hardened-sources version bump

Added a few patches to accomodate for conflicting changes between Gentoo
and linux-hardened. First we revert conflicting changes
(9999_revert-conflicts.patch) and re-apply relevant changes with
slightly modified patch (linux-hardened-gentoo.patch).

4 files changed, 47 insertions, 7 deletions

diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest
index b195ae8..dd46709 100644
--- a/sys-kernel/hardened-sources/Manifest
+++ b/sys-kernel/hardened-sources/Manifest
@@ -1,19 +1,21 @@
+AUX 9999_revert-conflicts.patch 969 BLAKE2B 58eb5505076035e7f593b8abba38ca445ae1b630e8dbaa9d24e369681149a58a864814db50331a733c1b4e94dfc13ecc83bd46ad15c805eab974d0b9cdf8e330 SHA512 4ade1f7ba4884345de61433c7f4d6cf76ced2ccab795a9593ec4c3baad45043fe2b2452a21f321b959ae6cfedfd79dcd10c13440ddf80853bf473c5e8b8fc269
+AUX linux-hardened-gentoo.patch 434 BLAKE2B 97002272c4556335ee45e291a9561afd0a93efe2c7c3e6b2b05aa8a40c26cb61405e8fb5b65cb12c2afd2f67d740d93a9a9a38d9137f1ee92306e68db3100ae1 SHA512 6b8500c51c8757fd0c21cbff96eb70446a2ff692388d1a579492f36a7746217185d7e28a2ad7b218328c3a4afcdc3fb6856d0077cf216b9b33f8e09f48630b55
 DIST genpatches-5.10-42.base.tar.xz 1435860 BLAKE2B b94289861c81107745f259905e2eabd606ee149c60816c1f28eb862cbe2d80288c38596d30b192bd4f0aa86c1399ef8a7f9aa812e179b719c5eb3309346a583a SHA512 c330747ea4dea520b36f74a428fe481f5d0bccfdba6a5ad00d77ad29ce09fa294ca7b3641601e26ba9a023916432b0ae08ab8db62b75453891be8917928252ec
 DIST genpatches-5.10-42.experimental.tar.xz 16880 BLAKE2B f2a4034b85c64650b2f649656591e37a3490f0e27ecedc68d916ed11307595f00e8df4edfc811582e378ab40014eda63bef5fbbb4a65a3c17e447272e9727cf6 SHA512 49eec67ad3edc254bff74e1581d72bd6451c35de64e9a51b1238ee352276340f32e32406e6542d9ef8366e9ba4c9f5027a466f539613a3e759e5fbb689a6e1a1
 DIST genpatches-5.10-42.extras.tar.xz 1772 BLAKE2B f53190eced945d803d029a643a27d33f56836be87fb7809a102a8e9ddaa9355d2dd49ec24e833b234f4069127a8c3bba98cec956e7126cc33bb2973086554449 SHA512 c8e32721135178c3c99323f02c97591206192880f77c751473f4094fccc01f7a3bb4ccf4d8dff82f8d1a535b2845449e7dd381590c4fc8b0adf75f212fd336a4
 DIST genpatches-5.11-25.base.tar.xz 1030312 BLAKE2B c3e0f5840c32292d36be31a8606934bfa1ccb7e31f04cd214574009577907d00912bacce1f85dddeda77ba99f40f61fa5aa5259a693c74abd63a05be5a44f2aa SHA512 5adbe3770562b57d7180a44ccca8e665cc5b0d9ba5168c4b3555b348708edd7469464bd770124d9a8641095bdbe786d843ae3da64b845d577999c9e40360c970
 DIST genpatches-5.11-25.experimental.tar.xz 68516 BLAKE2B 4e37499626ae7daa447e34c567184c5079fe5d144e48d732ed843cb18fd1a6be02270b59e1d6782ba0770f5d0021513501cb1fd31fe8371f2f5f342d8fa576d4 SHA512 e5eeb32780dbfa59cc199459ceb635853886d09b6343541b24fb4621c2d4092601d511c0f670635faaf32c11c1c067aa939431bb12c678da8a7a131f5dd99cc3
 DIST genpatches-5.11-25.extras.tar.xz 1772 BLAKE2B 0bd2afbd93cd7553c8e058f61c515ed9d47e9f328529e6cf36a7100b363dc8e4c3004afa06a0c0b95963bcf69a216ae6a7bf595062401725a4a25f942f44a3e8 SHA512 114094a87bad0dc4a265847fa18b88a2795daf151de8451bb4fbe4af70f3f4bcff8905d8d90522f85914bb7ba7227ebab7f69ab59112afb2187332b393450fec
-DIST genpatches-5.12-10.base.tar.xz 564792 BLAKE2B 127e64196c8aa0b65dab7de4dad4b97052c53451f27a1948453d8910afd59b3a5c4ffc316a439bd053b433b057df127bb252d994f6447a82dc1434eb317e0d1f SHA512 e4c9eebb61de9af0fa4a53472c18f39f87196a804c63ff796eff992f75450719400e7bed5cd8ddce6b09db8330be443ddb2ce0241d8058aedcdb5e332a4178eb
-DIST genpatches-5.12-10.experimental.tar.xz 70008 BLAKE2B 5f0fd437d51b9ef16ffa3ef8750a7fc3ce5464a3f19e4c16b7e345b3fa3c36575609d7b9f82be33c8a1c919c67f2beb91d5c37f542436dda9af301b4bb78100b SHA512 ce221e96214790b911d5aaedb7b1336ed86ef1350412fba0e20e15241a892df17a8c97768bb9ece7f4abfc61374f0a9dea72a0de197f6821ed3be700a66818fe
-DIST genpatches-5.12-10.extras.tar.xz 1772 BLAKE2B 31e3959f1dab1ae1ff5f39b75c455e559e96bd4527e94677494accfa75fd14df2667ecea8ba5df59d3fa1ec9464ba18a257a8a5e76c0602049732f66829785ad SHA512 6e2bf6f7eada61ece1f65d1461377ba5532dd45b57b58b7ee6dae9485809d4c329c6ba8d6d0d0ee9027612a01946f756069b50c44d60d2f543e9864231abd676
+DIST genpatches-5.12-12.base.tar.xz 650292 BLAKE2B 81b5a3b95390522c328acdb390fd1e8515028e55dee9a3693992ce2aa5c2defcea37b14c385d72e0c6a9b31f239c7d02eea45e4428332f477e897fa94c02d71e SHA512 bea0fee6fade3b1322a52ec2201b828ab28bfb3c0528ea562ac7e3cfaebeb758b971820a2b1ba695dafe219ceb2548c07713b3684491b893e6055ce4f8943916
+DIST genpatches-5.12-12.experimental.tar.xz 70008 BLAKE2B 6f1504992cb0c7ee60c0473a6665c4f24c86e712e922fd35ccd74120d8ac087a259a2f3a684c56d5cf92338718ed32fa43f9ef270cfc92cb0ca6b0534cf4d4cb SHA512 61b7883d2d852fbb25540072a0a05daa90d346249c13418b7e40e23e5f5aaf3e6940ea8a03bfee7a823c205a363c5be420d1e578de4bebc1187e27b9d2dc2e88
+DIST genpatches-5.12-12.extras.tar.xz 3412 BLAKE2B 8fcf6c407be25db368dbb3e6be3907d3431228b5c39819dba7c67d61e5171a7ad9a86f3e117b99b9e0d626219ad9db0938c15c4b96c934b88f693a3e9661d458 SHA512 39750768e4822ea8e3f88540fc8ebad9fd721e2a3a8703102d58e30513b47069cb8a77e15e41d0f90d1d69053007bd476ce0741cd3135a428d039ebd426cdc57
 DIST linux-5.10.tar.xz 116606704 BLAKE2B b923d7b66309224f42f35f8a5fa219421b0a9362d2adacdadd8d96251f61f7230878ea297a269a7f3b3c56830f0b177e068691e1d7f88501a05653b0a13274d1 SHA512 95bc137d0cf9148da6a9d1f1a878698dc27b40f68e22c597544010a6c591ce1b256f083489d3ff45ff77753289b535135590194d88ef9f007d0ddab3d74de70e
 DIST linux-5.11.tar.xz 117619104 BLAKE2B 81300c27bd5476387a83123aaeb4163c73eb61e9245806c23660cb5e6a4fa88ffc9def027031335fa0270fc4080506cd415990014364e3a98b9d2e8c58a29524 SHA512 a567ec133018bb5ec00c60281479b466c26e02137a93a9c690e83997947df02b6fd94e76e8df748f6d70ceb58a19bacc3b1467de10b7a1fad2763db32b3f1330
 DIST linux-5.12.tar.xz 118112412 BLAKE2B 842d921b9a73d2aaade763dbd2ec67bdfe0275baa6d628b775f5c87574ad7dc86f0419afcd48c10c1235f4bffa16084243f2cf4556e6afcd391e975fe8ba530b SHA512 be03b6fee1d1ea8087b09874d27c0a602c0b04fd90ad38b975bd2c8455a07e83c29b56814aaf1389e82305fae0e4c2d1701075a7f0a7295dd28149f967ec5b3d
 DIST linux-hardened-5.10.39-hardened1.patch 118939 BLAKE2B d464f027763ff1f376b78593d0e10158eb1c0c47bc8864cb84718a52e56e87f5b6be23ea434a8a367796d92931dbe906c968cf166386af4c04b99a310a9a8dc2 SHA512 2547ebc77ee2c099d96870aa51abee287f982e15a4a6858acc951f6aad65d94854f7c9034ef9b57e459451960018fb03b0de441e348946148e478eefc5fc208c
 DIST linux-hardened-5.11.22-hardened1.patch 114944 BLAKE2B b77c3f223d331aa19511080d175f6cbd4ee023dc8ab4aca4c9619d45348286c091c3562ce1dcc4f4844b8c5d1809e5ae8c915e45c9e27dab77041cc6df67c30c SHA512 4581c94b108d0c16a4be8c77abe037c1510301e12846a0ba53bded6e6015d4fb9c821d4365b71ec8b9c2968c1fb4ebfd201f33afed94adeb29503a63a1903b3b
-DIST linux-hardened-5.12.9-hardened1.patch 105968 BLAKE2B de8ada41224d69d024f33abf7fd63f23bea6ff330a84679dd90d12d7a23de38c8e9009d71465430e767a53f695d9eaac6e2d02dc6dc61146b114136474860751 SHA512 a10fd760639a30736912c057ecd219cef1e6cffb6deb33bac8cd68d2802b6d37056336244754d920d28e959149092b672650248d8288fa1342ead8d106586a97
+DIST linux-hardened-5.12.11-hardened1.patch 105969 BLAKE2B b60d69bd4043d859dce4ee76bfe051bd2b12ebe897c776819effd916159ecb9dedf0e68fa1d9a8ddc4780e17595ad637cdf9864fe821f68937f2dae036519b16 SHA512 c4f619bccfc85f63ff61ad208bad9f66db1084ab473be7c6d89330d85114081f0464473cb538128c0b4261f56ea35904537fdb06226ef2313cd682548710aef3
 EBUILD hardened-sources-5.10.39.ebuild 1066 BLAKE2B 53c9dd7561701f464ec857c4782acdffd2d35e56f1f3d17697bf5e8583e6235542072a805a4f39b1772e283bf225570722b0918f0e90d5f58db2730c59bad77a SHA512 6806e8a35b58722e05110e4de9de5360a26eb25e5a04efbf22c278c608ac57cb91f3d9cc77a2bf08be60e3d05835056a2b05363cda0034cf0ffc0be850e61b5a
 EBUILD hardened-sources-5.11.22.ebuild 988 BLAKE2B 36237e4e73f423915dec915c14042ffc73659932a1223a51b333a6af22ee76cb8e79ed204fb9459fe7e2dc1890725c8b2432b26ab10cf523e779083b73f9334e SHA512 7b6adb855a82f8be02adc5b89d88b3a561cb09d2febbae9360e2fd1506a4556b2ed744db1d37671e61bc5d6df493e1700ea2a930783b5c4ee8787b3a875ee850
-EBUILD hardened-sources-5.12.9.ebuild 1066 BLAKE2B b87a555fb2d9e399c443a35b8d2c51e6fa05ba1d7e37ea70531ba594d7c2c3f1243b3a46882946059bdf2ae32340928f0832f6eecb321d9d894355b5b5fce69f SHA512 d6dedc4a872f8f2ebf524ce33d1cc38539ed568f9ad2f500944f4a13f1ffea00e49f980926128592e094424d8f0d4699e33fe19c4398f4ed35078fb472b32c27
+EBUILD hardened-sources-5.12.11.ebuild 1146 BLAKE2B d65ae7cceb3753d9ebcc1188a5df2ae289ae27262f3dac7b188bf1bb53f7c9c90fa43da9ce2952d510659257819eb51aff811eccfdf7da9d7d90c6c269b368ea SHA512 40d3cc7a38c7291131b10ccdea0e87562aacfe95faa046523567c089b4ed05492977d754837f365966cbee546dad5325a9483e93797faa0e6b05a8bd04beb664
 MISC metadata.xml 419 BLAKE2B 12e558e9aeff1016e8ad91fa0bc59fcd2ec5cc8a702a8f12e5c0c94bdb992088c817e6432bfd63e6149f78e8a1b4cb3825a345378575969e0ed8fe3a65b87e06 SHA512 54fb60680dbcacaf6dc21f5bca5083514385a32d680736c16ac1f6ec6ae4d4c33a04440a5b8de192eac96bce2fb288e90e2d0141a2bb92279bd6366396dd3fc7
diff --git a/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch b/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch
new file mode 100644
index 0000000..b46aa1c
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch
@@ -0,0 +1,27 @@
+Reverse conflicting patches
+
+diff --git a/mm/Kconfig b/mm/Kconfig
+index 24c045b24..e13fc740c 100644
+--- a/mm/Kconfig
++++ b/mm/Kconfig
+@@ -321,8 +321,6 @@ config KSM
+ config DEFAULT_MMAP_MIN_ADDR
+ 	int "Low address space to protect from user allocation"
+ 	depends on MMU
+-	default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && GENTOO_KERNEL_SELF_PROTECTION
+-	default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION
+ 	default 4096
+ 	help
+ 	  This is the portion of low virtual memory which should be protected
+diff --git a/security/Kconfig b/security/Kconfig
+index 7561f6f99..01f0bf73f 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -166,7 +166,6 @@ config HARDENED_USERCOPY
+ config HARDENED_USERCOPY_FALLBACK
+ 	bool "Allow usercopy whitelist violations to fallback to object size"
+ 	depends on HARDENED_USERCOPY
+-	depends on !GENTOO_KERNEL_SELF_PROTECTION
+ 	default y
+ 	help
+ 	  This is a temporary option that allows missing usercopy whitelists
diff --git a/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch b/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch
new file mode 100644
index 0000000..5bd9820
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch
@@ -0,0 +1,11 @@
+diff --git a/security/Kconfig b/security/Kconfig
+index 7561f6f99..01f0bf73f 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -166,5 +166,6 @@ config HARDENED_USERCOPY
+ config HARDENED_USERCOPY_FALLBACK
+ 	bool "Allow usercopy whitelist violations to fallback to object size"
+ 	depends on HARDENED_USERCOPY
++	depends on !GENTOO_KERNEL_SELF_PROTECTION
+ 	help
+ 	  This is a temporary option that allows missing usercopy whitelists
diff --git a/sys-kernel/hardened-sources/hardened-sources-5.12.9.ebuild b/sys-kernel/hardened-sources/hardened-sources-5.12.11.ebuild
index 599ad0b..5d4e2b3 100644
--- a/sys-kernel/hardened-sources/hardened-sources-5.12.9.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-5.12.11.ebuild
@@ -4,7 +4,7 @@
 EAPI="7"
 ETYPE="sources"
 K_WANT_GENPATCHES="base extras experimental"
-K_GENPATCHES_VER="10"
+K_GENPATCHES_VER="12"
 
 inherit kernel-2
 detect_version
@@ -15,7 +15,7 @@ HARDENED_URI="https://github.com/anthraxx/linux-hardened/releases/download/${PV}
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 HOMEPAGE="https://github.com/anthraxx/linux-hardened https://dev.gentoo.org/~mpagano/genpatches"
 IUSE="experimental"
-UNIPATCH_LIST="${DISTDIR}/linux-hardened-${PV}-${SUBREL}.patch"
+UNIPATCH_LIST="${FILESDIR}/9999_revert-conflicts.patch ${DISTDIR}/linux-hardened-${PV}-${SUBREL}.patch ${FILESDIR}/linux-hardened-gentoo.patch"
 UNIPATCH_EXCLUDE="1510_fs-enable-link-security-restrictions-by-default.patch"
 
 DESCRIPTION="Minimal supplement to upstream Kernel Self Protection Project"