From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7A3E31382AC for ; Tue, 21 Jun 2016 10:19:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C903414088; Tue, 21 Jun 2016 10:19:00 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4CDD714088 for ; Tue, 21 Jun 2016 10:19:00 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A2C093403C1 for ; Tue, 21 Jun 2016 10:18:58 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 06352208E for ; Tue, 21 Jun 2016 10:18:55 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1466504463.4bff175b49380f941e6d1434a6ab0fb250b2e280.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 4.5.7/0000_README 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch X-VCS-Directories: 4.5.7/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 4bff175b49380f941e6d1434a6ab0fb250b2e280 X-VCS-Branch: master Date: Tue, 21 Jun 2016 10:18:55 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 9f0af492-e88e-450a-a319-37210170fe57 X-Archives-Hash: 8dc1a05372bebf20c5a02afe7f50f2d2 commit: 4bff175b49380f941e6d1434a6ab0fb250b2e280 Author: Anthony G. Basile gentoo org> AuthorDate: Tue Jun 21 10:21:03 2016 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Tue Jun 21 10:21:03 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=4bff175b grsecurity-3.1-4.5.7-201606202152 4.5.7/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.5.7-201606202152.patch} | 23 +++++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/4.5.7/0000_README b/4.5.7/0000_README index 7dd453b..068b4c9 100644 --- a/4.5.7/0000_README +++ b/4.5.7/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.5.7-201606142010.patch +Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch similarity index 99% rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch index b46e7cf..5ac1e8a 100644 --- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch +++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch @@ -115435,7 +115435,7 @@ index ec0e239..ab85b22 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..f172760 +index 0000000..821601d --- /dev/null +++ b/grsecurity/Kconfig @@ -0,0 +1,1205 @@ @@ -115582,14 +115582,14 @@ index 0000000..f172760 +config GRKERNSEC_KSTACKOVERFLOW + bool "Prevent kernel stack overflows" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on !IA64 && 64BIT ++ depends on X86_64 + help + If you say Y here, the kernel's process stacks will be allocated + with vmalloc instead of the kernel's default allocator. This + introduces guard pages that in combination with the alloca checking -+ of the STACKLEAK feature prevents all forms of kernel process stack -+ overflow abuse. Note that this is different from kernel stack -+ buffer overflows. ++ of the STACKLEAK feature and removal of thread_info from the kernel ++ stack prevents all forms of kernel process stack overflow abuse. ++ Note that this is different from kernel stack buffer overflows. + +config GRKERNSEC_BRUTE + bool "Deter exploit bruteforcing" @@ -156888,7 +156888,7 @@ index f2280f7..c0a006f 100644 struct irlap_cb *self = (struct irlap_cb *) data; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index fc3598a..03a184e 100644 +index fc3598a..03a184e3 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -685,10 +685,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv) @@ -211999,7 +211999,7 @@ index 5105c2c..a5010e6 100644 extern struct key_type key_type_request_key_auth; extern struct key *request_key_auth_new(struct key *target, diff --git a/security/keys/key.c b/security/keys/key.c -index 09ef276..ab2894f 100644 +index 09ef276..357db79 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, @@ -212011,6 +212011,15 @@ index 09ef276..ab2894f 100644 key->index_key.type = type; key->user = user; key->quotalen = quotalen; +@@ -582,7 +582,7 @@ int key_reject_and_link(struct key *key, + + mutex_unlock(&key_construction_mutex); + +- if (keyring) ++ if (keyring && link_ret == 0) + __key_link_end(keyring, &key->index_key, edit); + + /* wake up anyone waiting for a key to be constructed */ @@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype) struct key_type *p; int ret;