1 |
commit: 5ea4fcf4b5c7892dd72ae3a8c6792b6ed8d68c15 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Nov 27 12:16:34 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Nov 27 12:16:34 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=5ea4fcf4 |
7 |
|
8 |
Grsec/PaX: 3.0-{3.2.64,3.14.25,3.17.4}-201411260107 |
9 |
|
10 |
--- |
11 |
3.14.25/0000_README | 2 +- |
12 |
...4420_grsecurity-3.0-3.14.25-201411260106.patch} | 137 ++++++++++++++++----- |
13 |
3.17.4/0000_README | 2 +- |
14 |
... 4420_grsecurity-3.0-3.17.4-201411260107.patch} | 137 ++++++++++++++++----- |
15 |
3.2.64/0000_README | 2 +- |
16 |
... 4420_grsecurity-3.0-3.2.64-201411260105.patch} | 127 ++++++++++++++----- |
17 |
6 files changed, 318 insertions(+), 89 deletions(-) |
18 |
|
19 |
diff --git a/3.14.25/0000_README b/3.14.25/0000_README |
20 |
index 2a01a49..ad24f16 100644 |
21 |
--- a/3.14.25/0000_README |
22 |
+++ b/3.14.25/0000_README |
23 |
@@ -6,7 +6,7 @@ Patch: 1024_linux-3.14.25.patch |
24 |
From: http://www.kernel.org |
25 |
Desc: Linux 3.14.25 |
26 |
|
27 |
-Patch: 4420_grsecurity-3.0-3.14.25-201411220954.patch |
28 |
+Patch: 4420_grsecurity-3.0-3.14.25-201411260106.patch |
29 |
From: http://www.grsecurity.net |
30 |
Desc: hardened-sources base patch from upstream grsecurity |
31 |
|
32 |
|
33 |
diff --git a/3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch b/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch |
34 |
similarity index 99% |
35 |
rename from 3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch |
36 |
rename to 3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch |
37 |
index 5a48407..31289a1 100644 |
38 |
--- a/3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch |
39 |
+++ b/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch |
40 |
@@ -101156,10 +101156,30 @@ index 07bd8ed..c574801 100644 |
41 |
} |
42 |
|
43 |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c |
44 |
-index bdbf68b..deb4759 100644 |
45 |
+index bdbf68b..f0d9c83 100644 |
46 |
--- a/net/ipv4/devinet.c |
47 |
+++ b/net/ipv4/devinet.c |
48 |
-@@ -1543,7 +1543,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) |
49 |
+@@ -69,7 +69,8 @@ |
50 |
+ |
51 |
+ static struct ipv4_devconf ipv4_devconf = { |
52 |
+ .data = { |
53 |
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, |
54 |
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, |
55 |
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, |
56 |
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, |
57 |
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, |
58 |
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, |
59 |
+@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = { |
60 |
+ |
61 |
+ static struct ipv4_devconf ipv4_devconf_dflt = { |
62 |
+ .data = { |
63 |
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, |
64 |
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, |
65 |
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, |
66 |
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, |
67 |
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, |
68 |
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, |
69 |
+@@ -1543,7 +1545,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) |
70 |
idx = 0; |
71 |
head = &net->dev_index_head[h]; |
72 |
rcu_read_lock(); |
73 |
@@ -101168,7 +101188,7 @@ index bdbf68b..deb4759 100644 |
74 |
net->dev_base_seq; |
75 |
hlist_for_each_entry_rcu(dev, head, index_hlist) { |
76 |
if (idx < s_idx) |
77 |
-@@ -1861,7 +1861,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, |
78 |
+@@ -1861,7 +1863,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, |
79 |
idx = 0; |
80 |
head = &net->dev_index_head[h]; |
81 |
rcu_read_lock(); |
82 |
@@ -101177,7 +101197,7 @@ index bdbf68b..deb4759 100644 |
83 |
net->dev_base_seq; |
84 |
hlist_for_each_entry_rcu(dev, head, index_hlist) { |
85 |
if (idx < s_idx) |
86 |
-@@ -2096,7 +2096,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, |
87 |
+@@ -2096,7 +2098,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, |
88 |
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ |
89 |
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) |
90 |
|
91 |
@@ -101186,7 +101206,7 @@ index bdbf68b..deb4759 100644 |
92 |
struct ctl_table_header *sysctl_header; |
93 |
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; |
94 |
} devinet_sysctl = { |
95 |
-@@ -2218,7 +2218,7 @@ static __net_init int devinet_init_net(struct net *net) |
96 |
+@@ -2218,7 +2220,7 @@ static __net_init int devinet_init_net(struct net *net) |
97 |
int err; |
98 |
struct ipv4_devconf *all, *dflt; |
99 |
#ifdef CONFIG_SYSCTL |
100 |
@@ -101195,7 +101215,7 @@ index bdbf68b..deb4759 100644 |
101 |
struct ctl_table_header *forw_hdr; |
102 |
#endif |
103 |
|
104 |
-@@ -2236,7 +2236,7 @@ static __net_init int devinet_init_net(struct net *net) |
105 |
+@@ -2236,7 +2238,7 @@ static __net_init int devinet_init_net(struct net *net) |
106 |
goto err_alloc_dflt; |
107 |
|
108 |
#ifdef CONFIG_SYSCTL |
109 |
@@ -101204,7 +101224,7 @@ index bdbf68b..deb4759 100644 |
110 |
if (tbl == NULL) |
111 |
goto err_alloc_ctl; |
112 |
|
113 |
-@@ -2256,7 +2256,10 @@ static __net_init int devinet_init_net(struct net *net) |
114 |
+@@ -2256,7 +2258,10 @@ static __net_init int devinet_init_net(struct net *net) |
115 |
goto err_reg_dflt; |
116 |
|
117 |
err = -ENOMEM; |
118 |
@@ -101216,7 +101236,7 @@ index bdbf68b..deb4759 100644 |
119 |
if (forw_hdr == NULL) |
120 |
goto err_reg_ctl; |
121 |
net->ipv4.forw_hdr = forw_hdr; |
122 |
-@@ -2272,8 +2275,7 @@ err_reg_ctl: |
123 |
+@@ -2272,8 +2277,7 @@ err_reg_ctl: |
124 |
err_reg_dflt: |
125 |
__devinet_sysctl_unregister(all); |
126 |
err_reg_all: |
127 |
@@ -101661,7 +101681,7 @@ index 2510c02..cfb34fa 100644 |
128 |
pr_err("Unable to proc dir entry\n"); |
129 |
return -ENOMEM; |
130 |
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c |
131 |
-index e21934b..4e7cb58 100644 |
132 |
+index e21934b..fcd69aa 100644 |
133 |
--- a/net/ipv4/ping.c |
134 |
+++ b/net/ipv4/ping.c |
135 |
@@ -59,7 +59,7 @@ struct ping_table { |
136 |
@@ -101673,7 +101693,16 @@ index e21934b..4e7cb58 100644 |
137 |
EXPORT_SYMBOL_GPL(pingv6_ops); |
138 |
|
139 |
static u16 ping_port_rover; |
140 |
-@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, |
141 |
+@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident) |
142 |
+ &ipv6_hdr(skb)->daddr)) |
143 |
+ continue; |
144 |
+ #endif |
145 |
++ } else { |
146 |
++ continue; |
147 |
+ } |
148 |
+ |
149 |
+ if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) |
150 |
+@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, |
151 |
return -ENODEV; |
152 |
} |
153 |
} |
154 |
@@ -101682,7 +101711,7 @@ index e21934b..4e7cb58 100644 |
155 |
scoped); |
156 |
rcu_read_unlock(); |
157 |
|
158 |
-@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
159 |
+@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
160 |
} |
161 |
#if IS_ENABLED(CONFIG_IPV6) |
162 |
} else if (skb->protocol == htons(ETH_P_IPV6)) { |
163 |
@@ -101691,7 +101720,7 @@ index e21934b..4e7cb58 100644 |
164 |
#endif |
165 |
} |
166 |
|
167 |
-@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
168 |
+@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
169 |
info, (u8 *)icmph); |
170 |
#if IS_ENABLED(CONFIG_IPV6) |
171 |
} else if (family == AF_INET6) { |
172 |
@@ -101700,7 +101729,7 @@ index e21934b..4e7cb58 100644 |
173 |
info, (u8 *)icmph); |
174 |
#endif |
175 |
} |
176 |
-@@ -858,7 +858,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
177 |
+@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
178 |
return ip_recv_error(sk, msg, len, addr_len); |
179 |
#if IS_ENABLED(CONFIG_IPV6) |
180 |
} else if (family == AF_INET6) { |
181 |
@@ -101709,7 +101738,7 @@ index e21934b..4e7cb58 100644 |
182 |
addr_len); |
183 |
#endif |
184 |
} |
185 |
-@@ -916,10 +916,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
186 |
+@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
187 |
} |
188 |
|
189 |
if (inet6_sk(sk)->rxopt.all) |
190 |
@@ -101722,7 +101751,7 @@ index e21934b..4e7cb58 100644 |
191 |
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) |
192 |
ip_cmsg_recv(msg, skb); |
193 |
#endif |
194 |
-@@ -1111,7 +1111,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, |
195 |
+@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, |
196 |
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), |
197 |
0, sock_i_ino(sp), |
198 |
atomic_read(&sp->sk_refcnt), sp, |
199 |
@@ -102375,9 +102404,27 @@ index e1a6393..f634ce5 100644 |
200 |
return -ENOMEM; |
201 |
} |
202 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
203 |
-index 3f0ec06..495548c 100644 |
204 |
+index 3f0ec06..5aad945 100644 |
205 |
--- a/net/ipv6/addrconf.c |
206 |
+++ b/net/ipv6/addrconf.c |
207 |
+@@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { |
208 |
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
209 |
+ .mtu6 = IPV6_MIN_MTU, |
210 |
+ .accept_ra = 1, |
211 |
+- .accept_redirects = 1, |
212 |
++ .accept_redirects = 0, |
213 |
+ .autoconf = 1, |
214 |
+ .force_mld_version = 0, |
215 |
+ .mldv1_unsolicited_report_interval = 10 * HZ, |
216 |
+@@ -206,7 +206,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { |
217 |
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
218 |
+ .mtu6 = IPV6_MIN_MTU, |
219 |
+ .accept_ra = 1, |
220 |
+- .accept_redirects = 1, |
221 |
++ .accept_redirects = 0, |
222 |
+ .autoconf = 1, |
223 |
+ .force_mld_version = 0, |
224 |
+ .mldv1_unsolicited_report_interval = 10 * HZ, |
225 |
@@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
226 |
idx = 0; |
227 |
head = &net->dev_index_head[h]; |
228 |
@@ -106498,6 +106545,19 @@ index 0865b3e..7235dd4 100644 |
229 |
__ksymtab : { *(SORT(___ksymtab+*)) } |
230 |
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } |
231 |
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } |
232 |
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile |
233 |
+index c5d4733..7c43eb4 100644 |
234 |
+--- a/scripts/package/Makefile |
235 |
++++ b/scripts/package/Makefile |
236 |
+@@ -46,7 +46,7 @@ rpm-pkg rpm: FORCE |
237 |
+ ln -sf $(srctree) $(KERNELPATH) |
238 |
+ $(CONFIG_SHELL) $(MKSPEC) >$(objtree)/kernel.spec |
239 |
+ $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion |
240 |
+- tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT) |
241 |
++ tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT) |
242 |
+ rm $(KERNELPATH) |
243 |
+ rm -f $(objtree)/.scmversion |
244 |
+ $(CONFIG_SHELL) $(srctree)/scripts/mkversion > $(objtree)/.tmp_version |
245 |
diff --git a/scripts/package/builddeb b/scripts/package/builddeb |
246 |
index 152d4d2..791684c 100644 |
247 |
--- a/scripts/package/builddeb |
248 |
@@ -106511,13 +106571,22 @@ index 152d4d2..791684c 100644 |
249 |
mkdir -p "$destdir" |
250 |
(cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -) |
251 |
diff --git a/scripts/package/mkspec b/scripts/package/mkspec |
252 |
-index 1395760..e4f4ac4 100755 |
253 |
+index 1395760..6ceef68 100755 |
254 |
--- a/scripts/package/mkspec |
255 |
+++ b/scripts/package/mkspec |
256 |
-@@ -82,6 +82,16 @@ echo "" |
257 |
- fi |
258 |
+@@ -121,14 +121,27 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}" |
259 |
+ echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE" |
260 |
+ echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\"" |
261 |
+ echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)" |
262 |
+-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE" |
263 |
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build" |
264 |
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source" |
265 |
|
266 |
- echo "%install" |
267 |
+ echo "" |
268 |
+ echo "%clean" |
269 |
+ echo 'rm -rf $RPM_BUILD_ROOT' |
270 |
+ echo "" |
271 |
++echo "%pre" |
272 |
+echo 'chmod -f 0500 /boot' |
273 |
+echo 'if [ -d /lib/modules ]; then' |
274 |
+echo 'chmod -f 0500 /lib/modules' |
275 |
@@ -106528,27 +106597,39 @@ index 1395760..e4f4ac4 100755 |
276 |
+echo 'if [ -d /lib64/modules ]; then' |
277 |
+echo 'chmod -f 0500 /lib64/modules' |
278 |
+echo 'fi' |
279 |
- echo 'KBUILD_IMAGE=$(make image_name)' |
280 |
- echo "%ifarch ia64" |
281 |
- echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' |
282 |
-@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm |
283 |
++echo "" |
284 |
++echo "%post devel" |
285 |
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build" |
286 |
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source" |
287 |
++echo "" |
288 |
+ echo "%post" |
289 |
+ echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then" |
290 |
+ echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm" |
291 |
+@@ -139,11 +152,11 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm |
292 |
echo "fi" |
293 |
echo "" |
294 |
echo "%files" |
295 |
-echo '%defattr (-, root, root)' |
296 |
+echo '%defattr (400, root, root, 500)' |
297 |
echo "%dir /lib/modules" |
298 |
- echo "/lib/modules/$KERNELRELEASE" |
299 |
+-echo "/lib/modules/$KERNELRELEASE" |
300 |
echo "%exclude /lib/modules/$KERNELRELEASE/build" |
301 |
-@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)' |
302 |
+ echo "%exclude /lib/modules/$KERNELRELEASE/source" |
303 |
++echo "/lib/modules/$KERNELRELEASE" |
304 |
+ echo "/lib/firmware/$KERNELRELEASE" |
305 |
+ echo "/boot/*" |
306 |
+ echo "" |
307 |
+@@ -152,8 +165,7 @@ echo '%defattr (-, root, root)' |
308 |
echo "/usr/include" |
309 |
echo "" |
310 |
echo "%files devel" |
311 |
-echo '%defattr (-, root, root)' |
312 |
+echo '%defattr (400, root, root, 500)' |
313 |
++echo "%dir /lib/modules/$KERNELRELEASE" |
314 |
echo "/usr/src/kernels/$KERNELRELEASE" |
315 |
- echo "/lib/modules/$KERNELRELEASE/build" |
316 |
- echo "/lib/modules/$KERNELRELEASE/source" |
317 |
+-echo "/lib/modules/$KERNELRELEASE/build" |
318 |
+-echo "/lib/modules/$KERNELRELEASE/source" |
319 |
+ echo "" |
320 |
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c |
321 |
index 68bb4ef..2f419e1 100644 |
322 |
--- a/scripts/pnmtologo.c |
323 |
|
324 |
diff --git a/3.17.4/0000_README b/3.17.4/0000_README |
325 |
index 3efa937..3e123ea 100644 |
326 |
--- a/3.17.4/0000_README |
327 |
+++ b/3.17.4/0000_README |
328 |
@@ -2,7 +2,7 @@ README |
329 |
----------------------------------------------------------------------------- |
330 |
Individual Patch Descriptions: |
331 |
----------------------------------------------------------------------------- |
332 |
-Patch: 4420_grsecurity-3.0-3.17.4-201411220955.patch |
333 |
+Patch: 4420_grsecurity-3.0-3.17.4-201411260107.patch |
334 |
From: http://www.grsecurity.net |
335 |
Desc: hardened-sources base patch from upstream grsecurity |
336 |
|
337 |
|
338 |
diff --git a/3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch b/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch |
339 |
similarity index 99% |
340 |
rename from 3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch |
341 |
rename to 3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch |
342 |
index 8d9a284..3dfb83f 100644 |
343 |
--- a/3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch |
344 |
+++ b/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch |
345 |
@@ -102058,10 +102058,30 @@ index 32755cb..236d827 100644 |
346 |
return -ENOMEM; |
347 |
} |
348 |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c |
349 |
-index 214882e..f958b50 100644 |
350 |
+index 214882e..ec032f6 100644 |
351 |
--- a/net/ipv4/devinet.c |
352 |
+++ b/net/ipv4/devinet.c |
353 |
-@@ -1548,7 +1548,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) |
354 |
+@@ -69,7 +69,8 @@ |
355 |
+ |
356 |
+ static struct ipv4_devconf ipv4_devconf = { |
357 |
+ .data = { |
358 |
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, |
359 |
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, |
360 |
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, |
361 |
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, |
362 |
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, |
363 |
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, |
364 |
+@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = { |
365 |
+ |
366 |
+ static struct ipv4_devconf ipv4_devconf_dflt = { |
367 |
+ .data = { |
368 |
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, |
369 |
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, |
370 |
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, |
371 |
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, |
372 |
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, |
373 |
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, |
374 |
+@@ -1548,7 +1550,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) |
375 |
idx = 0; |
376 |
head = &net->dev_index_head[h]; |
377 |
rcu_read_lock(); |
378 |
@@ -102070,7 +102090,7 @@ index 214882e..f958b50 100644 |
379 |
net->dev_base_seq; |
380 |
hlist_for_each_entry_rcu(dev, head, index_hlist) { |
381 |
if (idx < s_idx) |
382 |
-@@ -1866,7 +1866,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, |
383 |
+@@ -1866,7 +1868,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, |
384 |
idx = 0; |
385 |
head = &net->dev_index_head[h]; |
386 |
rcu_read_lock(); |
387 |
@@ -102079,7 +102099,7 @@ index 214882e..f958b50 100644 |
388 |
net->dev_base_seq; |
389 |
hlist_for_each_entry_rcu(dev, head, index_hlist) { |
390 |
if (idx < s_idx) |
391 |
-@@ -2101,7 +2101,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, |
392 |
+@@ -2101,7 +2103,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, |
393 |
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ |
394 |
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) |
395 |
|
396 |
@@ -102088,7 +102108,7 @@ index 214882e..f958b50 100644 |
397 |
struct ctl_table_header *sysctl_header; |
398 |
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; |
399 |
} devinet_sysctl = { |
400 |
-@@ -2233,7 +2233,7 @@ static __net_init int devinet_init_net(struct net *net) |
401 |
+@@ -2233,7 +2235,7 @@ static __net_init int devinet_init_net(struct net *net) |
402 |
int err; |
403 |
struct ipv4_devconf *all, *dflt; |
404 |
#ifdef CONFIG_SYSCTL |
405 |
@@ -102097,7 +102117,7 @@ index 214882e..f958b50 100644 |
406 |
struct ctl_table_header *forw_hdr; |
407 |
#endif |
408 |
|
409 |
-@@ -2251,7 +2251,7 @@ static __net_init int devinet_init_net(struct net *net) |
410 |
+@@ -2251,7 +2253,7 @@ static __net_init int devinet_init_net(struct net *net) |
411 |
goto err_alloc_dflt; |
412 |
|
413 |
#ifdef CONFIG_SYSCTL |
414 |
@@ -102106,7 +102126,7 @@ index 214882e..f958b50 100644 |
415 |
if (tbl == NULL) |
416 |
goto err_alloc_ctl; |
417 |
|
418 |
-@@ -2271,7 +2271,10 @@ static __net_init int devinet_init_net(struct net *net) |
419 |
+@@ -2271,7 +2273,10 @@ static __net_init int devinet_init_net(struct net *net) |
420 |
goto err_reg_dflt; |
421 |
|
422 |
err = -ENOMEM; |
423 |
@@ -102118,7 +102138,7 @@ index 214882e..f958b50 100644 |
424 |
if (forw_hdr == NULL) |
425 |
goto err_reg_ctl; |
426 |
net->ipv4.forw_hdr = forw_hdr; |
427 |
-@@ -2287,8 +2290,7 @@ err_reg_ctl: |
428 |
+@@ -2287,8 +2292,7 @@ err_reg_ctl: |
429 |
err_reg_dflt: |
430 |
__devinet_sysctl_unregister(all); |
431 |
err_reg_all: |
432 |
@@ -102563,7 +102583,7 @@ index 2510c02..cfb34fa 100644 |
433 |
pr_err("Unable to proc dir entry\n"); |
434 |
return -ENOMEM; |
435 |
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c |
436 |
-index a3c59a0..ec620a50 100644 |
437 |
+index a3c59a0..2e88bfd 100644 |
438 |
--- a/net/ipv4/ping.c |
439 |
+++ b/net/ipv4/ping.c |
440 |
@@ -59,7 +59,7 @@ struct ping_table { |
441 |
@@ -102575,7 +102595,16 @@ index a3c59a0..ec620a50 100644 |
442 |
EXPORT_SYMBOL_GPL(pingv6_ops); |
443 |
|
444 |
static u16 ping_port_rover; |
445 |
-@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, |
446 |
+@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident) |
447 |
+ &ipv6_hdr(skb)->daddr)) |
448 |
+ continue; |
449 |
+ #endif |
450 |
++ } else { |
451 |
++ continue; |
452 |
+ } |
453 |
+ |
454 |
+ if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) |
455 |
+@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, |
456 |
return -ENODEV; |
457 |
} |
458 |
} |
459 |
@@ -102584,7 +102613,7 @@ index a3c59a0..ec620a50 100644 |
460 |
scoped); |
461 |
rcu_read_unlock(); |
462 |
|
463 |
-@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
464 |
+@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
465 |
} |
466 |
#if IS_ENABLED(CONFIG_IPV6) |
467 |
} else if (skb->protocol == htons(ETH_P_IPV6)) { |
468 |
@@ -102593,7 +102622,7 @@ index a3c59a0..ec620a50 100644 |
469 |
#endif |
470 |
} |
471 |
|
472 |
-@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
473 |
+@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) |
474 |
info, (u8 *)icmph); |
475 |
#if IS_ENABLED(CONFIG_IPV6) |
476 |
} else if (family == AF_INET6) { |
477 |
@@ -102602,7 +102631,7 @@ index a3c59a0..ec620a50 100644 |
478 |
info, (u8 *)icmph); |
479 |
#endif |
480 |
} |
481 |
-@@ -858,7 +858,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
482 |
+@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
483 |
return ip_recv_error(sk, msg, len, addr_len); |
484 |
#if IS_ENABLED(CONFIG_IPV6) |
485 |
} else if (family == AF_INET6) { |
486 |
@@ -102611,7 +102640,7 @@ index a3c59a0..ec620a50 100644 |
487 |
addr_len); |
488 |
#endif |
489 |
} |
490 |
-@@ -916,10 +916,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
491 |
+@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, |
492 |
} |
493 |
|
494 |
if (inet6_sk(sk)->rxopt.all) |
495 |
@@ -102624,7 +102653,7 @@ index a3c59a0..ec620a50 100644 |
496 |
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) |
497 |
ip_cmsg_recv(msg, skb); |
498 |
#endif |
499 |
-@@ -1111,7 +1111,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, |
500 |
+@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, |
501 |
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), |
502 |
0, sock_i_ino(sp), |
503 |
atomic_read(&sp->sk_refcnt), sp, |
504 |
@@ -103242,9 +103271,27 @@ index 6156f68..d6ab46d 100644 |
505 |
return -ENOMEM; |
506 |
} |
507 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
508 |
-index 3e118df..27b16cf 100644 |
509 |
+index 3e118df..288a0d1 100644 |
510 |
--- a/net/ipv6/addrconf.c |
511 |
+++ b/net/ipv6/addrconf.c |
512 |
+@@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { |
513 |
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
514 |
+ .mtu6 = IPV6_MIN_MTU, |
515 |
+ .accept_ra = 1, |
516 |
+- .accept_redirects = 1, |
517 |
++ .accept_redirects = 0, |
518 |
+ .autoconf = 1, |
519 |
+ .force_mld_version = 0, |
520 |
+ .mldv1_unsolicited_report_interval = 10 * HZ, |
521 |
+@@ -208,7 +208,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { |
522 |
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
523 |
+ .mtu6 = IPV6_MIN_MTU, |
524 |
+ .accept_ra = 1, |
525 |
+- .accept_redirects = 1, |
526 |
++ .accept_redirects = 0, |
527 |
+ .autoconf = 1, |
528 |
+ .force_mld_version = 0, |
529 |
+ .mldv1_unsolicited_report_interval = 10 * HZ, |
530 |
@@ -604,7 +604,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
531 |
idx = 0; |
532 |
head = &net->dev_index_head[h]; |
533 |
@@ -107471,6 +107518,19 @@ index 0865b3e..7235dd4 100644 |
534 |
__ksymtab : { *(SORT(___ksymtab+*)) } |
535 |
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } |
536 |
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } |
537 |
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile |
538 |
+index 99ca6e7..3a1a1a1 100644 |
539 |
+--- a/scripts/package/Makefile |
540 |
++++ b/scripts/package/Makefile |
541 |
+@@ -46,7 +46,7 @@ rpm-pkg rpm: FORCE |
542 |
+ ln -sf $(srctree) $(KERNELPATH) |
543 |
+ $(CONFIG_SHELL) $(MKSPEC) >$(objtree)/kernel.spec |
544 |
+ $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion |
545 |
+- tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT) |
546 |
++ tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT) |
547 |
+ rm $(KERNELPATH) |
548 |
+ rm -f $(objtree)/.scmversion |
549 |
+ $(CONFIG_SHELL) $(srctree)/scripts/mkversion > $(objtree)/.tmp_version |
550 |
diff --git a/scripts/package/builddeb b/scripts/package/builddeb |
551 |
index 7c0e6e4..bf2c90e 100644 |
552 |
--- a/scripts/package/builddeb |
553 |
@@ -107484,13 +107544,22 @@ index 7c0e6e4..bf2c90e 100644 |
554 |
mkdir -p "$destdir" |
555 |
(cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -) |
556 |
diff --git a/scripts/package/mkspec b/scripts/package/mkspec |
557 |
-index 1395760..e4f4ac4 100755 |
558 |
+index 1395760..6ceef68 100755 |
559 |
--- a/scripts/package/mkspec |
560 |
+++ b/scripts/package/mkspec |
561 |
-@@ -82,6 +82,16 @@ echo "" |
562 |
- fi |
563 |
+@@ -121,14 +121,27 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}" |
564 |
+ echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE" |
565 |
+ echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\"" |
566 |
+ echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)" |
567 |
+-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE" |
568 |
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build" |
569 |
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source" |
570 |
|
571 |
- echo "%install" |
572 |
+ echo "" |
573 |
+ echo "%clean" |
574 |
+ echo 'rm -rf $RPM_BUILD_ROOT' |
575 |
+ echo "" |
576 |
++echo "%pre" |
577 |
+echo 'chmod -f 0500 /boot' |
578 |
+echo 'if [ -d /lib/modules ]; then' |
579 |
+echo 'chmod -f 0500 /lib/modules' |
580 |
@@ -107501,27 +107570,39 @@ index 1395760..e4f4ac4 100755 |
581 |
+echo 'if [ -d /lib64/modules ]; then' |
582 |
+echo 'chmod -f 0500 /lib64/modules' |
583 |
+echo 'fi' |
584 |
- echo 'KBUILD_IMAGE=$(make image_name)' |
585 |
- echo "%ifarch ia64" |
586 |
- echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' |
587 |
-@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm |
588 |
++echo "" |
589 |
++echo "%post devel" |
590 |
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build" |
591 |
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source" |
592 |
++echo "" |
593 |
+ echo "%post" |
594 |
+ echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then" |
595 |
+ echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm" |
596 |
+@@ -139,11 +152,11 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm |
597 |
echo "fi" |
598 |
echo "" |
599 |
echo "%files" |
600 |
-echo '%defattr (-, root, root)' |
601 |
+echo '%defattr (400, root, root, 500)' |
602 |
echo "%dir /lib/modules" |
603 |
- echo "/lib/modules/$KERNELRELEASE" |
604 |
+-echo "/lib/modules/$KERNELRELEASE" |
605 |
echo "%exclude /lib/modules/$KERNELRELEASE/build" |
606 |
-@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)' |
607 |
+ echo "%exclude /lib/modules/$KERNELRELEASE/source" |
608 |
++echo "/lib/modules/$KERNELRELEASE" |
609 |
+ echo "/lib/firmware/$KERNELRELEASE" |
610 |
+ echo "/boot/*" |
611 |
+ echo "" |
612 |
+@@ -152,8 +165,7 @@ echo '%defattr (-, root, root)' |
613 |
echo "/usr/include" |
614 |
echo "" |
615 |
echo "%files devel" |
616 |
-echo '%defattr (-, root, root)' |
617 |
+echo '%defattr (400, root, root, 500)' |
618 |
++echo "%dir /lib/modules/$KERNELRELEASE" |
619 |
echo "/usr/src/kernels/$KERNELRELEASE" |
620 |
- echo "/lib/modules/$KERNELRELEASE/build" |
621 |
- echo "/lib/modules/$KERNELRELEASE/source" |
622 |
+-echo "/lib/modules/$KERNELRELEASE/build" |
623 |
+-echo "/lib/modules/$KERNELRELEASE/source" |
624 |
+ echo "" |
625 |
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c |
626 |
index 4718d78..9220d58 100644 |
627 |
--- a/scripts/pnmtologo.c |
628 |
|
629 |
diff --git a/3.2.64/0000_README b/3.2.64/0000_README |
630 |
index c5a1f90..d632471 100644 |
631 |
--- a/3.2.64/0000_README |
632 |
+++ b/3.2.64/0000_README |
633 |
@@ -174,7 +174,7 @@ Patch: 1063_linux-3.2.64.patch |
634 |
From: http://www.kernel.org |
635 |
Desc: Linux 3.2.64 |
636 |
|
637 |
-Patch: 4420_grsecurity-3.0-3.2.64-201411220952.patch |
638 |
+Patch: 4420_grsecurity-3.0-3.2.64-201411260105.patch |
639 |
From: http://www.grsecurity.net |
640 |
Desc: hardened-sources base patch from upstream grsecurity |
641 |
|
642 |
|
643 |
diff --git a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch |
644 |
similarity index 99% |
645 |
rename from 3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch |
646 |
rename to 3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch |
647 |
index d9f5bed..206ef20 100644 |
648 |
--- a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch |
649 |
+++ b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch |
650 |
@@ -1727,6 +1727,20 @@ index e51b1e8..32a3113 100644 |
651 |
KM_TYPE_NR |
652 |
}; |
653 |
|
654 |
+diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h |
655 |
+index a8997d7..f0a29154 100644 |
656 |
+--- a/arch/arm/include/asm/memory.h |
657 |
++++ b/arch/arm/include/asm/memory.h |
658 |
+@@ -268,7 +268,8 @@ static inline __deprecated void *bus_to_virt(unsigned long x) |
659 |
+ #define ARCH_PFN_OFFSET PHYS_PFN_OFFSET |
660 |
+ |
661 |
+ #define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT) |
662 |
+-#define virt_addr_valid(kaddr) ((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory) |
663 |
++#define virt_addr_valid(kaddr) (((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory) \ |
664 |
++ && pfn_valid(__pa(kaddr) >> PAGE_SHIFT) ) |
665 |
+ |
666 |
+ /* |
667 |
+ * Optional coherency support. Currently used only by selected |
668 |
diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h |
669 |
index 53426c6..c7baff3 100644 |
670 |
--- a/arch/arm/include/asm/outercache.h |
671 |
@@ -103176,10 +103190,30 @@ index 59a7041..060976d 100644 |
672 |
|
673 |
return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); |
674 |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c |
675 |
-index e41c40f..fbed7a7 100644 |
676 |
+index e41c40f..f476dfd6 100644 |
677 |
--- a/net/ipv4/devinet.c |
678 |
+++ b/net/ipv4/devinet.c |
679 |
-@@ -827,9 +827,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg) |
680 |
+@@ -68,7 +68,8 @@ |
681 |
+ |
682 |
+ static struct ipv4_devconf ipv4_devconf = { |
683 |
+ .data = { |
684 |
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, |
685 |
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, |
686 |
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, |
687 |
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, |
688 |
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, |
689 |
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, |
690 |
+@@ -77,7 +78,8 @@ static struct ipv4_devconf ipv4_devconf = { |
691 |
+ |
692 |
+ static struct ipv4_devconf ipv4_devconf_dflt = { |
693 |
+ .data = { |
694 |
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, |
695 |
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, |
696 |
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, |
697 |
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, |
698 |
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, |
699 |
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, |
700 |
+@@ -827,9 +829,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg) |
701 |
if (!ifa) { |
702 |
ret = -ENOBUFS; |
703 |
ifa = inet_alloc_ifa(); |
704 |
@@ -103191,7 +103225,7 @@ index e41c40f..fbed7a7 100644 |
705 |
if (colon) |
706 |
memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ); |
707 |
else |
708 |
-@@ -1584,7 +1584,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, |
709 |
+@@ -1584,7 +1586,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, |
710 |
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ |
711 |
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) |
712 |
|
713 |
@@ -103200,7 +103234,7 @@ index e41c40f..fbed7a7 100644 |
714 |
struct ctl_table_header *sysctl_header; |
715 |
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; |
716 |
char *dev_name; |
717 |
-@@ -1729,7 +1729,7 @@ static __net_init int devinet_init_net(struct net *net) |
718 |
+@@ -1729,7 +1731,7 @@ static __net_init int devinet_init_net(struct net *net) |
719 |
int err; |
720 |
struct ipv4_devconf *all, *dflt; |
721 |
#ifdef CONFIG_SYSCTL |
722 |
@@ -103209,7 +103243,7 @@ index e41c40f..fbed7a7 100644 |
723 |
struct ctl_table_header *forw_hdr; |
724 |
#endif |
725 |
|
726 |
-@@ -1747,7 +1747,7 @@ static __net_init int devinet_init_net(struct net *net) |
727 |
+@@ -1747,7 +1749,7 @@ static __net_init int devinet_init_net(struct net *net) |
728 |
goto err_alloc_dflt; |
729 |
|
730 |
#ifdef CONFIG_SYSCTL |
731 |
@@ -103218,7 +103252,7 @@ index e41c40f..fbed7a7 100644 |
732 |
if (tbl == NULL) |
733 |
goto err_alloc_ctl; |
734 |
|
735 |
-@@ -1767,7 +1767,10 @@ static __net_init int devinet_init_net(struct net *net) |
736 |
+@@ -1767,7 +1769,10 @@ static __net_init int devinet_init_net(struct net *net) |
737 |
goto err_reg_dflt; |
738 |
|
739 |
err = -ENOMEM; |
740 |
@@ -103230,7 +103264,7 @@ index e41c40f..fbed7a7 100644 |
741 |
if (forw_hdr == NULL) |
742 |
goto err_reg_ctl; |
743 |
net->ipv4.forw_hdr = forw_hdr; |
744 |
-@@ -1783,8 +1786,7 @@ err_reg_ctl: |
745 |
+@@ -1783,8 +1788,7 @@ err_reg_ctl: |
746 |
err_reg_dflt: |
747 |
__devinet_sysctl_unregister(all); |
748 |
err_reg_all: |
749 |
@@ -103240,7 +103274,7 @@ index e41c40f..fbed7a7 100644 |
750 |
err_alloc_ctl: |
751 |
#endif |
752 |
if (dflt != &ipv4_devconf_dflt) |
753 |
-@@ -1811,7 +1813,7 @@ static __net_exit void devinet_exit_net(struct net *net) |
754 |
+@@ -1811,7 +1815,7 @@ static __net_exit void devinet_exit_net(struct net *net) |
755 |
kfree(net->ipv4.devconf_all); |
756 |
} |
757 |
|
758 |
@@ -104614,9 +104648,27 @@ index a0b4c5d..a5818a1 100644 |
759 |
} |
760 |
|
761 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
762 |
-index 3afdd78..cf4a70f 100644 |
763 |
+index 3afdd78..2f630fb 100644 |
764 |
--- a/net/ipv6/addrconf.c |
765 |
+++ b/net/ipv6/addrconf.c |
766 |
+@@ -169,7 +169,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { |
767 |
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
768 |
+ .mtu6 = IPV6_MIN_MTU, |
769 |
+ .accept_ra = 1, |
770 |
+- .accept_redirects = 1, |
771 |
++ .accept_redirects = 0, |
772 |
+ .autoconf = 1, |
773 |
+ .force_mld_version = 0, |
774 |
+ .dad_transmits = 1, |
775 |
+@@ -204,7 +204,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { |
776 |
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
777 |
+ .mtu6 = IPV6_MIN_MTU, |
778 |
+ .accept_ra = 1, |
779 |
+- .accept_redirects = 1, |
780 |
++ .accept_redirects = 0, |
781 |
+ .autoconf = 1, |
782 |
+ .dad_transmits = 1, |
783 |
+ .rtr_solicits = MAX_RTR_SOLICITATIONS, |
784 |
@@ -2160,7 +2160,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
785 |
p.iph.ihl = 5; |
786 |
p.iph.protocol = IPPROTO_IPV6; |
787 |
@@ -109662,6 +109714,19 @@ index 0865b3e..7235dd4 100644 |
788 |
__ksymtab : { *(SORT(___ksymtab+*)) } |
789 |
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } |
790 |
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } |
791 |
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile |
792 |
+index bc6aa00..51086c8 100644 |
793 |
+--- a/scripts/package/Makefile |
794 |
++++ b/scripts/package/Makefile |
795 |
+@@ -45,7 +45,7 @@ rpm-pkg rpm: $(objtree)/kernel.spec FORCE |
796 |
+ $(MAKE) clean |
797 |
+ $(PREV) ln -sf $(srctree) $(KERNELPATH) |
798 |
+ $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion |
799 |
+- $(PREV) tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/. |
800 |
++ $(PREV) tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/. |
801 |
+ $(PREV) rm $(KERNELPATH) |
802 |
+ rm -f $(objtree)/.scmversion |
803 |
+ set -e; \ |
804 |
diff --git a/scripts/package/builddeb b/scripts/package/builddeb |
805 |
index bee55f6..4108c4b 100644 |
806 |
--- a/scripts/package/builddeb |
807 |
@@ -109675,7 +109740,7 @@ index bee55f6..4108c4b 100644 |
808 |
mkdir -p "$destdir" |
809 |
(cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -) |
810 |
diff --git a/scripts/package/mkspec b/scripts/package/mkspec |
811 |
-index 4bf17dd..e4f4ac4 100755 |
812 |
+index 4bf17dd..6ceef68 100755 |
813 |
--- a/scripts/package/mkspec |
814 |
+++ b/scripts/package/mkspec |
815 |
@@ -1,7 +1,7 @@ |
816 |
@@ -109703,20 +109768,10 @@ index 4bf17dd..e4f4ac4 100755 |
817 |
|
818 |
if ! $PREBUILT; then |
819 |
echo "%prep" |
820 |
-@@ -74,15 +82,27 @@ echo "" |
821 |
+@@ -74,15 +82,17 @@ echo "" |
822 |
fi |
823 |
|
824 |
echo "%install" |
825 |
-+echo 'chmod -f 0500 /boot' |
826 |
-+echo 'if [ -d /lib/modules ]; then' |
827 |
-+echo 'chmod -f 0500 /lib/modules' |
828 |
-+echo 'fi' |
829 |
-+echo 'if [ -d /lib32/modules ]; then' |
830 |
-+echo 'chmod -f 0500 /lib32/modules' |
831 |
-+echo 'fi' |
832 |
-+echo 'if [ -d /lib64/modules ]; then' |
833 |
-+echo 'chmod -f 0500 /lib64/modules' |
834 |
-+echo 'fi' |
835 |
+echo 'KBUILD_IMAGE=$(make image_name)' |
836 |
echo "%ifarch ia64" |
837 |
echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' |
838 |
@@ -109734,7 +109789,7 @@ index 4bf17dd..e4f4ac4 100755 |
839 |
echo "%ifarch ia64" |
840 |
echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/efi/vmlinuz-$KERNELRELEASE" |
841 |
echo 'ln -s '"efi/vmlinuz-$KERNELRELEASE" '$RPM_BUILD_ROOT'"/boot/" |
842 |
-@@ -95,7 +115,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE" |
843 |
+@@ -95,7 +105,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE" |
844 |
echo "%endif" |
845 |
echo "%endif" |
846 |
|
847 |
@@ -109743,7 +109798,7 @@ index 4bf17dd..e4f4ac4 100755 |
848 |
echo 'cp System.map $RPM_BUILD_ROOT'"/boot/System.map-$KERNELRELEASE" |
849 |
|
850 |
echo 'cp .config $RPM_BUILD_ROOT'"/boot/config-$KERNELRELEASE" |
851 |
-@@ -107,18 +127,43 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2" |
852 |
+@@ -107,18 +117,55 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2" |
853 |
echo 'mv vmlinux.orig vmlinux' |
854 |
echo "%endif" |
855 |
|
856 |
@@ -109751,14 +109806,27 @@ index 4bf17dd..e4f4ac4 100755 |
857 |
+echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE" |
858 |
+echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\"" |
859 |
+echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)" |
860 |
-+echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE" |
861 |
-+echo "ln -sf /usr/src/kernels/$KERNELRELEASE build" |
862 |
-+echo "ln -sf /usr/src/kernels/$KERNELRELEASE source" |
863 |
+ |
864 |
echo "" |
865 |
echo "%clean" |
866 |
echo 'rm -rf $RPM_BUILD_ROOT' |
867 |
echo "" |
868 |
++echo "%pre" |
869 |
++echo 'chmod -f 0500 /boot' |
870 |
++echo 'if [ -d /lib/modules ]; then' |
871 |
++echo 'chmod -f 0500 /lib/modules' |
872 |
++echo 'fi' |
873 |
++echo 'if [ -d /lib32/modules ]; then' |
874 |
++echo 'chmod -f 0500 /lib32/modules' |
875 |
++echo 'fi' |
876 |
++echo 'if [ -d /lib64/modules ]; then' |
877 |
++echo 'chmod -f 0500 /lib64/modules' |
878 |
++echo 'fi' |
879 |
++echo "" |
880 |
++echo "%post devel" |
881 |
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build" |
882 |
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source" |
883 |
++echo "" |
884 |
+echo "%post" |
885 |
+echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then" |
886 |
+echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm" |
887 |
@@ -109772,10 +109840,10 @@ index 4bf17dd..e4f4ac4 100755 |
888 |
-echo '%defattr (-, root, root)' |
889 |
+echo '%defattr (400, root, root, 500)' |
890 |
echo "%dir /lib/modules" |
891 |
- echo "/lib/modules/$KERNELRELEASE" |
892 |
--echo "/lib/firmware" |
893 |
+echo "%exclude /lib/modules/$KERNELRELEASE/build" |
894 |
+echo "%exclude /lib/modules/$KERNELRELEASE/source" |
895 |
+ echo "/lib/modules/$KERNELRELEASE" |
896 |
+-echo "/lib/firmware" |
897 |
+echo "/lib/firmware/$KERNELRELEASE" |
898 |
echo "/boot/*" |
899 |
echo "" |
900 |
@@ -109785,9 +109853,8 @@ index 4bf17dd..e4f4ac4 100755 |
901 |
echo "" |
902 |
+echo "%files devel" |
903 |
+echo '%defattr (400, root, root, 500)' |
904 |
++echo "%dir /lib/modules/$KERNELRELEASE" |
905 |
+echo "/usr/src/kernels/$KERNELRELEASE" |
906 |
-+echo "/lib/modules/$KERNELRELEASE/build" |
907 |
-+echo "/lib/modules/$KERNELRELEASE/source" |
908 |
+echo "" |
909 |
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c |
910 |
index 5c11312..72742b5 100644 |