diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2010-09-23 06:20:01 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-09-23 07:33:09 +0000 |
commit | e41004cd55e2563cefc22d252ca04afc54609801 (patch) | |
tree | 9401548aa332de0b39e4d3ad5bbab26826e6d1d1 | |
parent | 7f00b20f556a53bbaad9d840ea1a31ab683bb446 (diff) | |
download | alpine_aports-e41004cd55e2563cefc22d252ca04afc54609801.tar.bz2 alpine_aports-e41004cd55e2563cefc22d252ca04afc54609801.tar.xz alpine_aports-e41004cd55e2563cefc22d252ca04afc54609801.zip |
main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.22-201009221846
(cherry picked from commit 1319da73758e07bb45fdcf090916563dbaed229f)
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch) | 90 |
2 files changed, 86 insertions, 10 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index dd833a628a..ea0b8a72de 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
@@ -4,7 +4,7 @@ _flavor=grsec | |||
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=2.6.32.22 | 5 | pkgver=2.6.32.22 |
6 | _kernver=2.6.32 | 6 | _kernver=2.6.32 |
7 | pkgrel=0 | 7 | pkgrel=1 |
8 | pkgdesc="Linux kernel with grsecurity" | 8 | pkgdesc="Linux kernel with grsecurity" |
9 | url=http://grsecurity.net | 9 | url=http://grsecurity.net |
10 | depends="mkinitfs linux-firmware" | 10 | depends="mkinitfs linux-firmware" |
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} | |||
14 | install= | 14 | install= |
15 | source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 | 15 | source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 |
16 | ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 | 16 | ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 |
17 | grsecurity-2.2.0-2.6.32.22-201009212029.patch | 17 | grsecurity-2.2.0-2.6.32.22-201009221846.patch |
18 | 0001-grsec-revert-conflicting-flow-cache-changes.patch | 18 | 0001-grsec-revert-conflicting-flow-cache-changes.patch |
19 | 0002-gre-fix-hard-header-destination-address-checking.patch | 19 | 0002-gre-fix-hard-header-destination-address-checking.patch |
20 | 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch | 20 | 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch |
@@ -151,7 +151,7 @@ firmware() { | |||
151 | 151 | ||
152 | md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 | 152 | md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 |
153 | da1431a1d659298c6bd11714416c840f patch-2.6.32.22.bz2 | 153 | da1431a1d659298c6bd11714416c840f patch-2.6.32.22.bz2 |
154 | caa5e3eb3d335bdfe478c1e706e48305 grsecurity-2.2.0-2.6.32.22-201009212029.patch | 154 | 1e317ab1a66955c89e73200a1787b58d grsecurity-2.2.0-2.6.32.22-201009221846.patch |
155 | 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch | 155 | 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch |
156 | 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch | 156 | 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch |
157 | 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch | 157 | 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch |
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch index 172bdc9fd4..41fb7c83f3 100644 --- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch | |||
@@ -6263,7 +6263,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_32.h linux-2.6.32.22/arch | |||
6263 | extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); | 6263 | extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); |
6264 | diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h | 6264 | diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h |
6265 | --- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400 | 6265 | --- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400 |
6266 | +++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-17 20:46:00.000000000 -0400 | 6266 | +++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-21 20:46:18.000000000 -0400 |
6267 | @@ -24,6 +24,17 @@ static inline int atomic_read(const atom | 6267 | @@ -24,6 +24,17 @@ static inline int atomic_read(const atom |
6268 | } | 6268 | } |
6269 | 6269 | ||
@@ -6550,7 +6550,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch | |||
6550 | #define atomic_inc_return(v) (atomic_add_return(1, v)) | 6550 | #define atomic_inc_return(v) (atomic_add_return(1, v)) |
6551 | +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) | 6551 | +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) |
6552 | +{ | 6552 | +{ |
6553 | + return atomic_add_return(1, v); | 6553 | + return atomic_add_return_unchecked(1, v); |
6554 | +} | 6554 | +} |
6555 | #define atomic_dec_return(v) (atomic_sub_return(1, v)) | 6555 | #define atomic_dec_return(v) (atomic_sub_return(1, v)) |
6556 | 6556 | ||
@@ -30074,6 +30074,65 @@ diff -urNp linux-2.6.32.22/drivers/video/vesafb.c linux-2.6.32.22/drivers/video/ | |||
30074 | if (info->screen_base) | 30074 | if (info->screen_base) |
30075 | iounmap(info->screen_base); | 30075 | iounmap(info->screen_base); |
30076 | framebuffer_release(info); | 30076 | framebuffer_release(info); |
30077 | diff -urNp linux-2.6.32.22/drivers/xen/events.c linux-2.6.32.22/drivers/xen/events.c | ||
30078 | --- linux-2.6.32.22/drivers/xen/events.c 2010-09-20 17:26:42.000000000 -0400 | ||
30079 | +++ linux-2.6.32.22/drivers/xen/events.c 2010-09-21 21:18:38.000000000 -0400 | ||
30080 | @@ -106,7 +106,6 @@ static inline unsigned long *cpu_evtchn_ | ||
30081 | #define VALID_EVTCHN(chn) ((chn) != 0) | ||
30082 | |||
30083 | static struct irq_chip xen_dynamic_chip; | ||
30084 | -static struct irq_chip xen_percpu_chip; | ||
30085 | |||
30086 | /* Constructor for packed IRQ information. */ | ||
30087 | static struct irq_info mk_unbound_info(void) | ||
30088 | @@ -363,7 +362,7 @@ int bind_evtchn_to_irq(unsigned int evtc | ||
30089 | irq = find_unbound_irq(); | ||
30090 | |||
30091 | set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, | ||
30092 | - handle_edge_irq, "event"); | ||
30093 | + handle_level_irq, "event"); | ||
30094 | |||
30095 | evtchn_to_irq[evtchn] = irq; | ||
30096 | irq_info[irq] = mk_evtchn_info(evtchn); | ||
30097 | @@ -389,8 +388,8 @@ static int bind_ipi_to_irq(unsigned int | ||
30098 | if (irq < 0) | ||
30099 | goto out; | ||
30100 | |||
30101 | - set_irq_chip_and_handler_name(irq, &xen_percpu_chip, | ||
30102 | - handle_percpu_irq, "ipi"); | ||
30103 | + set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, | ||
30104 | + handle_level_irq, "ipi"); | ||
30105 | |||
30106 | bind_ipi.vcpu = cpu; | ||
30107 | if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_ipi, | ||
30108 | @@ -430,8 +429,8 @@ static int bind_virq_to_irq(unsigned int | ||
30109 | |||
30110 | irq = find_unbound_irq(); | ||
30111 | |||
30112 | - set_irq_chip_and_handler_name(irq, &xen_percpu_chip, | ||
30113 | - handle_percpu_irq, "virq"); | ||
30114 | + set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, | ||
30115 | + handle_level_irq, "virq"); | ||
30116 | |||
30117 | evtchn_to_irq[evtchn] = irq; | ||
30118 | irq_info[irq] = mk_virq_info(evtchn, virq); | ||
30119 | @@ -930,16 +929,6 @@ static struct irq_chip xen_dynamic_chip | ||
30120 | .retrigger = retrigger_dynirq, | ||
30121 | }; | ||
30122 | |||
30123 | -static struct irq_chip en_percpu_chip __read_mostly = { | ||
30124 | - .name = "xen-percpu", | ||
30125 | - | ||
30126 | - .disable = disable_dynirq, | ||
30127 | - .mask = disable_dynirq, | ||
30128 | - .unmask = enable_dynirq, | ||
30129 | - | ||
30130 | - .ack = ack_dynirq, | ||
30131 | -}; | ||
30132 | - | ||
30133 | void __init xen_init_IRQ(void) | ||
30134 | { | ||
30135 | int i; | ||
30077 | diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c | 30136 | diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c |
30078 | --- linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-08-13 16:24:37.000000000 -0400 | 30137 | --- linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-08-13 16:24:37.000000000 -0400 |
30079 | +++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-09-04 15:54:52.000000000 -0400 | 30138 | +++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-09-04 15:54:52.000000000 -0400 |
@@ -34053,7 +34112,7 @@ diff -urNp linux-2.6.32.22/fs/proc/array.c linux-2.6.32.22/fs/proc/array.c | |||
34053 | +#endif | 34112 | +#endif |
34054 | diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | 34113 | diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c |
34055 | --- linux-2.6.32.22/fs/proc/base.c 2010-08-13 16:24:37.000000000 -0400 | 34114 | --- linux-2.6.32.22/fs/proc/base.c 2010-08-13 16:24:37.000000000 -0400 |
34056 | +++ linux-2.6.32.22/fs/proc/base.c 2010-09-04 15:54:52.000000000 -0400 | 34115 | +++ linux-2.6.32.22/fs/proc/base.c 2010-09-22 18:44:37.000000000 -0400 |
34057 | @@ -102,6 +102,22 @@ struct pid_entry { | 34116 | @@ -102,6 +102,22 @@ struct pid_entry { |
34058 | union proc_op op; | 34117 | union proc_op op; |
34059 | }; | 34118 | }; |
@@ -34124,6 +34183,15 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | |||
34124 | do { | 34183 | do { |
34125 | nwords += 2; | 34184 | nwords += 2; |
34126 | } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ | 34185 | } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ |
34186 | @@ -306,7 +342,7 @@ static int proc_pid_auxv(struct task_str | ||
34187 | } | ||
34188 | |||
34189 | |||
34190 | -#ifdef CONFIG_KALLSYMS | ||
34191 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | ||
34192 | /* | ||
34193 | * Provides a wchan file via kallsyms in a proper one-value-per-file format. | ||
34194 | * Returns the resolved symbol. If that fails, simply return the address. | ||
34127 | @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st | 34195 | @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st |
34128 | } | 34196 | } |
34129 | #endif /* CONFIG_KALLSYMS */ | 34197 | #endif /* CONFIG_KALLSYMS */ |
@@ -34304,8 +34372,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | |||
34304 | INF("syscall", S_IRUSR, proc_pid_syscall), | 34372 | INF("syscall", S_IRUSR, proc_pid_syscall), |
34305 | #endif | 34373 | #endif |
34306 | INF("cmdline", S_IRUGO, proc_pid_cmdline), | 34374 | INF("cmdline", S_IRUGO, proc_pid_cmdline), |
34307 | @@ -2547,7 +2641,7 @@ static const struct pid_entry tgid_base_ | 34375 | @@ -2544,10 +2638,10 @@ static const struct pid_entry tgid_base_ |
34308 | #ifdef CONFIG_KALLSYMS | 34376 | #ifdef CONFIG_SECURITY |
34377 | DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), | ||
34378 | #endif | ||
34379 | -#ifdef CONFIG_KALLSYMS | ||
34380 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | ||
34309 | INF("wchan", S_IRUGO, proc_pid_wchan), | 34381 | INF("wchan", S_IRUGO, proc_pid_wchan), |
34310 | #endif | 34382 | #endif |
34311 | -#ifdef CONFIG_STACKTRACE | 34383 | -#ifdef CONFIG_STACKTRACE |
@@ -34400,8 +34472,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | |||
34400 | INF("syscall", S_IRUSR, proc_pid_syscall), | 34472 | INF("syscall", S_IRUSR, proc_pid_syscall), |
34401 | #endif | 34473 | #endif |
34402 | INF("cmdline", S_IRUGO, proc_pid_cmdline), | 34474 | INF("cmdline", S_IRUGO, proc_pid_cmdline), |
34403 | @@ -2880,7 +3012,7 @@ static const struct pid_entry tid_base_s | 34475 | @@ -2877,10 +3009,10 @@ static const struct pid_entry tid_base_s |
34404 | #ifdef CONFIG_KALLSYMS | 34476 | #ifdef CONFIG_SECURITY |
34477 | DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), | ||
34478 | #endif | ||
34479 | -#ifdef CONFIG_KALLSYMS | ||
34480 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | ||
34405 | INF("wchan", S_IRUGO, proc_pid_wchan), | 34481 | INF("wchan", S_IRUGO, proc_pid_wchan), |
34406 | #endif | 34482 | #endif |
34407 | -#ifdef CONFIG_STACKTRACE | 34483 | -#ifdef CONFIG_STACKTRACE |