diff options
author | Andrew Manison <amanison@anselsystems.com> | 2010-07-02 08:08:13 +0000 |
---|---|---|
committer | Andrew Manison <amanison@anselsystems.com> | 2010-07-02 08:08:13 +0000 |
commit | 79765211f6541090c4f8e629a34732e9ccaa24fd (patch) | |
tree | 6c392c706ba919497e641f14595e8aae4ca375f3 | |
parent | 00630fd78516f529daf3005c7defcd6baf4b95f9 (diff) | |
parent | 2da022a8f0642c8990ba999256fc8b9ccada29f2 (diff) | |
download | alpine_aports-79765211f6541090c4f8e629a34732e9ccaa24fd.tar.bz2 alpine_aports-79765211f6541090c4f8e629a34732e9ccaa24fd.tar.xz alpine_aports-79765211f6541090c4f8e629a34732e9ccaa24fd.zip |
Merge remote branch 'alpine/master'; fixes for build problems.
Conflicts:
main/abuild/APKBUILD
41 files changed, 745 insertions, 402 deletions
diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD index 8c684d6b93..4ad26188c4 100644 --- a/main/abuild/APKBUILD +++ b/main/abuild/APKBUILD | |||
@@ -2,13 +2,27 @@ | |||
2 | pkgdesc="Script to build Alpine Packages" | 2 | pkgdesc="Script to build Alpine Packages" |
3 | pkgname=abuild | 3 | pkgname=abuild |
4 | pkgver=2.3 | 4 | pkgver=2.3 |
5 | pkgrel=0 | 5 | pkgrel=1 |
6 | url=http://git.alpinelinux.org/cgit/abuild/ | 6 | url=http://git.alpinelinux.org/cgit/abuild/ |
7 | source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2" | 7 | source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2 |
8 | depends="fakeroot file sudo pax-utils apk-tools" | 8 | abuild-conflict-message.patch |
9 | " | ||
10 | depends="fakeroot file sudo pax-utils openssl apk-tools" | ||
9 | makedepends="openssl-dev pkgconfig" | 11 | makedepends="openssl-dev pkgconfig" |
10 | license=GPL-2 | 12 | license=GPL-2 |
11 | 13 | ||
14 | prepare() { | ||
15 | cd "$srcdir/$pkgname-$pkgver" | ||
16 | for i in $source; do | ||
17 | case $i in | ||
18 | *.patch) | ||
19 | msg "Applying $i" | ||
20 | patch -p1 -i "$srcdir"/$i || return 1 | ||
21 | ;; | ||
22 | esac | ||
23 | done | ||
24 | } | ||
25 | |||
12 | build() { | 26 | build() { |
13 | cd "$srcdir/$pkgname-$pkgver" | 27 | cd "$srcdir/$pkgname-$pkgver" |
14 | make | 28 | make |
@@ -19,4 +33,6 @@ package() { | |||
19 | make install DESTDIR="$pkgdir" | 33 | make install DESTDIR="$pkgdir" |
20 | install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf | 34 | install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf |
21 | } | 35 | } |
22 | md5sums="7c738e0018202160366b8329ec693502 abuild-2.3.tar.bz2" | 36 | |
37 | md5sums="7c738e0018202160366b8329ec693502 abuild-2.3.tar.bz2 | ||
38 | 45ee7aa6e00732a8c36d7740fb8d2aeb abuild-conflict-message.patch" | ||
diff --git a/main/abuild/abuild-conflict-message.patch b/main/abuild/abuild-conflict-message.patch new file mode 100644 index 0000000000..b560634adb --- /dev/null +++ b/main/abuild/abuild-conflict-message.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | commit c30c346362223658980275d54d5b7911a3a7486c | ||
2 | Author: Natanael Copa <ncopa@alpinelinux.org> | ||
3 | Date: Wed Jun 30 14:59:07 2010 +0000 | ||
4 | |||
5 | abuild: detect and report conflicting dependencies properly | ||
6 | |||
7 | diff --git a/abuild.in b/abuild.in | ||
8 | index 0c94653..4034a86 100755 | ||
9 | --- a/abuild.in | ||
10 | +++ b/abuild.in | ||
11 | @@ -841,15 +841,16 @@ builddeps() { | ||
12 | # find which deps are missing | ||
13 | for i in $deps; do | ||
14 | if [ "${i#\!}" != "$i" ]; then | ||
15 | - list_has ${i#\!} $installed_deps \ | ||
16 | + $APK info -q -e "${i#\!}" \ | ||
17 | && conflicts="$conflicts ${i#\!}" | ||
18 | elif ! deplist_has $i $installed_deps || [ -n "$upgrade" ]; then | ||
19 | missing="$missing $i" | ||
20 | fi | ||
21 | done | ||
22 | - | ||
23 | + | ||
24 | if [ -n "$conflicts" ]; then | ||
25 | - die "Conflicting package(s) installed:$conflics" | ||
26 | + error "Conflicting package(s) installed:$conflicts" | ||
27 | + return 1 | ||
28 | fi | ||
29 | |||
30 | if [ -z "$install_deps" ] && [ -z "$recursive" ]; then | ||
diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD index 2c96805b48..90cff68dc2 100644 --- a/main/apk-tools/APKBUILD +++ b/main/apk-tools/APKBUILD | |||
@@ -1,13 +1,14 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=apk-tools | 2 | pkgname=apk-tools |
3 | pkgver=2.0.5 | 3 | pkgver=2.0.5 |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | pkgdesc="Alpine Package Keeper - package manager for alpine" | 5 | pkgdesc="Alpine Package Keeper - package manager for alpine" |
6 | subpackages="$pkgname-static" | 6 | subpackages="$pkgname-static" |
7 | depends= | 7 | depends= |
8 | makedepends="zlib-dev openssl-dev pkgconfig" | 8 | makedepends="zlib-dev openssl-dev pkgconfig" |
9 | source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2 | 9 | source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2 |
10 | 0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch | 10 | 0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch |
11 | apk-tools-static.patch | ||
11 | " | 12 | " |
12 | 13 | ||
13 | url="http://git.alpinelinux.org/cgit/apk-tools/" | 14 | url="http://git.alpinelinux.org/cgit/apk-tools/" |
@@ -21,6 +22,9 @@ prepare() { | |||
21 | *.patch) patch -p1 -i "$srcdir"/$i || return 1 | 22 | *.patch) patch -p1 -i "$srcdir"/$i || return 1 |
22 | esac | 23 | esac |
23 | done | 24 | done |
25 | # the patch includes a symlink | ||
26 | rm -f src/apk-static.c | ||
27 | ln -s apk.c src/apk-static.c | ||
24 | } | 28 | } |
25 | 29 | ||
26 | build() { | 30 | build() { |
@@ -49,4 +53,5 @@ static() { | |||
49 | } | 53 | } |
50 | 54 | ||
51 | md5sums="7f9234ab210557b064d7bd9b42833f0a apk-tools-2.0.5.tar.bz2 | 55 | md5sums="7f9234ab210557b064d7bd9b42833f0a apk-tools-2.0.5.tar.bz2 |
52 | f63d483b724e8e9344ce8cb965d5ed22 0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch" | 56 | f63d483b724e8e9344ce8cb965d5ed22 0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch |
57 | 3c1f21719a6c4aba51333cf0d88c5600 apk-tools-static.patch" | ||
diff --git a/main/apk-tools/apk-tools-static.patch b/main/apk-tools/apk-tools-static.patch new file mode 100644 index 0000000000..c122964b45 --- /dev/null +++ b/main/apk-tools/apk-tools-static.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | commit dd6008995a8e8509d71ffa906c837e7a320e8a15 | ||
2 | Author: Timo Teräs <timo.teras@iki.fi> | ||
3 | Date: Wed Jun 30 16:53:56 2010 +0300 | ||
4 | |||
5 | static build: do not use openssl engines | ||
6 | |||
7 | We want minimal static build. And this now also breaks with our openssl | ||
8 | since it tries to automatically dlopen some of the engine modules. | ||
9 | |||
10 | diff --git a/.gitignore b/.gitignore | ||
11 | index f6f9cf6..2b22f52 100644 | ||
12 | --- a/.gitignore | ||
13 | +++ b/.gitignore | ||
14 | @@ -1,4 +1,5 @@ | ||
15 | apk | ||
16 | +apk.static | ||
17 | *.o | ||
18 | *.d | ||
19 | *.cmd | ||
20 | diff --git a/src/Makefile b/src/Makefile | ||
21 | index bea288e..c9cda6a 100644 | ||
22 | --- a/src/Makefile | ||
23 | +++ b/src/Makefile | ||
24 | @@ -41,9 +41,10 @@ endif | ||
25 | |||
26 | CFLAGS_ALL += -D_ATFILE_SOURCE | ||
27 | CFLAGS_apk.o := -DAPK_VERSION=\"$(FULL_VERSION)\" | ||
28 | +CFLAGS_apk-static.o := -DAPK_VERSION=\"$(FULL_VERSION)\" -DOPENSSL_NO_ENGINE | ||
29 | |||
30 | progs-$(STATIC) += apk.static | ||
31 | -apk.static-objs := $(apk-objs) | ||
32 | +apk.static-objs := $(filter-out apk.o,$(apk-objs)) apk-static.o | ||
33 | LDFLAGS_apk.static := -static | ||
34 | LDFLAGS_apk += -nopie -L$(obj) | ||
35 | |||
36 | diff --git a/src/apk-static.c b/src/apk-static.c | ||
37 | new file mode 120000 | ||
38 | index 0000000..bf745af | ||
39 | --- /dev/null | ||
40 | +++ b/src/apk-static.c | ||
41 | @@ -0,0 +1 @@ | ||
42 | +apk.c | ||
43 | \ No newline at end of file | ||
44 | diff --git a/src/apk.c b/src/apk.c | ||
45 | index 81bb950..4196f74 100644 | ||
46 | --- a/src/apk.c | ||
47 | +++ b/src/apk.c | ||
48 | @@ -12,13 +12,17 @@ | ||
49 | #include <stdio.h> | ||
50 | #include <fcntl.h> | ||
51 | #include <ctype.h> | ||
52 | +#include <errno.h> | ||
53 | #include <stdarg.h> | ||
54 | #include <stdlib.h> | ||
55 | #include <string.h> | ||
56 | #include <getopt.h> | ||
57 | #include <sys/stat.h> | ||
58 | |||
59 | +#include <openssl/crypto.h> | ||
60 | +#ifndef OPENSSL_NO_ENGINE | ||
61 | #include <openssl/engine.h> | ||
62 | +#endif | ||
63 | |||
64 | #include "apk_defines.h" | ||
65 | #include "apk_database.h" | ||
diff --git a/main/apr-util/APKBUILD b/main/apr-util/APKBUILD index 45133a2c29..8730607a5c 100644 --- a/main/apr-util/APKBUILD +++ b/main/apr-util/APKBUILD | |||
@@ -7,7 +7,7 @@ url="http://apr.apache.org/" | |||
7 | license="APACHE" | 7 | license="APACHE" |
8 | depends= | 8 | depends= |
9 | subpackages="$pkgname-dev" | 9 | subpackages="$pkgname-dev" |
10 | makedepends="apr-dev expat-dev e2fsprogs-dev" | 10 | makedepends="apr-dev expat-dev e2fsprogs-dev bash" |
11 | source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2" | 11 | source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2" |
12 | 12 | ||
13 | build() { | 13 | build() { |
diff --git a/main/cmake/APKBUILD b/main/cmake/APKBUILD index bbd1b5885d..64faab3cf5 100644 --- a/main/cmake/APKBUILD +++ b/main/cmake/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=cmake | 2 | pkgname=cmake |
3 | pkgver=2.8.1 | 3 | pkgver=2.8.2 |
4 | pkgrel=1 | 4 | pkgrel=0 |
5 | pkgdesc="CMake is a cross-platform open-source make system" | 5 | pkgdesc="CMake is a cross-platform open-source make system" |
6 | url="http://www.cmake.org" | 6 | url="http://www.cmake.org" |
7 | license="CMake" | 7 | license="CMake" |
@@ -42,4 +42,4 @@ package() { | |||
42 | make DESTDIR="$pkgdir" install | 42 | make DESTDIR="$pkgdir" install |
43 | } | 43 | } |
44 | 44 | ||
45 | md5sums="a92ad653f9ccc1595d16cd9707f49acc cmake-2.8.1.tar.gz" | 45 | md5sums="8c967d5264657a798f22ee23976ff0d9 cmake-2.8.2.tar.gz" |
diff --git a/main/cracklib/APKBUILD b/main/cracklib/APKBUILD index f7fda7960c..c82e9038f3 100644 --- a/main/cracklib/APKBUILD +++ b/main/cracklib/APKBUILD | |||
@@ -1,8 +1,8 @@ | |||
1 | # Contributor: Michael Mason <ms13sp@gmail.com> | 1 | # Contributor: Michael Mason <ms13sp@gmail.com> |
2 | # Maintainer: Michael Mason <ms13sp@gmail.com> | 2 | # Maintainer: Michael Mason <ms13sp@gmail.com> |
3 | pkgname=cracklib | 3 | pkgname=cracklib |
4 | pkgver=2.8.13 | 4 | pkgver=2.8.16 |
5 | pkgrel=1 | 5 | pkgrel=0 |
6 | pkgdesc="A library used to enforce strong passwords" | 6 | pkgdesc="A library used to enforce strong passwords" |
7 | url="http://sourceforge.net/projects/cracklib" | 7 | url="http://sourceforge.net/projects/cracklib" |
8 | license="GPL" | 8 | license="GPL" |
@@ -11,7 +11,14 @@ makedepends="" | |||
11 | install= | 11 | install= |
12 | subpackages="$pkgname-dev" | 12 | subpackages="$pkgname-dev" |
13 | source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz | 13 | source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz |
14 | cracklib-nls.patch | ||
14 | " | 15 | " |
16 | |||
17 | prepare() { | ||
18 | cd "$srcdir"/$pkgname-$pkgver | ||
19 | patch -p1 -i "$srcdir"/cracklib-nls.patch | ||
20 | } | ||
21 | |||
15 | build() { | 22 | build() { |
16 | 23 | ||
17 | cd "$srcdir/$pkgname-$pkgver" | 24 | cd "$srcdir/$pkgname-$pkgver" |
@@ -24,8 +31,13 @@ build() { | |||
24 | --disable-nls \ | 31 | --disable-nls \ |
25 | --with-default-dict | 32 | --with-default-dict |
26 | make -j1 all || return 1 | 33 | make -j1 all || return 1 |
34 | } | ||
35 | |||
36 | package() { | ||
37 | cd "$srcdir/$pkgname-$pkgver" | ||
27 | make -j1 DESTDIR="$pkgdir" install | 38 | make -j1 DESTDIR="$pkgdir" install |
28 | 39 | ||
29 | } | 40 | } |
30 | 41 | ||
31 | md5sums="5beb4c6b3c31c83fc98c4c225b25cd94 cracklib-2.8.13.tar.gz" | 42 | md5sums="3bfb22db8fcffd019463ee415a1b25b7 cracklib-2.8.16.tar.gz |
43 | 239b1b7b59bee4dee7577aa9df18ba46 cracklib-nls.patch" | ||
diff --git a/main/cracklib/cracklib-nls.patch b/main/cracklib/cracklib-nls.patch new file mode 100644 index 0000000000..3792b741c4 --- /dev/null +++ b/main/cracklib/cracklib-nls.patch | |||
@@ -0,0 +1,12 @@ | |||
1 | --- ./util/check.c.orig | ||
2 | +++ ./util/check.c | ||
3 | @@ -22,7 +22,9 @@ | ||
4 | int i; | ||
5 | |||
6 | setlocale(LC_ALL, ""); | ||
7 | +#if defined(ENABLE_NLS) | ||
8 | textdomain(PACKAGE); | ||
9 | +#endif | ||
10 | |||
11 | while (fgets(buf, sizeof(buf), stdin) != NULL) { | ||
12 | while (((i = strlen(buf)) > 0) && (i > 0)) { | ||
diff --git a/main/dialog/APKBUILD b/main/dialog/APKBUILD index b17527f69a..1035f0d442 100644 --- a/main/dialog/APKBUILD +++ b/main/dialog/APKBUILD | |||
@@ -1,8 +1,8 @@ | |||
1 | # Contributor: Michael Mason <ms13sp@gmail.com> | 1 | # Contributor: Michael Mason <ms13sp@gmail.com> |
2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=dialog | 3 | pkgname=dialog |
4 | pkgver=1.1.20100119 | 4 | pkgver=1.1.20100428 |
5 | _ver=${pkgver%.*}-${pkgver##*.} | 5 | _pkgver=1.1-20100428 |
6 | pkgrel=1 | 6 | pkgrel=1 |
7 | pkgdesc="A script-interpreter which provides a set of curses" | 7 | pkgdesc="A script-interpreter which provides a set of curses" |
8 | url="http://invisible-island.net/dialog/dialog.html" | 8 | url="http://invisible-island.net/dialog/dialog.html" |
@@ -11,10 +11,10 @@ depends= | |||
11 | makedepends="ncurses-dev" | 11 | makedepends="ncurses-dev" |
12 | install= | 12 | install= |
13 | subpackages="$pkgname-doc" | 13 | subpackages="$pkgname-doc" |
14 | source="ftp://invisible-island.net/dialog/$pkgname.tar.gz" | 14 | source="ftp://ftp.us.debian.org/debian/pool/main/d/$pkgname/dialog_$_pkgver.orig.tar.gz" |
15 | 15 | ||
16 | build() { | 16 | build() { |
17 | cd "$srcdir/$pkgname-$_ver" | 17 | cd "$srcdir/$pkgname-$_pkgver" |
18 | ./configure --prefix=/usr \ | 18 | ./configure --prefix=/usr \ |
19 | --sysconfdir=/etc \ | 19 | --sysconfdir=/etc \ |
20 | --mandir=/usr/share/man \ | 20 | --mandir=/usr/share/man \ |
@@ -23,8 +23,8 @@ build() { | |||
23 | } | 23 | } |
24 | 24 | ||
25 | package() { | 25 | package() { |
26 | cd "$srcdir/$pkgname-$_ver" | 26 | cd "$srcdir/$pkgname-$_pkgver" |
27 | make DESTDIR="$pkgdir" install | 27 | make DESTDIR="$pkgdir" install |
28 | } | 28 | } |
29 | 29 | ||
30 | md5sums="3d62219658fdddf3c6247fb45831a5d0 dialog.tar.gz" | 30 | md5sums="519c0a0cbac28ddb992111ec2c3f82aa dialog_1.1-20100428.orig.tar.gz" |
diff --git a/main/gcc/APKBUILD b/main/gcc/APKBUILD index a5fb49a921..da7f662485 100644 --- a/main/gcc/APKBUILD +++ b/main/gcc/APKBUILD | |||
@@ -6,12 +6,12 @@ _specsver=0.1.7 | |||
6 | _espfver=0.3.6 | 6 | _espfver=0.3.6 |
7 | _uclibc_abiver=0.9.32 | 7 | _uclibc_abiver=0.9.32 |
8 | 8 | ||
9 | pkgrel=2 | 9 | pkgrel=3 |
10 | pkgdesc="The GNU Compiler Collection" | 10 | pkgdesc="The GNU Compiler Collection" |
11 | url="http://gcc.gnu.org" | 11 | url="http://gcc.gnu.org" |
12 | license="GPL LGPL" | 12 | license="GPL LGPL" |
13 | depends="binutils libgcc libgomp" | 13 | depends="binutils libgcc libgomp" |
14 | makedepends="bison flex gmp5-dev mpfr-dev texinfo" | 14 | makedepends="bison flex gmp-dev mpfr-dev texinfo" |
15 | subpackages="$pkgname-doc libstdc++:libcxx g++:gpp libgcc libgomp" | 15 | subpackages="$pkgname-doc libstdc++:libcxx g++:gpp libgcc libgomp" |
16 | source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2 | 16 | source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2 |
17 | ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-g++-$pkgver.tar.bz2 | 17 | ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-g++-$pkgver.tar.bz2 |
@@ -21,6 +21,7 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2 | |||
21 | pt_gnu_eh_frame.patch | 21 | pt_gnu_eh_frame.patch |
22 | uclibc-getipinfo.patch | 22 | uclibc-getipinfo.patch |
23 | gcc-dynamic-linker.patch | 23 | gcc-dynamic-linker.patch |
24 | PR32219.patch | ||
24 | " | 25 | " |
25 | # ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-objc-$pkgver.tar.bz2 | 26 | # ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-objc-$pkgver.tar.bz2 |
26 | build () | 27 | build () |
@@ -133,4 +134,5 @@ d51a6ec3eac1a90e7fc280d976ce7f80 gcc-g++-4.4.4.tar.bz2 | |||
133 | c4045bfa85d8be780affd465be9d8ca8 gcc-spec-env.patch | 134 | c4045bfa85d8be780affd465be9d8ca8 gcc-spec-env.patch |
134 | 2db1e3482c5dd59dab70f701afa2ca80 pt_gnu_eh_frame.patch | 135 | 2db1e3482c5dd59dab70f701afa2ca80 pt_gnu_eh_frame.patch |
135 | 6cc2385c5bbd6d0da6eaedd53c8bf547 uclibc-getipinfo.patch | 136 | 6cc2385c5bbd6d0da6eaedd53c8bf547 uclibc-getipinfo.patch |
136 | 6db5c87887beee75cde3cce86625b9ed gcc-dynamic-linker.patch" | 137 | 6db5c87887beee75cde3cce86625b9ed gcc-dynamic-linker.patch |
138 | 6c866c7fb8d56deb8f6d652bee64e228 PR32219.patch" | ||
diff --git a/main/gcc/PR32219.patch b/main/gcc/PR32219.patch new file mode 100644 index 0000000000..b926e941fc --- /dev/null +++ b/main/gcc/PR32219.patch | |||
@@ -0,0 +1,101 @@ | |||
1 | From gcc-patches-return-258497-listarch-gcc-patches=gcc dot gnu dot org at gcc dot gnu dot org Tue Mar 16 13:32:55 2010 | ||
2 | Return-Path: <gcc-patches-return-258497-listarch-gcc-patches=gcc dot gnu dot org at gcc dot gnu dot org> | ||
3 | Delivered-To: listarch-gcc-patches at gcc dot gnu dot org | ||
4 | Received: (qmail 25550 invoked by alias); 16 Mar 2010 13:32:54 -0000 | ||
5 | Received: (qmail 25534 invoked by uid 22791); 16 Mar 2010 13:32:53 -0000 | ||
6 | X-SWARE-Spam-Status: No, hits=-1.1 required=5.0 tests=AWL,BAYES_00,SUBJ_ALL_CAPS | ||
7 | X-Spam-Check-By: sourceware.org | ||
8 | Received: from mail-bw0-f210.google.com (HELO mail-bw0-f210.google.com) (209.85.218.210) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 16 Mar 2010 13:32:48 +0000 | ||
9 | Received: by bwz2 with SMTP id 2so4002140bwz.30 for <multiple recipients>; Tue, 16 Mar 2010 06:32:45 -0700 (PDT) | ||
10 | Received: by 10.204.14.84 with SMTP id f20mr2900449bka.209.1268746365293; Tue, 16 Mar 2010 06:32:45 -0700 (PDT) | ||
11 | Received: from s42.loc (85-127-85-230.dynamic.xdsl-line.inode.at [85.127.85.230]) by mx.google.com with ESMTPS id 14sm3626793bwz.14.2010.03.16.06.32.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 16 Mar 2010 06:32:44 -0700 (PDT) | ||
12 | Received: from cow by s42.loc with local (Exim 4.71) (envelope-from <rep.dot.nop@gmail.com>) id 1NrX2W-0008Nj-5o; Tue, 16 Mar 2010 14:42:32 +0100 | ||
13 | From: Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com> | ||
14 | To: gcc-patches at gcc dot gnu dot org | ||
15 | Cc: rguenth at gcc dot gnu dot org, Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com> | ||
16 | Subject: [PATCH] PR32219 | ||
17 | Date: Tue, 16 Mar 2010 14:42:27 +0100 | ||
18 | Message-Id: <1268746947-32108-1-git-send-email-rep.dot.nop@gmail.com> | ||
19 | Mailing-List: contact gcc-patches-help at gcc dot gnu dot org; run by ezmlm | ||
20 | Precedence: bulk | ||
21 | List-Id: <gcc-patches.gcc.gnu.org> | ||
22 | List-Archive: <http://gcc.gnu.org/ml/gcc-patches/> | ||
23 | List-Post: <mailto:gcc-patches at gcc dot gnu dot org> | ||
24 | List-Help: <mailto:gcc-patches-help at gcc dot gnu dot org> | ||
25 | Sender: gcc-patches-owner at gcc dot gnu dot org | ||
26 | Delivered-To: mailing list gcc-patches at gcc dot gnu dot org | ||
27 | |||
28 | Hi, | ||
29 | |||
30 | As suggested by richi. | ||
31 | regtested on i686-linux-gnu with all default languages and no regressions. | ||
32 | Ok for trunk? | ||
33 | |||
34 | gcc/ChangeLog | ||
35 | 2010-03-15 Bernhard Reutner-Fischer <aldot@gcc.gnu.org> | ||
36 | |||
37 | PR target/32219 | ||
38 | * varasm.c (default_binds_local_p_1): Weak data is not local. | ||
39 | |||
40 | gcc/testsuite/ChangeLog | ||
41 | 2010-03-15 Bernhard Reutner-Fischer <aldot@gcc.gnu.org> | ||
42 | |||
43 | PR target/32219 | ||
44 | * gcc.dg/visibility-21.c: New test. | ||
45 | |||
46 | Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | ||
47 | --- | ||
48 | gcc/testsuite/gcc.dg/visibility-21.c | 14 ++++++++++++++ | ||
49 | gcc/varasm.c | 8 ++++---- | ||
50 | 2 files changed, 18 insertions(+), 4 deletions(-) | ||
51 | create mode 100644 gcc/testsuite/gcc.dg/visibility-21.c | ||
52 | |||
53 | diff --git a/gcc/testsuite/gcc.dg/visibility-21.c b/gcc/testsuite/gcc.dg/visibility-21.c | ||
54 | new file mode 100644 | ||
55 | index 0000000..be7deda | ||
56 | --- /dev/null | ||
57 | +++ b/gcc/testsuite/gcc.dg/visibility-21.c | ||
58 | @@ -0,0 +1,14 @@ | ||
59 | +/* PR target/32219 */ | ||
60 | +/* { dg-do run } */ | ||
61 | +/* { dg-require-visibility "" } */ | ||
62 | +/* { dg-options "-fPIC" { target fpic } } */ | ||
63 | + | ||
64 | +extern void f() __attribute__((weak,visibility("hidden"))); | ||
65 | +extern int puts( char const* ); | ||
66 | +int main() | ||
67 | +{ | ||
68 | + if (f) | ||
69 | + f(); | ||
70 | + return 0; | ||
71 | +} | ||
72 | + | ||
73 | diff --git a/gcc/varasm.c b/gcc/varasm.c | ||
74 | index 6b8222f..6b9269a 100644 | ||
75 | --- a/gcc/varasm.c | ||
76 | +++ b/gcc/varasm.c | ||
77 | @@ -6613,6 +6613,10 @@ default_binds_local_p_1 (const_tree exp, int shlib) | ||
78 | /* Static variables are always local. */ | ||
79 | else if (! TREE_PUBLIC (exp)) | ||
80 | local_p = true; | ||
81 | + /* Weak data can be overridden by a strong symbol | ||
82 | + in another module and so are not local. */ | ||
83 | + else if (DECL_WEAK (exp)) | ||
84 | + local_p = false; | ||
85 | /* A variable is local if the user has said explicitly that it will | ||
86 | be. */ | ||
87 | else if (DECL_VISIBILITY_SPECIFIED (exp) | ||
88 | @@ -6625,10 +6629,6 @@ default_binds_local_p_1 (const_tree exp, int shlib) | ||
89 | local. */ | ||
90 | else if (DECL_VISIBILITY (exp) != VISIBILITY_DEFAULT) | ||
91 | local_p = true; | ||
92 | - /* Default visibility weak data can be overridden by a strong symbol | ||
93 | - in another module and so are not local. */ | ||
94 | - else if (DECL_WEAK (exp)) | ||
95 | - local_p = false; | ||
96 | /* If PIC, then assume that any global name can be overridden by | ||
97 | symbols resolved from other modules, unless we are compiling with | ||
98 | -fwhole-program, which assumes that names are local. */ | ||
99 | -- | ||
100 | 1.7.0 | ||
101 | |||
diff --git a/main/git/APKBUILD b/main/git/APKBUILD index f8d9e8bb0d..0e2b7e1ef9 100644 --- a/main/git/APKBUILD +++ b/main/git/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=git | 2 | pkgname=git |
3 | pkgver=1.7.1 | 3 | pkgver=1.7.1.1 |
4 | pkgrel=2 | 4 | pkgrel=0 |
5 | pkgdesc="GIT - the stupid content tracker" | 5 | pkgdesc="GIT - the stupid content tracker" |
6 | url="http://git.or.cz/" | 6 | url="http://git.or.cz/" |
7 | license="GPL2" | 7 | license="GPL2" |
@@ -10,7 +10,6 @@ subpackages="$pkgname-doc $pkgname-perl" | |||
10 | makedepends="zlib-dev openssl-dev curl-dev expat-dev perl-dev python-dev" | 10 | makedepends="zlib-dev openssl-dev curl-dev expat-dev perl-dev python-dev" |
11 | source="http://kernel.org/pub/software/scm/git/git-$pkgver.tar.bz2 | 11 | source="http://kernel.org/pub/software/scm/git/git-$pkgver.tar.bz2 |
12 | bb-tar.patch | 12 | bb-tar.patch |
13 | git-do-not-dump-core-when-iconv-fails.patch | ||
14 | " | 13 | " |
15 | 14 | ||
16 | _makeopts="NO_ICONV=YesPlease | 15 | _makeopts="NO_ICONV=YesPlease |
@@ -21,8 +20,6 @@ _makeopts="NO_ICONV=YesPlease | |||
21 | build() { | 20 | build() { |
22 | cd "$srcdir"/$pkgname-$pkgver | 21 | cd "$srcdir"/$pkgname-$pkgver |
23 | patch -p1 -i "$srcdir"/bb-tar.patch || return 1 | 22 | patch -p1 -i "$srcdir"/bb-tar.patch || return 1 |
24 | patch -p1 -i "$srcdir"/git-do-not-dump-core-when-iconv-fails.patch \ | ||
25 | || return 1 | ||
26 | make prefix=/usr DESTDIR="$pkgdir" $_makeopts || return 1 | 23 | make prefix=/usr DESTDIR="$pkgdir" $_makeopts || return 1 |
27 | } | 24 | } |
28 | 25 | ||
@@ -45,6 +42,5 @@ perl() { | |||
45 | } | 42 | } |
46 | 43 | ||
47 | 44 | ||
48 | md5sums="3da231dbe82ad103373cb530ae7475d5 git-1.7.1.tar.bz2 | 45 | md5sums="1b116a3e2ecce46a89e4272abf0de955 git-1.7.1.1.tar.bz2 |
49 | e63a201556c4f089de790805c09a2e5b bb-tar.patch | 46 | e63a201556c4f089de790805c09a2e5b bb-tar.patch" |
50 | 7c660517316261b383a094ef03aad0aa git-do-not-dump-core-when-iconv-fails.patch" | ||
diff --git a/main/git/git-do-not-dump-core-when-iconv-fails.patch b/main/git/git-do-not-dump-core-when-iconv-fails.patch deleted file mode 100644 index b338ee4809..0000000000 --- a/main/git/git-do-not-dump-core-when-iconv-fails.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | commit 43acff34b902c38808ac0f326090f2516250e1f0 | ||
2 | Author: Jonathan Nieder <jrnieder@gmail.com> | ||
3 | Date: Sat May 8 18:17:29 2010 -0500 | ||
4 | |||
5 | cherry-pick: do not dump core when iconv fails | ||
6 | |||
7 | When cherry-picking, usually the new and old commit encodings are both | ||
8 | UTF-8. Most old iconv implementations do not support this trivial | ||
9 | conversion, so on old platforms, out->message remains NULL, and later | ||
10 | attempts to read it segfault. | ||
11 | |||
12 | Fix this by noticing the input and output encodings match and skipping | ||
13 | the iconv step, like the other reencode_string() call sites already do. | ||
14 | Also stop segfaulting on other iconv failures: if iconv fails for some | ||
15 | other reason, the best we can do is to pass the old message through. | ||
16 | |||
17 | This fixes a regression introduced in v1.7.1-rc0~15^2~2 (revert: | ||
18 | clarify label on conflict hunks, 2010-03-20). | ||
19 | |||
20 | Reported-by: Andreas Krey <a.krey@gmx.de> | ||
21 | Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | ||
22 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
23 | |||
24 | diff --git a/builtin/revert.c b/builtin/revert.c | ||
25 | index 778a56e..7d68ef7 100644 | ||
26 | --- a/builtin/revert.c | ||
27 | +++ b/builtin/revert.c | ||
28 | @@ -109,8 +109,13 @@ static int get_message(const char *raw_message, struct commit_message *out) | ||
29 | encoding = "UTF-8"; | ||
30 | if (!git_commit_encoding) | ||
31 | git_commit_encoding = "UTF-8"; | ||
32 | - if ((out->reencoded_message = reencode_string(raw_message, | ||
33 | - git_commit_encoding, encoding))) | ||
34 | + | ||
35 | + out->reencoded_message = NULL; | ||
36 | + out->message = raw_message; | ||
37 | + if (strcmp(encoding, git_commit_encoding)) | ||
38 | + out->reencoded_message = reencode_string(raw_message, | ||
39 | + git_commit_encoding, encoding); | ||
40 | + if (out->reencoded_message) | ||
41 | out->message = out->reencoded_message; | ||
42 | |||
43 | abbrev = find_unique_abbrev(commit->object.sha1, DEFAULT_ABBREV); | ||
diff --git a/main/gmp/APKBUILD b/main/gmp/APKBUILD deleted file mode 100644 index 36ad708d4b..0000000000 --- a/main/gmp/APKBUILD +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | ||
2 | pkgname=gmp | ||
3 | pkgver=4.3.2 | ||
4 | pkgrel=1 | ||
5 | pkgdesc="A free library for arbitrary precision arithmetic" | ||
6 | url="http://gmplib.org/" | ||
7 | license="LGPL3" | ||
8 | makedepends="m4 texinfo" | ||
9 | depends= | ||
10 | subpackages="$pkgname-doc $pkgname-dev" | ||
11 | source="ftp://ftp.gnu.org/gnu/gmp/gmp-$pkgver.tar.bz2 | ||
12 | gmp-4.1.4-noexecstack.patch | ||
13 | " | ||
14 | |||
15 | _builddir="$srcdir"/$pkgname-$pkgver | ||
16 | build() { | ||
17 | cd "$_builddir" | ||
18 | patch -p1 < ../gmp-4.1.4-noexecstack.patch || return 1 | ||
19 | |||
20 | ABI="32" ./configure --prefix=/usr \ | ||
21 | --build=${CHOST} \ | ||
22 | --infodir=/usr/share/info \ | ||
23 | --mandir=/usr/share/man \ | ||
24 | --localstatedir=/var/state/gmp \ | ||
25 | --disable-mpfr \ | ||
26 | --disable-mpbsd \ | ||
27 | --disable-cxx \ | ||
28 | --with-pic \ | ||
29 | || return 1 | ||
30 | |||
31 | make || return 1 | ||
32 | } | ||
33 | |||
34 | package() { | ||
35 | cd "$_builddir" | ||
36 | make -j1 DESTDIR="${pkgdir}" install || return 1 | ||
37 | } | ||
38 | md5sums="dd60683d7057917e34630b4a787932e8 gmp-4.3.2.tar.bz2 | ||
39 | 13c34f00e77ded6673270cfea06c35c3 gmp-4.1.4-noexecstack.patch" | ||
diff --git a/main/gmp/gmp-4.1.4-noexecstack.patch b/main/gmp/gmp-4.1.4-noexecstack.patch deleted file mode 100644 index 093bec1a5d..0000000000 --- a/main/gmp/gmp-4.1.4-noexecstack.patch +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | fixed executable stack | ||
2 | |||
3 | http://bugs.gentoo.org/115038 | ||
4 | |||
5 | --- gmp-4.1.4/configure | ||
6 | +++ gmp-4.1.4/configure | ||
7 | @@ -21689,6 +21689,13 @@ | ||
8 | fi | ||
9 | echo "')" >> $gmp_configm4 | ||
10 | echo "define(\`__CONFIG_M4_INCLUDED__')" >> $gmp_configm4 | ||
11 | +# Gentoo hack | ||
12 | +case $host_os in | ||
13 | + *linux*) | ||
14 | + echo '.section .note.GNU-stack,"",%progbits' >> $gmp_configm4 | ||
15 | + echo '.previous' >> $gmp_configm4 | ||
16 | + ;; | ||
17 | +esac | ||
18 | |||
19 | # Create Makefiles | ||
20 | # FIXME: Upcoming version of autoconf/automake may not like broken lines. | ||
diff --git a/main/gmp5/APKBUILD b/main/gmp5/APKBUILD index c2a4ad6f45..e07bff62c7 100644 --- a/main/gmp5/APKBUILD +++ b/main/gmp5/APKBUILD | |||
@@ -3,13 +3,13 @@ _name=gmp | |||
3 | pkgname=${_name}5 | 3 | pkgname=${_name}5 |
4 | 4 | ||
5 | pkgver=5.0.1 | 5 | pkgver=5.0.1 |
6 | pkgrel=0 | 6 | pkgrel=1 |
7 | pkgdesc="A free library for arbitrary precision arithmetic" | 7 | pkgdesc="A free library for arbitrary precision arithmetic" |
8 | url="http://gmplib.org/" | 8 | url="http://gmplib.org/" |
9 | license="LGPL3" | 9 | license="LGPL3" |
10 | makedepends="m4 texinfo" | 10 | makedepends="m4 texinfo" |
11 | depends= | 11 | depends= |
12 | subpackages="$pkgname-doc $pkgname-dev" | 12 | subpackages="$pkgname-doc gmp-dev:dev" |
13 | source="ftp://ftp.gnu.org/gnu/gmp/gmp-$pkgver.tar.bz2 | 13 | source="ftp://ftp.gnu.org/gnu/gmp/gmp-$pkgver.tar.bz2 |
14 | gmp-4.1.4-noexecstack.patch | 14 | gmp-4.1.4-noexecstack.patch |
15 | " | 15 | " |
@@ -39,7 +39,7 @@ package() { | |||
39 | } | 39 | } |
40 | 40 | ||
41 | dev() { | 41 | dev() { |
42 | replaces="gmp" | 42 | replaces="gmp gmp5-dev" |
43 | default_dev | 43 | default_dev |
44 | } | 44 | } |
45 | 45 | ||
diff --git a/main/guile/APKBUILD b/main/guile/APKBUILD index 8850b0f1fa..6283d7e341 100644 --- a/main/guile/APKBUILD +++ b/main/guile/APKBUILD | |||
@@ -1,12 +1,12 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=guile | 2 | pkgname=guile |
3 | pkgver=1.8.7 | 3 | pkgver=1.8.7 |
4 | pkgrel=2 | 4 | pkgrel=3 |
5 | pkgdesc="Guile is a portable, embeddable Scheme implementation written in C" | 5 | pkgdesc="Guile is a portable, embeddable Scheme implementation written in C" |
6 | url="http://www.gnu.org/software/guile/" | 6 | url="http://www.gnu.org/software/guile/" |
7 | license="GPL" | 7 | license="GPL" |
8 | subpackages="$pkgname-dev $pkgname-doc" | 8 | subpackages="$pkgname-dev $pkgname-doc" |
9 | makedepends="gmp5-dev libtool ncurses-dev texinfo" | 9 | makedepends="gmp-dev libtool ncurses-dev texinfo" |
10 | depends= | 10 | depends= |
11 | install= | 11 | install= |
12 | source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz" | 12 | source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz" |
diff --git a/main/iscsitarget-grsec/APKBUILD b/main/iscsitarget-grsec/APKBUILD index b593044200..184f8701bb 100644 --- a/main/iscsitarget-grsec/APKBUILD +++ b/main/iscsitarget-grsec/APKBUILD | |||
@@ -27,6 +27,7 @@ subpackages= | |||
27 | source="http://downloads.sourceforge.net/$_realname/$_realname-$_iscsiver.tar.gz | 27 | source="http://downloads.sourceforge.net/$_realname/$_realname-$_iscsiver.tar.gz |
28 | iscsitarget-1.4.18+linux-2.6.32.patch | 28 | iscsitarget-1.4.18+linux-2.6.32.patch |
29 | " | 29 | " |
30 | _ksrc=/usr/src/linux-headers-${_abi_release} | ||
30 | 31 | ||
31 | prepare() { | 32 | prepare() { |
32 | cd "$srcdir"/$_realname-$_iscsiver | 33 | cd "$srcdir"/$_realname-$_iscsiver |
@@ -39,14 +40,12 @@ prepare() { | |||
39 | build() { | 40 | build() { |
40 | cd "$srcdir"/$_realname-$_iscsiver | 41 | cd "$srcdir"/$_realname-$_iscsiver |
41 | unset ARCH | 42 | unset ARCH |
42 | local ksrc=/usr/src/linux-headers-${_abi_release} | 43 | make KSRC="$_ksrc" kernel || return 1 |
43 | make KSRC="$ksrc" kernel || return 1 | ||
44 | } | 44 | } |
45 | 45 | ||
46 | package() { | 46 | package() { |
47 | cd "$srcdir"/$_realname-$_iscsiver | 47 | cd "$srcdir"/$_realname-$_iscsiver |
48 | local ksrc=/usr/src/linux-headers-${_abi_release} | 48 | make KSRC="$_ksrc" DISTDIR="$pkgdir" install-kernel || return 1 |
49 | make KSRC="$ksrc" DISTDIR="$pkgdir" install-kernel || return 1 | ||
50 | } | 49 | } |
51 | 50 | ||
52 | md5sums="9beca214c28949cce1716b49fec57de4 iscsitarget-1.4.19.tar.gz | 51 | md5sums="9beca214c28949cce1716b49fec57de4 iscsitarget-1.4.19.tar.gz |
diff --git a/main/libc0.9.32/APKBUILD b/main/libc0.9.32/APKBUILD index accdcaf3af..328368895b 100644 --- a/main/libc0.9.32/APKBUILD +++ b/main/libc0.9.32/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | _abiver=0.9.32 | 2 | _abiver=0.9.32 |
3 | pkgname=libc$_abiver | 3 | pkgname=libc$_abiver |
4 | _gitver=1006041126 | 4 | _gitver=1006300816 |
5 | pkgver=${_abiver}_alpha0_git$_gitver | 5 | pkgver=${_abiver}_alpha0_git$_gitver |
6 | pkgrel=1 | 6 | pkgrel=1 |
7 | pkgdesc="C library for developing embedded Linux systems" | 7 | pkgdesc="C library for developing embedded Linux systems" |
@@ -20,6 +20,7 @@ source="http://build.alpinelinux.org:8010/distfiles/$_snapfile | |||
20 | uclibc-libm-pic.patch | 20 | uclibc-libm-pic.patch |
21 | uclibc-lutimes.patch | 21 | uclibc-lutimes.patch |
22 | uclibc-resolv-tls.patch | 22 | uclibc-resolv-tls.patch |
23 | uclibc-gcc-workaround.patch | ||
23 | uclibcconfig.x86 | 24 | uclibcconfig.x86 |
24 | uclibcconfig.i486 | 25 | uclibcconfig.i486 |
25 | " | 26 | " |
@@ -96,10 +97,11 @@ utils() { | |||
96 | mv "$pkgdir"/usr/bin/* "$subpkgdir"/usr/bin/ | 97 | mv "$pkgdir"/usr/bin/* "$subpkgdir"/usr/bin/ |
97 | } | 98 | } |
98 | 99 | ||
99 | md5sums="048f92606460621d9402c43417392992 libc0.9.32-0.9.32_alpha0_git1006041126.tar.bz2 | 100 | md5sums="b7af86c013378888fbd345c47ad21c3a libc0.9.32-0.9.32_alpha0_git1006300816.tar.bz2 |
100 | 4d408f72142ce55a0754948cc9cfe447 compat-stack-guard.patch | 101 | 4d408f72142ce55a0754948cc9cfe447 compat-stack-guard.patch |
101 | 2f9739a980be24a842c57516155c7885 uclibc-libm-pic.patch | 102 | 2f9739a980be24a842c57516155c7885 uclibc-libm-pic.patch |
102 | 4d0b8170e6580b47bf5775e65a6f081e uclibc-lutimes.patch | 103 | 4d0b8170e6580b47bf5775e65a6f081e uclibc-lutimes.patch |
103 | d08831b452acdeaa3037525ee617edab uclibc-resolv-tls.patch | 104 | d08831b452acdeaa3037525ee617edab uclibc-resolv-tls.patch |
105 | a88b7f394c86dc7aa606c9e338e35515 uclibc-gcc-workaround.patch | ||
104 | e2eb3bb00a0fe4d6f3d5b5c56b027bab uclibcconfig.x86 | 106 | e2eb3bb00a0fe4d6f3d5b5c56b027bab uclibcconfig.x86 |
105 | e2eb3bb00a0fe4d6f3d5b5c56b027bab uclibcconfig.i486" | 107 | e2eb3bb00a0fe4d6f3d5b5c56b027bab uclibcconfig.i486" |
diff --git a/main/libc0.9.32/uclibc-gcc-workaround.patch b/main/libc0.9.32/uclibc-gcc-workaround.patch new file mode 100644 index 0000000000..f698ecb79e --- /dev/null +++ b/main/libc0.9.32/uclibc-gcc-workaround.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> | ||
2 | To: uclibc@uclibc.org | ||
3 | Subject: [PATCH] more workarounds for GCC PR32219 | ||
4 | Date: Wed, 30 Jun 2010 14:46:37 +0300 | ||
5 | Message-Id: <1277898397-10643-1-git-send-email-timo.teras@iki.fi> | ||
6 | X-Mailer: git-send-email 1.7.0.4 | ||
7 | MIME-Version: 1.0 | ||
8 | X-BeenThere: uclibc@uclibc.org | ||
9 | X-Mailman-Version: 2.1.12 | ||
10 | Precedence: list | ||
11 | List-Id: "Discussion and development of uClibc \(the embedded C library\)" | ||
12 | <uclibc.uclibc.org> | ||
13 | List-Unsubscribe: <http://lists.busybox.net/mailman/options/uclibc>, | ||
14 | <mailto:uclibc-request@uclibc.org?subject=unsubscribe> | ||
15 | List-Archive: <http://lists.busybox.net/pipermail/uclibc> | ||
16 | List-Post: <mailto:uclibc@uclibc.org> | ||
17 | List-Help: <mailto:uclibc-request@uclibc.org?subject=help> | ||
18 | List-Subscribe: <http://lists.busybox.net/mailman/listinfo/uclibc>, | ||
19 | <mailto:uclibc-request@uclibc.org?subject=subscribe> | ||
20 | Content-Type: text/plain; charset="utf-8" | ||
21 | Sender: uclibc-bounces@uclibc.org | ||
22 | Errors-To: uclibc-bounces@uclibc.org | ||
23 | |||
24 | Commit 2e53dd645d5348f207cec7f8595969dc566c5a55 workarounds GCC | ||
25 | bug when accessing _locale_init and _stdio_init. We need the same | ||
26 | fix for __errno_location and __h_errno_location otherwise we crash | ||
27 | calling null with static and non-threaded builds. | ||
28 | |||
29 | Signed-off-by: Timo TerĂƒÂ¤s <timo.teras@iki.fi> | ||
30 | --- | ||
31 | libc/misc/internals/__uClibc_main.c | 4 ++-- | ||
32 | 1 files changed, 2 insertions(+), 2 deletions(-) | ||
33 | |||
34 | diff --git a/libc/misc/internals/__uClibc_main.c b/libc/misc/internals/__uClibc_main.c | ||
35 | index 44d1620..e8c470b 100644 | ||
36 | --- a/libc/misc/internals/__uClibc_main.c | ||
37 | +++ b/libc/misc/internals/__uClibc_main.c | ||
38 | @@ -447,11 +447,11 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc, | ||
39 | * have resulted in errno being set nonzero, so set it to 0 before | ||
40 | * we call main. | ||
41 | */ | ||
42 | - if (likely(__errno_location!=NULL)) | ||
43 | + if (likely(not_null_ptr(__errno_location))) | ||
44 | *(__errno_location()) = 0; | ||
45 | |||
46 | /* Set h_errno to 0 as well */ | ||
47 | - if (likely(__h_errno_location!=NULL)) | ||
48 | + if (likely(not_null_ptr(__h_errno_location))) | ||
49 | *(__h_errno_location()) = 0; | ||
50 | |||
51 | #if defined HAVE_CLEANUP_JMP_BUF && defined __UCLIBC_HAS_THREADS_NATIVE__ | ||
52 | -- | ||
53 | 1.7.0.4 | ||
54 | |||
55 | _______________________________________________ | ||
56 | uClibc mailing list | ||
57 | uClibc@uclibc.org | ||
58 | http://lists.busybox.net/mailman/listinfo/uclibc | ||
diff --git a/main/libconfig/APKBUILD b/main/libconfig/APKBUILD index e4bf50072a..db88ca1ca7 100644 --- a/main/libconfig/APKBUILD +++ b/main/libconfig/APKBUILD | |||
@@ -1,6 +1,6 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=libconfig | 2 | pkgname=libconfig |
3 | pkgver=1.4.3 | 3 | pkgver=1.4.5 |
4 | pkgrel=0 | 4 | pkgrel=0 |
5 | pkgdesc="a simple library for manipulating structured configuration files" | 5 | pkgdesc="a simple library for manipulating structured configuration files" |
6 | url="http://www.hyperrealm.com/libconfig/" | 6 | url="http://www.hyperrealm.com/libconfig/" |
@@ -24,4 +24,4 @@ package() { | |||
24 | make -j1 DESTDIR="$pkgdir/" install | 24 | make -j1 DESTDIR="$pkgdir/" install |
25 | } | 25 | } |
26 | 26 | ||
27 | md5sums="295f580a7bc3a03a44d520d6ace55ee6 libconfig-1.4.3.tar.gz" | 27 | md5sums="f2219e1b2501e7296a7d3e971c63666a libconfig-1.4.5.tar.gz" |
diff --git a/main/libevent/APKBUILD b/main/libevent/APKBUILD index f744779856..4a627408f6 100644 --- a/main/libevent/APKBUILD +++ b/main/libevent/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=libevent | 2 | pkgname=libevent |
3 | pkgver=1.4.13 | 3 | pkgver=1.4.14b |
4 | pkgrel=1 | 4 | pkgrel=0 |
5 | pkgdesc="An event notification library" | 5 | pkgdesc="An event notification library" |
6 | url="http://www.monkey.org/~provos/libevent/" | 6 | url="http://www.monkey.org/~provos/libevent/" |
7 | license="GPL-2" | 7 | license="GPL-2" |
@@ -20,4 +20,4 @@ package() { | |||
20 | cd $srcdir/$pkgname-$pkgver-stable | 20 | cd $srcdir/$pkgname-$pkgver-stable |
21 | make -j1 DESTDIR=$pkgdir install || return 1 | 21 | make -j1 DESTDIR=$pkgdir install || return 1 |
22 | } | 22 | } |
23 | md5sums="0b3ea18c634072d12b3c1ee734263664 libevent-1.4.13-stable.tar.gz" | 23 | md5sums="a00e037e4d3f9e4fe9893e8a2d27918c libevent-1.4.14b-stable.tar.gz" |
diff --git a/testing/libowfat/APKBUILD b/main/libowfat/APKBUILD index 8e3ee0eca0..8e3ee0eca0 100644 --- a/testing/libowfat/APKBUILD +++ b/main/libowfat/APKBUILD | |||
diff --git a/main/libpng/APKBUILD b/main/libpng/APKBUILD index 39a12f7cdf..db52574fbc 100644 --- a/main/libpng/APKBUILD +++ b/main/libpng/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Contributor: Carlo Landmeter <clandmeter at gmail> | 1 | # Contributor: Carlo Landmeter <clandmeter at gmail> |
2 | # Maintainer: Carlo Landmeter <clandmeter at gmail> | 2 | # Maintainer: Carlo Landmeter <clandmeter at gmail> |
3 | pkgname=libpng | 3 | pkgname=libpng |
4 | pkgver=1.4.2 | 4 | pkgver=1.4.3 |
5 | pkgrel=0 | 5 | pkgrel=0 |
6 | pkgdesc="Portable Network Graphics library" | 6 | pkgdesc="Portable Network Graphics library" |
7 | url="http://www.libpng.org/" | 7 | url="http://www.libpng.org/" |
@@ -27,4 +27,4 @@ package() { | |||
27 | install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE || return 1 | 27 | install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE || return 1 |
28 | } | 28 | } |
29 | 29 | ||
30 | md5sums="89fd334dc5fc84ff146b9269c4fa452f libpng-1.4.2.tar.gz" | 30 | md5sums="df3521f61a1b8b69489d297c0ca8c1f8 libpng-1.4.3.tar.gz" |
diff --git a/main/lighttpd/APKBUILD b/main/lighttpd/APKBUILD index 5c03ed55a0..f229887b25 100644 --- a/main/lighttpd/APKBUILD +++ b/main/lighttpd/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | pkgname=lighttpd | 2 | pkgname=lighttpd |
3 | pkgver=1.4.26 | 3 | pkgver=1.4.26 |
4 | _streamver=2.2.0 | 4 | _streamver=2.2.0 |
5 | pkgrel=4 | 5 | pkgrel=5 |
6 | pkgdesc="a secure, fast, compliant and very flexible web-server" | 6 | pkgdesc="a secure, fast, compliant and very flexible web-server" |
7 | url="http://www.lighttpd.net/" | 7 | url="http://www.lighttpd.net/" |
8 | license="custom" | 8 | license="custom" |
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index cb94b01364..ef73e4958c 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
@@ -4,7 +4,7 @@ _flavor=grsec | |||
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=2.6.32.15 | 5 | pkgver=2.6.32.15 |
6 | _kernver=2.6.32 | 6 | _kernver=2.6.32 |
7 | pkgrel=8 | 7 | pkgrel=9 |
8 | pkgdesc="Linux kernel with grsecurity" | 8 | pkgdesc="Linux kernel with grsecurity" |
9 | url=http://grsecurity.net | 9 | url=http://grsecurity.net |
10 | depends="mkinitfs linux-firmware" | 10 | depends="mkinitfs linux-firmware" |
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} | |||
14 | install= | 14 | install= |
15 | source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 | 15 | source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 |
16 | ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 | 16 | ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 |
17 | grsecurity-2.1.14-2.6.32.15-201006011506.patch | 17 | grsecurity-2.2.0-2.6.32.15-201006271253.patch |
18 | 0001-grsec-revert-conflicting-flow-cache-changes.patch | 18 | 0001-grsec-revert-conflicting-flow-cache-changes.patch |
19 | 0002-gre-fix-hard-header-destination-address-checking.patch | 19 | 0002-gre-fix-hard-header-destination-address-checking.patch |
20 | 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch | 20 | 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch |
@@ -148,7 +148,7 @@ firmware() { | |||
148 | 148 | ||
149 | md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 | 149 | md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 |
150 | 5c9251844c2819eddee4dba1293bd46d patch-2.6.32.15.bz2 | 150 | 5c9251844c2819eddee4dba1293bd46d patch-2.6.32.15.bz2 |
151 | 7f61d0de3d703c465bff03a20b2dbd30 grsecurity-2.1.14-2.6.32.15-201006011506.patch | 151 | 98a8ab1e328d67e40657ef5e4b9d1b37 grsecurity-2.2.0-2.6.32.15-201006271253.patch |
152 | 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch | 152 | 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch |
153 | 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch | 153 | 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch |
154 | 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch | 154 | 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch |
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch index 215c62b4e2..722e01f379 100644 --- a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch | |||
@@ -7562,7 +7562,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/page_64_types.h linux-2.6.32.15/ | |||
7562 | #define __VIRTUAL_MASK_SHIFT 47 | 7562 | #define __VIRTUAL_MASK_SHIFT 47 |
7563 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/paravirt.h linux-2.6.32.15/arch/x86/include/asm/paravirt.h | 7563 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/paravirt.h linux-2.6.32.15/arch/x86/include/asm/paravirt.h |
7564 | --- linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400 | 7564 | --- linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400 |
7565 | +++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-05-28 21:27:14.915041226 -0400 | 7565 | +++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-06-19 10:03:50.008525890 -0400 |
7566 | @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned | 7566 | @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned |
7567 | pv_mmu_ops.set_fixmap(idx, phys, flags); | 7567 | pv_mmu_ops.set_fixmap(idx, phys, flags); |
7568 | } | 7568 | } |
@@ -7765,7 +7765,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32. | |||
7765 | #define MODULES_LEN (MODULES_VADDR - MODULES_END) | 7765 | #define MODULES_LEN (MODULES_VADDR - MODULES_END) |
7766 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h | 7766 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h |
7767 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-03-15 11:52:04.000000000 -0400 | 7767 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-03-15 11:52:04.000000000 -0400 |
7768 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-05-28 21:27:14.915041226 -0400 | 7768 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-06-19 10:03:50.008525890 -0400 |
7769 | @@ -38,12 +38,16 @@ static inline void native_set_pte_atomic | 7769 | @@ -38,12 +38,16 @@ static inline void native_set_pte_atomic |
7770 | 7770 | ||
7771 | static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) | 7771 | static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) |
@@ -7785,7 +7785,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15 | |||
7785 | /* | 7785 | /* |
7786 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h | 7786 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h |
7787 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-03-15 11:52:04.000000000 -0400 | 7787 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-03-15 11:52:04.000000000 -0400 |
7788 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-05-28 21:27:14.915041226 -0400 | 7788 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-06-19 10:03:50.008525890 -0400 |
7789 | @@ -16,10 +16,13 @@ | 7789 | @@ -16,10 +16,13 @@ |
7790 | 7790 | ||
7791 | extern pud_t level3_kernel_pgt[512]; | 7791 | extern pud_t level3_kernel_pgt[512]; |
@@ -7812,7 +7812,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc | |||
7812 | } | 7812 | } |
7813 | 7813 | ||
7814 | static inline void native_pmd_clear(pmd_t *pmd) | 7814 | static inline void native_pmd_clear(pmd_t *pmd) |
7815 | @@ -94,12 +99,18 @@ static inline void native_pud_clear(pud_ | 7815 | @@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_ |
7816 | 7816 | ||
7817 | static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) | 7817 | static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) |
7818 | { | 7818 | { |
@@ -7822,15 +7822,6 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc | |||
7822 | } | 7822 | } |
7823 | 7823 | ||
7824 | static inline void native_pgd_clear(pgd_t *pgd) | 7824 | static inline void native_pgd_clear(pgd_t *pgd) |
7825 | { | ||
7826 | + | ||
7827 | +#ifndef CONFIG_PAX_PER_CPU_PGD | ||
7828 | native_set_pgd(pgd, native_make_pgd(0)); | ||
7829 | +#endif | ||
7830 | + | ||
7831 | } | ||
7832 | |||
7833 | /* | ||
7834 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h | 7825 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h |
7835 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-03-15 11:52:04.000000000 -0400 | 7826 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-03-15 11:52:04.000000000 -0400 |
7836 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-05-28 21:27:14.915041226 -0400 | 7827 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-05-28 21:27:14.915041226 -0400 |
@@ -7844,7 +7835,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32. | |||
7844 | #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ | 7835 | #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ |
7845 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x86/include/asm/pgtable.h | 7836 | diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x86/include/asm/pgtable.h |
7846 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-03-15 11:52:04.000000000 -0400 | 7837 | --- linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-03-15 11:52:04.000000000 -0400 |
7847 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-05-28 21:27:14.918896182 -0400 | 7838 | +++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-06-19 10:03:50.008525890 -0400 |
7848 | @@ -74,12 +74,51 @@ extern struct list_head pgd_list; | 7839 | @@ -74,12 +74,51 @@ extern struct list_head pgd_list; |
7849 | 7840 | ||
7850 | #define arch_end_context_switch(prev) do {} while(0) | 7841 | #define arch_end_context_switch(prev) do {} while(0) |
@@ -7988,7 +7979,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x | |||
7988 | #ifndef __ASSEMBLY__ | 7979 | #ifndef __ASSEMBLY__ |
7989 | 7980 | ||
7990 | extern int direct_gbpages; | 7981 | extern int direct_gbpages; |
7991 | @@ -611,11 +698,18 @@ static inline void ptep_set_wrprotect(st | 7982 | @@ -611,11 +698,23 @@ static inline void ptep_set_wrprotect(st |
7992 | * dst and src can be on the same page, but the range must not overlap, | 7983 | * dst and src can be on the same page, but the range must not overlap, |
7993 | * and must not cross a page boundary. | 7984 | * and must not cross a page boundary. |
7994 | */ | 7985 | */ |
@@ -8004,7 +7995,12 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x | |||
8004 | 7995 | ||
8005 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 7996 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
8006 | +extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count); | 7997 | +extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count); |
7998 | +#endif | ||
7999 | + | ||
8000 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
8007 | +extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count); | 8001 | +extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count); |
8002 | +#else | ||
8003 | +static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {} | ||
8008 | +#endif | 8004 | +#endif |
8009 | 8005 | ||
8010 | #include <asm-generic/pgtable.h> | 8006 | #include <asm-generic/pgtable.h> |
@@ -9301,16 +9297,8 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/xsave.h linux-2.6.32.15/arch/x86 | |||
9301 | ".section .fixup,\"ax\"\n" | 9297 | ".section .fixup,\"ax\"\n" |
9302 | diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig | 9298 | diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig |
9303 | --- linux-2.6.32.15/arch/x86/Kconfig 2010-05-15 13:20:18.407099662 -0400 | 9299 | --- linux-2.6.32.15/arch/x86/Kconfig 2010-05-15 13:20:18.407099662 -0400 |
9304 | +++ linux-2.6.32.15/arch/x86/Kconfig 2010-05-28 21:27:14.922894828 -0400 | 9300 | +++ linux-2.6.32.15/arch/x86/Kconfig 2010-06-19 11:15:06.486972627 -0400 |
9305 | @@ -531,6 +531,7 @@ source "arch/x86/lguest/Kconfig" | 9301 | @@ -1083,7 +1083,7 @@ config PAGE_OFFSET |
9306 | |||
9307 | config PARAVIRT | ||
9308 | bool "Enable paravirtualization code" | ||
9309 | + depends on !PAX_PER_CPU_PGD | ||
9310 | ---help--- | ||
9311 | This changes the kernel so it can modify itself when it is run | ||
9312 | under a hypervisor, potentially improving performance significantly | ||
9313 | @@ -1083,7 +1084,7 @@ config PAGE_OFFSET | ||
9314 | hex | 9302 | hex |
9315 | default 0xB0000000 if VMSPLIT_3G_OPT | 9303 | default 0xB0000000 if VMSPLIT_3G_OPT |
9316 | default 0x80000000 if VMSPLIT_2G | 9304 | default 0x80000000 if VMSPLIT_2G |
@@ -9319,7 +9307,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig | |||
9319 | default 0x40000000 if VMSPLIT_1G | 9307 | default 0x40000000 if VMSPLIT_1G |
9320 | default 0xC0000000 | 9308 | default 0xC0000000 |
9321 | depends on X86_32 | 9309 | depends on X86_32 |
9322 | @@ -1414,7 +1415,7 @@ config ARCH_USES_PG_UNCACHED | 9310 | @@ -1414,7 +1414,7 @@ config ARCH_USES_PG_UNCACHED |
9323 | 9311 | ||
9324 | config EFI | 9312 | config EFI |
9325 | bool "EFI runtime service support" | 9313 | bool "EFI runtime service support" |
@@ -9328,7 +9316,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig | |||
9328 | ---help--- | 9316 | ---help--- |
9329 | This enables the kernel to use EFI runtime services that are | 9317 | This enables the kernel to use EFI runtime services that are |
9330 | available (such as the EFI variable services). | 9318 | available (such as the EFI variable services). |
9331 | @@ -1501,6 +1502,7 @@ config KEXEC_JUMP | 9319 | @@ -1501,6 +1501,7 @@ config KEXEC_JUMP |
9332 | config PHYSICAL_START | 9320 | config PHYSICAL_START |
9333 | hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP) | 9321 | hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP) |
9334 | default "0x1000000" | 9322 | default "0x1000000" |
@@ -9336,7 +9324,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig | |||
9336 | ---help--- | 9324 | ---help--- |
9337 | This gives the physical address where the kernel is loaded. | 9325 | This gives the physical address where the kernel is loaded. |
9338 | 9326 | ||
9339 | @@ -1565,6 +1567,7 @@ config PHYSICAL_ALIGN | 9327 | @@ -1565,6 +1566,7 @@ config PHYSICAL_ALIGN |
9340 | hex | 9328 | hex |
9341 | prompt "Alignment value to which kernel should be aligned" if X86_32 | 9329 | prompt "Alignment value to which kernel should be aligned" if X86_32 |
9342 | default "0x1000000" | 9330 | default "0x1000000" |
@@ -9344,7 +9332,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig | |||
9344 | range 0x2000 0x1000000 | 9332 | range 0x2000 0x1000000 |
9345 | ---help--- | 9333 | ---help--- |
9346 | This value puts the alignment restrictions on physical address | 9334 | This value puts the alignment restrictions on physical address |
9347 | @@ -1596,9 +1599,10 @@ config HOTPLUG_CPU | 9335 | @@ -1596,9 +1598,10 @@ config HOTPLUG_CPU |
9348 | Say N if you want to disable CPU hotplug. | 9336 | Say N if you want to disable CPU hotplug. |
9349 | 9337 | ||
9350 | config COMPAT_VDSO | 9338 | config COMPAT_VDSO |
@@ -10503,7 +10491,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/efi_stub_32.S linux-2.6.32.15/arch/x8 | |||
10503 | efi_rt_function_ptr: | 10491 | efi_rt_function_ptr: |
10504 | diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/kernel/entry_32.S | 10492 | diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/kernel/entry_32.S |
10505 | --- linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-03-15 11:52:04.000000000 -0400 | 10493 | --- linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-03-15 11:52:04.000000000 -0400 |
10506 | +++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-05-28 21:27:15.031137412 -0400 | 10494 | +++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-06-19 10:03:50.008525890 -0400 |
10507 | @@ -191,7 +191,67 @@ | 10495 | @@ -191,7 +191,67 @@ |
10508 | 10496 | ||
10509 | #endif /* CONFIG_X86_32_LAZY_GS */ | 10497 | #endif /* CONFIG_X86_32_LAZY_GS */ |
@@ -10780,15 +10768,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k | |||
10780 | #include "syscall_table_32.S" | 10768 | #include "syscall_table_32.S" |
10781 | 10769 | ||
10782 | syscall_table_size=(.-sys_call_table) | 10770 | syscall_table_size=(.-sys_call_table) |
10783 | @@ -1250,12 +1366,15 @@ error_code: | 10771 | @@ -1255,9 +1371,12 @@ error_code: |
10784 | movl %ecx, %fs | ||
10785 | UNWIND_ESPFIX_STACK | ||
10786 | GS_TO_REG %ecx | ||
10787 | + | ||
10788 | + PAX_ENTER_KERNEL | ||
10789 | + | ||
10790 | movl PT_GS(%esp), %edi # get the function address | ||
10791 | movl PT_ORIG_EAX(%esp), %edx # get the error code | ||
10792 | movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart | 10772 | movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart |
10793 | REG_TO_PTGS %ecx | 10773 | REG_TO_PTGS %ecx |
10794 | SET_KERNEL_GS %ecx | 10774 | SET_KERNEL_GS %ecx |
@@ -10796,7 +10776,12 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k | |||
10796 | + movl $(__KERNEL_DS), %ecx | 10776 | + movl $(__KERNEL_DS), %ecx |
10797 | movl %ecx, %ds | 10777 | movl %ecx, %ds |
10798 | movl %ecx, %es | 10778 | movl %ecx, %es |
10779 | + | ||
10780 | + PAX_ENTER_KERNEL | ||
10781 | + | ||
10799 | TRACE_IRQS_OFF | 10782 | TRACE_IRQS_OFF |
10783 | movl %esp,%eax # pt_regs pointer | ||
10784 | call *%edi | ||
10800 | @@ -1351,6 +1470,9 @@ nmi_stack_correct: | 10785 | @@ -1351,6 +1470,9 @@ nmi_stack_correct: |
10801 | xorl %edx,%edx # zero error code | 10786 | xorl %edx,%edx # zero error code |
10802 | movl %esp,%eax # pt_regs pointer | 10787 | movl %esp,%eax # pt_regs pointer |
@@ -11367,7 +11352,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head32.c linux-2.6.32.15/arch/x86/ker | |||
11367 | /* Reserve INITRD */ | 11352 | /* Reserve INITRD */ |
11368 | diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/kernel/head_32.S | 11353 | diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/kernel/head_32.S |
11369 | --- linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-03-15 11:52:04.000000000 -0400 | 11354 | --- linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-03-15 11:52:04.000000000 -0400 |
11370 | +++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-05-28 21:27:15.039159907 -0400 | 11355 | +++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-06-19 10:03:50.008525890 -0400 |
11371 | @@ -19,10 +19,17 @@ | 11356 | @@ -19,10 +19,17 @@ |
11372 | #include <asm/setup.h> | 11357 | #include <asm/setup.h> |
11373 | #include <asm/processor-flags.h> | 11358 | #include <asm/processor-flags.h> |
@@ -11658,7 +11643,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke | |||
11658 | pushl 16(%esp) | 11643 | pushl 16(%esp) |
11659 | pushl 24(%esp) | 11644 | pushl 24(%esp) |
11660 | pushl 32(%esp) | 11645 | pushl 32(%esp) |
11661 | @@ -608,27 +679,45 @@ ENTRY(initial_code) | 11646 | @@ -608,27 +679,38 @@ ENTRY(initial_code) |
11662 | /* | 11647 | /* |
11663 | * BSS section | 11648 | * BSS section |
11664 | */ | 11649 | */ |
@@ -11699,17 +11684,22 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke | |||
11699 | - .align PAGE_SIZE_asm | 11684 | - .align PAGE_SIZE_asm |
11700 | +.section .swapper_pg_dir,"a",@progbits | 11685 | +.section .swapper_pg_dir,"a",@progbits |
11701 | + | 11686 | + |
11687 | ENTRY(swapper_pg_dir) | ||
11688 | .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ | ||
11689 | # if KPMDS == 3 | ||
11690 | @@ -647,15 +729,24 @@ ENTRY(swapper_pg_dir) | ||
11691 | # error "Kernel PMDs should be 1, 2 or 3" | ||
11692 | # endif | ||
11693 | .align PAGE_SIZE_asm /* needs to be page-sized too */ | ||
11694 | + | ||
11702 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 11695 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
11703 | +ENTRY(cpu_pgd) | 11696 | +ENTRY(cpu_pgd) |
11704 | + .rept NR_CPUS | 11697 | + .rept NR_CPUS |
11705 | + .fill 512,8,0 | 11698 | + .fill 4,8,0 |
11706 | + .endr | 11699 | + .endr |
11707 | +#endif | 11700 | +#endif |
11708 | + | 11701 | + |
11709 | ENTRY(swapper_pg_dir) | 11702 | #endif |
11710 | .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ | ||
11711 | # if KPMDS == 3 | ||
11712 | @@ -651,11 +740,12 @@ ENTRY(swapper_pg_dir) | ||
11713 | 11703 | ||
11714 | .data | 11704 | .data |
11715 | ENTRY(stack_start) | 11705 | ENTRY(stack_start) |
@@ -11723,7 +11713,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke | |||
11723 | early_recursion_flag: | 11713 | early_recursion_flag: |
11724 | .long 0 | 11714 | .long 0 |
11725 | 11715 | ||
11726 | @@ -691,7 +781,7 @@ fault_msg: | 11716 | @@ -691,7 +782,7 @@ fault_msg: |
11727 | .word 0 # 32 bit align gdt_desc.address | 11717 | .word 0 # 32 bit align gdt_desc.address |
11728 | boot_gdt_descr: | 11718 | boot_gdt_descr: |
11729 | .word __BOOT_DS+7 | 11719 | .word __BOOT_DS+7 |
@@ -11732,7 +11722,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke | |||
11732 | 11722 | ||
11733 | .word 0 # 32-bit align idt_desc.address | 11723 | .word 0 # 32-bit align idt_desc.address |
11734 | idt_descr: | 11724 | idt_descr: |
11735 | @@ -702,7 +792,7 @@ idt_descr: | 11725 | @@ -702,7 +793,7 @@ idt_descr: |
11736 | .word 0 # 32 bit align gdt_desc.address | 11726 | .word 0 # 32 bit align gdt_desc.address |
11737 | ENTRY(early_gdt_descr) | 11727 | ENTRY(early_gdt_descr) |
11738 | .word GDT_ENTRIES*8-1 | 11728 | .word GDT_ENTRIES*8-1 |
@@ -11741,7 +11731,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke | |||
11741 | 11731 | ||
11742 | /* | 11732 | /* |
11743 | * The boot_gdt must mirror the equivalent in setup.S and is | 11733 | * The boot_gdt must mirror the equivalent in setup.S and is |
11744 | @@ -711,5 +801,65 @@ ENTRY(early_gdt_descr) | 11734 | @@ -711,5 +802,65 @@ ENTRY(early_gdt_descr) |
11745 | .align L1_CACHE_BYTES | 11735 | .align L1_CACHE_BYTES |
11746 | ENTRY(boot_gdt) | 11736 | ENTRY(boot_gdt) |
11747 | .fill GDT_ENTRY_BOOT_CS,8,0 | 11737 | .fill GDT_ENTRY_BOOT_CS,8,0 |
@@ -11809,23 +11799,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke | |||
11809 | + /* Be sure this is zeroed to avoid false validations in Xen */ | 11799 | + /* Be sure this is zeroed to avoid false validations in Xen */ |
11810 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 | 11800 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 |
11811 | + .endr | 11801 | + .endr |
11812 | diff -urNp linux-2.6.32.15/arch/x86/kernel/head64.c linux-2.6.32.15/arch/x86/kernel/head64.c | ||
11813 | --- linux-2.6.32.15/arch/x86/kernel/head64.c 2010-03-15 11:52:04.000000000 -0400 | ||
11814 | +++ linux-2.6.32.15/arch/x86/kernel/head64.c 2010-05-28 21:27:15.039159907 -0400 | ||
11815 | @@ -29,7 +29,13 @@ | ||
11816 | static void __init zap_identity_mappings(void) | ||
11817 | { | ||
11818 | pgd_t *pgd = pgd_offset_k(0UL); | ||
11819 | + | ||
11820 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
11821 | + set_pgd(pgd, native_make_pgd(0)); | ||
11822 | +#else | ||
11823 | pgd_clear(pgd); | ||
11824 | +#endif | ||
11825 | + | ||
11826 | __flush_tlb_all(); | ||
11827 | } | ||
11828 | |||
11829 | diff -urNp linux-2.6.32.15/arch/x86/kernel/head_64.S linux-2.6.32.15/arch/x86/kernel/head_64.S | 11802 | diff -urNp linux-2.6.32.15/arch/x86/kernel/head_64.S linux-2.6.32.15/arch/x86/kernel/head_64.S |
11830 | --- linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-03-15 11:52:04.000000000 -0400 | 11803 | --- linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-03-15 11:52:04.000000000 -0400 |
11831 | +++ linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-05-28 21:27:15.039159907 -0400 | 11804 | +++ linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-05-28 21:27:15.039159907 -0400 |
@@ -12136,7 +12109,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/init_task.c linux-2.6.32.15/arch/x86/ | |||
12136 | +EXPORT_SYMBOL(init_tss); | 12109 | +EXPORT_SYMBOL(init_tss); |
12137 | diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/kernel/ioport.c | 12110 | diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/kernel/ioport.c |
12138 | --- linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-03-15 11:52:04.000000000 -0400 | 12111 | --- linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-03-15 11:52:04.000000000 -0400 |
12139 | +++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-05-28 21:27:15.039159907 -0400 | 12112 | +++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-06-19 21:48:03.327550760 -0400 |
12140 | @@ -6,6 +6,7 @@ | 12113 | @@ -6,6 +6,7 @@ |
12141 | #include <linux/sched.h> | 12114 | #include <linux/sched.h> |
12142 | #include <linux/kernel.h> | 12115 | #include <linux/kernel.h> |
@@ -12150,7 +12123,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker | |||
12150 | if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) | 12123 | if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) |
12151 | return -EINVAL; | 12124 | return -EINVAL; |
12152 | +#ifdef CONFIG_GRKERNSEC_IO | 12125 | +#ifdef CONFIG_GRKERNSEC_IO |
12153 | + if (turn_on) { | 12126 | + if (turn_on && grsec_disable_privio) { |
12154 | + gr_handle_ioperm(); | 12127 | + gr_handle_ioperm(); |
12155 | + return -EPERM; | 12128 | + return -EPERM; |
12156 | + } | 12129 | + } |
@@ -12167,20 +12140,19 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker | |||
12167 | 12140 | ||
12168 | set_bitmap(t->io_bitmap_ptr, from, num, !turn_on); | 12141 | set_bitmap(t->io_bitmap_ptr, from, num, !turn_on); |
12169 | 12142 | ||
12170 | @@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s | 12143 | @@ -111,6 +118,12 @@ static int do_iopl(unsigned int level, s |
12171 | return -EINVAL; | 12144 | return -EINVAL; |
12172 | /* Trying to gain more privileges? */ | 12145 | /* Trying to gain more privileges? */ |
12173 | if (level > old) { | 12146 | if (level > old) { |
12174 | +#ifdef CONFIG_GRKERNSEC_IO | 12147 | +#ifdef CONFIG_GRKERNSEC_IO |
12175 | + gr_handle_iopl(); | 12148 | + if (grsec_disable_privio) { |
12176 | + return -EPERM; | 12149 | + gr_handle_iopl(); |
12177 | +#else | 12150 | + return -EPERM; |
12151 | + } | ||
12152 | +#endif | ||
12178 | if (!capable(CAP_SYS_RAWIO)) | 12153 | if (!capable(CAP_SYS_RAWIO)) |
12179 | return -EPERM; | 12154 | return -EPERM; |
12180 | +#endif | ||
12181 | } | 12155 | } |
12182 | regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); | ||
12183 | |||
12184 | diff -urNp linux-2.6.32.15/arch/x86/kernel/irq_32.c linux-2.6.32.15/arch/x86/kernel/irq_32.c | 12156 | diff -urNp linux-2.6.32.15/arch/x86/kernel/irq_32.c linux-2.6.32.15/arch/x86/kernel/irq_32.c |
12185 | --- linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-03-15 11:52:04.000000000 -0400 | 12157 | --- linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-03-15 11:52:04.000000000 -0400 |
12186 | +++ linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-05-28 21:27:15.039159907 -0400 | 12158 | +++ linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-05-28 21:27:15.039159907 -0400 |
@@ -12406,23 +12378,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.15/ar | |||
12406 | 12378 | ||
12407 | relocate_kernel_ptr = control_page; | 12379 | relocate_kernel_ptr = control_page; |
12408 | page_list[PA_CONTROL_PAGE] = __pa(control_page); | 12380 | page_list[PA_CONTROL_PAGE] = __pa(control_page); |
12409 | diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c | ||
12410 | --- linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-03-15 11:52:04.000000000 -0400 | ||
12411 | +++ linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-05-28 21:27:15.043064911 -0400 | ||
12412 | @@ -126,7 +126,13 @@ static int init_level4_page(struct kimag | ||
12413 | } | ||
12414 | /* clear the unused entries */ | ||
12415 | while (addr < end_addr) { | ||
12416 | + | ||
12417 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
12418 | + set_pgd(level4p++, native_make_pgd(0)); | ||
12419 | +#else | ||
12420 | pgd_clear(level4p++); | ||
12421 | +#endif | ||
12422 | + | ||
12423 | addr += PGDIR_SIZE; | ||
12424 | } | ||
12425 | out: | ||
12426 | diff -urNp linux-2.6.32.15/arch/x86/kernel/microcode_amd.c linux-2.6.32.15/arch/x86/kernel/microcode_amd.c | 12381 | diff -urNp linux-2.6.32.15/arch/x86/kernel/microcode_amd.c linux-2.6.32.15/arch/x86/kernel/microcode_amd.c |
12427 | --- linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-03-15 11:52:04.000000000 -0400 | 12382 | --- linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-03-15 11:52:04.000000000 -0400 |
12428 | +++ linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-05-28 21:27:15.043064911 -0400 | 12383 | +++ linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-05-28 21:27:15.043064911 -0400 |
@@ -16982,7 +16937,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/extable.c linux-2.6.32.15/arch/x86/mm/ext | |||
16982 | pnp_bios_is_utter_crap = 1; | 16937 | pnp_bios_is_utter_crap = 1; |
16983 | diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault.c | 16938 | diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault.c |
16984 | --- linux-2.6.32.15/arch/x86/mm/fault.c 2010-03-15 11:52:04.000000000 -0400 | 16939 | --- linux-2.6.32.15/arch/x86/mm/fault.c 2010-03-15 11:52:04.000000000 -0400 |
16985 | +++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-05-28 21:27:15.107152206 -0400 | 16940 | +++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-06-19 10:03:50.012498759 -0400 |
16986 | @@ -11,10 +11,19 @@ | 16941 | @@ -11,10 +11,19 @@ |
16987 | #include <linux/kprobes.h> /* __kprobes, ... */ | 16942 | #include <linux/kprobes.h> /* __kprobes, ... */ |
16988 | #include <linux/mmiotrace.h> /* kmmio_handler, ... */ | 16943 | #include <linux/mmiotrace.h> /* kmmio_handler, ... */ |
@@ -17069,17 +17024,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17069 | break; | 17024 | break; |
17070 | } | 17025 | } |
17071 | spin_unlock_irqrestore(&pgd_lock, flags); | 17026 | spin_unlock_irqrestore(&pgd_lock, flags); |
17072 | @@ -257,6 +303,9 @@ static noinline int vmalloc_fault(unsign | 17027 | @@ -258,6 +304,11 @@ static noinline int vmalloc_fault(unsign |
17073 | * Do _not_ use "current" here. We might be inside | ||
17074 | * an interrupt in the middle of a task switch.. | 17028 | * an interrupt in the middle of a task switch.. |
17075 | */ | 17029 | */ |
17030 | pgd_paddr = read_cr3(); | ||
17031 | + | ||
17076 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 17032 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
17077 | + BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK)); | 17033 | + BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK)); |
17078 | +#endif | 17034 | +#endif |
17079 | pgd_paddr = read_cr3(); | 17035 | + |
17080 | pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); | 17036 | pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); |
17081 | if (!pmd_k) | 17037 | if (!pmd_k) |
17082 | @@ -332,15 +381,27 @@ void vmalloc_sync_all(void) | 17038 | return -1; |
17039 | @@ -332,15 +383,27 @@ void vmalloc_sync_all(void) | ||
17083 | 17040 | ||
17084 | const pgd_t *pgd_ref = pgd_offset_k(address); | 17041 | const pgd_t *pgd_ref = pgd_offset_k(address); |
17085 | unsigned long flags; | 17042 | unsigned long flags; |
@@ -17107,7 +17064,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17107 | if (pgd_none(*pgd)) | 17064 | if (pgd_none(*pgd)) |
17108 | set_pgd(pgd, *pgd_ref); | 17065 | set_pgd(pgd, *pgd_ref); |
17109 | else | 17066 | else |
17110 | @@ -373,7 +434,14 @@ static noinline int vmalloc_fault(unsign | 17067 | @@ -373,7 +436,14 @@ static noinline int vmalloc_fault(unsign |
17111 | * happen within a race in page table update. In the later | 17068 | * happen within a race in page table update. In the later |
17112 | * case just flush: | 17069 | * case just flush: |
17113 | */ | 17070 | */ |
@@ -17122,7 +17079,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17122 | pgd_ref = pgd_offset_k(address); | 17079 | pgd_ref = pgd_offset_k(address); |
17123 | if (pgd_none(*pgd_ref)) | 17080 | if (pgd_none(*pgd_ref)) |
17124 | return -1; | 17081 | return -1; |
17125 | @@ -535,7 +603,7 @@ static int is_errata93(struct pt_regs *r | 17082 | @@ -535,7 +605,7 @@ static int is_errata93(struct pt_regs *r |
17126 | static int is_errata100(struct pt_regs *regs, unsigned long address) | 17083 | static int is_errata100(struct pt_regs *regs, unsigned long address) |
17127 | { | 17084 | { |
17128 | #ifdef CONFIG_X86_64 | 17085 | #ifdef CONFIG_X86_64 |
@@ -17131,7 +17088,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17131 | return 1; | 17088 | return 1; |
17132 | #endif | 17089 | #endif |
17133 | return 0; | 17090 | return 0; |
17134 | @@ -562,7 +630,7 @@ static int is_f00f_bug(struct pt_regs *r | 17091 | @@ -562,7 +632,7 @@ static int is_f00f_bug(struct pt_regs *r |
17135 | } | 17092 | } |
17136 | 17093 | ||
17137 | static const char nx_warning[] = KERN_CRIT | 17094 | static const char nx_warning[] = KERN_CRIT |
@@ -17140,7 +17097,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17140 | 17097 | ||
17141 | static void | 17098 | static void |
17142 | show_fault_oops(struct pt_regs *regs, unsigned long error_code, | 17099 | show_fault_oops(struct pt_regs *regs, unsigned long error_code, |
17143 | @@ -571,15 +639,26 @@ show_fault_oops(struct pt_regs *regs, un | 17100 | @@ -571,15 +641,26 @@ show_fault_oops(struct pt_regs *regs, un |
17144 | if (!oops_may_print()) | 17101 | if (!oops_may_print()) |
17145 | return; | 17102 | return; |
17146 | 17103 | ||
@@ -17169,7 +17126,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17169 | printk(KERN_ALERT "BUG: unable to handle kernel "); | 17126 | printk(KERN_ALERT "BUG: unable to handle kernel "); |
17170 | if (address < PAGE_SIZE) | 17127 | if (address < PAGE_SIZE) |
17171 | printk(KERN_CONT "NULL pointer dereference"); | 17128 | printk(KERN_CONT "NULL pointer dereference"); |
17172 | @@ -704,6 +783,68 @@ __bad_area_nosemaphore(struct pt_regs *r | 17129 | @@ -704,6 +785,68 @@ __bad_area_nosemaphore(struct pt_regs *r |
17173 | unsigned long address, int si_code) | 17130 | unsigned long address, int si_code) |
17174 | { | 17131 | { |
17175 | struct task_struct *tsk = current; | 17132 | struct task_struct *tsk = current; |
@@ -17238,7 +17195,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17238 | 17195 | ||
17239 | /* User mode accesses just cause a SIGSEGV */ | 17196 | /* User mode accesses just cause a SIGSEGV */ |
17240 | if (error_code & PF_USER) { | 17197 | if (error_code & PF_USER) { |
17241 | @@ -848,6 +989,106 @@ static int spurious_fault_check(unsigned | 17198 | @@ -848,6 +991,106 @@ static int spurious_fault_check(unsigned |
17242 | return 1; | 17199 | return 1; |
17243 | } | 17200 | } |
17244 | 17201 | ||
@@ -17345,7 +17302,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17345 | /* | 17302 | /* |
17346 | * Handle a spurious fault caused by a stale TLB entry. | 17303 | * Handle a spurious fault caused by a stale TLB entry. |
17347 | * | 17304 | * |
17348 | @@ -914,6 +1155,9 @@ int show_unhandled_signals = 1; | 17305 | @@ -914,6 +1157,9 @@ int show_unhandled_signals = 1; |
17349 | static inline int | 17306 | static inline int |
17350 | access_error(unsigned long error_code, int write, struct vm_area_struct *vma) | 17307 | access_error(unsigned long error_code, int write, struct vm_area_struct *vma) |
17351 | { | 17308 | { |
@@ -17355,7 +17312,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17355 | if (write) { | 17312 | if (write) { |
17356 | /* write, present and write, not present: */ | 17313 | /* write, present and write, not present: */ |
17357 | if (unlikely(!(vma->vm_flags & VM_WRITE))) | 17314 | if (unlikely(!(vma->vm_flags & VM_WRITE))) |
17358 | @@ -947,17 +1191,31 @@ do_page_fault(struct pt_regs *regs, unsi | 17315 | @@ -947,17 +1193,31 @@ do_page_fault(struct pt_regs *regs, unsi |
17359 | { | 17316 | { |
17360 | struct vm_area_struct *vma; | 17317 | struct vm_area_struct *vma; |
17361 | struct task_struct *tsk; | 17318 | struct task_struct *tsk; |
@@ -17391,7 +17348,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17391 | /* | 17348 | /* |
17392 | * Detect and handle instructions that would cause a page fault for | 17349 | * Detect and handle instructions that would cause a page fault for |
17393 | * both a tracked kernel page and a userspace page. | 17350 | * both a tracked kernel page and a userspace page. |
17394 | @@ -1017,7 +1275,7 @@ do_page_fault(struct pt_regs *regs, unsi | 17351 | @@ -1017,7 +1277,7 @@ do_page_fault(struct pt_regs *regs, unsi |
17395 | * User-mode registers count as a user access even for any | 17352 | * User-mode registers count as a user access even for any |
17396 | * potential system fault or CPU buglet: | 17353 | * potential system fault or CPU buglet: |
17397 | */ | 17354 | */ |
@@ -17400,7 +17357,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17400 | local_irq_enable(); | 17357 | local_irq_enable(); |
17401 | error_code |= PF_USER; | 17358 | error_code |= PF_USER; |
17402 | } else { | 17359 | } else { |
17403 | @@ -1071,6 +1329,11 @@ do_page_fault(struct pt_regs *regs, unsi | 17360 | @@ -1071,6 +1331,11 @@ do_page_fault(struct pt_regs *regs, unsi |
17404 | might_sleep(); | 17361 | might_sleep(); |
17405 | } | 17362 | } |
17406 | 17363 | ||
@@ -17412,7 +17369,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17412 | vma = find_vma(mm, address); | 17369 | vma = find_vma(mm, address); |
17413 | if (unlikely(!vma)) { | 17370 | if (unlikely(!vma)) { |
17414 | bad_area(regs, error_code, address); | 17371 | bad_area(regs, error_code, address); |
17415 | @@ -1082,18 +1345,24 @@ do_page_fault(struct pt_regs *regs, unsi | 17372 | @@ -1082,18 +1347,24 @@ do_page_fault(struct pt_regs *regs, unsi |
17416 | bad_area(regs, error_code, address); | 17373 | bad_area(regs, error_code, address); |
17417 | return; | 17374 | return; |
17418 | } | 17375 | } |
@@ -17436,19 +17393,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault | |||
17436 | + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) { | 17393 | + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) { |
17437 | + bad_area(regs, error_code, address); | 17394 | + bad_area(regs, error_code, address); |
17438 | + return; | 17395 | + return; |
17439 | + } | 17396 | } |
17440 | + | 17397 | + |
17441 | +#ifdef CONFIG_PAX_SEGMEXEC | 17398 | +#ifdef CONFIG_PAX_SEGMEXEC |
17442 | + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) { | 17399 | + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) { |
17443 | + bad_area(regs, error_code, address); | 17400 | + bad_area(regs, error_code, address); |
17444 | + return; | 17401 | + return; |
17445 | } | 17402 | + } |
17446 | +#endif | 17403 | +#endif |
17447 | + | 17404 | + |
17448 | if (unlikely(expand_stack(vma, address))) { | 17405 | if (unlikely(expand_stack(vma, address))) { |
17449 | bad_area(regs, error_code, address); | 17406 | bad_area(regs, error_code, address); |
17450 | return; | 17407 | return; |
17451 | @@ -1137,3 +1406,199 @@ good_area: | 17408 | @@ -1137,3 +1408,199 @@ good_area: |
17452 | 17409 | ||
17453 | up_read(&mm->mmap_sem); | 17410 | up_read(&mm->mmap_sem); |
17454 | } | 17411 | } |
@@ -18182,7 +18139,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init_64.c linux-2.6.32.15/arch/x86/mm/ini | |||
18182 | return "[vsyscall]"; | 18139 | return "[vsyscall]"; |
18183 | diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c | 18140 | diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c |
18184 | --- linux-2.6.32.15/arch/x86/mm/init.c 2010-03-15 11:52:04.000000000 -0400 | 18141 | --- linux-2.6.32.15/arch/x86/mm/init.c 2010-03-15 11:52:04.000000000 -0400 |
18185 | +++ linux-2.6.32.15/arch/x86/mm/init.c 2010-05-28 21:27:15.114903294 -0400 | 18142 | +++ linux-2.6.32.15/arch/x86/mm/init.c 2010-06-19 10:03:50.012498759 -0400 |
18186 | @@ -69,11 +69,7 @@ static void __init find_early_table_spac | 18143 | @@ -69,11 +69,7 @@ static void __init find_early_table_spac |
18187 | * cause a hotspot and fill up ZONE_DMA. The page tables | 18144 | * cause a hotspot and fill up ZONE_DMA. The page tables |
18188 | * need roughly 0.5KB per GB. | 18145 | * need roughly 0.5KB per GB. |
@@ -18211,7 +18168,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c | |||
18211 | return 1; | 18168 | return 1; |
18212 | if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) | 18169 | if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) |
18213 | return 0; | 18170 | return 0; |
18214 | @@ -379,6 +381,87 @@ void free_init_pages(char *what, unsigne | 18171 | @@ -379,6 +381,89 @@ void free_init_pages(char *what, unsigne |
18215 | 18172 | ||
18216 | void free_initmem(void) | 18173 | void free_initmem(void) |
18217 | { | 18174 | { |
@@ -18250,12 +18207,14 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c | |||
18250 | +*/ | 18207 | +*/ |
18251 | +#ifdef CONFIG_X86_PAE | 18208 | +#ifdef CONFIG_X86_PAE |
18252 | + set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT); | 18209 | + set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT); |
18210 | +/* | ||
18253 | + for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) { | 18211 | + for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) { |
18254 | + pgd = pgd_offset_k(addr); | 18212 | + pgd = pgd_offset_k(addr); |
18255 | + pud = pud_offset(pgd, addr); | 18213 | + pud = pud_offset(pgd, addr); |
18256 | + pmd = pmd_offset(pud, addr); | 18214 | + pmd = pmd_offset(pud, addr); |
18257 | + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); | 18215 | + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); |
18258 | + } | 18216 | + } |
18217 | +*/ | ||
18259 | +#endif | 18218 | +#endif |
18260 | + | 18219 | + |
18261 | +#ifdef CONFIG_MODULES | 18220 | +#ifdef CONFIG_MODULES |
@@ -18475,38 +18434,83 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/numa_32.c linux-2.6.32.15/arch/x86/mm/num | |||
18475 | #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE) | 18434 | #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE) |
18476 | diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr.c linux-2.6.32.15/arch/x86/mm/pageattr.c | 18435 | diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr.c linux-2.6.32.15/arch/x86/mm/pageattr.c |
18477 | --- linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-03-15 11:52:04.000000000 -0400 | 18436 | --- linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-03-15 11:52:04.000000000 -0400 |
18478 | +++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-05-28 21:27:15.118897735 -0400 | 18437 | +++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-06-19 10:03:50.012498759 -0400 |
18479 | @@ -268,9 +268,10 @@ static inline pgprot_t static_protection | 18438 | @@ -261,16 +261,17 @@ static inline pgprot_t static_protection |
18439 | * PCI BIOS based config access (CONFIG_PCI_GOBIOS) support. | ||
18440 | */ | ||
18441 | if (within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT)) | ||
18442 | - pgprot_val(forbidden) |= _PAGE_NX; | ||
18443 | + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; | ||
18444 | |||
18445 | /* | ||
18446 | * The kernel text needs to be executable for obvious reasons | ||
18480 | * Does not cover __inittext since that is gone later on. On | 18447 | * Does not cover __inittext since that is gone later on. On |
18481 | * 64bit we do not enforce !NX on the low mapping | 18448 | * 64bit we do not enforce !NX on the low mapping |
18482 | */ | 18449 | */ |
18483 | - if (within(address, (unsigned long)_text, (unsigned long)_etext)) | 18450 | - if (within(address, (unsigned long)_text, (unsigned long)_etext)) |
18451 | - pgprot_val(forbidden) |= _PAGE_NX; | ||
18484 | + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext))) | 18452 | + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext))) |
18485 | pgprot_val(forbidden) |= _PAGE_NX; | 18453 | + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; |
18486 | 18454 | ||
18487 | +#ifdef CONFIG_DEBUG_RODATA | 18455 | +#ifdef CONFIG_DEBUG_RODATA |
18488 | /* | 18456 | /* |
18489 | * The .rodata section needs to be read-only. Using the pfn | 18457 | * The .rodata section needs to be read-only. Using the pfn |
18490 | * catches all aliases. | 18458 | * catches all aliases. |
18491 | @@ -278,6 +279,7 @@ static inline pgprot_t static_protection | 18459 | @@ -278,6 +279,14 @@ static inline pgprot_t static_protection |
18492 | if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT, | 18460 | if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT, |
18493 | __pa((unsigned long)__end_rodata) >> PAGE_SHIFT)) | 18461 | __pa((unsigned long)__end_rodata) >> PAGE_SHIFT)) |
18494 | pgprot_val(forbidden) |= _PAGE_RW; | 18462 | pgprot_val(forbidden) |= _PAGE_RW; |
18495 | +#endif | 18463 | +#endif |
18464 | + | ||
18465 | +#ifdef CONFIG_PAX_KERNEXEC | ||
18466 | + if (within(pfn, __pa((unsigned long)&_text), __pa((unsigned long)&_sdata))) { | ||
18467 | + pgprot_val(forbidden) |= _PAGE_RW; | ||
18468 | + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; | ||
18469 | + } | ||
18470 | +#endif | ||
18496 | 18471 | ||
18497 | prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden)); | 18472 | prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden)); |
18498 | 18473 | ||
18499 | @@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address); | 18474 | @@ -331,23 +340,37 @@ EXPORT_SYMBOL_GPL(lookup_address); |
18500 | static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte) | 18475 | static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte) |
18501 | { | 18476 | { |
18502 | /* change init_mm */ | 18477 | /* change init_mm */ |
18503 | + pax_open_kernel(); | 18478 | + pax_open_kernel(); |
18504 | set_pte_atomic(kpte, pte); | 18479 | set_pte_atomic(kpte, pte); |
18505 | + pax_close_kernel(); | ||
18506 | + | 18480 | + |
18507 | #ifdef CONFIG_X86_32 | 18481 | #ifdef CONFIG_X86_32 |
18508 | if (!SHARED_KERNEL_PMD) { | 18482 | if (!SHARED_KERNEL_PMD) { |
18483 | + | ||
18484 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
18485 | + unsigned long cpu; | ||
18486 | +#else | ||
18509 | struct page *page; | 18487 | struct page *page; |
18488 | +#endif | ||
18489 | |||
18490 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
18491 | + for (cpu = 0; cpu < NR_CPUS; ++cpu) { | ||
18492 | + pgd_t *pgd = get_cpu_pgd(cpu); | ||
18493 | +#else | ||
18494 | list_for_each_entry(page, &pgd_list, lru) { | ||
18495 | - pgd_t *pgd; | ||
18496 | + pgd_t *pgd = (pgd_t *)page_address(page);; | ||
18497 | +#endif | ||
18498 | + | ||
18499 | pud_t *pud; | ||
18500 | pmd_t *pmd; | ||
18501 | |||
18502 | - pgd = (pgd_t *)page_address(page) + pgd_index(address); | ||
18503 | + pgd += pgd_index(address); | ||
18504 | pud = pud_offset(pgd, address); | ||
18505 | pmd = pmd_offset(pud, address); | ||
18506 | set_pte_atomic((pte_t *)pmd, pte); | ||
18507 | } | ||
18508 | } | ||
18509 | #endif | ||
18510 | + pax_close_kernel(); | ||
18511 | } | ||
18512 | |||
18513 | static int | ||
18510 | diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr-test.c linux-2.6.32.15/arch/x86/mm/pageattr-test.c | 18514 | diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr-test.c linux-2.6.32.15/arch/x86/mm/pageattr-test.c |
18511 | --- linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-03-15 11:52:04.000000000 -0400 | 18515 | --- linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-03-15 11:52:04.000000000 -0400 |
18512 | +++ linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-05-28 21:27:15.118897735 -0400 | 18516 | +++ linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-05-28 21:27:15.118897735 -0400 |
@@ -18577,28 +18581,22 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable_32.c linux-2.6.32.15/arch/x86/mm/ | |||
18577 | * It's enough to flush this one mapping. | 18581 | * It's enough to flush this one mapping. |
18578 | diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgtable.c | 18582 | diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgtable.c |
18579 | --- linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-03-15 11:52:04.000000000 -0400 | 18583 | --- linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-03-15 11:52:04.000000000 -0400 |
18580 | +++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-05-28 21:27:15.118897735 -0400 | 18584 | +++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-06-19 10:03:50.012498759 -0400 |
18581 | @@ -63,8 +63,12 @@ void ___pmd_free_tlb(struct mmu_gather * | 18585 | @@ -83,8 +83,59 @@ static inline void pgd_list_del(pgd_t *p |
18582 | #if PAGETABLE_LEVELS > 3 | ||
18583 | void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud) | ||
18584 | { | ||
18585 | + | ||
18586 | +#ifndef CONFIG_PAX_PER_CPU_PGD | ||
18587 | paravirt_release_pud(__pa(pud) >> PAGE_SHIFT); | ||
18588 | tlb_remove_page(tlb, virt_to_page(pud)); | ||
18589 | +#endif | ||
18590 | + | ||
18591 | } | ||
18592 | #endif /* PAGETABLE_LEVELS > 3 */ | ||
18593 | #endif /* PAGETABLE_LEVELS > 2 */ | ||
18594 | @@ -83,8 +87,62 @@ static inline void pgd_list_del(pgd_t *p | ||
18595 | list_del(&page->lru); | 18586 | list_del(&page->lru); |
18596 | } | 18587 | } |
18597 | 18588 | ||
18598 | -#define UNSHARED_PTRS_PER_PGD \ | 18589 | -#define UNSHARED_PTRS_PER_PGD \ |
18599 | - (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD) | 18590 | - (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD) |
18600 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | 18591 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
18601 | +pteval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT; | 18592 | +pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT; |
18593 | + | ||
18594 | +void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) | ||
18595 | +{ | ||
18596 | + while (count--) | ||
18597 | + *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER); | ||
18598 | + | ||
18599 | +} | ||
18602 | +#endif | 18600 | +#endif |
18603 | + | 18601 | + |
18604 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 18602 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
@@ -18613,16 +18611,6 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18613 | +#endif | 18611 | +#endif |
18614 | + | 18612 | + |
18615 | +} | 18613 | +} |
18616 | + | ||
18617 | +void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) | ||
18618 | +{ | ||
18619 | + | ||
18620 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
18621 | + while (count--) | ||
18622 | + *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER); | ||
18623 | +#endif | ||
18624 | + | ||
18625 | +} | ||
18626 | +#endif | 18614 | +#endif |
18627 | + | 18615 | + |
18628 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 18616 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
@@ -18656,7 +18644,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18656 | 18644 | ||
18657 | static void pgd_ctor(pgd_t *pgd) | 18645 | static void pgd_ctor(pgd_t *pgd) |
18658 | { | 18646 | { |
18659 | @@ -119,6 +177,7 @@ static void pgd_dtor(pgd_t *pgd) | 18647 | @@ -119,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd) |
18660 | pgd_list_del(pgd); | 18648 | pgd_list_del(pgd); |
18661 | spin_unlock_irqrestore(&pgd_lock, flags); | 18649 | spin_unlock_irqrestore(&pgd_lock, flags); |
18662 | } | 18650 | } |
@@ -18664,7 +18652,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18664 | 18652 | ||
18665 | /* | 18653 | /* |
18666 | * List of all pgd's needed for non-PAE so it can invalidate entries | 18654 | * List of all pgd's needed for non-PAE so it can invalidate entries |
18667 | @@ -131,7 +190,7 @@ static void pgd_dtor(pgd_t *pgd) | 18655 | @@ -131,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd) |
18668 | * -- wli | 18656 | * -- wli |
18669 | */ | 18657 | */ |
18670 | 18658 | ||
@@ -18673,7 +18661,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18673 | /* | 18661 | /* |
18674 | * In PAE mode, we need to do a cr3 reload (=tlb flush) when | 18662 | * In PAE mode, we need to do a cr3 reload (=tlb flush) when |
18675 | * updating the top-level pagetable entries to guarantee the | 18663 | * updating the top-level pagetable entries to guarantee the |
18676 | @@ -143,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd) | 18664 | @@ -143,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) |
18677 | * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate | 18665 | * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate |
18678 | * and initialize the kernel pmds here. | 18666 | * and initialize the kernel pmds here. |
18679 | */ | 18667 | */ |
@@ -18682,7 +18670,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18682 | 18670 | ||
18683 | void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) | 18671 | void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) |
18684 | { | 18672 | { |
18685 | @@ -162,36 +221,38 @@ void pud_populate(struct mm_struct *mm, | 18673 | @@ -162,36 +214,38 @@ void pud_populate(struct mm_struct *mm, |
18686 | if (mm == current->active_mm) | 18674 | if (mm == current->active_mm) |
18687 | write_cr3(read_cr3()); | 18675 | write_cr3(read_cr3()); |
18688 | } | 18676 | } |
@@ -18732,7 +18720,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18732 | return -ENOMEM; | 18720 | return -ENOMEM; |
18733 | } | 18721 | } |
18734 | 18722 | ||
18735 | @@ -204,51 +265,56 @@ static int preallocate_pmds(pmd_t *pmds[ | 18723 | @@ -204,51 +258,56 @@ static int preallocate_pmds(pmd_t *pmds[ |
18736 | * preallocate which never got a corresponding vma will need to be | 18724 | * preallocate which never got a corresponding vma will need to be |
18737 | * freed manually. | 18725 | * freed manually. |
18738 | */ | 18726 | */ |
@@ -18806,7 +18794,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18806 | unsigned long flags; | 18794 | unsigned long flags; |
18807 | 18795 | ||
18808 | pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); | 18796 | pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); |
18809 | @@ -258,11 +324,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) | 18797 | @@ -258,11 +317,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) |
18810 | 18798 | ||
18811 | mm->pgd = pgd; | 18799 | mm->pgd = pgd; |
18812 | 18800 | ||
@@ -18820,7 +18808,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18820 | 18808 | ||
18821 | /* | 18809 | /* |
18822 | * Make sure that pre-populating the pmds is atomic with | 18810 | * Make sure that pre-populating the pmds is atomic with |
18823 | @@ -272,14 +338,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) | 18811 | @@ -272,14 +331,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) |
18824 | spin_lock_irqsave(&pgd_lock, flags); | 18812 | spin_lock_irqsave(&pgd_lock, flags); |
18825 | 18813 | ||
18826 | pgd_ctor(pgd); | 18814 | pgd_ctor(pgd); |
@@ -18838,7 +18826,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt | |||
18838 | out_free_pgd: | 18826 | out_free_pgd: |
18839 | free_page((unsigned long)pgd); | 18827 | free_page((unsigned long)pgd); |
18840 | out: | 18828 | out: |
18841 | @@ -288,7 +354,7 @@ out: | 18829 | @@ -288,7 +347,7 @@ out: |
18842 | 18830 | ||
18843 | void pgd_free(struct mm_struct *mm, pgd_t *pgd) | 18831 | void pgd_free(struct mm_struct *mm, pgd_t *pgd) |
18844 | { | 18832 | { |
@@ -20109,6 +20097,18 @@ diff -urNp linux-2.6.32.15/Documentation/kernel-parameters.txt linux-2.6.32.15/D | |||
20109 | pcbit= [HW,ISDN] | 20097 | pcbit= [HW,ISDN] |
20110 | 20098 | ||
20111 | pcd. [PARIDE] | 20099 | pcd. [PARIDE] |
20100 | diff -urNp linux-2.6.32.15/drivers/acpi/acpi_pad.c linux-2.6.32.15/drivers/acpi/acpi_pad.c | ||
20101 | --- linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-03-15 11:52:04.000000000 -0400 | ||
20102 | +++ linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-06-19 10:03:45.704801524 -0400 | ||
20103 | @@ -30,7 +30,7 @@ | ||
20104 | #include <acpi/acpi_bus.h> | ||
20105 | #include <acpi/acpi_drivers.h> | ||
20106 | |||
20107 | -#define ACPI_PROCESSOR_AGGREGATOR_CLASS "processor_aggregator" | ||
20108 | +#define ACPI_PROCESSOR_AGGREGATOR_CLASS "acpi_pad" | ||
20109 | #define ACPI_PROCESSOR_AGGREGATOR_DEVICE_NAME "Processor Aggregator" | ||
20110 | #define ACPI_PROCESSOR_AGGREGATOR_NOTIFY 0x80 | ||
20111 | static DEFINE_MUTEX(isolated_cpus_lock); | ||
20112 | diff -urNp linux-2.6.32.15/drivers/acpi/battery.c linux-2.6.32.15/drivers/acpi/battery.c | 20112 | diff -urNp linux-2.6.32.15/drivers/acpi/battery.c linux-2.6.32.15/drivers/acpi/battery.c |
20113 | --- linux-2.6.32.15/drivers/acpi/battery.c 2010-03-15 11:52:04.000000000 -0400 | 20113 | --- linux-2.6.32.15/drivers/acpi/battery.c 2010-03-15 11:52:04.000000000 -0400 |
20114 | +++ linux-2.6.32.15/drivers/acpi/battery.c 2010-05-28 21:27:15.179152446 -0400 | 20114 | +++ linux-2.6.32.15/drivers/acpi/battery.c 2010-05-28 21:27:15.179152446 -0400 |
@@ -27801,6 +27801,18 @@ diff -urNp linux-2.6.32.15/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.15/drive | |||
27801 | .owner = THIS_MODULE, | 27801 | .owner = THIS_MODULE, |
27802 | .open = blkvsc_open, | 27802 | .open = blkvsc_open, |
27803 | .release = blkvsc_release, | 27803 | .release = blkvsc_release, |
27804 | diff -urNp linux-2.6.32.15/drivers/staging/hv/Hv.c linux-2.6.32.15/drivers/staging/hv/Hv.c | ||
27805 | --- linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-05-15 13:20:18.963900073 -0400 | ||
27806 | +++ linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-06-19 10:03:50.012498759 -0400 | ||
27807 | @@ -161,7 +161,7 @@ static u64 HvDoHypercall(u64 Control, vo | ||
27808 | u64 outputAddress = (Output) ? virt_to_phys(Output) : 0; | ||
27809 | u32 outputAddressHi = outputAddress >> 32; | ||
27810 | u32 outputAddressLo = outputAddress & 0xFFFFFFFF; | ||
27811 | - volatile void *hypercallPage = gHvContext.HypercallPage; | ||
27812 | + volatile void *hypercallPage = ktva_ktla(gHvContext.HypercallPage); | ||
27813 | |||
27814 | DPRINT_DBG(VMBUS, "Hypercall <control %llx input %p output %p>", | ||
27815 | Control, Input, Output); | ||
27804 | diff -urNp linux-2.6.32.15/drivers/staging/panel/panel.c linux-2.6.32.15/drivers/staging/panel/panel.c | 27816 | diff -urNp linux-2.6.32.15/drivers/staging/panel/panel.c linux-2.6.32.15/drivers/staging/panel/panel.c |
27805 | --- linux-2.6.32.15/drivers/staging/panel/panel.c 2010-03-15 11:52:04.000000000 -0400 | 27817 | --- linux-2.6.32.15/drivers/staging/panel/panel.c 2010-03-15 11:52:04.000000000 -0400 |
27806 | +++ linux-2.6.32.15/drivers/staging/panel/panel.c 2010-05-28 21:27:15.842942312 -0400 | 27818 | +++ linux-2.6.32.15/drivers/staging/panel/panel.c 2010-05-28 21:27:15.842942312 -0400 |
@@ -34413,8 +34425,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_alloc.c linux-2.6.32.15/grsecurity/g | |||
34413 | +} | 34425 | +} |
34414 | diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c | 34426 | diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c |
34415 | --- linux-2.6.32.15/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 | 34427 | --- linux-2.6.32.15/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 |
34416 | +++ linux-2.6.32.15/grsecurity/gracl.c 2010-05-28 21:27:16.327077893 -0400 | 34428 | +++ linux-2.6.32.15/grsecurity/gracl.c 2010-06-26 14:00:02.982610280 -0400 |
34417 | @@ -0,0 +1,3897 @@ | 34429 | @@ -0,0 +1,3899 @@ |
34418 | +#include <linux/kernel.h> | 34430 | +#include <linux/kernel.h> |
34419 | +#include <linux/module.h> | 34431 | +#include <linux/module.h> |
34420 | +#include <linux/sched.h> | 34432 | +#include <linux/sched.h> |
@@ -38202,6 +38214,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c | |||
38202 | + who have the 'view' subject flag if the RBAC system is enabled | 38214 | + who have the 'view' subject flag if the RBAC system is enabled |
38203 | + */ | 38215 | + */ |
38204 | + | 38216 | + |
38217 | + rcu_read_lock(); | ||
38205 | + read_lock(&tasklist_lock); | 38218 | + read_lock(&tasklist_lock); |
38206 | + task = find_task_by_vpid(pid); | 38219 | + task = find_task_by_vpid(pid); |
38207 | + if (task) { | 38220 | + if (task) { |
@@ -38230,6 +38243,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c | |||
38230 | + ret = -ENOENT; | 38243 | + ret = -ENOENT; |
38231 | + | 38244 | + |
38232 | + read_unlock(&tasklist_lock); | 38245 | + read_unlock(&tasklist_lock); |
38246 | + rcu_read_unlock(); | ||
38233 | + | 38247 | + |
38234 | + return ret; | 38248 | + return ret; |
38235 | +} | 38249 | +} |
@@ -38314,8 +38328,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c | |||
38314 | + | 38328 | + |
38315 | diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gracl_cap.c | 38329 | diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gracl_cap.c |
38316 | --- linux-2.6.32.15/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500 | 38330 | --- linux-2.6.32.15/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500 |
38317 | +++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-05-28 21:27:16.327077893 -0400 | 38331 | +++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-06-19 21:06:17.097881201 -0400 |
38318 | @@ -0,0 +1,131 @@ | 38332 | @@ -0,0 +1,138 @@ |
38319 | +#include <linux/kernel.h> | 38333 | +#include <linux/kernel.h> |
38320 | +#include <linux/module.h> | 38334 | +#include <linux/module.h> |
38321 | +#include <linux/sched.h> | 38335 | +#include <linux/sched.h> |
@@ -38370,6 +38384,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra | |||
38370 | + const struct cred *cred = current_cred(); | 38384 | + const struct cred *cred = current_cred(); |
38371 | + struct acl_subject_label *curracl; | 38385 | + struct acl_subject_label *curracl; |
38372 | + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; | 38386 | + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; |
38387 | + kernel_cap_t cap_audit = __cap_empty_set; | ||
38373 | + | 38388 | + |
38374 | + if (!gr_acl_is_enabled()) | 38389 | + if (!gr_acl_is_enabled()) |
38375 | + return 1; | 38390 | + return 1; |
@@ -38378,6 +38393,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra | |||
38378 | + | 38393 | + |
38379 | + cap_drop = curracl->cap_lower; | 38394 | + cap_drop = curracl->cap_lower; |
38380 | + cap_mask = curracl->cap_mask; | 38395 | + cap_mask = curracl->cap_mask; |
38396 | + cap_audit = curracl->cap_invert_audit; | ||
38381 | + | 38397 | + |
38382 | + while ((curracl = curracl->parent_subject)) { | 38398 | + while ((curracl = curracl->parent_subject)) { |
38383 | + /* if the cap isn't specified in the current computed mask but is specified in the | 38399 | + /* if the cap isn't specified in the current computed mask but is specified in the |
@@ -38389,11 +38405,16 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra | |||
38389 | + cap_raise(cap_mask, cap); | 38405 | + cap_raise(cap_mask, cap); |
38390 | + if (cap_raised(curracl->cap_lower, cap)) | 38406 | + if (cap_raised(curracl->cap_lower, cap)) |
38391 | + cap_raise(cap_drop, cap); | 38407 | + cap_raise(cap_drop, cap); |
38408 | + if (cap_raised(curracl->cap_invert_audit, cap)) | ||
38409 | + cap_raise(cap_audit, cap); | ||
38392 | + } | 38410 | + } |
38393 | + } | 38411 | + } |
38394 | + | 38412 | + |
38395 | + if (!cap_raised(cap_drop, cap)) | 38413 | + if (!cap_raised(cap_drop, cap)) { |
38414 | + if (cap_raised(cap_audit, cap)) | ||
38415 | + gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]); | ||
38396 | + return 1; | 38416 | + return 1; |
38417 | + } | ||
38397 | + | 38418 | + |
38398 | + curracl = task->acl; | 38419 | + curracl = task->acl; |
38399 | + | 38420 | + |
@@ -38409,7 +38430,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra | |||
38409 | + return 1; | 38430 | + return 1; |
38410 | + } | 38431 | + } |
38411 | + | 38432 | + |
38412 | + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap)) | 38433 | + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap)) |
38413 | + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); | 38434 | + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); |
38414 | + return 0; | 38435 | + return 0; |
38415 | +} | 38436 | +} |
@@ -39818,8 +39839,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_segv.c linux-2.6.32.15/grsecurity/gr | |||
39818 | +} | 39839 | +} |
39819 | diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gracl_shm.c | 39840 | diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gracl_shm.c |
39820 | --- linux-2.6.32.15/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500 | 39841 | --- linux-2.6.32.15/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500 |
39821 | +++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-05-28 21:27:16.331240103 -0400 | 39842 | +++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-06-26 14:01:55.746591444 -0400 |
39822 | @@ -0,0 +1,37 @@ | 39843 | @@ -0,0 +1,40 @@ |
39823 | +#include <linux/kernel.h> | 39844 | +#include <linux/kernel.h> |
39824 | +#include <linux/mm.h> | 39845 | +#include <linux/mm.h> |
39825 | +#include <linux/sched.h> | 39846 | +#include <linux/sched.h> |
@@ -39838,6 +39859,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra | |||
39838 | + if (!gr_acl_is_enabled()) | 39859 | + if (!gr_acl_is_enabled()) |
39839 | + return 1; | 39860 | + return 1; |
39840 | + | 39861 | + |
39862 | + rcu_read_lock(); | ||
39841 | + read_lock(&tasklist_lock); | 39863 | + read_lock(&tasklist_lock); |
39842 | + | 39864 | + |
39843 | + task = find_task_by_vpid(shm_cprid); | 39865 | + task = find_task_by_vpid(shm_cprid); |
@@ -39850,10 +39872,12 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra | |||
39850 | + (task->acl->mode & GR_PROTSHM) && | 39872 | + (task->acl->mode & GR_PROTSHM) && |
39851 | + (task->acl != current->acl))) { | 39873 | + (task->acl != current->acl))) { |
39852 | + read_unlock(&tasklist_lock); | 39874 | + read_unlock(&tasklist_lock); |
39875 | + rcu_read_unlock(); | ||
39853 | + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); | 39876 | + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); |
39854 | + return 0; | 39877 | + return 0; |
39855 | + } | 39878 | + } |
39856 | + read_unlock(&tasklist_lock); | 39879 | + read_unlock(&tasklist_lock); |
39880 | + rcu_read_unlock(); | ||
39857 | + | 39881 | + |
39858 | + return 1; | 39882 | + return 1; |
39859 | +} | 39883 | +} |
@@ -39882,8 +39906,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chdir.c linux-2.6.32.15/grsecurity/g | |||
39882 | +} | 39906 | +} |
39883 | diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/grsec_chroot.c | 39907 | diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/grsec_chroot.c |
39884 | --- linux-2.6.32.15/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 | 39908 | --- linux-2.6.32.15/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 |
39885 | +++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-05-28 21:27:16.331240103 -0400 | 39909 | +++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-06-26 14:05:26.054819575 -0400 |
39886 | @@ -0,0 +1,348 @@ | 39910 | @@ -0,0 +1,355 @@ |
39887 | +#include <linux/kernel.h> | 39911 | +#include <linux/kernel.h> |
39888 | +#include <linux/module.h> | 39912 | +#include <linux/module.h> |
39889 | +#include <linux/sched.h> | 39913 | +#include <linux/sched.h> |
@@ -39907,6 +39931,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ | |||
39907 | + if (likely(!proc_is_chrooted(current))) | 39931 | + if (likely(!proc_is_chrooted(current))) |
39908 | + return 1; | 39932 | + return 1; |
39909 | + | 39933 | + |
39934 | + rcu_read_lock(); | ||
39910 | + read_lock(&tasklist_lock); | 39935 | + read_lock(&tasklist_lock); |
39911 | + | 39936 | + |
39912 | + spid = find_vpid(pid); | 39937 | + spid = find_vpid(pid); |
@@ -39917,12 +39942,14 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ | |||
39917 | + if (unlikely(!have_same_root(current, p))) { | 39942 | + if (unlikely(!have_same_root(current, p))) { |
39918 | + gr_fs_read_unlock(p); | 39943 | + gr_fs_read_unlock(p); |
39919 | + read_unlock(&tasklist_lock); | 39944 | + read_unlock(&tasklist_lock); |
39945 | + rcu_read_unlock(); | ||
39920 | + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG); | 39946 | + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG); |
39921 | + return 0; | 39947 | + return 0; |
39922 | + } | 39948 | + } |
39923 | + gr_fs_read_unlock(p); | 39949 | + gr_fs_read_unlock(p); |
39924 | + } | 39950 | + } |
39925 | + read_unlock(&tasklist_lock); | 39951 | + read_unlock(&tasklist_lock); |
39952 | + rcu_read_unlock(); | ||
39926 | +#endif | 39953 | +#endif |
39927 | + return 1; | 39954 | + return 1; |
39928 | +} | 39955 | +} |
@@ -40065,6 +40092,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ | |||
40065 | + if (likely(!proc_is_chrooted(current))) | 40092 | + if (likely(!proc_is_chrooted(current))) |
40066 | + return 1; | 40093 | + return 1; |
40067 | + | 40094 | + |
40095 | + rcu_read_lock(); | ||
40068 | + read_lock(&tasklist_lock); | 40096 | + read_lock(&tasklist_lock); |
40069 | + | 40097 | + |
40070 | + pid = find_vpid(shm_cprid); | 40098 | + pid = find_vpid(shm_cprid); |
@@ -40077,6 +40105,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ | |||
40077 | + time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) { | 40105 | + time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) { |
40078 | + gr_fs_read_unlock(p); | 40106 | + gr_fs_read_unlock(p); |
40079 | + read_unlock(&tasklist_lock); | 40107 | + read_unlock(&tasklist_lock); |
40108 | + rcu_read_unlock(); | ||
40080 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); | 40109 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); |
40081 | + return 0; | 40110 | + return 0; |
40082 | + } | 40111 | + } |
@@ -40090,6 +40119,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ | |||
40090 | + if (unlikely(!have_same_root(current, p))) { | 40119 | + if (unlikely(!have_same_root(current, p))) { |
40091 | + gr_fs_read_unlock(p); | 40120 | + gr_fs_read_unlock(p); |
40092 | + read_unlock(&tasklist_lock); | 40121 | + read_unlock(&tasklist_lock); |
40122 | + rcu_read_unlock(); | ||
40093 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); | 40123 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); |
40094 | + return 0; | 40124 | + return 0; |
40095 | + } | 40125 | + } |
@@ -40098,6 +40128,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ | |||
40098 | + } | 40128 | + } |
40099 | + | 40129 | + |
40100 | + read_unlock(&tasklist_lock); | 40130 | + read_unlock(&tasklist_lock); |
40131 | + rcu_read_unlock(); | ||
40101 | +#endif | 40132 | +#endif |
40102 | + return 1; | 40133 | + return 1; |
40103 | +} | 40134 | +} |
@@ -40804,8 +40835,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_fork.c linux-2.6.32.15/grsecurity/gr | |||
40804 | +} | 40835 | +} |
40805 | diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/grsec_init.c | 40836 | diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/grsec_init.c |
40806 | --- linux-2.6.32.15/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 | 40837 | --- linux-2.6.32.15/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 |
40807 | +++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-05-28 21:27:16.331240103 -0400 | 40838 | +++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-06-27 12:52:54.615758098 -0400 |
40808 | @@ -0,0 +1,241 @@ | 40839 | @@ -0,0 +1,258 @@ |
40809 | +#include <linux/kernel.h> | 40840 | +#include <linux/kernel.h> |
40810 | +#include <linux/sched.h> | 40841 | +#include <linux/sched.h> |
40811 | +#include <linux/mm.h> | 40842 | +#include <linux/mm.h> |
@@ -40814,6 +40845,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr | |||
40814 | +#include <linux/slab.h> | 40845 | +#include <linux/slab.h> |
40815 | +#include <linux/vmalloc.h> | 40846 | +#include <linux/vmalloc.h> |
40816 | +#include <linux/percpu.h> | 40847 | +#include <linux/percpu.h> |
40848 | +#include <linux/module.h> | ||
40817 | + | 40849 | + |
40818 | +int grsec_enable_link; | 40850 | +int grsec_enable_link; |
40819 | +int grsec_enable_dmesg; | 40851 | +int grsec_enable_dmesg; |
@@ -40848,6 +40880,9 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr | |||
40848 | +int grsec_enable_tpe; | 40880 | +int grsec_enable_tpe; |
40849 | +int grsec_tpe_gid; | 40881 | +int grsec_tpe_gid; |
40850 | +int grsec_enable_blackhole; | 40882 | +int grsec_enable_blackhole; |
40883 | +#ifdef CONFIG_IPV6_MODULE | ||
40884 | +EXPORT_SYMBOL(grsec_enable_blackhole); | ||
40885 | +#endif | ||
40851 | +int grsec_lastack_retries; | 40886 | +int grsec_lastack_retries; |
40852 | +int grsec_enable_tpe_all; | 40887 | +int grsec_enable_tpe_all; |
40853 | +int grsec_enable_socket_all; | 40888 | +int grsec_enable_socket_all; |
@@ -40857,6 +40892,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr | |||
40857 | +int grsec_enable_socket_server; | 40892 | +int grsec_enable_socket_server; |
40858 | +int grsec_socket_server_gid; | 40893 | +int grsec_socket_server_gid; |
40859 | +int grsec_resource_logging; | 40894 | +int grsec_resource_logging; |
40895 | +int grsec_disable_privio; | ||
40860 | +int grsec_lock; | 40896 | +int grsec_lock; |
40861 | + | 40897 | + |
40862 | +DEFINE_SPINLOCK(grsec_alert_lock); | 40898 | +DEFINE_SPINLOCK(grsec_alert_lock); |
@@ -40928,10 +40964,22 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr | |||
40928 | + return; | 40964 | + return; |
40929 | + } | 40965 | + } |
40930 | + | 40966 | + |
40967 | + | ||
40968 | +#ifdef CONFIG_GRKERNSEC_IO | ||
40969 | +#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO) | ||
40970 | + grsec_disable_privio = 1; | ||
40971 | +#elif defined(CONFIG_GRKERNSEC_SYSCTL_ON) | ||
40972 | + grsec_disable_privio = 1; | ||
40973 | +#else | ||
40974 | + grsec_disable_privio = 0; | ||
40975 | +#endif | ||
40976 | +#endif | ||
40977 | + | ||
40931 | +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON) | 40978 | +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON) |
40932 | +#ifndef CONFIG_GRKERNSEC_SYSCTL | 40979 | +#ifndef CONFIG_GRKERNSEC_SYSCTL |
40933 | + grsec_lock = 1; | 40980 | + grsec_lock = 1; |
40934 | +#endif | 40981 | +#endif |
40982 | + | ||
40935 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | 40983 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL |
40936 | + grsec_enable_audit_textrel = 1; | 40984 | + grsec_enable_audit_textrel = 1; |
40937 | +#endif | 40985 | +#endif |
@@ -41913,8 +41961,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sock.c linux-2.6.32.15/grsecurity/gr | |||
41913 | +} | 41961 | +} |
41914 | diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/grsec_sysctl.c | 41962 | diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/grsec_sysctl.c |
41915 | --- linux-2.6.32.15/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 | 41963 | --- linux-2.6.32.15/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 |
41916 | +++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-05-28 21:27:16.331240103 -0400 | 41964 | +++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-06-19 21:32:37.093947224 -0400 |
41917 | @@ -0,0 +1,447 @@ | 41965 | @@ -0,0 +1,459 @@ |
41918 | +#include <linux/kernel.h> | 41966 | +#include <linux/kernel.h> |
41919 | +#include <linux/sched.h> | 41967 | +#include <linux/sched.h> |
41920 | +#include <linux/sysctl.h> | 41968 | +#include <linux/sysctl.h> |
@@ -41940,6 +41988,18 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/ | |||
41940 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) | 41988 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) |
41941 | +ctl_table grsecurity_table[] = { | 41989 | +ctl_table grsecurity_table[] = { |
41942 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | 41990 | +#ifdef CONFIG_GRKERNSEC_SYSCTL |
41991 | +#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO | ||
41992 | +#ifdef CONFIG_GRKERNSEC_IO | ||
41993 | + { | ||
41994 | + .ctl_name = CTL_UNNUMBERED, | ||
41995 | + .procname = "disable_priv_io", | ||
41996 | + .data = &grsec_disable_privio, | ||
41997 | + .maxlen = sizeof(int), | ||
41998 | + .mode = 0600, | ||
41999 | + .proc_handler = &proc_dointvec, | ||
42000 | + }, | ||
42001 | +#endif | ||
42002 | +#endif | ||
41943 | +#ifdef CONFIG_GRKERNSEC_LINK | 42003 | +#ifdef CONFIG_GRKERNSEC_LINK |
41944 | + { | 42004 | + { |
41945 | + .ctl_name = CTL_UNNUMBERED, | 42005 | + .ctl_name = CTL_UNNUMBERED, |
@@ -42443,8 +42503,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_tpe.c linux-2.6.32.15/grsecurity/grs | |||
42443 | +} | 42503 | +} |
42444 | diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c | 42504 | diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c |
42445 | --- linux-2.6.32.15/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500 | 42505 | --- linux-2.6.32.15/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500 |
42446 | +++ linux-2.6.32.15/grsecurity/grsum.c 2010-05-28 21:27:16.331240103 -0400 | 42506 | +++ linux-2.6.32.15/grsecurity/grsum.c 2010-06-26 13:55:39.510774424 -0400 |
42447 | @@ -0,0 +1,59 @@ | 42507 | @@ -0,0 +1,61 @@ |
42448 | +#include <linux/err.h> | 42508 | +#include <linux/err.h> |
42449 | +#include <linux/kernel.h> | 42509 | +#include <linux/kernel.h> |
42450 | +#include <linux/sched.h> | 42510 | +#include <linux/sched.h> |
@@ -42470,6 +42530,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c | |||
42470 | + volatile int dummy = 0; | 42530 | + volatile int dummy = 0; |
42471 | + unsigned int i; | 42531 | + unsigned int i; |
42472 | + | 42532 | + |
42533 | + sg_init_table(&sg, 1); | ||
42534 | + | ||
42473 | + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); | 42535 | + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); |
42474 | + if (IS_ERR(tfm)) { | 42536 | + if (IS_ERR(tfm)) { |
42475 | + /* should never happen, since sha256 should be built in */ | 42537 | + /* should never happen, since sha256 should be built in */ |
@@ -42506,8 +42568,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c | |||
42506 | +} | 42568 | +} |
42507 | diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig | 42569 | diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig |
42508 | --- linux-2.6.32.15/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 | 42570 | --- linux-2.6.32.15/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 |
42509 | +++ linux-2.6.32.15/grsecurity/Kconfig 2010-05-28 21:27:16.331240103 -0400 | 42571 | +++ linux-2.6.32.15/grsecurity/Kconfig 2010-06-26 14:17:55.584309817 -0400 |
42510 | @@ -0,0 +1,965 @@ | 42572 | @@ -0,0 +1,981 @@ |
42511 | +# | 42573 | +# |
42512 | +# grecurity configuration | 42574 | +# grecurity configuration |
42513 | +# | 42575 | +# |
@@ -43342,7 +43404,7 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig | |||
43342 | + all servers it connects to have this option enabled, consider | 43404 | + all servers it connects to have this option enabled, consider |
43343 | + disabling this feature on the haproxy host. | 43405 | + disabling this feature on the haproxy host. |
43344 | + | 43406 | + |
43345 | + If this option is enabled, two sysctl options with names | 43407 | + If the sysctl option is enabled, two sysctl options with names |
43346 | + "ip_blackhole" and "lastack_retries" will be created. | 43408 | + "ip_blackhole" and "lastack_retries" will be created. |
43347 | + While "ip_blackhole" takes the standard zero/non-zero on/off | 43409 | + While "ip_blackhole" takes the standard zero/non-zero on/off |
43348 | + toggle, "lastack_retries" uses the same kinds of values as | 43410 | + toggle, "lastack_retries" uses the same kinds of values as |
@@ -43434,6 +43496,22 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig | |||
43434 | + be set to a non-zero value after all the options are set. | 43496 | + be set to a non-zero value after all the options are set. |
43435 | + *THIS IS EXTREMELY IMPORTANT* | 43497 | + *THIS IS EXTREMELY IMPORTANT* |
43436 | + | 43498 | + |
43499 | +config GRKERNSEC_SYSCTL_DISTRO | ||
43500 | + bool "Extra sysctl support for distro makers (READ HELP)" | ||
43501 | + depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO | ||
43502 | + help | ||
43503 | + If you say Y here, additional sysctl options will be created | ||
43504 | + for features that affect processes running as root. Therefore, | ||
43505 | + it is critical when using this option that the grsec_lock entry be | ||
43506 | + enabled after boot. Only distros with prebuilt kernel packages | ||
43507 | + with this option enabled that can ensure grsec_lock is enabled | ||
43508 | + after boot should use this option. | ||
43509 | + *Failure to set grsec_lock after boot makes all grsec features | ||
43510 | + this option covers useless* | ||
43511 | + | ||
43512 | + Currently this option creates the following sysctl entries: | ||
43513 | + "Disable Privileged I/O": "disable_priv_io" | ||
43514 | + | ||
43437 | +config GRKERNSEC_SYSCTL_ON | 43515 | +config GRKERNSEC_SYSCTL_ON |
43438 | + bool "Turn on features by default" | 43516 | + bool "Turn on features by default" |
43439 | + depends on GRKERNSEC_SYSCTL | 43517 | + depends on GRKERNSEC_SYSCTL |
@@ -44679,8 +44757,8 @@ diff -urNp linux-2.6.32.15/include/linux/genhd.h linux-2.6.32.15/include/linux/g | |||
44679 | struct blk_integrity *integrity; | 44757 | struct blk_integrity *integrity; |
44680 | diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/gracl.h | 44758 | diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/gracl.h |
44681 | --- linux-2.6.32.15/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500 | 44759 | --- linux-2.6.32.15/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500 |
44682 | +++ linux-2.6.32.15/include/linux/gracl.h 2010-05-28 21:27:16.355225759 -0400 | 44760 | +++ linux-2.6.32.15/include/linux/gracl.h 2010-06-19 21:06:17.097881201 -0400 |
44683 | @@ -0,0 +1,309 @@ | 44761 | @@ -0,0 +1,310 @@ |
44684 | +#ifndef GR_ACL_H | 44762 | +#ifndef GR_ACL_H |
44685 | +#define GR_ACL_H | 44763 | +#define GR_ACL_H |
44686 | + | 44764 | + |
@@ -44692,8 +44770,8 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g | |||
44692 | + | 44770 | + |
44693 | +/* Major status information */ | 44771 | +/* Major status information */ |
44694 | + | 44772 | + |
44695 | +#define GR_VERSION "grsecurity 2.1.14" | 44773 | +#define GR_VERSION "grsecurity 2.2.0" |
44696 | +#define GRSECURITY_VERSION 0x2114 | 44774 | +#define GRSECURITY_VERSION 0x2200 |
44697 | + | 44775 | + |
44698 | +enum { | 44776 | +enum { |
44699 | + GR_SHUTDOWN = 0, | 44777 | + GR_SHUTDOWN = 0, |
@@ -44784,6 +44862,7 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g | |||
44784 | + __u32 mode; | 44862 | + __u32 mode; |
44785 | + kernel_cap_t cap_mask; | 44863 | + kernel_cap_t cap_mask; |
44786 | + kernel_cap_t cap_lower; | 44864 | + kernel_cap_t cap_lower; |
44865 | + kernel_cap_t cap_invert_audit; | ||
44787 | + | 44866 | + |
44788 | + struct rlimit res[GR_NLIMITS]; | 44867 | + struct rlimit res[GR_NLIMITS]; |
44789 | + __u32 resmask; | 44868 | + __u32 resmask; |
@@ -45145,7 +45224,7 @@ diff -urNp linux-2.6.32.15/include/linux/grdefs.h linux-2.6.32.15/include/linux/ | |||
45145 | +#endif | 45224 | +#endif |
45146 | diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/linux/grinternal.h | 45225 | diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/linux/grinternal.h |
45147 | --- linux-2.6.32.15/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500 | 45226 | --- linux-2.6.32.15/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500 |
45148 | +++ linux-2.6.32.15/include/linux/grinternal.h 2010-05-28 21:27:16.355225759 -0400 | 45227 | +++ linux-2.6.32.15/include/linux/grinternal.h 2010-06-19 21:46:05.111766483 -0400 |
45149 | @@ -0,0 +1,215 @@ | 45228 | @@ -0,0 +1,215 @@ |
45150 | +#ifndef __GRINTERNAL_H | 45229 | +#ifndef __GRINTERNAL_H |
45151 | +#define __GRINTERNAL_H | 45230 | +#define __GRINTERNAL_H |
@@ -45364,8 +45443,8 @@ diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/li | |||
45364 | +#endif | 45443 | +#endif |
45365 | diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/grmsg.h | 45444 | diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/grmsg.h |
45366 | --- linux-2.6.32.15/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 | 45445 | --- linux-2.6.32.15/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 |
45367 | +++ linux-2.6.32.15/include/linux/grmsg.h 2010-05-28 21:27:16.355225759 -0400 | 45446 | +++ linux-2.6.32.15/include/linux/grmsg.h 2010-06-19 21:06:17.097881201 -0400 |
45368 | @@ -0,0 +1,107 @@ | 45447 | @@ -0,0 +1,108 @@ |
45369 | +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" | 45448 | +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" |
45370 | +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" | 45449 | +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" |
45371 | +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " | 45450 | +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " |
@@ -45461,6 +45540,7 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g | |||
45461 | +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4" | 45540 | +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4" |
45462 | +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " | 45541 | +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " |
45463 | +#define GR_CAP_ACL_MSG "use of %s denied for " | 45542 | +#define GR_CAP_ACL_MSG "use of %s denied for " |
45543 | +#define GR_CAP_ACL_MSG2 "use of %s permitted for " | ||
45464 | +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " | 45544 | +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " |
45465 | +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " | 45545 | +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " |
45466 | +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by " | 45546 | +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by " |
@@ -45475,8 +45555,8 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g | |||
45475 | +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by " | 45555 | +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by " |
45476 | diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/linux/grsecurity.h | 45556 | diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/linux/grsecurity.h |
45477 | --- linux-2.6.32.15/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 | 45557 | --- linux-2.6.32.15/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 |
45478 | +++ linux-2.6.32.15/include/linux/grsecurity.h 2010-05-28 21:27:16.355225759 -0400 | 45558 | +++ linux-2.6.32.15/include/linux/grsecurity.h 2010-06-19 21:45:41.506145931 -0400 |
45479 | @@ -0,0 +1,199 @@ | 45559 | @@ -0,0 +1,200 @@ |
45480 | +#ifndef GR_SECURITY_H | 45560 | +#ifndef GR_SECURITY_H |
45481 | +#define GR_SECURITY_H | 45561 | +#define GR_SECURITY_H |
45482 | +#include <linux/fs.h> | 45562 | +#include <linux/fs.h> |
@@ -45673,6 +45753,7 @@ diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/li | |||
45673 | + struct vm_area_struct *vma); | 45753 | + struct vm_area_struct *vma); |
45674 | + | 45754 | + |
45675 | +extern int grsec_enable_dmesg; | 45755 | +extern int grsec_enable_dmesg; |
45756 | +extern int grsec_disable_privio; | ||
45676 | +#endif | 45757 | +#endif |
45677 | + | 45758 | + |
45678 | +#endif | 45759 | +#endif |
@@ -47637,7 +47718,7 @@ diff -urNp linux-2.6.32.15/init/Kconfig linux-2.6.32.15/init/Kconfig | |||
47637 | also breaks ancient binaries (including anything libc5 based). | 47718 | also breaks ancient binaries (including anything libc5 based). |
47638 | diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c | 47719 | diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c |
47639 | --- linux-2.6.32.15/init/main.c 2010-04-04 20:41:50.060586306 -0400 | 47720 | --- linux-2.6.32.15/init/main.c 2010-04-04 20:41:50.060586306 -0400 |
47640 | +++ linux-2.6.32.15/init/main.c 2010-05-28 21:27:16.427051097 -0400 | 47721 | +++ linux-2.6.32.15/init/main.c 2010-06-19 10:03:39.368801195 -0400 |
47641 | @@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void) | 47722 | @@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void) |
47642 | #ifdef CONFIG_TC | 47723 | #ifdef CONFIG_TC |
47643 | extern void tc_init(void); | 47724 | extern void tc_init(void); |
@@ -47653,7 +47734,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c | |||
47653 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | 47734 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
47654 | +extern void pax_enter_kernel_user(void); | 47735 | +extern void pax_enter_kernel_user(void); |
47655 | +extern void pax_exit_kernel_user(void); | 47736 | +extern void pax_exit_kernel_user(void); |
47656 | +extern pteval_t clone_pgd_mask; | 47737 | +extern pgdval_t clone_pgd_mask; |
47657 | +#endif | 47738 | +#endif |
47658 | + | 47739 | + |
47659 | +#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF) | 47740 | +#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF) |
@@ -47675,7 +47756,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c | |||
47675 | + *p = 0xc3; | 47756 | + *p = 0xc3; |
47676 | + p = (char *)pax_exit_kernel_user; | 47757 | + p = (char *)pax_exit_kernel_user; |
47677 | + *p = 0xc3; | 47758 | + *p = 0xc3; |
47678 | + clone_pgd_mask = ~(pteval_t)0UL; | 47759 | + clone_pgd_mask = ~(pgdval_t)0UL; |
47679 | +#endif | 47760 | +#endif |
47680 | + | 47761 | + |
47681 | + return 0; | 47762 | + return 0; |
@@ -50620,7 +50701,7 @@ diff -urNp linux-2.6.32.15/mm/madvise.c linux-2.6.32.15/mm/madvise.c | |||
50620 | goto out; | 50701 | goto out; |
50621 | diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | 50702 | diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c |
50622 | --- linux-2.6.32.15/mm/memory.c 2010-03-15 11:52:04.000000000 -0400 | 50703 | --- linux-2.6.32.15/mm/memory.c 2010-03-15 11:52:04.000000000 -0400 |
50623 | +++ linux-2.6.32.15/mm/memory.c 2010-05-28 21:27:16.487251224 -0400 | 50704 | +++ linux-2.6.32.15/mm/memory.c 2010-06-19 10:03:50.012498759 -0400 |
50624 | @@ -48,6 +48,7 @@ | 50705 | @@ -48,6 +48,7 @@ |
50625 | #include <linux/ksm.h> | 50706 | #include <linux/ksm.h> |
50626 | #include <linux/rmap.h> | 50707 | #include <linux/rmap.h> |
@@ -50629,7 +50710,33 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50629 | #include <linux/delayacct.h> | 50710 | #include <linux/delayacct.h> |
50630 | #include <linux/init.h> | 50711 | #include <linux/init.h> |
50631 | #include <linux/writeback.h> | 50712 | #include <linux/writeback.h> |
50632 | @@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct | 50713 | @@ -187,8 +188,12 @@ static inline void free_pmd_range(struct |
50714 | return; | ||
50715 | |||
50716 | pmd = pmd_offset(pud, start); | ||
50717 | + | ||
50718 | +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_PER_CPU_PGD) | ||
50719 | pud_clear(pud); | ||
50720 | pmd_free_tlb(tlb, pmd, start); | ||
50721 | +#endif | ||
50722 | + | ||
50723 | } | ||
50724 | |||
50725 | static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, | ||
50726 | @@ -220,8 +225,12 @@ static inline void free_pud_range(struct | ||
50727 | return; | ||
50728 | |||
50729 | pud = pud_offset(pgd, start); | ||
50730 | + | ||
50731 | +#if !defined(CONFIG_X86_64) || !defined(CONFIG_PAX_PER_CPU_PGD) | ||
50732 | pgd_clear(pgd); | ||
50733 | pud_free_tlb(tlb, pud, start); | ||
50734 | +#endif | ||
50735 | + | ||
50736 | } | ||
50737 | |||
50738 | /* | ||
50739 | @@ -1251,10 +1260,10 @@ int __get_user_pages(struct task_struct | ||
50633 | (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); | 50740 | (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); |
50634 | i = 0; | 50741 | i = 0; |
50635 | 50742 | ||
@@ -50642,7 +50749,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50642 | if (!vma && in_gate_area(tsk, start)) { | 50749 | if (!vma && in_gate_area(tsk, start)) { |
50643 | unsigned long pg = start & PAGE_MASK; | 50750 | unsigned long pg = start & PAGE_MASK; |
50644 | struct vm_area_struct *gate_vma = get_gate_vma(tsk); | 50751 | struct vm_area_struct *gate_vma = get_gate_vma(tsk); |
50645 | @@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct | 50752 | @@ -1296,7 +1305,7 @@ int __get_user_pages(struct task_struct |
50646 | continue; | 50753 | continue; |
50647 | } | 50754 | } |
50648 | 50755 | ||
@@ -50651,7 +50758,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50651 | (vma->vm_flags & (VM_IO | VM_PFNMAP)) || | 50758 | (vma->vm_flags & (VM_IO | VM_PFNMAP)) || |
50652 | !(vm_flags & vma->vm_flags)) | 50759 | !(vm_flags & vma->vm_flags)) |
50653 | return i ? : -EFAULT; | 50760 | return i ? : -EFAULT; |
50654 | @@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct | 50761 | @@ -1371,7 +1380,7 @@ int __get_user_pages(struct task_struct |
50655 | start += PAGE_SIZE; | 50762 | start += PAGE_SIZE; |
50656 | nr_pages--; | 50763 | nr_pages--; |
50657 | } while (nr_pages && start < vma->vm_end); | 50764 | } while (nr_pages && start < vma->vm_end); |
@@ -50660,7 +50767,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50660 | return i; | 50767 | return i; |
50661 | } | 50768 | } |
50662 | 50769 | ||
50663 | @@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct | 50770 | @@ -1967,6 +1976,186 @@ static inline void cow_user_page(struct |
50664 | copy_user_highpage(dst, src, va, vma); | 50771 | copy_user_highpage(dst, src, va, vma); |
50665 | } | 50772 | } |
50666 | 50773 | ||
@@ -50847,7 +50954,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50847 | /* | 50954 | /* |
50848 | * This routine handles present pages, when users try to write | 50955 | * This routine handles present pages, when users try to write |
50849 | * to a shared page. It is done by copying the page to a new address | 50956 | * to a shared page. It is done by copying the page to a new address |
50850 | @@ -2146,6 +2327,12 @@ gotten: | 50957 | @@ -2146,6 +2335,12 @@ gotten: |
50851 | */ | 50958 | */ |
50852 | page_table = pte_offset_map_lock(mm, pmd, address, &ptl); | 50959 | page_table = pte_offset_map_lock(mm, pmd, address, &ptl); |
50853 | if (likely(pte_same(*page_table, orig_pte))) { | 50960 | if (likely(pte_same(*page_table, orig_pte))) { |
@@ -50860,7 +50967,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50860 | if (old_page) { | 50967 | if (old_page) { |
50861 | if (!PageAnon(old_page)) { | 50968 | if (!PageAnon(old_page)) { |
50862 | dec_mm_counter(mm, file_rss); | 50969 | dec_mm_counter(mm, file_rss); |
50863 | @@ -2197,6 +2384,10 @@ gotten: | 50970 | @@ -2197,6 +2392,10 @@ gotten: |
50864 | page_remove_rmap(old_page); | 50971 | page_remove_rmap(old_page); |
50865 | } | 50972 | } |
50866 | 50973 | ||
@@ -50871,7 +50978,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50871 | /* Free the old page.. */ | 50978 | /* Free the old page.. */ |
50872 | new_page = old_page; | 50979 | new_page = old_page; |
50873 | ret |= VM_FAULT_WRITE; | 50980 | ret |= VM_FAULT_WRITE; |
50874 | @@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct | 50981 | @@ -2594,6 +2793,11 @@ static int do_swap_page(struct mm_struct |
50875 | swap_free(entry); | 50982 | swap_free(entry); |
50876 | if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) | 50983 | if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) |
50877 | try_to_free_swap(page); | 50984 | try_to_free_swap(page); |
@@ -50883,7 +50990,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50883 | unlock_page(page); | 50990 | unlock_page(page); |
50884 | 50991 | ||
50885 | if (flags & FAULT_FLAG_WRITE) { | 50992 | if (flags & FAULT_FLAG_WRITE) { |
50886 | @@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct | 50993 | @@ -2605,6 +2809,11 @@ static int do_swap_page(struct mm_struct |
50887 | 50994 | ||
50888 | /* No need to invalidate - it was non-present before */ | 50995 | /* No need to invalidate - it was non-present before */ |
50889 | update_mmu_cache(vma, address, pte); | 50996 | update_mmu_cache(vma, address, pte); |
@@ -50895,7 +51002,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50895 | unlock: | 51002 | unlock: |
50896 | pte_unmap_unlock(page_table, ptl); | 51003 | pte_unmap_unlock(page_table, ptl); |
50897 | out: | 51004 | out: |
50898 | @@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s | 51005 | @@ -2628,7 +2837,7 @@ static int do_anonymous_page(struct mm_s |
50899 | unsigned long address, pte_t *page_table, pmd_t *pmd, | 51006 | unsigned long address, pte_t *page_table, pmd_t *pmd, |
50900 | unsigned int flags) | 51007 | unsigned int flags) |
50901 | { | 51008 | { |
@@ -50904,7 +51011,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50904 | spinlock_t *ptl; | 51011 | spinlock_t *ptl; |
50905 | pte_t entry; | 51012 | pte_t entry; |
50906 | 51013 | ||
50907 | @@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s | 51014 | @@ -2663,6 +2872,11 @@ static int do_anonymous_page(struct mm_s |
50908 | if (!pte_none(*page_table)) | 51015 | if (!pte_none(*page_table)) |
50909 | goto release; | 51016 | goto release; |
50910 | 51017 | ||
@@ -50916,7 +51023,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50916 | inc_mm_counter(mm, anon_rss); | 51023 | inc_mm_counter(mm, anon_rss); |
50917 | page_add_new_anon_rmap(page, vma, address); | 51024 | page_add_new_anon_rmap(page, vma, address); |
50918 | setpte: | 51025 | setpte: |
50919 | @@ -2670,6 +2876,12 @@ setpte: | 51026 | @@ -2670,6 +2884,12 @@ setpte: |
50920 | 51027 | ||
50921 | /* No need to invalidate - it was non-present before */ | 51028 | /* No need to invalidate - it was non-present before */ |
50922 | update_mmu_cache(vma, address, entry); | 51029 | update_mmu_cache(vma, address, entry); |
@@ -50929,7 +51036,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50929 | unlock: | 51036 | unlock: |
50930 | pte_unmap_unlock(page_table, ptl); | 51037 | pte_unmap_unlock(page_table, ptl); |
50931 | return 0; | 51038 | return 0; |
50932 | @@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct * | 51039 | @@ -2812,6 +3032,12 @@ static int __do_fault(struct mm_struct * |
50933 | */ | 51040 | */ |
50934 | /* Only go through if we didn't race with anybody else... */ | 51041 | /* Only go through if we didn't race with anybody else... */ |
50935 | if (likely(pte_same(*page_table, orig_pte))) { | 51042 | if (likely(pte_same(*page_table, orig_pte))) { |
@@ -50942,7 +51049,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50942 | flush_icache_page(vma, page); | 51049 | flush_icache_page(vma, page); |
50943 | entry = mk_pte(page, vma->vm_page_prot); | 51050 | entry = mk_pte(page, vma->vm_page_prot); |
50944 | if (flags & FAULT_FLAG_WRITE) | 51051 | if (flags & FAULT_FLAG_WRITE) |
50945 | @@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct * | 51052 | @@ -2831,6 +3057,14 @@ static int __do_fault(struct mm_struct * |
50946 | 51053 | ||
50947 | /* no need to invalidate: a not-present page won't be cached */ | 51054 | /* no need to invalidate: a not-present page won't be cached */ |
50948 | update_mmu_cache(vma, address, entry); | 51055 | update_mmu_cache(vma, address, entry); |
@@ -50957,7 +51064,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50957 | } else { | 51064 | } else { |
50958 | if (charged) | 51065 | if (charged) |
50959 | mem_cgroup_uncharge_page(page); | 51066 | mem_cgroup_uncharge_page(page); |
50960 | @@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc | 51067 | @@ -2978,6 +3212,12 @@ static inline int handle_pte_fault(struc |
50961 | if (flags & FAULT_FLAG_WRITE) | 51068 | if (flags & FAULT_FLAG_WRITE) |
50962 | flush_tlb_page(vma, address); | 51069 | flush_tlb_page(vma, address); |
50963 | } | 51070 | } |
@@ -50970,7 +51077,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50970 | unlock: | 51077 | unlock: |
50971 | pte_unmap_unlock(pte, ptl); | 51078 | pte_unmap_unlock(pte, ptl); |
50972 | return 0; | 51079 | return 0; |
50973 | @@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm | 51080 | @@ -2994,6 +3234,10 @@ int handle_mm_fault(struct mm_struct *mm |
50974 | pmd_t *pmd; | 51081 | pmd_t *pmd; |
50975 | pte_t *pte; | 51082 | pte_t *pte; |
50976 | 51083 | ||
@@ -50981,7 +51088,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
50981 | __set_current_state(TASK_RUNNING); | 51088 | __set_current_state(TASK_RUNNING); |
50982 | 51089 | ||
50983 | count_vm_event(PGFAULT); | 51090 | count_vm_event(PGFAULT); |
50984 | @@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm | 51091 | @@ -3001,6 +3245,34 @@ int handle_mm_fault(struct mm_struct *mm |
50985 | if (unlikely(is_vm_hugetlb_page(vma))) | 51092 | if (unlikely(is_vm_hugetlb_page(vma))) |
50986 | return hugetlb_fault(mm, vma, address, flags); | 51093 | return hugetlb_fault(mm, vma, address, flags); |
50987 | 51094 | ||
@@ -51016,7 +51123,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c | |||
51016 | pgd = pgd_offset(mm, address); | 51123 | pgd = pgd_offset(mm, address); |
51017 | pud = pud_alloc(mm, pgd, address); | 51124 | pud = pud_alloc(mm, pgd, address); |
51018 | if (!pud) | 51125 | if (!pud) |
51019 | @@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void) | 51126 | @@ -3098,7 +3370,7 @@ static int __init gate_vma_init(void) |
51020 | gate_vma.vm_start = FIXADDR_USER_START; | 51127 | gate_vma.vm_start = FIXADDR_USER_START; |
51021 | gate_vma.vm_end = FIXADDR_USER_END; | 51128 | gate_vma.vm_end = FIXADDR_USER_END; |
51022 | gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; | 51129 | gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; |
@@ -54054,36 +54161,72 @@ diff -urNp linux-2.6.32.15/net/ipv6/raw.c linux-2.6.32.15/net/ipv6/raw.c | |||
54054 | { | 54161 | { |
54055 | diff -urNp linux-2.6.32.15/net/ipv6/tcp_ipv6.c linux-2.6.32.15/net/ipv6/tcp_ipv6.c | 54162 | diff -urNp linux-2.6.32.15/net/ipv6/tcp_ipv6.c linux-2.6.32.15/net/ipv6/tcp_ipv6.c |
54056 | --- linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-03-15 11:52:04.000000000 -0400 | 54163 | --- linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-03-15 11:52:04.000000000 -0400 |
54057 | +++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-05-28 21:27:16.624385427 -0400 | 54164 | +++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-06-26 14:14:12.642949877 -0400 |
54058 | @@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk | 54165 | @@ -88,6 +88,10 @@ static struct tcp_md5sig_key *tcp_v6_md5 |
54059 | return 0; | 54166 | } |
54167 | #endif | ||
54060 | 54168 | ||
54061 | reset: | ||
54062 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | 54169 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE |
54063 | + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK)) | 54170 | +extern int grsec_enable_blackhole; |
54064 | +#endif | 54171 | +#endif |
54065 | tcp_v6_send_reset(sk, skb); | 54172 | + |
54066 | discard: | 54173 | static void tcp_v6_hash(struct sock *sk) |
54067 | if (opt_skb) | 54174 | { |
54068 | @@ -1700,6 +1703,9 @@ no_tcp_socket: | 54175 | if (sk->sk_state != TCP_CLOSE) { |
54176 | @@ -1655,12 +1659,20 @@ static int tcp_v6_rcv(struct sk_buff *sk | ||
54177 | TCP_SKB_CB(skb)->sacked = 0; | ||
54178 | |||
54179 | sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); | ||
54180 | - if (!sk) | ||
54181 | + if (!sk) { | ||
54182 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | ||
54183 | + ret = 1; | ||
54184 | +#endif | ||
54185 | goto no_tcp_socket; | ||
54186 | + } | ||
54187 | |||
54188 | process: | ||
54189 | - if (sk->sk_state == TCP_TIME_WAIT) | ||
54190 | + if (sk->sk_state == TCP_TIME_WAIT) { | ||
54191 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | ||
54192 | + ret = 2; | ||
54193 | +#endif | ||
54194 | goto do_time_wait; | ||
54195 | + } | ||
54196 | |||
54197 | if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) | ||
54198 | goto discard_and_relse; | ||
54199 | @@ -1700,6 +1712,10 @@ no_tcp_socket: | ||
54069 | bad_packet: | 54200 | bad_packet: |
54070 | TCP_INC_STATS_BH(net, TCP_MIB_INERRS); | 54201 | TCP_INC_STATS_BH(net, TCP_MIB_INERRS); |
54071 | } else { | 54202 | } else { |
54072 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | 54203 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE |
54073 | + if (skb->dev->flags & IFF_LOOPBACK) | 54204 | + if (!grsec_enable_blackhole || (ret == 1 && |
54205 | + (skb->dev->flags & IFF_LOOPBACK))) | ||
54074 | +#endif | 54206 | +#endif |
54075 | tcp_v6_send_reset(NULL, skb); | 54207 | tcp_v6_send_reset(NULL, skb); |
54076 | } | 54208 | } |
54077 | 54209 | ||
54078 | diff -urNp linux-2.6.32.15/net/ipv6/udp.c linux-2.6.32.15/net/ipv6/udp.c | 54210 | diff -urNp linux-2.6.32.15/net/ipv6/udp.c linux-2.6.32.15/net/ipv6/udp.c |
54079 | --- linux-2.6.32.15/net/ipv6/udp.c 2010-03-15 11:52:04.000000000 -0400 | 54211 | --- linux-2.6.32.15/net/ipv6/udp.c 2010-03-15 11:52:04.000000000 -0400 |
54080 | +++ linux-2.6.32.15/net/ipv6/udp.c 2010-05-28 21:27:16.631258014 -0400 | 54212 | +++ linux-2.6.32.15/net/ipv6/udp.c 2010-06-26 14:15:10.978789054 -0400 |
54081 | @@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, | 54213 | @@ -49,6 +49,10 @@ |
54214 | #include <linux/seq_file.h> | ||
54215 | #include "udp_impl.h" | ||
54216 | |||
54217 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | ||
54218 | +extern int grsec_enable_blackhole; | ||
54219 | +#endif | ||
54220 | + | ||
54221 | int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) | ||
54222 | { | ||
54223 | const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; | ||
54224 | @@ -587,6 +591,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, | ||
54082 | UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, | 54225 | UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, |
54083 | proto == IPPROTO_UDPLITE); | 54226 | proto == IPPROTO_UDPLITE); |
54084 | 54227 | ||
54085 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE | 54228 | +#ifdef CONFIG_GRKERNSEC_BLACKHOLE |
54086 | + if (skb->dev->flags & IFF_LOOPBACK) | 54229 | + if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) |
54087 | +#endif | 54230 | +#endif |
54088 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev); | 54231 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev); |
54089 | 54232 | ||
@@ -55299,7 +55442,7 @@ diff -urNp linux-2.6.32.15/security/Kconfig linux-2.6.32.15/security/Kconfig | |||
55299 | +config PAX_KERNEXEC | 55442 | +config PAX_KERNEXEC |
55300 | + bool "Enforce non-executable kernel pages" | 55443 | + bool "Enforce non-executable kernel pages" |
55301 | + depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN | 55444 | + depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN |
55302 | + select PAX_PER_CPU_PGD if X86_64 | 55445 | + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) |
55303 | + help | 55446 | + help |
55304 | + This is the kernel land equivalent of PAGEEXEC and MPROTECT, | 55447 | + This is the kernel land equivalent of PAGEEXEC and MPROTECT, |
55305 | + that is, enabling this option will make it harder to inject | 55448 | + that is, enabling this option will make it harder to inject |
diff --git a/main/lua-uuid/APKBUILD b/main/lua-uuid/APKBUILD index 6e760893c9..82f00bf3a7 100644 --- a/main/lua-uuid/APKBUILD +++ b/main/lua-uuid/APKBUILD | |||
@@ -28,4 +28,4 @@ package() { | |||
28 | install -Dm755 uuid.so "$pkgdir"/usr/lib/lua/5.1/uuid.so | 28 | install -Dm755 uuid.so "$pkgdir"/usr/lib/lua/5.1/uuid.so |
29 | } | 29 | } |
30 | 30 | ||
31 | md5sums="e5bd7c2cf563ac4192b793934f545f49 luuid.tar.gz" | 31 | md5sums="75f2e8c808c0fb375d9ec5255fd5d4de luuid.tar.gz" |
diff --git a/main/lvm2/APKBUILD b/main/lvm2/APKBUILD index 4be2a3f9bb..4316aadeaa 100644 --- a/main/lvm2/APKBUILD +++ b/main/lvm2/APKBUILD | |||
@@ -1,6 +1,6 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=lvm2 | 2 | pkgname=lvm2 |
3 | pkgver=2.02.66 | 3 | pkgver=2.02.68 |
4 | pkgrel=0 | 4 | pkgrel=0 |
5 | pkgdesc="Logical Volume Manager 2 utilities" | 5 | pkgdesc="Logical Volume Manager 2 utilities" |
6 | url="http://sourceware.org/lvm2/" | 6 | url="http://sourceware.org/lvm2/" |
@@ -47,6 +47,6 @@ dm() { | |||
47 | mv "$pkgdir"/sbin/dm* "$subpkgdir"/sbin/ | 47 | mv "$pkgdir"/sbin/dm* "$subpkgdir"/sbin/ |
48 | } | 48 | } |
49 | 49 | ||
50 | md5sums="59766571610a4298f8bedf9f73839050 LVM2.2.02.66.tgz | 50 | md5sums="20357ea7918c4e967e558de53ec74969 LVM2.2.02.68.tgz |
51 | 6f65f902cf19f144a42b8d6aceadf395 lvm.initd | 51 | 6f65f902cf19f144a42b8d6aceadf395 lvm.initd |
52 | ec36d5fe4561220304e406c5c797e71f lvm.confd" | 52 | ec36d5fe4561220304e406c5c797e71f lvm.confd" |
diff --git a/main/mlmmj/APKBUILD b/main/mlmmj/APKBUILD index 1a8e30b50e..fecf39625d 100644 --- a/main/mlmmj/APKBUILD +++ b/main/mlmmj/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=mlmmj | 2 | pkgname=mlmmj |
3 | pkgver=1.2.16 | 3 | pkgver=1.2.17 |
4 | pkgrel=2 | 4 | pkgrel=0 |
5 | pkgdesc="Mailing list managing made joyful" | 5 | pkgdesc="Mailing list managing made joyful" |
6 | url="http://mlmmj.org/" | 6 | url="http://mlmmj.org/" |
7 | license="MIT" | 7 | license="MIT" |
@@ -23,4 +23,4 @@ package() { | |||
23 | install -d "$pkgdir"/usr/share/mlmmj/texts | 23 | install -d "$pkgdir"/usr/share/mlmmj/texts |
24 | cp -r listtexts/* "$pkgdir"/usr/share/mlmmj/texts/ | 24 | cp -r listtexts/* "$pkgdir"/usr/share/mlmmj/texts/ |
25 | } | 25 | } |
26 | md5sums="9ea7ba91ccb55b9edf3e5148537364e3 mlmmj-1.2.16.tar.bz2" | 26 | md5sums="bff8050f14f2084d661421135be685ad mlmmj-1.2.17.tar.bz2" |
diff --git a/main/mpfr3/APKBUILD b/main/mpfr3/APKBUILD index 54e07b2832..31d912402d 100644 --- a/main/mpfr3/APKBUILD +++ b/main/mpfr3/APKBUILD | |||
@@ -1,12 +1,12 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=mpfr3 | 2 | pkgname=mpfr3 |
3 | pkgver=3.0.0 | 3 | pkgver=3.0.0 |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | pkgdesc="multiple-precision floating-point library" | 5 | pkgdesc="multiple-precision floating-point library" |
6 | url="http://www.mpfr.org/" | 6 | url="http://www.mpfr.org/" |
7 | license="GPL LGPL" | 7 | license="GPL LGPL" |
8 | depends= | 8 | depends= |
9 | makedepends="gmp5-dev texinfo" | 9 | makedepends="gmp-dev texinfo" |
10 | source="http://www.mpfr.org/mpfr-current/mpfr-$pkgver.tar.bz2" | 10 | source="http://www.mpfr.org/mpfr-current/mpfr-$pkgver.tar.bz2" |
11 | subpackages="$pkgname-doc mpfr-dev:dev" | 11 | subpackages="$pkgname-doc mpfr-dev:dev" |
12 | 12 | ||
diff --git a/testing/opentracker/APKBUILD b/main/opentracker/APKBUILD index 642b0d0b54..681d552639 100644 --- a/testing/opentracker/APKBUILD +++ b/main/opentracker/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: | 2 | # Maintainer: |
3 | pkgname=opentracker | 3 | pkgname=opentracker |
4 | pkgver=0_cvs20100625 | 4 | pkgver=0_cvs20100625 |
5 | pkgrel=0 | 5 | pkgrel=1 |
6 | pkgdesc="an open and free bittorrent tracker" | 6 | pkgdesc="an open and free bittorrent tracker" |
7 | url="http://erdgeist.org/arts/software/opentracker/" | 7 | url="http://erdgeist.org/arts/software/opentracker/" |
8 | license="GPL" | 8 | license="GPL" |
diff --git a/testing/opentracker/opentracker.initd b/main/opentracker/opentracker.initd index 33d2817787..33d2817787 100644 --- a/testing/opentracker/opentracker.initd +++ b/main/opentracker/opentracker.initd | |||
diff --git a/main/opentracker/opentracker.pre-install b/main/opentracker/opentracker.pre-install new file mode 100644 index 0000000000..c6fc95ed1b --- /dev/null +++ b/main/opentracker/opentracker.pre-install | |||
@@ -0,0 +1,5 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | adduser -D -S -H -h /var/empty -s /sbin/false opentracker 2>/dev/null | ||
4 | exit 0 | ||
5 | |||
diff --git a/main/pax-utils/APKBUILD b/main/pax-utils/APKBUILD index b01ea58cd6..4a7069bc0d 100644 --- a/main/pax-utils/APKBUILD +++ b/main/pax-utils/APKBUILD | |||
@@ -17,4 +17,4 @@ build() { | |||
17 | make DESTDIR="$pkgdir/" install | 17 | make DESTDIR="$pkgdir/" install |
18 | } | 18 | } |
19 | 19 | ||
20 | md5sums="a2097463fd5a34dd707b2d72d84aea89 pax-utils-0.2.tar.bz2" | 20 | md5sums="15a6f2ddadedac0ab6cd4b0683b767b9 pax-utils-0.2.tar.bz2" |
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index 7c044c8c22..7078294843 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD | |||
@@ -3,7 +3,7 @@ | |||
3 | pkgname=php | 3 | pkgname=php |
4 | pkgver=5.3.2 | 4 | pkgver=5.3.2 |
5 | _suhosinver=${pkgver}-0.9.9.1 | 5 | _suhosinver=${pkgver}-0.9.9.1 |
6 | pkgrel=6 | 6 | pkgrel=7 |
7 | pkgdesc="The PHP language runtime engine" | 7 | pkgdesc="The PHP language runtime engine" |
8 | url="http://www.php.net/" | 8 | url="http://www.php.net/" |
9 | license="PHP-3" | 9 | license="PHP-3" |
@@ -12,7 +12,7 @@ install="$pkgname.post-upgrade" | |||
12 | makedepends="pcre-dev libxml2-dev libiconv-dev openssl-dev zlib-dev bzip2-dev | 12 | makedepends="pcre-dev libxml2-dev libiconv-dev openssl-dev zlib-dev bzip2-dev |
13 | curl-dev libpng-dev jpeg-dev freetype-dev libmcrypt-dev mysql-dev | 13 | curl-dev libpng-dev jpeg-dev freetype-dev libmcrypt-dev mysql-dev |
14 | sqlite-dev libtool libltdl postgresql-dev db-dev unixodbc-dev icu-dev | 14 | sqlite-dev libtool libltdl postgresql-dev db-dev unixodbc-dev icu-dev |
15 | gd-dev gmp5-dev gettext-dev imap-dev aspell-dev | 15 | gd-dev gmp-dev gettext-dev imap-dev aspell-dev |
16 | net-snmp-dev libxslt-dev cyrus-sasl-dev openldap-dev pkgconfig | 16 | net-snmp-dev libxslt-dev cyrus-sasl-dev openldap-dev pkgconfig |
17 | libgcrypt-dev" | 17 | libgcrypt-dev" |
18 | subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear | 18 | subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear |
diff --git a/main/syslinux/APKBUILD b/main/syslinux/APKBUILD index d4d8ca0002..bc55a97ec0 100644 --- a/main/syslinux/APKBUILD +++ b/main/syslinux/APKBUILD | |||
@@ -1,21 +1,19 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=syslinux | 2 | pkgname=syslinux |
3 | pkgver=3.86 | 3 | pkgver=4.00 |
4 | pkgrel=1 | 4 | pkgrel=0 |
5 | pkgdesc="a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem." | 5 | pkgdesc="a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem." |
6 | url="http://syslinux.org" | 6 | url="http://syslinux.org" |
7 | license="GPL" | 7 | license="GPL" |
8 | makedepends="nasm perl" | 8 | makedepends="nasm perl" |
9 | depends="mtools" | 9 | depends="mtools" |
10 | source="http://www.kernel.org/pub/linux/utils/boot/syslinux/3.xx/$pkgname-$pkgver.tar.bz2 | 10 | source="http://www.kernel.org/pub/linux/utils/boot/syslinux/${pkgver%%.*}.xx/$pkgname-$pkgver.tar.bz2 |
11 | $pkgname-3.86-nopie.patch | ||
12 | " | 11 | " |
13 | subpackages="$pkgname-doc" | 12 | subpackages="$pkgname-doc" |
14 | 13 | ||
15 | _builddir="$srcdir"/$pkgname-$pkgver | 14 | _builddir="$srcdir"/$pkgname-$pkgver |
16 | prepare() { | 15 | prepare() { |
17 | cd "$_builddir" | 16 | cd "$_builddir" |
18 | patch -p1 < ../$pkgname-3.86-nopie.patch || return 1 | ||
19 | } | 17 | } |
20 | 18 | ||
21 | build() { | 19 | build() { |
@@ -29,5 +27,4 @@ package() { | |||
29 | make INSTALLROOT="$pkgdir" MANDIR=/usr/share/man local-install | 27 | make INSTALLROOT="$pkgdir" MANDIR=/usr/share/man local-install |
30 | } | 28 | } |
31 | 29 | ||
32 | md5sums="d6fb0231e82190b4932b2aa20274911a syslinux-3.86.tar.bz2 | 30 | md5sums="5a475dc9a37ecf7b0beec93eca474f5c syslinux-4.00.tar.bz2" |
33 | 5852d62ba0772cf967156a75451e6066 syslinux-3.86-nopie.patch" | ||
diff --git a/main/uiconv/APKBUILD b/main/uiconv/APKBUILD index ec563413de..1e4aac3b43 100644 --- a/main/uiconv/APKBUILD +++ b/main/uiconv/APKBUILD | |||
@@ -14,4 +14,4 @@ build() { | |||
14 | make DESTDIR="$pkgdir" PREFIX=/usr/uiconv install | 14 | make DESTDIR="$pkgdir" PREFIX=/usr/uiconv install |
15 | } | 15 | } |
16 | 16 | ||
17 | md5sums="de2ce8da53f32bdec578e1f0270fa15d uiconv-0.3.tar.bz2" | 17 | md5sums="5cd7f80085324d08cb976fec674cd98d uiconv-0.3.tar.bz2" |
diff --git a/rebuild-alpine.sh b/rebuild-alpine.sh index a163e8a70b..5f975dd159 100755 --- a/rebuild-alpine.sh +++ b/rebuild-alpine.sh | |||
@@ -1,9 +1,11 @@ | |||
1 | rootdir=$(pwd) | 1 | rootdir=$(pwd -P) |
2 | 2 | ||
3 | distclean () { | 3 | distclean () { |
4 | echo "Removing traces of previous builds from $rootdir" | ||
4 | local allpkgs=$(find $rootdir -maxdepth 3 -name APKBUILD -print | sed -e 's/\/APKBUILD//g' | sort) | 5 | local allpkgs=$(find $rootdir -maxdepth 3 -name APKBUILD -print | sed -e 's/\/APKBUILD//g' | sort) |
5 | for p in $allpkgs ; do | 6 | for p in $allpkgs ; do |
6 | cd $p | 7 | cd $p |
8 | pwd | ||
7 | abuild clean 2>&1 | 9 | abuild clean 2>&1 |
8 | abuild cleanoldpkg 2>&1 | 10 | abuild cleanoldpkg 2>&1 |
9 | abuild cleanpkg 2>&1 | 11 | abuild cleanpkg 2>&1 |
@@ -16,7 +18,7 @@ build () { | |||
16 | local maintainer | 18 | local maintainer |
17 | local pkgno | 19 | local pkgno |
18 | local failed | 20 | local failed |
19 | pkgs=$(./aport.lua deplist $rootdir $1) | 21 | pkgs=$($rootdir/aport.lua deplist $rootdir $1) |
20 | pktcnt=$(echo $pkgs | wc -w) | 22 | pktcnt=$(echo $pkgs | wc -w) |
21 | pkgno=0 | 23 | pkgno=0 |
22 | failed=0 | 24 | failed=0 |
@@ -42,14 +44,19 @@ build () { | |||
42 | 44 | ||
43 | touch START_OF_BUILD.txt | 45 | touch START_OF_BUILD.txt |
44 | 46 | ||
45 | if [ "$1" != "noclean" ] ; then | 47 | if [ "$1" = "clean" ] ; then |
46 | echo "Removing traces of previous builds" | 48 | echo "Invoked with 'clean' option. This will take a while ..." |
47 | tmp=$(distclean) | 49 | tmp=$(distclean) |
50 | echo "Done" | ||
48 | fi | 51 | fi |
49 | 52 | ||
50 | echo "Refresh aports tree" | 53 | echo "Refresh aports tree" |
51 | git pull | 54 | git pull |
52 | 55 | ||
56 | #cd main/build-base | ||
57 | #abuild -Ru | ||
58 | #cd $rootdir | ||
59 | |||
53 | for s in main testing unstable ; do | 60 | for s in main testing unstable ; do |
54 | echo "Building packages in $s" | 61 | echo "Building packages in $s" |
55 | build $s | 62 | build $s |
diff --git a/testing/opentracker/opentracker.pre-install b/testing/opentracker/opentracker.pre-install deleted file mode 100644 index 942fcd6706..0000000000 --- a/testing/opentracker/opentracker.pre-install +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | adduser -D -S -h /var/empty -s /sbin/false opentracker 2>/dev/null | ||
4 | exit 0 | ||
5 | |||
diff --git a/testing/py-crypto/APKBUILD b/testing/py-crypto/APKBUILD index 75f31dd658..a1beecb8fd 100644 --- a/testing/py-crypto/APKBUILD +++ b/testing/py-crypto/APKBUILD | |||
@@ -1,12 +1,12 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=py-crypto | 2 | pkgname=py-crypto |
3 | pkgver=2.0.1 | 3 | pkgver=2.0.1 |
4 | pkgrel=2 | 4 | pkgrel=3 |
5 | pkgdesc="A collection of cryptographic algorithms and protocols, implemented for use from Python." | 5 | pkgdesc="A collection of cryptographic algorithms and protocols, implemented for use from Python." |
6 | url="http://www.amk.ca/python/code/crypto.html" | 6 | url="http://www.amk.ca/python/code/crypto.html" |
7 | license="GPL" | 7 | license="GPL" |
8 | depends="python" | 8 | depends="python" |
9 | makedepends="gmp5-dev python-dev" | 9 | makedepends="gmp-dev python-dev" |
10 | source="http://www.amk.ca/files/python/crypto/pycrypto-$pkgver.tar.gz" | 10 | source="http://www.amk.ca/files/python/crypto/pycrypto-$pkgver.tar.gz" |
11 | 11 | ||
12 | _builddir="$srcdir"/pycrypto-$pkgver | 12 | _builddir="$srcdir"/pycrypto-$pkgver |