summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--4.5.7/0000_README2
-rw-r--r--4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch (renamed from 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch)23
2 files changed, 17 insertions, 8 deletions
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 7dd453b..068b4c9 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606142010.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
index b46e7cf..5ac1e8a 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
@@ -115435,7 +115435,7 @@ index ec0e239..ab85b22 100644
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..f172760
+index 0000000..821601d
--- /dev/null
+++ b/grsecurity/Kconfig
@@ -0,0 +1,1205 @@
@@ -115582,14 +115582,14 @@ index 0000000..f172760
+config GRKERNSEC_KSTACKOVERFLOW
+ bool "Prevent kernel stack overflows"
+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on !IA64 && 64BIT
++ depends on X86_64
+ help
+ If you say Y here, the kernel's process stacks will be allocated
+ with vmalloc instead of the kernel's default allocator. This
+ introduces guard pages that in combination with the alloca checking
-+ of the STACKLEAK feature prevents all forms of kernel process stack
-+ overflow abuse. Note that this is different from kernel stack
-+ buffer overflows.
++ of the STACKLEAK feature and removal of thread_info from the kernel
++ stack prevents all forms of kernel process stack overflow abuse.
++ Note that this is different from kernel stack buffer overflows.
+
+config GRKERNSEC_BRUTE
+ bool "Deter exploit bruteforcing"
@@ -156888,7 +156888,7 @@ index f2280f7..c0a006f 100644
struct irlap_cb *self = (struct irlap_cb *) data;
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index fc3598a..03a184e 100644
+index fc3598a..03a184e3 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -685,10 +685,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv)
@@ -211999,7 +211999,7 @@ index 5105c2c..a5010e6 100644
extern struct key_type key_type_request_key_auth;
extern struct key *request_key_auth_new(struct key *target,
diff --git a/security/keys/key.c b/security/keys/key.c
-index 09ef276..ab2894f 100644
+index 09ef276..357db79 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
@@ -212011,6 +212011,15 @@ index 09ef276..ab2894f 100644
key->index_key.type = type;
key->user = user;
key->quotalen = quotalen;
+@@ -582,7 +582,7 @@ int key_reject_and_link(struct key *key,
+
+ mutex_unlock(&key_construction_mutex);
+
+- if (keyring)
++ if (keyring && link_ret == 0)
+ __key_link_end(keyring, &key->index_key, edit);
+
+ /* wake up anyone waiting for a key to be constructed */
@@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype)
struct key_type *p;
int ret;