* [gentoo-commits] proj/hardened-patchset:master commit in: 3.1.5/, 2.6.32/
@ 2011-12-12 22:21 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2011-12-12 22:21 UTC (permalink / raw
To: gentoo-commits
commit: f39a108ed9d2a8f3cac4585bc7364cb25791dd87
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 12 22:21:00 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Dec 12 22:21:00 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=f39a108e
Clean up line numbers
---
2.6.32/4422_grsec-mute-warnings.patch | 6 ++--
2.6.32/4425_grsec-pax-without-grsec.patch | 20 +++++-----
2.6.32/4430_grsec-kconfig-default-gids.patch | 20 +++++-----
2.6.32/4435_grsec-kconfig-gentoo.patch | 4 +-
2.6.32/4437-grsec-kconfig-proc-user.patch | 6 ++--
2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 14 ++++----
3.1.5/0000_README | 4 --
3.1.5/1003_linux-3.1.4.patch | 45 -----------------------
3.1.5/4425_grsec-pax-without-grsec.patch | 2 +-
3.1.5/4430_grsec-kconfig-default-gids.patch | 20 +++++-----
3.1.5/4435_grsec-kconfig-gentoo.patch | 4 +-
3.1.5/4437-grsec-kconfig-proc-user.patch | 4 +-
3.1.5/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
3.1.5/4445_disable-compat_vdso.patch | 2 +-
14 files changed, 52 insertions(+), 101 deletions(-)
diff --git a/2.6.32/4422_grsec-mute-warnings.patch b/2.6.32/4422_grsec-mute-warnings.patch
index 0c9c69a..127d90d 100644
--- a/2.6.32/4422_grsec-mute-warnings.patch
+++ b/2.6.32/4422_grsec-mute-warnings.patch
@@ -29,8 +29,8 @@ warning flags of vanilla kernel versions.
Acked-by: Christian Heim <phreak@gentoo.org>
---
---- a/Makefile 2011-06-05 20:27:54.000000000 -0400
-+++ b/Makefile 2011-06-05 20:28:46.000000000 -0400
+--- a/Makefile 2011-12-12 15:01:59.000000000 -0500
++++ b/Makefile 2011-12-12 15:03:19.000000000 -0500
@@ -221,7 +221,7 @@
HOSTCC = gcc
@@ -38,5 +38,5 @@ Acked-by: Christian Heim <phreak@gentoo.org>
-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
- HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
+ HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks
diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4425_grsec-pax-without-grsec.patch
index 96b85a3..b5929f0 100644
--- a/2.6.32/4425_grsec-pax-without-grsec.patch
+++ b/2.6.32/4425_grsec-pax-without-grsec.patch
@@ -17,10 +17,10 @@ Allow PaX options to be selected without first selecting CONFIG_GRKERNSEC.
This patch has been updated to keep current with newer kernel versions.
The original version of this patch contained no credits/description.
-diff -Naur linux-2.6.32-hardened-r44.orig/arch/x86/mm/fault.c linux-2.6.32-hardened-r44/arch/x86/mm/fault.c
---- linux-2.6.32-hardened-r44.orig/arch/x86/mm/fault.c 2011-04-17 18:15:54.000000000 -0400
-+++ linux-2.6.32-hardened-r44/arch/x86/mm/fault.c 2011-04-17 18:28:11.000000000 -0400
-@@ -658,10 +658,12 @@
+diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
+--- a/arch/x86/mm/fault.c 2011-04-17 18:15:54.000000000 -0400
++++ b/arch/x86/mm/fault.c 2011-04-17 18:28:11.000000000 -0400
+@@ -662,10 +662,12 @@
#ifdef CONFIG_PAX_KERNEXEC
if (init_mm.start_code <= address && address < init_mm.end_code) {
@@ -33,9 +33,9 @@ diff -Naur linux-2.6.32-hardened-r44.orig/arch/x86/mm/fault.c linux-2.6.32-harde
printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
current->comm, task_pid_nr(current), current_uid(), current_euid());
}
-diff -Naur linux-2.6.32-hardened-r44.orig/fs/exec.c linux-2.6.32-hardened-r44/fs/exec.c
---- linux-2.6.32-hardened-r44.orig/fs/exec.c 2011-04-17 18:15:55.000000000 -0400
-+++ linux-2.6.32-hardened-r44/fs/exec.c 2011-04-17 18:29:40.000000000 -0400
+diff -Naur a/fs/exec.c b/fs/exec.c
+--- a/fs/exec.c 2011-04-17 18:15:55.000000000 -0400
++++ b/fs/exec.c 2011-04-17 18:29:40.000000000 -0400
@@ -1803,9 +1803,11 @@
}
up_read(&mm->mmap_sem);
@@ -74,9 +74,9 @@ diff -Naur linux-2.6.32-hardened-r44.orig/fs/exec.c linux-2.6.32-hardened-r44/fs
printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
-diff -Naur linux-2.6.32-hardened-r44.orig/security/Kconfig linux-2.6.32-hardened-r44/security/Kconfig
---- linux-2.6.32-hardened-r44.orig/security/Kconfig 2011-04-17 18:15:55.000000000 -0400
-+++ linux-2.6.32-hardened-r44/security/Kconfig 2011-04-17 18:28:11.000000000 -0400
+diff -Naur a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig 2011-04-17 18:15:55.000000000 -0400
++++ b/security/Kconfig 2011-04-17 18:28:11.000000000 -0400
@@ -29,7 +29,7 @@
config PAX
diff --git a/2.6.32/4430_grsec-kconfig-default-gids.patch b/2.6.32/4430_grsec-kconfig-default-gids.patch
index b173bab..2cd1c5a 100644
--- a/2.6.32/4430_grsec-kconfig-default-gids.patch
+++ b/2.6.32/4430_grsec-kconfig-default-gids.patch
@@ -9,10 +9,10 @@ attention to the finer points of kernel configuration, it is probably
wise to specify some reasonable defaults so as to stop careless users
from shooting themselves in the foot.
-diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400
-+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400
-@@ -432,7 +432,7 @@
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-12-12 15:11:47.000000000 -0500
++++ b/grsecurity/Kconfig 2011-12-12 15:13:17.000000000 -0500
+@@ -431,7 +431,7 @@
config GRKERNSEC_PROC_GID
int "GID for special group"
depends on GRKERNSEC_PROC_USERGROUP
@@ -21,7 +21,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
config GRKERNSEC_PROC_ADD
bool "Additional restrictions"
-@@ -656,7 +656,7 @@
+@@ -655,7 +655,7 @@
config GRKERNSEC_AUDIT_GID
int "GID for auditing"
depends on GRKERNSEC_AUDIT_GROUP
@@ -30,7 +30,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
config GRKERNSEC_EXECLOG
bool "Exec logging"
-@@ -834,7 +834,7 @@
+@@ -833,7 +833,7 @@
config GRKERNSEC_TPE_GID
int "GID for untrusted users"
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -39,7 +39,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Setting this GID determines what group TPE restrictions will be
*enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -843,7 +843,7 @@
+@@ -842,7 +842,7 @@
config GRKERNSEC_TPE_GID
int "GID for trusted users"
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -48,7 +48,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -916,7 +916,7 @@
+@@ -915,7 +915,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -57,7 +57,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -937,7 +937,7 @@
+@@ -936,7 +936,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -66,7 +66,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -955,7 +955,7 @@
+@@ -954,7 +954,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch
index 0bb8941..b9e9d3a 100644
--- a/2.6.32/4435_grsec-kconfig-gentoo.patch
+++ b/2.6.32/4435_grsec-kconfig-gentoo.patch
@@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
config GRKERNSEC_LOW
bool "Low"
-@@ -191,6 +191,258 @@
+@@ -190,6 +190,258 @@
- Restricted sysfs/debugfs
- Active kernel exploit response
@@ -301,7 +301,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
help
This is the kernel land equivalent of PAGEEXEC and MPROTECT,
that is, enabling this option will make it harder to inject
-@@ -487,8 +488,9 @@
+@@ -515,8 +516,9 @@
config PAX_MEMORY_UDEREF
bool "Prevent invalid userland pointer dereference"
diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch
index 368d10c..a8ad5ac 100644
--- a/2.6.32/4437-grsec-kconfig-proc-user.patch
+++ b/2.6.32/4437-grsec-kconfig-proc-user.patch
@@ -3,10 +3,10 @@ From: Anthony G. Basile <blueness@gentoo.org>
Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP
in a different way to avoid bug #366019. This patch should eventually go upstream.
-diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-hardened-r54/grsecurity/Kconfig
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400
-@@ -665,7 +665,7 @@
+@@ -664,7 +664,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-harde
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -673,7 +673,7 @@
+@@ -672,7 +672,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
index 003d903..fa1d60d 100644
--- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
@@ -25,10 +25,10 @@ provided by grSecurity patch to be applied before.
Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
---
-diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400
-+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400
-@@ -1264,6 +1264,27 @@
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400
++++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400
+@@ -1263,6 +1263,27 @@
menu "Logging Options"
depends on GRKERNSEC
@@ -56,9 +56,9 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
config GRKERNSEC_FLOODTIME
int "Seconds in between log messages (minimum)"
default 10
-diff -Naur linux-2.6.32-hardened-r44.orig/security/selinux/avc.c linux-2.6.32-hardened-r44/security/selinux/avc.c
---- linux-2.6.32-hardened-r44.orig/security/selinux/avc.c 2009-12-02 22:51:21.000000000 -0500
-+++ linux-2.6.32-hardened-r44/security/selinux/avc.c 2011-04-17 18:51:15.000000000 -0400
+diff -Naur a/security/selinux/avc.c b/security/selinux/avc.c
+--- a/security/selinux/avc.c 2009-12-02 22:51:21.000000000 -0500
++++ b/security/selinux/avc.c 2011-04-17 18:51:15.000000000 -0400
@@ -203,6 +203,11 @@
char *scontext;
u32 scontext_len;
diff --git a/3.1.5/0000_README b/3.1.5/0000_README
index 24e612d..613b71d 100644
--- a/3.1.5/0000_README
+++ b/3.1.5/0000_README
@@ -3,10 +3,6 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1003_linux-3.1.4.patch
-From: http://www.kernel.org
-Desc: Linux 3.1.4
-
Patch: 4420_grsecurity-2.2.2-3.1.5-201112101853.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.1.5/1003_linux-3.1.4.patch b/3.1.5/1003_linux-3.1.4.patch
deleted file mode 100644
index f995031..0000000
--- a/3.1.5/1003_linux-3.1.4.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff --git a/Makefile b/Makefile
-index d614254..7f8a93b 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 1
--SUBLEVEL = 3
-+SUBLEVEL = 4
- EXTRAVERSION =
- NAME = "Divemaster Edition"
-
-diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
-index afef3df..29bec34 100644
---- a/drivers/usb/host/ehci-sched.c
-+++ b/drivers/usb/host/ehci-sched.c
-@@ -1480,15 +1480,10 @@ iso_stream_schedule (
-
- /* NOTE: assumes URB_ISO_ASAP, to limit complexity/bugs */
-
-- /* find a uframe slot with enough bandwidth.
-- * Early uframes are more precious because full-speed
-- * iso IN transfers can't use late uframes,
-- * and therefore they should be allocated last.
-- */
-- next = start;
-- start += period;
-- do {
-- start--;
-+ /* find a uframe slot with enough bandwidth */
-+ next = start + period;
-+ for (; start < next; start++) {
-+
- /* check schedule: enough space? */
- if (stream->highspeed) {
- if (itd_slot_ok(ehci, mod, start,
-@@ -1501,7 +1496,7 @@ iso_stream_schedule (
- start, sched, period))
- break;
- }
-- } while (start > next);
-+ }
-
- /* no room in the schedule */
- if (start == next) {
diff --git a/3.1.5/4425_grsec-pax-without-grsec.patch b/3.1.5/4425_grsec-pax-without-grsec.patch
index 8304192..97e8837 100644
--- a/3.1.5/4425_grsec-pax-without-grsec.patch
+++ b/3.1.5/4425_grsec-pax-without-grsec.patch
@@ -61,7 +61,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c
printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
current->comm, task_pid_nr(current), current_uid(), current_euid());
print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-@@ -2079,10 +2083,12 @@
+@@ -2078,10 +2082,12 @@
NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
{
diff --git a/3.1.5/4430_grsec-kconfig-default-gids.patch b/3.1.5/4430_grsec-kconfig-default-gids.patch
index 6a448bf..453cb8d 100644
--- a/3.1.5/4430_grsec-kconfig-default-gids.patch
+++ b/3.1.5/4430_grsec-kconfig-default-gids.patch
@@ -9,10 +9,10 @@ attention to the finer points of kernel configuration, it is probably
wise to specify some reasonable defaults so as to stop careless users
from shooting themselves in the foot.
-diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400
-+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400
-@@ -433,7 +433,7 @@
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-12-12 16:54:30.000000000 -0500
++++ b/grsecurity/Kconfig 2011-12-12 16:55:09.000000000 -0500
+@@ -432,7 +432,7 @@
config GRKERNSEC_PROC_GID
int "GID for special group"
depends on GRKERNSEC_PROC_USERGROUP
@@ -21,7 +21,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
config GRKERNSEC_PROC_ADD
bool "Additional restrictions"
-@@ -657,7 +657,7 @@
+@@ -656,7 +656,7 @@
config GRKERNSEC_AUDIT_GID
int "GID for auditing"
depends on GRKERNSEC_AUDIT_GROUP
@@ -30,7 +30,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
config GRKERNSEC_EXECLOG
bool "Exec logging"
-@@ -835,7 +835,7 @@
+@@ -834,7 +834,7 @@
config GRKERNSEC_TPE_GID
int "GID for untrusted users"
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -39,7 +39,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Setting this GID determines what group TPE restrictions will be
*enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -844,7 +844,7 @@
+@@ -843,7 +843,7 @@
config GRKERNSEC_TPE_GID
int "GID for trusted users"
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -48,7 +48,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -917,7 +917,7 @@
+@@ -916,7 +916,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -57,7 +57,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -938,7 +938,7 @@
+@@ -937,7 +937,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -66,7 +66,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -956,7 +956,7 @@
+@@ -955,7 +955,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.1.5/4435_grsec-kconfig-gentoo.patch b/3.1.5/4435_grsec-kconfig-gentoo.patch
index 1bc9742..d9083f4 100644
--- a/3.1.5/4435_grsec-kconfig-gentoo.patch
+++ b/3.1.5/4435_grsec-kconfig-gentoo.patch
@@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
config GRKERNSEC_LOW
bool "Low"
-@@ -191,6 +191,258 @@
+@@ -190,6 +190,258 @@
- Restricted sysfs/debugfs
- Active kernel exploit response
@@ -301,7 +301,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
help
This is the kernel land equivalent of PAGEEXEC and MPROTECT,
that is, enabling this option will make it harder to inject
-@@ -487,8 +488,9 @@
+@@ -515,8 +516,9 @@
config PAX_MEMORY_UDEREF
bool "Prevent invalid userland pointer dereference"
diff --git a/3.1.5/4437-grsec-kconfig-proc-user.patch b/3.1.5/4437-grsec-kconfig-proc-user.patch
index c588683..fb20d59 100644
--- a/3.1.5/4437-grsec-kconfig-proc-user.patch
+++ b/3.1.5/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400
-@@ -666,7 +666,7 @@
+@@ -665,7 +665,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -674,7 +674,7 @@
+@@ -673,7 +673,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch
index 0fd5d2d..56c8ef1 100644
--- a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig
--- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1265,6 +1265,27 @@
+@@ -1264,6 +1264,27 @@
menu "Logging Options"
depends on GRKERNSEC
diff --git a/3.1.5/4445_disable-compat_vdso.patch b/3.1.5/4445_disable-compat_vdso.patch
index 3b76b6c..737dcca 100644
--- a/3.1.5/4445_disable-compat_vdso.patch
+++ b/3.1.5/4445_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1638,17 +1638,8 @@
+@@ -1639,17 +1639,8 @@
config COMPAT_VDSO
def_bool n
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-12-12 22:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-12 22:21 [gentoo-commits] proj/hardened-patchset:master commit in: 3.1.5/, 2.6.32/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox