From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8AC88138010 for ; Sat, 1 Sep 2012 00:04:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E605AE06F3; Sat, 1 Sep 2012 00:04:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id A7D5DE06F3 for ; Sat, 1 Sep 2012 00:04:03 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E723733D913 for ; Sat, 1 Sep 2012 00:04:02 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 59E43E5441 for ; Sat, 1 Sep 2012 00:04:01 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1346457790.781f9e515903c8925cb467479acd24fe4df4ed14.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.28/, 2.6.32/, 3.5.3/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 2.6.32/0000_README 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch 3.2.28/0000_README 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch 3.5.3/0000_README 3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch 3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch X-VCS-Directories: 3.2.28/ 2.6.32/ 3.5.3/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 781f9e515903c8925cb467479acd24fe4df4ed14 X-VCS-Branch: master Date: Sat, 1 Sep 2012 00:04:01 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 56608c8a-2d42-4e2e-9dde-90eac9206889 X-Archives-Hash: fdbe64ef2f6b0e3227bc5ddfd2415139 commit: 781f9e515903c8925cb467479acd24fe4df4ed14 Author: Anthony G. Basile gentoo org> AuthorDate: Sat Sep 1 00:03:10 2012 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Sat Sep 1 00:03:10 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=781f9e51 Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.3}-201208302015 --- 2.6.32/0000_README | 2 +- ..._grsecurity-2.9.1-2.6.32.59-201208302014.patch} | 75 +++++++++++++++----- 3.2.28/0000_README | 2 +- ...420_grsecurity-2.9.1-3.2.28-201208302014.patch} | 26 +++++++- 3.5.3/0000_README | 2 +- ...4420_grsecurity-2.9.1-3.5.3-201208302015.patch} | 26 +++++++- 6 files changed, 110 insertions(+), 23 deletions(-) diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 16680e5..c0cf34a 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch similarity index 99% rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch index 63a8206..7327d9d 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208302014.patch @@ -66499,7 +66499,7 @@ index b4ea829..e63ef18 100644 } diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index 136a0d6..a287331 100644 +index 136a0d6..cdff021 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c @@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes) @@ -66511,6 +66511,30 @@ index 136a0d6..a287331 100644 ssize_t wr = 0; /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/ +@@ -326,6 +326,10 @@ static int validate_request(struct autofs_wait_queue **wait, + return 1; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0); ++#endif ++ + int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, + enum autofs_notify notify) + { +@@ -359,7 +363,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, + + /* If this is a direct mount request create a dummy name */ + if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ /* this name does get written to userland via autofs4_write() */ ++ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id)); ++#else + qstr.len = sprintf(name, "%p", dentry); ++#endif + else { + qstr.len = autofs4_getpath(sbi, dentry, &name); + if (!qstr.len) { diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c index 9158c07..3f06659 100644 --- a/fs/befs/linuxvfs.c @@ -91544,18 +91568,6 @@ index 0000000..3891139 +int do_syslog(int type, char __user *buf, int count, bool from_file); + +#endif /* _LINUX_SYSLOG_H */ -diff --git a/include/linux/tfrc.h b/include/linux/tfrc.h -index 8a8462b..097fe78 100644 ---- a/include/linux/tfrc.h -+++ b/include/linux/tfrc.h -@@ -50,6 +50,7 @@ struct tfrc_tx_info { - __u32 tfrctx_p; - __u32 tfrctx_rto; - __u32 tfrctx_ipi; -+ __u32 padding; - }; - - #endif /* _LINUX_TFRC_H_ */ diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index a8cc4e1..98d3b85 100644 --- a/include/linux/thread_info.h @@ -103836,14 +103848,41 @@ index facedd2..ab260b0 100644 optval, optlen); return rc; diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c -index 34dcc79..ca75875 100644 +index 34dcc79..f51ed45 100644 --- a/net/dccp/ccids/ccid3.c +++ b/net/dccp/ccids/ccid3.c -@@ -618,6 +618,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len, +@@ -604,20 +604,29 @@ static void ccid3_hc_tx_get_info(struct sock *sk, struct tcp_info *info) + static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len, + u32 __user *optval, int __user *optlen) + { +- const struct ccid3_hc_tx_sock *hctx; ++ const struct ccid3_hc_tx_sock *hc = ccid3_hc_tx_sk(sk); ++ struct tfrc_tx_info tfrc; + const void *val; + + /* Listen socks doesn't have a private CCID block */ + if (sk->sk_state == DCCP_LISTEN) + return -EINVAL; + +- hctx = ccid3_hc_tx_sk(sk); + switch (optname) { + case DCCP_SOCKOPT_CCID_TX_INFO: +- if (len < sizeof(hctx->ccid3hctx_tfrc)) ++ if (len < sizeof(tfrc)) return -EINVAL; - len = sizeof(hctx->ccid3hctx_tfrc); - val = &hctx->ccid3hctx_tfrc; -+ hctx->ccid3hctx_tfrc.padding = 0; +- len = sizeof(hctx->ccid3hctx_tfrc); +- val = &hctx->ccid3hctx_tfrc; ++ ++ memset(&tfrc, 0, sizeof(tfrc)); ++ tfrc.tfrctx_x = hc->ccid3hctx_x; ++ tfrc.tfrctx_x_recv = hc->ccid3hctx_x_recv; ++ tfrc.tfrctx_x_calc = hc->ccid3hctx_x_calc; ++ tfrc.tfrctx_rtt = hc->ccid3hctx_rtt; ++ tfrc.tfrctx_p = hc->ccid3hctx_p; ++ tfrc.tfrctx_rto = hc->ccid3hctx_t_rto; ++ tfrc.tfrctx_ipi = hc->ccid3hctx_t_ipi; ++ len = sizeof(tfrc); ++ val = &tfrc; break; default: return -ENOPROTOOPT; diff --git a/3.2.28/0000_README b/3.2.28/0000_README index 8e8f3c9..5fc9a2d 100644 --- a/3.2.28/0000_README +++ b/3.2.28/0000_README @@ -30,7 +30,7 @@ Patch: 1027_linux-3.2.28.patch From: http://www.kernel.org Desc: Linux 3.2.28 -Patch: 4420_grsecurity-2.9.1-3.2.28-201208271905.patch +Patch: 4420_grsecurity-2.9.1-3.2.28-201208302014.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch similarity index 99% rename from 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch rename to 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch index 11d1b8e..ece45f0 100644 --- a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch +++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208302014.patch @@ -42649,7 +42649,7 @@ index b8f55c4..4c2b80c 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index e1fbdee..cd5ea56 100644 +index e1fbdee..87eb5fc 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c @@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes) @@ -42661,6 +42661,30 @@ index e1fbdee..cd5ea56 100644 ssize_t wr = 0; /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/ +@@ -338,6 +338,10 @@ static int validate_request(struct autofs_wait_queue **wait, + return 1; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0); ++#endif ++ + int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, + enum autofs_notify notify) + { +@@ -371,7 +375,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, + + /* If this is a direct mount request create a dummy name */ + if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ /* this name does get written to userland via autofs4_write() */ ++ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id)); ++#else + qstr.len = sprintf(name, "%p", dentry); ++#endif + else { + qstr.len = autofs4_getpath(sbi, dentry, &name); + if (!qstr.len) { diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c index 8342ca6..82fd192 100644 --- a/fs/befs/linuxvfs.c diff --git a/3.5.3/0000_README b/3.5.3/0000_README index 24c63b2..de2721a 100644 --- a/3.5.3/0000_README +++ b/3.5.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.5.3-201208271906.patch +Patch: 4420_grsecurity-2.9.1-3.5.3-201208302015.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch b/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch similarity index 99% rename from 3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch rename to 3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch index 9557d64..711cf9b 100644 --- a/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208271906.patch +++ b/3.5.3/4420_grsecurity-2.9.1-3.5.3-201208302015.patch @@ -42299,7 +42299,7 @@ index 0da9095..1386693 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index da8876d..9f3e6d8 100644 +index da8876d..4456166 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c @@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, @@ -42311,6 +42311,30 @@ index da8876d..9f3e6d8 100644 ssize_t wr = 0; sigpipe = sigismember(¤t->pending.signal, SIGPIPE); +@@ -348,6 +348,10 @@ static int validate_request(struct autofs_wait_queue **wait, + return 1; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0); ++#endif ++ + int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, + enum autofs_notify notify) + { +@@ -381,7 +385,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, + + /* If this is a direct mount request create a dummy name */ + if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ /* this name does get written to userland via autofs4_write() */ ++ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id)); ++#else + qstr.len = sprintf(name, "%p", dentry); ++#endif + else { + qstr.len = autofs4_getpath(sbi, dentry, &name); + if (!qstr.len) { diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c index e18da23..affc30e 100644 --- a/fs/befs/linuxvfs.c