1 |
commit: 16258e222c16204960ed4ab094d4c3ea5df87ad7 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Feb 17 00:05:22 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Feb 17 00:05:22 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=16258e22 |
7 |
|
8 |
Update Grsec/PaX |
9 |
2.2.1-2.6.32.28-201102151944 |
10 |
2.2.1-2.6.37-201102152009 |
11 |
|
12 |
--- |
13 |
2.6.32/0000_README | 2 +- |
14 |
..._grsecurity-2.2.1-2.6.32.28-201102151944.patch} | 19 +++++++++++++-- |
15 |
2.6.37/0000_README | 2 +- |
16 |
...420_grsecurity-2.2.1-2.6.37-201102152009.patch} | 23 +++++++++++++++---- |
17 |
4 files changed, 36 insertions(+), 10 deletions(-) |
18 |
|
19 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
20 |
index c1feb8d..84ae47c 100644 |
21 |
--- a/2.6.32/0000_README |
22 |
+++ b/2.6.32/0000_README |
23 |
@@ -3,7 +3,7 @@ README |
24 |
|
25 |
Individual Patch Descriptions: |
26 |
----------------------------------------------------------------------------- |
27 |
-Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch |
28 |
+Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch |
29 |
From: http://www.grsecurity.net |
30 |
Desc: hardened-sources base patch from upstream grsecurity |
31 |
|
32 |
|
33 |
diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch |
34 |
similarity index 99% |
35 |
rename from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch |
36 |
rename to 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch |
37 |
index b1b6990..2d18d43 100644 |
38 |
--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch |
39 |
+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch |
40 |
@@ -36642,6 +36642,19 @@ diff -urNp linux-2.6.32.28/fs/xfs/xfs_bmap.c linux-2.6.32.28/fs/xfs/xfs_bmap.c |
41 |
#endif /* DEBUG */ |
42 |
|
43 |
#if defined(XFS_RW_TRACE) |
44 |
+diff -urNp linux-2.6.32.28/fs/xfs/xfs_fsops.c linux-2.6.32.28/fs/xfs/xfs_fsops.c |
45 |
+--- linux-2.6.32.28/fs/xfs/xfs_fsops.c 2010-08-13 16:24:37.000000000 -0400 |
46 |
++++ linux-2.6.32.28/fs/xfs/xfs_fsops.c 2011-02-15 19:44:00.000000000 -0500 |
47 |
+@@ -56,6 +56,9 @@ xfs_fs_geometry( |
48 |
+ xfs_fsop_geom_t *geo, |
49 |
+ int new_version) |
50 |
+ { |
51 |
++ |
52 |
++ memset(geo, 0, sizeof(*geo)); |
53 |
++ |
54 |
+ geo->blocksize = mp->m_sb.sb_blocksize; |
55 |
+ geo->rtextsize = mp->m_sb.sb_rextsize; |
56 |
+ geo->agblocks = mp->m_sb.sb_agblocks; |
57 |
diff -urNp linux-2.6.32.28/grsecurity/gracl_alloc.c linux-2.6.32.28/grsecurity/gracl_alloc.c |
58 |
--- linux-2.6.32.28/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500 |
59 |
+++ linux-2.6.32.28/grsecurity/gracl_alloc.c 2010-12-31 14:46:53.000000000 -0500 |
60 |
@@ -41319,7 +41332,7 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_fs.c linux-2.6.32.28/grsecurity/grac |
61 |
+} |
62 |
diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/gracl_ip.c |
63 |
--- linux-2.6.32.28/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500 |
64 |
-+++ linux-2.6.32.28/grsecurity/gracl_ip.c 2010-12-31 14:46:53.000000000 -0500 |
65 |
++++ linux-2.6.32.28/grsecurity/gracl_ip.c 2011-02-15 19:42:10.000000000 -0500 |
66 |
@@ -0,0 +1,382 @@ |
67 |
+#include <linux/kernel.h> |
68 |
+#include <asm/uaccess.h> |
69 |
@@ -41391,8 +41404,8 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/grac |
70 |
+static const char * gr_sockfamilies[AF_MAX+1] = { |
71 |
+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", |
72 |
+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", |
73 |
-+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth", |
74 |
-+ "iucv", "rxrpc", "isdn", "phonet", "ieee802154" |
75 |
++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", |
76 |
++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154" |
77 |
+ }; |
78 |
+ |
79 |
+const char * |
80 |
|
81 |
diff --git a/2.6.37/0000_README b/2.6.37/0000_README |
82 |
index 16e7e24..ec408c7 100644 |
83 |
--- a/2.6.37/0000_README |
84 |
+++ b/2.6.37/0000_README |
85 |
@@ -3,7 +3,7 @@ README |
86 |
|
87 |
Individual Patch Descriptions: |
88 |
----------------------------------------------------------------------------- |
89 |
-Patch: 4420_grsecurity-2.2.1-2.6.37-201102121148.patch |
90 |
+Patch: 4420_grsecurity-2.2.1-2.6.37-201102152009.patch |
91 |
From: http://www.grsecurity.net |
92 |
Desc: hardened-sources base patch from upstream grsecurity |
93 |
|
94 |
|
95 |
diff --git a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch |
96 |
similarity index 99% |
97 |
rename from 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch |
98 |
rename to 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch |
99 |
index e66397d..3954df8 100644 |
100 |
--- a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch |
101 |
+++ b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch |
102 |
@@ -27048,7 +27048,7 @@ diff -urNp linux-2.6.37/drivers/pci/pcie/portdrv_pci.c linux-2.6.37/drivers/pci/ |
103 |
|
104 |
diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sysfs.c |
105 |
--- linux-2.6.37/drivers/pci/pci-sysfs.c 2011-01-04 19:50:19.000000000 -0500 |
106 |
-+++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-12 10:32:55.000000000 -0500 |
107 |
++++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-15 20:09:35.000000000 -0500 |
108 |
@@ -23,6 +23,7 @@ |
109 |
#include <linux/mm.h> |
110 |
#include <linux/fs.h> |
111 |
@@ -27062,7 +27062,7 @@ diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sys |
112 |
|
113 |
/* Several chips lock up trying to read undefined config space */ |
114 |
- if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) { |
115 |
-+ if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) { |
116 |
++ if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { |
117 |
size = dev->cfg_size; |
118 |
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { |
119 |
size = 128; |
120 |
@@ -34936,6 +34936,19 @@ diff -urNp linux-2.6.37/fs/xfs/xfs_bmap.c linux-2.6.37/fs/xfs/xfs_bmap.c |
121 |
#endif /* DEBUG */ |
122 |
|
123 |
STATIC int |
124 |
+diff -urNp linux-2.6.37/fs/xfs/xfs_fsops.c linux-2.6.37/fs/xfs/xfs_fsops.c |
125 |
+--- linux-2.6.37/fs/xfs/xfs_fsops.c 2011-01-04 19:50:19.000000000 -0500 |
126 |
++++ linux-2.6.37/fs/xfs/xfs_fsops.c 2011-02-15 19:43:38.000000000 -0500 |
127 |
+@@ -53,6 +53,9 @@ xfs_fs_geometry( |
128 |
+ xfs_fsop_geom_t *geo, |
129 |
+ int new_version) |
130 |
+ { |
131 |
++ |
132 |
++ memset(geo, 0, sizeof(*geo)); |
133 |
++ |
134 |
+ geo->blocksize = mp->m_sb.sb_blocksize; |
135 |
+ geo->rtextsize = mp->m_sb.sb_rextsize; |
136 |
+ geo->agblocks = mp->m_sb.sb_agblocks; |
137 |
diff -urNp linux-2.6.37/grsecurity/gracl_alloc.c linux-2.6.37/grsecurity/gracl_alloc.c |
138 |
--- linux-2.6.37/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500 |
139 |
+++ linux-2.6.37/grsecurity/gracl_alloc.c 2011-01-17 02:41:02.000000000 -0500 |
140 |
@@ -39618,7 +39631,7 @@ diff -urNp linux-2.6.37/grsecurity/gracl_fs.c linux-2.6.37/grsecurity/gracl_fs.c |
141 |
+} |
142 |
diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c |
143 |
--- linux-2.6.37/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500 |
144 |
-+++ linux-2.6.37/grsecurity/gracl_ip.c 2011-01-17 02:41:02.000000000 -0500 |
145 |
++++ linux-2.6.37/grsecurity/gracl_ip.c 2011-02-15 19:42:06.000000000 -0500 |
146 |
@@ -0,0 +1,382 @@ |
147 |
+#include <linux/kernel.h> |
148 |
+#include <asm/uaccess.h> |
149 |
@@ -39690,8 +39703,8 @@ diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c |
150 |
+static const char * gr_sockfamilies[AF_MAX+1] = { |
151 |
+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", |
152 |
+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", |
153 |
-+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth", |
154 |
-+ "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" |
155 |
++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", |
156 |
++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" |
157 |
+ }; |
158 |
+ |
159 |
+const char * |