From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QPXyH-0001Fk-1y for garchives@archives.gentoo.org; Thu, 26 May 2011 10:39:17 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 685731C00B; Thu, 26 May 2011 10:39:09 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 13A481C00B for ; Thu, 26 May 2011 10:39:09 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 61E921B4004 for ; Thu, 26 May 2011 10:39:08 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id C15C18001B for ; Thu, 26 May 2011 10:39:07 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.39/, 2.6.32/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 2.6.32/0000_README 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch 2.6.32/4423_grsec-remove-protected-paths.patch 2.6.39/0000_README 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch 2.6.39/4423_grsec-remove-protected-paths.patch X-VCS-Directories: 2.6.39/ 2.6.32/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: dc5364db188b719cc9bb059838f0a9740a0a4561 Date: Thu, 26 May 2011 10:39:07 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 77d26605bef6b1120623a720fc504336 commit: dc5364db188b719cc9bb059838f0a9740a0a4561 Author: Anthony G. Basile gentoo org> AuthorDate: Thu May 26 10:38:20 2011 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Thu May 26 10:38:20 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-patc= hset.git;a=3Dcommit;h=3Ddc5364db Update Grsec/PaX 2.2.2-2.6.32.41-201105251736 2.2.2-2.6.39-201105251736 --- 2.6.32/0000_README | 2 +- ..._grsecurity-2.2.2-2.6.32.41-201105251736.patch} | 21 +++++++++---- 2.6.32/4423_grsec-remove-protected-paths.patch | 2 +- 2.6.39/0000_README | 2 +- ...420_grsecurity-2.2.2-2.6.39-201105251736.patch} | 32 +++++++++++++-= ----- 2.6.39/4423_grsec-remove-protected-paths.patch | 2 +- 6 files changed, 41 insertions(+), 20 deletions(-) diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 59912da..cd33071 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README =20 Individual Patch Descriptions: ------------------------------------------------------------------------= ----- -Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch b/= 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch similarity index 99% rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch index 8de9a60..d39c729 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch @@ -43548,8 +43548,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl_alloc= .c linux-2.6.32.41/grsecurity/g +} diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity= /gracl.c --- linux-2.6.32.41/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -05= 00 -+++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-17 17:29:53.000000000 -04= 00 -@@ -0,0 +1,4074 @@ ++++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-24 20:26:07.000000000 -04= 00 +@@ -0,0 +1,4079 @@ +#include +#include +#include @@ -43625,7 +43625,9 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c lin= ux-2.6.32.41/grsecurity/gracl.c +static unsigned int gr_auth_attempts =3D 0; +static unsigned long gr_auth_expires =3D 0UL; + ++#ifdef CONFIG_NET +extern struct vfsmount *sock_mnt; ++#endif +extern struct vfsmount *pipe_mnt; +extern struct vfsmount *shm_mnt; +#ifdef CONFIG_HUGETLBFS @@ -45366,7 +45368,10 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c li= nux-2.6.32.41/grsecurity/gracl.c + spin_lock(&dcache_lock); + spin_lock(&vfsmount_lock); + -+ if (unlikely((mnt =3D=3D shm_mnt && dentry->d_inode->i_nlink =3D=3D 0)= || mnt =3D=3D pipe_mnt || mnt =3D=3D sock_mnt || ++ if (unlikely((mnt =3D=3D shm_mnt && dentry->d_inode->i_nlink =3D=3D 0)= || mnt =3D=3D pipe_mnt ||=20 ++#ifdef CONFIG_NET ++ mnt =3D=3D sock_mnt || ++#endif +#ifdef CONFIG_HUGETLBFS + (mnt =3D=3D hugetlbfs_vfsmount && dentry->d_inode->i_nlink =3D=3D = 0) || +#endif @@ -53228,8 +53233,8 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig lin= ux-2.6.32.41/grsecurity/Kconfig +endmenu diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurit= y/Makefile --- linux-2.6.32.41/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0= 500 -+++ linux-2.6.32.41/grsecurity/Makefile 2011-04-17 15:56:46.000000000 -0= 400 -@@ -0,0 +1,29 @@ ++++ linux-2.6.32.41/grsecurity/Makefile 2011-05-24 20:27:46.000000000 -0= 400 +@@ -0,0 +1,33 @@ +# grsecurity's ACL system was originally written in 2001 by Michael Dal= ton +# during 2001-2009 it has been completely redesigned by Brad Spengler +# into an RBAC system @@ -53242,11 +53247,15 @@ diff -urNp linux-2.6.32.41/grsecurity/Makefile = linux-2.6.32.41/grsecurity/Makefi + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ + grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o + -+obj-$(CONFIG_GRKERNSEC) +=3D grsec_init.o grsum.o gracl.o gracl_ip.o gr= acl_segv.o \ ++obj-$(CONFIG_GRKERNSEC) +=3D grsec_init.o grsum.o gracl.o gracl_segv.o = \ + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ + gracl_learn.o grsec_log.o +obj-$(CONFIG_GRKERNSEC_RESLOG) +=3D gracl_res.o + ++ifdef CONFIG_NET ++obj-$(CONFIG_GRKERNSEC) +=3D gracl_ip.o ++endif ++ +ifndef CONFIG_GRKERNSEC +obj-y +=3D grsec_disabled.o +endif diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4423= _grsec-remove-protected-paths.patch index 9c0fd88..1dd1ffb 100644 --- a/2.6.32/4423_grsec-remove-protected-paths.patch +++ b/2.6.32/4423_grsec-remove-protected-paths.patch @@ -5,7 +5,7 @@ paths in the filesystem. =20 --- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400 +++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400 -@@ -22,8 +22,8 @@ +@@ -26,8 +26,8 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y :=3D grsec_hidesym.o $(obj)/grsec_hidesym.o: diff --git a/2.6.39/0000_README b/2.6.39/0000_README index f2ae898..a870632 100644 --- a/2.6.39/0000_README +++ b/2.6.39/0000_README @@ -3,7 +3,7 @@ README =20 Individual Patch Descriptions: ------------------------------------------------------------------------= ----- -Patch: 4420_grsecurity-2.2.2-2.6.39-201105231910.patch +Patch: 4420_grsecurity-2.2.2-2.6.39-201105251736.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch b/2.6= .39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch similarity index 99% rename from 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch rename to 2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch index 14de0ab..5d901de 100644 --- a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch +++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch @@ -12819,7 +12819,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offse= ts_64.c linux-2.6.39/arch/x86/k =20 diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/= x86/kernel/asm-offsets.c --- linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-19 00:06:34.00000= 0000 -0400 -+++ linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-22 19:36:30.00000= 0000 -0400 ++++ linux-2.6.39/arch/x86/kernel/asm-offsets.c 2011-05-25 17:35:48.00000= 0000 -0400 @@ -33,6 +33,8 @@ void common(void) { OFFSET(TI_status, thread_info, status); OFFSET(TI_addr_limit, thread_info, addr_limit); @@ -12829,7 +12829,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offse= ts.c linux-2.6.39/arch/x86/kern =20 BLANK(); OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx); -@@ -53,8 +55,24 @@ void common(void) { +@@ -53,8 +55,26 @@ void common(void) { OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); @@ -12841,7 +12841,9 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offse= ts.c linux-2.6.39/arch/x86/kern +#ifdef CONFIG_PAX_MEMORY_UDEREF + OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3); + OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3); ++#ifdef CONFIG_X86_64 + OFFSET(PV_MMU_set_pgd, pv_mmu_ops, set_pgd); ++#endif #endif =20 +#endif @@ -39667,13 +39669,13 @@ diff -urNp linux-2.6.39/drivers/staging/hv/vmbu= s_private.h linux-2.6.39/drivers/ * Represents channel interrupts. Each bit position represents a diff -urNp linux-2.6.39/drivers/staging/iio/ring_generic.h linux-2.6.39/= drivers/staging/iio/ring_generic.h --- linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-19 00:06:34.= 000000000 -0400 -+++ linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-22 19:36:32.= 000000000 -0400 ++++ linux-2.6.39/drivers/staging/iio/ring_generic.h 2011-05-25 16:55:27.= 000000000 -0400 @@ -134,7 +134,7 @@ struct iio_ring_buffer { struct iio_handler access_handler; struct iio_event_interface ev_int; struct iio_shared_ev_pointer shared_ev_pointer; - struct iio_ring_access_funcs access; -+ const struct iio_ring_access_funcs access; ++ struct iio_ring_access_funcs access; int (*preenable)(struct iio_dev *); int (*postenable)(struct iio_dev *); int (*predisable)(struct iio_dev *); @@ -51272,8 +51274,8 @@ diff -urNp linux-2.6.39/grsecurity/gracl_alloc.c = linux-2.6.39/grsecurity/gracl_a +} diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl= .c --- linux-2.6.39/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.39/grsecurity/gracl.c 2011-05-22 22:47:25.000000000 -0400 -@@ -0,0 +1,4097 @@ ++++ linux-2.6.39/grsecurity/gracl.c 2011-05-24 20:27:30.000000000 -0400 +@@ -0,0 +1,4103 @@ +#include +#include +#include @@ -51348,7 +51350,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux= -2.6.39/grsecurity/gracl.c +static unsigned int gr_auth_attempts =3D 0; +static unsigned long gr_auth_expires =3D 0UL; + ++#ifdef CONFIG_NET +extern struct vfsmount *sock_mnt; ++#endif ++ +extern struct vfsmount *pipe_mnt; +extern struct vfsmount *shm_mnt; +#ifdef CONFIG_HUGETLBFS @@ -53102,7 +53107,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux= -2.6.39/grsecurity/gracl.c + write_seqlock(&rename_lock); + br_read_lock(vfsmount_lock); + -+ if (unlikely((mnt =3D=3D shm_mnt && dentry->d_inode->i_nlink =3D=3D 0)= || mnt =3D=3D pipe_mnt || mnt =3D=3D sock_mnt || ++ if (unlikely((mnt =3D=3D shm_mnt && dentry->d_inode->i_nlink =3D=3D 0)= || mnt =3D=3D pipe_mnt || ++#ifdef CONFIG_NET ++ mnt =3D=3D sock_mnt || ++#endif +#ifdef CONFIG_HUGETLBFS + (mnt =3D=3D hugetlbfs_vfsmount && dentry->d_inode->i_nlink =3D=3D = 0) || +#endif @@ -60871,8 +60879,8 @@ diff -urNp linux-2.6.39/grsecurity/Kconfig linux-= 2.6.39/grsecurity/Kconfig +endmenu diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Make= file --- linux-2.6.39/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.39/grsecurity/Makefile 2011-05-22 19:41:42.000000000 -0400 -@@ -0,0 +1,29 @@ ++++ linux-2.6.39/grsecurity/Makefile 2011-05-24 20:26:54.000000000 -0400 +@@ -0,0 +1,33 @@ +# grsecurity's ACL system was originally written in 2001 by Michael Dal= ton +# during 2001-2009 it has been completely redesigned by Brad Spengler +# into an RBAC system @@ -60885,11 +60893,15 @@ diff -urNp linux-2.6.39/grsecurity/Makefile lin= ux-2.6.39/grsecurity/Makefile + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ + grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o + -+obj-$(CONFIG_GRKERNSEC) +=3D grsec_init.o grsum.o gracl.o gracl_ip.o gr= acl_segv.o \ ++obj-$(CONFIG_GRKERNSEC) +=3D grsec_init.o grsum.o gracl.o gracl_segv.o = \ + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ + gracl_learn.o grsec_log.o +obj-$(CONFIG_GRKERNSEC_RESLOG) +=3D gracl_res.o + ++ifdef CONFIG_NET ++obj-$(CONFIG_GRKERNSEC) +=3D gracl_ip.o ++endif ++ +ifndef CONFIG_GRKERNSEC +obj-y +=3D grsec_disabled.o +endif diff --git a/2.6.39/4423_grsec-remove-protected-paths.patch b/2.6.39/4423= _grsec-remove-protected-paths.patch index 9c0fd88..1dd1ffb 100644 --- a/2.6.39/4423_grsec-remove-protected-paths.patch +++ b/2.6.39/4423_grsec-remove-protected-paths.patch @@ -5,7 +5,7 @@ paths in the filesystem. =20 --- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400 +++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400 -@@ -22,8 +22,8 @@ +@@ -26,8 +26,8 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y :=3D grsec_hidesym.o $(obj)/grsec_hidesym.o: