diff options
author | Mike Pagano <mpagano@gentoo.org> | 2024-02-18 16:51:59 -0500 |
---|---|---|
committer | Mike Pagano <mpagano@gentoo.org> | 2024-02-18 16:51:59 -0500 |
commit | cea88f8d4b5420cb0c40eac28fd2997884c9c173 (patch) | |
tree | bd23865cfb0da6132394e6c5b1a7b2bcbc94d326 | |
parent | select BLK_DEV_BSG if SCSI as it depends on it. (diff) | |
download | linux-patches-cea88f8d4b5420cb0c40eac28fd2997884c9c173.tar.gz linux-patches-cea88f8d4b5420cb0c40eac28fd2997884c9c173.tar.bz2 linux-patches-cea88f8d4b5420cb0c40eac28fd2997884c9c173.zip |
Create the 6.8 branch with genpatches6.8-1
Bluetooth: Check key sizes only when Secure Simple Pairing is
enabled. See bug #686758
tmp513 requies REGMAP_I2C to build. Select it by default in Kconfig.
See bug #710790. Thanks to Phil Stracchino
sign-file: full functionality with modern LibreSSL
Kernel Self Protection patch
CPU Optimization patch
Print firmware info (Reqs CONFIG_GENTOO_PRINT_FIRMWARE_INFO)
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
-rw-r--r-- | 0000_README | 32 | ||||
-rw-r--r-- | 1510_fs-enable-link-security-restrictions-by-default.patch | 17 | ||||
-rw-r--r-- | 1700_sparc-address-warray-bound-warnings.patch | 17 | ||||
-rw-r--r-- | 1730_parisc-Disable-prctl.patch | 51 | ||||
-rw-r--r-- | 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch | 37 | ||||
-rw-r--r-- | 2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch | 30 | ||||
-rw-r--r-- | 2910_bfp-mark-get-entry-ip-as--maybe-unused.patch | 11 | ||||
-rw-r--r-- | 2920_sign-file-patch-for-libressl.patch | 16 | ||||
-rw-r--r-- | 3000_Support-printing-firmware-info.patch | 14 |
9 files changed, 225 insertions, 0 deletions
diff --git a/0000_README b/0000_README index 90189932..a4c7916d 100644 --- a/0000_README +++ b/0000_README @@ -43,6 +43,38 @@ EXPERIMENTAL Individual Patch Descriptions: -------------------------------------------------------------------------- +Patch: 1510_fs-enable-link-security-restrictions-by-default.patch +From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ +Desc: Enable link security restrictions by default. + +Patch: 1700_sparc-address-warray-bound-warnings.patch +From: https://github.com/KSPP/linux/issues/109 +Desc: Address -Warray-bounds warnings + +Patch: 1730_parisc-Disable-prctl.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux.git +Desc: prctl: Temporarily disable prctl(PR_SET_MDWE) on parisc + +Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch +From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@holtmann.org/raw +Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 + +Patch: 2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch +From: https://bugs.gentoo.org/710790 +Desc: tmp513 requies REGMAP_I2C to build. Select it by default in Kconfig. See bug #710790. Thanks to Phil Stracchino + +Patch: 2910_bfp-mark-get-entry-ip-as--maybe-unused.patch +From: https://www.spinics.net/lists/stable/msg604665.html +Desc: bpf: mark get_entry_ip as __maybe_unused + +Patch: 2920_sign-file-patch-for-libressl.patch +From: https://bugs.gentoo.org/717166 +Desc: sign-file: full functionality with modern LibreSSL + +Patch: 3000_Support-printing-firmware-info.patch +From: https://bugs.gentoo.org/732852 +Desc: Print firmware info (Reqs CONFIG_GENTOO_PRINT_FIRMWARE_INFO). Thanks to Georgy Yakovlev + Patch: 4567_distro-Gentoo-Kconfig.patch From: Tom Wijsman <TomWij@gentoo.org> Desc: Add Gentoo Linux support config settings and defaults. diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch new file mode 100644 index 00000000..e8c30157 --- /dev/null +++ b/1510_fs-enable-link-security-restrictions-by-default.patch @@ -0,0 +1,17 @@ +--- a/fs/namei.c 2022-01-23 13:02:27.876558299 -0500 ++++ b/fs/namei.c 2022-03-06 12:47:39.375719693 -0500 +@@ -1020,10 +1020,10 @@ static inline void put_link(struct namei + path_put(&last->link); + } + +-static int sysctl_protected_symlinks __read_mostly; +-static int sysctl_protected_hardlinks __read_mostly; +-static int sysctl_protected_fifos __read_mostly; +-static int sysctl_protected_regular __read_mostly; ++static int sysctl_protected_symlinks __read_mostly = 1; ++static int sysctl_protected_hardlinks __read_mostly = 1; ++int sysctl_protected_fifos __read_mostly = 1; ++int sysctl_protected_regular __read_mostly = 1; + + #ifdef CONFIG_SYSCTL + static struct ctl_table namei_sysctls[] = { diff --git a/1700_sparc-address-warray-bound-warnings.patch b/1700_sparc-address-warray-bound-warnings.patch new file mode 100644 index 00000000..f9393555 --- /dev/null +++ b/1700_sparc-address-warray-bound-warnings.patch @@ -0,0 +1,17 @@ +--- a/arch/sparc/mm/init_64.c 2022-05-24 16:48:40.749677491 -0400 ++++ b/arch/sparc/mm/init_64.c 2022-05-24 16:55:15.511356945 -0400 +@@ -3052,11 +3052,11 @@ static inline resource_size_t compute_ke + static void __init kernel_lds_init(void) + { + code_resource.start = compute_kern_paddr(_text); +- code_resource.end = compute_kern_paddr(_etext - 1); ++ code_resource.end = compute_kern_paddr(_etext) - 1; + data_resource.start = compute_kern_paddr(_etext); +- data_resource.end = compute_kern_paddr(_edata - 1); ++ data_resource.end = compute_kern_paddr(_edata) - 1; + bss_resource.start = compute_kern_paddr(__bss_start); +- bss_resource.end = compute_kern_paddr(_end - 1); ++ bss_resource.end = compute_kern_paddr(_end) - 1; + } + + static int __init report_memory(void) diff --git a/1730_parisc-Disable-prctl.patch b/1730_parisc-Disable-prctl.patch new file mode 100644 index 00000000..f892d6a1 --- /dev/null +++ b/1730_parisc-Disable-prctl.patch @@ -0,0 +1,51 @@ +From 339b41ec357c24c02ed4aed6267dbfd443ee1e8e Mon Sep 17 00:00:00 2001 +From: Helge Deller <deller@gmx.de> +Date: Mon, 13 Nov 2023 16:06:18 +0100 +Subject: prctl: Temporarily disable prctl(PR_SET_MDWE) on parisc + +systemd-254 tries to use prctl(PR_SET_MDWE) for systemd's +MemoryDenyWriteExecute functionality, but fails on PA-RISC/HPPA which +still needs executable stacks. + +Temporarily disable prctl(PR_SET_MDWE) by returning -ENODEV on parisc +for now. Note that we can't return -EINVAL since systemd will then try +to use seccomp instead. + +Reported-by: Sam James <sam@gentoo.org> +Signed-off-by: Helge Deller <deller@gmx.de> +Link: https://lore.kernel.org/all/875y2jro9a.fsf@gentoo.org/ +Link: https://github.com/systemd/systemd/issues/29775. +Cc: <stable@vger.kernel.org> # v6.3+ +--- + kernel/sys.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/kernel/sys.c b/kernel/sys.c +index 420d9cb9cc8e2..8e3eaf650d07d 100644 +--- a/kernel/sys.c ++++ b/kernel/sys.c +@@ -2700,10 +2700,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, + break; + #endif + case PR_SET_MDWE: +- error = prctl_set_mdwe(arg2, arg3, arg4, arg5); ++ if (IS_ENABLED(CONFIG_PARISC)) ++ error = -EINVAL; ++ else ++ error = prctl_set_mdwe(arg2, arg3, arg4, arg5); + break; + case PR_GET_MDWE: +- error = prctl_get_mdwe(arg2, arg3, arg4, arg5); ++ if (IS_ENABLED(CONFIG_PARISC)) ++ error = -EINVAL; ++ else ++ error = prctl_get_mdwe(arg2, arg3, arg4, arg5); + break; + case PR_SET_VMA: + error = prctl_set_vma(arg2, arg3, arg4, arg5); +-- +cgit +Filename: fallback-exec-stack.patch. Size: 2kb. View raw, copy, hex, or download this file. +View source code, the removal or expiry stories, or read the about page. + +This website does not claim ownership of, copyright on, and assumes no liability for provided content. Toggle color scheme. diff --git a/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch b/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch new file mode 100644 index 00000000..394ad48f --- /dev/null +++ b/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch @@ -0,0 +1,37 @@ +The encryption is only mandatory to be enforced when both sides are using +Secure Simple Pairing and this means the key size check makes only sense +in that case. + +On legacy Bluetooth 2.0 and earlier devices like mice the encryption was +optional and thus causing an issue if the key size check is not bound to +using Secure Simple Pairing. + +Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections") +Signed-off-by: Marcel Holtmann <marcel@holtmann.org> +Cc: stable@vger.kernel.org +--- + net/bluetooth/hci_conn.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c +index 3cf0764d5793..7516cdde3373 100644 +--- a/net/bluetooth/hci_conn.c ++++ b/net/bluetooth/hci_conn.c +@@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn) + return 0; + } + +- if (hci_conn_ssp_enabled(conn) && +- !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) ++ /* If Secure Simple Pairing is not enabled, then legacy connection ++ * setup is used and no encryption or key sizes can be enforced. ++ */ ++ if (!hci_conn_ssp_enabled(conn)) ++ return 1; ++ ++ if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) + return 0; + + /* The minimum encryption key size needs to be enforced by the +-- +2.20.1 diff --git a/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch b/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch new file mode 100644 index 00000000..43356857 --- /dev/null +++ b/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch @@ -0,0 +1,30 @@ +From dc328d75a6f37f4ff11a81ae16b1ec88c3197640 Mon Sep 17 00:00:00 2001 +From: Mike Pagano <mpagano@gentoo.org> +Date: Mon, 23 Mar 2020 08:20:06 -0400 +Subject: [PATCH 1/1] This driver requires REGMAP_I2C to build. Select it by + default in Kconfig. Reported at gentoo bugzilla: + https://bugs.gentoo.org/710790 +Cc: mpagano@gentoo.org + +Reported-by: Phil Stracchino <phils@caerllewys.net> + +Signed-off-by: Mike Pagano <mpagano@gentoo.org> +--- + drivers/hwmon/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/hwmon/Kconfig b/drivers/hwmon/Kconfig +index 47ac20aee06f..530b4f29ba85 100644 +--- a/drivers/hwmon/Kconfig ++++ b/drivers/hwmon/Kconfig +@@ -1769,6 +1769,7 @@ config SENSORS_TMP421 + config SENSORS_TMP513 + tristate "Texas Instruments TMP513 and compatibles" + depends on I2C ++ select REGMAP_I2C + help + If you say yes here you get support for Texas Instruments TMP512, + and TMP513 temperature and power supply sensor chips. +-- +2.24.1 + diff --git a/2910_bfp-mark-get-entry-ip-as--maybe-unused.patch b/2910_bfp-mark-get-entry-ip-as--maybe-unused.patch new file mode 100644 index 00000000..a75b90c8 --- /dev/null +++ b/2910_bfp-mark-get-entry-ip-as--maybe-unused.patch @@ -0,0 +1,11 @@ +--- a/kernel/trace/bpf_trace.c 2022-11-09 13:30:24.192940988 -0500 ++++ b/kernel/trace/bpf_trace.c 2022-11-09 13:30:59.029810818 -0500 +@@ -1027,7 +1027,7 @@ static const struct bpf_func_proto bpf_g + }; + + #ifdef CONFIG_X86_KERNEL_IBT +-static unsigned long get_entry_ip(unsigned long fentry_ip) ++static unsigned long __maybe_unused get_entry_ip(unsigned long fentry_ip) + { + u32 instr; + diff --git a/2920_sign-file-patch-for-libressl.patch b/2920_sign-file-patch-for-libressl.patch new file mode 100644 index 00000000..e6ec017d --- /dev/null +++ b/2920_sign-file-patch-for-libressl.patch @@ -0,0 +1,16 @@ +--- a/scripts/sign-file.c 2020-05-20 18:47:21.282820662 -0400 ++++ b/scripts/sign-file.c 2020-05-20 18:48:37.991081899 -0400 +@@ -41,9 +41,10 @@ + * signing with anything other than SHA1 - so we're stuck with that if such is + * the case. + */ +-#if defined(LIBRESSL_VERSION_NUMBER) || \ +- OPENSSL_VERSION_NUMBER < 0x10000000L || \ +- defined(OPENSSL_NO_CMS) ++#if defined(OPENSSL_NO_CMS) || \ ++ ( defined(LIBRESSL_VERSION_NUMBER) \ ++ && (LIBRESSL_VERSION_NUMBER < 0x3010000fL) ) || \ ++ OPENSSL_VERSION_NUMBER < 0x10000000L + #define USE_PKCS7 + #endif + #ifndef USE_PKCS7 diff --git a/3000_Support-printing-firmware-info.patch b/3000_Support-printing-firmware-info.patch new file mode 100644 index 00000000..a630cfbe --- /dev/null +++ b/3000_Support-printing-firmware-info.patch @@ -0,0 +1,14 @@ +--- a/drivers/base/firmware_loader/main.c 2021-08-24 15:42:07.025482085 -0400 ++++ b/drivers/base/firmware_loader/main.c 2021-08-24 15:44:40.782975313 -0400 +@@ -809,6 +809,11 @@ _request_firmware(const struct firmware + + ret = _request_firmware_prepare(&fw, name, device, buf, size, + offset, opt_flags); ++ ++#ifdef CONFIG_GENTOO_PRINT_FIRMWARE_INFO ++ printk(KERN_NOTICE "Loading firmware: %s\n", name); ++#endif ++ + if (ret <= 0) /* error or already assigned */ + goto out; + |