From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 296F0138A1F for ; Sat, 12 Apr 2014 22:06:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5CE50E0A7D; Sat, 12 Apr 2014 22:06:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E2507E0A7D for ; Sat, 12 Apr 2014 22:06:39 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 089623401DA for ; Sat, 12 Apr 2014 22:06:39 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 95C261818D for ; Sat, 12 Apr 2014 22:06:37 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1397340409.bbedbd01cc88971589882e76d65e8c5cd5c87e98.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.13.9/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 3.13.9/0000_README 3.13.9/4425_grsec_remove_EI_PAX.patch X-VCS-Directories: 3.13.9/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: bbedbd01cc88971589882e76d65e8c5cd5c87e98 X-VCS-Branch: master Date: Sat, 12 Apr 2014 22:06:37 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7c68ff81-538f-44ad-9faf-71685471be11 X-Archives-Hash: c0ef2709c7750cfa0c6ac42203cbc896 commit: bbedbd01cc88971589882e76d65e8c5cd5c87e98 Author: Anthony G. Basile gentoo org> AuthorDate: Sat Apr 12 22:06:49 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Sat Apr 12 22:06:49 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=bbedbd01 3.13.9: reintroduce 4425_grsec_remove_EI_PAX.patch --- 3.13.9/0000_README | 4 ++++ 3.13.9/4425_grsec_remove_EI_PAX.patch | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/3.13.9/0000_README b/3.13.9/0000_README index 97a73be..02b8064 100644 --- a/3.13.9/0000_README +++ b/3.13.9/0000_README @@ -6,6 +6,10 @@ Patch: 4420_grsecurity-3.0-3.13.9-201404062127.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity +Patch: 4425_grsec_remove_EI_PAX.patch +From: Anthony G. Basile +Desc: Remove EI_PAX option and force off + Patch: 4430_grsec-remove-localversion-grsec.patch From: Kerin Millar Desc: Removes grsecurity's localversion-grsec file diff --git a/3.13.9/4425_grsec_remove_EI_PAX.patch b/3.13.9/4425_grsec_remove_EI_PAX.patch new file mode 100644 index 0000000..cf65d90 --- /dev/null +++ b/3.13.9/4425_grsec_remove_EI_PAX.patch @@ -0,0 +1,19 @@ +From: Anthony G. Basile + +Deprecate EI_PAX. + +X-Gentoo-Bug: 445600 +X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600 + +diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig +--- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500 ++++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500 +@@ -267,7 +267,7 @@ + + config PAX_EI_PAX + bool 'Use legacy ELF header marking' +- default y if GRKERNSEC_CONFIG_AUTO ++ depends on BROKEN + help + Enabling this option will allow you to control PaX features on + a per executable basis via the 'chpax' utility available at