bump to 4.19.13_rt10-1, use only source tarballs instead of the archlinux kernel repo

4 files changed, 147 insertions, 40 deletions

diff --git a/.SRCINFO b/.SRCINFO
index ce4c8c894906..0b7b0a02fe7f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
 # Generated by makepkg 5.1.1
-# Tue Jan  8 14:24:35 UTC 2019
+# Fri Jan 11 09:30:33 UTC 2019
 pkgbase = linux-rt
-	pkgver = 4.19.10_rt8
+	pkgver = 4.19.13_rt10
 	pkgrel = 1
-	url = https://git.archlinux.org/linux.git/log/?h=v4.19.10-arch1
+	url = https://git.archlinux.org/linux.git/log/?h=v
 	arch = x86_64
 	license = GPL2
 	makedepends = xmlto
@@ -15,9 +15,11 @@ pkgbase = linux-rt
 	makedepends = python-sphinx
 	makedepends = graphviz
 	options = !strip
-	source = archlinux-linux::git+https://git.archlinux.org/linux.git?signed#tag=v4.19.10-arch1
-	source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.10-rt8.patch.xz
-	source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.10-rt8.patch.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.13.tar.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.13.tar.sign
+	source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.13-rt10.patch.xz
+	source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.13-rt10.patch.sign
+	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 	source = fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch
 	source = config
 	source = 60-linux-rt.hook
@@ -29,11 +31,13 @@ pkgbase = linux-rt
 	validpgpkeys = 64254695FFF0AA4466CC19E67B96E8162A8CF5D1
 	validpgpkeys = 5ED9A48FC54C0A22D1D0804CEBC26CDB5A56DE73
 	validpgpkeys = E644E2F1D45FA0B2EAA02F33109F098506FF0B14
+	sha256sums = f50a77fc40e13fc406791346fa91926394205874cd50246c7c2374006bacc0c2
 	sha256sums = SKIP
-	sha256sums = 5a281c91eb3afb8df9b3c5debc3b5b1a0f4076daf3b080e5ec2b6c1a615ebecd
+	sha256sums = 7b4d463d0ab872b5d003e39237edca6934fded8ae6c70b747c45a098479b5dba
 	sha256sums = SKIP
+	sha256sums = 75aa8dd708ca5a0137fbf7cddc9cafefe6aac6b8e0638c06c156d412d05af4bc
 	sha256sums = 85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06
-	sha256sums = 59c7fb7512eb52a088eb32169ec6d538cb68ccad901a338bb3a050d02cd15619
+	sha256sums = 464d6682d4b30e153d66c17c43894d3bd083366ae2d0b72538f63992947485ce
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
new file mode 100644
index 000000000000..e57df3b15ce6
--- /dev/null
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -0,0 +1,101 @@
+From 1a47eb71988a919e811ce558f6f58855155c6218 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge.hallyn@canonical.com>
+Date: Fri, 31 May 2013 19:12:12 +0100
+Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+[bwh: Remove unneeded binary sysctl bits]
+Signed-off-by: Daniel Micay <danielmicay@gmail.com>
+---
+ kernel/fork.c           | 15 +++++++++++++++
+ kernel/sysctl.c         | 12 ++++++++++++
+ kernel/user_namespace.c |  3 +++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 8ed48ca2cc43..e02823819ab7 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -103,6 +103,11 @@
+ 
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/task.h>
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#else
++#define unprivileged_userns_clone 0
++#endif
+ 
+ /*
+  * Minimum number of threads to boot the kernel
+@@ -1625,6 +1630,10 @@ static __latent_entropy struct task_struct *copy_process(
+ 	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+ 		return ERR_PTR(-EINVAL);
+ 
++	if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
++		if (!capable(CAP_SYS_ADMIN))
++			return ERR_PTR(-EPERM);
++
+ 	/*
+ 	 * Thread groups must share signals as well, and detached threads
+ 	 * can only be started up within the thread group.
+@@ -2421,6 +2430,12 @@ int ksys_unshare(unsigned long unshare_flags)
+ 	if (unshare_flags & CLONE_NEWNS)
+ 		unshare_flags |= CLONE_FS;
+ 
++	if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
++		err = -EPERM;
++		if (!capable(CAP_SYS_ADMIN))
++			goto bad_unshare_out;
++	}
++
+ 	err = check_unshare_flags(unshare_flags);
+ 	if (err)
+ 		goto bad_unshare_out;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index 2d9837c0aff4..eb5236c069fc 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -105,6 +105,9 @@ extern int core_uses_pid;
+ extern char core_pattern[];
+ extern unsigned int core_pipe_limit;
+ #endif
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#endif
+ extern int pid_max;
+ extern int pid_max_min, pid_max_max;
+ extern int percpu_pagelist_fraction;
+@@ -519,6 +522,15 @@ static struct ctl_table kern_table[] = {
+ 		.proc_handler	= proc_dointvec,
+ 	},
+ #endif
++#ifdef CONFIG_USER_NS
++	{
++		.procname	= "unprivileged_userns_clone",
++		.data		= &unprivileged_userns_clone,
++		.maxlen		= sizeof(int),
++		.mode		= 0644,
++		.proc_handler	= proc_dointvec,
++	},
++#endif
+ #ifdef CONFIG_PROC_SYSCTL
+ 	{
+ 		.procname	= "tainted",
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index e5222b5fb4fe..c941a66e51d1 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -26,6 +26,9 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
+ 
++/* sysctl */
++int unprivileged_userns_clone;
++
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+ 
+-- 
+2.19.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 08c7bec419be..6f9f0b4de5a2 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,9 +7,8 @@
 
 #pkgbase=linux               # Build stock -ARCH kernel
 pkgbase=linux-rt       # Build kernel with a different name
-_srcver=4.19.10-arch1
-_rtpatchver=rt8
-_pkgver=${_srcver//-arch1/}
+_pkgver=4.19.13
+_rtpatchver=rt10
 pkgver=${_pkgver}_${_rtpatchver}
 pkgrel=1
 arch=(x86_64)
@@ -17,11 +16,13 @@ url="https://git.archlinux.org/linux.git/log/?h=v$_srcver"
 license=(GPL2)
 makedepends=(xmlto kmod inetutils bc libelf git python-sphinx graphviz)
 options=('!strip')
-_srcname=archlinux-linux
+_srcname=linux-${_pkgver}
 source=(
-  "$_srcname::git+https://git.archlinux.org/linux.git?signed#tag=v$_srcver"
+  "https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.xz"
+  "https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.sign"
   "https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-${_pkgver}-${_rtpatchver}.patch.xz"
   "https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-${_pkgver}-${_rtpatchver}.patch.sign"
+  0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
   fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch
   config         # the main kernel config file
   60-${pkgbase}.hook  # pacman hook for depmod
@@ -36,11 +37,13 @@ validpgpkeys=(
   '5ED9A48FC54C0A22D1D0804CEBC26CDB5A56DE73'  # Steven Rostedt
   'E644E2F1D45FA0B2EAA02F33109F098506FF0B14'  # Thomas Gleixner
 )
-sha256sums=('SKIP'
-            '5a281c91eb3afb8df9b3c5debc3b5b1a0f4076daf3b080e5ec2b6c1a615ebecd'
+sha256sums=('f50a77fc40e13fc406791346fa91926394205874cd50246c7c2374006bacc0c2'
             'SKIP'
+            '7b4d463d0ab872b5d003e39237edca6934fded8ae6c70b747c45a098479b5dba'
+            'SKIP'
+            '75aa8dd708ca5a0137fbf7cddc9cafefe6aac6b8e0638c06c156d412d05af4bc'
             '85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06'
-            '59c7fb7512eb52a088eb32169ec6d538cb68ccad901a338bb3a050d02cd15619'
+            '464d6682d4b30e153d66c17c43894d3bd083366ae2d0b72538f63992947485ce'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
@@ -55,10 +58,10 @@ prepare() {
   msg "applying patch-${_pkgver}-${_rtpatchver}.patch"
   patch -Np1 -i ../patch-${_pkgver}-${_rtpatchver}.patch
 
-#  msg2 "Setting version..."
-#  scripts/setlocalversion --save-scmversion
-#  echo "-$pkgrel" > localversion.10-pkgrel
-#  echo "$_kernelname" > localversion.20-pkgname
+  msg2 "Setting version..."
+  scripts/setlocalversion --save-scmversion
+  echo "-$pkgrel" > localversion.10-pkgrel
+  echo "$_kernelname" > localversion.20-pkgname
 
   local src
   for src in "${source[@]}"; do
@@ -71,12 +74,8 @@ prepare() {
 
   msg2 "Setting config..."
   cp ../config .config
-  sed -e "/^CONFIG_LOCALVERSION =/s/=.*/=-${pkgrel}${_kernelname}/" -i .config
-  sed -e "/^EXTRAVERSION =/s/=.*/=/" -i Makefile
-  touch .scmversion
-
   make olddefconfig
-#  make menuconfig
+  #make menuconfig # CLI menu for configuration
 
   make -s kernelrelease > ../version
   msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)"
diff --git a/config b/config
index af2dad5f2f0d..f3872830452a 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.10 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
 #
 
 #
@@ -18,7 +18,7 @@ CONFIG_THREAD_INFO_IN_TASK=y
 #
 CONFIG_INIT_ENV_ARG_LIMIT=32
 # CONFIG_COMPILE_TEST is not set
-CONFIG_LOCALVERSION="-rt"
+CONFIG_LOCALVERSION=""
 CONFIG_LOCALVERSION_AUTO=y
 CONFIG_BUILD_SALT=""
 CONFIG_HAVE_KERNEL_GZIP=y
@@ -33,7 +33,7 @@ CONFIG_HAVE_KERNEL_LZ4=y
 CONFIG_KERNEL_XZ=y
 # CONFIG_KERNEL_LZO is not set
 # CONFIG_KERNEL_LZ4 is not set
-CONFIG_DEFAULT_HOSTNAME="archlinux"
+CONFIG_DEFAULT_HOSTNAME="archlinux-rt"
 CONFIG_SWAP=y
 CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
@@ -102,6 +102,7 @@ CONFIG_PREEMPT_COUNT=y
 CONFIG_VIRT_CPU_ACCOUNTING=y
 CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
 CONFIG_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_SCHED_AVG_IRQ=y
 CONFIG_BSD_PROCESS_ACCT=y
 CONFIG_BSD_PROCESS_ACCT_V3=y
 CONFIG_TASKSTATS=y
@@ -1940,7 +1941,7 @@ CONFIG_MAC80211=m
 CONFIG_MAC80211_HAS_RC=y
 CONFIG_MAC80211_RC_MINSTREL=y
 CONFIG_MAC80211_RC_MINSTREL_HT=y
-# CONFIG_MAC80211_RC_MINSTREL_VHT is not set
+CONFIG_MAC80211_RC_MINSTREL_VHT=y
 CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y
 CONFIG_MAC80211_RC_DEFAULT="minstrel_ht"
 CONFIG_MAC80211_MESH=y
@@ -2194,7 +2195,7 @@ CONFIG_MTD_NAND_DISKONCHIP=m
 # CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set
 CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0
 CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE=y
-# CONFIG_MTD_NAND_DOCG4 is not set
+CONFIG_MTD_NAND_DOCG4=m
 CONFIG_MTD_NAND_CAFE=m
 CONFIG_MTD_NAND_NANDSIM=m
 CONFIG_MTD_NAND_PLATFORM=m
@@ -2255,7 +2256,7 @@ CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
 CONFIG_ZRAM=m
 CONFIG_ZRAM_WRITEBACK=y
 # CONFIG_ZRAM_MEMORY_TRACKING is not set
-# CONFIG_BLK_DEV_DAC960 is not set
+CONFIG_BLK_DEV_DAC960=m
 CONFIG_BLK_DEV_UMEM=m
 CONFIG_BLK_DEV_LOOP=m
 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
@@ -2665,7 +2666,7 @@ CONFIG_MD_FAULTY=m
 CONFIG_MD_CLUSTER=m
 CONFIG_BLK_DEV_DM_BUILTIN=y
 CONFIG_BLK_DEV_DM=m
-# CONFIG_DM_MQ_DEFAULT is not set
+CONFIG_DM_MQ_DEFAULT=y
 CONFIG_DM_DEBUG=y
 CONFIG_DM_BUFIO=m
 # CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set
@@ -5189,6 +5190,7 @@ CONFIG_REGULATOR_WM8400=m
 CONFIG_REGULATOR_WM8994=m
 CONFIG_CEC_CORE=y
 CONFIG_CEC_NOTIFIER=y
+CONFIG_CEC_PIN=y
 CONFIG_RC_CORE=m
 CONFIG_RC_MAP=m
 CONFIG_LIRC=y
@@ -5238,6 +5240,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y
 CONFIG_MEDIA_RADIO_SUPPORT=y
 CONFIG_MEDIA_SDR_SUPPORT=y
 CONFIG_MEDIA_CEC_SUPPORT=y
+# CONFIG_CEC_PIN_ERROR_INJ is not set
 CONFIG_MEDIA_CONTROLLER=y
 # CONFIG_MEDIA_CONTROLLER_DVB is not set
 CONFIG_VIDEO_DEV=m
@@ -5532,7 +5535,7 @@ CONFIG_VIDEO_VICODEC=m
 CONFIG_DVB_PLATFORM_DRIVERS=y
 CONFIG_CEC_PLATFORM_DRIVERS=y
 CONFIG_VIDEO_CROS_EC_CEC=m
-# CONFIG_CEC_GPIO is not set
+CONFIG_CEC_GPIO=m
 CONFIG_SDR_PLATFORM_DRIVERS=y
 
 #
@@ -6164,8 +6167,8 @@ CONFIG_LCD_ILI9320=m
 CONFIG_LCD_TDO24M=m
 CONFIG_LCD_VGG2432A4=m
 CONFIG_LCD_PLATFORM=m
-# CONFIG_LCD_S6E63M0 is not set
-# CONFIG_LCD_LD9040 is not set
+CONFIG_LCD_S6E63M0=m
+CONFIG_LCD_LD9040=m
 CONFIG_LCD_AMS369FG06=m
 CONFIG_LCD_LMS501KF03=m
 CONFIG_LCD_HX8357=m
@@ -7876,7 +7879,7 @@ CONFIG_FWTTY_MAX_TOTAL_PORTS=64
 CONFIG_FWTTY_MAX_CARD_PORTS=32
 CONFIG_MTD_SPINAND_MT29F=m
 CONFIG_MTD_SPINAND_ONDIEECC=y
-# CONFIG_DGNC is not set
+CONFIG_DGNC=m
 CONFIG_GS_FPGABOOT=m
 CONFIG_UNISYSSPAR=y
 CONFIG_COMMON_CLK_XLNX_CLKWZRD=m
@@ -9197,7 +9200,7 @@ CONFIG_CRYPTO_NULL2=y
 CONFIG_CRYPTO_PCRYPT=m
 CONFIG_CRYPTO_WORKQUEUE=y
 CONFIG_CRYPTO_CRYPTD=m
-# CONFIG_CRYPTO_MCRYPTD is not set
+CONFIG_CRYPTO_MCRYPTD=m
 CONFIG_CRYPTO_AUTHENC=m
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_SIMD=m
@@ -9270,9 +9273,9 @@ CONFIG_CRYPTO_SHA1=y
 CONFIG_CRYPTO_SHA1_SSSE3=m
 CONFIG_CRYPTO_SHA256_SSSE3=m
 CONFIG_CRYPTO_SHA512_SSSE3=m
-# CONFIG_CRYPTO_SHA1_MB is not set
-# CONFIG_CRYPTO_SHA256_MB is not set
-# CONFIG_CRYPTO_SHA512_MB is not set
+CONFIG_CRYPTO_SHA1_MB=m
+CONFIG_CRYPTO_SHA256_MB=m
+CONFIG_CRYPTO_SHA512_MB=m
 CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_SHA512=y
 CONFIG_CRYPTO_SHA3=m