diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-02-16 19:05:22 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-02-16 19:05:22 -0500 |
| commit | 16258e222c16204960ed4ab094d4c3ea5df87ad7 (patch) | |
| tree | 46e48f77d37d0b2f9f55495ceb70960f341e3ed7 | |
| parent | Update Grsec/PaX (diff) | |
| download | hardened-patchset-16258e222c16204960ed4ab094d4c3ea5df87ad7.tar.gz hardened-patchset-16258e222c16204960ed4ab094d4c3ea5df87ad7.tar.bz2 hardened-patchset-16258e222c16204960ed4ab094d4c3ea5df87ad7.zip | |
Update Grsec/PaX20110215
2.2.1-2.6.32.28-201102151944
2.2.1-2.6.37-201102152009
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch (renamed from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch) | 19 | ||||
| -rw-r--r-- | 2.6.37/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch (renamed from 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch) | 23 |
4 files changed, 36 insertions, 10 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index c1feb8d..84ae47c 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch +Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch index b1b6990..2d18d43 100644 --- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch +++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102151944.patch @@ -36642,6 +36642,19 @@ diff -urNp linux-2.6.32.28/fs/xfs/xfs_bmap.c linux-2.6.32.28/fs/xfs/xfs_bmap.c #endif /* DEBUG */ #if defined(XFS_RW_TRACE) +diff -urNp linux-2.6.32.28/fs/xfs/xfs_fsops.c linux-2.6.32.28/fs/xfs/xfs_fsops.c +--- linux-2.6.32.28/fs/xfs/xfs_fsops.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.28/fs/xfs/xfs_fsops.c 2011-02-15 19:44:00.000000000 -0500 +@@ -56,6 +56,9 @@ xfs_fs_geometry( + xfs_fsop_geom_t *geo, + int new_version) + { ++ ++ memset(geo, 0, sizeof(*geo)); ++ + geo->blocksize = mp->m_sb.sb_blocksize; + geo->rtextsize = mp->m_sb.sb_rextsize; + geo->agblocks = mp->m_sb.sb_agblocks; diff -urNp linux-2.6.32.28/grsecurity/gracl_alloc.c linux-2.6.32.28/grsecurity/gracl_alloc.c --- linux-2.6.32.28/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.32.28/grsecurity/gracl_alloc.c 2010-12-31 14:46:53.000000000 -0500 @@ -41319,7 +41332,7 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_fs.c linux-2.6.32.28/grsecurity/grac +} diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/gracl_ip.c --- linux-2.6.32.28/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.28/grsecurity/gracl_ip.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.28/grsecurity/gracl_ip.c 2011-02-15 19:42:10.000000000 -0500 @@ -0,0 +1,382 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> @@ -41391,8 +41404,8 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_ip.c linux-2.6.32.28/grsecurity/grac +static const char * gr_sockfamilies[AF_MAX+1] = { + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", -+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth", -+ "iucv", "rxrpc", "isdn", "phonet", "ieee802154" ++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154" + }; + +const char * diff --git a/2.6.37/0000_README b/2.6.37/0000_README index 16e7e24..ec408c7 100644 --- a/2.6.37/0000_README +++ b/2.6.37/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.1-2.6.37-201102121148.patch +Patch: 4420_grsecurity-2.2.1-2.6.37-201102152009.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch index e66397d..3954df8 100644 --- a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch +++ b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102152009.patch @@ -27048,7 +27048,7 @@ diff -urNp linux-2.6.37/drivers/pci/pcie/portdrv_pci.c linux-2.6.37/drivers/pci/ diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sysfs.c --- linux-2.6.37/drivers/pci/pci-sysfs.c 2011-01-04 19:50:19.000000000 -0500 -+++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-12 10:32:55.000000000 -0500 ++++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-15 20:09:35.000000000 -0500 @@ -23,6 +23,7 @@ #include <linux/mm.h> #include <linux/fs.h> @@ -27062,7 +27062,7 @@ diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sys /* Several chips lock up trying to read undefined config space */ - if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) { -+ if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) { ++ if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { size = dev->cfg_size; } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { size = 128; @@ -34936,6 +34936,19 @@ diff -urNp linux-2.6.37/fs/xfs/xfs_bmap.c linux-2.6.37/fs/xfs/xfs_bmap.c #endif /* DEBUG */ STATIC int +diff -urNp linux-2.6.37/fs/xfs/xfs_fsops.c linux-2.6.37/fs/xfs/xfs_fsops.c +--- linux-2.6.37/fs/xfs/xfs_fsops.c 2011-01-04 19:50:19.000000000 -0500 ++++ linux-2.6.37/fs/xfs/xfs_fsops.c 2011-02-15 19:43:38.000000000 -0500 +@@ -53,6 +53,9 @@ xfs_fs_geometry( + xfs_fsop_geom_t *geo, + int new_version) + { ++ ++ memset(geo, 0, sizeof(*geo)); ++ + geo->blocksize = mp->m_sb.sb_blocksize; + geo->rtextsize = mp->m_sb.sb_rextsize; + geo->agblocks = mp->m_sb.sb_agblocks; diff -urNp linux-2.6.37/grsecurity/gracl_alloc.c linux-2.6.37/grsecurity/gracl_alloc.c --- linux-2.6.37/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.37/grsecurity/gracl_alloc.c 2011-01-17 02:41:02.000000000 -0500 @@ -39618,7 +39631,7 @@ diff -urNp linux-2.6.37/grsecurity/gracl_fs.c linux-2.6.37/grsecurity/gracl_fs.c +} diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c --- linux-2.6.37/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.37/grsecurity/gracl_ip.c 2011-01-17 02:41:02.000000000 -0500 ++++ linux-2.6.37/grsecurity/gracl_ip.c 2011-02-15 19:42:06.000000000 -0500 @@ -0,0 +1,382 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> @@ -39690,8 +39703,8 @@ diff -urNp linux-2.6.37/grsecurity/gracl_ip.c linux-2.6.37/grsecurity/gracl_ip.c +static const char * gr_sockfamilies[AF_MAX+1] = { + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", -+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "tipc", "bluetooth", -+ "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" ++ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" + }; + +const char * |