[gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
Date:	Tue, 28 Jun 2016 11:22:34
Message-Id:	`1467113087.fe9cd0792773d512df74e504d2ef92946d02f6da.blueness@gentoo`

1

commit:     fe9cd0792773d512df74e504d2ef92946d02f6da

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jun 28 11:24:47 2016 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Tue Jun 28 11:24:47 2016 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fe9cd079

7

8

grsecurity-3.1-4.5.7-201606280009

9

10

 4.5.7/0000_README                                  |  2 +-

11

 ...> 4420_grsecurity-3.1-4.5.7-201606280009.patch} | 32 ++++++++++++----------

12

 2 files changed, 18 insertions(+), 16 deletions(-)

13

14

diff --git a/4.5.7/0000_README b/4.5.7/0000_README

15

index b74a9dd..bdf9f5e 100644

16

--- a/4.5.7/0000_README

17

+++ b/4.5.7/0000_README

18

@@ -2,7 +2,7 @@ README

19

 -----------------------------------------------------------------------------

20

 Individual Patch Descriptions:

21

 -----------------------------------------------------------------------------

22

-Patch:	4420_grsecurity-3.1-4.5.7-201606262019.patch

23

+Patch:	4420_grsecurity-3.1-4.5.7-201606280009.patch

24

 From:	http://www.grsecurity.net

25

 Desc:	hardened-sources base patch from upstream grsecurity

26

27

28

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch

29

similarity index 99%

30

rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch

31

rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch

32

index 3d3b9d3..f3179f6 100644

33

--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch

34

+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch

35

@@ -98058,7 +98058,7 @@ index e4141f2..d8263e8 100644

36

  		i += packet_length_size;

37

  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))

38

 diff --git a/fs/exec.c b/fs/exec.c

39

-index dcd4ac7..f651515 100644

40

+index dcd4ac7..7a1a7dc 100644

41

 --- a/fs/exec.c

42

 +++ b/fs/exec.c

43

 @@ -56,8 +56,20 @@

44

@@ -98572,7 +98572,7 @@ index dcd4ac7..f651515 100644

45

  out:

46

  	if (bprm->mm) {

47

  		acct_arg_size(bprm, 0);

48

-@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,

49

+@@ -1749,3 +1930,316 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,

50

  				  argv, envp, flags);

51

}

52

  #endif

53

@@ -98719,10 +98719,7 @@ index dcd4ac7..f651515 100644

54

 +		printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),

55

 +				from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));

56

 +	print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));

57

-+	preempt_disable();

58

-+	show_regs(regs);

59

-+	preempt_enable();

60

-+	force_sig_info(SIGKILL, SEND_SIG_FORCED, current);

61

++	BUG();

62

+}

63

 +#endif

64

+

65

@@ -139266,7 +139263,7 @@ index c112abb..49d919f 100644

66

  		if (wo->wo_flags & __WNOTHREAD)

67

  			break;

68

 diff --git a/kernel/fork.c b/kernel/fork.c

69

-index 2e391c7..4af22a9 100644

70

+index 2e391c7..87a5bfe 100644

71

 --- a/kernel/fork.c

72

 +++ b/kernel/fork.c

73

 @@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)

74

@@ -139655,7 +139652,7 @@ index 2e391c7..4af22a9 100644

75

  	if (atomic_read(&p->real_cred->user->processes) >=

76

  			task_rlimit(p, RLIMIT_NPROC)) {

77

  		if (p->real_cred->user != INIT_USER &&

78

-@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,

79

+@@ -1568,6 +1681,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,

80

  		goto bad_fork_cancel_cgroup;

81

}

82

83

@@ -139664,10 +139661,15 @@ index 2e391c7..4af22a9 100644

84

 +	*/

85

 +	gr_copy_label(p);

86

+

87

++#ifdef CONFIG_GRKERNSEC_SETXID

88

++	if (p->delayed_cred)

89

++		get_cred(p->delayed_cred);

90

++#endif

91

++

92

  	if (likely(p->pid)) {

93

  		ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);

94

95

-@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:

96

+@@ -1657,6 +1780,8 @@ bad_fork_cleanup_count:

97

  bad_fork_free:

98

  	free_task(p);

99

  fork_out:

100

@@ -139676,7 +139678,7 @@ index 2e391c7..4af22a9 100644

101

  	return ERR_PTR(retval);

102

}

103

104

-@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,

105

+@@ -1719,6 +1844,7 @@ long _do_fork(unsigned long clone_flags,

106

107

  	p = copy_process(clone_flags, stack_start, stack_size,

108

  			 child_tidptr, NULL, trace, tls);

109

@@ -139684,7 +139686,7 @@ index 2e391c7..4af22a9 100644

110

/*

111

  	 * Do this prior waking up the new thread - the thread pointer

112

  	 * might get invalid after that point, if the thread exits quickly.

113

-@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,

114

+@@ -1735,6 +1861,8 @@ long _do_fork(unsigned long clone_flags,

115

  		if (clone_flags & CLONE_PARENT_SETTID)

116

  			put_user(nr, parent_tidptr);

117

118

@@ -139693,7 +139695,7 @@ index 2e391c7..4af22a9 100644

119

  		if (clone_flags & CLONE_VFORK) {

120

  			p->vfork_done = &vfork;

121

  			init_completion(&vfork);

122

-@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)

123

+@@ -1871,7 +1999,7 @@ void __init proc_caches_init(void)

124

  			sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,

125

  			SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,

126

  			NULL);

127

@@ -139702,7 +139704,7 @@ index 2e391c7..4af22a9 100644

128

  	mmap_init();

129

  	nsproxy_cache_init();

130

}

131

-@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)

132

+@@ -1919,7 +2047,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)

133

  		return 0;

134

135

  	/* don't need lock here; in the worst case we'll do useless copy */

136

@@ -139711,7 +139713,7 @@ index 2e391c7..4af22a9 100644

137

  		return 0;

138

139

  	*new_fsp = copy_fs_struct(fs);

140

-@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)

141

+@@ -2032,7 +2160,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)

142

  			fs = current->fs;

143

  			spin_lock(&fs->lock);

144

  			current->fs = new_fs;

145

@@ -139721,7 +139723,7 @@ index 2e391c7..4af22a9 100644

146

  				new_fs = NULL;

147

  			else

148

  				new_fs = fs;

149

-@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)

150

+@@ -2096,7 +2225,7 @@ int unshare_files(struct files_struct **displaced)

151

  int sysctl_max_threads(struct ctl_table *table, int write,

152

  		       void __user *buffer, size_t *lenp, loff_t *ppos)

153

{

1	commit: fe9cd0792773d512df74e504d2ef92946d02f6da
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jun 28 11:24:47 2016 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Tue Jun 28 11:24:47 2016 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fe9cd079
7
8	grsecurity-3.1-4.5.7-201606280009
9
10	4.5.7/0000_README \| 2 +-
11	...> 4420_grsecurity-3.1-4.5.7-201606280009.patch} \| 32 ++++++++++++----------
12	2 files changed, 18 insertions(+), 16 deletions(-)
13
14	diff --git a/4.5.7/0000_README b/4.5.7/0000_README
15	index b74a9dd..bdf9f5e 100644
16	--- a/4.5.7/0000_README
17	+++ b/4.5.7/0000_README
18	@@ -2,7 +2,7 @@ README
19	-----------------------------------------------------------------------------
20	Individual Patch Descriptions:
21	-----------------------------------------------------------------------------
22	-Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch
23	+Patch: 4420_grsecurity-3.1-4.5.7-201606280009.patch
24	From: http://www.grsecurity.net
25	Desc: hardened-sources base patch from upstream grsecurity
26
27
28	diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
29	similarity index 99%
30	rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
31	rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
32	index 3d3b9d3..f3179f6 100644
33	--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
34	+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
35	@@ -98058,7 +98058,7 @@ index e4141f2..d8263e8 100644
36	i += packet_length_size;
37	if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
38	diff --git a/fs/exec.c b/fs/exec.c
39	-index dcd4ac7..f651515 100644
40	+index dcd4ac7..7a1a7dc 100644
41	--- a/fs/exec.c
42	+++ b/fs/exec.c
43	@@ -56,8 +56,20 @@
44	@@ -98572,7 +98572,7 @@ index dcd4ac7..f651515 100644
45	out:
46	if (bprm->mm) {
47	acct_arg_size(bprm, 0);
48	-@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
49	+@@ -1749,3 +1930,316 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
50	argv, envp, flags);
51	}
52	#endif
53	@@ -98719,10 +98719,7 @@ index dcd4ac7..f651515 100644
54	+ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
55	+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
56	+ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
57	-+ preempt_disable();
58	-+ show_regs(regs);
59	-+ preempt_enable();
60	-+ force_sig_info(SIGKILL, SEND_SIG_FORCED, current);
61	++ BUG();
62	+}
63	+#endif
64	+
65	@@ -139266,7 +139263,7 @@ index c112abb..49d919f 100644
66	if (wo->wo_flags & __WNOTHREAD)
67	break;
68	diff --git a/kernel/fork.c b/kernel/fork.c
69	-index 2e391c7..4af22a9 100644
70	+index 2e391c7..87a5bfe 100644
71	--- a/kernel/fork.c
72	+++ b/kernel/fork.c
73	@@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)
74	@@ -139655,7 +139652,7 @@ index 2e391c7..4af22a9 100644
75	if (atomic_read(&p->real_cred->user->processes) >=
76	task_rlimit(p, RLIMIT_NPROC)) {
77	if (p->real_cred->user != INIT_USER &&
78	-@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
79	+@@ -1568,6 +1681,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
80	goto bad_fork_cancel_cgroup;
81	}
82
83	@@ -139664,10 +139661,15 @@ index 2e391c7..4af22a9 100644
84	+ */
85	+ gr_copy_label(p);
86	+
87	++#ifdef CONFIG_GRKERNSEC_SETXID
88	++ if (p->delayed_cred)
89	++ get_cred(p->delayed_cred);
90	++#endif
91	++
92	if (likely(p->pid)) {
93	ptrace_init_task(p, (clone_flags & CLONE_PTRACE) \|\| trace);
94
95	-@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:
96	+@@ -1657,6 +1780,8 @@ bad_fork_cleanup_count:
97	bad_fork_free:
98	free_task(p);
99	fork_out:
100	@@ -139676,7 +139678,7 @@ index 2e391c7..4af22a9 100644
101	return ERR_PTR(retval);
102	}
103
104	-@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,
105	+@@ -1719,6 +1844,7 @@ long _do_fork(unsigned long clone_flags,
106
107	p = copy_process(clone_flags, stack_start, stack_size,
108	child_tidptr, NULL, trace, tls);
109	@@ -139684,7 +139686,7 @@ index 2e391c7..4af22a9 100644
110	/*
111	* Do this prior waking up the new thread - the thread pointer
112	* might get invalid after that point, if the thread exits quickly.
113	-@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,
114	+@@ -1735,6 +1861,8 @@ long _do_fork(unsigned long clone_flags,
115	if (clone_flags & CLONE_PARENT_SETTID)
116	put_user(nr, parent_tidptr);
117
118	@@ -139693,7 +139695,7 @@ index 2e391c7..4af22a9 100644
119	if (clone_flags & CLONE_VFORK) {
120	p->vfork_done = &vfork;
121	init_completion(&vfork);
122	-@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)
123	+@@ -1871,7 +1999,7 @@ void __init proc_caches_init(void)
124	sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
125	SLAB_HWCACHE_ALIGN\|SLAB_PANIC\|SLAB_NOTRACK\|SLAB_ACCOUNT,
126	NULL);
127	@@ -139702,7 +139704,7 @@ index 2e391c7..4af22a9 100644
128	mmap_init();
129	nsproxy_cache_init();
130	}
131	-@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
132	+@@ -1919,7 +2047,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
133	return 0;
134
135	/* don't need lock here; in the worst case we'll do useless copy */
136	@@ -139711,7 +139713,7 @@ index 2e391c7..4af22a9 100644
137	return 0;
138
139	*new_fsp = copy_fs_struct(fs);
140	-@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
141	+@@ -2032,7 +2160,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
142	fs = current->fs;
143	spin_lock(&fs->lock);
144	current->fs = new_fs;
145	@@ -139721,7 +139723,7 @@ index 2e391c7..4af22a9 100644
146	new_fs = NULL;
147	else
148	new_fs = fs;
149	-@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)
150	+@@ -2096,7 +2225,7 @@ int unshare_files(struct files_struct **displaced)
151	int sysctl_max_threads(struct ctl_table *table, int write,
152	void __user buffer, size_t lenp, loff_t *ppos)
153	{

Gentoo Archives: gentoo-commits