Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.17.4/, 3.2.64/, 3.14.25/
Date: Thu, 27 Nov 2014 12:14:16
Message-Id: 1417090594.5ea4fcf4b5c7892dd72ae3a8c6792b6ed8d68c15.blueness@gentoo
1 commit: 5ea4fcf4b5c7892dd72ae3a8c6792b6ed8d68c15
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Thu Nov 27 12:16:34 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Thu Nov 27 12:16:34 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=5ea4fcf4
7
8 Grsec/PaX: 3.0-{3.2.64,3.14.25,3.17.4}-201411260107
9
10 ---
11 3.14.25/0000_README | 2 +-
12 ...4420_grsecurity-3.0-3.14.25-201411260106.patch} | 137 ++++++++++++++++-----
13 3.17.4/0000_README | 2 +-
14 ... 4420_grsecurity-3.0-3.17.4-201411260107.patch} | 137 ++++++++++++++++-----
15 3.2.64/0000_README | 2 +-
16 ... 4420_grsecurity-3.0-3.2.64-201411260105.patch} | 127 ++++++++++++++-----
17 6 files changed, 318 insertions(+), 89 deletions(-)
18
19 diff --git a/3.14.25/0000_README b/3.14.25/0000_README
20 index 2a01a49..ad24f16 100644
21 --- a/3.14.25/0000_README
22 +++ b/3.14.25/0000_README
23 @@ -6,7 +6,7 @@ Patch: 1024_linux-3.14.25.patch
24 From: http://www.kernel.org
25 Desc: Linux 3.14.25
26
27 -Patch: 4420_grsecurity-3.0-3.14.25-201411220954.patch
28 +Patch: 4420_grsecurity-3.0-3.14.25-201411260106.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch b/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch
34 similarity index 99%
35 rename from 3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch
36 rename to 3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch
37 index 5a48407..31289a1 100644
38 --- a/3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch
39 +++ b/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch
40 @@ -101156,10 +101156,30 @@ index 07bd8ed..c574801 100644
41 }
42
43 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
44 -index bdbf68b..deb4759 100644
45 +index bdbf68b..f0d9c83 100644
46 --- a/net/ipv4/devinet.c
47 +++ b/net/ipv4/devinet.c
48 -@@ -1543,7 +1543,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
49 +@@ -69,7 +69,8 @@
50 +
51 + static struct ipv4_devconf ipv4_devconf = {
52 + .data = {
53 +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
54 ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
55 ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
56 + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
57 + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
58 + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
59 +@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = {
60 +
61 + static struct ipv4_devconf ipv4_devconf_dflt = {
62 + .data = {
63 +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
64 ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
65 ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
66 + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
67 + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
68 + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
69 +@@ -1543,7 +1545,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
70 idx = 0;
71 head = &net->dev_index_head[h];
72 rcu_read_lock();
73 @@ -101168,7 +101188,7 @@ index bdbf68b..deb4759 100644
74 net->dev_base_seq;
75 hlist_for_each_entry_rcu(dev, head, index_hlist) {
76 if (idx < s_idx)
77 -@@ -1861,7 +1861,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
78 +@@ -1861,7 +1863,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
79 idx = 0;
80 head = &net->dev_index_head[h];
81 rcu_read_lock();
82 @@ -101177,7 +101197,7 @@ index bdbf68b..deb4759 100644
83 net->dev_base_seq;
84 hlist_for_each_entry_rcu(dev, head, index_hlist) {
85 if (idx < s_idx)
86 -@@ -2096,7 +2096,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
87 +@@ -2096,7 +2098,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
88 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
89 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
90
91 @@ -101186,7 +101206,7 @@ index bdbf68b..deb4759 100644
92 struct ctl_table_header *sysctl_header;
93 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
94 } devinet_sysctl = {
95 -@@ -2218,7 +2218,7 @@ static __net_init int devinet_init_net(struct net *net)
96 +@@ -2218,7 +2220,7 @@ static __net_init int devinet_init_net(struct net *net)
97 int err;
98 struct ipv4_devconf *all, *dflt;
99 #ifdef CONFIG_SYSCTL
100 @@ -101195,7 +101215,7 @@ index bdbf68b..deb4759 100644
101 struct ctl_table_header *forw_hdr;
102 #endif
103
104 -@@ -2236,7 +2236,7 @@ static __net_init int devinet_init_net(struct net *net)
105 +@@ -2236,7 +2238,7 @@ static __net_init int devinet_init_net(struct net *net)
106 goto err_alloc_dflt;
107
108 #ifdef CONFIG_SYSCTL
109 @@ -101204,7 +101224,7 @@ index bdbf68b..deb4759 100644
110 if (tbl == NULL)
111 goto err_alloc_ctl;
112
113 -@@ -2256,7 +2256,10 @@ static __net_init int devinet_init_net(struct net *net)
114 +@@ -2256,7 +2258,10 @@ static __net_init int devinet_init_net(struct net *net)
115 goto err_reg_dflt;
116
117 err = -ENOMEM;
118 @@ -101216,7 +101236,7 @@ index bdbf68b..deb4759 100644
119 if (forw_hdr == NULL)
120 goto err_reg_ctl;
121 net->ipv4.forw_hdr = forw_hdr;
122 -@@ -2272,8 +2275,7 @@ err_reg_ctl:
123 +@@ -2272,8 +2277,7 @@ err_reg_ctl:
124 err_reg_dflt:
125 __devinet_sysctl_unregister(all);
126 err_reg_all:
127 @@ -101661,7 +101681,7 @@ index 2510c02..cfb34fa 100644
128 pr_err("Unable to proc dir entry\n");
129 return -ENOMEM;
130 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
131 -index e21934b..4e7cb58 100644
132 +index e21934b..fcd69aa 100644
133 --- a/net/ipv4/ping.c
134 +++ b/net/ipv4/ping.c
135 @@ -59,7 +59,7 @@ struct ping_table {
136 @@ -101673,7 +101693,16 @@ index e21934b..4e7cb58 100644
137 EXPORT_SYMBOL_GPL(pingv6_ops);
138
139 static u16 ping_port_rover;
140 -@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
141 +@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident)
142 + &ipv6_hdr(skb)->daddr))
143 + continue;
144 + #endif
145 ++ } else {
146 ++ continue;
147 + }
148 +
149 + if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
150 +@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
151 return -ENODEV;
152 }
153 }
154 @@ -101682,7 +101711,7 @@ index e21934b..4e7cb58 100644
155 scoped);
156 rcu_read_unlock();
157
158 -@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
159 +@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
160 }
161 #if IS_ENABLED(CONFIG_IPV6)
162 } else if (skb->protocol == htons(ETH_P_IPV6)) {
163 @@ -101691,7 +101720,7 @@ index e21934b..4e7cb58 100644
164 #endif
165 }
166
167 -@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
168 +@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
169 info, (u8 *)icmph);
170 #if IS_ENABLED(CONFIG_IPV6)
171 } else if (family == AF_INET6) {
172 @@ -101700,7 +101729,7 @@ index e21934b..4e7cb58 100644
173 info, (u8 *)icmph);
174 #endif
175 }
176 -@@ -858,7 +858,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
177 +@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
178 return ip_recv_error(sk, msg, len, addr_len);
179 #if IS_ENABLED(CONFIG_IPV6)
180 } else if (family == AF_INET6) {
181 @@ -101709,7 +101738,7 @@ index e21934b..4e7cb58 100644
182 addr_len);
183 #endif
184 }
185 -@@ -916,10 +916,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
186 +@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
187 }
188
189 if (inet6_sk(sk)->rxopt.all)
190 @@ -101722,7 +101751,7 @@ index e21934b..4e7cb58 100644
191 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
192 ip_cmsg_recv(msg, skb);
193 #endif
194 -@@ -1111,7 +1111,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
195 +@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
196 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
197 0, sock_i_ino(sp),
198 atomic_read(&sp->sk_refcnt), sp,
199 @@ -102375,9 +102404,27 @@ index e1a6393..f634ce5 100644
200 return -ENOMEM;
201 }
202 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
203 -index 3f0ec06..495548c 100644
204 +index 3f0ec06..5aad945 100644
205 --- a/net/ipv6/addrconf.c
206 +++ b/net/ipv6/addrconf.c
207 +@@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
208 + .hop_limit = IPV6_DEFAULT_HOPLIMIT,
209 + .mtu6 = IPV6_MIN_MTU,
210 + .accept_ra = 1,
211 +- .accept_redirects = 1,
212 ++ .accept_redirects = 0,
213 + .autoconf = 1,
214 + .force_mld_version = 0,
215 + .mldv1_unsolicited_report_interval = 10 * HZ,
216 +@@ -206,7 +206,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
217 + .hop_limit = IPV6_DEFAULT_HOPLIMIT,
218 + .mtu6 = IPV6_MIN_MTU,
219 + .accept_ra = 1,
220 +- .accept_redirects = 1,
221 ++ .accept_redirects = 0,
222 + .autoconf = 1,
223 + .force_mld_version = 0,
224 + .mldv1_unsolicited_report_interval = 10 * HZ,
225 @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
226 idx = 0;
227 head = &net->dev_index_head[h];
228 @@ -106498,6 +106545,19 @@ index 0865b3e..7235dd4 100644
229 __ksymtab : { *(SORT(___ksymtab+*)) }
230 __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
231 __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
232 +diff --git a/scripts/package/Makefile b/scripts/package/Makefile
233 +index c5d4733..7c43eb4 100644
234 +--- a/scripts/package/Makefile
235 ++++ b/scripts/package/Makefile
236 +@@ -46,7 +46,7 @@ rpm-pkg rpm: FORCE
237 + ln -sf $(srctree) $(KERNELPATH)
238 + $(CONFIG_SHELL) $(MKSPEC) >$(objtree)/kernel.spec
239 + $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion
240 +- tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
241 ++ tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
242 + rm $(KERNELPATH)
243 + rm -f $(objtree)/.scmversion
244 + $(CONFIG_SHELL) $(srctree)/scripts/mkversion > $(objtree)/.tmp_version
245 diff --git a/scripts/package/builddeb b/scripts/package/builddeb
246 index 152d4d2..791684c 100644
247 --- a/scripts/package/builddeb
248 @@ -106511,13 +106571,22 @@ index 152d4d2..791684c 100644
249 mkdir -p "$destdir"
250 (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -)
251 diff --git a/scripts/package/mkspec b/scripts/package/mkspec
252 -index 1395760..e4f4ac4 100755
253 +index 1395760..6ceef68 100755
254 --- a/scripts/package/mkspec
255 +++ b/scripts/package/mkspec
256 -@@ -82,6 +82,16 @@ echo ""
257 - fi
258 +@@ -121,14 +121,27 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}"
259 + echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
260 + echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
261 + echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
262 +-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
263 +-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
264 +-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
265
266 - echo "%install"
267 + echo ""
268 + echo "%clean"
269 + echo 'rm -rf $RPM_BUILD_ROOT'
270 + echo ""
271 ++echo "%pre"
272 +echo 'chmod -f 0500 /boot'
273 +echo 'if [ -d /lib/modules ]; then'
274 +echo 'chmod -f 0500 /lib/modules'
275 @@ -106528,27 +106597,39 @@ index 1395760..e4f4ac4 100755
276 +echo 'if [ -d /lib64/modules ]; then'
277 +echo 'chmod -f 0500 /lib64/modules'
278 +echo 'fi'
279 - echo 'KBUILD_IMAGE=$(make image_name)'
280 - echo "%ifarch ia64"
281 - echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
282 -@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
283 ++echo ""
284 ++echo "%post devel"
285 ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
286 ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
287 ++echo ""
288 + echo "%post"
289 + echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
290 + echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
291 +@@ -139,11 +152,11 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
292 echo "fi"
293 echo ""
294 echo "%files"
295 -echo '%defattr (-, root, root)'
296 +echo '%defattr (400, root, root, 500)'
297 echo "%dir /lib/modules"
298 - echo "/lib/modules/$KERNELRELEASE"
299 +-echo "/lib/modules/$KERNELRELEASE"
300 echo "%exclude /lib/modules/$KERNELRELEASE/build"
301 -@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)'
302 + echo "%exclude /lib/modules/$KERNELRELEASE/source"
303 ++echo "/lib/modules/$KERNELRELEASE"
304 + echo "/lib/firmware/$KERNELRELEASE"
305 + echo "/boot/*"
306 + echo ""
307 +@@ -152,8 +165,7 @@ echo '%defattr (-, root, root)'
308 echo "/usr/include"
309 echo ""
310 echo "%files devel"
311 -echo '%defattr (-, root, root)'
312 +echo '%defattr (400, root, root, 500)'
313 ++echo "%dir /lib/modules/$KERNELRELEASE"
314 echo "/usr/src/kernels/$KERNELRELEASE"
315 - echo "/lib/modules/$KERNELRELEASE/build"
316 - echo "/lib/modules/$KERNELRELEASE/source"
317 +-echo "/lib/modules/$KERNELRELEASE/build"
318 +-echo "/lib/modules/$KERNELRELEASE/source"
319 + echo ""
320 diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
321 index 68bb4ef..2f419e1 100644
322 --- a/scripts/pnmtologo.c
323
324 diff --git a/3.17.4/0000_README b/3.17.4/0000_README
325 index 3efa937..3e123ea 100644
326 --- a/3.17.4/0000_README
327 +++ b/3.17.4/0000_README
328 @@ -2,7 +2,7 @@ README
329 -----------------------------------------------------------------------------
330 Individual Patch Descriptions:
331 -----------------------------------------------------------------------------
332 -Patch: 4420_grsecurity-3.0-3.17.4-201411220955.patch
333 +Patch: 4420_grsecurity-3.0-3.17.4-201411260107.patch
334 From: http://www.grsecurity.net
335 Desc: hardened-sources base patch from upstream grsecurity
336
337
338 diff --git a/3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch b/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch
339 similarity index 99%
340 rename from 3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch
341 rename to 3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch
342 index 8d9a284..3dfb83f 100644
343 --- a/3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch
344 +++ b/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch
345 @@ -102058,10 +102058,30 @@ index 32755cb..236d827 100644
346 return -ENOMEM;
347 }
348 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
349 -index 214882e..f958b50 100644
350 +index 214882e..ec032f6 100644
351 --- a/net/ipv4/devinet.c
352 +++ b/net/ipv4/devinet.c
353 -@@ -1548,7 +1548,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
354 +@@ -69,7 +69,8 @@
355 +
356 + static struct ipv4_devconf ipv4_devconf = {
357 + .data = {
358 +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
359 ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
360 ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
361 + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
362 + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
363 + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
364 +@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = {
365 +
366 + static struct ipv4_devconf ipv4_devconf_dflt = {
367 + .data = {
368 +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
369 ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
370 ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
371 + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
372 + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
373 + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
374 +@@ -1548,7 +1550,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
375 idx = 0;
376 head = &net->dev_index_head[h];
377 rcu_read_lock();
378 @@ -102070,7 +102090,7 @@ index 214882e..f958b50 100644
379 net->dev_base_seq;
380 hlist_for_each_entry_rcu(dev, head, index_hlist) {
381 if (idx < s_idx)
382 -@@ -1866,7 +1866,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
383 +@@ -1866,7 +1868,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
384 idx = 0;
385 head = &net->dev_index_head[h];
386 rcu_read_lock();
387 @@ -102079,7 +102099,7 @@ index 214882e..f958b50 100644
388 net->dev_base_seq;
389 hlist_for_each_entry_rcu(dev, head, index_hlist) {
390 if (idx < s_idx)
391 -@@ -2101,7 +2101,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
392 +@@ -2101,7 +2103,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
393 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
394 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
395
396 @@ -102088,7 +102108,7 @@ index 214882e..f958b50 100644
397 struct ctl_table_header *sysctl_header;
398 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
399 } devinet_sysctl = {
400 -@@ -2233,7 +2233,7 @@ static __net_init int devinet_init_net(struct net *net)
401 +@@ -2233,7 +2235,7 @@ static __net_init int devinet_init_net(struct net *net)
402 int err;
403 struct ipv4_devconf *all, *dflt;
404 #ifdef CONFIG_SYSCTL
405 @@ -102097,7 +102117,7 @@ index 214882e..f958b50 100644
406 struct ctl_table_header *forw_hdr;
407 #endif
408
409 -@@ -2251,7 +2251,7 @@ static __net_init int devinet_init_net(struct net *net)
410 +@@ -2251,7 +2253,7 @@ static __net_init int devinet_init_net(struct net *net)
411 goto err_alloc_dflt;
412
413 #ifdef CONFIG_SYSCTL
414 @@ -102106,7 +102126,7 @@ index 214882e..f958b50 100644
415 if (tbl == NULL)
416 goto err_alloc_ctl;
417
418 -@@ -2271,7 +2271,10 @@ static __net_init int devinet_init_net(struct net *net)
419 +@@ -2271,7 +2273,10 @@ static __net_init int devinet_init_net(struct net *net)
420 goto err_reg_dflt;
421
422 err = -ENOMEM;
423 @@ -102118,7 +102138,7 @@ index 214882e..f958b50 100644
424 if (forw_hdr == NULL)
425 goto err_reg_ctl;
426 net->ipv4.forw_hdr = forw_hdr;
427 -@@ -2287,8 +2290,7 @@ err_reg_ctl:
428 +@@ -2287,8 +2292,7 @@ err_reg_ctl:
429 err_reg_dflt:
430 __devinet_sysctl_unregister(all);
431 err_reg_all:
432 @@ -102563,7 +102583,7 @@ index 2510c02..cfb34fa 100644
433 pr_err("Unable to proc dir entry\n");
434 return -ENOMEM;
435 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
436 -index a3c59a0..ec620a50 100644
437 +index a3c59a0..2e88bfd 100644
438 --- a/net/ipv4/ping.c
439 +++ b/net/ipv4/ping.c
440 @@ -59,7 +59,7 @@ struct ping_table {
441 @@ -102575,7 +102595,16 @@ index a3c59a0..ec620a50 100644
442 EXPORT_SYMBOL_GPL(pingv6_ops);
443
444 static u16 ping_port_rover;
445 -@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
446 +@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident)
447 + &ipv6_hdr(skb)->daddr))
448 + continue;
449 + #endif
450 ++ } else {
451 ++ continue;
452 + }
453 +
454 + if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
455 +@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
456 return -ENODEV;
457 }
458 }
459 @@ -102584,7 +102613,7 @@ index a3c59a0..ec620a50 100644
460 scoped);
461 rcu_read_unlock();
462
463 -@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
464 +@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
465 }
466 #if IS_ENABLED(CONFIG_IPV6)
467 } else if (skb->protocol == htons(ETH_P_IPV6)) {
468 @@ -102593,7 +102622,7 @@ index a3c59a0..ec620a50 100644
469 #endif
470 }
471
472 -@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
473 +@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
474 info, (u8 *)icmph);
475 #if IS_ENABLED(CONFIG_IPV6)
476 } else if (family == AF_INET6) {
477 @@ -102602,7 +102631,7 @@ index a3c59a0..ec620a50 100644
478 info, (u8 *)icmph);
479 #endif
480 }
481 -@@ -858,7 +858,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
482 +@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
483 return ip_recv_error(sk, msg, len, addr_len);
484 #if IS_ENABLED(CONFIG_IPV6)
485 } else if (family == AF_INET6) {
486 @@ -102611,7 +102640,7 @@ index a3c59a0..ec620a50 100644
487 addr_len);
488 #endif
489 }
490 -@@ -916,10 +916,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
491 +@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
492 }
493
494 if (inet6_sk(sk)->rxopt.all)
495 @@ -102624,7 +102653,7 @@ index a3c59a0..ec620a50 100644
496 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
497 ip_cmsg_recv(msg, skb);
498 #endif
499 -@@ -1111,7 +1111,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
500 +@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
501 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
502 0, sock_i_ino(sp),
503 atomic_read(&sp->sk_refcnt), sp,
504 @@ -103242,9 +103271,27 @@ index 6156f68..d6ab46d 100644
505 return -ENOMEM;
506 }
507 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
508 -index 3e118df..27b16cf 100644
509 +index 3e118df..288a0d1 100644
510 --- a/net/ipv6/addrconf.c
511 +++ b/net/ipv6/addrconf.c
512 +@@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
513 + .hop_limit = IPV6_DEFAULT_HOPLIMIT,
514 + .mtu6 = IPV6_MIN_MTU,
515 + .accept_ra = 1,
516 +- .accept_redirects = 1,
517 ++ .accept_redirects = 0,
518 + .autoconf = 1,
519 + .force_mld_version = 0,
520 + .mldv1_unsolicited_report_interval = 10 * HZ,
521 +@@ -208,7 +208,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
522 + .hop_limit = IPV6_DEFAULT_HOPLIMIT,
523 + .mtu6 = IPV6_MIN_MTU,
524 + .accept_ra = 1,
525 +- .accept_redirects = 1,
526 ++ .accept_redirects = 0,
527 + .autoconf = 1,
528 + .force_mld_version = 0,
529 + .mldv1_unsolicited_report_interval = 10 * HZ,
530 @@ -604,7 +604,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
531 idx = 0;
532 head = &net->dev_index_head[h];
533 @@ -107471,6 +107518,19 @@ index 0865b3e..7235dd4 100644
534 __ksymtab : { *(SORT(___ksymtab+*)) }
535 __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
536 __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
537 +diff --git a/scripts/package/Makefile b/scripts/package/Makefile
538 +index 99ca6e7..3a1a1a1 100644
539 +--- a/scripts/package/Makefile
540 ++++ b/scripts/package/Makefile
541 +@@ -46,7 +46,7 @@ rpm-pkg rpm: FORCE
542 + ln -sf $(srctree) $(KERNELPATH)
543 + $(CONFIG_SHELL) $(MKSPEC) >$(objtree)/kernel.spec
544 + $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion
545 +- tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
546 ++ tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
547 + rm $(KERNELPATH)
548 + rm -f $(objtree)/.scmversion
549 + $(CONFIG_SHELL) $(srctree)/scripts/mkversion > $(objtree)/.tmp_version
550 diff --git a/scripts/package/builddeb b/scripts/package/builddeb
551 index 7c0e6e4..bf2c90e 100644
552 --- a/scripts/package/builddeb
553 @@ -107484,13 +107544,22 @@ index 7c0e6e4..bf2c90e 100644
554 mkdir -p "$destdir"
555 (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)
556 diff --git a/scripts/package/mkspec b/scripts/package/mkspec
557 -index 1395760..e4f4ac4 100755
558 +index 1395760..6ceef68 100755
559 --- a/scripts/package/mkspec
560 +++ b/scripts/package/mkspec
561 -@@ -82,6 +82,16 @@ echo ""
562 - fi
563 +@@ -121,14 +121,27 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}"
564 + echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
565 + echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
566 + echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
567 +-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
568 +-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
569 +-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
570
571 - echo "%install"
572 + echo ""
573 + echo "%clean"
574 + echo 'rm -rf $RPM_BUILD_ROOT'
575 + echo ""
576 ++echo "%pre"
577 +echo 'chmod -f 0500 /boot'
578 +echo 'if [ -d /lib/modules ]; then'
579 +echo 'chmod -f 0500 /lib/modules'
580 @@ -107501,27 +107570,39 @@ index 1395760..e4f4ac4 100755
581 +echo 'if [ -d /lib64/modules ]; then'
582 +echo 'chmod -f 0500 /lib64/modules'
583 +echo 'fi'
584 - echo 'KBUILD_IMAGE=$(make image_name)'
585 - echo "%ifarch ia64"
586 - echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
587 -@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
588 ++echo ""
589 ++echo "%post devel"
590 ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
591 ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
592 ++echo ""
593 + echo "%post"
594 + echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
595 + echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
596 +@@ -139,11 +152,11 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
597 echo "fi"
598 echo ""
599 echo "%files"
600 -echo '%defattr (-, root, root)'
601 +echo '%defattr (400, root, root, 500)'
602 echo "%dir /lib/modules"
603 - echo "/lib/modules/$KERNELRELEASE"
604 +-echo "/lib/modules/$KERNELRELEASE"
605 echo "%exclude /lib/modules/$KERNELRELEASE/build"
606 -@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)'
607 + echo "%exclude /lib/modules/$KERNELRELEASE/source"
608 ++echo "/lib/modules/$KERNELRELEASE"
609 + echo "/lib/firmware/$KERNELRELEASE"
610 + echo "/boot/*"
611 + echo ""
612 +@@ -152,8 +165,7 @@ echo '%defattr (-, root, root)'
613 echo "/usr/include"
614 echo ""
615 echo "%files devel"
616 -echo '%defattr (-, root, root)'
617 +echo '%defattr (400, root, root, 500)'
618 ++echo "%dir /lib/modules/$KERNELRELEASE"
619 echo "/usr/src/kernels/$KERNELRELEASE"
620 - echo "/lib/modules/$KERNELRELEASE/build"
621 - echo "/lib/modules/$KERNELRELEASE/source"
622 +-echo "/lib/modules/$KERNELRELEASE/build"
623 +-echo "/lib/modules/$KERNELRELEASE/source"
624 + echo ""
625 diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
626 index 4718d78..9220d58 100644
627 --- a/scripts/pnmtologo.c
628
629 diff --git a/3.2.64/0000_README b/3.2.64/0000_README
630 index c5a1f90..d632471 100644
631 --- a/3.2.64/0000_README
632 +++ b/3.2.64/0000_README
633 @@ -174,7 +174,7 @@ Patch: 1063_linux-3.2.64.patch
634 From: http://www.kernel.org
635 Desc: Linux 3.2.64
636
637 -Patch: 4420_grsecurity-3.0-3.2.64-201411220952.patch
638 +Patch: 4420_grsecurity-3.0-3.2.64-201411260105.patch
639 From: http://www.grsecurity.net
640 Desc: hardened-sources base patch from upstream grsecurity
641
642
643 diff --git a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch
644 similarity index 99%
645 rename from 3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch
646 rename to 3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch
647 index d9f5bed..206ef20 100644
648 --- a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch
649 +++ b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch
650 @@ -1727,6 +1727,20 @@ index e51b1e8..32a3113 100644
651 KM_TYPE_NR
652 };
653
654 +diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h
655 +index a8997d7..f0a29154 100644
656 +--- a/arch/arm/include/asm/memory.h
657 ++++ b/arch/arm/include/asm/memory.h
658 +@@ -268,7 +268,8 @@ static inline __deprecated void *bus_to_virt(unsigned long x)
659 + #define ARCH_PFN_OFFSET PHYS_PFN_OFFSET
660 +
661 + #define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
662 +-#define virt_addr_valid(kaddr) ((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory)
663 ++#define virt_addr_valid(kaddr) (((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory) \
664 ++ && pfn_valid(__pa(kaddr) >> PAGE_SHIFT) )
665 +
666 + /*
667 + * Optional coherency support. Currently used only by selected
668 diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h
669 index 53426c6..c7baff3 100644
670 --- a/arch/arm/include/asm/outercache.h
671 @@ -103176,10 +103190,30 @@ index 59a7041..060976d 100644
672
673 return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process);
674 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
675 -index e41c40f..fbed7a7 100644
676 +index e41c40f..f476dfd6 100644
677 --- a/net/ipv4/devinet.c
678 +++ b/net/ipv4/devinet.c
679 -@@ -827,9 +827,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
680 +@@ -68,7 +68,8 @@
681 +
682 + static struct ipv4_devconf ipv4_devconf = {
683 + .data = {
684 +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
685 ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
686 ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
687 + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
688 + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
689 + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
690 +@@ -77,7 +78,8 @@ static struct ipv4_devconf ipv4_devconf = {
691 +
692 + static struct ipv4_devconf ipv4_devconf_dflt = {
693 + .data = {
694 +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
695 ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
696 ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
697 + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
698 + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
699 + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
700 +@@ -827,9 +829,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
701 if (!ifa) {
702 ret = -ENOBUFS;
703 ifa = inet_alloc_ifa();
704 @@ -103191,7 +103225,7 @@ index e41c40f..fbed7a7 100644
705 if (colon)
706 memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ);
707 else
708 -@@ -1584,7 +1584,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
709 +@@ -1584,7 +1586,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
710 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
711 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
712
713 @@ -103200,7 +103234,7 @@ index e41c40f..fbed7a7 100644
714 struct ctl_table_header *sysctl_header;
715 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
716 char *dev_name;
717 -@@ -1729,7 +1729,7 @@ static __net_init int devinet_init_net(struct net *net)
718 +@@ -1729,7 +1731,7 @@ static __net_init int devinet_init_net(struct net *net)
719 int err;
720 struct ipv4_devconf *all, *dflt;
721 #ifdef CONFIG_SYSCTL
722 @@ -103209,7 +103243,7 @@ index e41c40f..fbed7a7 100644
723 struct ctl_table_header *forw_hdr;
724 #endif
725
726 -@@ -1747,7 +1747,7 @@ static __net_init int devinet_init_net(struct net *net)
727 +@@ -1747,7 +1749,7 @@ static __net_init int devinet_init_net(struct net *net)
728 goto err_alloc_dflt;
729
730 #ifdef CONFIG_SYSCTL
731 @@ -103218,7 +103252,7 @@ index e41c40f..fbed7a7 100644
732 if (tbl == NULL)
733 goto err_alloc_ctl;
734
735 -@@ -1767,7 +1767,10 @@ static __net_init int devinet_init_net(struct net *net)
736 +@@ -1767,7 +1769,10 @@ static __net_init int devinet_init_net(struct net *net)
737 goto err_reg_dflt;
738
739 err = -ENOMEM;
740 @@ -103230,7 +103264,7 @@ index e41c40f..fbed7a7 100644
741 if (forw_hdr == NULL)
742 goto err_reg_ctl;
743 net->ipv4.forw_hdr = forw_hdr;
744 -@@ -1783,8 +1786,7 @@ err_reg_ctl:
745 +@@ -1783,8 +1788,7 @@ err_reg_ctl:
746 err_reg_dflt:
747 __devinet_sysctl_unregister(all);
748 err_reg_all:
749 @@ -103240,7 +103274,7 @@ index e41c40f..fbed7a7 100644
750 err_alloc_ctl:
751 #endif
752 if (dflt != &ipv4_devconf_dflt)
753 -@@ -1811,7 +1813,7 @@ static __net_exit void devinet_exit_net(struct net *net)
754 +@@ -1811,7 +1815,7 @@ static __net_exit void devinet_exit_net(struct net *net)
755 kfree(net->ipv4.devconf_all);
756 }
757
758 @@ -104614,9 +104648,27 @@ index a0b4c5d..a5818a1 100644
759 }
760
761 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
762 -index 3afdd78..cf4a70f 100644
763 +index 3afdd78..2f630fb 100644
764 --- a/net/ipv6/addrconf.c
765 +++ b/net/ipv6/addrconf.c
766 +@@ -169,7 +169,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
767 + .hop_limit = IPV6_DEFAULT_HOPLIMIT,
768 + .mtu6 = IPV6_MIN_MTU,
769 + .accept_ra = 1,
770 +- .accept_redirects = 1,
771 ++ .accept_redirects = 0,
772 + .autoconf = 1,
773 + .force_mld_version = 0,
774 + .dad_transmits = 1,
775 +@@ -204,7 +204,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
776 + .hop_limit = IPV6_DEFAULT_HOPLIMIT,
777 + .mtu6 = IPV6_MIN_MTU,
778 + .accept_ra = 1,
779 +- .accept_redirects = 1,
780 ++ .accept_redirects = 0,
781 + .autoconf = 1,
782 + .dad_transmits = 1,
783 + .rtr_solicits = MAX_RTR_SOLICITATIONS,
784 @@ -2160,7 +2160,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
785 p.iph.ihl = 5;
786 p.iph.protocol = IPPROTO_IPV6;
787 @@ -109662,6 +109714,19 @@ index 0865b3e..7235dd4 100644
788 __ksymtab : { *(SORT(___ksymtab+*)) }
789 __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
790 __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
791 +diff --git a/scripts/package/Makefile b/scripts/package/Makefile
792 +index bc6aa00..51086c8 100644
793 +--- a/scripts/package/Makefile
794 ++++ b/scripts/package/Makefile
795 +@@ -45,7 +45,7 @@ rpm-pkg rpm: $(objtree)/kernel.spec FORCE
796 + $(MAKE) clean
797 + $(PREV) ln -sf $(srctree) $(KERNELPATH)
798 + $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion
799 +- $(PREV) tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/.
800 ++ $(PREV) tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/.
801 + $(PREV) rm $(KERNELPATH)
802 + rm -f $(objtree)/.scmversion
803 + set -e; \
804 diff --git a/scripts/package/builddeb b/scripts/package/builddeb
805 index bee55f6..4108c4b 100644
806 --- a/scripts/package/builddeb
807 @@ -109675,7 +109740,7 @@ index bee55f6..4108c4b 100644
808 mkdir -p "$destdir"
809 (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -)
810 diff --git a/scripts/package/mkspec b/scripts/package/mkspec
811 -index 4bf17dd..e4f4ac4 100755
812 +index 4bf17dd..6ceef68 100755
813 --- a/scripts/package/mkspec
814 +++ b/scripts/package/mkspec
815 @@ -1,7 +1,7 @@
816 @@ -109703,20 +109768,10 @@ index 4bf17dd..e4f4ac4 100755
817
818 if ! $PREBUILT; then
819 echo "%prep"
820 -@@ -74,15 +82,27 @@ echo ""
821 +@@ -74,15 +82,17 @@ echo ""
822 fi
823
824 echo "%install"
825 -+echo 'chmod -f 0500 /boot'
826 -+echo 'if [ -d /lib/modules ]; then'
827 -+echo 'chmod -f 0500 /lib/modules'
828 -+echo 'fi'
829 -+echo 'if [ -d /lib32/modules ]; then'
830 -+echo 'chmod -f 0500 /lib32/modules'
831 -+echo 'fi'
832 -+echo 'if [ -d /lib64/modules ]; then'
833 -+echo 'chmod -f 0500 /lib64/modules'
834 -+echo 'fi'
835 +echo 'KBUILD_IMAGE=$(make image_name)'
836 echo "%ifarch ia64"
837 echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
838 @@ -109734,7 +109789,7 @@ index 4bf17dd..e4f4ac4 100755
839 echo "%ifarch ia64"
840 echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/efi/vmlinuz-$KERNELRELEASE"
841 echo 'ln -s '"efi/vmlinuz-$KERNELRELEASE" '$RPM_BUILD_ROOT'"/boot/"
842 -@@ -95,7 +115,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE"
843 +@@ -95,7 +105,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE"
844 echo "%endif"
845 echo "%endif"
846
847 @@ -109743,7 +109798,7 @@ index 4bf17dd..e4f4ac4 100755
848 echo 'cp System.map $RPM_BUILD_ROOT'"/boot/System.map-$KERNELRELEASE"
849
850 echo 'cp .config $RPM_BUILD_ROOT'"/boot/config-$KERNELRELEASE"
851 -@@ -107,18 +127,43 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2"
852 +@@ -107,18 +117,55 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2"
853 echo 'mv vmlinux.orig vmlinux'
854 echo "%endif"
855
856 @@ -109751,14 +109806,27 @@ index 4bf17dd..e4f4ac4 100755
857 +echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
858 +echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
859 +echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
860 -+echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
861 -+echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
862 -+echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
863 +
864 echo ""
865 echo "%clean"
866 echo 'rm -rf $RPM_BUILD_ROOT'
867 echo ""
868 ++echo "%pre"
869 ++echo 'chmod -f 0500 /boot'
870 ++echo 'if [ -d /lib/modules ]; then'
871 ++echo 'chmod -f 0500 /lib/modules'
872 ++echo 'fi'
873 ++echo 'if [ -d /lib32/modules ]; then'
874 ++echo 'chmod -f 0500 /lib32/modules'
875 ++echo 'fi'
876 ++echo 'if [ -d /lib64/modules ]; then'
877 ++echo 'chmod -f 0500 /lib64/modules'
878 ++echo 'fi'
879 ++echo ""
880 ++echo "%post devel"
881 ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
882 ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
883 ++echo ""
884 +echo "%post"
885 +echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
886 +echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
887 @@ -109772,10 +109840,10 @@ index 4bf17dd..e4f4ac4 100755
888 -echo '%defattr (-, root, root)'
889 +echo '%defattr (400, root, root, 500)'
890 echo "%dir /lib/modules"
891 - echo "/lib/modules/$KERNELRELEASE"
892 --echo "/lib/firmware"
893 +echo "%exclude /lib/modules/$KERNELRELEASE/build"
894 +echo "%exclude /lib/modules/$KERNELRELEASE/source"
895 + echo "/lib/modules/$KERNELRELEASE"
896 +-echo "/lib/firmware"
897 +echo "/lib/firmware/$KERNELRELEASE"
898 echo "/boot/*"
899 echo ""
900 @@ -109785,9 +109853,8 @@ index 4bf17dd..e4f4ac4 100755
901 echo ""
902 +echo "%files devel"
903 +echo '%defattr (400, root, root, 500)'
904 ++echo "%dir /lib/modules/$KERNELRELEASE"
905 +echo "/usr/src/kernels/$KERNELRELEASE"
906 -+echo "/lib/modules/$KERNELRELEASE/build"
907 -+echo "/lib/modules/$KERNELRELEASE/source"
908 +echo ""
909 diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
910 index 5c11312..72742b5 100644
Report Message
Find on MARC Find on Google Groups