diff options
author | archdevlab | 2024-03-19 21:54:01 -0400 |
---|---|---|
committer | archdevlab | 2024-03-19 21:54:01 -0400 |
commit | 19ff119347ded592268c8180839ff9592b08d94d (patch) | |
tree | 146746f2572d3a5c762784c771fb524a89984a04 | |
parent | 98b7f80088b598b5e2c19c901fd5a1d2ee2973a0 (diff) | |
download | aur-19ff119347ded592268c8180839ff9592b08d94d.tar.gz |
update to 6.8.1
-rw-r--r-- | .SRCINFO | 33 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 22 | ||||
-rw-r--r-- | 0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch | 8 | ||||
-rw-r--r-- | 0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch | 36 | ||||
-rw-r--r-- | PKGBUILD | 100 |
5 files changed, 146 insertions, 53 deletions
@@ -1,13 +1,12 @@ pkgbase = linux-llvm - pkgver = 6.7.0 + pkgver = 6.8.1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 - license = GPL2 + license = GPL-2.0-only makedepends = bc makedepends = cpio makedepends = gettext - makedepends = git makedepends = libelf makedepends = pahole makedepends = perl @@ -16,6 +15,11 @@ pkgbase = linux-llvm makedepends = xz makedepends = kmod makedepends = xmlto + makedepends = graphviz + makedepends = imagemagick + makedepends = python-sphinx + makedepends = python-yaml + makedepends = texlive-latexextra makedepends = bison makedepends = flex makedepends = zstd @@ -25,20 +29,19 @@ pkgbase = linux-llvm makedepends = gcc-libs makedepends = glibc makedepends = binutils - makedepends = clang - makedepends = llvm - makedepends = llvm-libs - makedepends = lld - makedepends = python + makedepends = git + options = !debug options = !strip - source = https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.7.tar.xz - source = https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/79425d7496066714f38535eb4f37df529668e83a/config + source = https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.8.1.tar.xz + source = https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/abef9db380deca88617f7014b683667ef6fc81e4/config source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch source = 0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch - sha256sums = ef31144a2576d080d8c31698e83ec9f66bf97c677fa2aaf0d5bbb9f3345b1069 - sha256sums = 45a44ff0e957cd562d2ceb60c1c90fc19c19e808209cebb46bfacfccfb56ad96 - sha256sums = f936aae4d832ac87db8fbb9effb066dd368d092f71dd7135d1548babdb7d10c8 - sha256sums = 758690814fbe8bba6e6ab91c80352bf328d49b686c74213f85039180aecb67df + source = 0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch + sha256sums = 8d0c8936e3140a0fbdf511ad7a9f21121598f3656743898f47bb9052d37cff68 + sha256sums = c2b00c84c4b543db431e06604d939a62f93107d18369f4d9860dc8062b01ab45 + sha256sums = 416609986399d3046811bcc2344f4ee0833b6c92e305da3925a6e193f810dad2 + sha256sums = b4c85f49a0c0fe6d6ac1f55165c2c897000a7c6c0c30f258693d66223c0389fd + sha256sums = d9c0e2b3fa16f02abfd95d4c00747a43dd761e5cd622d40ab908155c5957759b pkgname = linux-llvm pkgdesc = The Linux kernel and modules - Build with LLVM/CLANG @@ -47,9 +50,9 @@ pkgname = linux-llvm depends = kmod optdepends = wireless-regdb: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices + provides = KSMBD-MODULE provides = VIRTUALBOX-GUEST-MODULES provides = WIREGUARD-MODULE - provides = KSMBD-MODULE replaces = virtualbox-guest-modules-arch replaces = wireguard-arch diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 66cb0bb1d276..d00d967d7c92 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ -From 35d79b574508f84805b19ef3e1c4b21b9605e946 Mon Sep 17 00:00:00 2001 +From 9d3a77d68441f82ae970418e45de3d3db14daabc Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. @@ -36,10 +36,10 @@ index 6030a8235..60b7fe5fa 100644 { return &init_user_ns; diff --git a/init/Kconfig b/init/Kconfig -index 9ffb103fc..f91ccd3c1 100644 +index bee58f746..859989666 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1226,6 +1226,22 @@ config USER_NS +@@ -1247,6 +1247,22 @@ config USER_NS If unsure, say N. @@ -63,12 +63,12 @@ index 9ffb103fc..f91ccd3c1 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index 10917c3e1..458360cf9 100644 +index 0d944e92a..5449c990a 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -100,6 +100,10 @@ - #include <linux/user_events.h> +@@ -102,6 +102,10 @@ #include <linux/iommu.h> + #include <linux/rseq.h> +#ifdef CONFIG_USER_NS +#include <linux/user_namespace.h> @@ -77,7 +77,7 @@ index 10917c3e1..458360cf9 100644 #include <asm/pgalloc.h> #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -2265,6 +2269,10 @@ __latent_entropy struct task_struct *copy_process( +@@ -2260,6 +2264,10 @@ __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -88,7 +88,7 @@ index 10917c3e1..458360cf9 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -3411,6 +3419,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -3406,6 +3414,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -132,7 +132,7 @@ index 157f7ce29..881fc4f5d 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index eabe8bcc7..ac9d1f702 100644 +index ce4d99df5..8272e2e35 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -22,6 +22,13 @@ @@ -150,5 +150,5 @@ index eabe8bcc7..ac9d1f702 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.43.0 +2.44.0 diff --git a/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch b/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch index 5ee33ca6aaa6..3226f7f42282 100644 --- a/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch +++ b/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch @@ -1,7 +1,7 @@ -From d7cb932d45ed4d5560fc0a96a8e3728debf5fe90 Mon Sep 17 00:00:00 2001 +From 4d23b7ca9ef7806857a57a607a8bac22fd8e5b13 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas <javierm@redhat.com> Date: Thu, 19 May 2022 14:40:07 +0200 -Subject: [PATCH 2/2] drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 +Subject: [PATCH 2/3] drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set The Nvidia proprietary driver has some bugs that leads to issues if used @@ -49,7 +49,7 @@ Cherry-picked-for: https://bugs.archlinux.org/task/73720 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c -index 82fcfd29b..17b7e096b 100644 +index 3c197db42..16e4a2e90 100644 --- a/drivers/firmware/sysfb.c +++ b/drivers/firmware/sysfb.c @@ -34,6 +34,22 @@ @@ -85,5 +85,5 @@ index 82fcfd29b..17b7e096b 100644 if (!IS_ERR(pd)) goto unlock_mutex; -- -2.43.0 +2.44.0 diff --git a/0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch b/0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch new file mode 100644 index 000000000000..8bc37b9df91a --- /dev/null +++ b/0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch @@ -0,0 +1,36 @@ +From 6ce0f5c6171583c296bbf649d03ad68c0732d39c Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org> +Date: Sat, 13 Jan 2024 15:29:25 +0100 +Subject: [PATCH 3/3] arch/Kconfig: Default to maximum amount of ASLR bits + +To mitigate https://zolutal.github.io/aslrnt/; do this with a patch to +avoid having to enable `CONFIG_EXPERT`. +--- + arch/Kconfig | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/Kconfig b/arch/Kconfig +index a5af0edd3..0731bc203 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -1025,7 +1025,7 @@ config ARCH_MMAP_RND_BITS + int "Number of bits to use for ASLR of mmap base address" if EXPERT + range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX + default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT +- default ARCH_MMAP_RND_BITS_MIN ++ default ARCH_MMAP_RND_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_BITS + help + This value can be used to select the number of bits to use to +@@ -1059,7 +1059,7 @@ config ARCH_MMAP_RND_COMPAT_BITS + int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT + range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX + default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT +- default ARCH_MMAP_RND_COMPAT_BITS_MIN ++ default ARCH_MMAP_RND_COMPAT_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS + help + This value can be used to select the number of bits to use to +-- +2.44.0 + @@ -19,27 +19,66 @@ BUILD_FLAGS=(CC=clang CXX=clang++ HOSTCC=clang HOSTCXX=clang++ LD=ld.lld LLVM=1 ################################################################################### pkgbase=linux-llvm -pkgver=6.7.0 -_pkgver=6.7 +pkgver=6.8.1 +_pkgver=6.8.1 pkgrel=1 -major=6.7 -commit=79425d7496066714f38535eb4f37df529668e83a +major=6.8 +commit=abef9db380deca88617f7014b683667ef6fc81e4 arch=(x86_64) url='https://www.kernel.org/' -license=(GPL2) -makedepends=(bc cpio gettext git libelf pahole perl python tar xz kmod xmlto) -makepends+=(graphviz imagemagick python-sphinx texlive-latexextra) # htmldocs -makedepends+=(bison flex zstd make patch gcc gcc-libs glibc binutils) -makedepends+=(clang llvm llvm-libs lld python) -options=(!strip) - +license=(GPL-2.0-only) +makedepends=( + bc + cpio + gettext + libelf + pahole + perl + python + tar + xz + kmod + xmlto + # htmldocs + graphviz + imagemagick + python-sphinx + python-yaml + texlive-latexextra +) +makedepends+=( + bison + flex + zstd + make + patch + gcc + gcc-libs + glibc + binutils + git +) +if [[ "$_compiler" = "2" ]]; then + makedepends+=( + clang + llvm + llvm-libs + lld + clang + python + ) +fi +options=( + !debug + !strip +) archlinuxpath=https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/$commit - source=(https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$_pkgver.tar.xz ${archlinuxpath}/config # Arch patches 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch) + 0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch + 0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch) export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase @@ -173,15 +212,29 @@ build(){ msg "make -j$(nproc) all..." make ARCH=${ARCH} ${BUILD_FLAGS[*]} -j$(nproc) all + make ARCH=${ARCH} ${BUILD_FLAGS[*]} -j$(nproc) -C tools/bpf/bpftool vmlinux.h feature-clang-bpf-co-re=1 } _package(){ pkgdesc='The Linux kernel and modules - Build with LLVM/CLANG' - depends=(coreutils initramfs kmod) - optdepends=('wireless-regdb: to set the correct wireless channels of your country' - 'linux-firmware: firmware images needed for some devices') - provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE KSMBD-MODULE) - replaces=(virtualbox-guest-modules-arch wireguard-arch) + depends=( + coreutils + initramfs + kmod + ) + optdepends=( + 'wireless-regdb: to set the correct wireless channels of your country' + 'linux-firmware: firmware images needed for some devices' + ) + provides=( + KSMBD-MODULE + VIRTUALBOX-GUEST-MODULES + WIREGUARD-MODULE + ) + replaces=( + virtualbox-guest-modules-arch + wireguard-arch + ) cd ${srcdir}/linux-$_pkgver @@ -213,7 +266,7 @@ _package-headers(){ local builddir="$pkgdir"/usr/lib/modules/"$(<version)"/build msg "Installing build files..." - install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map *localversion* version vmlinux + install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map *localversion* version vmlinux tools/bpf/bpftool/vmlinux.h install -Dt "$builddir/kernel" -m644 kernel/Makefile install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile cp -t "$builddir" -a scripts @@ -288,10 +341,11 @@ _package-headers(){ ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" } -sha256sums=('ef31144a2576d080d8c31698e83ec9f66bf97c677fa2aaf0d5bbb9f3345b1069' - '45a44ff0e957cd562d2ceb60c1c90fc19c19e808209cebb46bfacfccfb56ad96' - 'f936aae4d832ac87db8fbb9effb066dd368d092f71dd7135d1548babdb7d10c8' - '758690814fbe8bba6e6ab91c80352bf328d49b686c74213f85039180aecb67df') +sha256sums=('8d0c8936e3140a0fbdf511ad7a9f21121598f3656743898f47bb9052d37cff68' + 'c2b00c84c4b543db431e06604d939a62f93107d18369f4d9860dc8062b01ab45' + '416609986399d3046811bcc2344f4ee0833b6c92e305da3925a6e193f810dad2' + 'b4c85f49a0c0fe6d6ac1f55165c2c897000a7c6c0c30f258693d66223c0389fd' + 'd9c0e2b3fa16f02abfd95d4c00747a43dd761e5cd622d40ab908155c5957759b') pkgname=($pkgbase $pkgbase-headers) for _p in "${pkgname[@]}"; do |