From 2c605fa3c5f97fb0db0e90541437d335d9648fab Mon Sep 17 00:00:00 2001 From: Sunderland93 Date: Sat, 15 Jun 2024 01:34:43 +0400 Subject: [PATCH] Refresh patches for 6.6.33 --- debian/changelog | 6 + ...el_feat.py-fix-potential-command-inj.patch | 295 ------------------ ...e-kernel-if-booted-in-secure-boot-mo.patch | 21 +- debian/patches/series | 1 - 4 files changed, 12 insertions(+), 311 deletions(-) delete mode 100644 debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch diff --git a/debian/changelog b/debian/changelog index 93b846f..cbce444 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +linux (6.6.33-2~tileos) bookworm; urgency=medium + + * Refresh patches + + -- Aleksey Samoilov Sat, 15 Jun 2024 01:33:44 +0400 + linux (6.6.33-1~tileos) bookworm; urgency=medium * New upstream release diff --git a/debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch b/debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch deleted file mode 100644 index 7bfaf99..0000000 --- a/debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 4f86519c560fd00b2ab58721cf2943e07107437d Mon Sep 17 00:00:00 2001 -From: Salvatore Bonaccorso -Date: Sun, 4 Feb 2024 21:02:11 +0100 -Subject: [PATCH 2/2] Revert "docs: kernel_feat.py: fix potential command - injection" - -This reverts commit e961f8c6966abbd486ff87549e29e53f3c69b685. ---- - Documentation/admin-guide/features.rst | 2 +- - Documentation/arch/arc/features.rst | 2 +- - Documentation/arch/arm/features.rst | 2 +- - Documentation/arch/arm64/features.rst | 2 +- - Documentation/arch/loongarch/features.rst | 2 +- - Documentation/arch/m68k/features.rst | 2 +- - Documentation/arch/mips/features.rst | 2 +- - Documentation/arch/nios2/features.rst | 2 +- - Documentation/arch/openrisc/features.rst | 2 +- - Documentation/arch/parisc/features.rst | 2 +- - Documentation/arch/s390/features.rst | 2 +- - Documentation/arch/sh/features.rst | 2 +- - Documentation/arch/sparc/features.rst | 2 +- - Documentation/arch/x86/features.rst | 2 +- - Documentation/arch/xtensa/features.rst | 2 +- - Documentation/powerpc/features.rst | 2 +- - Documentation/riscv/features.rst | 2 +- - Documentation/sphinx/kernel_feat.py | 55 +++++++++++++++---- - .../zh_CN/arch/loongarch/features.rst | 2 +- - .../translations/zh_CN/arch/mips/features.rst | 2 +- - 20 files changed, 63 insertions(+), 30 deletions(-) - -diff --git a/Documentation/admin-guide/features.rst b/Documentation/admin-guide/features.rst -index 7651eca38227..8c167082a84f 100644 ---- a/Documentation/admin-guide/features.rst -+++ b/Documentation/admin-guide/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features -+.. kernel-feat:: $srctree/Documentation/features -diff --git a/Documentation/arch/arc/features.rst b/Documentation/arch/arc/features.rst -index 49ff446ff744..b793583d688a 100644 ---- a/Documentation/arch/arc/features.rst -+++ b/Documentation/arch/arc/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features arc -+.. kernel-feat:: $srctree/Documentation/features arc -diff --git a/Documentation/arch/arm/features.rst b/Documentation/arch/arm/features.rst -index 0e76aaf68eca..7414ec03dd15 100644 ---- a/Documentation/arch/arm/features.rst -+++ b/Documentation/arch/arm/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features arm -+.. kernel-feat:: $srctree/Documentation/features arm -diff --git a/Documentation/arch/arm64/features.rst b/Documentation/arch/arm64/features.rst -index 03321f4309d0..dfa4cb3cd3ef 100644 ---- a/Documentation/arch/arm64/features.rst -+++ b/Documentation/arch/arm64/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features arm64 -+.. kernel-feat:: $srctree/Documentation/features arm64 -diff --git a/Documentation/arch/loongarch/features.rst b/Documentation/arch/loongarch/features.rst -index 009f44c7951f..ebacade3ea45 100644 ---- a/Documentation/arch/loongarch/features.rst -+++ b/Documentation/arch/loongarch/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features loongarch -+.. kernel-feat:: $srctree/Documentation/features loongarch -diff --git a/Documentation/arch/m68k/features.rst b/Documentation/arch/m68k/features.rst -index de7f0ccf7fc8..5107a2119472 100644 ---- a/Documentation/arch/m68k/features.rst -+++ b/Documentation/arch/m68k/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features m68k -+.. kernel-feat:: $srctree/Documentation/features m68k -diff --git a/Documentation/arch/mips/features.rst b/Documentation/arch/mips/features.rst -index 6e0ffe3e7354..1973d729b29a 100644 ---- a/Documentation/arch/mips/features.rst -+++ b/Documentation/arch/mips/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features mips -+.. kernel-feat:: $srctree/Documentation/features mips -diff --git a/Documentation/arch/nios2/features.rst b/Documentation/arch/nios2/features.rst -index 89913810ccb5..8449e63f69b2 100644 ---- a/Documentation/arch/nios2/features.rst -+++ b/Documentation/arch/nios2/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features nios2 -+.. kernel-feat:: $srctree/Documentation/features nios2 -diff --git a/Documentation/arch/openrisc/features.rst b/Documentation/arch/openrisc/features.rst -index bae2e25adfd6..3f7c40d219f2 100644 ---- a/Documentation/arch/openrisc/features.rst -+++ b/Documentation/arch/openrisc/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features openrisc -+.. kernel-feat:: $srctree/Documentation/features openrisc -diff --git a/Documentation/arch/parisc/features.rst b/Documentation/arch/parisc/features.rst -index b3aa4d243b93..501d7c450037 100644 ---- a/Documentation/arch/parisc/features.rst -+++ b/Documentation/arch/parisc/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features parisc -+.. kernel-feat:: $srctree/Documentation/features parisc -diff --git a/Documentation/arch/s390/features.rst b/Documentation/arch/s390/features.rst -index 2883dc950681..57c296a9d8f3 100644 ---- a/Documentation/arch/s390/features.rst -+++ b/Documentation/arch/s390/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features s390 -+.. kernel-feat:: $srctree/Documentation/features s390 -diff --git a/Documentation/arch/sh/features.rst b/Documentation/arch/sh/features.rst -index fae48fe81e9b..f722af3b6c99 100644 ---- a/Documentation/arch/sh/features.rst -+++ b/Documentation/arch/sh/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features sh -+.. kernel-feat:: $srctree/Documentation/features sh -diff --git a/Documentation/arch/sparc/features.rst b/Documentation/arch/sparc/features.rst -index 96835b6d598a..c0c92468b0fe 100644 ---- a/Documentation/arch/sparc/features.rst -+++ b/Documentation/arch/sparc/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features sparc -+.. kernel-feat:: $srctree/Documentation/features sparc -diff --git a/Documentation/arch/x86/features.rst b/Documentation/arch/x86/features.rst -index a33616346a38..b663f15053ce 100644 ---- a/Documentation/arch/x86/features.rst -+++ b/Documentation/arch/x86/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features x86 -+.. kernel-feat:: $srctree/Documentation/features x86 -diff --git a/Documentation/arch/xtensa/features.rst b/Documentation/arch/xtensa/features.rst -index 28dcce1759be..6b92c7bfa19d 100644 ---- a/Documentation/arch/xtensa/features.rst -+++ b/Documentation/arch/xtensa/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features xtensa -+.. kernel-feat:: $srctree/Documentation/features xtensa -diff --git a/Documentation/powerpc/features.rst b/Documentation/powerpc/features.rst -index ee4b95e04202..aeae73df86b0 100644 ---- a/Documentation/powerpc/features.rst -+++ b/Documentation/powerpc/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features powerpc -+.. kernel-feat:: $srctree/Documentation/features powerpc -diff --git a/Documentation/riscv/features.rst b/Documentation/riscv/features.rst -index 36e90144adab..c70ef6ac2368 100644 ---- a/Documentation/riscv/features.rst -+++ b/Documentation/riscv/features.rst -@@ -1,3 +1,3 @@ - .. SPDX-License-Identifier: GPL-2.0 - --.. kernel-feat:: features riscv -+.. kernel-feat:: $srctree/Documentation/features riscv -diff --git a/Documentation/sphinx/kernel_feat.py b/Documentation/sphinx/kernel_feat.py -index bdfaa3e4b202..27b701ed3681 100644 ---- a/Documentation/sphinx/kernel_feat.py -+++ b/Documentation/sphinx/kernel_feat.py -@@ -37,6 +37,8 @@ import re - import subprocess - import sys - -+from os import path -+ - from docutils import nodes, statemachine - from docutils.statemachine import ViewList - from docutils.parsers.rst import directives, Directive -@@ -74,26 +76,33 @@ class KernelFeat(Directive): - self.state.document.settings.env.app.warn(message, prefix="") - - def run(self): -+ - doc = self.state.document - if not doc.settings.file_insertion_enabled: - raise self.warning("docutils: file insertion disabled") - - env = doc.settings.env -+ cwd = path.dirname(doc.current_source) -+ cmd = "get_feat.pl rest --enable-fname --dir " -+ cmd += self.arguments[0] -+ -+ if len(self.arguments) > 1: -+ cmd += " --arch " + self.arguments[1] - -- srctree = os.path.abspath(os.environ["srctree"]) -+ srctree = path.abspath(os.environ["srctree"]) - -- args = [ -- os.path.join(srctree, 'scripts/get_feat.pl'), -- 'rest', -- '--enable-fname', -- '--dir', -- os.path.join(srctree, 'Documentation', self.arguments[0]), -- ] -+ fname = cmd - -- if len(self.arguments) > 1: -- args.extend(['--arch', self.arguments[1]]) -+ # extend PATH with $(srctree)/scripts -+ path_env = os.pathsep.join([ -+ srctree + os.sep + "scripts", -+ os.environ["PATH"] -+ ]) -+ shell_env = os.environ.copy() -+ shell_env["PATH"] = path_env -+ shell_env["srctree"] = srctree - -- lines = subprocess.check_output(args, cwd=os.path.dirname(doc.current_source)).decode('utf-8') -+ lines = self.runCmd(cmd, shell=True, cwd=cwd, env=shell_env) - - line_regex = re.compile("^\.\. FILE (\S+)$") - -@@ -112,6 +121,30 @@ class KernelFeat(Directive): - nodeList = self.nestedParse(out_lines, fname) - return nodeList - -+ def runCmd(self, cmd, **kwargs): -+ u"""Run command ``cmd`` and return its stdout as unicode.""" -+ -+ try: -+ proc = subprocess.Popen( -+ cmd -+ , stdout = subprocess.PIPE -+ , stderr = subprocess.PIPE -+ , **kwargs -+ ) -+ out, err = proc.communicate() -+ -+ out, err = codecs.decode(out, 'utf-8'), codecs.decode(err, 'utf-8') -+ -+ if proc.returncode != 0: -+ raise self.severe( -+ u"command '%s' failed with return code %d" -+ % (cmd, proc.returncode) -+ ) -+ except OSError as exc: -+ raise self.severe(u"problems with '%s' directive: %s." -+ % (self.name, ErrorString(exc))) -+ return out -+ - def nestedParse(self, lines, fname): - content = ViewList() - node = nodes.section() -diff --git a/Documentation/translations/zh_CN/arch/loongarch/features.rst b/Documentation/translations/zh_CN/arch/loongarch/features.rst -index cec38dda8298..82bfac180bdc 100644 ---- a/Documentation/translations/zh_CN/arch/loongarch/features.rst -+++ b/Documentation/translations/zh_CN/arch/loongarch/features.rst -@@ -5,4 +5,4 @@ - :Original: Documentation/arch/loongarch/features.rst - :Translator: Huacai Chen - --.. kernel-feat:: features loongarch -+.. kernel-feat:: $srctree/Documentation/features loongarch -diff --git a/Documentation/translations/zh_CN/arch/mips/features.rst b/Documentation/translations/zh_CN/arch/mips/features.rst -index 0d6df97db069..da1b956e4a40 100644 ---- a/Documentation/translations/zh_CN/arch/mips/features.rst -+++ b/Documentation/translations/zh_CN/arch/mips/features.rst -@@ -10,4 +10,4 @@ - - .. _cn_features: - --.. kernel-feat:: features mips -+.. kernel-feat:: $srctree/Documentation/features mips --- -2.43.0 - diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index 3d8bdf0..9a9d295 100644 --- a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -26,16 +26,7 @@ Signed-off-by: Salvatore Bonaccorso --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1031,6 +1031,8 @@ void __init setup_arch(char **cmdline_p) - if (efi_enabled(EFI_BOOT)) - efi_init(); - -+ efi_set_secure_boot(boot_params.secure_boot); -+ - reserve_ibft_region(); - dmi_setup(); - -@@ -1192,8 +1194,6 @@ void __init setup_arch(char **cmdline_p) +@@ -1190,8 +1190,6 @@ /* Allocate bigger log buffer */ setup_log_buf(1); @@ -54,7 +45,7 @@ Signed-off-by: Salvatore Bonaccorso /* * Decide what to do when UEFI secure boot mode is enabled. -@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi +@@ -28,6 +29,10 @@ break; case efi_secureboot_mode_enabled: set_bit(EFI_SECURE_BOOT, &efi.flags); @@ -67,7 +58,7 @@ Signed-off-by: Salvatore Bonaccorso default: --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -482,6 +482,7 @@ int security_inode_notifysecctx(struct i +@@ -486,6 +486,7 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); @@ -75,7 +66,7 @@ Signed-off-by: Salvatore Bonaccorso #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1388,6 +1389,11 @@ static inline int security_locked_down(e +@@ -1404,6 +1405,11 @@ { return 0; } @@ -89,7 +80,7 @@ Signed-off-by: Salvatore Bonaccorso #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) --- a/security/lockdown/Kconfig +++ b/security/lockdown/Kconfig -@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI +@@ -45,3 +45,18 @@ disabled. endchoice @@ -110,7 +101,7 @@ Signed-off-by: Salvatore Bonaccorso + triggered in integrity mode if EFI Secure Boot is set. --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c -@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdo +@@ -23,7 +23,7 @@ /* * Put the kernel into lock-down mode. */ diff --git a/debian/patches/series b/debian/patches/series index 9401d26..f606ede 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -78,7 +78,6 @@ features/x86/x86-make-x32-syscall-support-conditional.patch # Miscellaneous bug fixes bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch -debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch # Miscellaneous features