4.14.17-xanmod21

2 files changed, 12 insertions, 21 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 2f72b267b2bf..1d525a7e5881 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-xanmod-lts
-	pkgver = 4.14.15
+	pkgver = 4.14.17
 	pkgrel = 1
 	url = http://www.xanmod.org/
 	arch = x86_64
@@ -10,16 +10,16 @@ pkgbase = linux-xanmod-lts
 	makedepends = bc
 	makedepends = libelf
 	options = !strip
-	source = https://github.com/xanmod/linux/archive/4.14.15-xanmod20.tar.gz
+	source = https://github.com/xanmod/linux/archive/4.14.17-xanmod21.tar.gz
 	source = 60-linux.hook
 	source = 90-linux.hook
 	source = linux-xanmod-lts.preset
 	source = choose-gcc-optimization.sh
-	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch?h=packages/linux-lts&id=d9eb6c8046bcd2265f6bb6e2a777f4752a7ebc2f
-	source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch?h=packages/linux-lts&id=d9eb6c8046bcd2265f6bb6e2a777f4752a7ebc2f
-	source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch?h=packages/linux-lts&id=d9eb6c8046bcd2265f6bb6e2a777f4752a7ebc2f
-	source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch?h=packages/linux-lts&id=d9eb6c8046bcd2265f6bb6e2a777f4752a7ebc2f
-	sha256sums = 819c76bd7d21a14b8da8f33445dbd009eb6d9bbe50dcf9770f50258f04159358
+	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch?h=packages/linux-lts&id=3d60a37bad1ef43e3f4a3856aad16f909bc8a6c2
+	source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch?h=packages/linux-lts&id=3d60a37bad1ef43e3f4a3856aad16f909bc8a6c2
+	source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch?h=packages/linux-lts&id=3d60a37bad1ef43e3f4a3856aad16f909bc8a6c2
+	source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch::https://git.archlinux.org/svntogit/packages.git/plain/trunk/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch?h=packages/linux-lts&id=3d60a37bad1ef43e3f4a3856aad16f909bc8a6c2
+	sha256sums = 043dbeb00d7cdf6b2f15801e23572527dbf41478ad9cdaa8fbe3454da3fc367d
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
@@ -28,7 +28,7 @@ pkgbase = linux-xanmod-lts
 	sha256sums = 5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311
 	sha256sums = 2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0
 	sha256sums = 6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794
-	source_x86_64 = config::https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux-lts&id=d9eb6c8046bcd2265f6bb6e2a777f4752a7ebc2f
+	source_x86_64 = config::https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux-lts&id=3d60a37bad1ef43e3f4a3856aad16f909bc8a6c2
 	sha256sums_x86_64 = c645053c4525a1a70d5c10b52257ac136da7e9059b6a4a566a857a3d42046426
 
 pkgname = linux-xanmod-lts
diff --git a/PKGBUILD b/PKGBUILD
index e0e01216bca8..3975ee09cb90 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -21,8 +21,8 @@ _microarchitecture=0
 
 pkgbase=linux-xanmod-lts
 _srcname=linux
-pkgver=4.14.15
-xanmod=20
+pkgver=4.14.17
+xanmod=21
 pkgrel=1
 arch=('x86_64')
 url="http://www.xanmod.org/"
@@ -31,7 +31,7 @@ makedepends=('xmlto' 'kmod' 'inetutils' 'bc' 'libelf')
 options=('!strip')
 
 # Arch stock configuration files are directly pulled from a specific trunk
-arch_config_trunk=d9eb6c8046bcd2265f6bb6e2a777f4752a7ebc2f
+arch_config_trunk=3d60a37bad1ef43e3f4a3856aad16f909bc8a6c2
 
 # Arch additional patches
 arch_patches=(
@@ -50,7 +50,7 @@ source=(https://github.com/xanmod/linux/archive/${pkgver}-xanmod${xanmod}.tar.gz
 for _patch in ${arch_patches[@]} ; do source+=("${_patch}::https://git.archlinux.org/svntogit/packages.git/plain/trunk/${_patch}?h=packages/linux-lts&id=${arch_config_trunk}") ; done
 source_x86_64=("config::https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux-lts&id=${arch_config_trunk}")
 
-sha256sums=('819c76bd7d21a14b8da8f33445dbd009eb6d9bbe50dcf9770f50258f04159358'
+sha256sums=('043dbeb00d7cdf6b2f15801e23572527dbf41478ad9cdaa8fbe3454da3fc367d'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
@@ -85,17 +85,8 @@ prepare() {
   sed -i "s|# CONFIG_STACK_VALIDATION.*|CONFIG_STACK_VALIDATION=y|" ./.config
 
   # Archlinux patches
-  # [0] disable USER_NS for non-root users by default
-  # [1] https://bugs.archlinux.org/task/56575
-  # [2] https://nvd.nist.gov/vuln/detail/CVE-2017-8824
   for n in ${arch_patches[@]} ; do patch -Np1 -i ../$n ; done
 
-  # CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
-  sed -i "s|# CONFIG_RETPOLINE.*|CONFIG_RETPOLINE=y|" ./.config
-
-  # CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
-  sed -i "s|# CONFIG_PAGE_TABLE_ISOLATION.*|CONFIG_PAGE_TABLE_ISOLATION=y|" ./.config
-
   # Enable IKCONFIG following Arch's philosophy
   sed -i "s|# CONFIG_IKCONFIG.*|CONFIG_IKCONFIG=y\nCONFIG_IKCONFIG_PROC=y|" ./.config