From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SHEjg-0003h5-DV for garchives@archives.gentoo.org; Mon, 09 Apr 2012 13:34:24 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C6C4E0C4B; Mon, 9 Apr 2012 13:34:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id E26B9E0C4B for ; Mon, 9 Apr 2012 13:34:13 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EF4C81B40AB for ; Mon, 9 Apr 2012 13:34:12 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id B1F00E5402 for ; Mon, 9 Apr 2012 13:34:11 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1333978440.33d9ea8ab4e59b5354557b11833732bcc6b5abbd.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.14/, 2.6.32/, 3.3.1/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 2.6.32/4455_grsec-kconfig-gentoo.patch 2.6.32/4460-grsec-kconfig-proc-user.patch 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch 3.2.14/4455_grsec-kconfig-gentoo.patch 3.2.14/4460-grsec-kconfig-proc-user.patch 3.2.14/4465_selinux-avc_audit-log-curr_ip.patch 3.3.1/4445_grsec-pax-without-grsec.patch 3.3.1/4460-grsec-kconfig-proc-user.patch 3.3.1/4465_selinux-avc_audit-log-curr_ip.patch X-VCS-Directories: 3.2.14/ 2.6.32/ 3.3.1/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 33d9ea8ab4e59b5354557b11833732bcc6b5abbd X-VCS-Branch: master Date: Mon, 9 Apr 2012 13:34:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: d18551c9-5a30-48ef-b3aa-96b7e7b039fa X-Archives-Hash: 917a05ce3a9eab6b76527d4fa0146e8d commit: 33d9ea8ab4e59b5354557b11833732bcc6b5abbd Author: Anthony G. Basile gentoo org> AuthorDate: Mon Apr 9 13:34:00 2012 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Mon Apr 9 13:34:00 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-patc= hset.git;a=3Dcommit;h=3D33d9ea8a Grsec/PaX: 2.9-{2.6.32.59,3.2.14,3.3.1}-201204062020 --- 2.6.32/4455_grsec-kconfig-gentoo.patch | 6 +++--- 2.6.32/4460-grsec-kconfig-proc-user.patch | 4 ++-- 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 +- 3.2.14/4455_grsec-kconfig-gentoo.patch | 6 +++--- 3.2.14/4460-grsec-kconfig-proc-user.patch | 4 ++-- 3.2.14/4465_selinux-avc_audit-log-curr_ip.patch | 2 +- 3.3.1/4445_grsec-pax-without-grsec.patch | 10 +++++----- 3.3.1/4460-grsec-kconfig-proc-user.patch | 4 ++-- 3.3.1/4465_selinux-avc_audit-log-curr_ip.patch | 2 +- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-k= config-gentoo.patch index 495638e..e578aa6 100644 --- a/2.6.32/4455_grsec-kconfig-gentoo.patch +++ b/2.6.32/4455_grsec-kconfig-gentoo.patch @@ -293,7 +293,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig diff -Naur a/security/Kconfig b/security/Kconfig --- a/security/Kconfig 2011-12-26 12:23:44.000000000 -0500 +++ b/security/Kconfig 2011-12-26 11:14:27.000000000 -0500 -@@ -361,9 +361,10 @@ +@@ -360,9 +360,10 @@ =20 config PAX_KERNEXEC bool "Enforce non-executable kernel pages" @@ -305,7 +305,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -374,30 +375,30 @@ +@@ -373,30 +374,30 @@ =20 choice prompt "Return Address Instrumentation Method" @@ -344,7 +344,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig default "" =20 config PAX_KERNEXEC_MODULE_TEXT -@@ -554,8 +555,9 @@ +@@ -553,8 +554,9 @@ =20 config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" diff --git a/2.6.32/4460-grsec-kconfig-proc-user.patch b/2.6.32/4460-grse= c-kconfig-proc-user.patch index b94ee69..8409e87 100644 --- a/2.6.32/4460-grsec-kconfig-proc-user.patch +++ b/2.6.32/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch shou= ld eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -676,7 +676,7 @@ +@@ -679,7 +679,7 @@ =20 config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their ow= n processes, and restricts them from viewing network-related informati= on, -@@ -684,7 +684,7 @@ +@@ -687,7 +687,7 @@ =20 config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/446= 5_selinux-avc_audit-log-curr_ip.patch index 11d9263..43147a7 100644 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1305,6 +1305,27 @@ +@@ -1308,6 +1308,27 @@ menu "Logging Options" depends on GRKERNSEC =20 diff --git a/3.2.14/4455_grsec-kconfig-gentoo.patch b/3.2.14/4455_grsec-k= config-gentoo.patch index ef59341..2527bad 100644 --- a/3.2.14/4455_grsec-kconfig-gentoo.patch +++ b/3.2.14/4455_grsec-kconfig-gentoo.patch @@ -293,7 +293,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig diff -Naur a/security/Kconfig b/security/Kconfig --- a/security/Kconfig 2011-12-26 12:23:44.000000000 -0500 +++ b/security/Kconfig 2011-12-26 11:14:27.000000000 -0500 -@@ -363,9 +363,10 @@ +@@ -362,9 +362,10 @@ =20 config PAX_KERNEXEC bool "Enforce non-executable kernel pages" @@ -305,7 +305,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -376,30 +377,30 @@ +@@ -375,30 +376,30 @@ =20 choice prompt "Return Address Instrumentation Method" @@ -344,7 +344,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig default "" =20 config PAX_KERNEXEC_MODULE_TEXT -@@ -556,8 +557,9 @@ +@@ -555,8 +556,9 @@ =20 config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" diff --git a/3.2.14/4460-grsec-kconfig-proc-user.patch b/3.2.14/4460-grse= c-kconfig-proc-user.patch index 2261051..b2b3188 100644 --- a/3.2.14/4460-grsec-kconfig-proc-user.patch +++ b/3.2.14/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch shou= ld eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -677,7 +677,7 @@ +@@ -680,7 +680,7 @@ =20 config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their ow= n processes, and restricts them from viewing network-related informati= on, -@@ -685,7 +685,7 @@ +@@ -688,7 +688,7 @@ =20 config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.14/446= 5_selinux-avc_audit-log-curr_ip.patch index af8b7b8..5a9d80c 100644 --- a/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1306,6 +1306,27 @@ +@@ -1309,6 +1309,27 @@ menu "Logging Options" depends on GRKERNSEC =20 diff --git a/3.3.1/4445_grsec-pax-without-grsec.patch b/3.3.1/4445_grsec-= pax-without-grsec.patch index 58301c0..35255c2 100644 --- a/3.3.1/4445_grsec-pax-without-grsec.patch +++ b/3.3.1/4445_grsec-pax-without-grsec.patch @@ -1,7 +1,7 @@ -From: Anthony G. Basile +ny G. Basile =20 With grsecurity-2.2.2-2.6.32.38-201104171745, the functions pax_report_l= eak_to_user and -pax_report_overflow_from_user in fs/exec.c were consolidated into pax_re= port_usercopy. +pax_report_om_user in fs/exec.c were consolidated into pax_report_userco= py. This patch has been updated to reflect that change. =20 With grsecurity-2.9-2.6.32.58-201203131839, NORET_TYPE has been replaced= by __noreturn. @@ -39,7 +39,7 @@ diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c diff -Naur a/fs/exec.c b/fs/exec.c --- a/fs/exec.c 2011-04-17 19:05:03.000000000 -0400 +++ b/fs/exec.c 2011-04-17 19:20:30.000000000 -0400 -@@ -2048,9 +2048,11 @@ +@@ -2052,9 +2052,11 @@ } up_read(&mm->mmap_sem); } @@ -51,7 +51,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n",= path_fault, start, end, offset); printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -2065,10 +2067,12 @@ +@@ -2069,10 +2071,12 @@ #ifdef CONFIG_PAX_REFCOUNT void pax_report_refcount_overflow(struct pt_regs *regs) { @@ -64,7 +64,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid:= %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()= ); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instr= uction_pointer(regs)); -@@ -2127,10 +2131,12 @@ +@@ -2131,10 +2135,12 @@ =20 __noreturn void pax_report_usercopy(const void *ptr, unsigned long len,= bool to, const char *type) { diff --git a/3.3.1/4460-grsec-kconfig-proc-user.patch b/3.3.1/4460-grsec-= kconfig-proc-user.patch index 2261051..b2b3188 100644 --- a/3.3.1/4460-grsec-kconfig-proc-user.patch +++ b/3.3.1/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch shou= ld eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -677,7 +677,7 @@ +@@ -680,7 +680,7 @@ =20 config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their ow= n processes, and restricts them from viewing network-related informati= on, -@@ -685,7 +685,7 @@ +@@ -688,7 +688,7 @@ =20 config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.1/4465_= selinux-avc_audit-log-curr_ip.patch index af8b7b8..5a9d80c 100644 --- a/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1306,6 +1306,27 @@ +@@ -1309,6 +1309,27 @@ menu "Logging Options" depends on GRKERNSEC =20