Update Grsec/PaX20110525

2.2.2-2.6.32.41-201105251736 2.2.2-2.6.39-201105251736
author: Anthony G. Basile <blueness@gentoo.org> 2011-05-26 06:38:20 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2011-05-26 06:38:20 -0400
commit: dc5364db188b719cc9bb059838f0a9740a0a4561 (patch)
tree: f3cfd7328654c4b8768a3633803acc22615f42b6
parent: scripts/switchout.sh: remove old grsec patch, rename new, update README (diff)
download: hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.tar.gz
hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.tar.bz2
hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.zip
6 files changed, 41 insertions, 20 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 59912da..cd33071 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch
+Patch:	4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
index 8de9a60..d39c729 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105231910.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201105251736.patch
@@ -43548,8 +43548,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl_alloc.c linux-2.6.32.41/grsecurity/g
 +}
 diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c
 --- linux-2.6.32.41/grsecurity/gracl.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.41/grsecurity/gracl.c	2011-05-17 17:29:53.000000000 -0400
-@@ -0,0 +1,4074 @@
++++ linux-2.6.32.41/grsecurity/gracl.c	2011-05-24 20:26:07.000000000 -0400
+@@ -0,0 +1,4079 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -43625,7 +43625,9 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c
 +static unsigned int gr_auth_attempts = 0;
 +static unsigned long gr_auth_expires = 0UL;
 +
++#ifdef CONFIG_NET
 +extern struct vfsmount *sock_mnt;
++#endif
 +extern struct vfsmount *pipe_mnt;
 +extern struct vfsmount *shm_mnt;
 +#ifdef CONFIG_HUGETLBFS
@@ -45366,7 +45368,10 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c
 +	spin_lock(&dcache_lock);
 +	spin_lock(&vfsmount_lock);
 +
-+	if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt ||
++	if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || 
++#ifdef CONFIG_NET
++	    mnt == sock_mnt ||
++#endif
 +#ifdef CONFIG_HUGETLBFS
 +	    (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
 +#endif
@@ -53228,8 +53233,8 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig
 +endmenu
 diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefile
 --- linux-2.6.32.41/grsecurity/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.41/grsecurity/Makefile	2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,29 @@
++++ linux-2.6.32.41/grsecurity/Makefile	2011-05-24 20:27:46.000000000 -0400
+@@ -0,0 +1,33 @@
 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
 +# during 2001-2009 it has been completely redesigned by Brad Spengler
 +# into an RBAC system
@@ -53242,11 +53247,15 @@ diff -urNp linux-2.6.32.41/grsecurity/Makefile linux-2.6.32.41/grsecurity/Makefi
 +	grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
 +	grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
 +
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
 +	gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
 +	gracl_learn.o grsec_log.o
 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
 +
++ifdef CONFIG_NET
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
++endif
++
 +ifndef CONFIG_GRKERNSEC
 +obj-y += grsec_disabled.o
 +endif
diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4423_grsec-remove-protected-paths.patch
index 9c0fd88..1dd1ffb 100644
--- a/2.6.32/4423_grsec-remove-protected-paths.patch
+++ b/2.6.32/4423_grsec-remove-protected-paths.patch
@@ -5,7 +5,7 @@ paths in the filesystem.
 
 --- a/grsecurity/Makefile	2010-05-21 06:52:24.000000000 -0400
 +++ b/grsecurity/Makefile	2010-05-21 06:54:54.000000000 -0400
-@@ -22,8 +22,8 @@
+@@ -26,8 +26,8 @@
  ifdef CONFIG_GRKERNSEC_HIDESYM
  extra-y := grsec_hidesym.o
  $(obj)/grsec_hidesym.o:
diff --git a/2.6.39/0000_README b/2.6.39/0000_README
index f2ae898..a870632 100644
--- a/2.6.39/0000_README
+++ b/2.6.39/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-2.6.39-201105231910.patch
+Patch:	4420_grsecurity-2.2.2-2.6.39-201105251736.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch
index 14de0ab..5d901de 100644
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105231910.patch
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39-201105251736.patch
@@ -12819,7 +12819,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets_64.c linux-2.6.39/arch/x86/k
  
 diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kernel/asm-offsets.c
 --- linux-2.6.39/arch/x86/kernel/asm-offsets.c	2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39/arch/x86/kernel/asm-offsets.c	2011-05-22 19:36:30.000000000 -0400
++++ linux-2.6.39/arch/x86/kernel/asm-offsets.c	2011-05-25 17:35:48.000000000 -0400
 @@ -33,6 +33,8 @@ void common(void) {
  	OFFSET(TI_status, thread_info, status);
  	OFFSET(TI_addr_limit, thread_info, addr_limit);
@@ -12829,7 +12829,7 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kern
  
  	BLANK();
  	OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
-@@ -53,8 +55,24 @@ void common(void) {
+@@ -53,8 +55,26 @@ void common(void) {
  	OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
  	OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
  	OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
@@ -12841,7 +12841,9 @@ diff -urNp linux-2.6.39/arch/x86/kernel/asm-offsets.c linux-2.6.39/arch/x86/kern
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
 +	OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
++#ifdef CONFIG_X86_64
 +	OFFSET(PV_MMU_set_pgd, pv_mmu_ops, set_pgd);
++#endif
  #endif
  
 +#endif
@@ -39667,13 +39669,13 @@ diff -urNp linux-2.6.39/drivers/staging/hv/vmbus_private.h linux-2.6.39/drivers/
  	 * Represents channel interrupts. Each bit position represents a
 diff -urNp linux-2.6.39/drivers/staging/iio/ring_generic.h linux-2.6.39/drivers/staging/iio/ring_generic.h
 --- linux-2.6.39/drivers/staging/iio/ring_generic.h	2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39/drivers/staging/iio/ring_generic.h	2011-05-22 19:36:32.000000000 -0400
++++ linux-2.6.39/drivers/staging/iio/ring_generic.h	2011-05-25 16:55:27.000000000 -0400
 @@ -134,7 +134,7 @@ struct iio_ring_buffer {
  	struct iio_handler		access_handler;
  	struct iio_event_interface	ev_int;
  	struct iio_shared_ev_pointer	shared_ev_pointer;
 -	struct iio_ring_access_funcs	access;
-+	const struct iio_ring_access_funcs access;
++	struct iio_ring_access_funcs access;
  	int				(*preenable)(struct iio_dev *);
  	int				(*postenable)(struct iio_dev *);
  	int				(*predisable)(struct iio_dev *);
@@ -51272,8 +51274,8 @@ diff -urNp linux-2.6.39/grsecurity/gracl_alloc.c linux-2.6.39/grsecurity/gracl_a
 +}
 diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c
 --- linux-2.6.39/grsecurity/gracl.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39/grsecurity/gracl.c	2011-05-22 22:47:25.000000000 -0400
-@@ -0,0 +1,4097 @@
++++ linux-2.6.39/grsecurity/gracl.c	2011-05-24 20:27:30.000000000 -0400
+@@ -0,0 +1,4103 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -51348,7 +51350,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c
 +static unsigned int gr_auth_attempts = 0;
 +static unsigned long gr_auth_expires = 0UL;
 +
++#ifdef CONFIG_NET
 +extern struct vfsmount *sock_mnt;
++#endif
++
 +extern struct vfsmount *pipe_mnt;
 +extern struct vfsmount *shm_mnt;
 +#ifdef CONFIG_HUGETLBFS
@@ -53102,7 +53107,10 @@ diff -urNp linux-2.6.39/grsecurity/gracl.c linux-2.6.39/grsecurity/gracl.c
 +	write_seqlock(&rename_lock);
 +	br_read_lock(vfsmount_lock);
 +
-+	if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || mnt == sock_mnt ||
++	if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt ||
++#ifdef CONFIG_NET
++	    mnt == sock_mnt ||
++#endif
 +#ifdef CONFIG_HUGETLBFS
 +	    (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
 +#endif
@@ -60871,8 +60879,8 @@ diff -urNp linux-2.6.39/grsecurity/Kconfig linux-2.6.39/grsecurity/Kconfig
 +endmenu
 diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Makefile
 --- linux-2.6.39/grsecurity/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39/grsecurity/Makefile	2011-05-22 19:41:42.000000000 -0400
-@@ -0,0 +1,29 @@
++++ linux-2.6.39/grsecurity/Makefile	2011-05-24 20:26:54.000000000 -0400
+@@ -0,0 +1,33 @@
 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
 +# during 2001-2009 it has been completely redesigned by Brad Spengler
 +# into an RBAC system
@@ -60885,11 +60893,15 @@ diff -urNp linux-2.6.39/grsecurity/Makefile linux-2.6.39/grsecurity/Makefile
 +	grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
 +	grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
 +
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
 +	gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
 +	gracl_learn.o grsec_log.o
 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
 +
++ifdef CONFIG_NET
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
++endif
++
 +ifndef CONFIG_GRKERNSEC
 +obj-y += grsec_disabled.o
 +endif
diff --git a/2.6.39/4423_grsec-remove-protected-paths.patch b/2.6.39/4423_grsec-remove-protected-paths.patch
index 9c0fd88..1dd1ffb 100644
--- a/2.6.39/4423_grsec-remove-protected-paths.patch
+++ b/2.6.39/4423_grsec-remove-protected-paths.patch
@@ -5,7 +5,7 @@ paths in the filesystem.
 
 --- a/grsecurity/Makefile	2010-05-21 06:52:24.000000000 -0400
 +++ b/grsecurity/Makefile	2010-05-21 06:54:54.000000000 -0400
-@@ -22,8 +22,8 @@
+@@ -26,8 +26,8 @@
  ifdef CONFIG_GRKERNSEC_HIDESYM
  extra-y := grsec_hidesym.o
  $(obj)/grsec_hidesym.o:
author	Anthony G. Basile <blueness@gentoo.org>	2011-05-26 06:38:20 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2011-05-26 06:38:20 -0400
commit	dc5364db188b719cc9bb059838f0a9740a0a4561 (patch)
tree	f3cfd7328654c4b8768a3633803acc22615f42b6
parent	scripts/switchout.sh: remove old grsec patch, rename new, update README (diff)
download	hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.tar.gz hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.tar.bz2 hardened-patchset-dc5364db188b719cc9bb059838f0a9740a0a4561.zip