diff options
author | abelian424 | 2020-11-29 21:53:24 +0600 |
---|---|---|
committer | abelian424 | 2020-11-29 21:53:24 +0600 |
commit | 389ceabd63994024e641c77202aa02a3052d11c6 (patch) | |
tree | 8f1a5bfc8f0fd2cd426ebb537cb4565bba1c3f8d | |
parent | 0f6dab3cad76b3ae0b5a4d1fa8b58e427333327c (diff) | |
download | aur-389ceabd63994024e641c77202aa02a3052d11c6.tar.gz |
Updated to 5.9.11
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | 0000-sphinx-workaround.patch | 13 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 132 | ||||
-rw-r--r-- | PKGBUILD | 14 | ||||
-rw-r--r-- | config | 12 |
5 files changed, 24 insertions, 169 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-mainline-bcachefs - pkgver = 5.9.9 + pkgver = 5.9.11 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Bcachefs arch = x86_64 @@ -8,8 +8,8 @@ pkgbase = linux-mainline-bcachefs makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.9.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.9.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.11.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.11.tar.sign source = config source = https://raw.githubusercontent.com/Frogging-Family/linux-tkg/master/linux-tkg-patches/5.9/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = https://raw.githubusercontent.com/Frogging-Family/linux-tkg/master/linux-tkg-patches/5.9/0002-clear-patches.patch @@ -19,15 +19,15 @@ pkgbase = linux-mainline-bcachefs source = https://raw.githubusercontent.com/Frogging-Family/linux-tkg/master/linux-tkg-patches/5.9/0008-5.9-bcachefs.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - md5sums = d7155cfac43b2f21d8aa4e159809c256 + md5sums = 530543935698468bf30dfacd4a20d84f md5sums = SKIP - md5sums = 2eb9194d98130bf17a83ffa01e63ff96 + md5sums = acaec169590211b789b7873145f84564 md5sums = a4eb432da721ad9a721d62a8bbed6d1d - md5sums = b10e4c612d5240d66fad8f1c50fe3242 - md5sums = 1181cd1e866a973483e6874445027cd6 + md5sums = 31a83ad2d5c11e560c7bfdfd59659c84 + md5sums = 825adea276dddc5ce88e9484d1dd4575 md5sums = 168a924c7c83ecdc872a9a1c6d1c8bdb md5sums = bc259da4c80e5847ba6b4ad21b2b3f16 - md5sums = 8f51cd828572bc100a3059f819ab3f57 + md5sums = bff07060407a694a7bac6cbf0e75aa71 pkgname = linux-mainline-bcachefs pkgdesc = The Linux-mainline-bcachefs kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler @@ -36,11 +36,11 @@ pkgname = linux-mainline-bcachefs depends = initramfs optdepends = crda: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices - provides = linux-mainline-bcachefs=5.9.9 + provides = linux-mainline-bcachefs=5.9.11 pkgname = linux-mainline-bcachefs-headers pkgdesc = Headers and scripts for building modules for Linux-mainline-bcachefs kernel depends = linux-mainline-bcachefs - provides = linux-mainline-bcachefs-headers=5.9.9 - provides = linux-headers=5.9.9 + provides = linux-mainline-bcachefs-headers=5.9.11 + provides = linux-headers=5.9.11 diff --git a/0000-sphinx-workaround.patch b/0000-sphinx-workaround.patch deleted file mode 100644 index 1aa3f1c8f66e..000000000000 --- a/0000-sphinx-workaround.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git i/Documentation/conf.py w/Documentation/conf.py -index 3c7bdf4cd31f..9a0ced58a3e9 100644 ---- i/Documentation/conf.py -+++ w/Documentation/conf.py -@@ -36,7 +36,7 @@ needs_sphinx = '1.3' - # Add any Sphinx extension module names here, as strings. They can be - # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom - # ones. --extensions = ['kerneldoc', 'rstFlatTable', 'kernel_include', 'cdomain', -+extensions = ['kerneldoc', 'rstFlatTable', 'kernel_include', - 'kfigure', 'sphinx.ext.ifconfig', 'automarkup', - 'maintainers_include'] - diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch deleted file mode 100644 index 5b038e7160f1..000000000000 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 164d2dd36ff81a5a4b4d6440317438cf6009cd59 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> -Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/5] ZEN: Add sysctl and CONFIG to disallow unprivileged - CLONE_NEWUSER - -Our default behavior continues to match the vanilla kernel. ---- - init/Kconfig | 16 ++++++++++++++++ - kernel/fork.c | 15 +++++++++++++++ - kernel/sysctl.c | 12 ++++++++++++ - kernel/user_namespace.c | 7 +++++++ - 4 files changed, 50 insertions(+) - -diff --git a/init/Kconfig b/init/Kconfig -index 74a5ac65644f..965a628556e8 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1102,6 +1102,22 @@ config USER_NS - - If unsure, say N. - -+config USER_NS_UNPRIVILEGED -+ bool "Allow unprivileged users to create namespaces" -+ default y -+ depends on USER_NS -+ help -+ When disabled, unprivileged users will not be able to create -+ new namespaces. Allowing users to create their own namespaces -+ has been part of several recent local privilege escalation -+ exploits, so if you need user namespaces but are -+ paranoid^Wsecurity-conscious you want to disable this. -+ -+ This setting can be overridden at runtime via the -+ kernel.unprivileged_userns_clone sysctl. -+ -+ If unsure, say Y. -+ - config PID_NS - bool "PID Namespaces" - default y -diff --git a/kernel/fork.c b/kernel/fork.c -index 48ed22774efa..ec61454a18d5 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -106,6 +106,11 @@ - - #define CREATE_TRACE_POINTS - #include <trace/events/task.h> -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1848,6 +1853,10 @@ static __latent_entropy struct task_struct *copy_process( - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2948,6 +2957,12 @@ int ksys_unshare(unsigned long unshare_flags) - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 8a176d8727a3..9500597739a2 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -110,6 +110,9 @@ extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -534,6 +537,15 @@ static struct ctl_table kern_table[] = { - .proc_handler = proc_dointvec, - }, - #endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+#endif - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 8eadadc478f9..c36ecd19562c 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -21,6 +21,13 @@ - #include <linux/bsearch.h> - #include <linux/sort.h> - -+/* sysctl */ -+#ifdef CONFIG_USER_NS_UNPRIVILEGED -+int unprivileged_userns_clone = 1; -+#else -+int unprivileged_userns_clone; -+#endif -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - --- -2.27.0 - @@ -63,8 +63,8 @@ _localmodcfg= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-mainline-bcachefs -pkgver=5.9.9 -_pkgverpntrel=9 +pkgver=5.9.11 +_pkgverpntrel=11 pkgrel=1 _smt_nice="true" _runqueue_sharing="mc-llc" @@ -96,15 +96,15 @@ validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -md5sums=('d7155cfac43b2f21d8aa4e159809c256' +md5sums=('530543935698468bf30dfacd4a20d84f' 'SKIP' - '2eb9194d98130bf17a83ffa01e63ff96' + 'acaec169590211b789b7873145f84564' 'a4eb432da721ad9a721d62a8bbed6d1d' - 'b10e4c612d5240d66fad8f1c50fe3242' - '1181cd1e866a973483e6874445027cd6' + '31a83ad2d5c11e560c7bfdfd59659c84' + '825adea276dddc5ce88e9484d1dd4575' '168a924c7c83ecdc872a9a1c6d1c8bdb' 'bc259da4c80e5847ba6b4ad21b2b3f16' - '8f51cd828572bc100a3059f819ab3f57') + 'bff07060407a694a7bac6cbf0e75aa71') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase @@ -119,6 +119,7 @@ CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y CONFIG_PSI=y # CONFIG_PSI_DEFAULT_DISABLED is not set +CONFIG_PSI_DEFAULT_DISABLED=y # end of CPU/Task time and stats accounting CONFIG_CPU_ISOLATION=y @@ -614,8 +615,6 @@ CONFIG_CPU_FREQ_STAT=y # CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y CONFIG_CPU_FREQ_GOV_PERFORMANCE=y CONFIG_CPU_FREQ_GOV_POWERSAVE=m @@ -752,7 +751,7 @@ CONFIG_HAVE_KVM_NO_POLL=y CONFIG_KVM_XFER_TO_GUEST_WORK=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m -CONFIG_KVM_WERROR=y +# CONFIG_KVM_WERROR is not set CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m CONFIG_KVM_AMD_SEV=y @@ -8175,6 +8174,7 @@ CONFIG_INFINIBAND_USER_MEM=y CONFIG_INFINIBAND_ON_DEMAND_PAGING=y CONFIG_INFINIBAND_ADDR_TRANS=y CONFIG_INFINIBAND_ADDR_TRANS_CONFIGFS=y +CONFIG_INFINIBAND_VIRT_DMA=y CONFIG_INFINIBAND_MTHCA=m CONFIG_INFINIBAND_MTHCA_DEBUG=y CONFIG_INFINIBAND_QIB=m @@ -10766,12 +10766,12 @@ CONFIG_DEBUG_BUGVERBOSE=y # # Compile-time checks and compiler options # -CONFIG_DEBUG_INFO=m +# CONFIG_DEBUG_INFO is not set # CONFIG_DEBUG_INFO_REDUCED is not set # CONFIG_DEBUG_INFO_COMPRESSED is not set # CONFIG_DEBUG_INFO_SPLIT is not set -CONFIG_DEBUG_INFO_DWARF4=m -CONFIG_DEBUG_INFO_BTF=m +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_BTF is not set # CONFIG_GDB_SCRIPTS is not set # CONFIG_ENABLE_MUST_CHECK is not set CONFIG_FRAME_WARN=2048 |