Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/
Date: Mon, 26 Sep 2011 20:04:28
Message-Id: e9e183a63e0e7ff5a02bf1d7feb68573b8c82276.blueness@gentoo
1 commit: e9e183a63e0e7ff5a02bf1d7feb68573b8c82276
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Mon Sep 26 20:03:27 2011 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Mon Sep 26 20:03:27 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e9e183a6
7
8 Grsec/PaX: 2.2.2-2.6.32.46-201109261052 + 2.2.2-3.0.4-201109261052.patch
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.2.2-2.6.32.46-201109261052.patch} | 62 +++++++++++++++-----
13 3.0.4/0000_README | 2 +-
14 ...4420_grsecurity-2.2.2-3.0.4-201109261052.patch} | 62 +++++++++++++++-----
15 4 files changed, 98 insertions(+), 30 deletions(-)
16
17 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
18 index e3aa423..4cb87d7 100644
19 --- a/2.6.32/0000_README
20 +++ b/2.6.32/0000_README
21 @@ -3,7 +3,7 @@ README
22
23 Individual Patch Descriptions:
24 -----------------------------------------------------------------------------
25 -Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
26 +Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
27 From: http://www.grsecurity.net
28 Desc: hardened-sources base patch from upstream grsecurity
29
30
31 diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
32 similarity index 99%
33 rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
34 rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
35 index 0d9b6ae..bab9029 100644
36 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
37 +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
38 @@ -56495,8 +56495,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_link.c linux-2.6.32.46/grsecurity/gr
39 +}
40 diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grsec_log.c
41 --- linux-2.6.32.46/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
42 -+++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-14 23:16:01.000000000 -0400
43 -@@ -0,0 +1,313 @@
44 ++++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-26 10:44:49.000000000 -0400
45 +@@ -0,0 +1,315 @@
46 +#include <linux/kernel.h>
47 +#include <linux/sched.h>
48 +#include <linux/file.h>
49 @@ -56549,6 +56549,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
50 + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
51 + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
52 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
53 ++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
54 + unsigned long curr_secs = get_seconds();
55 +
56 + if (audit == GR_DO_AUDIT)
57 @@ -56557,18 +56558,19 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
58 + if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
59 + grsec_alert_wtime = curr_secs;
60 + grsec_alert_fyet = 0;
61 -+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
62 -+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
63 -+ grsec_alert_fyet++;
64 -+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
65 -+ grsec_alert_wtime = curr_secs;
66 -+ grsec_alert_fyet++;
67 -+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
68 -+ return FLOODING;
69 -+ }
70 -+ } else return FLOODING;
71 ++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
72 ++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
73 ++ grsec_alert_fyet++;
74 ++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
75 ++ grsec_alert_wtime = curr_secs;
76 ++ grsec_alert_fyet++;
77 ++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
78 ++ return FLOODING;
79 ++ }
80 ++ else return FLOODING;
81 +
82 +set_fmt:
83 ++#endif
84 + memset(buf, 0, PAGE_SIZE);
85 + if (current->signal->curr_ip && gr_acl_is_enabled()) {
86 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
87 @@ -73053,7 +73055,7 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c
88
89 diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
90 --- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400
91 -+++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400
92 ++++ linux-2.6.32.46/mm/slub.c 2011-09-25 22:23:01.000000000 -0400
93 @@ -201,7 +201,7 @@ struct track {
94
95 enum track_item { TRACK_ALLOC, TRACK_FREE };
96 @@ -73258,7 +73260,39 @@ diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
97 .filter = uevent_filter,
98 };
99
100 -@@ -4785,7 +4824,13 @@ static const struct file_operations proc
101 +@@ -4564,6 +4603,7 @@ static char *create_unique_id(struct kme
102 + return name;
103 + }
104 +
105 ++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
106 + static int sysfs_slab_add(struct kmem_cache *s)
107 + {
108 + int err;
109 +@@ -4619,6 +4659,7 @@ static void sysfs_slab_remove(struct kme
110 + kobject_del(&s->kobj);
111 + kobject_put(&s->kobj);
112 + }
113 ++#endif
114 +
115 + /*
116 + * Need to buffer aliases during bootup until sysfs becomes
117 +@@ -4632,6 +4673,7 @@ struct saved_alias {
118 +
119 + static struct saved_alias *alias_list;
120 +
121 ++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
122 + static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
123 + {
124 + struct saved_alias *al;
125 +@@ -4654,6 +4696,7 @@ static int sysfs_slab_alias(struct kmem_
126 + alias_list = al;
127 + return 0;
128 + }
129 ++#endif
130 +
131 + static int __init slab_sysfs_init(void)
132 + {
133 +@@ -4785,7 +4828,13 @@ static const struct file_operations proc
134
135 static int __init slab_proc_init(void)
136 {
137
138 diff --git a/3.0.4/0000_README b/3.0.4/0000_README
139 index 6cdadcb..5afed8c 100644
140 --- a/3.0.4/0000_README
141 +++ b/3.0.4/0000_README
142 @@ -3,7 +3,7 @@ README
143
144 Individual Patch Descriptions:
145 -----------------------------------------------------------------------------
146 -Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch
147 +Patch: 4420_grsecurity-2.2.2-3.0.4-201109261052.patch
148 From: http://www.grsecurity.net
149 Desc: hardened-sources base patch from upstream grsecurity
150
151
152 diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
153 similarity index 99%
154 rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
155 rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
156 index 5e86d2b..cce98cf 100644
157 --- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
158 +++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
159 @@ -51655,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link
160 +}
161 diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
162 --- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
163 -+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400
164 -@@ -0,0 +1,313 @@
165 ++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-26 10:46:21.000000000 -0400
166 +@@ -0,0 +1,315 @@
167 +#include <linux/kernel.h>
168 +#include <linux/sched.h>
169 +#include <linux/file.h>
170 @@ -51709,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
171 + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
172 + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
173 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
174 ++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
175 + unsigned long curr_secs = get_seconds();
176 +
177 + if (audit == GR_DO_AUDIT)
178 @@ -51717,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
179 + if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
180 + grsec_alert_wtime = curr_secs;
181 + grsec_alert_fyet = 0;
182 -+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
183 -+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
184 -+ grsec_alert_fyet++;
185 -+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
186 -+ grsec_alert_wtime = curr_secs;
187 -+ grsec_alert_fyet++;
188 -+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
189 -+ return FLOODING;
190 -+ }
191 -+ } else return FLOODING;
192 ++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
193 ++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
194 ++ grsec_alert_fyet++;
195 ++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
196 ++ grsec_alert_wtime = curr_secs;
197 ++ grsec_alert_fyet++;
198 ++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
199 ++ return FLOODING;
200 ++ }
201 ++ else return FLOODING;
202 +
203 +set_fmt:
204 ++#endif
205 + memset(buf, 0, PAGE_SIZE);
206 + if (current->signal->curr_ip && gr_acl_is_enabled()) {
207 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
208 @@ -67506,7 +67508,7 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
209
210 diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
211 --- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
212 -+++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400
213 ++++ linux-3.0.4/mm/slub.c 2011-09-25 22:15:40.000000000 -0400
214 @@ -200,7 +200,7 @@ struct track {
215
216 enum track_item { TRACK_ALLOC, TRACK_FREE };
217 @@ -67699,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
218 }
219 SLAB_ATTR_RO(aliases);
220
221 -@@ -4894,7 +4935,13 @@ static const struct file_operations proc
222 +@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme
223 + return name;
224 + }
225 +
226 ++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
227 + static int sysfs_slab_add(struct kmem_cache *s)
228 + {
229 + int err;
230 +@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme
231 + kobject_del(&s->kobj);
232 + kobject_put(&s->kobj);
233 + }
234 ++#endif
235 +
236 + /*
237 + * Need to buffer aliases during bootup until sysfs becomes
238 +@@ -4737,6 +4780,7 @@ struct saved_alias {
239 +
240 + static struct saved_alias *alias_list;
241 +
242 ++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
243 + static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
244 + {
245 + struct saved_alias *al;
246 +@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_
247 + alias_list = al;
248 + return 0;
249 + }
250 ++#endif
251 +
252 + static int __init slab_sysfs_init(void)
253 + {
254 +@@ -4894,7 +4939,13 @@ static const struct file_operations proc
255
256 static int __init slab_proc_init(void)
257 {
Report Message
Find on MARC Find on Google Groups