From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.17.4/, 3.2.64/, 3.14.25/
Date: Thu, 27 Nov 2014 12:14:12 +0000 (UTC) [thread overview]
Message-ID: <1417090594.5ea4fcf4b5c7892dd72ae3a8c6792b6ed8d68c15.blueness@gentoo> (raw)
commit: 5ea4fcf4b5c7892dd72ae3a8c6792b6ed8d68c15
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 27 12:16:34 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov 27 12:16:34 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=5ea4fcf4
Grsec/PaX: 3.0-{3.2.64,3.14.25,3.17.4}-201411260107
---
3.14.25/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.25-201411260106.patch} | 137 ++++++++++++++++-----
3.17.4/0000_README | 2 +-
... 4420_grsecurity-3.0-3.17.4-201411260107.patch} | 137 ++++++++++++++++-----
3.2.64/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.64-201411260105.patch} | 127 ++++++++++++++-----
6 files changed, 318 insertions(+), 89 deletions(-)
diff --git a/3.14.25/0000_README b/3.14.25/0000_README
index 2a01a49..ad24f16 100644
--- a/3.14.25/0000_README
+++ b/3.14.25/0000_README
@@ -6,7 +6,7 @@ Patch: 1024_linux-3.14.25.patch
From: http://www.kernel.org
Desc: Linux 3.14.25
-Patch: 4420_grsecurity-3.0-3.14.25-201411220954.patch
+Patch: 4420_grsecurity-3.0-3.14.25-201411260106.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch b/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch
similarity index 99%
rename from 3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch
rename to 3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch
index 5a48407..31289a1 100644
--- a/3.14.25/4420_grsecurity-3.0-3.14.25-201411220954.patch
+++ b/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch
@@ -101156,10 +101156,30 @@ index 07bd8ed..c574801 100644
}
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index bdbf68b..deb4759 100644
+index bdbf68b..f0d9c83 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
-@@ -1543,7 +1543,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
+@@ -69,7 +69,8 @@
+
+ static struct ipv4_devconf ipv4_devconf = {
+ .data = {
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
+@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = {
+
+ static struct ipv4_devconf ipv4_devconf_dflt = {
+ .data = {
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
+@@ -1543,7 +1545,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
idx = 0;
head = &net->dev_index_head[h];
rcu_read_lock();
@@ -101168,7 +101188,7 @@ index bdbf68b..deb4759 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -1861,7 +1861,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
+@@ -1861,7 +1863,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
idx = 0;
head = &net->dev_index_head[h];
rcu_read_lock();
@@ -101177,7 +101197,7 @@ index bdbf68b..deb4759 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -2096,7 +2096,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
+@@ -2096,7 +2098,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
@@ -101186,7 +101206,7 @@ index bdbf68b..deb4759 100644
struct ctl_table_header *sysctl_header;
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
} devinet_sysctl = {
-@@ -2218,7 +2218,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2218,7 +2220,7 @@ static __net_init int devinet_init_net(struct net *net)
int err;
struct ipv4_devconf *all, *dflt;
#ifdef CONFIG_SYSCTL
@@ -101195,7 +101215,7 @@ index bdbf68b..deb4759 100644
struct ctl_table_header *forw_hdr;
#endif
-@@ -2236,7 +2236,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2236,7 +2238,7 @@ static __net_init int devinet_init_net(struct net *net)
goto err_alloc_dflt;
#ifdef CONFIG_SYSCTL
@@ -101204,7 +101224,7 @@ index bdbf68b..deb4759 100644
if (tbl == NULL)
goto err_alloc_ctl;
-@@ -2256,7 +2256,10 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2256,7 +2258,10 @@ static __net_init int devinet_init_net(struct net *net)
goto err_reg_dflt;
err = -ENOMEM;
@@ -101216,7 +101236,7 @@ index bdbf68b..deb4759 100644
if (forw_hdr == NULL)
goto err_reg_ctl;
net->ipv4.forw_hdr = forw_hdr;
-@@ -2272,8 +2275,7 @@ err_reg_ctl:
+@@ -2272,8 +2277,7 @@ err_reg_ctl:
err_reg_dflt:
__devinet_sysctl_unregister(all);
err_reg_all:
@@ -101661,7 +101681,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index e21934b..4e7cb58 100644
+index e21934b..fcd69aa 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -101673,7 +101693,16 @@ index e21934b..4e7cb58 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident)
+ &ipv6_hdr(skb)->daddr))
+ continue;
+ #endif
++ } else {
++ continue;
+ }
+
+ if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
+@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -101682,7 +101711,7 @@ index e21934b..4e7cb58 100644
scoped);
rcu_read_unlock();
-@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -101691,7 +101720,7 @@ index e21934b..4e7cb58 100644
#endif
}
-@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -101700,7 +101729,7 @@ index e21934b..4e7cb58 100644
info, (u8 *)icmph);
#endif
}
-@@ -858,7 +858,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
return ip_recv_error(sk, msg, len, addr_len);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -101709,7 +101738,7 @@ index e21934b..4e7cb58 100644
addr_len);
#endif
}
-@@ -916,10 +916,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -101722,7 +101751,7 @@ index e21934b..4e7cb58 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1111,7 +1111,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -102375,9 +102404,27 @@ index e1a6393..f634ce5 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 3f0ec06..495548c 100644
+index 3f0ec06..5aad945 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
+@@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
+ .mtu6 = IPV6_MIN_MTU,
+ .accept_ra = 1,
+- .accept_redirects = 1,
++ .accept_redirects = 0,
+ .autoconf = 1,
+ .force_mld_version = 0,
+ .mldv1_unsolicited_report_interval = 10 * HZ,
+@@ -206,7 +206,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
+ .mtu6 = IPV6_MIN_MTU,
+ .accept_ra = 1,
+- .accept_redirects = 1,
++ .accept_redirects = 0,
+ .autoconf = 1,
+ .force_mld_version = 0,
+ .mldv1_unsolicited_report_interval = 10 * HZ,
@@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
idx = 0;
head = &net->dev_index_head[h];
@@ -106498,6 +106545,19 @@ index 0865b3e..7235dd4 100644
__ksymtab : { *(SORT(___ksymtab+*)) }
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile
+index c5d4733..7c43eb4 100644
+--- a/scripts/package/Makefile
++++ b/scripts/package/Makefile
+@@ -46,7 +46,7 @@ rpm-pkg rpm: FORCE
+ ln -sf $(srctree) $(KERNELPATH)
+ $(CONFIG_SHELL) $(MKSPEC) >$(objtree)/kernel.spec
+ $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion
+- tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
++ tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
+ rm $(KERNELPATH)
+ rm -f $(objtree)/.scmversion
+ $(CONFIG_SHELL) $(srctree)/scripts/mkversion > $(objtree)/.tmp_version
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
index 152d4d2..791684c 100644
--- a/scripts/package/builddeb
@@ -106511,13 +106571,22 @@ index 152d4d2..791684c 100644
mkdir -p "$destdir"
(cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -)
diff --git a/scripts/package/mkspec b/scripts/package/mkspec
-index 1395760..e4f4ac4 100755
+index 1395760..6ceef68 100755
--- a/scripts/package/mkspec
+++ b/scripts/package/mkspec
-@@ -82,6 +82,16 @@ echo ""
- fi
+@@ -121,14 +121,27 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}"
+ echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
+ echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
+ echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
+-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
- echo "%install"
+ echo ""
+ echo "%clean"
+ echo 'rm -rf $RPM_BUILD_ROOT'
+ echo ""
++echo "%pre"
+echo 'chmod -f 0500 /boot'
+echo 'if [ -d /lib/modules ]; then'
+echo 'chmod -f 0500 /lib/modules'
@@ -106528,27 +106597,39 @@ index 1395760..e4f4ac4 100755
+echo 'if [ -d /lib64/modules ]; then'
+echo 'chmod -f 0500 /lib64/modules'
+echo 'fi'
- echo 'KBUILD_IMAGE=$(make image_name)'
- echo "%ifarch ia64"
- echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
-@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
++echo ""
++echo "%post devel"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
++echo ""
+ echo "%post"
+ echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
+ echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
+@@ -139,11 +152,11 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
echo "fi"
echo ""
echo "%files"
-echo '%defattr (-, root, root)'
+echo '%defattr (400, root, root, 500)'
echo "%dir /lib/modules"
- echo "/lib/modules/$KERNELRELEASE"
+-echo "/lib/modules/$KERNELRELEASE"
echo "%exclude /lib/modules/$KERNELRELEASE/build"
-@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)'
+ echo "%exclude /lib/modules/$KERNELRELEASE/source"
++echo "/lib/modules/$KERNELRELEASE"
+ echo "/lib/firmware/$KERNELRELEASE"
+ echo "/boot/*"
+ echo ""
+@@ -152,8 +165,7 @@ echo '%defattr (-, root, root)'
echo "/usr/include"
echo ""
echo "%files devel"
-echo '%defattr (-, root, root)'
+echo '%defattr (400, root, root, 500)'
++echo "%dir /lib/modules/$KERNELRELEASE"
echo "/usr/src/kernels/$KERNELRELEASE"
- echo "/lib/modules/$KERNELRELEASE/build"
- echo "/lib/modules/$KERNELRELEASE/source"
+-echo "/lib/modules/$KERNELRELEASE/build"
+-echo "/lib/modules/$KERNELRELEASE/source"
+ echo ""
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
index 68bb4ef..2f419e1 100644
--- a/scripts/pnmtologo.c
diff --git a/3.17.4/0000_README b/3.17.4/0000_README
index 3efa937..3e123ea 100644
--- a/3.17.4/0000_README
+++ b/3.17.4/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.17.4-201411220955.patch
+Patch: 4420_grsecurity-3.0-3.17.4-201411260107.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch b/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch
similarity index 99%
rename from 3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch
rename to 3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch
index 8d9a284..3dfb83f 100644
--- a/3.17.4/4420_grsecurity-3.0-3.17.4-201411220955.patch
+++ b/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch
@@ -102058,10 +102058,30 @@ index 32755cb..236d827 100644
return -ENOMEM;
}
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index 214882e..f958b50 100644
+index 214882e..ec032f6 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
-@@ -1548,7 +1548,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
+@@ -69,7 +69,8 @@
+
+ static struct ipv4_devconf ipv4_devconf = {
+ .data = {
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
+@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = {
+
+ static struct ipv4_devconf ipv4_devconf_dflt = {
+ .data = {
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
+@@ -1548,7 +1550,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
idx = 0;
head = &net->dev_index_head[h];
rcu_read_lock();
@@ -102070,7 +102090,7 @@ index 214882e..f958b50 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -1866,7 +1866,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
+@@ -1866,7 +1868,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
idx = 0;
head = &net->dev_index_head[h];
rcu_read_lock();
@@ -102079,7 +102099,7 @@ index 214882e..f958b50 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -2101,7 +2101,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
+@@ -2101,7 +2103,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
@@ -102088,7 +102108,7 @@ index 214882e..f958b50 100644
struct ctl_table_header *sysctl_header;
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
} devinet_sysctl = {
-@@ -2233,7 +2233,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2233,7 +2235,7 @@ static __net_init int devinet_init_net(struct net *net)
int err;
struct ipv4_devconf *all, *dflt;
#ifdef CONFIG_SYSCTL
@@ -102097,7 +102117,7 @@ index 214882e..f958b50 100644
struct ctl_table_header *forw_hdr;
#endif
-@@ -2251,7 +2251,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2251,7 +2253,7 @@ static __net_init int devinet_init_net(struct net *net)
goto err_alloc_dflt;
#ifdef CONFIG_SYSCTL
@@ -102106,7 +102126,7 @@ index 214882e..f958b50 100644
if (tbl == NULL)
goto err_alloc_ctl;
-@@ -2271,7 +2271,10 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2271,7 +2273,10 @@ static __net_init int devinet_init_net(struct net *net)
goto err_reg_dflt;
err = -ENOMEM;
@@ -102118,7 +102138,7 @@ index 214882e..f958b50 100644
if (forw_hdr == NULL)
goto err_reg_ctl;
net->ipv4.forw_hdr = forw_hdr;
-@@ -2287,8 +2290,7 @@ err_reg_ctl:
+@@ -2287,8 +2292,7 @@ err_reg_ctl:
err_reg_dflt:
__devinet_sysctl_unregister(all);
err_reg_all:
@@ -102563,7 +102583,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index a3c59a0..ec620a50 100644
+index a3c59a0..2e88bfd 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -102575,7 +102595,16 @@ index a3c59a0..ec620a50 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident)
+ &ipv6_hdr(skb)->daddr))
+ continue;
+ #endif
++ } else {
++ continue;
+ }
+
+ if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
+@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -102584,7 +102613,7 @@ index a3c59a0..ec620a50 100644
scoped);
rcu_read_unlock();
-@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -102593,7 +102622,7 @@ index a3c59a0..ec620a50 100644
#endif
}
-@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -102602,7 +102631,7 @@ index a3c59a0..ec620a50 100644
info, (u8 *)icmph);
#endif
}
-@@ -858,7 +858,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
return ip_recv_error(sk, msg, len, addr_len);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -102611,7 +102640,7 @@ index a3c59a0..ec620a50 100644
addr_len);
#endif
}
-@@ -916,10 +916,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -102624,7 +102653,7 @@ index a3c59a0..ec620a50 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1111,7 +1111,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -103242,9 +103271,27 @@ index 6156f68..d6ab46d 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 3e118df..27b16cf 100644
+index 3e118df..288a0d1 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
+@@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
+ .mtu6 = IPV6_MIN_MTU,
+ .accept_ra = 1,
+- .accept_redirects = 1,
++ .accept_redirects = 0,
+ .autoconf = 1,
+ .force_mld_version = 0,
+ .mldv1_unsolicited_report_interval = 10 * HZ,
+@@ -208,7 +208,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
+ .mtu6 = IPV6_MIN_MTU,
+ .accept_ra = 1,
+- .accept_redirects = 1,
++ .accept_redirects = 0,
+ .autoconf = 1,
+ .force_mld_version = 0,
+ .mldv1_unsolicited_report_interval = 10 * HZ,
@@ -604,7 +604,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
idx = 0;
head = &net->dev_index_head[h];
@@ -107471,6 +107518,19 @@ index 0865b3e..7235dd4 100644
__ksymtab : { *(SORT(___ksymtab+*)) }
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile
+index 99ca6e7..3a1a1a1 100644
+--- a/scripts/package/Makefile
++++ b/scripts/package/Makefile
+@@ -46,7 +46,7 @@ rpm-pkg rpm: FORCE
+ ln -sf $(srctree) $(KERNELPATH)
+ $(CONFIG_SHELL) $(MKSPEC) >$(objtree)/kernel.spec
+ $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion
+- tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
++ tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(TAR_CONTENT)
+ rm $(KERNELPATH)
+ rm -f $(objtree)/.scmversion
+ $(CONFIG_SHELL) $(srctree)/scripts/mkversion > $(objtree)/.tmp_version
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
index 7c0e6e4..bf2c90e 100644
--- a/scripts/package/builddeb
@@ -107484,13 +107544,22 @@ index 7c0e6e4..bf2c90e 100644
mkdir -p "$destdir"
(cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)
diff --git a/scripts/package/mkspec b/scripts/package/mkspec
-index 1395760..e4f4ac4 100755
+index 1395760..6ceef68 100755
--- a/scripts/package/mkspec
+++ b/scripts/package/mkspec
-@@ -82,6 +82,16 @@ echo ""
- fi
+@@ -121,14 +121,27 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}"
+ echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
+ echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
+ echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
+-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
- echo "%install"
+ echo ""
+ echo "%clean"
+ echo 'rm -rf $RPM_BUILD_ROOT'
+ echo ""
++echo "%pre"
+echo 'chmod -f 0500 /boot'
+echo 'if [ -d /lib/modules ]; then'
+echo 'chmod -f 0500 /lib/modules'
@@ -107501,27 +107570,39 @@ index 1395760..e4f4ac4 100755
+echo 'if [ -d /lib64/modules ]; then'
+echo 'chmod -f 0500 /lib64/modules'
+echo 'fi'
- echo 'KBUILD_IMAGE=$(make image_name)'
- echo "%ifarch ia64"
- echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
-@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
++echo ""
++echo "%post devel"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
++echo ""
+ echo "%post"
+ echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
+ echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
+@@ -139,11 +152,11 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
echo "fi"
echo ""
echo "%files"
-echo '%defattr (-, root, root)'
+echo '%defattr (400, root, root, 500)'
echo "%dir /lib/modules"
- echo "/lib/modules/$KERNELRELEASE"
+-echo "/lib/modules/$KERNELRELEASE"
echo "%exclude /lib/modules/$KERNELRELEASE/build"
-@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)'
+ echo "%exclude /lib/modules/$KERNELRELEASE/source"
++echo "/lib/modules/$KERNELRELEASE"
+ echo "/lib/firmware/$KERNELRELEASE"
+ echo "/boot/*"
+ echo ""
+@@ -152,8 +165,7 @@ echo '%defattr (-, root, root)'
echo "/usr/include"
echo ""
echo "%files devel"
-echo '%defattr (-, root, root)'
+echo '%defattr (400, root, root, 500)'
++echo "%dir /lib/modules/$KERNELRELEASE"
echo "/usr/src/kernels/$KERNELRELEASE"
- echo "/lib/modules/$KERNELRELEASE/build"
- echo "/lib/modules/$KERNELRELEASE/source"
+-echo "/lib/modules/$KERNELRELEASE/build"
+-echo "/lib/modules/$KERNELRELEASE/source"
+ echo ""
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
index 4718d78..9220d58 100644
--- a/scripts/pnmtologo.c
diff --git a/3.2.64/0000_README b/3.2.64/0000_README
index c5a1f90..d632471 100644
--- a/3.2.64/0000_README
+++ b/3.2.64/0000_README
@@ -174,7 +174,7 @@ Patch: 1063_linux-3.2.64.patch
From: http://www.kernel.org
Desc: Linux 3.2.64
-Patch: 4420_grsecurity-3.0-3.2.64-201411220952.patch
+Patch: 4420_grsecurity-3.0-3.2.64-201411260105.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch
similarity index 99%
rename from 3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch
rename to 3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch
index d9f5bed..206ef20 100644
--- a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch
+++ b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch
@@ -1727,6 +1727,20 @@ index e51b1e8..32a3113 100644
KM_TYPE_NR
};
+diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h
+index a8997d7..f0a29154 100644
+--- a/arch/arm/include/asm/memory.h
++++ b/arch/arm/include/asm/memory.h
+@@ -268,7 +268,8 @@ static inline __deprecated void *bus_to_virt(unsigned long x)
+ #define ARCH_PFN_OFFSET PHYS_PFN_OFFSET
+
+ #define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
+-#define virt_addr_valid(kaddr) ((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory)
++#define virt_addr_valid(kaddr) (((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory) \
++ && pfn_valid(__pa(kaddr) >> PAGE_SHIFT) )
+
+ /*
+ * Optional coherency support. Currently used only by selected
diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h
index 53426c6..c7baff3 100644
--- a/arch/arm/include/asm/outercache.h
@@ -103176,10 +103190,30 @@ index 59a7041..060976d 100644
return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index e41c40f..fbed7a7 100644
+index e41c40f..f476dfd6 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
-@@ -827,9 +827,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
+@@ -68,7 +68,8 @@
+
+ static struct ipv4_devconf ipv4_devconf = {
+ .data = {
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
+@@ -77,7 +78,8 @@ static struct ipv4_devconf ipv4_devconf = {
+
+ static struct ipv4_devconf ipv4_devconf_dflt = {
+ .data = {
+- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
++ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
+ [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
+ [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
+@@ -827,9 +829,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
if (!ifa) {
ret = -ENOBUFS;
ifa = inet_alloc_ifa();
@@ -103191,7 +103225,7 @@ index e41c40f..fbed7a7 100644
if (colon)
memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ);
else
-@@ -1584,7 +1584,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
+@@ -1584,7 +1586,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
@@ -103200,7 +103234,7 @@ index e41c40f..fbed7a7 100644
struct ctl_table_header *sysctl_header;
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
char *dev_name;
-@@ -1729,7 +1729,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -1729,7 +1731,7 @@ static __net_init int devinet_init_net(struct net *net)
int err;
struct ipv4_devconf *all, *dflt;
#ifdef CONFIG_SYSCTL
@@ -103209,7 +103243,7 @@ index e41c40f..fbed7a7 100644
struct ctl_table_header *forw_hdr;
#endif
-@@ -1747,7 +1747,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -1747,7 +1749,7 @@ static __net_init int devinet_init_net(struct net *net)
goto err_alloc_dflt;
#ifdef CONFIG_SYSCTL
@@ -103218,7 +103252,7 @@ index e41c40f..fbed7a7 100644
if (tbl == NULL)
goto err_alloc_ctl;
-@@ -1767,7 +1767,10 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -1767,7 +1769,10 @@ static __net_init int devinet_init_net(struct net *net)
goto err_reg_dflt;
err = -ENOMEM;
@@ -103230,7 +103264,7 @@ index e41c40f..fbed7a7 100644
if (forw_hdr == NULL)
goto err_reg_ctl;
net->ipv4.forw_hdr = forw_hdr;
-@@ -1783,8 +1786,7 @@ err_reg_ctl:
+@@ -1783,8 +1788,7 @@ err_reg_ctl:
err_reg_dflt:
__devinet_sysctl_unregister(all);
err_reg_all:
@@ -103240,7 +103274,7 @@ index e41c40f..fbed7a7 100644
err_alloc_ctl:
#endif
if (dflt != &ipv4_devconf_dflt)
-@@ -1811,7 +1813,7 @@ static __net_exit void devinet_exit_net(struct net *net)
+@@ -1811,7 +1815,7 @@ static __net_exit void devinet_exit_net(struct net *net)
kfree(net->ipv4.devconf_all);
}
@@ -104614,9 +104648,27 @@ index a0b4c5d..a5818a1 100644
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 3afdd78..cf4a70f 100644
+index 3afdd78..2f630fb 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
+@@ -169,7 +169,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
+ .mtu6 = IPV6_MIN_MTU,
+ .accept_ra = 1,
+- .accept_redirects = 1,
++ .accept_redirects = 0,
+ .autoconf = 1,
+ .force_mld_version = 0,
+ .dad_transmits = 1,
+@@ -204,7 +204,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
+ .mtu6 = IPV6_MIN_MTU,
+ .accept_ra = 1,
+- .accept_redirects = 1,
++ .accept_redirects = 0,
+ .autoconf = 1,
+ .dad_transmits = 1,
+ .rtr_solicits = MAX_RTR_SOLICITATIONS,
@@ -2160,7 +2160,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
@@ -109662,6 +109714,19 @@ index 0865b3e..7235dd4 100644
__ksymtab : { *(SORT(___ksymtab+*)) }
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile
+index bc6aa00..51086c8 100644
+--- a/scripts/package/Makefile
++++ b/scripts/package/Makefile
+@@ -45,7 +45,7 @@ rpm-pkg rpm: $(objtree)/kernel.spec FORCE
+ $(MAKE) clean
+ $(PREV) ln -sf $(srctree) $(KERNELPATH)
+ $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion
+- $(PREV) tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/.
++ $(PREV) tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/.
+ $(PREV) rm $(KERNELPATH)
+ rm -f $(objtree)/.scmversion
+ set -e; \
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
index bee55f6..4108c4b 100644
--- a/scripts/package/builddeb
@@ -109675,7 +109740,7 @@ index bee55f6..4108c4b 100644
mkdir -p "$destdir"
(cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -)
diff --git a/scripts/package/mkspec b/scripts/package/mkspec
-index 4bf17dd..e4f4ac4 100755
+index 4bf17dd..6ceef68 100755
--- a/scripts/package/mkspec
+++ b/scripts/package/mkspec
@@ -1,7 +1,7 @@
@@ -109703,20 +109768,10 @@ index 4bf17dd..e4f4ac4 100755
if ! $PREBUILT; then
echo "%prep"
-@@ -74,15 +82,27 @@ echo ""
+@@ -74,15 +82,17 @@ echo ""
fi
echo "%install"
-+echo 'chmod -f 0500 /boot'
-+echo 'if [ -d /lib/modules ]; then'
-+echo 'chmod -f 0500 /lib/modules'
-+echo 'fi'
-+echo 'if [ -d /lib32/modules ]; then'
-+echo 'chmod -f 0500 /lib32/modules'
-+echo 'fi'
-+echo 'if [ -d /lib64/modules ]; then'
-+echo 'chmod -f 0500 /lib64/modules'
-+echo 'fi'
+echo 'KBUILD_IMAGE=$(make image_name)'
echo "%ifarch ia64"
echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
@@ -109734,7 +109789,7 @@ index 4bf17dd..e4f4ac4 100755
echo "%ifarch ia64"
echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/efi/vmlinuz-$KERNELRELEASE"
echo 'ln -s '"efi/vmlinuz-$KERNELRELEASE" '$RPM_BUILD_ROOT'"/boot/"
-@@ -95,7 +115,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE"
+@@ -95,7 +105,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE"
echo "%endif"
echo "%endif"
@@ -109743,7 +109798,7 @@ index 4bf17dd..e4f4ac4 100755
echo 'cp System.map $RPM_BUILD_ROOT'"/boot/System.map-$KERNELRELEASE"
echo 'cp .config $RPM_BUILD_ROOT'"/boot/config-$KERNELRELEASE"
-@@ -107,18 +127,43 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2"
+@@ -107,18 +117,55 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2"
echo 'mv vmlinux.orig vmlinux'
echo "%endif"
@@ -109751,14 +109806,27 @@ index 4bf17dd..e4f4ac4 100755
+echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
+echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
+echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
-+echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
-+echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
-+echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
+
echo ""
echo "%clean"
echo 'rm -rf $RPM_BUILD_ROOT'
echo ""
++echo "%pre"
++echo 'chmod -f 0500 /boot'
++echo 'if [ -d /lib/modules ]; then'
++echo 'chmod -f 0500 /lib/modules'
++echo 'fi'
++echo 'if [ -d /lib32/modules ]; then'
++echo 'chmod -f 0500 /lib32/modules'
++echo 'fi'
++echo 'if [ -d /lib64/modules ]; then'
++echo 'chmod -f 0500 /lib64/modules'
++echo 'fi'
++echo ""
++echo "%post devel"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
++echo ""
+echo "%post"
+echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
+echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
@@ -109772,10 +109840,10 @@ index 4bf17dd..e4f4ac4 100755
-echo '%defattr (-, root, root)'
+echo '%defattr (400, root, root, 500)'
echo "%dir /lib/modules"
- echo "/lib/modules/$KERNELRELEASE"
--echo "/lib/firmware"
+echo "%exclude /lib/modules/$KERNELRELEASE/build"
+echo "%exclude /lib/modules/$KERNELRELEASE/source"
+ echo "/lib/modules/$KERNELRELEASE"
+-echo "/lib/firmware"
+echo "/lib/firmware/$KERNELRELEASE"
echo "/boot/*"
echo ""
@@ -109785,9 +109853,8 @@ index 4bf17dd..e4f4ac4 100755
echo ""
+echo "%files devel"
+echo '%defattr (400, root, root, 500)'
++echo "%dir /lib/modules/$KERNELRELEASE"
+echo "/usr/src/kernels/$KERNELRELEASE"
-+echo "/lib/modules/$KERNELRELEASE/build"
-+echo "/lib/modules/$KERNELRELEASE/source"
+echo ""
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
index 5c11312..72742b5 100644
reply other threads:[~2014-11-27 12:14 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1417090594.5ea4fcf4b5c7892dd72ae3a8c6792b6ed8d68c15.blueness@gentoo \
--to=blueness@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox