main/*-grsec: update grsec kernel to 200909052209

author: Natanael Copa <ncopa@alpinelinux.org> 2009-09-09 11:01:10 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2009-09-09 11:02:03 +0000
commit: 3e5fbd36b049467ce7f0c31cbb9556080ec60df4 (patch)
tree: 6e6b9c28a523a636ae8d9b3a282b79b698a04c9b
parent: ceabdffa966b770cb8a44541f0571731dba55e14 (diff)
download: aports-3e5fbd36b049467ce7f0c31cbb9556080ec60df4.tar.bz2
aports-3e5fbd36b049467ce7f0c31cbb9556080ec60df4.tar.xz
6 files changed, 155 insertions, 166 deletions
diff --git a/main/dahdi-linux-grsec/APKBUILD b/main/dahdi-linux-grsec/APKBUILD
index dea2fe5b35..569de58ff7 100644
--- a/main/dahdi-linux-grsec/APKBUILD
+++ b/main/dahdi-linux-grsec/APKBUILD
@@ -14,7 +14,7 @@ _realname=dahdi-linux
 
 pkgname=${_realname}-${_flavor}
 pkgver=2.2.0
-pkgrel=12
+pkgrel=13
 pkgdesc="Digium Asterisk Hardware Device Interface drivers"
 url="http://www.asterisk.org"
 license="GPL"
diff --git a/main/iscsitarget-grsec/APKBUILD b/main/iscsitarget-grsec/APKBUILD
index 8b7479ceeb..3c6939c938 100644
--- a/main/iscsitarget-grsec/APKBUILD
+++ b/main/iscsitarget-grsec/APKBUILD
@@ -15,7 +15,7 @@ if [ -f ../iscsitarget/APKBUILD ]; then
 fi
 pkgname=${_realname}-${_flavor}
 pkgver=${pkgver:-0.4.17}
-pkgrel=10
+pkgrel=11
 pkgdesc="$_flavor kernel modules for iscsitarget"
 url="http://iscsitarget.sourceforge.net/"
 license="GPL-2"
diff --git a/main/kqemu-grsec/APKBUILD b/main/kqemu-grsec/APKBUILD
index 4371abcf93..a357191f39 100644
--- a/main/kqemu-grsec/APKBUILD
+++ b/main/kqemu-grsec/APKBUILD
@@ -12,7 +12,7 @@ _abi_release=$pkgver-${_flavor}
 pkgname=${_realname}-${_flavor}
 pkgver=1.4.0_pre1
 _realver=1.4.0pre1
-pkgrel=3
+pkgrel=4
 pkgdesc="$_flavor kernel modules for kemu"
 url="http://www.nongnu.org/qemu/"
 license="GPL"
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index f40d03b435..25c0103dbb 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.30.5
 _kernver=2.6.30
-pkgrel=2
+pkgrel=3
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs"
@@ -13,7 +13,7 @@ _config=${config:-kernelconfig}
 install="$pkgname.post-install $pkgname.post-upgrade"
 source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
 	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-	grsecurity-2.1.14-2.6.30.5-200908311711.patch
+	grsecurity-2.1.14-2.6.30.5-200909052209.patch
 	net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
 	$_config
 	"
@@ -112,6 +112,6 @@ dev() {
 
 md5sums="7a80058a6382e5108cdb5554d1609615  linux-2.6.30.tar.bz2
 47841c7ff5c81a7b349a79f2fa8e9138  patch-2.6.30.5.bz2
-105d22bfc672508d6ed94a4f823a3e24  grsecurity-2.1.14-2.6.30.5-200908311711.patch
+82ed9db7fcd03659aeb2d597982182b7  grsecurity-2.1.14-2.6.30.5-200909052209.patch
 ca05fd252783b82e01610e775cf56498  net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
 35d29ea012d4b009ce2bd37b7540903e  kernelconfig"
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200909052209.patch
index a5179ccbbe..a86af8d07b 100644
--- a/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch
+++ b/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200909052209.patch
@@ -6090,16 +6090,21 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/paravirt.h linux-2.6.30.5/arch/x8
  #define INTERRUPT_RETURN						\
 diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgalloc.h linux-2.6.30.5/arch/x86/include/asm/pgalloc.h
 --- linux-2.6.30.5/arch/x86/include/asm/pgalloc.h	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/include/asm/pgalloc.h	2009-07-30 09:48:09.931536832 -0400
-@@ -52,7 +52,7 @@ static inline void pmd_populate_kernel(s
++++ linux-2.6.30.5/arch/x86/include/asm/pgalloc.h	2009-09-05 22:09:36.037016937 -0400
+@@ -52,6 +52,13 @@ static inline void pmd_populate_kernel(s
  				       pmd_t *pmd, pte_t *pte)
  {
  	paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
--	set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
 +	set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
++}
++
++static inline void pmd_populate_user(struct mm_struct *mm,
++				       pmd_t *pmd, pte_t *pte)
++{
++	paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
+ 	set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
  }
  
- static inline void pmd_populate(struct mm_struct *mm, pmd_t *pmd,
 diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h
 --- linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h	2009-07-24 17:47:51.000000000 -0400
 +++ linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h	2009-07-30 09:48:09.931536832 -0400
@@ -6125,7 +6130,7 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h linux-2.6.30.5/a
  static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
 diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h
 --- linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h	2009-08-24 21:08:46.297666606 -0400
++++ linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h	2009-09-05 22:09:36.076613109 -0400
 @@ -26,8 +26,6 @@
  struct mm_struct;
  struct vm_area_struct;
@@ -6135,7 +6140,7 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h linux-2.6.30.5/arch/
  static inline void pgtable_cache_init(void) { }
  static inline void check_pgt_cache(void) { }
  void paging_init(void);
-@@ -48,6 +46,15 @@ extern void set_pmd_pfn(unsigned long, u
+@@ -48,6 +46,11 @@ extern void set_pmd_pfn(unsigned long, u
  # include <asm/pgtable-2level.h>
  #endif
  
@@ -6143,15 +6148,11 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h linux-2.6.30.5/arch/
 +#ifdef CONFIG_X86_PAE
 +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
 +#endif
-+extern pte_t swapper_pg_fixmap0[PTRS_PER_PMD];
-+extern pte_t swapper_pg_fixmap1[PTRS_PER_PMD];
-+extern pte_t swapper_pg_fixmap2[PTRS_PER_PMD];
-+extern pte_t swapper_pg_fixmap3[PTRS_PER_PMD];
 +
  #if defined(CONFIG_HIGHPTE)
  #define pte_offset_map(dir, address)					\
  	((pte_t *)kmap_atomic_pte(pmd_page(*(dir)), KM_PTE0) +		\
-@@ -80,6 +87,9 @@ do {						\
+@@ -80,6 +83,9 @@ do {						\
  
  #endif /* !__ASSEMBLY__ */
  
@@ -6203,8 +6204,8 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable-3level.h linux-2.6.30.5/a
  /*
 diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h
 --- linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h	2009-07-30 09:48:09.932929020 -0400
-@@ -16,9 +16,12 @@
++++ linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h	2009-09-05 22:09:36.083864233 -0400
+@@ -16,9 +16,11 @@
  
  extern pud_t level3_kernel_pgt[512];
  extern pud_t level3_ident_pgt[512];
@@ -6214,11 +6215,10 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h linux-2.6.30.5/arch/
  extern pmd_t level2_fixmap_pgt[512];
 -extern pmd_t level2_ident_pgt[512];
 +extern pmd_t level2_ident_pgt[512*4];
-+extern pte_t level1_fixmap_pgt[512];
  extern pgd_t init_level4_pgt[];
  
  #define swapper_pg_dir init_level4_pgt
-@@ -78,7 +81,19 @@ static inline pte_t native_ptep_get_and_
+@@ -78,7 +80,19 @@ static inline pte_t native_ptep_get_and_
  
  static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
  {
@@ -8792,7 +8792,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head32.c linux-2.6.30.5/arch/x86/kerne
  	/* Reserve INITRD */
 diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kernel/head_32.S
 --- linux-2.6.30.5/arch/x86/kernel/head_32.S	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/kernel/head_32.S	2009-08-05 19:08:00.458589400 -0400
++++ linux-2.6.30.5/arch/x86/kernel/head_32.S	2009-09-05 22:09:36.124586132 -0400
 @@ -20,6 +20,7 @@
  #include <asm/setup.h>
  #include <asm/processor-flags.h>
@@ -8843,7 +8843,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  ENTRY(startup_32)
  	/* test KEEP_SEGMENTS flag to see if the bootloader is asking
  		us to not reload segments */
-@@ -98,6 +110,58 @@ ENTRY(startup_32)
+@@ -98,6 +110,48 @@ ENTRY(startup_32)
  	movl %eax,%gs
  2:
  
@@ -8860,22 +8860,12 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
 +#endif
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	/* check for VMware */
-+	movl $0x564d5868,%eax
-+	xorl %ebx,%ebx
-+	movl $0xa,%ecx
-+	movl $0x5658,%edx
-+	in (%dx),%eax
-+	cmpl $0x564d5868,%ebx
-+	jz 2f
-+
 +	movl $NR_CPUS,%ecx
 +	movl $pa(cpu_gdt_table),%edi
 +1:
 +	movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
 +	addl $PAGE_SIZE_asm,%edi
 +	loop 1b
-+2:
 +#endif
 +
 +#ifdef CONFIG_PAX_KERNEXEC
@@ -8902,7 +8892,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  /*
   * Clear BSS first so that there are no surprises...
   */
-@@ -141,9 +205,7 @@ ENTRY(startup_32)
+@@ -141,9 +195,7 @@ ENTRY(startup_32)
  	cmpl $num_subarch_entries, %eax
  	jae bad_subarch
  
@@ -8913,7 +8903,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  
  bad_subarch:
  WEAK(lguest_entry)
-@@ -155,9 +217,9 @@ WEAK(xen_entry)
+@@ -155,9 +207,9 @@ WEAK(xen_entry)
  	__INITDATA
  
  subarch_entries:
@@ -8926,41 +8916,35 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  num_subarch_entries = (. - subarch_entries) / 4
  .previous
  #endif /* CONFIG_PARAVIRT */
-@@ -218,8 +280,14 @@ default_entry:
+@@ -218,8 +270,11 @@ default_entry:
  	movl %eax, pa(max_pfn_mapped)
  
  	/* Do early initialization of the fixmap area */
 -	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
 -	movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
 +#ifdef CONFIG_COMPAT_VDSO
-+	movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
 +#else
-+	movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
 +#endif
-+	movl $pa(swapper_pg_fixmap1)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-16)
-+	movl $pa(swapper_pg_fixmap2)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-24)
-+	movl $pa(swapper_pg_fixmap3)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-32)
  #else	/* Not PAE */
  
  page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -249,8 +317,14 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -249,8 +304,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
  	movl %eax, pa(max_pfn_mapped)
  
  	/* Do early initialization of the fixmap area */
 -	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
 -	movl %eax,pa(swapper_pg_dir+0xffc)
 +#ifdef CONFIG_COMPAT_VDSO
-+	movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
 +#else
-+	movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
 +#endif
-+	movl $pa(swapper_pg_fixmap1)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xff8)
-+	movl $pa(swapper_pg_fixmap2)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xff4)
-+	movl $pa(swapper_pg_fixmap3)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xff0)
  #endif
  	jmp 3f
  /*
-@@ -314,13 +388,16 @@ ENTRY(startup_32_smp)
+@@ -314,13 +372,16 @@ ENTRY(startup_32_smp)
  	jnc 6f
  
  	/* Setup EFER (Extended Feature Enable Register) */
@@ -8978,7 +8962,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  6:
  
  /*
-@@ -346,9 +423,7 @@ ENTRY(startup_32_smp)
+@@ -346,9 +407,7 @@ ENTRY(startup_32_smp)
  
  #ifdef CONFIG_SMP
  	cmpb $0, ready
@@ -8989,7 +8973,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  #endif /* CONFIG_SMP */
  
  /*
-@@ -426,7 +501,7 @@ is386:	movl $2,%ecx		# set MP
+@@ -426,7 +485,7 @@ is386:	movl $2,%ecx		# set MP
  1:	movl $(__KERNEL_DS),%eax	# reload all the segment registers
  	movl %eax,%ss			# after changing gdt.
  
@@ -8998,7 +8982,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  	movl %eax,%ds
  	movl %eax,%es
  
-@@ -440,8 +515,11 @@ is386:	movl $2,%ecx		# set MP
+@@ -440,8 +499,11 @@ is386:	movl $2,%ecx		# set MP
  	 */
  	cmpb $0,ready
  	jne 1f
@@ -9011,7 +8995,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  	subl $20, %ecx
  	movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
  	shrl $16, %ecx
-@@ -460,10 +538,6 @@ is386:	movl $2,%ecx		# set MP
+@@ -460,10 +522,6 @@ is386:	movl $2,%ecx		# set MP
  #ifdef CONFIG_SMP
  	movb ready, %cl
  	movb $1, ready
@@ -9022,7 +9006,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  #endif /* CONFIG_SMP */
  	jmp *(initial_code)
  
-@@ -549,22 +623,22 @@ early_page_fault:
+@@ -549,22 +607,22 @@ early_page_fault:
  	jmp early_fault
  
  early_fault:
@@ -9050,7 +9034,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  hlt_loop:
  	hlt
  	jmp hlt_loop
-@@ -572,8 +646,11 @@ hlt_loop:
+@@ -572,8 +630,11 @@ hlt_loop:
  /* This is the default interrupt "handler" :-) */
  	ALIGN
  ignore_int:
@@ -9063,7 +9047,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  	pushl %eax
  	pushl %ecx
  	pushl %edx
-@@ -582,9 +659,6 @@ ignore_int:
+@@ -582,9 +643,6 @@ ignore_int:
  	movl $(__KERNEL_DS),%eax
  	movl %eax,%ds
  	movl %eax,%es
@@ -9073,7 +9057,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  	pushl 16(%esp)
  	pushl 24(%esp)
  	pushl 32(%esp)
-@@ -608,37 +682,49 @@ ignore_int:
+@@ -608,37 +666,40 @@ ignore_int:
  ENTRY(initial_code)
  	.long i386_start_kernel
  
@@ -9098,20 +9082,10 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  ENTRY(swapper_pg_dir)
  	.fill 1024,4,0
  #endif
--swapper_pg_fixmap:
 +
-+ENTRY(swapper_pg_fixmap0)
-+	.fill 1024,4,0
-+
-+ENTRY(swapper_pg_fixmap1)
+ swapper_pg_fixmap:
  	.fill 1024,4,0
 +
-+ENTRY(swapper_pg_fixmap2)
-+	.fill 1024,4,0
-+
-+ENTRY(swapper_pg_fixmap3)
-+	.fill 1024,4,0
-+
 +.section .empty_zero_page,"a",@progbits
  ENTRY(empty_zero_page)
  	.fill 4096,1,0
@@ -9136,7 +9110,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  ENTRY(swapper_pg_dir)
  	.long	pa(swapper_pg_pmd+PGD_IDENT_ATTR),0	/* low identity map */
  # if KPMDS == 3
-@@ -661,11 +747,12 @@ ENTRY(swapper_pg_dir)
+@@ -661,11 +722,12 @@ ENTRY(swapper_pg_dir)
  
  .data
  ENTRY(stack_start)
@@ -9150,7 +9124,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  early_recursion_flag:
  	.long 0
  
-@@ -701,7 +788,7 @@ fault_msg:
+@@ -701,7 +763,7 @@ fault_msg:
  	.word 0				# 32 bit align gdt_desc.address
  boot_gdt_descr:
  	.word __BOOT_DS+7
@@ -9159,7 +9133,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  
  	.word 0				# 32-bit align idt_desc.address
  idt_descr:
-@@ -712,7 +799,7 @@ idt_descr:
+@@ -712,7 +774,7 @@ idt_descr:
  	.word 0				# 32 bit align gdt_desc.address
  ENTRY(early_gdt_descr)
  	.word GDT_ENTRIES*8-1
@@ -9168,7 +9142,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
  
  /*
   * The boot_gdt must mirror the equivalent in setup.S and is
-@@ -721,5 +808,59 @@ ENTRY(early_gdt_descr)
+@@ -721,5 +783,59 @@ ENTRY(early_gdt_descr)
  	.align L1_CACHE_BYTES
  ENTRY(boot_gdt)
  	.fill GDT_ENTRY_BOOT_CS,8,0
@@ -9232,7 +9206,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
 +	.endr
 diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kernel/head_64.S
 --- linux-2.6.30.5/arch/x86/kernel/head_64.S	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/kernel/head_64.S	2009-08-01 08:46:06.399105315 -0400
++++ linux-2.6.30.5/arch/x86/kernel/head_64.S	2009-09-05 22:09:36.168173047 -0400
 @@ -39,6 +39,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
  L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
  L4_START_KERNEL = pgd_index(__START_KERNEL_map)
@@ -9374,7 +9348,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kern
  
  NEXT_PAGE(level3_kernel_pgt)
  	.fill	L3_START_KERNEL,8,0
-@@ -365,20 +379,27 @@ NEXT_PAGE(level3_kernel_pgt)
+@@ -365,20 +379,23 @@ NEXT_PAGE(level3_kernel_pgt)
  	.quad	level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
  	.quad	level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
  
@@ -9382,22 +9356,21 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kern
 +	.fill	512,8,0
 +
  NEXT_PAGE(level2_fixmap_pgt)
- 	.fill	506,8,0
- 	.quad	level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
+-	.fill	506,8,0
+-	.quad	level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
 -	/* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
 -	.fill	5,8,0
++	.fill	507,8,0
 +	.quad	level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
 +	/* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
 +	.fill	4,8,0
  
- NEXT_PAGE(level1_fixmap_pgt)
+-NEXT_PAGE(level1_fixmap_pgt)
++NEXT_PAGE(level1_vsyscall_pgt)
  	.fill	512,8,0
  
 -NEXT_PAGE(level2_ident_pgt)
 -	/* Since I easily can, map the first 1G.
-+NEXT_PAGE(level1_vsyscall_pgt)
-+	.fill	512,8,0
-+
 +	/* Since I easily can, map the first 4G.
  	 * Don't set NX because code runs from these pages.
  	 */
@@ -9407,7 +9380,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kern
  
  NEXT_PAGE(level2_kernel_pgt)
  	/*
-@@ -391,33 +412,49 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -391,33 +408,49 @@ NEXT_PAGE(level2_kernel_pgt)
  	 *  If you want to increase this then increase MODULES_VADDR
  	 *  too.)
  	 */
@@ -15228,7 +15201,7 @@ diff -urNp linux-2.6.30.5/arch/x86/mm/iomap_32.c linux-2.6.30.5/arch/x86/mm/ioma
  	return (void *)vaddr;
 diff -urNp linux-2.6.30.5/arch/x86/mm/ioremap.c linux-2.6.30.5/arch/x86/mm/ioremap.c
 --- linux-2.6.30.5/arch/x86/mm/ioremap.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/mm/ioremap.c	2009-07-30 19:56:23.514032300 -0400
++++ linux-2.6.30.5/arch/x86/mm/ioremap.c	2009-09-05 22:09:36.204542208 -0400
 @@ -111,8 +111,8 @@ int page_is_ram(unsigned long pagenr)
  	 * Second special case: Some BIOSen report the PC BIOS
  	 * area (640->1Mb) as ram even though it is not.
@@ -15261,52 +15234,25 @@ diff -urNp linux-2.6.30.5/arch/x86/mm/ioremap.c linux-2.6.30.5/arch/x86/mm/iorem
  	/*
  	 * Ok, go for it..
  	 */
-@@ -489,7 +488,6 @@ static int __init early_ioremap_debug_se
+@@ -489,7 +488,7 @@ static int __init early_ioremap_debug_se
  early_param("early_ioremap_debug", early_ioremap_debug_setup);
  
  static __initdata int after_paging_init;
 -static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
++static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE);
  
  static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
  {
-@@ -502,11 +500,6 @@ static inline pmd_t * __init early_iorem
- 	return pmd;
- }
- 
--static inline pte_t * __init early_ioremap_pte(unsigned long addr)
--{
--	return &bm_pte[pte_index(addr)];
--}
--
- static unsigned long slot_virt[FIX_BTMAPS_SLOTS] __initdata;
- 
- void __init early_ioremap_init(void)
-@@ -521,8 +514,6 @@ void __init early_ioremap_init(void)
+@@ -521,8 +520,7 @@ void __init early_ioremap_init(void)
  		slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
  
  	pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
 -	memset(bm_pte, 0, sizeof(bm_pte));
 -	pmd_populate_kernel(&init_mm, pmd, bm_pte);
++	pmd_populate_user(&init_mm, pmd, bm_pte);
  
  	/*
  	 * The boot-ioremap range spans multiple pmds, for which
-@@ -552,13 +543,15 @@ static void __init __early_set_fixmap(en
- 				      phys_addr_t phys, pgprot_t flags)
- {
- 	unsigned long addr = __fix_to_virt(idx);
-+	unsigned int level;
- 	pte_t *pte;
- 
- 	if (idx >= __end_of_fixed_addresses) {
- 		BUG();
- 		return;
- 	}
--	pte = early_ioremap_pte(addr);
-+	pte = lookup_address(addr, &level);
-+	BUG_ON(!pte || level != PG_LEVEL_4K);
- 
- 	if (pgprot_val(flags))
- 		set_pte(pte, pfn_pte(phys >> PAGE_SHIFT, flags));
 diff -urNp linux-2.6.30.5/arch/x86/mm/mmap.c linux-2.6.30.5/arch/x86/mm/mmap.c
 --- linux-2.6.30.5/arch/x86/mm/mmap.c	2009-07-24 17:47:51.000000000 -0400
 +++ linux-2.6.30.5/arch/x86/mm/mmap.c	2009-07-30 09:48:09.973477350 -0400
@@ -16361,7 +16307,7 @@ diff -urNp linux-2.6.30.5/arch/x86/xen/Kconfig linux-2.6.30.5/arch/x86/xen/Kconf
  	  kernel to boot in a paravirtualized environment under the
 diff -urNp linux-2.6.30.5/arch/x86/xen/mmu.c linux-2.6.30.5/arch/x86/xen/mmu.c
 --- linux-2.6.30.5/arch/x86/xen/mmu.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/arch/x86/xen/mmu.c	2009-07-30 09:48:09.980662517 -0400
++++ linux-2.6.30.5/arch/x86/xen/mmu.c	2009-09-05 22:09:36.227714282 -0400
 @@ -1716,6 +1716,8 @@ __init pgd_t *xen_setup_kernel_pagetable
  	convert_pfn_mfn(init_level4_pgt);
  	convert_pfn_mfn(level3_ident_pgt);
@@ -16371,7 +16317,7 @@ diff -urNp linux-2.6.30.5/arch/x86/xen/mmu.c linux-2.6.30.5/arch/x86/xen/mmu.c
  
  	l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
  	l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
-@@ -1734,9 +1736,12 @@ __init pgd_t *xen_setup_kernel_pagetable
+@@ -1734,6 +1736,8 @@ __init pgd_t *xen_setup_kernel_pagetable
  	set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
  	set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
  	set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
@@ -16380,10 +16326,6 @@ diff -urNp linux-2.6.30.5/arch/x86/xen/mmu.c linux-2.6.30.5/arch/x86/xen/mmu.c
  	set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
  	set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
  	set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
-+	set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
- 
- 	/* Pin down new L4 */
- 	pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
 diff -urNp linux-2.6.30.5/arch/x86/xen/smp.c linux-2.6.30.5/arch/x86/xen/smp.c
 --- linux-2.6.30.5/arch/x86/xen/smp.c	2009-07-24 17:47:51.000000000 -0400
 +++ linux-2.6.30.5/arch/x86/xen/smp.c	2009-07-30 09:48:09.981489035 -0400
@@ -16525,6 +16467,22 @@ diff -urNp linux-2.6.30.5/Documentation/dontdiff linux-2.6.30.5/Documentation/do
  wakeup.bin
  wakeup.elf
  wakeup.lds
+diff -urNp linux-2.6.30.5/Documentation/kernel-parameters.txt linux-2.6.30.5/Documentation/kernel-parameters.txt
+--- linux-2.6.30.5/Documentation/kernel-parameters.txt	2009-07-24 17:47:51.000000000 -0400
++++ linux-2.6.30.5/Documentation/kernel-parameters.txt	2009-09-05 22:09:36.342979816 -0400
+@@ -1707,6 +1707,12 @@ and is between 256 and 4096 characters. 
+ 			the specified number of seconds.  This is to be used if
+ 			your oopses keep scrolling off the screen.
+ 
++	pax_nouderef	[X86-32] disables UDEREF.  Most likely needed under certain
++			virtualization environments that don't cope well with the
++			expand down segment used by UDEREF on X86-32.
++
++	pax_softmode=	[X86-32] 0/1 to disable/enable PaX softmode on boot already.
++
+ 	pcbit=		[HW,ISDN]
+ 
+ 	pcd.		[PARIDE]
 diff -urNp linux-2.6.30.5/drivers/acpi/blacklist.c linux-2.6.30.5/drivers/acpi/blacklist.c
 --- linux-2.6.30.5/drivers/acpi/blacklist.c	2009-07-24 17:47:51.000000000 -0400
 +++ linux-2.6.30.5/drivers/acpi/blacklist.c	2009-07-30 09:48:09.982442014 -0400
@@ -23662,7 +23620,7 @@ diff -urNp linux-2.6.30.5/fs/namei.c linux-2.6.30.5/fs/namei.c
  exit5:
 diff -urNp linux-2.6.30.5/fs/namespace.c linux-2.6.30.5/fs/namespace.c
 --- linux-2.6.30.5/fs/namespace.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/fs/namespace.c	2009-07-30 11:10:49.247492786 -0400
++++ linux-2.6.30.5/fs/namespace.c	2009-09-04 10:32:49.170674908 -0400
 @@ -1110,6 +1110,8 @@ static int do_umount(struct vfsmount *mn
  			lock_kernel();
  			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
@@ -23704,16 +23662,19 @@ diff -urNp linux-2.6.30.5/fs/namespace.c linux-2.6.30.5/fs/namespace.c
  	return retval;
  }
  
-@@ -2092,6 +2105,9 @@ SYSCALL_DEFINE5(mount, char __user *, de
- 	if (retval < 0)
- 		goto out3;
+@@ -2159,6 +2172,12 @@ SYSCALL_DEFINE2(pivot_root, const char _
+ 		goto out1;
+ 	}
  
-+	if (gr_handle_chroot_pivot())
-+		return -EPERM;
++	if (gr_handle_chroot_pivot()) {
++		error = -EPERM;
++		path_put(&old);
++		goto out1;
++	}
 +
- 	lock_kernel();
- 	retval = do_mount((char *)dev_page, dir_page, (char *)type_page,
- 			  flags, (void *)data_page);
+ 	read_lock(&current->fs->lock);
+ 	root = current->fs->root;
+ 	path_get(&current->fs->root);
 diff -urNp linux-2.6.30.5/fs/nfs/client.c linux-2.6.30.5/fs/nfs/client.c
 --- linux-2.6.30.5/fs/nfs/client.c	2009-07-24 17:47:51.000000000 -0400
 +++ linux-2.6.30.5/fs/nfs/client.c	2009-07-30 09:48:10.090670547 -0400
@@ -37808,7 +37769,7 @@ diff -urNp linux-2.6.30.5/init/Kconfig linux-2.6.30.5/init/Kconfig
  	boolean
 diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
 --- linux-2.6.30.5/init/main.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/init/main.c	2009-07-30 11:10:49.548504780 -0400
++++ linux-2.6.30.5/init/main.c	2009-09-05 22:09:36.281558154 -0400
 @@ -98,6 +98,7 @@ static inline void mark_rodata_ro(void) 
  #ifdef CONFIG_TC
  extern void tc_init(void);
@@ -37817,7 +37778,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
  
  enum system_states system_state __read_mostly;
  EXPORT_SYMBOL(system_state);
-@@ -184,6 +185,40 @@ static int __init set_reset_devices(char
+@@ -184,6 +185,34 @@ static int __init set_reset_devices(char
  
  __setup("reset_devices", set_reset_devices);
  
@@ -37826,22 +37787,16 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
 +{
 +	unsigned int cpu;
 +
-+#ifdef CONFIG_PAX_KERNEXEC
-+	unsigned long cr0;
-+
-+	pax_open_kernel(cr0);
-+#endif
-+
-+	for (cpu = 0; cpu < NR_CPUS; cpu++)
-+		get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].b = 0x00cf9300;
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+	pax_close_kernel(cr0);
-+#endif
++	for (cpu = 0; cpu < NR_CPUS; cpu++) {
++		get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3;
++		get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf;
++	}
++	asm("mov %0, %%ds" : : "r" (__KERNEL_DS) : "memory");
++	asm("mov %0, %%es" : : "r" (__KERNEL_DS) : "memory");
 +
-+	return 1;
++	return 0;
 +}
-+__setup("pax_nouderef", setup_pax_nouderef);
++early_param("pax_nouderef", setup_pax_nouderef);
 +#endif
 +
 +#ifdef CONFIG_PAX_SOFTMODE
@@ -37858,7 +37813,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
  static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
  char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
  static const char *panic_later, *panic_param;
-@@ -377,7 +412,7 @@ static void __init setup_nr_cpu_ids(void
+@@ -377,7 +406,7 @@ static void __init setup_nr_cpu_ids(void
  }
  
  #ifndef CONFIG_HAVE_SETUP_PER_CPU_AREA
@@ -37867,7 +37822,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
  
  EXPORT_SYMBOL(__per_cpu_offset);
  
-@@ -706,6 +741,7 @@ int do_one_initcall(initcall_t fn)
+@@ -706,6 +735,7 @@ int do_one_initcall(initcall_t fn)
  {
  	int count = preempt_count();
  	ktime_t calltime, delta, rettime;
@@ -37875,7 +37830,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
  	char msgbuf[64];
  	struct boot_trace_call call;
  	struct boot_trace_ret ret;
-@@ -736,15 +772,15 @@ int do_one_initcall(initcall_t fn)
+@@ -736,15 +766,15 @@ int do_one_initcall(initcall_t fn)
  		sprintf(msgbuf, "error code %d ", ret.result);
  
  	if (preempt_count() != count) {
@@ -37895,7 +37850,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
  	}
  
  	return ret.result;
-@@ -885,6 +921,8 @@ static int __init kernel_init(void * unu
+@@ -885,6 +915,8 @@ static int __init kernel_init(void * unu
  		prepare_namespace();
  	}
  
@@ -38765,7 +38720,7 @@ diff -urNp linux-2.6.30.5/kernel/lockdep_proc.c linux-2.6.30.5/kernel/lockdep_pr
  	.stop	= ls_stop,
 diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
 --- linux-2.6.30.5/kernel/module.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/kernel/module.c	2009-08-31 17:10:48.583705296 -0400
++++ linux-2.6.30.5/kernel/module.c	2009-09-04 10:14:21.379509177 -0400
 @@ -46,6 +46,11 @@
  #include <linux/rculist.h>
  #include <asm/uaccess.h>
@@ -39287,7 +39242,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
  
  	/* Taints info */
  	if (mod->taints)
-@@ -2722,7 +2870,15 @@ static const struct file_operations proc
+@@ -2722,7 +2870,17 @@ static const struct file_operations proc
  
  static int __init proc_modules_init(void)
  {
@@ -39299,11 +39254,13 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
 +#else
  	proc_create("modules", 0, NULL, &proc_modules_operations);
 +#endif
++#else
++	proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
 +#endif
  	return 0;
  }
  module_init(proc_modules_init);
-@@ -2781,12 +2937,12 @@ struct module *__module_address(unsigned
+@@ -2781,12 +2939,12 @@ struct module *__module_address(unsigned
  {
  	struct module *mod;
  
@@ -39319,7 +39276,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
  			return mod;
  	return NULL;
  }
-@@ -2820,11 +2976,20 @@ bool is_module_text_address(unsigned lon
+@@ -2820,11 +2978,20 @@ bool is_module_text_address(unsigned lon
   */
  struct module *__module_text_address(unsigned long addr)
  {
@@ -39479,6 +39436,48 @@ diff -urNp linux-2.6.30.5/kernel/power/poweroff.c linux-2.6.30.5/kernel/power/po
  {
  	register_sysrq_key('o', &sysrq_poweroff_op);
  	return 0;
+diff -urNp linux-2.6.30.5/kernel/power/process.c linux-2.6.30.5/kernel/power/process.c
+--- linux-2.6.30.5/kernel/power/process.c	2009-07-24 17:47:51.000000000 -0400
++++ linux-2.6.30.5/kernel/power/process.c	2009-09-05 22:09:36.402694954 -0400
+@@ -36,12 +36,15 @@ static int try_to_freeze_tasks(bool sig_
+ 	struct timeval start, end;
+ 	u64 elapsed_csecs64;
+ 	unsigned int elapsed_csecs;
++	bool timedout = false;
+ 
+ 	do_gettimeofday(&start);
+ 
+ 	end_time = jiffies + TIMEOUT;
+ 	do {
+ 		todo = 0;
++		if (time_after(jiffies, end_time))
++			timedout = true;
+ 		read_lock(&tasklist_lock);
+ 		do_each_thread(g, p) {
+ 			if (frozen(p) || !freezeable(p))
+@@ -56,15 +59,17 @@ static int try_to_freeze_tasks(bool sig_
+ 			 * It is "frozen enough".  If the task does wake
+ 			 * up, it will immediately call try_to_freeze.
+ 			 */
+-			if (!task_is_stopped_or_traced(p) &&
+-			    !freezer_should_skip(p))
++			if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) {
+ 				todo++;
++				if (timedout) {
++					printk(KERN_ERR "Task refusing to freeze:\n");
++					sched_show_task(p);
++				}
++			}
+ 		} while_each_thread(g, p);
+ 		read_unlock(&tasklist_lock);
+ 		yield();			/* Yield is okay here */
+-		if (time_after(jiffies, end_time))
+-			break;
+-	} while (todo);
++	} while (todo && !timedout);
+ 
+ 	do_gettimeofday(&end);
+ 	elapsed_csecs64 = timeval_to_ns(&end) - timeval_to_ns(&start);
 diff -urNp linux-2.6.30.5/kernel/printk.c linux-2.6.30.5/kernel/printk.c
 --- linux-2.6.30.5/kernel/printk.c	2009-07-24 17:47:51.000000000 -0400
 +++ linux-2.6.30.5/kernel/printk.c	2009-07-30 11:10:49.653305213 -0400
@@ -44374,7 +44373,7 @@ diff -urNp linux-2.6.30.5/scripts/mod/file2alias.c linux-2.6.30.5/scripts/mod/fi
  
 diff -urNp linux-2.6.30.5/scripts/mod/modpost.c linux-2.6.30.5/scripts/mod/modpost.c
 --- linux-2.6.30.5/scripts/mod/modpost.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/scripts/mod/modpost.c	2009-08-24 21:08:46.297666606 -0400
++++ linux-2.6.30.5/scripts/mod/modpost.c	2009-09-05 22:09:36.295627872 -0400
 @@ -831,6 +831,7 @@ enum mismatch {
  	INIT_TO_EXIT,
  	EXIT_TO_INIT,
@@ -44417,7 +44416,7 @@ diff -urNp linux-2.6.30.5/scripts/mod/modpost.c linux-2.6.30.5/scripts/mod/modpo
 +/*
 +		fprintf(stderr,
 +		"The variable %s references\n"
-+		"the %s %s%s%s\n"
++		"the %s %s%s%s\n",
 +		fromsym, to, sec2annotation(tosec), tosym, to_p);
 +*/
 +		break;
@@ -44507,8 +44506,8 @@ diff -urNp linux-2.6.30.5/scripts/pnmtologo.c linux-2.6.30.5/scripts/pnmtologo.c
      for (i = 0; i < logo_clutsize; i++) {
 diff -urNp linux-2.6.30.5/security/commoncap.c linux-2.6.30.5/security/commoncap.c
 --- linux-2.6.30.5/security/commoncap.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/security/commoncap.c	2009-08-24 23:47:08.385801876 -0400
-@@ -27,10 +27,23 @@
++++ linux-2.6.30.5/security/commoncap.c	2009-09-02 19:10:12.366389421 -0400
+@@ -27,10 +27,13 @@
  #include <linux/sched.h>
  #include <linux/prctl.h>
  #include <linux/securebits.h>
@@ -44519,16 +44518,6 @@ diff -urNp linux-2.6.30.5/security/commoncap.c linux-2.6.30.5/security/commoncap
  int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
  {
 -	NETLINK_CB(skb).eff_cap = current_cap();
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+	const struct cred *tmpcred = current_cred();
-+
-+	if (sk->sk_protocol == NETLINK_ROUTE && tmpcred->uid
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+	    && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+	)
-+		return -EPERM;
-+#endif		
 +	NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk);
  	return 0;
  }
diff --git a/main/xtables-addons-grsec/APKBUILD b/main/xtables-addons-grsec/APKBUILD
index 3c3bd6d989..6ecca73660 100644
--- a/main/xtables-addons-grsec/APKBUILD
+++ b/main/xtables-addons-grsec/APKBUILD
@@ -16,7 +16,7 @@ fi
 
 pkgname=${_realname}-${_flavor}
 pkgver=${pkgver:-1.17}
-pkgrel=8
+pkgrel=9
 pkgdesc="Iptables extensions kernel modules"
 url="http://xtables-addons.sourceforge.net/"
 license="GPL"
author	Natanael Copa <ncopa@alpinelinux.org>	2009-09-09 11:01:10 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2009-09-09 11:02:03 +0000
commit	3e5fbd36b049467ce7f0c31cbb9556080ec60df4 (patch)
tree	6e6b9c28a523a636ae8d9b3a282b79b698a04c9b
parent	ceabdffa966b770cb8a44541f0571731dba55e14 (diff)
download	aports-3e5fbd36b049467ce7f0c31cbb9556080ec60df4.tar.bz2 aports-3e5fbd36b049467ce7f0c31cbb9556080ec60df4.tar.xz