main/linux-grsec: upgrade to 4.4.10

2 files changed, 9 insertions, 75 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index ca0aea4de..e1b758347 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
 
 _mainflavor=grsec
 pkgname=linux-$_mainflavor
-pkgver=4.4.8
+pkgver=4.4.10
 case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
 esac
-pkgrel=2
+pkgrel=0
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs"
@@ -17,11 +17,10 @@ options="!strip"
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
-	https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/test/grsecurity-3.1-4.4.8-201604252206.patch
+	http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-4.4.10-201604252206-alpine.patch
 
 	fix-spi-nor-namespace-clash.patch
 	imx6q-no-unclocked-sleep.patch
-	xsa174.patch
 
 	config-grsec.x86
 	config-grsec.x86_64
@@ -212,33 +211,30 @@ virtgrsec_dev() {
 }
 
 md5sums="9a78fa2eb6c68ca5a40ed5af08142599  linux-4.4.tar.xz
-c1d8f46e5b2ee7c925fc38f20a3726d3  patch-4.4.8.xz
-c2a6b88b18bc5b54d0d7122a1c692060  grsecurity-3.1-4.4.8-201604252206.patch
+1b9a296c0d0b778e8173299618f2d84f  patch-4.4.10.xz
+332d70ecd3eb373ce3c54888b6dbae3c  grsecurity-3.1-4.4.10-201604252206-alpine.patch
 c32f1d7517a095a2645fc1c7dec5db8f  fix-spi-nor-namespace-clash.patch
 b11c29ee88f7f537973191036d48bee7  imx6q-no-unclocked-sleep.patch
-14a8a1826416f04ae98918145139cea6  xsa174.patch
 af91f128ddf9407bb212cbaebca79354  config-grsec.x86
 503656217c0cfb0c481b3804285f0166  config-grsec.x86_64
 a453b5ddc5ce5b1ed487747ae785d615  config-grsec.armhf
 ff753181afb1538d9d3d14fe65f834c8  config-virtgrsec.x86
 807a5cc9253c26d96243cc3188f7ea8c  config-virtgrsec.x86_64"
 sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2  linux-4.4.tar.xz
-11ec99ae0600bd831ff8d71b77e64592f4b6918b7857fd9ff0284ea4cf267b4e  patch-4.4.8.xz
-b631b75cf38e08409812e9869f3a8b5b5b5085ba32ab62fd4c03d803f652a57f  grsecurity-3.1-4.4.8-201604252206.patch
+df66bd2532cac85dfb85d6ca9b750689e02278442652a0b047304e3322947d17  patch-4.4.10.xz
+dad9b44b8c9cc7de7127fb8757213e0694df89559da5d1ef40c90772124b4949  grsecurity-3.1-4.4.10-201604252206-alpine.patch
 b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212  fix-spi-nor-namespace-clash.patch
 7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4  imx6q-no-unclocked-sleep.patch
-cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef  xsa174.patch
 c247a003fb358f611d801277f89a13393d1620ad804553ada97433ef52a7706b  config-grsec.x86
 d2b771f67eecad71745956dc0dea40fc702f39e4caee195b11877307d5ab2622  config-grsec.x86_64
 ac8407f225ff6cb6be9ccd69729262241e61455f816cdea3070e30ddf453f7db  config-grsec.armhf
 8b4a1927b831e94f65ec1b08f9e3bf3f64cea1e6e85e3b6b3dc1a8796e0f206d  config-virtgrsec.x86
 5d46d80c811d6d321569f3f4550769cd4f68b46b8fa5406e7b0f350e00eec1a6  config-virtgrsec.x86_64"
 sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e  linux-4.4.tar.xz
-d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a44655afb7d823fb94ad8d8710902367c9b12911eb2247a12f2c7  patch-4.4.8.xz
-49ec328ec1a5232af1f370101a64d9b7021bd2cb7744b3db181311d6aa4886ba1ef36457fbf22b97b21b0ad313fbea780c9441778e4d5bb9f8deae76dd6e499d  grsecurity-3.1-4.4.8-201604252206.patch
+05277847fb0cd1ae2c488031935979964706f76fd44b2f0790ecc4c8a785e6c3e43af45213f09f07e26ab74f43b5569f6bf87fd15ef9721cf3163abfa49dda7c  patch-4.4.10.xz
+53c24590a97f037d1f8a1e7219bb8c422c2efbc90252dd67b69f333f0f651e0321f04376f0119685650e8f8c372cc6185ea31085334bff4a2a9af769672c8ec4  grsecurity-3.1-4.4.10-201604252206-alpine.patch
 410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104  fix-spi-nor-namespace-clash.patch
 9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07  imx6q-no-unclocked-sleep.patch
-a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3  xsa174.patch
 d7cb2b8600bd95c25aba5fc21f27a89eb1257d003c6e98bc81989a6027536c15c4c4abbcdc16fadd84383d3e29c6814ddf0c4f8524b53b69eed8763cc2c14e92  config-grsec.x86
 900d18cb27b99ca91cb48fa8fc27a74f1b700eb826ef26fcfa18a379e9b7521ddac65edc57757de766e76d1c576a4d6e80a6778afc3c34394b165ab9a707cba0  config-grsec.x86_64
 97de0656bbf99b66431587fda8c914aa08950c1865de018ed7a1b5f99b98f91e2e935d2341dbab44af1ca8c2370953fbbeca58c00e201f97e1b15bbec41d52d6  config-grsec.armhf
diff --git a/main/linux-grsec/xsa174.patch b/main/linux-grsec/xsa174.patch
deleted file mode 100644
index 9c15d57c3..000000000
--- a/main/linux-grsec/xsa174.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-x86/xen: suppress hugetlbfs in PV guests
-
-Huge pages are not normally available to PV guests. Not suppressing
-hugetlbfs use results in an endless loop of page faults when user mode
-code tries to access a hugetlbfs mapped area (since the hypervisor
-denies such PTEs to be created, but error indications can't be
-propagated out of xen_set_pte_at(), just like for various of its
-siblings), and - once killed in an oops like this:
-
-kernel BUG at .../fs/hugetlbfs/inode.c:428!
-invalid opcode: 0000 [#1] SMP 
-Modules linked in: ...
-Supported: Yes
-CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G        W         4.4.0-2016-01-20-pv #2
-Hardware name: ...
-task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
-RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
-RSP: e02b:ffff880803c879a8  EFLAGS: 00010202
-RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
-RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
-RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
-R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
-R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
-FS:  00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
-CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
-CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
-Stack:
- ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
- ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
- ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
-Call Trace:
- [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
- [<ffffffff81167b3d>] evict+0xbd/0x1b0
- [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
- [<ffffffff81165b0e>] dput+0x1fe/0x220
- [<ffffffff81150535>] __fput+0x155/0x200
- [<ffffffff81079fc0>] task_work_run+0x60/0xa0
- [<ffffffff81063510>] do_exit+0x160/0x400
- [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
- [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
- [<ffffffff8100f854>] do_signal+0x14/0x110
- [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
- [<ffffffff814178a5>] retint_user+0x8/0x13
-
-This is XSA-174.
-
-Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Cc: stable@vger.kernel.org
----
-v2: Make Xen-inspecific, by using cpu_has_pse.
-
---- a/arch/x86/include/asm/hugetlb.h
-+++ b/arch/x86/include/asm/hugetlb.h
-@@ -4,6 +4,7 @@
- #include <asm/page.h>
- #include <asm-generic/hugetlb.h>
- 
-+#define hugepages_supported() cpu_has_pse
- 
- static inline int is_hugepage_only_range(struct mm_struct *mm,
- 					 unsigned long addr,