From d733fc26b31fb2fd30c080762e588d502f3de4f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?=
 <emulatorman@parabola.nu>
Date: Mon, 11 Aug 2014 16:33:29 -0300
Subject: linux-libre-grsec-3.15.9.201408110025-1: updating version

* rely on grsecurity to disable unprivileged user namespaces
---
 libre/linux-libre-grsec/PKGBUILD                   | 25 ++++++-------
 ...ns-Allow-unprivileged-users-to-create-use.patch | 41 ----------------------
 libre/linux-libre-grsec/config.i686                |  4 ++-
 libre/linux-libre-grsec/config.x86_64              |  4 ++-
 4 files changed, 16 insertions(+), 58 deletions(-)
 delete mode 100644 libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch

diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 3ca2f6e7b..285bdfbe2 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 116869 2014-08-04 21:40:54Z thestinger $
+# $Id: PKGBUILD 117133 2014-08-11 09:27:22Z thestinger $
 # Maintainer (Arch): Daniel Micay <danielmicay@gmail.com>
 # Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
 # Contributor (Arch): Thomas Baechler <thomas@archlinux.org>
@@ -14,13 +14,13 @@
 pkgbase=linux-libre-grsec   # Build stock -libre-grsec kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.15
-_sublevel=8
+_sublevel=9
 _grsecver=3.0
-_timestamp=201408040708
+_timestamp=201408110025
 _pkgver=${_basekernel}.${_sublevel}
 pkgver=${_basekernel}.${_sublevel}.${_timestamp}
-pkgrel=2
-_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver
+pkgrel=1
+_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="https://grsecurity.net/"
 license=('GPL2')
@@ -38,21 +38,19 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         'Kbuild.platforms'
         'boot-logo.patch'
         'change-default-console-loglevel.patch'
-        'Revert-userns-Allow-unprivileged-users-to-create-use.patch'
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
 sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688'
-            '6dfa7e972f54feef3a40047704495c00b4e163d7f164c133aaaa70871ab61afe'
-            'f85023b7d061365a08139743e68082e3f61b178173528a0d9e39c07ddeef0ad6'
+            '8809e70094b8c63010ee090cf8c53cdfc11a6c52bb3707170fadcafd285a22c3'
+            'ebe1eeefe65dfe12e64941e0727c3cc9c37d2547d3eb8c01031d449be00c1e5f'
             'SKIP'
-            '83b59a9479df821cf3d3c594aa5306acbd46f9d1cdb2329fca941a258852ad9e'
-            'd650440267b0fabe1e2481b74fe21448aa8b68cc3ee370059e2138797c189efd'
+            '92a3aa5c168aea61cd910748e7f52493f275549c851a0bfe4a72cfd9da742a90'
+            'c46b0b3750318651c3a12da8dc10ffc5805d0147e0dc56a87a2df37d1503b899'
             '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486'
             'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b'
             '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9'
             'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6'
             'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
-            '1b3651558fcd497c72af3d483febb21fff98cbb9fbcb456da19b24304c40c754'
-            '2b514ce7d678919bc923fc3a4beef38f4a757a6275717dfe7147544c2e9964f0')
+            '1a0c1d5e3c46306766304663e9d4503ca452c4f93d5154a4ca43a03588e20d00')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
     unset source[${#source[@]}-1]
@@ -84,9 +82,6 @@ prepare() {
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
   patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
 
-  # forbid unprivileged user namespaces
-  patch -p1 -i "$srcdir/Revert-userns-Allow-unprivileged-users-to-create-use.patch"
-
   if [ "$CARCH" == "mips64el" ]; then
     sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
     sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
diff --git a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch b/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch
deleted file mode 100644
index 5713dbb20..000000000
--- a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From e3da68be55914bfeedb8866f191cc0958579611d Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Wed, 13 Nov 2013 10:21:18 -0500
-Subject: [PATCH] Revert "userns: Allow unprivileged users to create user
- namespaces."
-
-This reverts commit 5eaf563e53294d6696e651466697eb9d491f3946.
-
-Conflicts:
-	kernel/fork.c
----
- kernel/fork.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/kernel/fork.c b/kernel/fork.c
-index f6d11fc..e04c9a7 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -1573,6 +1573,19 @@ long do_fork(unsigned long clone_flags,
- 	long nr;
- 
- 	/*
-+	 * Do some preliminary argument and permissions checking before we
-+	 * actually start allocating stuff
-+	 */
-+	if (clone_flags & CLONE_NEWUSER) {
-+		/* hopefully this check will go away when userns support is
-+		 * complete
-+		 */
-+		if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
-+				!capable(CAP_SETGID))
-+			return -EPERM;
-+	}
-+
-+	/*
- 	 * Determine whether and which event to report to ptracer.  When
- 	 * called from kernel_thread or CLONE_UNTRACED is explicitly
- 	 * requested, no event is reported; otherwise, report if the event
--- 
-1.8.3.1
-
diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686
index 140c017a7..b51548d1f 100644
--- a/libre/linux-libre-grsec/config.i686
+++ b/libre/linux-libre-grsec/config.i686
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.15.8.201408010648-1 Kernel Configuration
+# Linux/x86 3.15.9.201408110025-1 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -414,6 +414,8 @@ CONFIG_X86_MCE_THRESHOLD=y
 # CONFIG_X86_MCE_INJECT is not set
 CONFIG_X86_THERMAL_VECTOR=y
 CONFIG_VM86=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX32=y
 CONFIG_TOSHIBA=m
 CONFIG_I8K=m
 CONFIG_X86_REBOOTFIXUPS=y
diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64
index 8830b5eb0..2cd6a6b53 100644
--- a/libre/linux-libre-grsec/config.x86_64
+++ b/libre/linux-libre-grsec/config.x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.15.8.201408010648-1 Kernel Configuration
+# Linux/x86 3.15.9.201408110025-1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -405,6 +405,8 @@ CONFIG_X86_MCE_AMD=y
 CONFIG_X86_MCE_THRESHOLD=y
 # CONFIG_X86_MCE_INJECT is not set
 CONFIG_X86_THERMAL_VECTOR=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
 CONFIG_I8K=m
 CONFIG_MICROCODE=m
 # CONFIG_MICROCODE_INTEL is not set
-- 
cgit v1.2.3-2-g168b