1 |
commit: dc5364db188b719cc9bb059838f0a9740a0a4561 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu May 26 10:38:20 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 26 10:38:20 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=dc5364db |
7 |
|
8 |
Update Grsec/PaX |
9 |
2.2.2-2.6.32.41-201105251736 |
10 |
2.2.2-2.6.39-201105251736 |
11 |
|
12 |
--- |
13 |
2.6.32/0000_README | 2 +- |
14 |
..._grsecurity-2.2.2-2.6.32.41-201105251736.patch} | 21 +++++++++---- |
15 |
2.6.32/4423_grsec-remove-protected-paths.patch | 2 +- |
16 |
2.6.39/0000_README | 2 +- |
17 |
...420_grsecurity-2.2.2-2.6.39-201105251736.patch} | 32 +++++++++++++------ |
18 |
2.6.39/4423_grsec-remove-protected-paths.patch | 2 +- |
19 |
6 files changed, 41 insertions(+), 20 deletions(-) |
20 |
|
21 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
22 |
index 59912da..cd33071 100644 |
23 |
--- a/2.6.32/0000_README |
24 |
+++ b/2.6.32/0000_README |
25 |
@@ -3,7 +3,7 @@ README |
26 |
|
27 |
Individual Patch Descriptions: |
28 |
----------------------------------------------------------------------------- |
29 |
-Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch |
30 |
+Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch |
31 |
From: http://www.grsecurity.net |
32 |
Desc: hardened-sources base patch from upstream grsecurity |
33 |
|
34 |
|
35 |
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch |
36 |
similarity index 99% |
37 |
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch |
38 |
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch |
39 |
index 8de9a60..d39c729 100644 |
40 |
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch |
41 |
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch |
42 |
@@ -43548,8 +43548,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl_alloc.c linux-2.6.32.41/grsecurity/g |
43 |
+} |
44 |
diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c |
45 |
--- linux-2.6.32.41/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 |
46 |
-+++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-17 17:29:53.000000000 -0400 |
47 |
-@@ -0,0 +1,4074 @@ |
48 |
++++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-24 20:26:07.000000000 -0400 |
49 |
+@@ -0,0 +1,4079 @@ |
50 |
+#include <linux/kernel.h> |
51 |
+#include <linux/module.h> |
52 |
+#include <linux/sched.h> |
53 |
@@ -43625,7 +43625,9 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c |
54 |
+static unsigned int gr_auth_attempts = 0; |
55 |
+static unsigned long gr_auth_expires = 0UL; |
56 |
+ |
57 |
++#ifdef CONFIG_NET |
58 |
+extern struct vfsmount *sock_mnt; |
59 |
++#endif |
60 |
+extern struct vfsmount *pipe_mnt; |
61 |
+extern struct vfsmount *shm_mnt; |
62 |
+#ifdef CONFIG_HUGETLBFS |
63 |
@@ -45366,7 +45368,10 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c |
64 |
+ spin_lock(&dcache_lock); |
65 |
+ spin_lock(&vfsmount_lock); |
66 |
+ |
67 |
-+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt || |
68 |
++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || |
69 |
++#ifdef CONFIG_NET |
70 |
++ mnt == sock_mnt || |
71 |
++#endif |
72 |
+#ifdef CONFIG_HUGETLBFS |
73 |
+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) || |
74 |
+#endif |
75 |
@@ -53228,8 +53233,8 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig |
76 |
+endmenu |
77 |
diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefile |
78 |
--- linux-2.6.32.41/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 |
79 |
-+++ linux-2.6.32.41/grsecurity/Makefile 2011-04-17 15:56:46.000000000 -0400 |
80 |
-@@ -0,0 +1,29 @@ |
81 |
++++ linux-2.6.32.41/grsecurity/Makefile 2011-05-24 20:27:46.000000000 -0400 |
82 |
+@@ -0,0 +1,33 @@ |
83 |
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton |
84 |
+# during 2001-2009 it has been completely redesigned by Brad Spengler |
85 |
+# into an RBAC system |
86 |
@@ -53242,11 +53247,15 @@ diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefi |
87 |
+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ |
88 |
+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o |
89 |
+ |
90 |
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \ |
91 |
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ |
92 |
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ |
93 |
+ gracl_learn.o grsec_log.o |
94 |
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o |
95 |
+ |
96 |
++ifdef CONFIG_NET |
97 |
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o |
98 |
++endif |
99 |
++ |
100 |
+ifndef CONFIG_GRKERNSEC |
101 |
+obj-y += grsec_disabled.o |
102 |
+endif |
103 |
|
104 |
diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4423_grsec-remove-protected-paths.patch |
105 |
index 9c0fd88..1dd1ffb 100644 |
106 |
--- a/2.6.32/4423_grsec-remove-protected-paths.patch |
107 |
+++ b/2.6.32/4423_grsec-remove-protected-paths.patch |
108 |
@@ -5,7 +5,7 @@ paths in the filesystem. |
109 |
|
110 |
--- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400 |
111 |
+++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400 |
112 |
-@@ -22,8 +22,8 @@ |
113 |
+@@ -26,8 +26,8 @@ |
114 |
ifdef CONFIG_GRKERNSEC_HIDESYM |
115 |
extra-y := grsec_hidesym.o |
116 |
$(obj)/grsec_hidesym.o: |
117 |
|
118 |
diff --git a/2.6.39/0000_README b/2.6.39/0000_README |
119 |
index f2ae898..a870632 100644 |
120 |
--- a/2.6.39/0000_README |
121 |
+++ b/2.6.39/0000_README |
122 |
@@ -3,7 +3,7 @@ README |
123 |
|
124 |
Individual Patch Descriptions: |
125 |
----------------------------------------------------------------------------- |
126 |
-Patch: 4420_grsecurity-2.2.2-2.6.39-201105231910.patch |
127 |
+Patch: 4420_grsecurity-2.2.2-2.6.39-201105251736.patch |
128 |
From: http://www.grsecurity.net |
129 |
Desc: hardened-sources base patch from upstream grsecurity |
130 |
|
131 |
|
132 |
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch |
133 |
similarity index 99% |
134 |
rename from 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch |
135 |
rename to 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch |
136 |
index 14de0ab..5d901de 100644 |
137 |
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch |
138 |
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch |
139 |
@@ -12819,7 +12819,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets_64.c linux-2.6.39/arch/x86/k |
140 |
|
141 |
diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kernel/asm-offsets.c |
142 |
--- linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-19 00:06:34.000000000 -0400 |
143 |
-+++ linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-22 19:36:30.000000000 -0400 |
144 |
++++ linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-25 17:35:48.000000000 -0400 |
145 |
@@ -33,6 +33,8 @@ void common(void) { |
146 |
OFFSET(TI_status, thread_info, status); |
147 |
OFFSET(TI_addr_limit, thread_info, addr_limit); |
148 |
@@ -12829,7 +12829,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kern |
149 |
|
150 |
BLANK(); |
151 |
OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx); |
152 |
-@@ -53,8 +55,24 @@ void common(void) { |
153 |
+@@ -53,8 +55,26 @@ void common(void) { |
154 |
OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); |
155 |
OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); |
156 |
OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); |
157 |
@@ -12841,7 +12841,9 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kern |
158 |
+#ifdef CONFIG_PAX_MEMORY_UDEREF |
159 |
+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3); |
160 |
+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3); |
161 |
++#ifdef CONFIG_X86_64 |
162 |
+ OFFSET(PV_MMU_set_pgd, pv_mmu_ops, set_pgd); |
163 |
++#endif |
164 |
#endif |
165 |
|
166 |
+#endif |
167 |
@@ -39667,13 +39669,13 @@ diff -urNp linux-2.6.39/drivers/staging/hv/vmbus_private.h linux-2.6.39/drivers/ |
168 |
* Represents channel interrupts. Each bit position represents a |
169 |
diff -urNp linux-2.6.39/drivers/staging/iio/ring_generic.h linux-2.6.39/drivers/staging/iio/ring_generic.h |
170 |
--- linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-19 00:06:34.000000000 -0400 |
171 |
-+++ linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-22 19:36:32.000000000 -0400 |
172 |
++++ linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-25 16:55:27.000000000 -0400 |
173 |
@@ -134,7 +134,7 @@ struct iio_ring_buffer { |
174 |
struct iio_handler access_handler; |
175 |
struct iio_event_interface ev_int; |
176 |
struct iio_shared_ev_pointer shared_ev_pointer; |
177 |
- struct iio_ring_access_funcs access; |
178 |
-+ const struct iio_ring_access_funcs access; |
179 |
++ struct iio_ring_access_funcs access; |
180 |
int (*preenable)(struct iio_dev *); |
181 |
int (*postenable)(struct iio_dev *); |
182 |
int (*predisable)(struct iio_dev *); |
183 |
@@ -51272,8 +51274,8 @@ diff -urNp linux-2.6.39/grsecurity/gracl_alloc.c linux-2.6.39/grsecurity/gracl_a |
184 |
+} |
185 |
diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c |
186 |
--- linux-2.6.39/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 |
187 |
-+++ linux-2.6.39/grsecurity/gracl.c 2011-05-22 22:47:25.000000000 -0400 |
188 |
-@@ -0,0 +1,4097 @@ |
189 |
++++ linux-2.6.39/grsecurity/gracl.c 2011-05-24 20:27:30.000000000 -0400 |
190 |
+@@ -0,0 +1,4103 @@ |
191 |
+#include <linux/kernel.h> |
192 |
+#include <linux/module.h> |
193 |
+#include <linux/sched.h> |
194 |
@@ -51348,7 +51350,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c |
195 |
+static unsigned int gr_auth_attempts = 0; |
196 |
+static unsigned long gr_auth_expires = 0UL; |
197 |
+ |
198 |
++#ifdef CONFIG_NET |
199 |
+extern struct vfsmount *sock_mnt; |
200 |
++#endif |
201 |
++ |
202 |
+extern struct vfsmount *pipe_mnt; |
203 |
+extern struct vfsmount *shm_mnt; |
204 |
+#ifdef CONFIG_HUGETLBFS |
205 |
@@ -53102,7 +53107,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c |
206 |
+ write_seqlock(&rename_lock); |
207 |
+ br_read_lock(vfsmount_lock); |
208 |
+ |
209 |
-+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt || |
210 |
++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || |
211 |
++#ifdef CONFIG_NET |
212 |
++ mnt == sock_mnt || |
213 |
++#endif |
214 |
+#ifdef CONFIG_HUGETLBFS |
215 |
+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) || |
216 |
+#endif |
217 |
@@ -60871,8 +60879,8 @@ diff -urNp linux-2.6.39/grsecurity/Kconfig linux-2.6.39/grsecurity/Kconfig |
218 |
+endmenu |
219 |
diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Makefile |
220 |
--- linux-2.6.39/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 |
221 |
-+++ linux-2.6.39/grsecurity/Makefile 2011-05-22 19:41:42.000000000 -0400 |
222 |
-@@ -0,0 +1,29 @@ |
223 |
++++ linux-2.6.39/grsecurity/Makefile 2011-05-24 20:26:54.000000000 -0400 |
224 |
+@@ -0,0 +1,33 @@ |
225 |
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton |
226 |
+# during 2001-2009 it has been completely redesigned by Brad Spengler |
227 |
+# into an RBAC system |
228 |
@@ -60885,11 +60893,15 @@ diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Makefile |
229 |
+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ |
230 |
+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o |
231 |
+ |
232 |
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \ |
233 |
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ |
234 |
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ |
235 |
+ gracl_learn.o grsec_log.o |
236 |
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o |
237 |
+ |
238 |
++ifdef CONFIG_NET |
239 |
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o |
240 |
++endif |
241 |
++ |
242 |
+ifndef CONFIG_GRKERNSEC |
243 |
+obj-y += grsec_disabled.o |
244 |
+endif |
245 |
|
246 |
diff --git a/2.6.39/4423_grsec-remove-protected-paths.patch b/2.6.39/4423_grsec-remove-protected-paths.patch |
247 |
index 9c0fd88..1dd1ffb 100644 |
248 |
--- a/2.6.39/4423_grsec-remove-protected-paths.patch |
249 |
+++ b/2.6.39/4423_grsec-remove-protected-paths.patch |
250 |
@@ -5,7 +5,7 @@ paths in the filesystem. |
251 |
|
252 |
--- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400 |
253 |
+++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400 |
254 |
-@@ -22,8 +22,8 @@ |
255 |
+@@ -26,8 +26,8 @@ |
256 |
ifdef CONFIG_GRKERNSEC_HIDESYM |
257 |
extra-y := grsec_hidesym.o |
258 |
$(obj)/grsec_hidesym.o: |