diff options
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 10 | ||||
-rw-r--r-- | 0003-HID-core-fix-grouping-by-application.patch | 81 | ||||
-rw-r--r-- | PKGBUILD | 16 | ||||
-rw-r--r-- | config | 34 |
5 files changed, 48 insertions, 115 deletions
@@ -1,7 +1,7 @@ # Generated by mksrcinfo v8 -# Thu Sep 13 19:05:28 UTC 2018 +# Tue Sep 18 19:29:04 UTC 2018 pkgbase = linux-rc - pkgver = 4.18.8rc1 + pkgver = 4.18.9rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -11,26 +11,24 @@ pkgbase = linux-rc makedepends = bc makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.18.7.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.18.7.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.8-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.8-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.18.8.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.18.8.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.9-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.9-rc1.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0003-HID-core-fix-grouping-by-application.patch - sha256sums = f03b425e262a71e5079736706233a4e9afaf77c8462b552b4d6db2d33f5af731 + sha256sums = f1551bad69ab617708fa8cf3f94545ae03dd350bdeb3065fbcf39c1a7df85494 sha256sums = SKIP - sha256sums = 14bcc539c706dcd008cf7b72c6b537d3c63587ce56720692ca15195085f134a5 + sha256sums = 8e56e93cb2c4aad00528598ba96ba3c2d984fd8329507959b02f3eae1d17219b sha256sums = SKIP - sha256sums = da713ca0f1f3b2207e84b3c0ddd1fb00530413dd0987ef5165852b9c889b1024 + sha256sums = 1fc23bd2613b821d8bdca1a33dc421e21de296221108ce047176d27d37ce397f sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = b014187b6b9d3078c45b7c09b1ba1ccb315d69d73ccd4f59dc26fcbc50155409 - sha256sums = dbd2603d608b74b920350a62279060b77fe6756e3913cec7c739a4106048a1ad + sha256sums = e15a125806afe5c108cea9220892be9c1bd7c15af7c805f7c505d7bfc650be46 pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 3d7840b91e11..97a7e115d158 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,7 +1,7 @@ -From 288a921a8658bb478fe3c16120529fcd20f6d5d0 Mon Sep 17 00:00:00 2001 +From 771e964ed3199a0d98bdd644b22039f5b957ddb1 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/1] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> @@ -14,7 +14,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com> 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index 1b27babc4c78..a88dd3ccd31c 100644 +index 8ed48ca2cc43..e02823819ab7 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -103,6 +103,11 @@ @@ -29,7 +29,7 @@ index 1b27babc4c78..a88dd3ccd31c 100644 /* * Minimum number of threads to boot the kernel -@@ -1624,6 +1629,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1625,6 +1630,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -40,7 +40,7 @@ index 1b27babc4c78..a88dd3ccd31c 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2420,6 +2429,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2421,6 +2430,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; diff --git a/0003-HID-core-fix-grouping-by-application.patch b/0003-HID-core-fix-grouping-by-application.patch deleted file mode 100644 index a1ecf420b779..000000000000 --- a/0003-HID-core-fix-grouping-by-application.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 2f2c07d184241b9f133ebe4498575a9f8cda6d1e Mon Sep 17 00:00:00 2001 -From: Benjamin Tissoires <benjamin.tissoires@redhat.com> -Date: Tue, 4 Sep 2018 15:31:14 +0200 -Subject: [PATCH 3/4] HID: core: fix grouping by application - -commit f07b3c1da92d ("HID: generic: create one input report per -application type") was effectively the same as MULTI_INPUT: -hidinput->report was never set, so hidinput_match_application() -always returned null. - -Fix that by testing against the real application. - -Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT -instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward -compatibility on all non-Win8 touchscreens. - -link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 -link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 -link: https://bugs.archlinux.org/task/59699 -link: https://github.com/NixOS/nixpkgs/issues/45165 - -Cc: stable@vger.kernel.org # v4.18+ -Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> -Signed-off-by: Jiri Kosina <jkosina@suse.cz> ---- - drivers/hid/hid-input.c | 4 ++-- - drivers/hid/hid-multitouch.c | 3 +++ - include/linux/hid.h | 1 + - 3 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c -index ab93dd5927c3..a137d2835f32 100644 ---- a/drivers/hid/hid-input.c -+++ b/drivers/hid/hid-input.c -@@ -1579,6 +1579,7 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, - input_dev->dev.parent = &hid->dev; - - hidinput->input = input_dev; -+ hidinput->application = application; - list_add_tail(&hidinput->list, &hid->inputs); - - INIT_LIST_HEAD(&hidinput->reports); -@@ -1674,8 +1675,7 @@ static struct hid_input *hidinput_match_application(struct hid_report *report) - struct hid_input *hidinput; - - list_for_each_entry(hidinput, &hid->inputs, list) { -- if (hidinput->report && -- hidinput->report->application == report->application) -+ if (hidinput->application == report->application) - return hidinput; - } - -diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c -index 45968f7970f8..1a987345692a 100644 ---- a/drivers/hid/hid-multitouch.c -+++ b/drivers/hid/hid-multitouch.c -@@ -1476,6 +1476,9 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id) - */ - hdev->quirks |= HID_QUIRK_INPUT_PER_APP; - -+ if (id->group != HID_GROUP_MULTITOUCH_WIN_8) -+ hdev->quirks |= HID_QUIRK_MULTI_INPUT; -+ - timer_setup(&td->release_timer, mt_expired_timeout, 0); - - ret = hid_parse(hdev); -diff --git a/include/linux/hid.h b/include/linux/hid.h -index 773bcb1d4044..5482dd6ae9ef 100644 ---- a/include/linux/hid.h -+++ b/include/linux/hid.h -@@ -520,6 +520,7 @@ struct hid_input { - const char *name; - bool registered; - struct list_head reports; /* the list of reports */ -+ unsigned int application; /* application usage for this input */ - }; - - enum hid_type { --- -2.19.0 - @@ -5,8 +5,8 @@ pkgbase=linux-rc pkgrel=1 _srcname=linux-4.18 -_stable=4.18.7 -_patchver=4.18.8 +_stable=4.18.8 +_patchver=4.18.9 _rcver=1 pkgver=${_patchver}rc${_rcver} _rcpatch=patch-${_patchver}-rc${_rcver} @@ -23,23 +23,21 @@ source=( 90-linux.hook # pacman hook for initramfs regeneration linux.preset # standard config files for mkinitcpio ramdisk 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - 0003-HID-core-fix-grouping-by-application.patch - # the 0004 patch is not needed for rc1 builds + # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1 ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('f03b425e262a71e5079736706233a4e9afaf77c8462b552b4d6db2d33f5af731' +sha256sums=('f1551bad69ab617708fa8cf3f94545ae03dd350bdeb3065fbcf39c1a7df85494' 'SKIP' - '14bcc539c706dcd008cf7b72c6b537d3c63587ce56720692ca15195085f134a5' + '8e56e93cb2c4aad00528598ba96ba3c2d984fd8329507959b02f3eae1d17219b' 'SKIP' - 'da713ca0f1f3b2207e84b3c0ddd1fb00530413dd0987ef5165852b9c889b1024' + '1fc23bd2613b821d8bdca1a33dc421e21de296221108ce047176d27d37ce397f' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - 'b014187b6b9d3078c45b7c09b1ba1ccb315d69d73ccd4f59dc26fcbc50155409' - 'dbd2603d608b74b920350a62279060b77fe6756e3913cec7c739a4106048a1ad') + 'e15a125806afe5c108cea9220892be9c1bd7c15af7c805f7c505d7bfc650be46') _kernelname=${pkgbase#linux} @@ -1,10 +1,10 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.18.7-arch1 Kernel Configuration +# Linux/x86 4.18.8-arch1 Kernel Configuration # # -# Compiler: gcc (GCC) 8.2.0 +# Compiler: gcc (GCC) 8.2.1 20180831 # CONFIG_64BIT=y CONFIG_X86_64=y @@ -47,7 +47,7 @@ CONFIG_FIX_EARLYCON_MEM=y CONFIG_DYNAMIC_PHYSICAL_MASK=y CONFIG_PGTABLE_LEVELS=4 CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80200 +CONFIG_GCC_VERSION=80201 CONFIG_CLANG_VERSION=0 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y @@ -9217,9 +9217,10 @@ CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set CONFIG_EARLY_PRINTK_EFI=y # CONFIG_EARLY_PRINTK_USB_XDBC is not set +CONFIG_X86_PTDUMP_CORE=y # CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_WX is not set +CONFIG_DEBUG_WX=y CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_DEBUG is not set @@ -9264,19 +9265,36 @@ CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set -# CONFIG_SECURITY_SELINUX is not set +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set +CONFIG_SECURITY_APPARMOR=y +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_EVM is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m @@ -9437,7 +9455,7 @@ CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m CONFIG_CRYPTO_SERPENT_AVX_X86_64=m CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m +# CONFIG_CRYPTO_SPECK is not set CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m |