[gentoo-commits] proj/hardened-patchset:master commit in: 2.6.37/, 2.6.32/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-patchset:master commit in: 2.6.37/, 2.6.32/
Date:	Thu, 17 Feb 2011 00:06:46
Message-Id:	`16258e222c16204960ed4ab094d4c3ea5df87ad7.blueness@gentoo`

1

commit:     16258e222c16204960ed4ab094d4c3ea5df87ad7

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Thu Feb 17 00:05:22 2011 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Thu Feb 17 00:05:22 2011 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=16258e22

7

8

Update Grsec/PaX

9

 2.2.1-2.6.32.28-201102151944

10

 2.2.1-2.6.37-201102152009

11

12

---

13

 2.6.32/0000_README                                 |    2 +-

14

 ..._grsecurity-2.2.1-2.6.32.28-201102151944.patch} |   19 +++++++++++++--

15

 2.6.37/0000_README                                 |    2 +-

16

 ...420_grsecurity-2.2.1-2.6.37-201102152009.patch} |   23 +++++++++++++++----

17

 4 files changed, 36 insertions(+), 10 deletions(-)

18

19

diff --git a/2.6.32/0000_README b/2.6.32/0000_README

20

index c1feb8d..84ae47c 100644

21

--- a/2.6.32/0000_README

22

+++ b/2.6.32/0000_README

23

@@ -3,7 +3,7 @@ README

24

25

 Individual Patch Descriptions:

26

 -----------------------------------------------------------------------------

27

-Patch:	4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch

28

+Patch:	4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch

29

 From:	http://www.grsecurity.net

30

 Desc:	hardened-sources base patch from upstream grsecurity

31

32

33

diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch

34

similarity index 99%

35

rename from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch

36

rename to 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch

37

index b1b6990..2d18d43 100644

38

--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch

39

+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch

40

@@ -36642,6 +36642,19 @@ diff -urNp linux-2.6.32.28/fs/xfs/xfs_bmap.c linux-2.6.32.28/fs/xfs/xfs_bmap.c

41

  #endif /* DEBUG */

42

43

  #if defined(XFS_RW_TRACE)

44

+diff -urNp linux-2.6.32.28/fs/xfs/xfs_fsops.c linux-2.6.32.28/fs/xfs/xfs_fsops.c

45

+--- linux-2.6.32.28/fs/xfs/xfs_fsops.c	2010-08-13 16:24:37.000000000 -0400

46

++++ linux-2.6.32.28/fs/xfs/xfs_fsops.c	2011-02-15 19:44:00.000000000 -0500

47

+@@ -56,6 +56,9 @@ xfs_fs_geometry(

48

+ 	xfs_fsop_geom_t		*geo,

49

+ 	int			new_version)

50

+ {

51

++

52

++	memset(geo, 0, sizeof(*geo));

53

++

54

+ 	geo->blocksize = mp->m_sb.sb_blocksize;

55

+ 	geo->rtextsize = mp->m_sb.sb_rextsize;

56

+ 	geo->agblocks = mp->m_sb.sb_agblocks;

57

 diff -urNp linux-2.6.32.28/grsecurity/gracl_alloc.c linux-2.6.32.28/grsecurity/gracl_alloc.c

58

 --- linux-2.6.32.28/grsecurity/gracl_alloc.c	1969-12-31 19:00:00.000000000 -0500

59

 +++ linux-2.6.32.28/grsecurity/gracl_alloc.c	2010-12-31 14:46:53.000000000 -0500

60

@@ -41319,7 +41332,7 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_fs.c linux-2.6.32.28/grsecurity/grac

61

+}

62

 diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/gracl_ip.c

63

 --- linux-2.6.32.28/grsecurity/gracl_ip.c	1969-12-31 19:00:00.000000000 -0500

64

-+++ linux-2.6.32.28/grsecurity/gracl_ip.c	2010-12-31 14:46:53.000000000 -0500

65

++++ linux-2.6.32.28/grsecurity/gracl_ip.c	2011-02-15 19:42:10.000000000 -0500

66

 @@ -0,0 +1,382 @@

67

 +#include <linux/kernel.h>

68

 +#include <asm/uaccess.h>

69

@@ -41391,8 +41404,8 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/grac

70

 +static const char * gr_sockfamilies[AF_MAX+1] = {

71

 +	"unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",

72

 +	"inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",

73

-+	"econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth",

74

-+	"iucv", "rxrpc", "isdn", "phonet", "ieee802154"

75

++	"econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",

76

++	"tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154"

77

 +	};

78

+

79

 +const char *

80

81

diff --git a/2.6.37/0000_README b/2.6.37/0000_README

82

index 16e7e24..ec408c7 100644

83

--- a/2.6.37/0000_README

84

+++ b/2.6.37/0000_README

85

@@ -3,7 +3,7 @@ README

86

87

 Individual Patch Descriptions:

88

 -----------------------------------------------------------------------------

89

-Patch:	4420_grsecurity-2.2.1-2.6.37-201102121148.patch

90

+Patch:	4420_grsecurity-2.2.1-2.6.37-201102152009.patch

91

 From:	http://www.grsecurity.net

92

 Desc:	hardened-sources base patch from upstream grsecurity

93

94

95

diff --git a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch

96

similarity index 99%

97

rename from 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch

98

rename to 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch

99

index e66397d..3954df8 100644

100

--- a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch

101

+++ b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch

102

@@ -27048,7 +27048,7 @@ diff -urNp linux-2.6.37/drivers/pci/pcie/portdrv_pci.c linux-2.6.37/drivers/pci/

103

104

 diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sysfs.c

105

 --- linux-2.6.37/drivers/pci/pci-sysfs.c	2011-01-04 19:50:19.000000000 -0500

106

-+++ linux-2.6.37/drivers/pci/pci-sysfs.c	2011-02-12 10:32:55.000000000 -0500

107

++++ linux-2.6.37/drivers/pci/pci-sysfs.c	2011-02-15 20:09:35.000000000 -0500

108

 @@ -23,6 +23,7 @@

109

  #include <linux/mm.h>

110

  #include <linux/fs.h>

111

@@ -27062,7 +27062,7 @@ diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sys

112

113

  	/* Several chips lock up trying to read undefined config space */

114

 -	if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {

115

-+	if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {

116

++	if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {

117

  		size = dev->cfg_size;

118

  	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {

119

  		size = 128;

120

@@ -34936,6 +34936,19 @@ diff -urNp linux-2.6.37/fs/xfs/xfs_bmap.c linux-2.6.37/fs/xfs/xfs_bmap.c

121

  #endif /* DEBUG */

122

123

  STATIC int

124

+diff -urNp linux-2.6.37/fs/xfs/xfs_fsops.c linux-2.6.37/fs/xfs/xfs_fsops.c

125

+--- linux-2.6.37/fs/xfs/xfs_fsops.c	2011-01-04 19:50:19.000000000 -0500

126

++++ linux-2.6.37/fs/xfs/xfs_fsops.c	2011-02-15 19:43:38.000000000 -0500

127

+@@ -53,6 +53,9 @@ xfs_fs_geometry(

128

+ 	xfs_fsop_geom_t		*geo,

129

+ 	int			new_version)

130

+ {

131

++

132

++	memset(geo, 0, sizeof(*geo));

133

++

134

+ 	geo->blocksize = mp->m_sb.sb_blocksize;

135

+ 	geo->rtextsize = mp->m_sb.sb_rextsize;

136

+ 	geo->agblocks = mp->m_sb.sb_agblocks;

137

 diff -urNp linux-2.6.37/grsecurity/gracl_alloc.c linux-2.6.37/grsecurity/gracl_alloc.c

138

 --- linux-2.6.37/grsecurity/gracl_alloc.c	1969-12-31 19:00:00.000000000 -0500

139

 +++ linux-2.6.37/grsecurity/gracl_alloc.c	2011-01-17 02:41:02.000000000 -0500

140

@@ -39618,7 +39631,7 @@ diff -urNp linux-2.6.37/grsecurity/gracl_fs.c linux-2.6.37/grsecurity/gracl_fs.c

141

+}

142

 diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c

143

 --- linux-2.6.37/grsecurity/gracl_ip.c	1969-12-31 19:00:00.000000000 -0500

144

-+++ linux-2.6.37/grsecurity/gracl_ip.c	2011-01-17 02:41:02.000000000 -0500

145

++++ linux-2.6.37/grsecurity/gracl_ip.c	2011-02-15 19:42:06.000000000 -0500

146

 @@ -0,0 +1,382 @@

147

 +#include <linux/kernel.h>

148

 +#include <asm/uaccess.h>

149

@@ -39690,8 +39703,8 @@ diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c

150

 +static const char * gr_sockfamilies[AF_MAX+1] = {

151

 +	"unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",

152

 +	"inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",

153

-+	"econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth",

154

-+	"iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"

155

++	"econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",

156

++	"tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"

157

 +	};

158

+

159

 +const char *

1	commit: 16258e222c16204960ed4ab094d4c3ea5df87ad7
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Thu Feb 17 00:05:22 2011 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Thu Feb 17 00:05:22 2011 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=16258e22
7
8	Update Grsec/PaX
9	2.2.1-2.6.32.28-201102151944
10	2.2.1-2.6.37-201102152009
11
12	---
13	2.6.32/0000_README \| 2 +-
14	..._grsecurity-2.2.1-2.6.32.28-201102151944.patch} \| 19 +++++++++++++--
15	2.6.37/0000_README \| 2 +-
16	...420_grsecurity-2.2.1-2.6.37-201102152009.patch} \| 23 +++++++++++++++----
17	4 files changed, 36 insertions(+), 10 deletions(-)
18
19	diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20	index c1feb8d..84ae47c 100644
21	--- a/2.6.32/0000_README
22	+++ b/2.6.32/0000_README
23	@@ -3,7 +3,7 @@ README
24
25	Individual Patch Descriptions:
26	-----------------------------------------------------------------------------
27	-Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
28	+Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch
29	From: http://www.grsecurity.net
30	Desc: hardened-sources base patch from upstream grsecurity
31
32
33	diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch
34	similarity index 99%
35	rename from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
36	rename to 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch
37	index b1b6990..2d18d43 100644
38	--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
39	+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch
40	@@ -36642,6 +36642,19 @@ diff -urNp linux-2.6.32.28/fs/xfs/xfs_bmap.c linux-2.6.32.28/fs/xfs/xfs_bmap.c
41	#endif /* DEBUG */
42
43	#if defined(XFS_RW_TRACE)
44	+diff -urNp linux-2.6.32.28/fs/xfs/xfs_fsops.c linux-2.6.32.28/fs/xfs/xfs_fsops.c
45	+--- linux-2.6.32.28/fs/xfs/xfs_fsops.c 2010-08-13 16:24:37.000000000 -0400
46	++++ linux-2.6.32.28/fs/xfs/xfs_fsops.c 2011-02-15 19:44:00.000000000 -0500
47	+@@ -56,6 +56,9 @@ xfs_fs_geometry(
48	+ xfs_fsop_geom_t *geo,
49	+ int new_version)
50	+ {
51	++
52	++ memset(geo, 0, sizeof(*geo));
53	++
54	+ geo->blocksize = mp->m_sb.sb_blocksize;
55	+ geo->rtextsize = mp->m_sb.sb_rextsize;
56	+ geo->agblocks = mp->m_sb.sb_agblocks;
57	diff -urNp linux-2.6.32.28/grsecurity/gracl_alloc.c linux-2.6.32.28/grsecurity/gracl_alloc.c
58	--- linux-2.6.32.28/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
59	+++ linux-2.6.32.28/grsecurity/gracl_alloc.c 2010-12-31 14:46:53.000000000 -0500
60	@@ -41319,7 +41332,7 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_fs.c linux-2.6.32.28/grsecurity/grac
61	+}
62	diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/gracl_ip.c
63	--- linux-2.6.32.28/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
64	-+++ linux-2.6.32.28/grsecurity/gracl_ip.c 2010-12-31 14:46:53.000000000 -0500
65	++++ linux-2.6.32.28/grsecurity/gracl_ip.c 2011-02-15 19:42:10.000000000 -0500
66	@@ -0,0 +1,382 @@
67	+#include <linux/kernel.h>
68	+#include <asm/uaccess.h>
69	@@ -41391,8 +41404,8 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/grac
70	+static const char * gr_sockfamilies[AF_MAX+1] = {
71	+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
72	+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
73	-+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth",
74	-+ "iucv", "rxrpc", "isdn", "phonet", "ieee802154"
75	++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
76	++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154"
77	+ };
78	+
79	+const char *
80
81	diff --git a/2.6.37/0000_README b/2.6.37/0000_README
82	index 16e7e24..ec408c7 100644
83	--- a/2.6.37/0000_README
84	+++ b/2.6.37/0000_README
85	@@ -3,7 +3,7 @@ README
86
87	Individual Patch Descriptions:
88	-----------------------------------------------------------------------------
89	-Patch: 4420_grsecurity-2.2.1-2.6.37-201102121148.patch
90	+Patch: 4420_grsecurity-2.2.1-2.6.37-201102152009.patch
91	From: http://www.grsecurity.net
92	Desc: hardened-sources base patch from upstream grsecurity
93
94
95	diff --git a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch
96	similarity index 99%
97	rename from 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch
98	rename to 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch
99	index e66397d..3954df8 100644
100	--- a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch
101	+++ b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch
102	@@ -27048,7 +27048,7 @@ diff -urNp linux-2.6.37/drivers/pci/pcie/portdrv_pci.c linux-2.6.37/drivers/pci/
103
104	diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sysfs.c
105	--- linux-2.6.37/drivers/pci/pci-sysfs.c 2011-01-04 19:50:19.000000000 -0500
106	-+++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-12 10:32:55.000000000 -0500
107	++++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-15 20:09:35.000000000 -0500
108	@@ -23,6 +23,7 @@
109	#include <linux/mm.h>
110	#include <linux/fs.h>
111	@@ -27062,7 +27062,7 @@ diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sys
112
113	/* Several chips lock up trying to read undefined config space */
114	- if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
115	-+ if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
116	++ if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {
117	size = dev->cfg_size;
118	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
119	size = 128;
120	@@ -34936,6 +34936,19 @@ diff -urNp linux-2.6.37/fs/xfs/xfs_bmap.c linux-2.6.37/fs/xfs/xfs_bmap.c
121	#endif /* DEBUG */
122
123	STATIC int
124	+diff -urNp linux-2.6.37/fs/xfs/xfs_fsops.c linux-2.6.37/fs/xfs/xfs_fsops.c
125	+--- linux-2.6.37/fs/xfs/xfs_fsops.c 2011-01-04 19:50:19.000000000 -0500
126	++++ linux-2.6.37/fs/xfs/xfs_fsops.c 2011-02-15 19:43:38.000000000 -0500
127	+@@ -53,6 +53,9 @@ xfs_fs_geometry(
128	+ xfs_fsop_geom_t *geo,
129	+ int new_version)
130	+ {
131	++
132	++ memset(geo, 0, sizeof(*geo));
133	++
134	+ geo->blocksize = mp->m_sb.sb_blocksize;
135	+ geo->rtextsize = mp->m_sb.sb_rextsize;
136	+ geo->agblocks = mp->m_sb.sb_agblocks;
137	diff -urNp linux-2.6.37/grsecurity/gracl_alloc.c linux-2.6.37/grsecurity/gracl_alloc.c
138	--- linux-2.6.37/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
139	+++ linux-2.6.37/grsecurity/gracl_alloc.c 2011-01-17 02:41:02.000000000 -0500
140	@@ -39618,7 +39631,7 @@ diff -urNp linux-2.6.37/grsecurity/gracl_fs.c linux-2.6.37/grsecurity/gracl_fs.c
141	+}
142	diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c
143	--- linux-2.6.37/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
144	-+++ linux-2.6.37/grsecurity/gracl_ip.c 2011-01-17 02:41:02.000000000 -0500
145	++++ linux-2.6.37/grsecurity/gracl_ip.c 2011-02-15 19:42:06.000000000 -0500
146	@@ -0,0 +1,382 @@
147	+#include <linux/kernel.h>
148	+#include <asm/uaccess.h>
149	@@ -39690,8 +39703,8 @@ diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c
150	+static const char * gr_sockfamilies[AF_MAX+1] = {
151	+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
152	+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
153	-+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth",
154	-+ "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
155	++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
156	++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
157	+ };
158	+
159	+const char *

Gentoo Archives: gentoo-commits