diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2010-09-23 06:20:01 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-09-23 07:33:09 +0000 |
| commit | e41004cd55e2563cefc22d252ca04afc54609801 (patch) | |
| tree | 9401548aa332de0b39e4d3ad5bbab26826e6d1d1 | |
| parent | 7f00b20f556a53bbaad9d840ea1a31ab683bb446 (diff) | |
| download | alpine_aports-e41004cd55e2563cefc22d252ca04afc54609801.tar.bz2 alpine_aports-e41004cd55e2563cefc22d252ca04afc54609801.tar.xz alpine_aports-e41004cd55e2563cefc22d252ca04afc54609801.zip | |
main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.22-201009221846
(cherry picked from commit 1319da73758e07bb45fdcf090916563dbaed229f)
| -rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch) | 90 |
2 files changed, 86 insertions, 10 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index dd833a628a..ea0b8a72de 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
| @@ -4,7 +4,7 @@ _flavor=grsec | |||
| 4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
| 5 | pkgver=2.6.32.22 | 5 | pkgver=2.6.32.22 |
| 6 | _kernver=2.6.32 | 6 | _kernver=2.6.32 |
| 7 | pkgrel=0 | 7 | pkgrel=1 |
| 8 | pkgdesc="Linux kernel with grsecurity" | 8 | pkgdesc="Linux kernel with grsecurity" |
| 9 | url=http://grsecurity.net | 9 | url=http://grsecurity.net |
| 10 | depends="mkinitfs linux-firmware" | 10 | depends="mkinitfs linux-firmware" |
| @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} | |||
| 14 | install= | 14 | install= |
| 15 | source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 | 15 | source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 |
| 16 | ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 | 16 | ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 |
| 17 | grsecurity-2.2.0-2.6.32.22-201009212029.patch | 17 | grsecurity-2.2.0-2.6.32.22-201009221846.patch |
| 18 | 0001-grsec-revert-conflicting-flow-cache-changes.patch | 18 | 0001-grsec-revert-conflicting-flow-cache-changes.patch |
| 19 | 0002-gre-fix-hard-header-destination-address-checking.patch | 19 | 0002-gre-fix-hard-header-destination-address-checking.patch |
| 20 | 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch | 20 | 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch |
| @@ -151,7 +151,7 @@ firmware() { | |||
| 151 | 151 | ||
| 152 | md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 | 152 | md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 |
| 153 | da1431a1d659298c6bd11714416c840f patch-2.6.32.22.bz2 | 153 | da1431a1d659298c6bd11714416c840f patch-2.6.32.22.bz2 |
| 154 | caa5e3eb3d335bdfe478c1e706e48305 grsecurity-2.2.0-2.6.32.22-201009212029.patch | 154 | 1e317ab1a66955c89e73200a1787b58d grsecurity-2.2.0-2.6.32.22-201009221846.patch |
| 155 | 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch | 155 | 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch |
| 156 | 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch | 156 | 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch |
| 157 | 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch | 157 | 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch |
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch index 172bdc9fd4..41fb7c83f3 100644 --- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch | |||
| @@ -6263,7 +6263,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_32.h linux-2.6.32.22/arch | |||
| 6263 | extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); | 6263 | extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); |
| 6264 | diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h | 6264 | diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h |
| 6265 | --- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400 | 6265 | --- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400 |
| 6266 | +++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-17 20:46:00.000000000 -0400 | 6266 | +++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-21 20:46:18.000000000 -0400 |
| 6267 | @@ -24,6 +24,17 @@ static inline int atomic_read(const atom | 6267 | @@ -24,6 +24,17 @@ static inline int atomic_read(const atom |
| 6268 | } | 6268 | } |
| 6269 | 6269 | ||
| @@ -6550,7 +6550,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch | |||
| 6550 | #define atomic_inc_return(v) (atomic_add_return(1, v)) | 6550 | #define atomic_inc_return(v) (atomic_add_return(1, v)) |
| 6551 | +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) | 6551 | +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) |
| 6552 | +{ | 6552 | +{ |
| 6553 | + return atomic_add_return(1, v); | 6553 | + return atomic_add_return_unchecked(1, v); |
| 6554 | +} | 6554 | +} |
| 6555 | #define atomic_dec_return(v) (atomic_sub_return(1, v)) | 6555 | #define atomic_dec_return(v) (atomic_sub_return(1, v)) |
| 6556 | 6556 | ||
| @@ -30074,6 +30074,65 @@ diff -urNp linux-2.6.32.22/drivers/video/vesafb.c linux-2.6.32.22/drivers/video/ | |||
| 30074 | if (info->screen_base) | 30074 | if (info->screen_base) |
| 30075 | iounmap(info->screen_base); | 30075 | iounmap(info->screen_base); |
| 30076 | framebuffer_release(info); | 30076 | framebuffer_release(info); |
| 30077 | diff -urNp linux-2.6.32.22/drivers/xen/events.c linux-2.6.32.22/drivers/xen/events.c | ||
| 30078 | --- linux-2.6.32.22/drivers/xen/events.c 2010-09-20 17:26:42.000000000 -0400 | ||
| 30079 | +++ linux-2.6.32.22/drivers/xen/events.c 2010-09-21 21:18:38.000000000 -0400 | ||
| 30080 | @@ -106,7 +106,6 @@ static inline unsigned long *cpu_evtchn_ | ||
| 30081 | #define VALID_EVTCHN(chn) ((chn) != 0) | ||
| 30082 | |||
| 30083 | static struct irq_chip xen_dynamic_chip; | ||
| 30084 | -static struct irq_chip xen_percpu_chip; | ||
| 30085 | |||
| 30086 | /* Constructor for packed IRQ information. */ | ||
| 30087 | static struct irq_info mk_unbound_info(void) | ||
| 30088 | @@ -363,7 +362,7 @@ int bind_evtchn_to_irq(unsigned int evtc | ||
| 30089 | irq = find_unbound_irq(); | ||
| 30090 | |||
| 30091 | set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, | ||
| 30092 | - handle_edge_irq, "event"); | ||
| 30093 | + handle_level_irq, "event"); | ||
| 30094 | |||
| 30095 | evtchn_to_irq[evtchn] = irq; | ||
| 30096 | irq_info[irq] = mk_evtchn_info(evtchn); | ||
| 30097 | @@ -389,8 +388,8 @@ static int bind_ipi_to_irq(unsigned int | ||
| 30098 | if (irq < 0) | ||
| 30099 | goto out; | ||
| 30100 | |||
| 30101 | - set_irq_chip_and_handler_name(irq, &xen_percpu_chip, | ||
| 30102 | - handle_percpu_irq, "ipi"); | ||
| 30103 | + set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, | ||
| 30104 | + handle_level_irq, "ipi"); | ||
| 30105 | |||
| 30106 | bind_ipi.vcpu = cpu; | ||
| 30107 | if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_ipi, | ||
| 30108 | @@ -430,8 +429,8 @@ static int bind_virq_to_irq(unsigned int | ||
| 30109 | |||
| 30110 | irq = find_unbound_irq(); | ||
| 30111 | |||
| 30112 | - set_irq_chip_and_handler_name(irq, &xen_percpu_chip, | ||
| 30113 | - handle_percpu_irq, "virq"); | ||
| 30114 | + set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, | ||
| 30115 | + handle_level_irq, "virq"); | ||
| 30116 | |||
| 30117 | evtchn_to_irq[evtchn] = irq; | ||
| 30118 | irq_info[irq] = mk_virq_info(evtchn, virq); | ||
| 30119 | @@ -930,16 +929,6 @@ static struct irq_chip xen_dynamic_chip | ||
| 30120 | .retrigger = retrigger_dynirq, | ||
| 30121 | }; | ||
| 30122 | |||
| 30123 | -static struct irq_chip en_percpu_chip __read_mostly = { | ||
| 30124 | - .name = "xen-percpu", | ||
| 30125 | - | ||
| 30126 | - .disable = disable_dynirq, | ||
| 30127 | - .mask = disable_dynirq, | ||
| 30128 | - .unmask = enable_dynirq, | ||
| 30129 | - | ||
| 30130 | - .ack = ack_dynirq, | ||
| 30131 | -}; | ||
| 30132 | - | ||
| 30133 | void __init xen_init_IRQ(void) | ||
| 30134 | { | ||
| 30135 | int i; | ||
| 30077 | diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c | 30136 | diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c |
| 30078 | --- linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-08-13 16:24:37.000000000 -0400 | 30137 | --- linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-08-13 16:24:37.000000000 -0400 |
| 30079 | +++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-09-04 15:54:52.000000000 -0400 | 30138 | +++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-09-04 15:54:52.000000000 -0400 |
| @@ -34053,7 +34112,7 @@ diff -urNp linux-2.6.32.22/fs/proc/array.c linux-2.6.32.22/fs/proc/array.c | |||
| 34053 | +#endif | 34112 | +#endif |
| 34054 | diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | 34113 | diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c |
| 34055 | --- linux-2.6.32.22/fs/proc/base.c 2010-08-13 16:24:37.000000000 -0400 | 34114 | --- linux-2.6.32.22/fs/proc/base.c 2010-08-13 16:24:37.000000000 -0400 |
| 34056 | +++ linux-2.6.32.22/fs/proc/base.c 2010-09-04 15:54:52.000000000 -0400 | 34115 | +++ linux-2.6.32.22/fs/proc/base.c 2010-09-22 18:44:37.000000000 -0400 |
| 34057 | @@ -102,6 +102,22 @@ struct pid_entry { | 34116 | @@ -102,6 +102,22 @@ struct pid_entry { |
| 34058 | union proc_op op; | 34117 | union proc_op op; |
| 34059 | }; | 34118 | }; |
| @@ -34124,6 +34183,15 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | |||
| 34124 | do { | 34183 | do { |
| 34125 | nwords += 2; | 34184 | nwords += 2; |
| 34126 | } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ | 34185 | } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ |
| 34186 | @@ -306,7 +342,7 @@ static int proc_pid_auxv(struct task_str | ||
| 34187 | } | ||
| 34188 | |||
| 34189 | |||
| 34190 | -#ifdef CONFIG_KALLSYMS | ||
| 34191 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | ||
| 34192 | /* | ||
| 34193 | * Provides a wchan file via kallsyms in a proper one-value-per-file format. | ||
| 34194 | * Returns the resolved symbol. If that fails, simply return the address. | ||
| 34127 | @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st | 34195 | @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st |
| 34128 | } | 34196 | } |
| 34129 | #endif /* CONFIG_KALLSYMS */ | 34197 | #endif /* CONFIG_KALLSYMS */ |
| @@ -34304,8 +34372,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | |||
| 34304 | INF("syscall", S_IRUSR, proc_pid_syscall), | 34372 | INF("syscall", S_IRUSR, proc_pid_syscall), |
| 34305 | #endif | 34373 | #endif |
| 34306 | INF("cmdline", S_IRUGO, proc_pid_cmdline), | 34374 | INF("cmdline", S_IRUGO, proc_pid_cmdline), |
| 34307 | @@ -2547,7 +2641,7 @@ static const struct pid_entry tgid_base_ | 34375 | @@ -2544,10 +2638,10 @@ static const struct pid_entry tgid_base_ |
| 34308 | #ifdef CONFIG_KALLSYMS | 34376 | #ifdef CONFIG_SECURITY |
| 34377 | DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), | ||
| 34378 | #endif | ||
| 34379 | -#ifdef CONFIG_KALLSYMS | ||
| 34380 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | ||
| 34309 | INF("wchan", S_IRUGO, proc_pid_wchan), | 34381 | INF("wchan", S_IRUGO, proc_pid_wchan), |
| 34310 | #endif | 34382 | #endif |
| 34311 | -#ifdef CONFIG_STACKTRACE | 34383 | -#ifdef CONFIG_STACKTRACE |
| @@ -34400,8 +34472,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c | |||
| 34400 | INF("syscall", S_IRUSR, proc_pid_syscall), | 34472 | INF("syscall", S_IRUSR, proc_pid_syscall), |
| 34401 | #endif | 34473 | #endif |
| 34402 | INF("cmdline", S_IRUGO, proc_pid_cmdline), | 34474 | INF("cmdline", S_IRUGO, proc_pid_cmdline), |
| 34403 | @@ -2880,7 +3012,7 @@ static const struct pid_entry tid_base_s | 34475 | @@ -2877,10 +3009,10 @@ static const struct pid_entry tid_base_s |
| 34404 | #ifdef CONFIG_KALLSYMS | 34476 | #ifdef CONFIG_SECURITY |
| 34477 | DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), | ||
| 34478 | #endif | ||
| 34479 | -#ifdef CONFIG_KALLSYMS | ||
| 34480 | +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) | ||
| 34405 | INF("wchan", S_IRUGO, proc_pid_wchan), | 34481 | INF("wchan", S_IRUGO, proc_pid_wchan), |
| 34406 | #endif | 34482 | #endif |
| 34407 | -#ifdef CONFIG_STACKTRACE | 34483 | -#ifdef CONFIG_STACKTRACE |