Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.4.6/, 3.2.24/, 2.6.32/
Date: Wed, 01 Aug 2012 23:42:16
Message-Id: 1343864502.514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.blueness@gentoo
1 commit: 514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Aug 1 23:41:42 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Aug 1 23:41:42 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=514be5c5
7
8 Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201208011848
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.59-201208011848.patch} | 27 ++++++++++++++++++++
13 3.2.24/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.24-201208011849.patch} | 27 ++++++++++++++++++++
15 3.4.6/0000_README | 2 +-
16 ...4420_grsecurity-2.9.1-3.4.7-201208011850.patch} | 27 ++++++++++++++++++++
17 6 files changed, 84 insertions(+), 3 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 3010d85..ae80b1d 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
24 From: http://www.kernel.org
25 Desc: Linux 2.6.32.59
26
27 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch
28 +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch
36 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch
37 index a17194d..4d11792 100644
38 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch
39 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch
40 @@ -105356,6 +105356,33 @@ index 30b3189..e2e4b55 100644
41 goto out;
42 }
43
44 +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
45 +index 8df3477..797ae6d 100644
46 +--- a/net/netfilter/nf_conntrack_core.c
47 ++++ b/net/netfilter/nf_conntrack_core.c
48 +@@ -1298,6 +1298,10 @@ err_proto:
49 + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0)
50 + #define DYING_NULLS_VAL ((1<<30)+1)
51 +
52 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
53 ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0);
54 ++#endif
55 ++
56 + static int nf_conntrack_init_net(struct net *net)
57 + {
58 + int ret;
59 +@@ -1311,7 +1315,11 @@ static int nf_conntrack_init_net(struct net *net)
60 + goto err_stat;
61 + }
62 +
63 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
64 ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id));
65 ++#else
66 + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
67 ++#endif
68 + if (!net->ct.slabname) {
69 + ret = -ENOMEM;
70 + goto err_slabname;
71 diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
72 index d521718..d0fd7a1 100644
73 --- a/net/netfilter/nf_conntrack_netlink.c
74
75 diff --git a/3.2.24/0000_README b/3.2.24/0000_README
76 index e45dbd8..5b9308c 100644
77 --- a/3.2.24/0000_README
78 +++ b/3.2.24/0000_README
79 @@ -14,7 +14,7 @@ Patch: 1023_linux-3.2.24.patch
80 From: http://www.kernel.org
81 Desc: Linux 3.2.24
82
83 -Patch: 4420_grsecurity-2.9.1-3.2.24-201207311909.patch
84 +Patch: 4420_grsecurity-2.9.1-3.2.24-201208011849.patch
85 From: http://www.grsecurity.net
86 Desc: hardened-sources base patch from upstream grsecurity
87
88
89 diff --git a/3.2.24/4420_grsecurity-2.9.1-3.2.24-201207311909.patch b/3.2.24/4420_grsecurity-2.9.1-3.2.24-201208011849.patch
90 similarity index 99%
91 rename from 3.2.24/4420_grsecurity-2.9.1-3.2.24-201207311909.patch
92 rename to 3.2.24/4420_grsecurity-2.9.1-3.2.24-201208011849.patch
93 index 4c10305..c4edc06 100644
94 --- a/3.2.24/4420_grsecurity-2.9.1-3.2.24-201207311909.patch
95 +++ b/3.2.24/4420_grsecurity-2.9.1-3.2.24-201208011849.patch
96 @@ -78633,6 +78633,33 @@ index aa2d720..d8aa111 100644
97 goto out;
98 }
99
100 +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
101 +index 1d15193..1062656 100644
102 +--- a/net/netfilter/nf_conntrack_core.c
103 ++++ b/net/netfilter/nf_conntrack_core.c
104 +@@ -1485,6 +1485,10 @@ err_proto:
105 + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0)
106 + #define DYING_NULLS_VAL ((1<<30)+1)
107 +
108 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
109 ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0);
110 ++#endif
111 ++
112 + static int nf_conntrack_init_net(struct net *net)
113 + {
114 + int ret;
115 +@@ -1498,7 +1502,11 @@ static int nf_conntrack_init_net(struct net *net)
116 + goto err_stat;
117 + }
118 +
119 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
120 ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id));
121 ++#else
122 + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
123 ++#endif
124 + if (!net->ct.slabname) {
125 + ret = -ENOMEM;
126 + goto err_slabname;
127 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
128 index 66b2c54..c7884e3 100644
129 --- a/net/netfilter/nfnetlink_log.c
130
131 diff --git a/3.4.6/0000_README b/3.4.6/0000_README
132 index 14b45fc..2236f0c 100644
133 --- a/3.4.6/0000_README
134 +++ b/3.4.6/0000_README
135 @@ -6,7 +6,7 @@ Patch: 1005_linux-3.4.6.patch
136 From: http://www.kernel.org
137 Desc: Linux 3.4.6
138
139 -Patch: 4420_grsecurity-2.9.1-3.4.7-201207311909.patch
140 +Patch: 4420_grsecurity-2.9.1-3.4.7-201208011850.patch
141 From: http://www.grsecurity.net
142 Desc: hardened-sources base patch from upstream grsecurity
143
144
145 diff --git a/3.4.6/4420_grsecurity-2.9.1-3.4.7-201207311909.patch b/3.4.6/4420_grsecurity-2.9.1-3.4.7-201208011850.patch
146 similarity index 99%
147 rename from 3.4.6/4420_grsecurity-2.9.1-3.4.7-201207311909.patch
148 rename to 3.4.6/4420_grsecurity-2.9.1-3.4.7-201208011850.patch
149 index 9da1ccd..23880cf 100644
150 --- a/3.4.6/4420_grsecurity-2.9.1-3.4.7-201207311909.patch
151 +++ b/3.4.6/4420_grsecurity-2.9.1-3.4.7-201208011850.patch
152 @@ -76824,6 +76824,33 @@ index 7fd66de..e6fb361 100644
153 goto out;
154 }
155
156 +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
157 +index 729f157..08edc6c 100644
158 +--- a/net/netfilter/nf_conntrack_core.c
159 ++++ b/net/netfilter/nf_conntrack_core.c
160 +@@ -1538,6 +1538,10 @@ err_proto:
161 + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0)
162 + #define DYING_NULLS_VAL ((1<<30)+1)
163 +
164 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
165 ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0);
166 ++#endif
167 ++
168 + static int nf_conntrack_init_net(struct net *net)
169 + {
170 + int ret;
171 +@@ -1551,7 +1555,11 @@ static int nf_conntrack_init_net(struct net *net)
172 + goto err_stat;
173 + }
174 +
175 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
176 ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id));
177 ++#else
178 + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
179 ++#endif
180 + if (!net->ct.slabname) {
181 + ret = -ENOMEM;
182 + goto err_slabname;
183 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
184 index 66b2c54..c7884e3 100644
185 --- a/net/netfilter/nfnetlink_log.c
Report Message
Find on MARC Find on Google Groups