pkg/debian: Update Debian-specific patches

pkg/debian/kernel/0001-Partially-revert-integrity-Only-use-machine-keyring-.patch

@@ -1,4 +1,4 @@
-From 556d277d8397c8bd0c5889a309e50290d491e41c Mon Sep 17 00:00:00 2001
+From 1fb0cb1a5de985b6b8728f6a39660fcd5df29977 Mon Sep 17 00:00:00 2001
 From: Maximilian Luz <luzmaximilian@gmail.com>
 Date: Mon, 20 Nov 2023 22:54:05 +0100
 Subject: [PATCH] Partially revert "integrity: Only use machine keyring when
@@ -37,5 +37,5 @@ index a401640a63cd..a1ad244cbf86 100644
  
  static bool __init trust_moklist(void)
 -- 
-2.45.2
+2.49.0
 

pkg/debian/kernel/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch

@@ -1,4 +1,4 @@
-From 8da9938f2e7d28a5ae834bec723bc283dc62470f Mon Sep 17 00:00:00 2001
+From d70cb56d43efddd10d4263f2af24f52fb81137b9 Mon Sep 17 00:00:00 2001
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
 Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
@@ -20,7 +20,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
  3 files changed, 32 insertions(+)
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 9da032802e34..f3ad270eb96b 100644
+index ca2ca3884f76..d9591a8a6ead 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -119,6 +119,12 @@
@@ -36,7 +36,7 @@ index 9da032802e34..f3ad270eb96b 100644
  /*
   * Minimum number of threads to boot the kernel
   */
-@@ -2169,6 +2175,10 @@ __latent_entropy struct task_struct *copy_process(
+@@ -2171,6 +2177,10 @@ __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -47,7 +47,7 @@ index 9da032802e34..f3ad270eb96b 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -3322,6 +3332,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -3324,6 +3334,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -61,7 +61,7 @@ index 9da032802e34..f3ad270eb96b 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 5c9202cb8f59..71102bca044e 100644
+index cb57da499ebb..5e9ae0e6a727 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -135,6 +135,10 @@ static enum sysctl_writes_mode sysctl_writes_strict = SYSCTL_WRITES_STRICT;
@@ -75,7 +75,7 @@ index 5c9202cb8f59..71102bca044e 100644
  #endif /* CONFIG_SYSCTL */
  
  /*
-@@ -1617,6 +1621,15 @@ static struct ctl_table kern_table[] = {
+@@ -1617,6 +1621,15 @@ static const struct ctl_table kern_table[] = {
  		.mode		= 0644,
  		.proc_handler	= proc_dointvec,
  	},
@@ -106,5 +106,5 @@ index aa0b2e47f2f2..222bb2b40b73 100644
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.48.1
+2.49.0
 

pkg/debian/kernel/0001-kbuild-Copy-config-to-target-directory.patch

@@ -1,25 +1,24 @@
-From 6cf53165cd3876128648dadb76a718d02692e19d Mon Sep 17 00:00:00 2001
+From 95802baf706303292278c2ae4347f5c3aa9dcece Mon Sep 17 00:00:00 2001
 From: Maximilian Luz <luzmaximilian@gmail.com>
-Date: Sun, 9 Mar 2025 01:33:54 +0100
+Date: Sun, 20 Apr 2025 03:02:20 +0200
 Subject: [PATCH] kbuild: Copy config to target directory
 
-Partial revert of aaed5c7739be ("kbuild: slim down package for building
-external modules"). Re-incldue the .config file.
 ---
- scripts/package/install-extmod-build | 2 ++
- 1 file changed, 2 insertions(+)
+ scripts/package/install-extmod-build | 3 +++
+ 1 file changed, 3 insertions(+)
 
 diff --git a/scripts/package/install-extmod-build b/scripts/package/install-extmod-build
-index d3c5b104c063..d98da1f2bf02 100755
+index b96538787f3d..718bd64d060e 100755
 --- a/scripts/package/install-extmod-build
 +++ b/scripts/package/install-extmod-build
-@@ -83,4 +83,6 @@ if [ "${CC}" != "${HOSTCC}" ]; then
- 	rm -f "${destdir}/Kbuild" "${destdir}/scripts/Kbuild"
+@@ -68,4 +68,7 @@ if [ "${CC}" != "${HOSTCC}" ]; then
+ 	rm -f "${destdir}/scripts/Kbuild"
  fi
  
 +# copy .config manually to be where it's expected to be
 +cp "${KCONFIG_CONFIG}" "${destdir}/.config"
++
  find "${destdir}" \( -name '.*.cmd' -o -name '*.o' \) -delete
 -- 
-2.48.1
+2.49.0
 

pkg/debian/kernel/0001-kbuild-Link-sign-file-statically.patch

@@ -1,4 +1,4 @@
-From 71701f82718799df961b252fef44e2a75f31e408 Mon Sep 17 00:00:00 2001
+From b1c72eb34eabfd56cbe5a1b98b827aded4917125 Mon Sep 17 00:00:00 2001
 From: Maximilian Luz <luzmaximilian@gmail.com>
 Date: Sun, 30 Jun 2024 17:10:28 +0200
 Subject: [PATCH] kbuild: Link sign-file statically
@@ -8,7 +8,7 @@ Subject: [PATCH] kbuild: Link sign-file statically
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/scripts/Makefile b/scripts/Makefile
-index fe56eeef09dd..e614f49b17e5 100644
+index 46f860529df5..7846e18ef5d8 100644
 --- a/scripts/Makefile
 +++ b/scripts/Makefile
 @@ -29,7 +29,7 @@ HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
@@ -21,5 +21,5 @@ index fe56eeef09dd..e614f49b17e5 100644
  ifdef CONFIG_UNWINDER_ORC
  ifeq ($(ARCH),x86_64)
 -- 
-2.45.2
+2.49.0