1 |
commit: e9e183a63e0e7ff5a02bf1d7feb68573b8c82276 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Sep 26 20:03:27 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Sep 26 20:03:27 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e9e183a6 |
7 |
|
8 |
Grsec/PaX: 2.2.2-2.6.32.46-201109261052 + 2.2.2-3.0.4-201109261052.patch |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 2 +- |
12 |
..._grsecurity-2.2.2-2.6.32.46-201109261052.patch} | 62 +++++++++++++++----- |
13 |
3.0.4/0000_README | 2 +- |
14 |
...4420_grsecurity-2.2.2-3.0.4-201109261052.patch} | 62 +++++++++++++++----- |
15 |
4 files changed, 98 insertions(+), 30 deletions(-) |
16 |
|
17 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
18 |
index e3aa423..4cb87d7 100644 |
19 |
--- a/2.6.32/0000_README |
20 |
+++ b/2.6.32/0000_README |
21 |
@@ -3,7 +3,7 @@ README |
22 |
|
23 |
Individual Patch Descriptions: |
24 |
----------------------------------------------------------------------------- |
25 |
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch |
26 |
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch |
27 |
From: http://www.grsecurity.net |
28 |
Desc: hardened-sources base patch from upstream grsecurity |
29 |
|
30 |
|
31 |
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch |
32 |
similarity index 99% |
33 |
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch |
34 |
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch |
35 |
index 0d9b6ae..bab9029 100644 |
36 |
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch |
37 |
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch |
38 |
@@ -56495,8 +56495,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_link.c linux-2.6.32.46/grsecurity/gr |
39 |
+} |
40 |
diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grsec_log.c |
41 |
--- linux-2.6.32.46/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 |
42 |
-+++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-14 23:16:01.000000000 -0400 |
43 |
-@@ -0,0 +1,313 @@ |
44 |
++++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-26 10:44:49.000000000 -0400 |
45 |
+@@ -0,0 +1,315 @@ |
46 |
+#include <linux/kernel.h> |
47 |
+#include <linux/sched.h> |
48 |
+#include <linux/file.h> |
49 |
@@ -56549,6 +56549,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs |
50 |
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; |
51 |
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; |
52 |
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; |
53 |
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0) |
54 |
+ unsigned long curr_secs = get_seconds(); |
55 |
+ |
56 |
+ if (audit == GR_DO_AUDIT) |
57 |
@@ -56557,18 +56558,19 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs |
58 |
+ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { |
59 |
+ grsec_alert_wtime = curr_secs; |
60 |
+ grsec_alert_fyet = 0; |
61 |
-+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { |
62 |
-+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) { |
63 |
-+ grsec_alert_fyet++; |
64 |
-+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { |
65 |
-+ grsec_alert_wtime = curr_secs; |
66 |
-+ grsec_alert_fyet++; |
67 |
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); |
68 |
-+ return FLOODING; |
69 |
-+ } |
70 |
-+ } else return FLOODING; |
71 |
++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME) |
72 |
++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { |
73 |
++ grsec_alert_fyet++; |
74 |
++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { |
75 |
++ grsec_alert_wtime = curr_secs; |
76 |
++ grsec_alert_fyet++; |
77 |
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); |
78 |
++ return FLOODING; |
79 |
++ } |
80 |
++ else return FLOODING; |
81 |
+ |
82 |
+set_fmt: |
83 |
++#endif |
84 |
+ memset(buf, 0, PAGE_SIZE); |
85 |
+ if (current->signal->curr_ip && gr_acl_is_enabled()) { |
86 |
+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) "); |
87 |
@@ -73053,7 +73055,7 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c |
88 |
|
89 |
diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c |
90 |
--- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400 |
91 |
-+++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400 |
92 |
++++ linux-2.6.32.46/mm/slub.c 2011-09-25 22:23:01.000000000 -0400 |
93 |
@@ -201,7 +201,7 @@ struct track { |
94 |
|
95 |
enum track_item { TRACK_ALLOC, TRACK_FREE }; |
96 |
@@ -73258,7 +73260,39 @@ diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c |
97 |
.filter = uevent_filter, |
98 |
}; |
99 |
|
100 |
-@@ -4785,7 +4824,13 @@ static const struct file_operations proc |
101 |
+@@ -4564,6 +4603,7 @@ static char *create_unique_id(struct kme |
102 |
+ return name; |
103 |
+ } |
104 |
+ |
105 |
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD) |
106 |
+ static int sysfs_slab_add(struct kmem_cache *s) |
107 |
+ { |
108 |
+ int err; |
109 |
+@@ -4619,6 +4659,7 @@ static void sysfs_slab_remove(struct kme |
110 |
+ kobject_del(&s->kobj); |
111 |
+ kobject_put(&s->kobj); |
112 |
+ } |
113 |
++#endif |
114 |
+ |
115 |
+ /* |
116 |
+ * Need to buffer aliases during bootup until sysfs becomes |
117 |
+@@ -4632,6 +4673,7 @@ struct saved_alias { |
118 |
+ |
119 |
+ static struct saved_alias *alias_list; |
120 |
+ |
121 |
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD) |
122 |
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) |
123 |
+ { |
124 |
+ struct saved_alias *al; |
125 |
+@@ -4654,6 +4696,7 @@ static int sysfs_slab_alias(struct kmem_ |
126 |
+ alias_list = al; |
127 |
+ return 0; |
128 |
+ } |
129 |
++#endif |
130 |
+ |
131 |
+ static int __init slab_sysfs_init(void) |
132 |
+ { |
133 |
+@@ -4785,7 +4828,13 @@ static const struct file_operations proc |
134 |
|
135 |
static int __init slab_proc_init(void) |
136 |
{ |
137 |
|
138 |
diff --git a/3.0.4/0000_README b/3.0.4/0000_README |
139 |
index 6cdadcb..5afed8c 100644 |
140 |
--- a/3.0.4/0000_README |
141 |
+++ b/3.0.4/0000_README |
142 |
@@ -3,7 +3,7 @@ README |
143 |
|
144 |
Individual Patch Descriptions: |
145 |
----------------------------------------------------------------------------- |
146 |
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch |
147 |
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109261052.patch |
148 |
From: http://www.grsecurity.net |
149 |
Desc: hardened-sources base patch from upstream grsecurity |
150 |
|
151 |
|
152 |
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch |
153 |
similarity index 99% |
154 |
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch |
155 |
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch |
156 |
index 5e86d2b..cce98cf 100644 |
157 |
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch |
158 |
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch |
159 |
@@ -51655,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link |
160 |
+} |
161 |
diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c |
162 |
--- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 |
163 |
-+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400 |
164 |
-@@ -0,0 +1,313 @@ |
165 |
++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-26 10:46:21.000000000 -0400 |
166 |
+@@ -0,0 +1,315 @@ |
167 |
+#include <linux/kernel.h> |
168 |
+#include <linux/sched.h> |
169 |
+#include <linux/file.h> |
170 |
@@ -51709,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c |
171 |
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; |
172 |
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; |
173 |
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; |
174 |
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0) |
175 |
+ unsigned long curr_secs = get_seconds(); |
176 |
+ |
177 |
+ if (audit == GR_DO_AUDIT) |
178 |
@@ -51717,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c |
179 |
+ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { |
180 |
+ grsec_alert_wtime = curr_secs; |
181 |
+ grsec_alert_fyet = 0; |
182 |
-+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { |
183 |
-+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) { |
184 |
-+ grsec_alert_fyet++; |
185 |
-+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { |
186 |
-+ grsec_alert_wtime = curr_secs; |
187 |
-+ grsec_alert_fyet++; |
188 |
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); |
189 |
-+ return FLOODING; |
190 |
-+ } |
191 |
-+ } else return FLOODING; |
192 |
++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME) |
193 |
++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { |
194 |
++ grsec_alert_fyet++; |
195 |
++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { |
196 |
++ grsec_alert_wtime = curr_secs; |
197 |
++ grsec_alert_fyet++; |
198 |
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); |
199 |
++ return FLOODING; |
200 |
++ } |
201 |
++ else return FLOODING; |
202 |
+ |
203 |
+set_fmt: |
204 |
++#endif |
205 |
+ memset(buf, 0, PAGE_SIZE); |
206 |
+ if (current->signal->curr_ip && gr_acl_is_enabled()) { |
207 |
+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) "); |
208 |
@@ -67506,7 +67508,7 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c |
209 |
|
210 |
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c |
211 |
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400 |
212 |
-+++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400 |
213 |
++++ linux-3.0.4/mm/slub.c 2011-09-25 22:15:40.000000000 -0400 |
214 |
@@ -200,7 +200,7 @@ struct track { |
215 |
|
216 |
enum track_item { TRACK_ALLOC, TRACK_FREE }; |
217 |
@@ -67699,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c |
218 |
} |
219 |
SLAB_ATTR_RO(aliases); |
220 |
|
221 |
-@@ -4894,7 +4935,13 @@ static const struct file_operations proc |
222 |
+@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme |
223 |
+ return name; |
224 |
+ } |
225 |
+ |
226 |
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD) |
227 |
+ static int sysfs_slab_add(struct kmem_cache *s) |
228 |
+ { |
229 |
+ int err; |
230 |
+@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme |
231 |
+ kobject_del(&s->kobj); |
232 |
+ kobject_put(&s->kobj); |
233 |
+ } |
234 |
++#endif |
235 |
+ |
236 |
+ /* |
237 |
+ * Need to buffer aliases during bootup until sysfs becomes |
238 |
+@@ -4737,6 +4780,7 @@ struct saved_alias { |
239 |
+ |
240 |
+ static struct saved_alias *alias_list; |
241 |
+ |
242 |
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD) |
243 |
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) |
244 |
+ { |
245 |
+ struct saved_alias *al; |
246 |
+@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_ |
247 |
+ alias_list = al; |
248 |
+ return 0; |
249 |
+ } |
250 |
++#endif |
251 |
+ |
252 |
+ static int __init slab_sysfs_init(void) |
253 |
+ { |
254 |
+@@ -4894,7 +4939,13 @@ static const struct file_operations proc |
255 |
|
256 |
static int __init slab_proc_init(void) |
257 |
{ |