diff options
Diffstat (limited to 'kernels')
-rwxr-xr-x | kernels/linux-libre-grsec/PKGBUILD | 26 | ||||
-rw-r--r-- | kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch | 16 | ||||
-rwxr-xr-x | kernels/linux-libre-grsec/linux-libre-grsec.install | 2 | ||||
-rw-r--r-- | kernels/linux-libre-grsec/module-init-wait-3.6.patch | 77 | ||||
-rw-r--r-- | kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch | 66 | ||||
-rwxr-xr-x | kernels/linux-libre-lts-grsec/PKGBUILD | 18 | ||||
-rwxr-xr-x | kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install | 4 | ||||
-rw-r--r-- | kernels/paxutils/PKGBUILD | 6 | ||||
-rwxr-xr-x | kernels/paxutils/paxutils | 26 |
9 files changed, 40 insertions, 201 deletions
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index d586f77f7..873b96b91 100755 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -9,12 +9,12 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.6 -_sublevel=8 +_sublevel=9 _grsecver=2.9.1 -_timestamp=201212011309 +_timestamp=201212061820 pkgver=${_basekernel}.${_sublevel} pkgrel=3 -_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -31,13 +31,10 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'Kbuild.platforms' 'boot-logo.patch' 'change-default-console-loglevel.patch' - #'module-symbol-waiting-3.6.patch' - #'module-init-wait-3.6.patch' - #'irq_cfg_pointer-3.6.6.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") md5sums=('a2312edd0265b5b07bd4b50afae2b380' - '3f4d630f49a12079598a3601dd2adb24' - '404f94ed95983191b673f3462715bd64' + '2127e118d09154c7a44dd2dfed2cfecd' + '5a7ac3d736bda40cd459865a13263e7d' '9b4ec887671d9242eba16be5cba4f9dc' '55695d7853abe483f4db189877fd5e36' '5f66bed97a5c37e48eb2f71b2d354b9a' @@ -45,10 +42,7 @@ md5sums=('a2312edd0265b5b07bd4b50afae2b380' '8267264d9a8966e57fdacd1fa1fc65c4' '86d3c12bdb77173617d2b9e170522ee0' '9d3c56a4b999c8bfbd4018089a62f662' - #'670931649c60fcb3ef2e0119ed532bd4' - #'8a71abc4224f575008f974a099b5cf6f' - #'4909a0271af4e5f373136b382826717f' - 'acc79d1934fe9710acd9039dcd4e8b30') + '2f3ae0624acb4a4b12ea2c008b964bd2') if [ "$CARCH" != "mips64el" ]; then # Don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -77,14 +71,6 @@ build() { # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" -# # fix module initialisation -# # https://bugs.archlinux.org/task/32122 -# patch -Np1 -i "${srcdir}/module-symbol-waiting-3.6.patch" -# patch -Np1 -i "${srcdir}/module-init-wait-3.6.patch" - -# # fix FS#32615 - Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt -# patch -Np1 -i "${srcdir}/irq_cfg_pointer-3.6.6.patch" - if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ diff --git a/kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch b/kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch deleted file mode 100644 index 32583c0ac..000000000 --- a/kernels/linux-libre-grsec/irq_cfg_pointer-3.6.6.patch +++ /dev/null @@ -1,16 +0,0 @@ -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux.git;a=blobdiff_plain;f=arch%2Fx86%2Fkernel%2Fapic%2Fio_apic.c;h=1817fa911024f07151d3edf91bd350722c9f79f8;hp=c265593ec2cdc3df35fda1586aaf91514fab62fa;hb=94777fc51b3ad85ff9f705ddf7cdd0eb3bbad5a6;hpb=3e8fa263a97079c74880675c451587bb6899e661 - -diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index c265593..1817fa9 100644 ---- a/arch/x86/kernel/apic/io_apic.c -+++ b/arch/x86/kernel/apic/io_apic.c -@@ -2257,6 +2257,9 @@ asmlinkage void smp_irq_move_cleanup_interrupt(void) - continue; - - cfg = irq_cfg(irq); -+ if (!cfg) -+ continue; -+ - raw_spin_lock(&desc->lock); - - /* diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install index 4c65c9783..640b32e25 100755 --- a/kernels/linux-libre-grsec/linux-libre-grsec.install +++ b/kernels/linux-libre-grsec/linux-libre-grsec.install @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME=-grsec -KERNEL_VERSION=3.6.7-4-LIBRE-GRSEC +KERNEL_VERSION=3.6.9-3-LIBRE-GRSEC _fix_permissions() { /usr/bin/paxutils diff --git a/kernels/linux-libre-grsec/module-init-wait-3.6.patch b/kernels/linux-libre-grsec/module-init-wait-3.6.patch deleted file mode 100644 index 1bcfd2491..000000000 --- a/kernels/linux-libre-grsec/module-init-wait-3.6.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Rusty Russell <rusty@rustcorp.com.au> -Date: Fri, 28 Sep 2012 05:01:03 +0000 (+0930) -Subject: module: wait when loading a module which is currently initializing. -X-Git-Tag: v3.7-rc1~2^2~32 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=9bb9c3be568346538 - -module: wait when loading a module which is currently initializing. - -The original module-init-tools module loader used a fnctl lock on the -.ko file to avoid attempts to simultaneously load a module. -Unfortunately, you can't get an exclusive fcntl lock on a read-only -fd, making this not work for read-only mounted filesystems. -module-init-tools has a hacky sleep-and-loop for this now. - -It's not that hard to wait in the kernel, and only return -EEXIST once -the first module has finished loading (or continue loading the module -if the first one failed to initialize for some reason). It's also -consistent with what we do for dependent modules which are still loading. - -Suggested-by: Lucas De Marchi <lucas.demarchi@profusion.mobi> -Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> ---- - -diff --git a/kernel/module.c b/kernel/module.c -index 63cf6e7..74bc195 100644 ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -2845,6 +2845,20 @@ static int post_relocation(struct module *mod, const struct load_info *info) - return module_finalize(info->hdr, info->sechdrs, mod); - } - -+/* Is this module of this name done loading? No locks held. */ -+static bool finished_loading(const char *name) -+{ -+ struct module *mod; -+ bool ret; -+ -+ mutex_lock(&module_mutex); -+ mod = find_module(name); -+ ret = !mod || mod->state != MODULE_STATE_COMING; -+ mutex_unlock(&module_mutex); -+ -+ return ret; -+} -+ - /* Allocate and load the module: note that size of section 0 is always - zero, and we rely on this for optional sections. */ - static struct module *load_module(void __user *umod, -@@ -2852,7 +2866,7 @@ static struct module *load_module(void __user *umod, - const char __user *uargs) - { - struct load_info info = { NULL, }; -- struct module *mod; -+ struct module *mod, *old; - long err; - - pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n", -@@ -2918,8 +2932,18 @@ static struct module *load_module(void __user *umod, - * function to insert in a way safe to concurrent readers. - * The mutex protects against concurrent writers. - */ -+again: - mutex_lock(&module_mutex); -- if (find_module(mod->name)) { -+ if ((old = find_module(mod->name)) != NULL) { -+ if (old->state == MODULE_STATE_COMING) { -+ /* Wait in case it fails to load. */ -+ mutex_unlock(&module_mutex); -+ err = wait_event_interruptible(module_wq, -+ finished_loading(mod->name)); -+ if (err) -+ goto free_arch_cleanup; -+ goto again; -+ } - err = -EEXIST; - goto unlock; - } diff --git a/kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch b/kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch deleted file mode 100644 index b87a38ff5..000000000 --- a/kernels/linux-libre-grsec/module-symbol-waiting-3.6.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: Rusty Russell <rusty@rustcorp.com.au> -Date: Fri, 28 Sep 2012 05:01:03 +0000 (+0930) -Subject: module: fix symbol waiting when module fails before init -X-Git-Tag: v3.7-rc1~2^2~33 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=6f13909f4fe9652f1 - -module: fix symbol waiting when module fails before init - -We use resolve_symbol_wait(), which blocks if the module containing -the symbol is still loading. However: - -1) The module_wq we use is only woken after calling the modules' init - function, but there are other failure paths after the module is - placed in the linked list where we need to do the same thing. - -2) wake_up() only wakes one waiter, and our waitqueue is shared by all - modules, so we need to wake them all. - -3) wake_up_all() doesn't imply a memory barrier: I feel happier calling - it after we've grabbed and dropped the module_mutex, not just after - the state assignment. - -Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> ---- - -diff --git a/kernel/module.c b/kernel/module.c -index 7f2ee45f..63cf6e7 100644 ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -2959,7 +2959,7 @@ static struct module *load_module(void __user *umod, - /* Unlink carefully: kallsyms could be walking list. */ - list_del_rcu(&mod->list); - module_bug_cleanup(mod); -- -+ wake_up_all(&module_wq); - ddebug: - dynamic_debug_remove(info.debug); - unlock: -@@ -3034,7 +3034,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - blocking_notifier_call_chain(&module_notify_list, - MODULE_STATE_GOING, mod); - free_module(mod); -- wake_up(&module_wq); -+ wake_up_all(&module_wq); - return ret; - } - if (ret > 0) { -@@ -3046,9 +3046,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - dump_stack(); - } - -- /* Now it's a first class citizen! Wake up anyone waiting for it. */ -+ /* Now it's a first class citizen! */ - mod->state = MODULE_STATE_LIVE; -- wake_up(&module_wq); - blocking_notifier_call_chain(&module_notify_list, - MODULE_STATE_LIVE, mod); - -@@ -3071,6 +3070,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - mod->init_ro_size = 0; - mod->init_text_size = 0; - mutex_unlock(&module_mutex); -+ wake_up_all(&module_wq); - - return 0; - } diff --git a/kernels/linux-libre-lts-grsec/PKGBUILD b/kernels/linux-libre-lts-grsec/PKGBUILD index 9e3ef91ce..e6ea24827 100755 --- a/kernels/linux-libre-lts-grsec/PKGBUILD +++ b/kernels/linux-libre-lts-grsec/PKGBUILD @@ -10,9 +10,9 @@ pkgbase=linux-libre-lts-grsec # Build stock -LIBRE-LTS-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.2 _grsecver=2.9.1 -_timestamp=201211251859 -pkgver=${_basekernel}.34 -pkgrel=3 +_timestamp=201212061818 +pkgver=${_basekernel}.35 +pkgrel=1 _lxopkgver=${_basekernel}.34 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" @@ -20,7 +20,7 @@ license=('GPL2') makedepends=('xmlto' 'docbook-xsl') options=('!strip') source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gnu/linux-libre-${_basekernel}-gnu.tar.xz" - "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}-gnu/patch-${_basekernel}-gnu-${_pkgver}-gnu.xz" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver}-gnu/patch-${_basekernel}-gnu-${pkgver}-gnu.xz" "http://grsecurity.net/stable/grsecurity-$_grsecver-$pkgver-$_timestamp.patch" # the main kernel config files 'config.i686' 'config.x86_64' @@ -34,14 +34,14 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'ext4-options.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") md5sums=('65c669b6e4888db84a80882461851867' - 'cb77e85201da7df05a1c0609e5c91740' - '31b0af1369d602537bcce58141f37645' + '11cd72c1febacfa98e3c6162fee86ba9' + '27c45c7b29406bea785a8bef77ebfaf2' '9cdc3506425c2f5ca4a05493c0c8dec9' '969fb7ac31e86521d1d854b7d5a3fa18' '243221bb1898f996dcf2020c015f6fd0' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' - '04b21c79df0a952c22d681dd4f4562df' + '86d3c12bdb77173617d2b9e170522ee0' '9d3c56a4b999c8bfbd4018089a62f662' '263725f20c0b9eb9c353040792d644e5' 'f36222e7ce20c8e4dc27376f9be60f6c' @@ -60,11 +60,11 @@ build() { cd "${srcdir}/linux-${_basekernel}" if [ "${_basekernel}" != "${pkgver}" ]; then - patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${_pkgver}-gnu" + patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" fi # Add grsecurity patches - patch -Np1 -i $srcdir/grsecurity-$_grsecver-$pkgver-$_timestamp.patch + patch -Np1 -i ${srcdir}/grsecurity-${_grsecver}-${pkgver}-${_timestamp}.patch rm localversion-grsec # Add freedo as boot logo diff --git a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install index 87abae14c..18b408248 100755 --- a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install +++ b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME=-lts-grsec -KERNEL_VERSION=3.2.34-1-LIBRE-LTS-GRSEC +KERNEL_VERSION=3.2.35-1-LIBRE-LTS-GRSEC # set a sane PATH to ensure that critical utils like depmod will be found export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' @@ -17,7 +17,7 @@ post_install () { fi # compat symlinks for the official kernels only - if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-lts-rt" ]; then + if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-lts-grsec" ]; then loaders="$(find /boot -name syslinux.cfg -or -name extlinux.conf -or -name grub.cfg -or -name menu.lst)" [ -f /etc/lilo.conf ] && loaders="$loaders /etc/lilo.conf" if [ -n "${loaders}" ] && grep -q -e vmlinuz26 -e kernel26.img -e kernel26-fallback.img $loaders; then diff --git a/kernels/paxutils/PKGBUILD b/kernels/paxutils/PKGBUILD index 3d6d1e772..66896a32a 100644 --- a/kernels/paxutils/PKGBUILD +++ b/kernels/paxutils/PKGBUILD @@ -3,8 +3,8 @@ pkgname=paxutils pkgdesc='PaX utilities to configure flags for several binaries to work with PaX kernels' -pkgver=0.1.0 -pkgrel=2 +pkgver=0.1.1 +pkgrel=1 arch=(any) url='https://projects.parabolagnulinux.org/abslibre.git/tree/kernels/paxutils/' license=(GPL2) @@ -13,7 +13,7 @@ replaces=('linux-pax-flags' 'linux-libre-pax-flags') conflicts=('linux-pax-flags' 'linux-libre-pax-flags') provides=('linux-pax-flags' 'linux-libre-pax-flags') source=($pkgname) -sha256sums=(bf1fda4919e7ed8052711c91933d9da5d86945ba44133c94e1952dedb4d1759b) +sha256sums=(a47ebcde9ecb0a5d16825cdca3710ea8ab4fd111abae72216d44e1b0294e043a) build() { return 0 diff --git a/kernels/paxutils/paxutils b/kernels/paxutils/paxutils index 22f5a8171..69662a646 100755 --- a/kernels/paxutils/paxutils +++ b/kernels/paxutils/paxutils @@ -1,14 +1,25 @@ #!/bin/bash -[ "$UID" = "0" ] || { - sudo $0 - exit $! +function usage() { + echo $(basename $0) \[options\] >&2 + echo + echo ' -h This help.' + echo ' -y Do not ask before changes.' + echo + exit 1 } function homedir() { egrep ^$1 /etc/passwd | cut -d: -f 6 } +[ "$1" = '-h' ] && usage + +[ "$UID" = "0" ] || { + sudo $0 $@ + exit $! +} + declare -A perms perms=( @@ -19,6 +30,7 @@ perms=( # MPROTECT and RANDMMAP off ['cPSmXEr']=' /usr/bin/elinks + /usr/bin/gnome-shell /usr/bin/pyrogenesis /usr/lib/iceweasel/iceweasel /usr/lib/iceweasel/plugin-container @@ -148,22 +160,22 @@ echo configuration for the following binaries: for perm in ${!perms[@]}; do for path in ${perms[$perm]}; do - [ -f $path ] && echo " * $path" + [ -f "$path" ] && echo " * $path" done done echo echo Continue writing PaX headers? \[Y/n\] -read a +[ "$1" = '-y' ] && a=y || read a case $a in "Y"|"y"|"") for perm in ${!perms[@]}; do for path in ${perms[$perm]}; do - [ -f $path ] && { + [ -f "$path" ] && { echo $perm $path - paxctl -$perm $path + paxctl -$perm "$path" } done done |