Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.28/, 2.6.32/, 3.5.3/
Date: Sat, 01 Sep 2012 00:04:11
Message-Id: 1346457790.781f9e515903c8925cb467479acd24fe4df4ed14.blueness@gentoo
1 commit: 781f9e515903c8925cb467479acd24fe4df4ed14
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Sep 1 00:03:10 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Sep 1 00:03:10 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=781f9e51
7
8 Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.3}-201208302015
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.59-201208302014.patch} | 75 +++++++++++++++-----
13 3.2.28/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.28-201208302014.patch} | 26 +++++++-
15 3.5.3/0000_README | 2 +-
16 ...4420_grsecurity-2.9.1-3.5.3-201208302015.patch} | 26 +++++++-
17 6 files changed, 110 insertions(+), 23 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 16680e5..c0cf34a 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
24 From: http://www.kernel.org
25 Desc: Linux 2.6.32.59
26
27 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
28 +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
36 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch
37 index 63a8206..7327d9d 100644
38 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
39 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch
40 @@ -66499,7 +66499,7 @@ index b4ea829..e63ef18 100644
41 }
42
43 diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
44 -index 136a0d6..a287331 100644
45 +index 136a0d6..cdff021 100644
46 --- a/fs/autofs4/waitq.c
47 +++ b/fs/autofs4/waitq.c
48 @@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes)
49 @@ -66511,6 +66511,30 @@ index 136a0d6..a287331 100644
50 ssize_t wr = 0;
51
52 /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/
53 +@@ -326,6 +326,10 @@ static int validate_request(struct autofs_wait_queue **wait,
54 + return 1;
55 + }
56 +
57 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
58 ++static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0);
59 ++#endif
60 ++
61 + int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
62 + enum autofs_notify notify)
63 + {
64 +@@ -359,7 +363,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
65 +
66 + /* If this is a direct mount request create a dummy name */
67 + if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
68 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
69 ++ /* this name does get written to userland via autofs4_write() */
70 ++ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id));
71 ++#else
72 + qstr.len = sprintf(name, "%p", dentry);
73 ++#endif
74 + else {
75 + qstr.len = autofs4_getpath(sbi, dentry, &name);
76 + if (!qstr.len) {
77 diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
78 index 9158c07..3f06659 100644
79 --- a/fs/befs/linuxvfs.c
80 @@ -91544,18 +91568,6 @@ index 0000000..3891139
81 +int do_syslog(int type, char __user *buf, int count, bool from_file);
82 +
83 +#endif /* _LINUX_SYSLOG_H */
84 -diff --git a/include/linux/tfrc.h b/include/linux/tfrc.h
85 -index 8a8462b..097fe78 100644
86 ---- a/include/linux/tfrc.h
87 -+++ b/include/linux/tfrc.h
88 -@@ -50,6 +50,7 @@ struct tfrc_tx_info {
89 - __u32 tfrctx_p;
90 - __u32 tfrctx_rto;
91 - __u32 tfrctx_ipi;
92 -+ __u32 padding;
93 - };
94 -
95 - #endif /* _LINUX_TFRC_H_ */
96 diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
97 index a8cc4e1..98d3b85 100644
98 --- a/include/linux/thread_info.h
99 @@ -103836,14 +103848,41 @@ index facedd2..ab260b0 100644
100 optval, optlen);
101 return rc;
102 diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
103 -index 34dcc79..ca75875 100644
104 +index 34dcc79..f51ed45 100644
105 --- a/net/dccp/ccids/ccid3.c
106 +++ b/net/dccp/ccids/ccid3.c
107 -@@ -618,6 +618,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len,
108 +@@ -604,20 +604,29 @@ static void ccid3_hc_tx_get_info(struct sock *sk, struct tcp_info *info)
109 + static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len,
110 + u32 __user *optval, int __user *optlen)
111 + {
112 +- const struct ccid3_hc_tx_sock *hctx;
113 ++ const struct ccid3_hc_tx_sock *hc = ccid3_hc_tx_sk(sk);
114 ++ struct tfrc_tx_info tfrc;
115 + const void *val;
116 +
117 + /* Listen socks doesn't have a private CCID block */
118 + if (sk->sk_state == DCCP_LISTEN)
119 + return -EINVAL;
120 +
121 +- hctx = ccid3_hc_tx_sk(sk);
122 + switch (optname) {
123 + case DCCP_SOCKOPT_CCID_TX_INFO:
124 +- if (len < sizeof(hctx->ccid3hctx_tfrc))
125 ++ if (len < sizeof(tfrc))
126 return -EINVAL;
127 - len = sizeof(hctx->ccid3hctx_tfrc);
128 - val = &hctx->ccid3hctx_tfrc;
129 -+ hctx->ccid3hctx_tfrc.padding = 0;
130 +- len = sizeof(hctx->ccid3hctx_tfrc);
131 +- val = &hctx->ccid3hctx_tfrc;
132 ++
133 ++ memset(&tfrc, 0, sizeof(tfrc));
134 ++ tfrc.tfrctx_x = hc->ccid3hctx_x;
135 ++ tfrc.tfrctx_x_recv = hc->ccid3hctx_x_recv;
136 ++ tfrc.tfrctx_x_calc = hc->ccid3hctx_x_calc;
137 ++ tfrc.tfrctx_rtt = hc->ccid3hctx_rtt;
138 ++ tfrc.tfrctx_p = hc->ccid3hctx_p;
139 ++ tfrc.tfrctx_rto = hc->ccid3hctx_t_rto;
140 ++ tfrc.tfrctx_ipi = hc->ccid3hctx_t_ipi;
141 ++ len = sizeof(tfrc);
142 ++ val = &tfrc;
143 break;
144 default:
145 return -ENOPROTOOPT;
146
147 diff --git a/3.2.28/0000_README b/3.2.28/0000_README
148 index 8e8f3c9..5fc9a2d 100644
149 --- a/3.2.28/0000_README
150 +++ b/3.2.28/0000_README
151 @@ -30,7 +30,7 @@ Patch: 1027_linux-3.2.28.patch
152 From: http://www.kernel.org
153 Desc: Linux 3.2.28
154
155 -Patch: 4420_grsecurity-2.9.1-3.2.28-201208271905.patch
156 +Patch: 4420_grsecurity-2.9.1-3.2.28-201208302014.patch
157 From: http://www.grsecurity.net
158 Desc: hardened-sources base patch from upstream grsecurity
159
160
161 diff --git a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch
162 similarity index 99%
163 rename from 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch
164 rename to 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch
165 index 11d1b8e..ece45f0 100644
166 --- a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch
167 +++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch
168 @@ -42649,7 +42649,7 @@ index b8f55c4..4c2b80c 100644
169 goto out_sig;
170 if (offset > inode->i_sb->s_maxbytes)
171 diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
172 -index e1fbdee..cd5ea56 100644
173 +index e1fbdee..87eb5fc 100644
174 --- a/fs/autofs4/waitq.c
175 +++ b/fs/autofs4/waitq.c
176 @@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes)
177 @@ -42661,6 +42661,30 @@ index e1fbdee..cd5ea56 100644
178 ssize_t wr = 0;
179
180 /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/
181 +@@ -338,6 +338,10 @@ static int validate_request(struct autofs_wait_queue **wait,
182 + return 1;
183 + }
184 +
185 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
186 ++static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0);
187 ++#endif
188 ++
189 + int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
190 + enum autofs_notify notify)
191 + {
192 +@@ -371,7 +375,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
193 +
194 + /* If this is a direct mount request create a dummy name */
195 + if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
196 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
197 ++ /* this name does get written to userland via autofs4_write() */
198 ++ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id));
199 ++#else
200 + qstr.len = sprintf(name, "%p", dentry);
201 ++#endif
202 + else {
203 + qstr.len = autofs4_getpath(sbi, dentry, &name);
204 + if (!qstr.len) {
205 diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
206 index 8342ca6..82fd192 100644
207 --- a/fs/befs/linuxvfs.c
208
209 diff --git a/3.5.3/0000_README b/3.5.3/0000_README
210 index 24c63b2..de2721a 100644
211 --- a/3.5.3/0000_README
212 +++ b/3.5.3/0000_README
213 @@ -2,7 +2,7 @@ README
214 -----------------------------------------------------------------------------
215 Individual Patch Descriptions:
216 -----------------------------------------------------------------------------
217 -Patch: 4420_grsecurity-2.9.1-3.5.3-201208271906.patch
218 +Patch: 4420_grsecurity-2.9.1-3.5.3-201208302015.patch
219 From: http://www.grsecurity.net
220 Desc: hardened-sources base patch from upstream grsecurity
221
222
223 diff --git a/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch b/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch
224 similarity index 99%
225 rename from 3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch
226 rename to 3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch
227 index 9557d64..711cf9b 100644
228 --- a/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch
229 +++ b/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch
230 @@ -42299,7 +42299,7 @@ index 0da9095..1386693 100644
231 goto out_sig;
232 if (offset > inode->i_sb->s_maxbytes)
233 diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
234 -index da8876d..9f3e6d8 100644
235 +index da8876d..4456166 100644
236 --- a/fs/autofs4/waitq.c
237 +++ b/fs/autofs4/waitq.c
238 @@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
239 @@ -42311,6 +42311,30 @@ index da8876d..9f3e6d8 100644
240 ssize_t wr = 0;
241
242 sigpipe = sigismember(&current->pending.signal, SIGPIPE);
243 +@@ -348,6 +348,10 @@ static int validate_request(struct autofs_wait_queue **wait,
244 + return 1;
245 + }
246 +
247 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
248 ++static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0);
249 ++#endif
250 ++
251 + int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
252 + enum autofs_notify notify)
253 + {
254 +@@ -381,7 +385,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
255 +
256 + /* If this is a direct mount request create a dummy name */
257 + if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
258 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
259 ++ /* this name does get written to userland via autofs4_write() */
260 ++ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id));
261 ++#else
262 + qstr.len = sprintf(name, "%p", dentry);
263 ++#endif
264 + else {
265 + qstr.len = autofs4_getpath(sbi, dentry, &name);
266 + if (!qstr.len) {
267 diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
268 index e18da23..affc30e 100644
269 --- a/fs/befs/linuxvfs.c
Report Message
Find on MARC Find on Google Groups