From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.39/, 2.6.32/
Date: Thu, 26 May 2011 10:39:07 +0000 (UTC) [thread overview]
Message-ID: <dc5364db188b719cc9bb059838f0a9740a0a4561.blueness@gentoo> (raw)
commit: dc5364db188b719cc9bb059838f0a9740a0a4561
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu May 26 10:38:20 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu May 26 10:38:20 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=dc5364db
Update Grsec/PaX
2.2.2-2.6.32.41-201105251736
2.2.2-2.6.39-201105251736
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.41-201105251736.patch} | 21 +++++++++----
2.6.32/4423_grsec-remove-protected-paths.patch | 2 +-
2.6.39/0000_README | 2 +-
...420_grsecurity-2.2.2-2.6.39-201105251736.patch} | 32 +++++++++++++------
2.6.39/4423_grsec-remove-protected-paths.patch | 2 +-
6 files changed, 41 insertions(+), 20 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 59912da..cd33071 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
index 8de9a60..d39c729 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
@@ -43548,8 +43548,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl_alloc.c linux-2.6.32.41/grsecurity/g
+}
diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c
--- linux-2.6.32.41/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-17 17:29:53.000000000 -0400
-@@ -0,0 +1,4074 @@
++++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-24 20:26:07.000000000 -0400
+@@ -0,0 +1,4079 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -43625,7 +43625,9 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c
+static unsigned int gr_auth_attempts = 0;
+static unsigned long gr_auth_expires = 0UL;
+
++#ifdef CONFIG_NET
+extern struct vfsmount *sock_mnt;
++#endif
+extern struct vfsmount *pipe_mnt;
+extern struct vfsmount *shm_mnt;
+#ifdef CONFIG_HUGETLBFS
@@ -45366,7 +45368,10 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c
+ spin_lock(&dcache_lock);
+ spin_lock(&vfsmount_lock);
+
-+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt ||
++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
++#ifdef CONFIG_NET
++ mnt == sock_mnt ||
++#endif
+#ifdef CONFIG_HUGETLBFS
+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
+#endif
@@ -53228,8 +53233,8 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig
+endmenu
diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefile
--- linux-2.6.32.41/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.41/grsecurity/Makefile 2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,29 @@
++++ linux-2.6.32.41/grsecurity/Makefile 2011-05-24 20:27:46.000000000 -0400
+@@ -0,0 +1,33 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -53242,11 +53247,15 @@ diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefi
+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
+
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
+ gracl_learn.o grsec_log.o
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
+
++ifdef CONFIG_NET
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
++endif
++
+ifndef CONFIG_GRKERNSEC
+obj-y += grsec_disabled.o
+endif
diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4423_grsec-remove-protected-paths.patch
index 9c0fd88..1dd1ffb 100644
--- a/2.6.32/4423_grsec-remove-protected-paths.patch
+++ b/2.6.32/4423_grsec-remove-protected-paths.patch
@@ -5,7 +5,7 @@ paths in the filesystem.
--- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400
+++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400
-@@ -22,8 +22,8 @@
+@@ -26,8 +26,8 @@
ifdef CONFIG_GRKERNSEC_HIDESYM
extra-y := grsec_hidesym.o
$(obj)/grsec_hidesym.o:
diff --git a/2.6.39/0000_README b/2.6.39/0000_README
index f2ae898..a870632 100644
--- a/2.6.39/0000_README
+++ b/2.6.39/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.39-201105231910.patch
+Patch: 4420_grsecurity-2.2.2-2.6.39-201105251736.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch
similarity index 99%
rename from 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch
rename to 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch
index 14de0ab..5d901de 100644
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch
@@ -12819,7 +12819,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets_64.c linux-2.6.39/arch/x86/k
diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kernel/asm-offsets.c
--- linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-22 19:36:30.000000000 -0400
++++ linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-25 17:35:48.000000000 -0400
@@ -33,6 +33,8 @@ void common(void) {
OFFSET(TI_status, thread_info, status);
OFFSET(TI_addr_limit, thread_info, addr_limit);
@@ -12829,7 +12829,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kern
BLANK();
OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
-@@ -53,8 +55,24 @@ void common(void) {
+@@ -53,8 +55,26 @@ void common(void) {
OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
@@ -12841,7 +12841,9 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kern
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
++#ifdef CONFIG_X86_64
+ OFFSET(PV_MMU_set_pgd, pv_mmu_ops, set_pgd);
++#endif
#endif
+#endif
@@ -39667,13 +39669,13 @@ diff -urNp linux-2.6.39/drivers/staging/hv/vmbus_private.h linux-2.6.39/drivers/
* Represents channel interrupts. Each bit position represents a
diff -urNp linux-2.6.39/drivers/staging/iio/ring_generic.h linux-2.6.39/drivers/staging/iio/ring_generic.h
--- linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-22 19:36:32.000000000 -0400
++++ linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-25 16:55:27.000000000 -0400
@@ -134,7 +134,7 @@ struct iio_ring_buffer {
struct iio_handler access_handler;
struct iio_event_interface ev_int;
struct iio_shared_ev_pointer shared_ev_pointer;
- struct iio_ring_access_funcs access;
-+ const struct iio_ring_access_funcs access;
++ struct iio_ring_access_funcs access;
int (*preenable)(struct iio_dev *);
int (*postenable)(struct iio_dev *);
int (*predisable)(struct iio_dev *);
@@ -51272,8 +51274,8 @@ diff -urNp linux-2.6.39/grsecurity/gracl_alloc.c linux-2.6.39/grsecurity/gracl_a
+}
diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c
--- linux-2.6.39/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39/grsecurity/gracl.c 2011-05-22 22:47:25.000000000 -0400
-@@ -0,0 +1,4097 @@
++++ linux-2.6.39/grsecurity/gracl.c 2011-05-24 20:27:30.000000000 -0400
+@@ -0,0 +1,4103 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -51348,7 +51350,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c
+static unsigned int gr_auth_attempts = 0;
+static unsigned long gr_auth_expires = 0UL;
+
++#ifdef CONFIG_NET
+extern struct vfsmount *sock_mnt;
++#endif
++
+extern struct vfsmount *pipe_mnt;
+extern struct vfsmount *shm_mnt;
+#ifdef CONFIG_HUGETLBFS
@@ -53102,7 +53107,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c
+ write_seqlock(&rename_lock);
+ br_read_lock(vfsmount_lock);
+
-+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt ||
++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
++#ifdef CONFIG_NET
++ mnt == sock_mnt ||
++#endif
+#ifdef CONFIG_HUGETLBFS
+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
+#endif
@@ -60871,8 +60879,8 @@ diff -urNp linux-2.6.39/grsecurity/Kconfig linux-2.6.39/grsecurity/Kconfig
+endmenu
diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Makefile
--- linux-2.6.39/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39/grsecurity/Makefile 2011-05-22 19:41:42.000000000 -0400
-@@ -0,0 +1,29 @@
++++ linux-2.6.39/grsecurity/Makefile 2011-05-24 20:26:54.000000000 -0400
+@@ -0,0 +1,33 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -60885,11 +60893,15 @@ diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Makefile
+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
+
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
+ gracl_learn.o grsec_log.o
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
+
++ifdef CONFIG_NET
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
++endif
++
+ifndef CONFIG_GRKERNSEC
+obj-y += grsec_disabled.o
+endif
diff --git a/2.6.39/4423_grsec-remove-protected-paths.patch b/2.6.39/4423_grsec-remove-protected-paths.patch
index 9c0fd88..1dd1ffb 100644
--- a/2.6.39/4423_grsec-remove-protected-paths.patch
+++ b/2.6.39/4423_grsec-remove-protected-paths.patch
@@ -5,7 +5,7 @@ paths in the filesystem.
--- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400
+++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400
-@@ -22,8 +22,8 @@
+@@ -26,8 +26,8 @@
ifdef CONFIG_GRKERNSEC_HIDESYM
extra-y := grsec_hidesym.o
$(obj)/grsec_hidesym.o:
next reply other threads:[~2011-05-26 10:39 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-26 10:39 Anthony G. Basile [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-08-24 9:02 [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.39/, 2.6.32/ Anthony G. Basile
2011-08-20 18:41 Anthony G. Basile
2011-08-18 10:29 Anthony G. Basile
2011-08-18 2:13 Anthony G. Basile
2011-08-15 16:35 Anthony G. Basile
2011-08-09 14:33 Anthony G. Basile
2011-08-07 13:30 Anthony G. Basile
2011-08-06 23:51 Anthony G. Basile
2011-07-25 0:45 Anthony G. Basile
2011-07-25 0:42 Anthony G. Basile
2011-07-25 0:41 Anthony G. Basile
2011-07-25 0:39 Anthony G. Basile
2011-07-18 12:25 Anthony G. Basile
2011-07-12 21:26 Anthony G. Basile
2011-07-05 2:25 Anthony G. Basile
2011-06-29 14:38 Anthony G. Basile
2011-06-26 11:36 Anthony G. Basile
2011-06-24 9:28 Anthony G. Basile
2011-06-15 16:42 Anthony G. Basile
2011-06-09 18:03 Anthony G. Basile
2011-06-07 19:02 Anthony G. Basile
2011-06-06 5:40 Anthony G. Basile
2011-05-25 13:02 Anthony G. Basile
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc5364db188b719cc9bb059838f0a9740a0a4561.blueness@gentoo \
--to=blueness@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox