* [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.54/, 3.13.1/, 3.13.2/
@ 2014-02-08 17:38 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2014-02-08 17:38 UTC (permalink / raw
To: gentoo-commits
commit: f31dc62ba3b58489d68b09632c7f5c9272bf9d78
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 8 17:38:31 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Feb 8 17:38:31 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=f31dc62b
Grsec/PaX: 3.0-{3.2.54,3.13.2}-201402062224
---
{3.13.1 => 3.13.2}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.13.2-201402062224.patch | 382 +++++++++++++--------
{3.13.1 => 3.13.2}/4425_grsec_remove_EI_PAX.patch | 2 +-
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.13.1 => 3.13.2}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 7 +-
.../4450_grsec-kconfig-default-gids.patch | 20 +-
.../4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
{3.13.1 => 3.13.2}/4470_disable-compat_vdso.patch | 0
{3.13.1 => 3.13.2}/4475_emutramp_default_on.patch | 2 +-
3.2.54/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.54-201402062221.patch} | 41 ++-
3.2.54/4425_grsec_remove_EI_PAX.patch | 2 +-
3.2.54/4440_grsec-remove-protected-paths.patch | 7 +-
3.2.54/4450_grsec-kconfig-default-gids.patch | 8 +-
3.2.54/4475_emutramp_default_on.patch | 2 +-
17 files changed, 313 insertions(+), 166 deletions(-)
diff --git a/3.13.1/0000_README b/3.13.2/0000_README
similarity index 96%
rename from 3.13.1/0000_README
rename to 3.13.2/0000_README
index 6b35ea7..850ef1e 100644
--- a/3.13.1/0000_README
+++ b/3.13.2/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.13.1-201402052349.patch
+Patch: 4420_grsecurity-3.0-3.13.2-201402062224.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.13.1/4420_grsecurity-3.0-3.13.1-201402052349.patch b/3.13.2/4420_grsecurity-3.0-3.13.2-201402062224.patch
similarity index 99%
rename from 3.13.1/4420_grsecurity-3.0-3.13.1-201402052349.patch
rename to 3.13.2/4420_grsecurity-3.0-3.13.2-201402062224.patch
index ee1465f..824a474 100644
--- a/3.13.1/4420_grsecurity-3.0-3.13.1-201402052349.patch
+++ b/3.13.2/4420_grsecurity-3.0-3.13.2-201402062224.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index de4cda9..e5ec62c 100644
+index a7fd5d9..84ed0df 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -302,7 +302,23 @@ index de4cda9..e5ec62c 100644
# Decide whether to build built-in, modular, or both.
# Normally, just do built-in.
-@@ -417,8 +418,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \
+@@ -311,9 +312,15 @@ endif
+ # If the user is running make -s (silent mode), suppress echoing of
+ # commands
+
++ifneq ($(filter 4.%,$(MAKE_VERSION)),) # make-4
++ifneq ($(filter %s ,$(firstword x$(MAKEFLAGS))),)
++ quiet=silent_
++endif
++else # make-3.8x
+ ifneq ($(filter s% -s%,$(MAKEFLAGS)),)
+ quiet=silent_
+ endif
++endif
+
+ export quiet Q KBUILD_VERBOSE
+
+@@ -417,8 +424,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \
# Rules shared between *config targets and build targets
# Basic helpers built in scripts/
@@ -313,7 +329,7 @@ index de4cda9..e5ec62c 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -579,6 +580,76 @@ else
+@@ -579,6 +586,74 @@ else
KBUILD_CFLAGS += -O2
endif
@@ -340,10 +356,8 @@ index de4cda9..e5ec62c 100644
+KERNEXEC_PLUGIN_AFLAGS := -DKERNEXEC_PLUGIN
+endif
+ifdef CONFIG_GRKERNSEC_RANDSTRUCT
-+GRKERNSEC_RANDSTRUCT_SEED := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gen-random-seed.sh)
+RANDSTRUCT_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/randomize_layout_plugin.so -DRANDSTRUCT_PLUGIN
-+RANDSTRUCT_PLUGIN_CFLAGS += -fplugin-arg-randomize_layout_plugin-seed=$(GRKERNSEC_RANDSTRUCT_SEED)
-+RANDSTRUCT_HASHED_SEED := $(shell cat "$(srctree)/tools/gcc/randstruct.hashed_seed")
++RANDSTRUCT_HASHED_SEED := $(shell cat "$(objtree)/tools/gcc/randomize_layout_hash.data")
+RANDSTRUCT_PLUGIN_CFLAGS += -DRANDSTRUCT_HASHED_SEED="\"$(RANDSTRUCT_HASHED_SEED)\""
+ifdef CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE
+RANDSTRUCT_PLUGIN_CFLAGS += -fplugin-arg-randomize_layout_plugin-performance-mode
@@ -390,7 +404,16 @@ index de4cda9..e5ec62c 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -754,7 +825,7 @@ export mod_sign_cmd
+@@ -619,7 +694,7 @@ endif
+
+ ifdef CONFIG_DEBUG_INFO
+ KBUILD_CFLAGS += -g
+-KBUILD_AFLAGS += -gdwarf-2
++KBUILD_AFLAGS += -Wa,--gdwarf-2
+ endif
+
+ ifdef CONFIG_DEBUG_INFO_REDUCED
+@@ -754,7 +829,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -399,7 +422,7 @@ index de4cda9..e5ec62c 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -803,6 +874,8 @@ endif
+@@ -803,6 +878,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -408,7 +431,7 @@ index de4cda9..e5ec62c 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -812,7 +885,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -812,7 +889,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -417,7 +440,7 @@ index de4cda9..e5ec62c 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -855,10 +928,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -855,10 +932,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -431,7 +454,7 @@ index de4cda9..e5ec62c 100644
prepare: prepare0
# Generate some files
-@@ -966,6 +1042,8 @@ all: modules
+@@ -966,6 +1046,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -440,7 +463,7 @@ index de4cda9..e5ec62c 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -981,7 +1059,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -981,7 +1063,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -449,17 +472,17 @@ index de4cda9..e5ec62c 100644
# Target to install modules
PHONY += modules_install
-@@ -1047,7 +1125,8 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1047,7 +1129,8 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
- signing_key.x509.signer
+ signing_key.x509.signer tools/gcc/size_overflow_hash.h \
-+ tools/gcc/randstruct.seed tools/gcc/randstruct.hashed_seed
++ tools/gcc/randomize_layout_seed.h tools/gcc/randomize_layout_hash.data
# clean - Delete most, but leave enough to build external modules
#
-@@ -1087,6 +1166,7 @@ distclean: mrproper
+@@ -1087,6 +1170,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
@@ -467,7 +490,7 @@ index de4cda9..e5ec62c 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1248,6 +1328,8 @@ PHONY += $(module-dirs) modules
+@@ -1248,6 +1332,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -476,7 +499,7 @@ index de4cda9..e5ec62c 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1387,17 +1469,21 @@ else
+@@ -1387,17 +1473,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -502,7 +525,7 @@ index de4cda9..e5ec62c 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1407,11 +1493,15 @@ endif
+@@ -1407,11 +1497,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -3596,6 +3619,29 @@ index 8a1b5e0..5f30074 100644
/* omap_hwmod_list contains all registered struct omap_hwmods */
static LIST_HEAD(omap_hwmod_list);
+diff --git a/arch/arm/mach-omap2/powerdomains43xx_data.c b/arch/arm/mach-omap2/powerdomains43xx_data.c
+index 95fee54..cfa9cf1 100644
+--- a/arch/arm/mach-omap2/powerdomains43xx_data.c
++++ b/arch/arm/mach-omap2/powerdomains43xx_data.c
+@@ -10,6 +10,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/init.h>
++#include <asm/pgtable.h>
+
+ #include "powerdomain.h"
+
+@@ -129,7 +130,9 @@ static int am43xx_check_vcvp(void)
+
+ void __init am43xx_powerdomains_init(void)
+ {
+- omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp;
++ pax_open_kernel();
++ *(void **)&omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp;
++ pax_close_kernel();
+ pwrdm_register_platform_funcs(&omap4_pwrdm_operations);
+ pwrdm_register_pwrdms(powerdomains_am43xx);
+ pwrdm_complete_init();
diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c
index d15c7bb..b2d1f0c 100644
--- a/arch/arm/mach-omap2/wd_timer.c
@@ -18643,7 +18689,7 @@ index 3ba3de4..6c113b2 100644
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index e6d90ba..0897f44 100644
+index e6d90ba..f81f114 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -17,18 +17,44 @@
@@ -18697,11 +18743,10 @@ index e6d90ba..0897f44 100644
}
static inline void __native_flush_tlb_global(void)
-@@ -49,6 +75,42 @@ static inline void __native_flush_tlb_global(void)
+@@ -49,6 +75,41 @@ static inline void __native_flush_tlb_global(void)
static inline void __native_flush_tlb_single(unsigned long addr)
{
-+
+ if (static_cpu_has(X86_FEATURE_INVPCID)) {
+ u64 descriptor[2];
+
@@ -20255,10 +20300,10 @@ index 47b56a7..efc2bc6 100644
obj-y += proc.o capflags.o powerflags.o common.o
obj-y += rdrand.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index bca023b..c544908 100644
+index 59bfebc..d8f27bd 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -743,7 +743,7 @@ static void init_amd(struct cpuinfo_x86 *c)
+@@ -753,7 +753,7 @@ static void init_amd(struct cpuinfo_x86 *c)
static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
{
/* AMD errata T13 (order #21922) */
@@ -27510,7 +27555,7 @@ index c697625..a032162 100644
out:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 775702f..737d4a9 100644
+index d86ff15..e77b023 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -27723,10 +27768,10 @@ index da7837e..86c6ebf 100644
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 5d004da..0802480 100644
+index d89d51b..f3c612a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1788,8 +1788,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1791,8 +1791,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -27737,7 +27782,7 @@ index 5d004da..0802480 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2673,6 +2673,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2676,6 +2676,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -27746,7 +27791,7 @@ index 5d004da..0802480 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -5482,7 +5484,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5485,7 +5487,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
@@ -35509,7 +35554,7 @@ index c482f8c..c832240 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 1393a58..3bf8cbe 100644
+index 1a3dbd1..dfc6e5c 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -35521,7 +35566,7 @@ index 1393a58..3bf8cbe 100644
struct ata_force_param {
const char *name;
-@@ -4823,7 +4823,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4850,7 +4850,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -35530,7 +35575,7 @@ index 1393a58..3bf8cbe 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4839,7 +4839,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4866,7 +4866,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -35539,7 +35584,7 @@ index 1393a58..3bf8cbe 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5958,6 +5958,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5985,6 +5985,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -35547,7 +35592,7 @@ index 1393a58..3bf8cbe 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5971,8 +5972,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5998,8 +5999,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -35558,7 +35603,7 @@ index 1393a58..3bf8cbe 100644
spin_unlock(&lock);
}
-@@ -6165,7 +6167,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+@@ -6192,7 +6194,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
/* give ports names and add SCSI hosts */
for (i = 0; i < host->n_ports; i++) {
@@ -35568,10 +35613,10 @@ index 1393a58..3bf8cbe 100644
}
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index 377eb88..8591b44 100644
+index ef8567d..8bdbd03 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
-@@ -4135,7 +4135,7 @@ int ata_sas_port_init(struct ata_port *ap)
+@@ -4147,7 +4147,7 @@ int ata_sas_port_init(struct ata_port *ap)
if (rc)
return rc;
@@ -39035,6 +39080,27 @@ index 9902732..64b62dd 100644
return -EINVAL;
}
+diff --git a/drivers/gpu/drm/armada/armada_drv.c b/drivers/gpu/drm/armada/armada_drv.c
+index 62d0ff3..073dbf3 100644
+--- a/drivers/gpu/drm/armada/armada_drv.c
++++ b/drivers/gpu/drm/armada/armada_drv.c
+@@ -68,15 +68,7 @@ void __armada_drm_queue_unref_work(struct drm_device *dev,
+ {
+ struct armada_private *priv = dev->dev_private;
+
+- /*
+- * Yes, we really must jump through these hoops just to store a
+- * _pointer_ to something into the kfifo. This is utterly insane
+- * and idiotic, because it kfifo requires the _data_ pointed to by
+- * the pointer const, not the pointer itself. Not only that, but
+- * you have to pass a pointer _to_ the pointer you want stored.
+- */
+- const struct drm_framebuffer *silly_api_alert = fb;
+- WARN_ON(!kfifo_put(&priv->fb_unref, &silly_api_alert));
++ WARN_ON(!kfifo_put(&priv->fb_unref, fb));
+ schedule_work(&priv->fb_unref_work);
+ }
+
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index d6cf77c..2842146 100644
--- a/drivers/gpu/drm/drm_crtc.c
@@ -40354,6 +40420,19 @@ index ae1cb31..5b5b6b7c 100644
err = drm_debugfs_create_files(dc->debugfs_files,
ARRAY_SIZE(debugfs_files),
+diff --git a/drivers/gpu/drm/tegra/hdmi.c b/drivers/gpu/drm/tegra/hdmi.c
+index 0cd9bc2..9759be4 100644
+--- a/drivers/gpu/drm/tegra/hdmi.c
++++ b/drivers/gpu/drm/tegra/hdmi.c
+@@ -57,7 +57,7 @@ struct tegra_hdmi {
+ bool stereo;
+ bool dvi;
+
+- struct drm_info_list *debugfs_files;
++ drm_info_list_no_const *debugfs_files;
+ struct drm_minor *minor;
+ struct dentry *debugfs;
+ };
diff --git a/drivers/gpu/drm/ttm/ttm_bo_manager.c b/drivers/gpu/drm/ttm/ttm_bo_manager.c
index c58eba33..83c2728 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_manager.c
@@ -44379,6 +44458,21 @@ index 464419b..64bae8d 100644
c2dev->dev = device_create(c2port_class, NULL, 0, c2dev,
"c2port%d", c2dev->id);
+diff --git a/drivers/misc/eeprom/sunxi_sid.c b/drivers/misc/eeprom/sunxi_sid.c
+index 9c34e57..b981cda 100644
+--- a/drivers/misc/eeprom/sunxi_sid.c
++++ b/drivers/misc/eeprom/sunxi_sid.c
+@@ -127,7 +127,9 @@ static int sunxi_sid_probe(struct platform_device *pdev)
+
+ platform_set_drvdata(pdev, sid_data);
+
+- sid_bin_attr.size = sid_data->keysize;
++ pax_open_kernel();
++ *(size_t *)&sid_bin_attr.size = sid_data->keysize;
++ pax_close_kernel();
+ if (device_create_bin_file(&pdev->dev, &sid_bin_attr))
+ return -ENODEV;
+
diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c
index 36f5d52..32311c3 100644
--- a/drivers/misc/kgdbts.c
@@ -44809,6 +44903,25 @@ index f320579..7b7ebac 100644
mmci_write_datactrlreg(host, MCI_ST_DPSM_BUSYMODE);
}
+diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c
+index 1dcaf8a..025af25 100644
+--- a/drivers/mmc/host/sdhci-esdhc-imx.c
++++ b/drivers/mmc/host/sdhci-esdhc-imx.c
+@@ -1009,9 +1009,12 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev)
+ host->quirks2 |= SDHCI_QUIRK2_PRESET_VALUE_BROKEN;
+ }
+
+- if (imx_data->socdata->flags & ESDHC_FLAG_MAN_TUNING)
+- sdhci_esdhc_ops.platform_execute_tuning =
++ if (imx_data->socdata->flags & ESDHC_FLAG_MAN_TUNING) {
++ pax_open_kernel();
++ *(void **)&sdhci_esdhc_ops.platform_execute_tuning =
+ esdhc_executing_tuning;
++ pax_close_kernel();
++ }
+ boarddata = &imx_data->boarddata;
+ if (sdhci_esdhc_imx_probe_dt(pdev, boarddata) < 0) {
+ if (!host->mmc->parent->platform_data) {
diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
index 6debda9..2ba7427 100644
--- a/drivers/mmc/host/sdhci-s3c.c
@@ -45549,10 +45662,10 @@ index a79e9d3..78cd4fa 100644
/* we will have to manufacture ethernet headers, prepare template */
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index ed384fe..9e3f4f4 100644
+index 0247973..088193a 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
-@@ -2617,7 +2617,7 @@ nla_put_failure:
+@@ -2615,7 +2615,7 @@ nla_put_failure:
return -EMSGSIZE;
}
@@ -46226,10 +46339,10 @@ index 7aad766..06addb4 100644
data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled",
data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled",
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index cde9c16..e485cfe 100644
+index f53ef83..5e34bcb 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1368,7 +1368,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1390,7 +1390,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
char buf[8];
@@ -46238,7 +46351,7 @@ index cde9c16..e485cfe 100644
u32 reset_flag;
memset(buf, 0, sizeof(buf));
-@@ -1389,7 +1389,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1411,7 +1411,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
{
struct iwl_trans *trans = file->private_data;
char buf[8];
@@ -48544,10 +48657,10 @@ index 084d1fd..9f939eb 100644
uint32_t default_time2wait; /* Default Min time between
* relogins (+aens) */
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
-index a28d5e6..000a8af 100644
+index cf174a4..128a420 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
-@@ -3308,12 +3308,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
+@@ -3311,12 +3311,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
*/
if (!iscsi_is_session_online(cls_sess)) {
/* Reset retry relogin timer */
@@ -48562,7 +48675,7 @@ index a28d5e6..000a8af 100644
ddb_entry->default_time2wait + 4));
set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags);
atomic_set(&ddb_entry->retry_relogin_timer,
-@@ -5455,7 +5455,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
+@@ -5458,7 +5458,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY);
atomic_set(&ddb_entry->relogin_timer, 0);
@@ -50607,7 +50720,7 @@ index d0e3a44..5f8b754 100644
ret = -EPERM;
goto reterr;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index f7beb6e..8c0bbd0 100644
+index a673e5b..36e5d32 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -25,6 +25,7 @@
@@ -50886,7 +50999,7 @@ index 6bffb8c..b404e8b 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index bd9dc35..c04ae2f 100644
+index 07e6654..6420edf 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -50897,7 +51010,7 @@ index bd9dc35..c04ae2f 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4463,6 +4464,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -4442,6 +4443,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
goto done;
return;
}
@@ -56118,10 +56231,10 @@ index a4b38f9..f86a509 100644
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index 21da576..3551e09 100644
+index 9f831bb..14afde5 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -3451,9 +3451,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3457,9 +3457,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -56134,7 +56247,7 @@ index 21da576..3551e09 100644
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -3475,10 +3478,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3481,10 +3484,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -57166,7 +57279,7 @@ index bc3fbcd..6031650 100644
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index cb4a106..b75581f 100644
+index fdbe230..ba17c1f 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
@@ -57178,7 +57291,7 @@ index cb4a106..b75581f 100644
if (!dname) {
kmem_cache_free(dentry_cache, dentry);
return NULL;
-@@ -3429,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -60150,7 +60263,7 @@ index 92a0f0a..45a48f0 100644
spin_lock(&inode->i_lock);
diff --git a/fs/mount.h b/fs/mount.h
-index d64c594..6c283db 100644
+index a17458c..e69fb5b 100644
--- a/fs/mount.h
+++ b/fs/mount.h
@@ -11,7 +11,7 @@ struct mnt_namespace {
@@ -64110,7 +64223,7 @@ index 104455b..764c512 100644
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..01d5523
+index 0000000..e98584b
--- /dev/null
+++ b/grsecurity/Kconfig
@@ -0,0 +1,1147 @@
@@ -64343,7 +64456,7 @@ index 0000000..01d5523
+ Volatility against the system (unless the kernel source tree isn't
+ cleaned after kernel installation).
+
-+ The seed used for compilation is located at tools/gcc/randstruct.seed.
++ The seed used for compilation is located at tools/gcc/randomize_layout_seed.h.
+ It remains after a make clean to allow for external modules to be compiled
+ with the existing seed and will be removed by a make mrproper or
+ make distclean.
@@ -65263,10 +65376,10 @@ index 0000000..01d5523
+endmenu
diff --git a/grsecurity/Makefile b/grsecurity/Makefile
new file mode 100644
-index 0000000..8a0354c
+index 0000000..5307c8a
--- /dev/null
+++ b/grsecurity/Makefile
-@@ -0,0 +1,53 @@
+@@ -0,0 +1,54 @@
+# grsecurity – access control and security hardening for Linux
+# All code in this directory and various hooks located throughout the Linux kernel are
+# Copyright (C) 2001-2014 Bradley Spengler, Open Source Security, Inc.
@@ -65318,6 +65431,7 @@ index 0000000..8a0354c
+ @-chmod -f 500 /lib64/modules
+ @-chmod -f 500 /lib32/modules
+ @-chmod -f 700 .
++ @-chmod -f 700 $(objtree)
+ @echo ' grsec: protected kernel image paths'
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
@@ -75711,7 +75825,7 @@ index e73c19e..5b89e00 100644
struct crypto_instance {
struct crypto_alg alg;
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index 1d4a920..53a3229 100644
+index 1d4a920..da65658 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -66,6 +66,7 @@
@@ -75750,16 +75864,17 @@ index 1d4a920..53a3229 100644
/**
* Creates a driver or general drm_ioctl_desc array entry for the given
-@@ -1013,7 +1016,7 @@ struct drm_info_list {
+@@ -1013,7 +1016,8 @@ struct drm_info_list {
int (*show)(struct seq_file*, void*); /** show callback */
u32 driver_features; /**< Required driver features for this entry */
void *data;
-};
+} __do_const;
++typedef struct drm_info_list __no_const drm_info_list_no_const;
/**
* debugfs node structure. This structure represents a debugfs file.
-@@ -1097,7 +1100,7 @@ struct drm_device {
+@@ -1097,7 +1101,7 @@ struct drm_device {
/** \name Usage Counters */
/*@{ */
@@ -75807,6 +75922,18 @@ index 72dcbe8..8db58d7 100644
/**
* struct ttm_mem_global - Global memory accounting structure.
+diff --git a/include/drm/ttm/ttm_page_alloc.h b/include/drm/ttm/ttm_page_alloc.h
+index d1f61bf..2239439 100644
+--- a/include/drm/ttm/ttm_page_alloc.h
++++ b/include/drm/ttm/ttm_page_alloc.h
+@@ -78,6 +78,7 @@ void ttm_dma_page_alloc_fini(void);
+ */
+ extern int ttm_dma_page_alloc_debugfs(struct seq_file *m, void *data);
+
++struct device;
+ extern int ttm_dma_populate(struct ttm_dma_tt *ttm_dma, struct device *dev);
+ extern void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev);
+
diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h
index 4b840e8..155d235 100644
--- a/include/keys/asymmetric-subtype.h
@@ -78620,10 +78747,10 @@ index 9523d2a..16c0424 100644
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 9b50337..712d748 100644
+index bec6dbe..2873d64 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
-@@ -973,7 +973,7 @@ struct ata_port_operations {
+@@ -975,7 +975,7 @@ struct ata_port_operations {
* fields must be pointers.
*/
const struct ata_port_operations *inherits;
@@ -91285,7 +91412,7 @@ index 6768ce9..4c41d69 100644
mm = get_task_mm(tsk);
if (!mm)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 0cd2c4d..9558c83 100644
+index e1bd997..055f496 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -95513,7 +95640,7 @@ index 4a5df7b..9ad1f1d 100644
switch (ss->ss_family) {
diff --git a/net/compat.c b/net/compat.c
-index dd32e34..94fa415 100644
+index f50161f..94fa415 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
@@ -95643,31 +95770,7 @@ index dd32e34..94fa415 100644
struct group_filter __user *kgf;
int __user *koptlen;
u32 interface, fmode, numsrc;
-@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg,
- if (flags & MSG_CMSG_COMPAT)
- return -EINVAL;
-
-- if (COMPAT_USE_64BIT_TIME)
-- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
-- flags | MSG_CMSG_COMPAT,
-- (struct timespec *) timeout);
--
- if (timeout == NULL)
- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
- flags | MSG_CMSG_COMPAT, NULL);
-
-- if (get_compat_timespec(&ktspec, timeout))
-+ if (compat_get_timespec(&ktspec, timeout))
- return -EFAULT;
-
- datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
- flags | MSG_CMSG_COMPAT, &ktspec);
-- if (datagrams > 0 && put_compat_timespec(&ktspec, timeout))
-+ if (datagrams > 0 && compat_put_timespec(&ktspec, timeout))
- datagrams = -EFAULT;
-
- return datagrams;
-@@ -808,7 +803,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
+@@ -803,7 +803,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
@@ -96481,7 +96584,7 @@ index a1b5bcb..62ec5c6 100644
#endif
if (dflt != &ipv4_devconf_dflt)
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
-index d846304..d0622bb 100644
+index c7539e2..b455e51 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1015,12 +1015,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
@@ -96499,7 +96602,7 @@ index d846304..d0622bb 100644
if (ifa->ifa_dev->ifa_list == NULL) {
/* Last address was deleted from this interface.
* Disable IP.
-@@ -1056,7 +1056,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
+@@ -1058,7 +1058,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
#endif
@@ -96631,7 +96734,7 @@ index 2481993..2d9a7a7 100644
return -ENOMEM;
}
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index e560ef3..218c5c5 100644
+index d306360..1c1a1f1 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -115,7 +115,7 @@ static bool log_ecn_error = true;
@@ -101278,20 +101381,6 @@ index 0000000..5e0222d
+ [[ "$plugincc" =~ "$1" ]] && echo "$1"
+ [[ "$plugincc" =~ "$2" ]] && echo "$2"
+fi
-diff --git a/scripts/gen-random-seed.sh b/scripts/gen-random-seed.sh
-new file mode 100644
-index 0000000..27e0f4a
---- /dev/null
-+++ b/scripts/gen-random-seed.sh
-@@ -0,0 +1,8 @@
-+#!/bin/sh
-+
-+if [ ! -f 'tools/gcc/randstruct.seed' ]; then
-+ SEED=`od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n'`
-+ echo "$SEED" > tools/gcc/randstruct.seed
-+ cat tools/gcc/randstruct.seed | sha256sum | cut -d" " -f1 | tr -d "\n" > tools/gcc/randstruct.hashed_seed
-+fi
-+cat tools/gcc/randstruct.seed
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index 5de5660..d3deb89 100644
--- a/scripts/headers_install.sh
@@ -102924,6 +103013,21 @@ index 48c3cc9..8022cf7 100644
rtnl_lock();
for_each_net(net)
rt_genid_bump_all(net);
+diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
+index d106733..539aadd 100644
+--- a/security/selinux/ss/services.c
++++ b/security/selinux/ss/services.c
+@@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
+ struct context context;
+ int rc = 0;
+
++ /* An empty security context is never valid. */
++ if (!scontext_len)
++ return -EINVAL;
++
+ if (!ss_initialized) {
+ int i;
+
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index b0be893..646bd94 100644
--- a/security/smack/smack_lsm.c
@@ -103730,10 +103834,10 @@ index 0000000..8eb55ca
+randstruct.hashed_seed
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
-index 0000000..f8ef8a3
+index 0000000..51a2ba2
--- /dev/null
+++ b/tools/gcc/Makefile
-@@ -0,0 +1,47 @@
+@@ -0,0 +1,55 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -103773,6 +103877,8 @@ index 0000000..f8ef8a3
+randomize_layout_plugin-objs := randomize_layout_plugin.o
+
+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h
++$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h \
++ $(objtree)/$(obj)/randomize_layout_hash.data
+
+quiet_cmd_build_size_overflow_hash = GENHASH $@
+ cmd_build_size_overflow_hash = \
@@ -103780,7 +103886,13 @@ index 0000000..f8ef8a3
+$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE
+ $(call if_changed,build_size_overflow_hash)
+
-+targets += size_overflow_hash.h
++quiet_cmd_create_randomize_layout_seed = GENSEED $@
++ cmd_create_randomize_layout_seed = \
++ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/$(obj)/randomize_layout_hash.data
++$(objtree)/$(obj)/randomize_layout_seed.h $(objtree)/$(obj)/randomize_layout_hash.data: FORCE
++ $(call if_changed,create_randomize_layout_seed)
++
++targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.data
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
new file mode 100644
index 0000000..5452feea
@@ -104672,10 +104784,10 @@ index 0000000..4f67ac1
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..986f39b
+index 0000000..312d3b6
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,267 @@
+@@ -0,0 +1,268 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -104766,6 +104878,7 @@ index 0000000..986f39b
+#if BUILDING_GCC_VERSION >= 4009
+#include "tree-ssa-operands.h"
+#include "tree-phinodes.h"
++#include "tree-cfg.h"
+#include "gimple-iterator.h"
+#include "gimple-ssa.h"
+#include "ssa-iterators.h"
@@ -104943,6 +105056,19 @@ index 0000000..986f39b
+#endif
+
+#endif
+diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh
+new file mode 100644
+index 0000000..8030e6e
+--- /dev/null
++++ b/tools/gcc/gen-random-seed.sh
+@@ -0,0 +1,7 @@
++#!/bin/sh
++
++if [ ! -f "$1" ]; then
++ SEED=`od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n'`
++ echo "const char *randstruct_seed = \"$SEED\";" > "$1"
++ echo -n "$SEED" | sha256sum | cut -d" " -f1 | tr -d "\n" > "$2"
++fi
diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh
new file mode 100644
index 0000000..e518932
@@ -106089,10 +106215,10 @@ index 0000000..592b923
+}
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
new file mode 100644
-index 0000000..8ed761c6
+index 0000000..fed12bf
--- /dev/null
+++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,914 @@
+@@ -0,0 +1,902 @@
+/*
+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
+ * and PaX Team <pageexec@freemail.hu>
@@ -106107,6 +106233,7 @@ index 0000000..8ed761c6
+ */
+
+#include "gcc-common.h"
++#include "randomize_layout_seed.h"
+
+#define ORIG_TYPE_NAME(node) \
+ (TYPE_NAME(TYPE_MAIN_VARIANT(node)) != NULL_TREE ? ((const unsigned char *)IDENTIFIER_POINTER(TYPE_NAME(TYPE_MAIN_VARIANT(node)))) : (const unsigned char *)"anonymous")
@@ -106116,9 +106243,8 @@ index 0000000..8ed761c6
+static int performance_mode;
+
+static struct plugin_info randomize_layout_plugin_info = {
-+ .version = "201402011940",
++ .version = "201402061950",
+ .help = "disable\t\t\tdo not activate plugin\n"
-+ "seed\t\t\tprovide a required 64-byte seed in hex format\n"
+ "performance-mode\tenable cacheline-aware layout randomization\n"
+};
+
@@ -106685,13 +106811,8 @@ index 0000000..8ed761c6
+ struct varpool_node *node;
+ tree init;
+
-+#if BUILDING_GCC_VERSION <= 4007
-+ for (node = varpool_nodes; node; node = node->next) {
-+ tree var = node->decl;
-+#else
+ FOR_EACH_VARIABLE(node) {
-+ tree var = node->symbol.decl;
-+#endif
++ tree var = NODE_DECL(node);
+ init = DECL_INITIAL(var);
+ if (init == NULL_TREE)
+ continue;
@@ -106975,22 +107096,15 @@ index 0000000..8ed761c6
+ performance_mode = 1;
+ continue;
+ }
-+ if (!strcmp(argv[i].key, "seed")) {
-+ if (!argv[i].value) {
-+ error(G_("no value supplied for option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
-+ continue;
-+ }
-+ if (strlen(argv[i].value) != 64) {
-+ error(G_("invalid value supplied for option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
-+ continue;
-+ }
-+ obtained_seed = sscanf(argv[i].value, "%016llx%016llx%016llx%016llx",
-+ &shuffle_seed[0], &shuffle_seed[1], &shuffle_seed[2], &shuffle_seed[3]);
-+ continue;
-+ }
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
+ }
+
++ if (strlen(randstruct_seed) != 64) {
++ error(G_("invalid seed value supplied for %s plugin"), plugin_name);
++ return 1;
++ }
++ obtained_seed = sscanf(randstruct_seed, "%016llx%016llx%016llx%016llx",
++ &shuffle_seed[0], &shuffle_seed[1], &shuffle_seed[2], &shuffle_seed[3]);
+ if (obtained_seed != 4) {
+ error(G_("Invalid seed supplied for %s plugin"), plugin_name);
+ return 1;
diff --git a/3.13.1/4425_grsec_remove_EI_PAX.patch b/3.13.2/4425_grsec_remove_EI_PAX.patch
similarity index 96%
rename from 3.13.1/4425_grsec_remove_EI_PAX.patch
rename to 3.13.2/4425_grsec_remove_EI_PAX.patch
index cf65d90..fc51f79 100644
--- a/3.13.1/4425_grsec_remove_EI_PAX.patch
+++ b/3.13.2/4425_grsec_remove_EI_PAX.patch
@@ -8,7 +8,7 @@ X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
--- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
+++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
-@@ -267,7 +267,7 @@
+@@ -268,7 +268,7 @@
config PAX_EI_PAX
bool 'Use legacy ELF header marking'
diff --git a/3.13.1/4427_force_XATTR_PAX_tmpfs.patch b/3.13.2/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.13.1/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.13.2/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.13.1/4430_grsec-remove-localversion-grsec.patch b/3.13.2/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.13.1/4430_grsec-remove-localversion-grsec.patch
rename to 3.13.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.13.1/4435_grsec-mute-warnings.patch b/3.13.2/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.13.1/4435_grsec-mute-warnings.patch
rename to 3.13.2/4435_grsec-mute-warnings.patch
diff --git a/3.13.1/4440_grsec-remove-protected-paths.patch b/3.13.2/4440_grsec-remove-protected-paths.patch
similarity index 71%
rename from 3.13.1/4440_grsec-remove-protected-paths.patch
rename to 3.13.2/4440_grsec-remove-protected-paths.patch
index 05710b1..741546d 100644
--- a/3.13.1/4440_grsec-remove-protected-paths.patch
+++ b/3.13.2/4440_grsec-remove-protected-paths.patch
@@ -4,9 +4,9 @@ We don't want GRSEC's Makefile to change permissions on paths in
the filesystem.
diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
---- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400
-+++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400
-@@ -34,10 +34,4 @@
+--- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400
++++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400
+@@ -44,11 +44,4 @@
ifdef CONFIG_GRKERNSEC_HIDESYM
extra-y := grsec_hidesym.o
$(obj)/grsec_hidesym.o:
@@ -15,5 +15,6 @@ diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
- @-chmod -f 500 /lib64/modules
- @-chmod -f 500 /lib32/modules
- @-chmod -f 700 .
+- @-chmod -f 700 $(objtree)
- @echo ' grsec: protected kernel image paths'
endif
diff --git a/3.13.1/4450_grsec-kconfig-default-gids.patch b/3.13.2/4450_grsec-kconfig-default-gids.patch
similarity index 95%
rename from 3.13.1/4450_grsec-kconfig-default-gids.patch
rename to 3.13.2/4450_grsec-kconfig-default-gids.patch
index 207c450..88f1f9b 100644
--- a/3.13.1/4450_grsec-kconfig-default-gids.patch
+++ b/3.13.2/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
+++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
-@@ -656,7 +656,7 @@
+@@ -657,7 +657,7 @@
config GRKERNSEC_AUDIT_GID
int "GID for auditing"
depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
config GRKERNSEC_EXECLOG
bool "Exec logging"
-@@ -887,7 +887,7 @@
+@@ -888,7 +888,7 @@
config GRKERNSEC_TPE_UNTRUSTED_GID
int "GID for TPE-untrusted users"
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -896,7 +896,7 @@
+@@ -897,7 +897,7 @@
config GRKERNSEC_TPE_TRUSTED_GID
int "GID for TPE-trusted users"
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -989,7 +989,7 @@
+@@ -990,7 +990,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -1010,7 +1010,7 @@
+@@ -1011,7 +1011,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -1028,7 +1028,7 @@
+@@ -1029,7 +1029,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
@@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
diff -Nuar a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
+++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
-@@ -195,7 +195,7 @@
+@@ -196,7 +196,7 @@
config GRKERNSEC_PROC_GID
int "GID exempted from /proc restrictions"
@@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group will be exempted from
grsecurity's /proc restrictions, allowing users of the specified
-@@ -206,7 +206,7 @@
+@@ -207,7 +207,7 @@
config GRKERNSEC_TPE_UNTRUSTED_GID
int "GID for TPE-untrusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group untrusted users should
be added to. These users will be placed under grsecurity's Trusted Path
-@@ -218,7 +218,7 @@
+@@ -219,7 +219,7 @@
config GRKERNSEC_TPE_TRUSTED_GID
int "GID for TPE-trusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -227,7 +227,7 @@
+@@ -228,7 +228,7 @@
config GRKERNSEC_SYMLINKOWN_GID
int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
depends on GRKERNSEC_CONFIG_SERVER
diff --git a/3.13.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.2/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 99%
rename from 3.13.1/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.13.2/4465_selinux-avc_audit-log-curr_ip.patch
index ddabda7..0648169 100644
--- a/3.13.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.13.2/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1123,6 +1123,27 @@
+@@ -1124,6 +1124,27 @@
menu "Logging Options"
depends on GRKERNSEC
diff --git a/3.13.1/4470_disable-compat_vdso.patch b/3.13.2/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.13.1/4470_disable-compat_vdso.patch
rename to 3.13.2/4470_disable-compat_vdso.patch
diff --git a/3.13.1/4475_emutramp_default_on.patch b/3.13.2/4475_emutramp_default_on.patch
similarity index 97%
rename from 3.13.1/4475_emutramp_default_on.patch
rename to 3.13.2/4475_emutramp_default_on.patch
index cfde6f8..30f6978 100644
--- a/3.13.1/4475_emutramp_default_on.patch
+++ b/3.13.2/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
--- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
+++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
-@@ -427,7 +427,7 @@
+@@ -428,7 +428,7 @@
config PAX_EMUTRAMP
bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
diff --git a/3.2.54/0000_README b/3.2.54/0000_README
index 18647c3..61f72a8 100644
--- a/3.2.54/0000_README
+++ b/3.2.54/0000_README
@@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch
From: http://www.kernel.org
Desc: Linux 3.2.54
-Patch: 4420_grsecurity-3.0-3.2.54-201402052347.patch
+Patch: 4420_grsecurity-3.0-3.2.54-201402062221.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201402052347.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201402062221.patch
similarity index 99%
rename from 3.2.54/4420_grsecurity-3.0-3.2.54-201402052347.patch
rename to 3.2.54/4420_grsecurity-3.0-3.2.54-201402062221.patch
index fa55d46..88feed1 100644
--- a/3.2.54/4420_grsecurity-3.0-3.2.54-201402052347.patch
+++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201402062221.patch
@@ -52869,10 +52869,25 @@ index 49eefdb..547693e 100644
do_chunk_alloc(trans, root->fs_info->extent_root,
num_bytes, data, CHUNK_ALLOC_FORCE);
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index 618ae6f..118fe0c 100644
+index 618ae6f..82d0bc6 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -1329,6 +1329,14 @@ static noinline int btrfs_ioctl_snap_create_transid(struct file *file,
+ ret = -EINVAL;
+ fput(src_file);
+ goto out;
++ } else if (!inode_owner_or_capable(src_inode)) {
++ /*
++ * Subvolume creation is not restricted, but snapshots
++ * are limited to own subvolumes only
++ */
++ ret = -EPERM;
++ fput(src_file);
++ goto out;
+ }
+ ret = btrfs_mksubvol(&file->f_path, name, namelen,
+ BTRFS_I(src_inode)->root,
+@@ -2733,9 +2741,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -52885,7 +52900,7 @@ index 618ae6f..118fe0c 100644
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -2757,15 +2760,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -2757,15 +2768,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -62842,10 +62857,10 @@ index 0000000..c4717f9
+endmenu
diff --git a/grsecurity/Makefile b/grsecurity/Makefile
new file mode 100644
-index 0000000..5cb186f
+index 0000000..f96524e
--- /dev/null
+++ b/grsecurity/Makefile
-@@ -0,0 +1,53 @@
+@@ -0,0 +1,54 @@
+# grsecurity – access control and security hardening for Linux
+# All code in this directory and various hooks located throughout the Linux kernel are
+# Copyright (C) 2001-2014 Bradley Spengler, Open Source Security, Inc.
@@ -62897,6 +62912,7 @@ index 0000000..5cb186f
+ @-chmod -f 500 /lib64/modules
+ @-chmod -f 500 /lib32/modules
+ @-chmod -f 700 .
++ @-chmod -f 700 $(objtree)
+ @echo ' grsec: protected kernel image paths'
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
@@ -104658,6 +104674,21 @@ index b43813c..74be837 100644
}
#else
static inline int selinux_xfrm_enabled(void)
+diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
+index 185f849..72b20b1 100644
+--- a/security/selinux/ss/services.c
++++ b/security/selinux/ss/services.c
+@@ -1229,6 +1229,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
+ struct context context;
+ int rc = 0;
+
++ /* An empty security context is never valid. */
++ if (!scontext_len)
++ return -EINVAL;
++
+ if (!ss_initialized) {
+ int i;
+
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7db62b4..ee4d949 100644
--- a/security/smack/smack_lsm.c
diff --git a/3.2.54/4425_grsec_remove_EI_PAX.patch b/3.2.54/4425_grsec_remove_EI_PAX.patch
index 415fda5..cf65d90 100644
--- a/3.2.54/4425_grsec_remove_EI_PAX.patch
+++ b/3.2.54/4425_grsec_remove_EI_PAX.patch
@@ -8,7 +8,7 @@ X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
--- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
+++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
-@@ -266,7 +266,7 @@
+@@ -267,7 +267,7 @@
config PAX_EI_PAX
bool 'Use legacy ELF header marking'
diff --git a/3.2.54/4440_grsec-remove-protected-paths.patch b/3.2.54/4440_grsec-remove-protected-paths.patch
index 05710b1..741546d 100644
--- a/3.2.54/4440_grsec-remove-protected-paths.patch
+++ b/3.2.54/4440_grsec-remove-protected-paths.patch
@@ -4,9 +4,9 @@ We don't want GRSEC's Makefile to change permissions on paths in
the filesystem.
diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
---- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400
-+++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400
-@@ -34,10 +34,4 @@
+--- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400
++++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400
+@@ -44,11 +44,4 @@
ifdef CONFIG_GRKERNSEC_HIDESYM
extra-y := grsec_hidesym.o
$(obj)/grsec_hidesym.o:
@@ -15,5 +15,6 @@ diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
- @-chmod -f 500 /lib64/modules
- @-chmod -f 500 /lib32/modules
- @-chmod -f 700 .
+- @-chmod -f 700 $(objtree)
- @echo ' grsec: protected kernel image paths'
endif
diff --git a/3.2.54/4450_grsec-kconfig-default-gids.patch b/3.2.54/4450_grsec-kconfig-default-gids.patch
index 55a02aa..71f6231 100644
--- a/3.2.54/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.54/4450_grsec-kconfig-default-gids.patch
@@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
diff -Nuar a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
+++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
-@@ -194,7 +194,7 @@
+@@ -195,7 +195,7 @@
config GRKERNSEC_PROC_GID
int "GID exempted from /proc restrictions"
@@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group will be exempted from
grsecurity's /proc restrictions, allowing users of the specified
-@@ -205,7 +205,7 @@
+@@ -206,7 +206,7 @@
config GRKERNSEC_TPE_UNTRUSTED_GID
int "GID for TPE-untrusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group untrusted users should
be added to. These users will be placed under grsecurity's Trusted Path
-@@ -217,7 +217,7 @@
+@@ -218,7 +218,7 @@
config GRKERNSEC_TPE_TRUSTED_GID
int "GID for TPE-trusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -226,7 +226,7 @@
+@@ -227,7 +227,7 @@
config GRKERNSEC_SYMLINKOWN_GID
int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
depends on GRKERNSEC_CONFIG_SERVER
diff --git a/3.2.54/4475_emutramp_default_on.patch b/3.2.54/4475_emutramp_default_on.patch
index df700e6..cfde6f8 100644
--- a/3.2.54/4475_emutramp_default_on.patch
+++ b/3.2.54/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
--- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
+++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
-@@ -426,7 +426,7 @@
+@@ -427,7 +427,7 @@
config PAX_EMUTRAMP
bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-02-08 17:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-08 17:38 [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.54/, 3.13.1/, 3.13.2/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox