main/grsecurity: upgrade to grsecurity-2.2.2-3.0.7-201110180733

author: Natanael Copa <ncopa@alpinelinux.org> 2011-10-19 08:14:35 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2011-10-19 08:17:16 +0000
commit: d451866fd59af0b3c653dd94c0ee135b1e2d9ece (patch)
tree: 44c2462db7f0d0873f6367cd1d6a106840e30757
parent: a83f8406e1450c7f636548c43b9e2ed842c6d872 (diff)
download: alpine_aports-d451866fd59af0b3c653dd94c0ee135b1e2d9ece.tar.bz2
alpine_aports-d451866fd59af0b3c653dd94c0ee135b1e2d9ece.tar.xz
alpine_aports-d451866fd59af0b3c653dd94c0ee135b1e2d9ece.zip
2 files changed, 43 insertions, 46 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index ef4faefea5..dd4096534f 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
        ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
-        grsecurity-2.2.2-3.0.7-201110172337.patch
+        grsecurity-2.2.2-3.0.7-201110180733.patch
        grsec-timblogiw-noconst.patch
        
        0004-arp-flush-arp-cache-on-device-change.patch
@@ -139,7 +139,7 @@ dev() {
 md5sums="398e95866794def22b12dfbc15ce89c0  linux-3.0.tar.bz2
 451412dc3b25c60fed80ddd5c49cb855  patch-3.0.7.bz2
-69b5cb7d7fa679346a6752d8759fa945  grsecurity-2.2.2-3.0.7-201110172337.patch
+b00632cd15f00e799660ed72a64f15ed  grsecurity-2.2.2-3.0.7-201110180733.patch
 c41cf0ee9794f393423c6b2093072260  grsec-timblogiw-noconst.patch
 776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
 bcb5aaabe38627ec887406774d8aeb42  kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110172337.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110180733.patch
index 0fc7b864ec..d5f08b1e53 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110172337.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110180733.patch
@@ -43686,8 +43686,8 @@ diff -urNp linux-3.0.7/fs/logfs/super.c linux-3.0.7/fs/logfs/super.c
        if (err)
 diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 --- linux-3.0.7/fs/namei.c      2011-10-16 21:54:54.000000000 -0400
-+++ linux-3.0.7/fs/namei.c      2011-10-16 21:55:28.000000000 -0400
+++ linux-3.0.7/fs/namei.c      2011-10-18 06:55:15.000000000 -0400
-@@ -237,21 +237,31 @@ int generic_permission(struct inode *ino
+@@ -237,21 +237,23 @@ int generic_permission(struct inode *ino
                return ret;
 
        /*
@@ -43700,10 +43700,6 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 -               if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
 +       mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
 +       if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) {
-+#ifdef CONFIG_GRKERNSEC
-+               if (flags & IPERM_FLAG_RCU)
-+                       return -ECHILD;
-+#endif
 +               if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
                        return 0;
 +       }
@@ -43718,17 +43714,13 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 -       if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
 -               if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
 +       if (!(mask & MAY_EXEC) || execute_ok(inode)) {
-+#ifdef CONFIG_GRKERNSEC
-+               if (flags & IPERM_FLAG_RCU)
-+                       return -ECHILD;
-+#endif
 +               if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
                        return 0;
 +       }
 
        return -EACCES;
 }
-@@ -547,6 +557,9 @@ static int complete_walk(struct nameidat
+@@ -547,6 +549,9 @@ static int complete_walk(struct nameidat
                br_read_unlock(vfsmount_lock);
        }
 
@@ -43738,7 +43730,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        if (likely(!(nd->flags & LOOKUP_JUMPED)))
                return 0;
 
-@@ -593,9 +606,16 @@ static inline int exec_permission(struct
+@@ -593,9 +598,12 @@ static inline int exec_permission(struct
        if (ret == -ECHILD)
                return ret;
 
@@ -43747,17 +43739,13 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 +       if (ns_capable_nolog(ns, CAP_DAC_OVERRIDE))
                goto ok;
 +       else {
-+#ifdef CONFIG_GRKERNSEC
-+               if (flags & IPERM_FLAG_RCU)
-+                       return -ECHILD;
-+#endif
 +               if (ns_capable(ns, CAP_DAC_READ_SEARCH) || ns_capable(ns, CAP_DAC_OVERRIDE))
 +                       goto ok;
 +       }
 
        return ret;
 ok:
-@@ -703,11 +723,26 @@ follow_link(struct path *link, struct na
+@@ -703,11 +711,26 @@ follow_link(struct path *link, struct na
                return error;
        }
 
@@ -43785,7 +43773,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
                error = 0;
                if (s)
                        error = __vfs_follow_link(nd, s);
-@@ -1625,6 +1660,9 @@ static int do_path_lookup(int dfd, const
+@@ -1625,6 +1648,9 @@ static int do_path_lookup(int dfd, const
                retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
 
        if (likely(!retval)) {
@@ -43795,7 +43783,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
                if (unlikely(!audit_dummy_context())) {
                        if (nd->path.dentry && nd->inode)
                                audit_inode(name, nd->path.dentry);
-@@ -1935,6 +1973,30 @@ int vfs_create(struct inode *dir, struct
+@@ -1935,6 +1961,30 @@ int vfs_create(struct inode *dir, struct
        return error;
 }
 
@@ -43826,7 +43814,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 static int may_open(struct path *path, int acc_mode, int flag)
 {
        struct dentry *dentry = path->dentry;
-@@ -1987,7 +2049,27 @@ static int may_open(struct path *path, i
+@@ -1987,7 +2037,27 @@ static int may_open(struct path *path, i
        /*
         * Ensure there are no outstanding leases on the file.
         */
@@ -43855,7 +43843,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 }
 
 static int handle_truncate(struct file *filp)
-@@ -2013,30 +2095,6 @@ static int handle_truncate(struct file *
+@@ -2013,30 +2083,6 @@ static int handle_truncate(struct file *
 }
 
 /*
@@ -43886,7 +43874,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  * Handle the last step of open()
  */
 static struct file *do_last(struct nameidata *nd, struct path *path,
-@@ -2045,6 +2103,7 @@ static struct file *do_last(struct namei
+@@ -2045,6 +2091,7 @@ static struct file *do_last(struct namei
        struct dentry *dir = nd->path.dentry;
        struct dentry *dentry;
        int open_flag = op->open_flag;
@@ -43894,7 +43882,16 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        int will_truncate = open_flag & O_TRUNC;
        int want_write = 0;
        int acc_mode = op->acc_mode;
-@@ -2132,6 +2191,12 @@ static struct file *do_last(struct namei
+@@ -2095,7 +2142,7 @@ static struct file *do_last(struct namei
+                /* sayonara */
+                error = complete_walk(nd);
+                if (error)
+-                       return ERR_PTR(-ECHILD);
+                       return ERR_PTR(error);
+ 
+                error = -ENOTDIR;
+                if (nd->flags & LOOKUP_DIRECTORY) {
+@@ -2132,6 +2179,12 @@ static struct file *do_last(struct namei
        /* Negative dentry, just create the file */
        if (!dentry->d_inode) {
                int mode = op->mode;
@@ -43907,7 +43904,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
                if (!IS_POSIXACL(dir->d_inode))
                        mode &= ~current_umask();
                /*
-@@ -2155,6 +2220,8 @@ static struct file *do_last(struct namei
+@@ -2155,6 +2208,8 @@ static struct file *do_last(struct namei
                error = vfs_create(dir->d_inode, dentry, mode, nd);
                if (error)
                        goto exit_mutex_unlock;
@@ -43916,7 +43913,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
                mutex_unlock(&dir->d_inode->i_mutex);
                dput(nd->path.dentry);
                nd->path.dentry = dentry;
-@@ -2164,6 +2231,14 @@ static struct file *do_last(struct namei
+@@ -2164,6 +2219,14 @@ static struct file *do_last(struct namei
        /*
         * It already exists.
         */
@@ -43931,7 +43928,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        mutex_unlock(&dir->d_inode->i_mutex);
        audit_inode(pathname, path->dentry);
 
-@@ -2450,6 +2525,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2450,6 +2513,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
        error = may_mknod(mode);
        if (error)
                goto out_dput;
@@ -43949,7 +43946,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        error = mnt_want_write(nd.path.mnt);
        if (error)
                goto out_dput;
-@@ -2470,6 +2556,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2470,6 +2544,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
        }
 out_drop_write:
        mnt_drop_write(nd.path.mnt);
@@ -43959,7 +43956,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 out_dput:
        dput(dentry);
 out_unlock:
-@@ -2522,6 +2611,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2522,6 +2599,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
        if (IS_ERR(dentry))
                goto out_unlock;
 
@@ -43971,7 +43968,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        if (!IS_POSIXACL(nd.path.dentry->d_inode))
                mode &= ~current_umask();
        error = mnt_want_write(nd.path.mnt);
-@@ -2533,6 +2627,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2533,6 +2615,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
        error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
 out_drop_write:
        mnt_drop_write(nd.path.mnt);
@@ -43982,7 +43979,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 out_dput:
        dput(dentry);
 out_unlock:
-@@ -2615,6 +2713,8 @@ static long do_rmdir(int dfd, const char
+@@ -2615,6 +2701,8 @@ static long do_rmdir(int dfd, const char
        char * name;
        struct dentry *dentry;
        struct nameidata nd;
@@ -43991,7 +43988,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 
        error = user_path_parent(dfd, pathname, &nd, &name);
        if (error)
-@@ -2643,6 +2743,17 @@ static long do_rmdir(int dfd, const char
+@@ -2643,6 +2731,17 @@ static long do_rmdir(int dfd, const char
                error = -ENOENT;
                goto exit3;
        }
@@ -44009,7 +44006,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        error = mnt_want_write(nd.path.mnt);
        if (error)
                goto exit3;
-@@ -2650,6 +2761,8 @@ static long do_rmdir(int dfd, const char
+@@ -2650,6 +2749,8 @@ static long do_rmdir(int dfd, const char
        if (error)
                goto exit4;
        error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -44018,7 +44015,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 exit4:
        mnt_drop_write(nd.path.mnt);
 exit3:
-@@ -2712,6 +2825,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2712,6 +2813,8 @@ static long do_unlinkat(int dfd, const c
        struct dentry *dentry;
        struct nameidata nd;
        struct inode *inode = NULL;
@@ -44027,7 +44024,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 
        error = user_path_parent(dfd, pathname, &nd, &name);
        if (error)
-@@ -2734,6 +2849,16 @@ static long do_unlinkat(int dfd, const c
+@@ -2734,6 +2837,16 @@ static long do_unlinkat(int dfd, const c
                if (!inode)
                        goto slashes;
                ihold(inode);
@@ -44044,7 +44041,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
                error = mnt_want_write(nd.path.mnt);
                if (error)
                        goto exit2;
-@@ -2741,6 +2866,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2741,6 +2854,8 @@ static long do_unlinkat(int dfd, const c
                if (error)
                        goto exit3;
                error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -44053,7 +44050,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 exit3:
                mnt_drop_write(nd.path.mnt);
        exit2:
-@@ -2818,6 +2945,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2818,6 +2933,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
        if (IS_ERR(dentry))
                goto out_unlock;
 
@@ -44065,7 +44062,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        error = mnt_want_write(nd.path.mnt);
        if (error)
                goto out_dput;
-@@ -2825,6 +2957,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2825,6 +2945,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
        if (error)
                goto out_drop_write;
        error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
@@ -44074,7 +44071,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 out_drop_write:
        mnt_drop_write(nd.path.mnt);
 out_dput:
-@@ -2933,6 +3067,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2933,6 +3055,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
        error = PTR_ERR(new_dentry);
        if (IS_ERR(new_dentry))
                goto out_unlock;
@@ -44095,7 +44092,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        error = mnt_want_write(nd.path.mnt);
        if (error)
                goto out_dput;
-@@ -2940,6 +3088,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2940,6 +3076,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
        if (error)
                goto out_drop_write;
        error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
@@ -44104,7 +44101,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 out_drop_write:
        mnt_drop_write(nd.path.mnt);
 out_dput:
-@@ -3117,6 +3267,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3117,6 +3255,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
        char *to;
        int error;
 
@@ -44113,7 +44110,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        error = user_path_parent(olddfd, oldname, &oldnd, &from);
        if (error)
                goto exit;
-@@ -3173,6 +3325,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3173,6 +3313,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
        if (new_dentry == trap)
                goto exit5;
 
@@ -44126,7 +44123,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        error = mnt_want_write(oldnd.path.mnt);
        if (error)
                goto exit5;
-@@ -3182,6 +3340,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3182,6 +3328,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
                goto exit6;
        error = vfs_rename(old_dir->d_inode, old_dentry,
                                   new_dir->d_inode, new_dentry);
@@ -44136,7 +44133,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 exit6:
        mnt_drop_write(oldnd.path.mnt);
 exit5:
-@@ -3207,6 +3368,8 @@ SYSCALL_DEFINE2(rename, const char __use
+@@ -3207,6 +3356,8 @@ SYSCALL_DEFINE2(rename, const char __use
 
 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
 {
@@ -44145,7 +44142,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
        int len;
 
        len = PTR_ERR(link);
-@@ -3216,7 +3379,14 @@ int vfs_readlink(struct dentry *dentry, 
+@@ -3216,7 +3367,14 @@ int vfs_readlink(struct dentry *dentry, 
        len = strlen(link);
        if (len > (unsigned) buflen)
                len = buflen;
author	Natanael Copa <ncopa@alpinelinux.org>	2011-10-19 08:14:35 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2011-10-19 08:17:16 +0000
commit	d451866fd59af0b3c653dd94c0ee135b1e2d9ece (patch)
tree	44c2462db7f0d0873f6367cd1d6a106840e30757
parent	a83f8406e1450c7f636548c43b9e2ed842c6d872 (diff)
download	alpine_aports-d451866fd59af0b3c653dd94c0ee135b1e2d9ece.tar.bz2 alpine_aports-d451866fd59af0b3c653dd94c0ee135b1e2d9ece.tar.xz alpine_aports-d451866fd59af0b3c653dd94c0ee135b1e2d9ece.zip