* [gentoo-commits] proj/hardened-patchset:XT_PAX commit in: 3.1.5/
@ 2011-12-13 0:41 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2011-12-13 0:41 UTC (permalink / raw
To: gentoo-commits
commit: 747e437838a92f0fd8effba88d26180d9681eddf
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 13 00:41:25 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 00:41:25 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=747e4378
Clean up line numbers
---
3.1.5/4430_remove-legacy-EI_PAX.patch | 2 +-
3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch | 2 +-
3.1.5/4500_grsec-kconfig-gentoo.patch | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/3.1.5/4430_remove-legacy-EI_PAX.patch b/3.1.5/4430_remove-legacy-EI_PAX.patch
index 35aff7a..9412035 100644
--- a/3.1.5/4430_remove-legacy-EI_PAX.patch
+++ b/3.1.5/4430_remove-legacy-EI_PAX.patch
@@ -196,7 +196,7 @@ diff -Naur linux-3.1.1-xtpax.orig//security/Kconfig linux-3.1.1-xtpax/security/K
help
By design some architectures do not allow for protecting memory
pages against execution or even if they do, Linux does not make
-@@ -360,7 +343,7 @@
+@@ -388,7 +371,7 @@
config PAX_ASLR
bool "Address Space Layout Randomization"
diff --git a/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch b/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch
index 5b9c248..73d42d6 100644
--- a/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch
+++ b/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch
@@ -311,7 +311,7 @@ diff -Naur linux-3.1.1-xtpax.orig//security/Kconfig linux-3.1.1-xtpax/security/K
help
By design some architectures do not allow for protecting memory
pages against execution or even if they do, Linux does not make
-@@ -343,7 +334,7 @@
+@@ -371,7 +362,7 @@
config PAX_ASLR
bool "Address Space Layout Randomization"
diff --git a/3.1.5/4500_grsec-kconfig-gentoo.patch b/3.1.5/4500_grsec-kconfig-gentoo.patch
index 5fad5b9..7442e2a 100644
--- a/3.1.5/4500_grsec-kconfig-gentoo.patch
+++ b/3.1.5/4500_grsec-kconfig-gentoo.patch
@@ -298,7 +298,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
help
This is the kernel land equivalent of PAGEEXEC and MPROTECT,
that is, enabling this option will make it harder to inject
-@@ -461,8 +462,9 @@
+@@ -489,8 +490,9 @@
config PAX_MEMORY_UDEREF
bool "Prevent invalid userland pointer dereference"
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-patchset:XT_PAX commit in: 3.1.5/
@ 2011-12-13 1:02 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2011-12-13 1:02 UTC (permalink / raw
To: gentoo-commits
commit: 679cd2c878d655b4149ab7aa9a41b8e22d944604
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 13 01:02:11 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 01:02:11 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=679cd2c8
Cleaned up directory names in diffs
---
3.1.5/4430_remove-legacy-EI_PAX.patch | 36 +++++++++++-----------
3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch | 42 +++++++++++++-------------
2 files changed, 39 insertions(+), 39 deletions(-)
diff --git a/3.1.5/4430_remove-legacy-EI_PAX.patch b/3.1.5/4430_remove-legacy-EI_PAX.patch
index 9412035..b08b326 100644
--- a/3.1.5/4430_remove-legacy-EI_PAX.patch
+++ b/3.1.5/4430_remove-legacy-EI_PAX.patch
@@ -1,6 +1,6 @@
-diff -Naur linux-3.1.1-xtpax.orig//fs/binfmt_elf.c linux-3.1.1-xtpax/fs/binfmt_elf.c
---- linux-3.1.1-xtpax.orig//fs/binfmt_elf.c 2011-11-20 20:17:18.968732978 +0000
-+++ linux-3.1.1-xtpax/fs/binfmt_elf.c 2011-11-20 20:21:07.237738723 +0000
+diff -Naur a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+--- a/fs/binfmt_elf.c 2011-11-20 20:17:18.968732978 +0000
++++ b/fs/binfmt_elf.c 2011-11-20 20:21:07.237738723 +0000
@@ -553,7 +553,7 @@
return error;
}
@@ -91,9 +91,9 @@ diff -Naur linux-3.1.1-xtpax.orig//fs/binfmt_elf.c linux-3.1.1-xtpax/fs/binfmt_e
if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
-diff -Naur linux-3.1.1-xtpax.orig//grsecurity/Kconfig linux-3.1.1-xtpax/grsecurity/Kconfig
---- linux-3.1.1-xtpax.orig//grsecurity/Kconfig 2011-11-20 20:17:19.115732982 +0000
-+++ linux-3.1.1-xtpax/grsecurity/Kconfig 2011-11-20 20:21:07.238738723 +0000
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-11-20 20:17:19.115732982 +0000
++++ b/grsecurity/Kconfig 2011-11-20 20:21:07.238738723 +0000
@@ -47,7 +47,6 @@
config GRKERNSEC_MEDIUM
bool "Medium"
@@ -110,9 +110,9 @@ diff -Naur linux-3.1.1-xtpax.orig//grsecurity/Kconfig linux-3.1.1-xtpax/grsecuri
select PAX_PT_PAX_FLAGS
select PAX_HAVE_ACL_FLAGS
select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/elf.h linux-3.1.1-xtpax/include/linux/elf.h
---- linux-3.1.1-xtpax.orig//include/linux/elf.h 2011-11-20 20:17:19.136732982 +0000
-+++ linux-3.1.1-xtpax/include/linux/elf.h 2011-11-20 20:21:07.239738723 +0000
+diff -Naur a/include/linux/elf.h b/include/linux/elf.h
+--- a/include/linux/elf.h 2011-11-20 20:17:19.136732982 +0000
++++ b/include/linux/elf.h 2011-11-20 20:21:07.239738723 +0000
@@ -370,8 +370,6 @@
#define EI_OSABI 7
#define EI_PAD 8
@@ -122,9 +122,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/elf.h linux-3.1.1-xtpax/include
#define ELFMAG0 0x7f /* EI_MAG */
#define ELFMAG1 'E'
#define ELFMAG2 'L'
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/grsecurity.h linux-3.1.1-xtpax/include/linux/grsecurity.h
---- linux-3.1.1-xtpax.orig//include/linux/grsecurity.h 2011-11-20 20:17:19.146732983 +0000
-+++ linux-3.1.1-xtpax/include/linux/grsecurity.h 2011-11-20 20:21:07.240738723 +0000
+diff -Naur a/include/linux/grsecurity.h b/include/linux/grsecurity.h
+--- a/include/linux/grsecurity.h 2011-11-20 20:17:19.146732983 +0000
++++ b/include/linux/grsecurity.h 2011-11-20 20:21:07.240738723 +0000
@@ -12,11 +12,11 @@
#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
@@ -141,9 +141,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/grsecurity.h linux-3.1.1-xtpax/
#endif
#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/mm_types.h linux-3.1.1-xtpax/include/linux/mm_types.h
---- linux-3.1.1-xtpax.orig//include/linux/mm_types.h 2011-11-20 20:17:19.159732983 +0000
-+++ linux-3.1.1-xtpax/include/linux/mm_types.h 2011-11-20 20:21:07.241738723 +0000
+diff -Naur a/include/linux/mm_types.h b/include/linux/mm_types.h
+--- a/include/linux/mm_types.h 2011-11-20 20:17:19.159732983 +0000
++++ b/include/linux/mm_types.h 2011-11-20 20:21:07.241738723 +0000
@@ -365,7 +365,7 @@
struct cpumask cpumask_allocation;
#endif
@@ -153,9 +153,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/mm_types.h linux-3.1.1-xtpax/in
unsigned long pax_flags;
#endif
-diff -Naur linux-3.1.1-xtpax.orig//security/Kconfig linux-3.1.1-xtpax/security/Kconfig
---- linux-3.1.1-xtpax.orig//security/Kconfig 2011-11-20 20:17:19.478732991 +0000
-+++ linux-3.1.1-xtpax/security/Kconfig 2011-11-20 20:21:07.242738723 +0000
+diff -Naur a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig 2011-11-20 20:17:19.478732991 +0000
++++ b/security/Kconfig 2011-11-20 20:21:07.242738723 +0000
@@ -51,20 +51,6 @@
line option on boot. Furthermore you can control various PaX features
at runtime via the entries in /proc/sys/kernel/pax.
diff --git a/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch b/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch
index 73d42d6..600a4e1 100644
--- a/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch
+++ b/3.1.5/4440_replace-PT_PAX-with-XT_PAX.patch
@@ -1,6 +1,6 @@
-diff -Naur linux-3.1.1-xtpax.orig//fs/binfmt_elf.c linux-3.1.1-xtpax/fs/binfmt_elf.c
---- linux-3.1.1-xtpax.orig//fs/binfmt_elf.c 2011-11-20 20:24:21.599743615 +0000
-+++ linux-3.1.1-xtpax/fs/binfmt_elf.c 2011-11-20 20:33:31.546757452 +0000
+diff -Naur a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+--- a/fs/binfmt_elf.c 2011-11-20 20:24:21.599743615 +0000
++++ b/fs/binfmt_elf.c 2011-11-20 20:33:31.546757452 +0000
@@ -32,6 +32,7 @@
#include <linux/elf.h>
#include <linux/utsname.h>
@@ -186,9 +186,9 @@ diff -Naur linux-3.1.1-xtpax.orig//fs/binfmt_elf.c linux-3.1.1-xtpax/fs/binfmt_e
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
-diff -Naur linux-3.1.1-xtpax.orig//grsecurity/Kconfig linux-3.1.1-xtpax/grsecurity/Kconfig
---- linux-3.1.1-xtpax.orig//grsecurity/Kconfig 2011-11-20 20:24:21.601743615 +0000
-+++ linux-3.1.1-xtpax/grsecurity/Kconfig 2011-11-20 20:25:27.748745279 +0000
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-11-20 20:24:21.601743615 +0000
++++ b/grsecurity/Kconfig 2011-11-20 20:25:27.748745279 +0000
@@ -47,7 +47,7 @@
config GRKERNSEC_MEDIUM
bool "Medium"
@@ -207,9 +207,9 @@ diff -Naur linux-3.1.1-xtpax.orig//grsecurity/Kconfig linux-3.1.1-xtpax/grsecuri
select PAX_HAVE_ACL_FLAGS
select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
select PAX_MEMORY_UDEREF if (X86 && !XEN)
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/elf.h linux-3.1.1-xtpax/include/linux/elf.h
---- linux-3.1.1-xtpax.orig//include/linux/elf.h 2011-11-20 20:24:21.601743615 +0000
-+++ linux-3.1.1-xtpax/include/linux/elf.h 2011-11-20 20:25:27.748745279 +0000
+diff -Naur a/include/linux/elf.h b/include/linux/elf.h
+--- a/include/linux/elf.h 2011-11-20 20:24:21.601743615 +0000
++++ b/include/linux/elf.h 2011-11-20 20:25:27.748745279 +0000
@@ -51,7 +51,7 @@
#define PT_GNU_STACK (PT_LOOS + 0x474e551)
#define PT_GNU_RELRO (PT_LOOS + 0x474e552)
@@ -219,9 +219,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/elf.h linux-3.1.1-xtpax/include
/* Constants for the e_flags field */
#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/grsecurity.h linux-3.1.1-xtpax/include/linux/grsecurity.h
---- linux-3.1.1-xtpax.orig//include/linux/grsecurity.h 2011-11-20 20:24:21.602743615 +0000
-+++ linux-3.1.1-xtpax/include/linux/grsecurity.h 2011-11-20 20:25:27.749745279 +0000
+diff -Naur a/include/linux/grsecurity.h b/include/linux/grsecurity.h
+--- a/include/linux/grsecurity.h 2011-11-20 20:24:21.602743615 +0000
++++ b/include/linux/grsecurity.h 2011-11-20 20:25:27.749745279 +0000
@@ -12,11 +12,11 @@
#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
@@ -238,9 +238,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/grsecurity.h linux-3.1.1-xtpax/
#endif
#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/mm_types.h linux-3.1.1-xtpax/include/linux/mm_types.h
---- linux-3.1.1-xtpax.orig//include/linux/mm_types.h 2011-11-20 20:24:21.603743615 +0000
-+++ linux-3.1.1-xtpax/include/linux/mm_types.h 2011-11-20 20:25:27.751745279 +0000
+diff -Naur a/include/linux/mm_types.h b/include/linux/mm_types.h
+--- a/include/linux/mm_types.h 2011-11-20 20:24:21.603743615 +0000
++++ b/include/linux/mm_types.h 2011-11-20 20:25:27.751745279 +0000
@@ -365,7 +365,7 @@
struct cpumask cpumask_allocation;
#endif
@@ -250,9 +250,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/mm_types.h linux-3.1.1-xtpax/in
unsigned long pax_flags;
#endif
-diff -Naur linux-3.1.1-xtpax.orig//include/linux/xattr.h linux-3.1.1-xtpax/include/linux/xattr.h
---- linux-3.1.1-xtpax.orig//include/linux/xattr.h 2011-10-24 07:10:05.000000000 +0000
-+++ linux-3.1.1-xtpax/include/linux/xattr.h 2011-11-20 20:33:31.547757453 +0000
+diff -Naur a/include/linux/xattr.h b/include/linux/xattr.h
+--- a/include/linux/xattr.h 2011-10-24 07:10:05.000000000 +0000
++++ b/include/linux/xattr.h 2011-11-20 20:33:31.547757453 +0000
@@ -49,6 +49,9 @@
#define XATTR_CAPS_SUFFIX "capability"
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
@@ -263,9 +263,9 @@ diff -Naur linux-3.1.1-xtpax.orig//include/linux/xattr.h linux-3.1.1-xtpax/inclu
#ifdef __KERNEL__
#include <linux/types.h>
-diff -Naur linux-3.1.1-xtpax.orig//security/Kconfig linux-3.1.1-xtpax/security/Kconfig
---- linux-3.1.1-xtpax.orig//security/Kconfig 2011-11-20 20:24:21.604743615 +0000
-+++ linux-3.1.1-xtpax/security/Kconfig 2011-11-20 20:25:27.752745279 +0000
+diff -Naur a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig 2011-11-20 20:24:21.604743615 +0000
++++ b/security/Kconfig 2011-11-20 20:25:27.752745279 +0000
@@ -40,30 +40,21 @@
config PAX_SOFTMODE
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-12-13 1:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-13 1:02 [gentoo-commits] proj/hardened-patchset:XT_PAX commit in: 3.1.5/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2011-12-13 0:41 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox