main/linux-grsec: upgrade to 4.9.9

disable CONFIG_WAN

main/linux-grsec/APKBUILD

@@ -2,7 +2,7 @@
 
 _mainflavor=grsec
 pkgname=linux-$_mainflavor
-pkgver=4.4.47
+pkgver=4.9.9
 case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
@@ -12,17 +12,12 @@ pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs"
 makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
-	mpc1-dev"
+	mpc1-dev elfutils-dev"
 options="!strip"
 install=
 source="https://kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
 	https://kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
-	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201604252206-alpine.patch
-
-	fix-spi-nor-namespace-clash.patch
-	imx6q-no-unclocked-sleep.patch
-	gcc6.patch
-
+	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-4.9.9-201702122044.patch
 	config-grsec.x86
 	config-grsec.x86_64
 	config-grsec.armhf
@@ -174,23 +169,22 @@ _dev() {
 	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
 		silentoldconfig prepare modules_prepare scripts
 
-	# remove the stuff that poits to real sources. we want 3rd party
+	# remove the stuff that points to real sources. we want 3rd party
 	# modules to believe this is the soruces
 	rm "$dir"/Makefile "$dir"/source
 
 	# copy the needed stuff from real sources
 	#
 	# this is taken from ubuntu kernel build script
-	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
+	# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
 	cd "$srcdir"/linux-$_kernver
-	find . -path './include/*' -prune -o -path './scripts/*' -prune \
-		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-		-o -name '*.lds' \) | cpio -pdm "$dir"
-	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
-	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
-	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
-	cp -a scripts include "$dir"
+	find .  -path './include/*' -prune \
+		-o -path './scripts/*' -prune -o -type f \
+		\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
+		   -name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
+		-print | cpio -pdm "$dir" || return 1
+
+	cp -a scripts include "$dir" || return 1
 	find $(find arch -name include -type d -print) -type f \
 		| cpio -pdm "$dir"
 
@@ -202,36 +196,11 @@ _dev() {
 		"$subpkgdir"/lib/modules/${_abi_release}/build
 }
 
-md5sums="9a78fa2eb6c68ca5a40ed5af08142599  linux-4.4.tar.xz
-4140c092d355a837ccab1707c8ad0d33  patch-4.4.47.xz
-35f420e24cf50afe01cd8919bffce06d  grsecurity-3.1-4.4.47-201604252206-alpine.patch
-c32f1d7517a095a2645fc1c7dec5db8f  fix-spi-nor-namespace-clash.patch
-b11c29ee88f7f537973191036d48bee7  imx6q-no-unclocked-sleep.patch
-90e0fca6cb7bca277394b0db7f605098  gcc6.patch
-0220ccde4e102bd54ad334a23347a432  config-grsec.x86
-e1b185c3baea29a66dfa8f90967c1120  config-grsec.x86_64
-35d10d9444978dc8009e9da5e33b0f43  config-grsec.armhf
-9b89c4ec614023e20f8e905ec2bad212  config-virtgrsec.x86
-87243f2790108ca568192169d3ca7408  config-virtgrsec.x86_64"
-sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2  linux-4.4.tar.xz
-21fd72caa322800b4668b4464d6ac4d8d66faa0056e08a5925d5911dab438c18  patch-4.4.47.xz
-f1b361ea77ceb67f9281ec5f8b0dd0f369293744e1f07d1707a08c6cecf1459a  grsecurity-3.1-4.4.47-201604252206-alpine.patch
-b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212  fix-spi-nor-namespace-clash.patch
-7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4  imx6q-no-unclocked-sleep.patch
-21640b417cb9a389bf7be6a11dc71a481ec76fcfcc758992a9be158ab6a643e8  gcc6.patch
-8ca6e71c3b0e0013a05dd95655de733f533055bdcdaade52667789c578b9bebc  config-grsec.x86
-588fb21febe695a7724ec00cb1576913cdb5ad12e12d00b3a0f73342c46cfe0c  config-grsec.x86_64
-d975df937d5a82b48bba790bd50bf7ed04782d92755a6eeacedc9e2796633e7a  config-grsec.armhf
-09e5db637018516a2216c9a45a47a471af69fdf94218e6ea016ec8261cd899d3  config-virtgrsec.x86
-7b38853b6d83223242832413669d7818ef1218c6b9e565e11dcc8b08f64a26e3  config-virtgrsec.x86_64"
-sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e  linux-4.4.tar.xz
-f52936ab1dc91314a3cede35f9116332ce999b6442bdb575eda68dd2e57cd96517abc18b3bb05a2492e6cd13f849a09cece13463dfaa2d81ad390f8127b62813  patch-4.4.47.xz
-ba8771ffaf3919238d1e1d2d553949a29f5a7b6b416ab5621d9f6eeb2fffcd8e71288f8122258452838d293e92a9669425ebbdc31815923d69547256a5e7659c  grsecurity-3.1-4.4.47-201604252206-alpine.patch
-410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104  fix-spi-nor-namespace-clash.patch
-9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07  imx6q-no-unclocked-sleep.patch
-edcebc229956a05621ec1c89039b56aa61b468c74b54420ff72bd08658b65d29d6af385a7d78d1ce4b39889b407106b99efe7309f8a82974a74eb9edb9e89b64  gcc6.patch
-2d41ef3629dc4c2b71d2bd9707ecf1883bd9a264168425d56b35bb49cfd7b0a73b154501cf54c9f9df1848f3c564e502f276985b38a1dab3a067d5485874fcc6  config-grsec.x86
-c064ba25b0cb28d2f9c20da77899c6df6844b2538225011a063094c527a5ba59de5fbf619494dfb5c45fae91b637876493cc839095a9fc559d2f8cf9aa8003d3  config-grsec.x86_64
-a19b8179cce90e5cfe0ee30c85c0e9fd67274290d7556a5f2cb530ba9ee5f6e941ff96f20cebbd0223f3febfe8b0e3f30c7c2696dd9184c1d3ca9dcb0eca6f4a  config-grsec.armhf
-8c92f68afcf483ce203c8117d9459c3db0363a69b2112a2f1b67474532250d1ec9350aab555e69794709a045f8bf121ded9441f0cffc018b5a38746f9b908eee  config-virtgrsec.x86
-eb8d9d51dcbb762c954b41fa5e4d34d0a2da2fe6bd36a009db4fbf9513d07846ecbc648108cc93c1b6029b94f8a3dc703ab1d5f601fe8a70a369a3685fcb6260  config-virtgrsec.x86_64"
+sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a  linux-4.9.tar.xz
+a7a2d44b83b00b20f1424d12af0f42e1c576d3053feacd13491ef185661fb1c789b9265c500b62f5ede39f57b72f358820000fa6c852a5f035e566ee1dfcd5d9  patch-4.9.9.xz
+ba7396e1f69e89335cecd47db52c8855c993c13c9b2b9e805a0742fa1bd3a9092ae0459adb06f07a5233ff208ad9b6ced0fa68cacfe1a99b498c43ad953d5388  grsecurity-3.1-4.9.9-201702122044.patch
+de080dc463af81f60e142c4ed52f294f523759710ac6d5dc227e6dc26c4bd53c61d94480a9af3e377a658360c16cab86060afd68694545cbe501d8bb0915ef36  config-grsec.x86
+de5ad64e86bda944c1e6e7ae0eb77463fb0165e89c8ec23d9af12fddb79c0b566e8f3079b7bed1de8b27cef9bf1539f479e7114070772c078cb4288c45df1ff6  config-grsec.x86_64
+274116a39ef092524ad85cef2e88d0e7555dfd3c6e5c15c1ec22c28776c509a6040a5221b066e96c6d18807e518ae98f03c9c1059c73b60e8d45f2a9482bd77b  config-grsec.armhf
+1de874523eee031c2efadfb6f7ddb86bb303b9f61d1a022e4e922f6365c3a667c2a1fdb61570a95a05c6c45689796e355eae9579e567790b757ae2a09f6be8c4  config-virtgrsec.x86
+0570f4ad5af0d6e3cbf50d9e3a7d6dab8d7cba85693037e70dbee73aa1e4fc66cb217e1ef8e4a0ceb4073ffb6ada8201775bafe8401dc6dff5c07ac3bbe0f8f0  config-virtgrsec.x86_64"

main/linux-grsec/fix-spi-nor-namespace-clash.patch

-grsec patch includes <linux/fs.h> which defines READ and WRITE.
-Remove the macro hackery, and use the proper #define names for
-macro invocations so there's no surprises.
-
---- linux-4.4/drivers/mtd/spi-nor/fsl-quadspi.c.orig
-+++ linux-4.4/drivers/mtd/spi-nor/fsl-quadspi.c
-@@ -183,8 +183,8 @@
- 
- /* Macros for constructing the LUT register. */
- #define LUT0(ins, pad, opr)						\
--		(((opr) << OPRND0_SHIFT) | ((LUT_##pad) << PAD0_SHIFT) | \
--		((LUT_##ins) << INSTR0_SHIFT))
-+		(((opr) << OPRND0_SHIFT) | ((pad) << PAD0_SHIFT) | \
-+		((ins) << INSTR0_SHIFT))
- 
- #define LUT1(ins, pad, opr)	(LUT0(ins, pad, opr) << OPRND1_SHIFT)
- 
-@@ -364,14 +364,14 @@
- 		dummy = 8;
- 	}
- 
--	writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
- 			base + QUADSPI_LUT(lut_base));
--	writel(LUT0(DUMMY, PAD1, dummy) | LUT1(FSL_READ, PAD4, rxfifo),
-+	writel(LUT0(LUT_DUMMY, LUT_PAD1, dummy) | LUT1(LUT_FSL_READ, LUT_PAD4, rxfifo),
- 			base + QUADSPI_LUT(lut_base + 1));
- 
- 	/* Write enable */
- 	lut_base = SEQID_WREN * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_WREN), base + QUADSPI_LUT(lut_base));
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WREN), base + QUADSPI_LUT(lut_base));
- 
- 	/* Page Program */
- 	lut_base = SEQID_PP * 4;
-@@ -385,13 +385,13 @@
- 		addrlen = ADDR32BIT;
- 	}
- 
--	writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
- 			base + QUADSPI_LUT(lut_base));
--	writel(LUT0(FSL_WRITE, PAD1, 0), base + QUADSPI_LUT(lut_base + 1));
-+	writel(LUT0(LUT_FSL_WRITE, LUT_PAD1, 0), base + QUADSPI_LUT(lut_base + 1));
- 
- 	/* Read Status */
- 	lut_base = SEQID_RDSR * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_RDSR) | LUT1(FSL_READ, PAD1, 0x1),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDSR) | LUT1(LUT_FSL_READ, LUT_PAD1, 0x1),
- 			base + QUADSPI_LUT(lut_base));
- 
- 	/* Erase a sector */
-@@ -400,40 +400,40 @@
- 	cmd = q->nor[0].erase_opcode;
- 	addrlen = q->nor_size <= SZ_16M ? ADDR24BIT : ADDR32BIT;
- 
--	writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
- 			base + QUADSPI_LUT(lut_base));
- 
- 	/* Erase the whole chip */
- 	lut_base = SEQID_CHIP_ERASE * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_CHIP_ERASE),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_CHIP_ERASE),
- 			base + QUADSPI_LUT(lut_base));
- 
- 	/* READ ID */
- 	lut_base = SEQID_RDID * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_RDID) | LUT1(FSL_READ, PAD1, 0x8),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDID) | LUT1(LUT_FSL_READ, LUT_PAD1, 0x8),
- 			base + QUADSPI_LUT(lut_base));
- 
- 	/* Write Register */
- 	lut_base = SEQID_WRSR * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_WRSR) | LUT1(FSL_WRITE, PAD1, 0x2),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WRSR) | LUT1(LUT_FSL_WRITE, LUT_PAD1, 0x2),
- 			base + QUADSPI_LUT(lut_base));
- 
- 	/* Read Configuration Register */
- 	lut_base = SEQID_RDCR * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_RDCR) | LUT1(FSL_READ, PAD1, 0x1),
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDCR) | LUT1(LUT_FSL_READ, LUT_PAD1, 0x1),
- 			base + QUADSPI_LUT(lut_base));
- 
- 	/* Write disable */
- 	lut_base = SEQID_WRDI * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_WRDI), base + QUADSPI_LUT(lut_base));
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WRDI), base + QUADSPI_LUT(lut_base));
- 
- 	/* Enter 4 Byte Mode (Micron) */
- 	lut_base = SEQID_EN4B * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_EN4B), base + QUADSPI_LUT(lut_base));
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_EN4B), base + QUADSPI_LUT(lut_base));
- 
- 	/* Enter 4 Byte Mode (Spansion) */
- 	lut_base = SEQID_BRWR * 4;
--	writel(LUT0(CMD, PAD1, SPINOR_OP_BRWR), base + QUADSPI_LUT(lut_base));
-+	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_BRWR), base + QUADSPI_LUT(lut_base));
- 
- 	fsl_qspi_lock_lut(q);
- }

main/linux-grsec/gcc6.patch

-diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
-index 7ad630a..3c66319 100644
---- a/grsecurity/gracl.c
-+++ b/grsecurity/gracl.c
-@@ -196,7 +196,7 @@ static int prepend(char **buffer, int *buflen, const char *str, int namelen)
- 
- static int prepend_name(char **buffer, int *buflen, struct qstr *name)
- {
--	return prepend(buffer, buflen, name->name, name->len);
-+	return prepend(buffer, buflen, (const char *)name->name, name->len);
- }
- 
- static int prepend_path(const struct path *path, struct path *root,
-@@ -560,7 +560,7 @@ struct name_entry *
- __lookup_name_entry(const struct gr_policy_state *state, const char *name)
- {
- 	unsigned int len = strlen(name);
--	unsigned int key = full_name_hash(name, len);
-+	unsigned int key = full_name_hash((const unsigned char *)name, len);
- 	unsigned int index = key % state->name_set.n_size;
- 	struct name_entry *match;
- 
-@@ -582,7 +582,7 @@ static struct name_entry *
- lookup_name_entry_create(const char *name)
- {
- 	unsigned int len = strlen(name);
--	unsigned int key = full_name_hash(name, len);
-+	unsigned int key = full_name_hash((const unsigned char *)name, len);
- 	unsigned int index = key % running_polstate.name_set.n_size;
- 	struct name_entry *match;
- 
-diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
-index 0773423..bfcd64a 100644
---- a/grsecurity/gracl_policy.c
-+++ b/grsecurity/gracl_policy.c
-@@ -351,7 +351,7 @@ insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted)
- 	struct name_entry **curr, *nentry;
- 	struct inodev_entry *ientry;
- 	unsigned int len = strlen(name);
--	unsigned int key = full_name_hash(name, len);
-+	unsigned int key = full_name_hash((const unsigned char *)name, len);
- 	unsigned int index = key % polstate->name_set.n_size;
- 
- 	curr = &polstate->name_set.n_hash[index];
-@@ -1376,7 +1376,7 @@ lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
- 	FOR_EACH_ROLE_END(r)
- 
- 	for (i = 0; i < polstate->num_sprole_pws; i++) {
--		if (!strcmp(rolename, polstate->acl_special_roles[i]->rolename)) {
-+		if (!strcmp(rolename, (const char *)polstate->acl_special_roles[i]->rolename)) {
- 			*salt = polstate->acl_special_roles[i]->salt;
- 			*sum = polstate->acl_special_roles[i]->sum;
- 			return 1;
-@@ -1664,11 +1664,11 @@ write_grsec_handler(struct file *file, const char __user * buf, size_t count, lo
- 		}
- 
- 		if (lookup_special_role_auth
--		    (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
-+		    (gr_usermode->mode, (const char *)gr_usermode->sp_role, &sprole_salt, &sprole_sum)
- 		    && ((!sprole_salt && !sprole_sum)
- 			|| !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
- 			char *p = "";
--			assign_special_role(gr_usermode->sp_role);
-+			assign_special_role((const char *)gr_usermode->sp_role);
- 			read_lock(&tasklist_lock);
- 			if (current->real_parent)
- 				p = current->real_parent->role->rolename;
-diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c
-index 4fb2ce6..aef6b92 100644
---- a/grsecurity/grsum.c
-+++ b/grsecurity/grsum.c
-@@ -32,12 +32,12 @@ chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
- 
- 	sg_init_table(sg, 2);
- 	sg_set_buf(&sg[0], salt, GR_SALT_LEN);
--	sg_set_buf(&sg[1], entry->pw, strlen(entry->pw));
-+	sg_set_buf(&sg[1], entry->pw, strlen((const char *)entry->pw));
- 
- 	desc.tfm = tfm;
- 	desc.flags = 0;
- 
--	cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw),
-+	cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen((const char *)entry->pw),
- 					temp_sum);
- 
- 	memset(entry->pw, 0, GR_PW_LEN);
-diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 25820d8..0491a0f 100644
---- a/include/linux/sched.h
-+++ b/include/linux/sched.h
-@@ -2386,7 +2386,7 @@ extern void sched_clock_init(void);
- static inline void populate_stack(void)
- {
- 	struct task_struct *curtask = current;
--	int c;
-+	int __always_unused c;
- 	int *ptr = curtask->stack;
- 	int *end = curtask->stack + THREAD_SIZE;
- 
-diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
-index a34ab2d..70fffac 100644
---- a/include/linux/sysfs.h
-+++ b/include/linux/sysfs.h
-@@ -517,7 +517,7 @@ static inline void sysfs_notify_dirent(struct kernfs_node *kn)
- static inline struct kernfs_node *sysfs_get_dirent(struct kernfs_node *parent,
- 						   const unsigned char *name)
- {
--	return kernfs_find_and_get(parent, name);
-+	return kernfs_find_and_get(parent, (const char *)name);
- }
- 
- static inline struct kernfs_node *sysfs_get(struct kernfs_node *kn)

main/linux-grsec/imx6q-no-unclocked-sleep.patch

-The FEC NIC IRQ line does not wake up from unclocked sleep. Disable
-unclocked sleep for now (bad for battery - good for performance).
-
-diff --git a/arch/arm/mach-imx/cpuidle-imx6q.c b/arch/arm/mach-imx/cpuidle-imx6q.c
-index 23ddfb6..c1ae29f 100644
---- a/arch/arm/mach-imx/cpuidle-imx6q.c
-+++ b/arch/arm/mach-imx/cpuidle-imx6q.c
-@@ -27,7 +27,7 @@ static int imx6q_enter_wait(struct cpuidle_device *dev,
- 		 */
- 		if (!spin_trylock(&master_lock))
- 			goto idle;
--		imx6_set_lpm(WAIT_UNCLOCKED);
-+		//imx6_set_lpm(WAIT_UNCLOCKED);
- 		cpu_do_idle();
- 		imx6_set_lpm(WAIT_CLOCKED);
- 		spin_unlock(&master_lock);