summaryrefslogtreecommitdiff
path: root/libre/linux-libre-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'libre/linux-libre-grsec')
-rw-r--r--libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch13
-rw-r--r--libre/linux-libre-grsec/0012-fix-saa7134.patch37
-rw-r--r--libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch13
-rw-r--r--libre/linux-libre-grsec/0015-fix-xsdt-validation.patch42
-rw-r--r--libre/linux-libre-grsec/PKGBUILD39
-rw-r--r--libre/linux-libre-grsec/config.i6865
-rw-r--r--libre/linux-libre-grsec/config.x86_649
7 files changed, 146 insertions, 12 deletions
diff --git a/libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch b/libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch
new file mode 100644
index 000000000..b597595c6
--- /dev/null
+++ b/libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch
@@ -0,0 +1,13 @@
+diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
+index 8034706..e01ea4a 100644
+--- a/fs/kernfs/file.c
++++ b/fs/kernfs/file.c
+@@ -484,6 +484,8 @@ static int kernfs_fop_mmap(struct file *file, struct vm_area_struct *vma)
+
+ ops = kernfs_ops(of->kn);
+ rc = ops->mmap(of, vma);
++ if (rc)
++ goto out_put;
+
+ /*
+ * PowerPC's pci_mmap of legacy_mem uses shmem_zero_setup()
diff --git a/libre/linux-libre-grsec/0012-fix-saa7134.patch b/libre/linux-libre-grsec/0012-fix-saa7134.patch
new file mode 100644
index 000000000..070fbc8eb
--- /dev/null
+++ b/libre/linux-libre-grsec/0012-fix-saa7134.patch
@@ -0,0 +1,37 @@
+--- a/drivers/media/pci/saa7134/saa7134-video.c
++++ a/drivers/media/pci/saa7134/saa7134-video.c
+@@ -1243,6 +1243,7 @@ static int video_release(struct file *file)
+ videobuf_streamoff(&dev->cap);
+ res_free(dev, fh, RESOURCE_VIDEO);
+ videobuf_mmap_free(&dev->cap);
++ INIT_LIST_HEAD(&dev->cap.stream);
+ }
+ if (dev->cap.read_buf) {
+ buffer_release(&dev->cap, dev->cap.read_buf);
+@@ -1254,6 +1255,7 @@ static int video_release(struct file *file)
+ videobuf_stop(&dev->vbi);
+ res_free(dev, fh, RESOURCE_VBI);
+ videobuf_mmap_free(&dev->vbi);
++ INIT_LIST_HEAD(&dev->vbi.stream);
+ }
+
+ /* ts-capture will not work in planar mode, so turn it off Hac: 04.05*/
+@@ -1987,17 +1989,12 @@ int saa7134_streamoff(struct file *file, void *priv,
+ enum v4l2_buf_type type)
+ {
+ struct saa7134_dev *dev = video_drvdata(file);
+- int err;
+ int res = saa7134_resource(file);
+
+ if (res != RESOURCE_EMPRESS)
+ pm_qos_remove_request(&dev->qos_request);
+
+- err = videobuf_streamoff(saa7134_queue(file));
+- if (err < 0)
+- return err;
+- res_free(dev, priv, res);
+- return 0;
++ return videobuf_streamoff(saa7134_queue(file));
+ }
+ EXPORT_SYMBOL_GPL(saa7134_streamoff);
+
diff --git a/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch b/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch
new file mode 100644
index 000000000..2840f190c
--- /dev/null
+++ b/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch
@@ -0,0 +1,13 @@
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 45fa2f1..6088927 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -2289,7 +2289,7 @@ EXPORT_SYMBOL(skb_checksum_help);
+ __be16 skb_network_protocol(struct sk_buff *skb, int *depth)
+ {
+ __be16 type = skb->protocol;
+- int vlan_depth = ETH_HLEN;
++ int vlan_depth = skb->mac_len;
+
+ /* Tunnel gso handlers can set protocol to ethernet. */
+ if (type == htons(ETH_P_TEB)) {
diff --git a/libre/linux-libre-grsec/0015-fix-xsdt-validation.patch b/libre/linux-libre-grsec/0015-fix-xsdt-validation.patch
new file mode 100644
index 000000000..82dd2be25
--- /dev/null
+++ b/libre/linux-libre-grsec/0015-fix-xsdt-validation.patch
@@ -0,0 +1,42 @@
+@@ -, +, @@
+ acpi_tb_parse_root_table().
+ Commit: 671cc68dc61f029d44b43a681356078e02d8dab8
+ Subject: ACPICA: Back port and refine validation of the XSDT root table.
+---
+ drivers/acpi/acpica/tbutils.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+--- a/drivers/acpi/acpica/tbutils.c
++++ a/drivers/acpi/acpica/tbutils.c
+@@ -461,6 +461,7 @@ acpi_status __init acpi_tb_parse_root_table(acpi_physical_address rsdp_address)
+ u32 table_count;
+ struct acpi_table_header *table;
+ acpi_physical_address address;
++ acpi_physical_address rsdt_address;
+ u32 length;
+ u8 *table_entry;
+ acpi_status status;
+@@ -488,11 +489,13 @@ acpi_status __init acpi_tb_parse_root_table(acpi_physical_address rsdp_address)
+ * as per the ACPI specification.
+ */
+ address = (acpi_physical_address) rsdp->xsdt_physical_address;
++ rsdt_address = (acpi_physical_address) rsdp->rsdt_physical_address;
+ table_entry_size = ACPI_XSDT_ENTRY_SIZE;
+ } else {
+ /* Root table is an RSDT (32-bit physical addresses) */
+
+ address = (acpi_physical_address) rsdp->rsdt_physical_address;
++ rsdt_address = address;
+ table_entry_size = ACPI_RSDT_ENTRY_SIZE;
+ }
+
+@@ -515,8 +518,7 @@ acpi_status __init acpi_tb_parse_root_table(acpi_physical_address rsdp_address)
+
+ /* Fall back to the RSDT */
+
+- address =
+- (acpi_physical_address) rsdp->rsdt_physical_address;
++ address = rsdt_address;
+ table_entry_size = ACPI_RSDT_ENTRY_SIZE;
+ }
+ }
+
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 082bdb61a..e702d3ad8 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -12,9 +12,9 @@
pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.14
-_sublevel=1
+_sublevel=2
_grsecver=3.0
-_timestamp=201404241722
+_timestamp=201404270907
_pkgver=${_basekernel}.${_sublevel}
pkgver=${_basekernel}.${_sublevel}.${_timestamp}
pkgrel=1
@@ -44,14 +44,18 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'0006-genksyms-fix-typeof-handling.patch'
'0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch'
'0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch'
+ '0011-kernfs-fix-removed-error-check.patch'
+ '0012-fix-saa7134.patch'
+ '0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch'
+ '0015-fix-xsdt-validation.patch'
'sysctl.conf'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f'
- '2b4862b3c76011e66e536f18fbf0fb27'
- 'c22e7672ec2b6a87b99734ea470988d9'
+ '77c34d5c5c2663d0daaf8ad3761fbaf3'
+ '108a9ec62f9015ed17cd91f40087ea03'
'SKIP'
- '51ead958a4bb74ca5f5702b97740719b'
- '0822a5655cef86bb6f449692d8b3f3d2'
+ '1b830bf677c7df400ac30192fa37f97f'
+ '408dd180559f71dab1fcc80a19da1343'
'5f66bed97a5c37e48eb2f71b2d354b9a'
'2967cecc3af9f954ccc822fd63dca6ff'
'8267264d9a8966e57fdacd1fa1fc65c4'
@@ -65,6 +69,10 @@ md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f'
'16a161979f846b049e90daea907c35dd'
'00727251b0d337a25d3ca392218afdf4'
'353b553d69da810ef954618aca60e1e2'
+ 'b3f98eba6322463ed6644784c56893be'
+ '4f547d79fa1b2bb855dc2996be2a515e'
+ '21d25aef69f9da33c6087b7ffd97783e'
+ '278417ab07b6f5fe8e3e0ed656f35f3e'
'7a052645280da78a98bfe8cf805ddab5'
'3ab22a28f075ec92bca1b7598e8280e1')
if [ "$CARCH" != "mips64el" ]; then
@@ -127,6 +135,25 @@ prepare() {
# FS#39815
patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch"
+ # fix Xorg crash with i810 chipset due to wrong removed error check
+ # References: http://lkml.kernel.org/g/533D01BD.1010200@googlemail.com
+ patch -Np1 -i "${srcdir}/0011-kernfs-fix-removed-error-check.patch"
+
+ # fix saa7134 video
+ # https://bugs.archlinux.org/task/39904
+ # https://bugzilla.kernel.org/show_bug.cgi?id=73361
+ patch -Np1 -i "${srcdir}/0012-fix-saa7134.patch"
+
+ # fix tun/openvpn performance
+ # https://bugs.archlinux.org/task/40089
+ # https://bugzilla.kernel.org/show_bug.cgi?id=74051
+ patch -Np1 -i "${srcdir}/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch"
+
+ # fix xsdt validation bug
+ # https://bugs.archlinux.org/task/39811
+ # https://bugzilla.kernel.org/show_bug.cgi?id=73911
+ patch -Np1 -i "${srcdir}/0015-fix-xsdt-validation.patch"
+
if [ "$CARCH" == "mips64el" ]; then
sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686
index 76ef4273e..cc0487d43 100644
--- a/libre/linux-libre-grsec/config.i686
+++ b/libre/linux-libre-grsec/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.1-1 Kernel Configuration
+# Linux/x86 3.14.2-1 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -1487,7 +1487,8 @@ CONFIG_DMA_SHARED_BUFFER=y
#
# Bus devices
#
-CONFIG_CONNECTOR=m
+CONFIG_CONNECTOR=y
+CONFIG_PROC_EVENTS=y
CONFIG_MTD=m
CONFIG_MTD_TESTS=m
CONFIG_MTD_REDBOOT_PARTS=m
diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64
index 14c7909bc..4b3e0d5fd 100644
--- a/libre/linux-libre-grsec/config.x86_64
+++ b/libre/linux-libre-grsec/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.1-1 Kernel Configuration
+# Linux/x86 3.14.2-1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -260,8 +260,8 @@ CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
-CONFIG_CC_STACKPROTECTOR_REGULAR=y
-# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
+CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
@@ -1472,7 +1472,8 @@ CONFIG_DMA_SHARED_BUFFER=y
#
# Bus devices
#
-CONFIG_CONNECTOR=m
+CONFIG_CONNECTOR=y
+CONFIG_PROC_EVENTS=y
CONFIG_MTD=m
CONFIG_MTD_TESTS=m
CONFIG_MTD_REDBOOT_PARTS=m