From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 367E0138A2F for ; Wed, 20 Aug 2014 20:00:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B4D8BE07C5; Wed, 20 Aug 2014 20:00:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4ADC4E07C5 for ; Wed, 20 Aug 2014 20:00:33 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 2069A33F82B for ; Wed, 20 Aug 2014 20:00:32 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id BF84F3A5F for ; Wed, 20 Aug 2014 20:00:30 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1408564903.a559b42a27e8937ad9d9345717820cd312f2ffc6.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.17/, 3.15.10/, 3.2.62/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 3.14.17/0000_README 3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch 3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch 3.15.10/0000_README 3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch 3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch 3.2.62/0000_README 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch 3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch X-VCS-Directories: 3.14.17/ 3.15.10/ 3.2.62/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: a559b42a27e8937ad9d9345717820cd312f2ffc6 X-VCS-Branch: master Date: Wed, 20 Aug 2014 20:00:30 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 91cf0e5d-767f-4540-8963-cf6bbb62e07f X-Archives-Hash: 0771aed061d3b4e5e761fbcf735c625d commit: a559b42a27e8937ad9d9345717820cd312f2ffc6 Author: Anthony G. Basile gentoo org> AuthorDate: Wed Aug 20 20:01:43 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Wed Aug 20 20:01:43 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=a559b42a Grsec/PaX: 3.0-{3.2.62,3.14.17,3.15.10}-201408192020 --- 3.14.17/0000_README | 2 +- ...4420_grsecurity-3.0-3.14.17-201408192019.patch} | 37 +++++++++++++++++++--- 3.15.10/0000_README | 2 +- ...4420_grsecurity-3.0-3.15.10-201408192020.patch} | 37 +++++++++++++++++++--- 3.2.62/0000_README | 2 +- ... 4420_grsecurity-3.0-3.2.62-201408191950.patch} | 11 ++++++- 6 files changed, 77 insertions(+), 14 deletions(-) diff --git a/3.14.17/0000_README b/3.14.17/0000_README index e4c4eb2..ce3685e 100644 --- a/3.14.17/0000_README +++ b/3.14.17/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.17-201408140021.patch +Patch: 4420_grsecurity-3.0-3.14.17-201408192019.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch b/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch similarity index 99% rename from 3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch rename to 3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch index 1f1739c..73749ef 100644 --- a/3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch +++ b/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch @@ -44456,7 +44456,7 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index cb882aa..9bd076e 100644 +index cb882aa..cb8aeca 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) @@ -44518,8 +44518,25 @@ index cb882aa..9bd076e 100644 } rdev_dec_pending(rdev, mddev); +@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, + */ + if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) { + end_reshape(conf); ++ close_sync(conf); + return 0; + } + +@@ -4411,7 +4412,7 @@ read_more: + read_bio->bi_private = r10_bio; + read_bio->bi_end_io = end_sync_read; + read_bio->bi_rw = READ; +- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1); ++ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS); + read_bio->bi_flags |= 1 << BIO_UPTODATE; + read_bio->bi_vcnt = 0; + read_bio->bi_iter.bi_size = 0; diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 16f5c21..522b82e 100644 +index 16f5c21..c5d72c7 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -44580,6 +44597,15 @@ index 16f5c21..522b82e 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", +@@ -3779,6 +3787,8 @@ static void handle_stripe(struct stripe_head *sh) + set_bit(R5_Wantwrite, &dev->flags); + if (prexor) + continue; ++ if (s.failed > 1) ++ continue; + if (!test_bit(R5_Insync, &dev->flags) || + ((i == sh->pd_idx || i == sh->qd_idx) && + s.failed == 0)) diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 983db75..ef9248c 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -74698,10 +74724,10 @@ index 0000000..4d6fce8 +#endif diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c new file mode 100644 -index 0000000..f35f454 +index 0000000..14638ff --- /dev/null +++ b/grsecurity/grsec_exec.c -@@ -0,0 +1,187 @@ +@@ -0,0 +1,188 @@ +#include +#include +#include @@ -74836,7 +74862,8 @@ index 0000000..f35f454 + "CAP_MAC_OVERRIDE", + "CAP_MAC_ADMIN", + "CAP_SYSLOG", -+ "CAP_WAKE_ALARM" ++ "CAP_WAKE_ALARM", ++ "CAP_BLOCK_SUSPEND" +}; + +int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]); diff --git a/3.15.10/0000_README b/3.15.10/0000_README index 9e87c71..70556f5 100644 --- a/3.15.10/0000_README +++ b/3.15.10/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.15.10-201408140023.patch +Patch: 4420_grsecurity-3.0-3.15.10-201408192020.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch b/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch similarity index 99% rename from 3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch rename to 3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch index 500720d..08568e5 100644 --- a/3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch +++ b/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch @@ -44189,7 +44189,7 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index cb882aa..9bd076e 100644 +index cb882aa..cb8aeca 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) @@ -44251,8 +44251,25 @@ index cb882aa..9bd076e 100644 } rdev_dec_pending(rdev, mddev); +@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, + */ + if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) { + end_reshape(conf); ++ close_sync(conf); + return 0; + } + +@@ -4411,7 +4412,7 @@ read_more: + read_bio->bi_private = r10_bio; + read_bio->bi_end_io = end_sync_read; + read_bio->bi_rw = READ; +- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1); ++ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS); + read_bio->bi_flags |= 1 << BIO_UPTODATE; + read_bio->bi_vcnt = 0; + read_bio->bi_iter.bi_size = 0; diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index ad1b9be..b417412 100644 +index ad1b9be..c6316b5 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1702,6 +1702,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -44313,6 +44330,15 @@ index ad1b9be..b417412 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", +@@ -3774,6 +3782,8 @@ static void handle_stripe(struct stripe_head *sh) + set_bit(R5_Wantwrite, &dev->flags); + if (prexor) + continue; ++ if (s.failed > 1) ++ continue; + if (!test_bit(R5_Insync, &dev->flags) || + ((i == sh->pd_idx || i == sh->qd_idx) && + s.failed == 0)) diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 983db75..ef9248c 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -74555,10 +74581,10 @@ index 0000000..de31e65 +#endif diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c new file mode 100644 -index 0000000..f35f454 +index 0000000..14638ff --- /dev/null +++ b/grsecurity/grsec_exec.c -@@ -0,0 +1,187 @@ +@@ -0,0 +1,188 @@ +#include +#include +#include @@ -74693,7 +74719,8 @@ index 0000000..f35f454 + "CAP_MAC_OVERRIDE", + "CAP_MAC_ADMIN", + "CAP_SYSLOG", -+ "CAP_WAKE_ALARM" ++ "CAP_WAKE_ALARM", ++ "CAP_BLOCK_SUSPEND" +}; + +int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]); diff --git a/3.2.62/0000_README b/3.2.62/0000_README index aed2e0b..9bf751a 100644 --- a/3.2.62/0000_README +++ b/3.2.62/0000_README @@ -166,7 +166,7 @@ Patch: 1061_linux-3.2.62.patch From: http://www.kernel.org Desc: Linux 3.2.62 -Patch: 4420_grsecurity-3.0-3.2.62-201408110020.patch +Patch: 4420_grsecurity-3.0-3.2.62-201408191950.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch similarity index 99% rename from 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch index 0c9beb1..0e00b6a 100644 --- a/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch +++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch @@ -42245,7 +42245,7 @@ index 6d05e26..a579e8c 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 7c963c4..8d07287e 100644 +index 7c963c4..73e0cd7 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1364,6 +1364,10 @@ static int grow_one_stripe(struct r5conf *conf) @@ -42304,6 +42304,15 @@ index 7c963c4..8d07287e 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", +@@ -3240,6 +3248,8 @@ static void handle_stripe(struct stripe_head *sh) + set_bit(R5_Wantwrite, &dev->flags); + if (prexor) + continue; ++ if (s.failed > 1) ++ continue; + if (!test_bit(R5_Insync, &dev->flags) || + ((i == sh->pd_idx || i == sh->qd_idx) && + s.failed == 0)) diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c index ba9a643..e474ab5 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c