diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-05-26 06:38:20 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-05-26 06:38:20 -0400 |
| commit | dc5364db188b719cc9bb059838f0a9740a0a4561 (patch) | |
| tree | f3cfd7328654c4b8768a3633803acc22615f42b6 /2.6.32 | |
| parent | scripts/switchout.sh: remove old grsec patch, rename new, update README (diff) | |
| download | hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.tar.gz hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.tar.bz2 hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.zip | |
Update Grsec/PaX20110525
2.2.2-2.6.32.41-201105251736
2.2.2-2.6.39-201105251736
Diffstat (limited to '2.6.32')
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch) | 21 | ||||
| -rw-r--r-- | 2.6.32/4423_grsec-remove-protected-paths.patch | 2 |
3 files changed, 17 insertions, 8 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 59912da..cd33071 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch index 8de9a60..d39c729 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch @@ -43548,8 +43548,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl_alloc.c linux-2.6.32.41/grsecurity/g +} diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c --- linux-2.6.32.41/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-17 17:29:53.000000000 -0400 -@@ -0,0 +1,4074 @@ ++++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-24 20:26:07.000000000 -0400 +@@ -0,0 +1,4079 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -43625,7 +43625,9 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c +static unsigned int gr_auth_attempts = 0; +static unsigned long gr_auth_expires = 0UL; + ++#ifdef CONFIG_NET +extern struct vfsmount *sock_mnt; ++#endif +extern struct vfsmount *pipe_mnt; +extern struct vfsmount *shm_mnt; +#ifdef CONFIG_HUGETLBFS @@ -45366,7 +45368,10 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c + spin_lock(&dcache_lock); + spin_lock(&vfsmount_lock); + -+ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt || ++ if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || ++#ifdef CONFIG_NET ++ mnt == sock_mnt || ++#endif +#ifdef CONFIG_HUGETLBFS + (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) || +#endif @@ -53228,8 +53233,8 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig +endmenu diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefile --- linux-2.6.32.41/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.41/grsecurity/Makefile 2011-04-17 15:56:46.000000000 -0400 -@@ -0,0 +1,29 @@ ++++ linux-2.6.32.41/grsecurity/Makefile 2011-05-24 20:27:46.000000000 -0400 +@@ -0,0 +1,33 @@ +# grsecurity's ACL system was originally written in 2001 by Michael Dalton +# during 2001-2009 it has been completely redesigned by Brad Spengler +# into an RBAC system @@ -53242,11 +53247,15 @@ diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefi + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ + grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o + -+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \ ++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ + gracl_learn.o grsec_log.o +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o + ++ifdef CONFIG_NET ++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o ++endif ++ +ifndef CONFIG_GRKERNSEC +obj-y += grsec_disabled.o +endif diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4423_grsec-remove-protected-paths.patch index 9c0fd88..1dd1ffb 100644 --- a/2.6.32/4423_grsec-remove-protected-paths.patch +++ b/2.6.32/4423_grsec-remove-protected-paths.patch @@ -5,7 +5,7 @@ paths in the filesystem. --- a/grsecurity/Makefile 2010-05-21 06:52:24.000000000 -0400 +++ b/grsecurity/Makefile 2010-05-21 06:54:54.000000000 -0400 -@@ -22,8 +22,8 @@ +@@ -26,8 +26,8 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y := grsec_hidesym.o $(obj)/grsec_hidesym.o: |