From efd16189c7267d5c62b27be66e07b79cad95a0f3 Mon Sep 17 00:00:00 2001
From: David P <megver83@parabola.nu>
Date: Feb 06 2024 23:07:32 +0000
Subject: updpkg: libre/linux-libre-pae 6.7.4-1


Signed-off-by: David P. <megver83@parabola.nu>

---

diff --git a/libre/linux-libre-pae/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/libre/linux-libre-pae/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index 200467d..7725291 100644
--- a/libre/linux-libre-pae/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+++ b/libre/linux-libre-pae/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,7 +1,7 @@
-From 5356bd2edba31be92ea71b8fa2167e2bc3b60fbc Mon Sep 17 00:00:00 2001
+From d0c6bedb9c49fdd994f469309a4e2668134b4e5e Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
 Date: Mon, 16 Sep 2019 04:53:20 +0200
-Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged
+Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged
  CLONE_NEWUSER
 
 Our default behavior continues to match the vanilla kernel.
@@ -14,10 +14,10 @@ Our default behavior continues to match the vanilla kernel.
  5 files changed, 53 insertions(+)
 
 diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
-index 45f09bec02c4..87b20e2ee274 100644
+index 6030a8235617..60b7fe5fa74a 100644
 --- a/include/linux/user_namespace.h
 +++ b/include/linux/user_namespace.h
-@@ -148,6 +148,8 @@ static inline void set_userns_rlimit_max(struct user_namespace *ns,
+@@ -156,6 +156,8 @@ static inline void set_userns_rlimit_max(struct user_namespace *ns,
  
  #ifdef CONFIG_USER_NS
  
@@ -26,7 +26,7 @@ index 45f09bec02c4..87b20e2ee274 100644
  static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
  {
  	if (ns)
-@@ -181,6 +183,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns);
+@@ -189,6 +191,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns);
  struct ns_common *ns_get_owner(struct ns_common *ns);
  #else
  
@@ -36,7 +36,7 @@ index 45f09bec02c4..87b20e2ee274 100644
  {
  	return &init_user_ns;
 diff --git a/init/Kconfig b/init/Kconfig
-index 6d35728b94b2..0562c8ca7b30 100644
+index 9ffb103fc927..f91ccd3c1456 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
 @@ -1226,6 +1226,22 @@ config USER_NS
@@ -63,7 +63,7 @@ index 6d35728b94b2..0562c8ca7b30 100644
  	bool "PID Namespaces"
  	default y
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 177ce7438db6..6ecece1407fc 100644
+index 10917c3e1f03..458360cf9bfb 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -100,6 +100,10 @@
@@ -77,7 +77,7 @@ index 177ce7438db6..6ecece1407fc 100644
  #include <asm/pgalloc.h>
  #include <linux/uaccess.h>
  #include <asm/mmu_context.h>
-@@ -2260,6 +2264,10 @@ __latent_entropy struct task_struct *copy_process(
+@@ -2265,6 +2269,10 @@ __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -88,7 +88,7 @@ index 177ce7438db6..6ecece1407fc 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -3413,6 +3421,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -3411,6 +3419,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -102,7 +102,7 @@ index 177ce7438db6..6ecece1407fc 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 354a2d294f52..5bc5605e7cdb 100644
+index 157f7ce2942d..881fc4f5d61e 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -80,6 +80,9 @@
@@ -132,7 +132,7 @@ index 354a2d294f52..5bc5605e7cdb 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 1d8e47bed3f1..fec01d016a35 100644
+index eabe8bcc7042..ac9d1f702086 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
 @@ -22,6 +22,13 @@
@@ -146,7 +146,7 @@ index 1d8e47bed3f1..fec01d016a35 100644
 +int unprivileged_userns_clone;
 +#endif
 +
- static struct kmem_cache *user_ns_cachep __read_mostly;
+ static struct kmem_cache *user_ns_cachep __ro_after_init;
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
diff --git a/libre/linux-libre-pae/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch b/libre/linux-libre-pae/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch
index 3d2d12a..9fe5377 100644
--- a/libre/linux-libre-pae/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch
+++ b/libre/linux-libre-pae/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch
@@ -1,7 +1,7 @@
-From 71702f17b7826fda819d56e329680eb655344fcb Mon Sep 17 00:00:00 2001
+From 7d40ea483850d1b5051773bbef01821b27272908 Mon Sep 17 00:00:00 2001
 From: Javier Martinez Canillas <javierm@redhat.com>
 Date: Thu, 19 May 2022 14:40:07 +0200
-Subject: [PATCH 2/2] drivers/firmware: skip simpledrm if nvidia-drm.modeset=1
+Subject: [PATCH 2/3] drivers/firmware: skip simpledrm if nvidia-drm.modeset=1
  is set
 
 The Nvidia proprietary driver has some bugs that leads to issues if used
@@ -49,7 +49,7 @@ Cherry-picked-for: https://bugs.archlinux.org/task/73720
  1 file changed, 17 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c
-index 82fcfd29bc4d..17b7e096b682 100644
+index 3c197db42c9d..16e4a2e90fae 100644
 --- a/drivers/firmware/sysfb.c
 +++ b/drivers/firmware/sysfb.c
 @@ -34,6 +34,22 @@
diff --git a/libre/linux-libre-pae/0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch b/libre/linux-libre-pae/0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
new file mode 100644
index 0000000..a080366
--- /dev/null
+++ b/libre/linux-libre-pae/0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
@@ -0,0 +1,36 @@
+From e45bad13f468eba7426c5d10b95d4dda3c65e2a5 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
+Date: Sat, 13 Jan 2024 15:29:25 +0100
+Subject: [PATCH 3/3] arch/Kconfig: Default to maximum amount of ASLR bits
+
+To mitigate https://zolutal.github.io/aslrnt/; do this with a patch to
+avoid having to enable `CONFIG_EXPERT`.
+---
+ arch/Kconfig | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/Kconfig b/arch/Kconfig
+index f4b210ab0612..837d0dbb28ea 100644
+--- a/arch/Kconfig
++++ b/arch/Kconfig
+@@ -1032,7 +1032,7 @@ config ARCH_MMAP_RND_BITS
+ 	int "Number of bits to use for ASLR of mmap base address" if EXPERT
+ 	range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
+ 	default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
+-	default ARCH_MMAP_RND_BITS_MIN
++	default ARCH_MMAP_RND_BITS_MAX
+ 	depends on HAVE_ARCH_MMAP_RND_BITS
+ 	help
+ 	  This value can be used to select the number of bits to use to
+@@ -1066,7 +1066,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
+ 	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
+ 	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
+ 	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
+-	default ARCH_MMAP_RND_COMPAT_BITS_MIN
++	default ARCH_MMAP_RND_COMPAT_BITS_MAX
+ 	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
+ 	help
+ 	  This value can be used to select the number of bits to use to
+-- 
+2.43.0
+
diff --git a/libre/linux-libre-pae/PKGBUILD b/libre/linux-libre-pae/PKGBUILD
index 7930caa..3625e75 100644
--- a/libre/linux-libre-pae/PKGBUILD
+++ b/libre/linux-libre-pae/PKGBUILD
@@ -9,7 +9,7 @@ _replacesoldkernels=() # '%' gets replaced with kernel suffix
 _replacesoldmodules=() # '%' gets replaced with kernel suffix
 
 pkgbase=linux-libre-pae
-pkgver=6.6.8
+pkgver=6.7.4
 pkgrel=1
 pkgdesc='Linux-libre PAE (physical address extension)'
 url='https://linux-libre.fsfla.org/'
@@ -33,7 +33,7 @@ makedepends=(
   #texlive-latexextra
 )
 options=('!strip')
-_srcname=linux-6.6
+_srcname=linux-6.7
 source=(
   "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcname##*-}-gnu/linux-libre-${_srcname##*-}-gnu.tar.xz"{,.sign}
   "https://linux-libre.fsfla.org/pub/linux-libre/releases/$pkgver-gnu/patch-${_srcname##*-}-gnu-$pkgver-gnu.xz"{,.sign}
@@ -48,8 +48,10 @@ source=(
   # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
   0002-fix-Atmel-maXTouch-touchscreen-support.patch
   # Arch Linux patches
+  # https://github.com/archlinux/linux
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch
+  0003-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
   # avoid using zstd compression in ultra mode (exhausts virtual memory)
   no-ultra-zstd.patch
 )
@@ -57,9 +59,9 @@ validpgpkeys=(
   474402C8C582DAFBE389C427BCB7CF877E7D47A7 # Alexandre Oliva
   6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78 # David P.
 )
-sha256sums=('d71785bdb694fefaa4f183e5dd2ffc453c179db6f9427cc37e1ed046f0073ccf'
+sha256sums=('eb43c7dfe646d607ce7f010fa77789260db46fad1086dcd5c7f8df0bee9c14b0'
             'SKIP'
-            '4193aba41ae2eed56059b7fe917fa0b933573578b7a71f4e0fdb7a4487075170'
+            'ed1227ef770e37e3df3e760b908497f8492c2902c2e9063737690cf70d94c14c'
             'SKIP'
             'bfd4a7f61febe63c880534dcb7c31c5b932dde6acf991810b41a939a93535494'
             'SKIP'
@@ -70,12 +72,13 @@ sha256sums=('d71785bdb694fefaa4f183e5dd2ffc453c179db6f9427cc37e1ed046f0073ccf'
             '8a8b10cbb3acb6904cf90f462c1c3fd41b2a2f8f31e42fe4f18c8b4df17347f5'
             '0376bd5efa31d4e2a9d52558777cebd9f0941df8e1adab916c868bf0c05f2fc3'
             '351fd96be8cd5ebd0435c0a8a978673fc023e3b1026085e67f86d815b2285e25'
-            'f42b4d1cbde46fd9c2e3b9baaecb0a50fab3aa423a621a7849c42b5ddbbfa9b8'
-            '1ee62f3e582ffb63323097ff0698572b33507d1ff3dd3c88f7071dfa7a22fc24'
+            '994b27f23073a6e04bf8a61cd2eb9d2511b8eb0e81ed7828d4c3880f1e1f5061'
+            'e66f241a67f2aeda3fd61ef56c6fa40f414f3b89b5e700cfb7680384f2be7f63'
+            'f36b1b3109d035139cfff75962a81c870fcb73fc3f81bb958e34a9e60af4fa3a'
             'd32270be5fd9c3e3ba50f3aef33f6cfcb85be0c8216f03b777287cc621fdff28')
-b2sums=('e3e753fed07258f34e2e44e1acd4be0c22a3c58a3ae4856b518a4f99358f5bf6e8f38e41f422d9a434b33b0d7ee972e93ac7d37c9734949d6db263afe4c4f47c'
+b2sums=('45471cdf9e8fc37e384bdcfc2d22b113850daf62a5bea70a1dc6ea402fd2f924bc21cb0275f7e22532092e20af6de7fc2bc7f2056321d29fd29e5cb0e7e80f87'
         'SKIP'
-        '53cb120b0bc8bce90e19fce0a69d05ab3f69d07ce75976d2106e0edaf5699fb71f777b1913c1fc36075d9dc46d3f4bfa1f9e4f2e7901bae869c28d3642a0a93e'
+        'e7e8c9e4bae48c6c15ce3d5b50694ae8560a48731263445c81284c5e798eb8d77ef032dc22d3dcbe8b47029f53518cbe559d8194b92d0c8bec76bb3acf9f708c'
         'SKIP'
         '73fee2ae5cb1ffd3e6584e56da86a8b1ff6c713aae54d77c0dab113890fc673dc5f300eb9ed93fb367b045ece8fa80304ff277fe61665eccf7b7ce24f0c045eb'
         'SKIP'
@@ -86,8 +89,9 @@ b2sums=('e3e753fed07258f34e2e44e1acd4be0c22a3c58a3ae4856b518a4f99358f5bf6e8f38e4
         'e18118ef69486e8839926c92a3f5f3842e6561065781c8e182a29167cd8d80e9198cb1def3611ad54c0b696d6e634ec4631c49b9449c05718790ed0fb1491eec'
         'c2214154c36900e311531bfe68184f31639f5c50fed23bc3803a7f18439b7ff258552a39f02fed0ea92f10744e17a6c55cef0ef1a98187f978fe480fb3dddc14'
         '0c7ceba7cd90087db3296610a07886f337910bad265a32c052d3a703e6eb8e53f355ab9948d72d366408d968d8ee7435084dd89bef5ed0b69355fd884c2cd468'
-        '4f5df7bb477f09855294fd4afd6adedd97f1a96051d350a936cb3e061de9c599130e9db4a820d5b70086b8fac5e9e294ca2898fa924310c4fae684c2fbf9c5bc'
-        '9419a4ff2104313df9e40cd1e7f3f7629b4beec27e60b27c4935bb57a245c7b63189ffe38a70ca834d025708c489c623f2734a0e0b3260dde14e871c52455911'
+        '6f1d4a50cbfc5777d481596593b4d137fcd35b5b2af6ad610147ae28e5918800f917f7d65544c97b67005ad7c171b36c205c748e24a5d44fea23ed53460bd2bc'
+        '3b9a9e60af14d82d82e9645b55cd8f1f5827da1b15226c1cd8022c0a426c1d4d66981c2be2ef422cd7401aa74d3e610ebe9f4e76e0b506cebe758bc27464145a'
+        'a8b01480b16f062bf465149494387f6f4eabc3289dc7596c4dbfe4a4a963f60d717f86cead9dc37d1fea9c9213cd6d2663648f3fc8d197c09d006ac2dc0c4511'
         '165ab9dd8cedeaae5327accc1581c19cf0be55f923b03feb889cad3351b74c7c4cd3d3c206938e5152bfe1d947513dea8f630f8f5544099ec13d16d254725c40')
 
 _replacesarchkernel=("${_replacesarchkernel[@]/\%/${pkgbase#linux-libre}}")
@@ -136,6 +140,7 @@ prepare() {
 build() {
   cd $_srcname
   make all
+  # temporarily disabled documentation due to sphinx_rtd_theme (FS32#163)
   #make htmldocs
 }