BUFIO=m # CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set @@ -5189,6 +5190,7 @@ CONFIG_REGULATOR_WM8400=m CONFIG_REGULATOR_WM8994=m CONFIG_CEC_CORE=y CONFIG_CEC_NOTIFIER=y +CONFIG_CEC_PIN=y CONFIG_RC_CORE=m CONFIG_RC_MAP=m CONFIG_LIRC=y @@ -5238,6 +5240,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y CONFIG_MEDIA_RADIO_SUPPORT=y CONFIG_MEDIA_SDR_SUPPORT=y CONFIG_MEDIA_CEC_SUPPORT=y +# CONFIG_CEC_PIN_ERROR_INJ is not set CONFIG_MEDIA_CONTROLLER=y # CONFIG_MEDIA_CONTROLLER_DVB is not set CONFIG_VIDEO_DEV=m @@ -5532,7 +5535,7 @@ CONFIG_VIDEO_VICODEC=m CONFIG_DVB_PLATFORM_DRIVERS=y CONFIG_CEC_PLATFORM_DRIVERS=y CONFIG_VIDEO_CROS_EC_CEC=m -# CONFIG_CEC_GPIO is not set +CONFIG_CEC_GPIO=m CONFIG_SDR_PLATFORM_DRIVERS=y # @@ -6164,8 +6167,8 @@ CONFIG_LCD_ILI9320=m CONFIG_LCD_TDO24M=m CONFIG_LCD_VGG2432A4=m CONFIG_LCD_PLATFORM=m -# CONFIG_LCD_S6E63M0 is not set -# CONFIG_LCD_LD9040 is not set +CONFIG_LCD_S6E63M0=m +CONFIG_LCD_LD9040=m CONFIG_LCD_AMS369FG06=m CONFIG_LCD_LMS501KF03=m CONFIG_LCD_HX8357=m @@ -7876,7 +7879,7 @@ CONFIG_FWTTY_MAX_TOTAL_PORTS=64 CONFIG_FWTTY_MAX_CARD_PORTS=32 CONFIG_MTD_SPINAND_MT29F=m CONFIG_MTD_SPINAND_ONDIEECC=y -# CONFIG_DGNC is not set +CONFIG_DGNC=m CONFIG_GS_FPGABOOT=m CONFIG_UNISYSSPAR=y CONFIG_COMMON_CLK_XLNX_CLKWZRD=m @@ -9197,7 +9200,7 @@ CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m -# CONFIG_CRYPTO_MCRYPTD is not set +CONFIG_CRYPTO_MCRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m CONFIG_CRYPTO_SIMD=m @@ -9270,9 +9273,9 @@ CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m -# CONFIG_CRYPTO_SHA1_MB is not set -# CONFIG_CRYPTO_SHA256_MB is not set -# CONFIG_CRYPTO_SHA512_MB is not set +CONFIG_CRYPTO_SHA1_MB=m +CONFIG_CRYPTO_SHA256_MB=m +CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m |