[gentoo-commits] proj/linux-patches:5.15 commit in: / - gentoo-commits

From:	Mike Pagano <mpagano@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/linux-patches:5.15 commit in: /
Date:	Sun, 03 Oct 2021 20:29:09
Message-Id:	`1633292900.08fdcee6ee1676be74fc36cd4659afa7c2589a13.mpagano@gentoo`

1

commit:     08fdcee6ee1676be74fc36cd4659afa7c2589a13

2

Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>

3

AuthorDate: Sun Oct  3 20:28:20 2021 +0000

4

Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>

5

CommitDate: Sun Oct  3 20:28:20 2021 +0000

6

URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=08fdcee6

7

8

Name CPU Opt patch properly and add other patches

9

10

Patch to enable link security restrictions by default.

11

Support for namespace user.pax.* on tmpfs

12

Enable link security restrictions by default.

13

Bluetooth: Check key sizes only when Secure Simple Pairing

14

is enabled. See bug #686758

15

tmp513 requies REGMAP_I2C to build.  Select it by default in

16

Kconfig. See bug #710790. Thanks to Phil Stracchino

17

sign-file: full functionality with modern LibreSSL

18

Add Gentoo Linux support config settings and defaults.

19

Kernel Self Protection patch CPU Optimization patch

20

Patch to print firmware info

21

22

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

23

24

 0000_README                                        | 32 +++++++++++

25

 1500_XATTR_USER_PREFIX.patch                       | 67 ++++++++++++++++++++++

26

 ...ble-link-security-restrictions-by-default.patch | 20 +++++++

27

 ...zes-only-if-Secure-Simple-Pairing-enabled.patch | 37 ++++++++++++

28

 ...3-Fix-build-issue-by-selecting-CONFIG_REG.patch | 30 ++++++++++

29

 2920_sign-file-patch-for-libressl.patch            | 16 ++++++

30

 3000_Support-printing-firmware-info.patch          | 14 +++++

31

 4567_distro-Gentoo-Kconfig.patch                   |  2 +-

32

 ...> 5010_enable-cpu-optimizations-universal.patch |  0

33

 9 files changed, 217 insertions(+), 1 deletion(-)

34

35

diff --git a/0000_README b/0000_README

36

index 9018993..0995b74 100644

37

--- a/0000_README

38

+++ b/0000_README

39

@@ -43,6 +43,38 @@ EXPERIMENTAL

40

 Individual Patch Descriptions:

41

 --------------------------------------------------------------------------

42

43

+Patch:  1500_XATTR_USER_PREFIX.patch

44

+From:   https://bugs.gentoo.org/show_bug.cgi?id=470644

45

+Desc:   Support for namespace user.pax.* on tmpfs.

46

+

47

+Patch:  1510_fs-enable-link-security-restrictions-by-default.patch

48

+From:   http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/

49

+Desc:   Enable link security restrictions by default.

50

+

51

+Patch:  2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch

52

+From:   https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@××××××××.org/raw

53

+Desc:   Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758

54

+

55

+Patch:  2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch

56

+From:   https://bugs.gentoo.org/710790

57

+Desc:   tmp513 requies REGMAP_I2C to build.  Select it by default in Kconfig. See bug #710790. Thanks to Phil Stracchino

58

+

59

+Patch:  2920_sign-file-patch-for-libressl.patch

60

+From:   https://bugs.gentoo.org/717166

61

+Desc:   sign-file: full functionality with modern LibreSSL

62

+

63

+Patch:  3000_Support-printing-firmware-info.patch

64

+From:   https://bugs.gentoo.org/732852

65

+Desc:   Print firmware info (Reqs CONFIG_GENTOO_PRINT_FIRMWARE_INFO). Thanks to Georgy Yakovlev

66

+

67

 Patch:  4567_distro-Gentoo-Kconfig.patch

68

 From:   Tom Wijsman <TomWij@g.o>

69

 Desc:   Add Gentoo Linux support config settings and defaults.

70

+

71

+Patch:  5010_enable-cpu-optimizations-universal.patch

72

+From:   https://github.com/graysky2/kernel_compiler_patch

73

+Desc:   Kernel >= 5.8 patch enables gcc = v9+ optimizations for additional CPUs.

74

+

75

+Patch:  5021_BMQ-and-PDS-gentoo-defaults.patch

76

+From:   https://gitweb.gentoo.org/proj/linux-patches.git/

77

+Desc:   Set defaults for BMQ. Add archs as people test, default to N

78

79

diff --git a/1500_XATTR_USER_PREFIX.patch b/1500_XATTR_USER_PREFIX.patch

80

new file mode 100644

81

index 0000000..245dcc2

82

--- /dev/null

83

+++ b/1500_XATTR_USER_PREFIX.patch

84

@@ -0,0 +1,67 @@

85

+From: Anthony G. Basile <blueness@g.o>

86

+

87

+This patch adds support for a restricted user-controlled namespace on

88

+tmpfs filesystem used to house PaX flags.  The namespace must be of the

89

+form user.pax.* and its value cannot exceed a size of 8 bytes.

90

+

91

+This is needed even on all Gentoo systems so that XATTR_PAX flags

92

+are preserved for users who might build packages using portage on

93

+a tmpfs system with a non-hardened kernel and then switch to a

94

+hardened kernel with XATTR_PAX enabled.

95

+

96

+The namespace is added to any user with Extended Attribute support

97

+enabled for tmpfs.  Users who do not enable xattrs will not have

98

+the XATTR_PAX flags preserved.

99

+

100

+diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h

101

+index 1590c49..5eab462 100644

102

+--- a/include/uapi/linux/xattr.h

103

++++ b/include/uapi/linux/xattr.h

104

+@@ -73,5 +73,9 @@

105

+ #define XATTR_POSIX_ACL_DEFAULT  "posix_acl_default"

106

+ #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT

107

+

108

++/* User namespace */

109

++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax."

110

++#define XATTR_PAX_FLAGS_SUFFIX "flags"

111

++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX

112

+

113

+ #endif /* _UAPI_LINUX_XATTR_H */

114

+--- a/mm/shmem.c	2020-05-04 15:30:27.042035334 -0400

115

++++ b/mm/shmem.c	2020-05-04 15:34:57.013881725 -0400

116

+@@ -3238,6 +3238,14 @@ static int shmem_xattr_handler_set(const

117

+ 	struct shmem_inode_info *info = SHMEM_I(inode);

118

+

119

+ 	name = xattr_full_name(handler, name);

120

++

121

++	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {

122

++		if (strcmp(name, XATTR_NAME_PAX_FLAGS))

123

++			return -EOPNOTSUPP;

124

++		if (size > 8)

125

++			return -EINVAL;

126

++	}

127

++

128

+ 	return simple_xattr_set(&info->xattrs, name, value, size, flags, NULL);

129

+ }

130

+

131

+@@ -3253,6 +3261,12 @@ static const struct xattr_handler shmem_

132

+ 	.set = shmem_xattr_handler_set,

133

+ };

134

+

135

++static const struct xattr_handler shmem_user_xattr_handler = {

136

++	.prefix = XATTR_USER_PREFIX,

137

++	.get = shmem_xattr_handler_get,

138

++	.set = shmem_xattr_handler_set,

139

++};

140

++

141

+ static const struct xattr_handler *shmem_xattr_handlers[] = {

142

+ #ifdef CONFIG_TMPFS_POSIX_ACL

143

+ 	&posix_acl_access_xattr_handler,

144

+@@ -3260,6 +3274,7 @@ static const struct xattr_handler *shmem

145

+ #endif

146

+ 	&shmem_security_xattr_handler,

147

+ 	&shmem_trusted_xattr_handler,

148

++	&shmem_user_xattr_handler,

149

+ 	NULL

150

+ };

151

+

152

153

diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch

154

new file mode 100644

155

index 0000000..f0ed144

156

--- /dev/null

157

+++ b/1510_fs-enable-link-security-restrictions-by-default.patch

158

@@ -0,0 +1,20 @@

159

+From: Ben Hutchings <ben@××××××××××××.uk>

160

+Subject: fs: Enable link security restrictions by default

161

+Date: Fri, 02 Nov 2012 05:32:06 +0000

162

+Bug-Debian: https://bugs.debian.org/609455

163

+Forwarded: not-needed

164

+This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415

165

+('VFS: don't do protected {sym,hard}links by default').

166

+--- a/fs/namei.c	2018-09-28 07:56:07.770005006 -0400

167

++++ b/fs/namei.c	2018-09-28 07:56:43.370349204 -0400

168

+@@ -885,8 +885,8 @@ static inline void put_link(struct namei

169

+ 		path_put(&last->link);

170

+ }

171

+

172

+-int sysctl_protected_symlinks __read_mostly = 0;

173

+-int sysctl_protected_hardlinks __read_mostly = 0;

174

++int sysctl_protected_symlinks __read_mostly = 1;

175

++int sysctl_protected_hardlinks __read_mostly = 1;

176

+ int sysctl_protected_fifos __read_mostly;

177

+ int sysctl_protected_regular __read_mostly;

178

+

179

180

diff --git a/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch b/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch

181

new file mode 100644

182

index 0000000..394ad48

183

--- /dev/null

184

+++ b/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch

185

@@ -0,0 +1,37 @@

186

+The encryption is only mandatory to be enforced when both sides are using

187

+Secure Simple Pairing and this means the key size check makes only sense

188

+in that case.

189

+

190

+On legacy Bluetooth 2.0 and earlier devices like mice the encryption was

191

+optional and thus causing an issue if the key size check is not bound to

192

+using Secure Simple Pairing.

193

+

194

+Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")

195

+Signed-off-by: Marcel Holtmann <marcel@××××××××.org>

196

+Cc: stable@×××××××××××.org

197

+---

198

+ net/bluetooth/hci_conn.c | 9 +++++++--

199

+ 1 file changed, 7 insertions(+), 2 deletions(-)

200

+

201

+diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c

202

+index 3cf0764d5793..7516cdde3373 100644

203

+--- a/net/bluetooth/hci_conn.c

204

++++ b/net/bluetooth/hci_conn.c

205

+@@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn)

206

+ 			return 0;

207

+ 	}

208

+

209

+-	if (hci_conn_ssp_enabled(conn) &&

210

+-	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))

211

++	/* If Secure Simple Pairing is not enabled, then legacy connection

212

++	 * setup is used and no encryption or key sizes can be enforced.

213

++	 */

214

++	if (!hci_conn_ssp_enabled(conn))

215

++		return 1;

216

++

217

++	if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))

218

+ 		return 0;

219

+

220

+ 	/* The minimum encryption key size needs to be enforced by the

221

+--

222

+2.20.1

223

224

diff --git a/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch b/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch

225

new file mode 100644

226

index 0000000..4335685

227

--- /dev/null

228

+++ b/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch

229

@@ -0,0 +1,30 @@

230

+From dc328d75a6f37f4ff11a81ae16b1ec88c3197640 Mon Sep 17 00:00:00 2001

231

+From: Mike Pagano <mpagano@g.o>

232

+Date: Mon, 23 Mar 2020 08:20:06 -0400

233

+Subject: [PATCH 1/1] This driver requires REGMAP_I2C to build.  Select it by

234

+ default in Kconfig. Reported at gentoo bugzilla:

235

+ https://bugs.gentoo.org/710790

236

+Cc: mpagano@g.o

237

+

238

+Reported-by: Phil Stracchino <phils@××××××××××.net>

239

+

240

+Signed-off-by: Mike Pagano <mpagano@g.o>

241

+---

242

+ drivers/hwmon/Kconfig | 1 +

243

+ 1 file changed, 1 insertion(+)

244

+

245

+diff --git a/drivers/hwmon/Kconfig b/drivers/hwmon/Kconfig

246

+index 47ac20aee06f..530b4f29ba85 100644

247

+--- a/drivers/hwmon/Kconfig

248

++++ b/drivers/hwmon/Kconfig

249

+@@ -1769,6 +1769,7 @@ config SENSORS_TMP421

250

+ config SENSORS_TMP513

251

+ 	tristate "Texas Instruments TMP513 and compatibles"

252

+ 	depends on I2C

253

++	select REGMAP_I2C

254

+ 	help

255

+ 	  If you say yes here you get support for Texas Instruments TMP512,

256

+ 	  and TMP513 temperature and power supply sensor chips.

257

+--

258

+2.24.1

259

+

260

261

diff --git a/2920_sign-file-patch-for-libressl.patch b/2920_sign-file-patch-for-libressl.patch

262

new file mode 100644

263

index 0000000..e6ec017

264

--- /dev/null

265

+++ b/2920_sign-file-patch-for-libressl.patch

266

@@ -0,0 +1,16 @@

267

+--- a/scripts/sign-file.c	2020-05-20 18:47:21.282820662 -0400

268

++++ b/scripts/sign-file.c	2020-05-20 18:48:37.991081899 -0400

269

+@@ -41,9 +41,10 @@

270

+  * signing with anything other than SHA1 - so we're stuck with that if such is

271

+  * the case.

272

+  */

273

+-#if defined(LIBRESSL_VERSION_NUMBER) || \

274

+-	OPENSSL_VERSION_NUMBER < 0x10000000L || \

275

+-	defined(OPENSSL_NO_CMS)

276

++#if defined(OPENSSL_NO_CMS) || \

277

++	( defined(LIBRESSL_VERSION_NUMBER) \

278

++	&& (LIBRESSL_VERSION_NUMBER < 0x3010000fL) ) || \

279

++	OPENSSL_VERSION_NUMBER < 0x10000000L

280

+ #define USE_PKCS7

281

+ #endif

282

+ #ifndef USE_PKCS7

283

284

diff --git a/3000_Support-printing-firmware-info.patch b/3000_Support-printing-firmware-info.patch

285

new file mode 100644

286

index 0000000..a630cfb

287

--- /dev/null

288

+++ b/3000_Support-printing-firmware-info.patch

289

@@ -0,0 +1,14 @@

290

+--- a/drivers/base/firmware_loader/main.c	2021-08-24 15:42:07.025482085 -0400

291

++++ b/drivers/base/firmware_loader/main.c	2021-08-24 15:44:40.782975313 -0400

292

+@@ -809,6 +809,11 @@ _request_firmware(const struct firmware

293

+

294

+ 	ret = _request_firmware_prepare(&fw, name, device, buf, size,

295

+ 					offset, opt_flags);

296

++

297

++#ifdef CONFIG_GENTOO_PRINT_FIRMWARE_INFO

298

++        printk(KERN_NOTICE "Loading firmware: %s\n", name);

299

++#endif

300

++

301

+ 	if (ret <= 0) /* error or already assigned */

302

+ 		goto out;

303

+

304

305

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch

306

index d2175f0..74e80d3 100644

307

--- a/4567_distro-Gentoo-Kconfig.patch

308

+++ b/4567_distro-Gentoo-Kconfig.patch

309

@@ -65,6 +65,7 @@

310

 +	select NET_NS

311

 +	select PID_NS

312

 +	select SYSVIPC

313

++	select USER_NS

314

 +	select UTS_NS

315

+

316

 +	help

317

@@ -145,7 +146,6 @@

318

 +	select TIMERFD

319

 +	select TMPFS_POSIX_ACL

320

 +	select TMPFS_XATTR

321

-+	select USER_NS

322

+

323

 +	select ANON_INODES

324

 +	select BLOCK

325

326

diff --git a/more-uarches-for-kernel-5.15+.patch b/5010_enable-cpu-optimizations-universal.patch

327

similarity index 100%

328

rename from more-uarches-for-kernel-5.15+.patch

329

rename to 5010_enable-cpu-optimizations-universal.patch

1	commit: 08fdcee6ee1676be74fc36cd4659afa7c2589a13
2	Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3	AuthorDate: Sun Oct 3 20:28:20 2021 +0000
4	Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5	CommitDate: Sun Oct 3 20:28:20 2021 +0000
6	URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=08fdcee6
7
8	Name CPU Opt patch properly and add other patches
9
10	Patch to enable link security restrictions by default.
11	Support for namespace user.pax.* on tmpfs
12	Enable link security restrictions by default.
13	Bluetooth: Check key sizes only when Secure Simple Pairing
14	is enabled. See bug #686758
15	tmp513 requies REGMAP_I2C to build. Select it by default in
16	Kconfig. See bug #710790. Thanks to Phil Stracchino
17	sign-file: full functionality with modern LibreSSL
18	Add Gentoo Linux support config settings and defaults.
19	Kernel Self Protection patch CPU Optimization patch
20	Patch to print firmware info
21
22	Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
23
24	0000_README \| 32 +++++++++++
25	1500_XATTR_USER_PREFIX.patch \| 67 ++++++++++++++++++++++
26	...ble-link-security-restrictions-by-default.patch \| 20 +++++++
27	...zes-only-if-Secure-Simple-Pairing-enabled.patch \| 37 ++++++++++++
28	...3-Fix-build-issue-by-selecting-CONFIG_REG.patch \| 30 ++++++++++
29	2920_sign-file-patch-for-libressl.patch \| 16 ++++++
30	3000_Support-printing-firmware-info.patch \| 14 +++++
31	4567_distro-Gentoo-Kconfig.patch \| 2 +-
32	...> 5010_enable-cpu-optimizations-universal.patch \| 0
33	9 files changed, 217 insertions(+), 1 deletion(-)
34
35	diff --git a/0000_README b/0000_README
36	index 9018993..0995b74 100644
37	--- a/0000_README
38	+++ b/0000_README
39	@@ -43,6 +43,38 @@ EXPERIMENTAL
40	Individual Patch Descriptions:
41	--------------------------------------------------------------------------
42
43	+Patch: 1500_XATTR_USER_PREFIX.patch
44	+From: https://bugs.gentoo.org/show_bug.cgi?id=470644
45	+Desc: Support for namespace user.pax.* on tmpfs.
46	+
47	+Patch: 1510_fs-enable-link-security-restrictions-by-default.patch
48	+From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
49	+Desc: Enable link security restrictions by default.
50	+
51	+Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch
52	+From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@××××××××.org/raw
53	+Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758
54	+
55	+Patch: 2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch
56	+From: https://bugs.gentoo.org/710790
57	+Desc: tmp513 requies REGMAP_I2C to build. Select it by default in Kconfig. See bug #710790. Thanks to Phil Stracchino
58	+
59	+Patch: 2920_sign-file-patch-for-libressl.patch
60	+From: https://bugs.gentoo.org/717166
61	+Desc: sign-file: full functionality with modern LibreSSL
62	+
63	+Patch: 3000_Support-printing-firmware-info.patch
64	+From: https://bugs.gentoo.org/732852
65	+Desc: Print firmware info (Reqs CONFIG_GENTOO_PRINT_FIRMWARE_INFO). Thanks to Georgy Yakovlev
66	+
67	Patch: 4567_distro-Gentoo-Kconfig.patch
68	From: Tom Wijsman <TomWij@g.o>
69	Desc: Add Gentoo Linux support config settings and defaults.
70	+
71	+Patch: 5010_enable-cpu-optimizations-universal.patch
72	+From: https://github.com/graysky2/kernel_compiler_patch
73	+Desc: Kernel >= 5.8 patch enables gcc = v9+ optimizations for additional CPUs.
74	+
75	+Patch: 5021_BMQ-and-PDS-gentoo-defaults.patch
76	+From: https://gitweb.gentoo.org/proj/linux-patches.git/
77	+Desc: Set defaults for BMQ. Add archs as people test, default to N
78
79	diff --git a/1500_XATTR_USER_PREFIX.patch b/1500_XATTR_USER_PREFIX.patch
80	new file mode 100644
81	index 0000000..245dcc2
82	--- /dev/null
83	+++ b/1500_XATTR_USER_PREFIX.patch
84	@@ -0,0 +1,67 @@
85	+From: Anthony G. Basile <blueness@g.o>
86	+
87	+This patch adds support for a restricted user-controlled namespace on
88	+tmpfs filesystem used to house PaX flags. The namespace must be of the
89	+form user.pax.* and its value cannot exceed a size of 8 bytes.
90	+
91	+This is needed even on all Gentoo systems so that XATTR_PAX flags
92	+are preserved for users who might build packages using portage on
93	+a tmpfs system with a non-hardened kernel and then switch to a
94	+hardened kernel with XATTR_PAX enabled.
95	+
96	+The namespace is added to any user with Extended Attribute support
97	+enabled for tmpfs. Users who do not enable xattrs will not have
98	+the XATTR_PAX flags preserved.
99	+
100	+diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
101	+index 1590c49..5eab462 100644
102	+--- a/include/uapi/linux/xattr.h
103	++++ b/include/uapi/linux/xattr.h
104	+@@ -73,5 +73,9 @@
105	+ #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
106	+ #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
107	+
108	++/* User namespace */
109	++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax."
110	++#define XATTR_PAX_FLAGS_SUFFIX "flags"
111	++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX
112	+
113	+ #endif /* _UAPI_LINUX_XATTR_H */
114	+--- a/mm/shmem.c 2020-05-04 15:30:27.042035334 -0400
115	++++ b/mm/shmem.c 2020-05-04 15:34:57.013881725 -0400
116	+@@ -3238,6 +3238,14 @@ static int shmem_xattr_handler_set(const
117	+ struct shmem_inode_info *info = SHMEM_I(inode);
118	+
119	+ name = xattr_full_name(handler, name);
120	++
121	++ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
122	++ if (strcmp(name, XATTR_NAME_PAX_FLAGS))
123	++ return -EOPNOTSUPP;
124	++ if (size > 8)
125	++ return -EINVAL;
126	++ }
127	++
128	+ return simple_xattr_set(&info->xattrs, name, value, size, flags, NULL);
129	+ }
130	+
131	+@@ -3253,6 +3261,12 @@ static const struct xattr_handler shmem_
132	+ .set = shmem_xattr_handler_set,
133	+ };
134	+
135	++static const struct xattr_handler shmem_user_xattr_handler = {
136	++ .prefix = XATTR_USER_PREFIX,
137	++ .get = shmem_xattr_handler_get,
138	++ .set = shmem_xattr_handler_set,
139	++};
140	++
141	+ static const struct xattr_handler *shmem_xattr_handlers[] = {
142	+ #ifdef CONFIG_TMPFS_POSIX_ACL
143	+ &posix_acl_access_xattr_handler,
144	+@@ -3260,6 +3274,7 @@ static const struct xattr_handler *shmem
145	+ #endif
146	+ &shmem_security_xattr_handler,
147	+ &shmem_trusted_xattr_handler,
148	++ &shmem_user_xattr_handler,
149	+ NULL
150	+ };
151	+
152
153	diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch
154	new file mode 100644
155	index 0000000..f0ed144
156	--- /dev/null
157	+++ b/1510_fs-enable-link-security-restrictions-by-default.patch
158	@@ -0,0 +1,20 @@
159	+From: Ben Hutchings <ben@××××××××××××.uk>
160	+Subject: fs: Enable link security restrictions by default
161	+Date: Fri, 02 Nov 2012 05:32:06 +0000
162	+Bug-Debian: https://bugs.debian.org/609455
163	+Forwarded: not-needed
164	+This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
165	+('VFS: don't do protected {sym,hard}links by default').
166	+--- a/fs/namei.c 2018-09-28 07:56:07.770005006 -0400
167	++++ b/fs/namei.c 2018-09-28 07:56:43.370349204 -0400
168	+@@ -885,8 +885,8 @@ static inline void put_link(struct namei
169	+ path_put(&last->link);
170	+ }
171	+
172	+-int sysctl_protected_symlinks __read_mostly = 0;
173	+-int sysctl_protected_hardlinks __read_mostly = 0;
174	++int sysctl_protected_symlinks __read_mostly = 1;
175	++int sysctl_protected_hardlinks __read_mostly = 1;
176	+ int sysctl_protected_fifos __read_mostly;
177	+ int sysctl_protected_regular __read_mostly;
178	+
179
180	diff --git a/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch b/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch
181	new file mode 100644
182	index 0000000..394ad48
183	--- /dev/null
184	+++ b/2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch
185	@@ -0,0 +1,37 @@
186	+The encryption is only mandatory to be enforced when both sides are using
187	+Secure Simple Pairing and this means the key size check makes only sense
188	+in that case.
189	+
190	+On legacy Bluetooth 2.0 and earlier devices like mice the encryption was
191	+optional and thus causing an issue if the key size check is not bound to
192	+using Secure Simple Pairing.
193	+
194	+Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
195	+Signed-off-by: Marcel Holtmann <marcel@××××××××.org>
196	+Cc: stable@×××××××××××.org
197	+---
198	+ net/bluetooth/hci_conn.c \| 9 +++++++--
199	+ 1 file changed, 7 insertions(+), 2 deletions(-)
200	+
201	+diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
202	+index 3cf0764d5793..7516cdde3373 100644
203	+--- a/net/bluetooth/hci_conn.c
204	++++ b/net/bluetooth/hci_conn.c
205	+@@ -1272,8 +1272,13 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
206	+ return 0;
207	+ }
208	+
209	+- if (hci_conn_ssp_enabled(conn) &&
210	+- !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
211	++ /* If Secure Simple Pairing is not enabled, then legacy connection
212	++ * setup is used and no encryption or key sizes can be enforced.
213	++ */
214	++ if (!hci_conn_ssp_enabled(conn))
215	++ return 1;
216	++
217	++ if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
218	+ return 0;
219	+
220	+ /* The minimum encryption key size needs to be enforced by the
221	+--
222	+2.20.1
223
224	diff --git a/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch b/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch
225	new file mode 100644
226	index 0000000..4335685
227	--- /dev/null
228	+++ b/2900_tmp513-Fix-build-issue-by-selecting-CONFIG_REG.patch
229	@@ -0,0 +1,30 @@
230	+From dc328d75a6f37f4ff11a81ae16b1ec88c3197640 Mon Sep 17 00:00:00 2001
231	+From: Mike Pagano <mpagano@g.o>
232	+Date: Mon, 23 Mar 2020 08:20:06 -0400
233	+Subject: [PATCH 1/1] This driver requires REGMAP_I2C to build. Select it by
234	+ default in Kconfig. Reported at gentoo bugzilla:
235	+ https://bugs.gentoo.org/710790
236	+Cc: mpagano@g.o
237	+
238	+Reported-by: Phil Stracchino <phils@××××××××××.net>
239	+
240	+Signed-off-by: Mike Pagano <mpagano@g.o>
241	+---
242	+ drivers/hwmon/Kconfig \| 1 +
243	+ 1 file changed, 1 insertion(+)
244	+
245	+diff --git a/drivers/hwmon/Kconfig b/drivers/hwmon/Kconfig
246	+index 47ac20aee06f..530b4f29ba85 100644
247	+--- a/drivers/hwmon/Kconfig
248	++++ b/drivers/hwmon/Kconfig
249	+@@ -1769,6 +1769,7 @@ config SENSORS_TMP421
250	+ config SENSORS_TMP513
251	+ tristate "Texas Instruments TMP513 and compatibles"
252	+ depends on I2C
253	++ select REGMAP_I2C
254	+ help
255	+ If you say yes here you get support for Texas Instruments TMP512,
256	+ and TMP513 temperature and power supply sensor chips.
257	+--
258	+2.24.1
259	+
260
261	diff --git a/2920_sign-file-patch-for-libressl.patch b/2920_sign-file-patch-for-libressl.patch
262	new file mode 100644
263	index 0000000..e6ec017
264	--- /dev/null
265	+++ b/2920_sign-file-patch-for-libressl.patch
266	@@ -0,0 +1,16 @@
267	+--- a/scripts/sign-file.c 2020-05-20 18:47:21.282820662 -0400
268	++++ b/scripts/sign-file.c 2020-05-20 18:48:37.991081899 -0400
269	+@@ -41,9 +41,10 @@
270	+ * signing with anything other than SHA1 - so we're stuck with that if such is
271	+ * the case.
272	+ */
273	+-#if defined(LIBRESSL_VERSION_NUMBER) \|\| \
274	+- OPENSSL_VERSION_NUMBER < 0x10000000L \|\| \
275	+- defined(OPENSSL_NO_CMS)
276	++#if defined(OPENSSL_NO_CMS) \|\| \
277	++ ( defined(LIBRESSL_VERSION_NUMBER) \
278	++ && (LIBRESSL_VERSION_NUMBER < 0x3010000fL) ) \|\| \
279	++ OPENSSL_VERSION_NUMBER < 0x10000000L
280	+ #define USE_PKCS7
281	+ #endif
282	+ #ifndef USE_PKCS7
283
284	diff --git a/3000_Support-printing-firmware-info.patch b/3000_Support-printing-firmware-info.patch
285	new file mode 100644
286	index 0000000..a630cfb
287	--- /dev/null
288	+++ b/3000_Support-printing-firmware-info.patch
289	@@ -0,0 +1,14 @@
290	+--- a/drivers/base/firmware_loader/main.c 2021-08-24 15:42:07.025482085 -0400
291	++++ b/drivers/base/firmware_loader/main.c 2021-08-24 15:44:40.782975313 -0400
292	+@@ -809,6 +809,11 @@ _request_firmware(const struct firmware
293	+
294	+ ret = _request_firmware_prepare(&fw, name, device, buf, size,
295	+ offset, opt_flags);
296	++
297	++#ifdef CONFIG_GENTOO_PRINT_FIRMWARE_INFO
298	++ printk(KERN_NOTICE "Loading firmware: %s\n", name);
299	++#endif
300	++
301	+ if (ret <= 0) /* error or already assigned */
302	+ goto out;
303	+
304
305	diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
306	index d2175f0..74e80d3 100644
307	--- a/4567_distro-Gentoo-Kconfig.patch
308	+++ b/4567_distro-Gentoo-Kconfig.patch
309	@@ -65,6 +65,7 @@
310	+ select NET_NS
311	+ select PID_NS
312	+ select SYSVIPC
313	++ select USER_NS
314	+ select UTS_NS
315	+
316	+ help
317	@@ -145,7 +146,6 @@
318	+ select TIMERFD
319	+ select TMPFS_POSIX_ACL
320	+ select TMPFS_XATTR
321	-+ select USER_NS
322	+
323	+ select ANON_INODES
324	+ select BLOCK
325
326	diff --git a/more-uarches-for-kernel-5.15+.patch b/5010_enable-cpu-optimizations-universal.patch
327	similarity index 100%
328	rename from more-uarches-for-kernel-5.15+.patch
329	rename to 5010_enable-cpu-optimizations-universal.patch

Gentoo Archives: gentoo-commits