main/linux-grsec: upgrade to grsecurity-3.0-3.14.27-201501042018

(cherry picked from commit 0ade6e80d5a3a213ae8b079e25319aff511ca38f)
author: Natanael Copa <ncopa@alpinelinux.org> 2015-01-06 07:18:05 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-01-06 07:43:48 +0000
commit: 3a5a1bb4eecd7714f16faf170f9abb436a16e4be (patch)
tree: 4cc7ed0c0f18738049d27c236d73f19d600d6697
parent: 6ed16f4025c8bca5fe91c83683f96095bd372835 (diff)
download: aports-3a5a1bb4eecd7714f16faf170f9abb436a16e4be.tar.bz2
aports-3a5a1bb4eecd7714f16faf170f9abb436a16e4be.tar.xz
2 files changed, 19 insertions, 10 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index e82bdd4484..8c6556f77e 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
 esac
-pkgrel=1
+pkgrel=2
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	grsecurity-3.0-3.14.27-201501011217.patch
+	grsecurity-3.0-3.14.27-201501042018.patch
 
 	fix-memory-map-for-PIE-applications.patch
 	imx6q-no-unclocked-sleep.patch
@@ -167,7 +167,7 @@ dev() {
 
 md5sums="b621207b3f6ecbb67db18b13258f8ea8  linux-3.14.tar.xz
 d79fd9ea62b9c9dd3c17ed7651a9e408  patch-3.14.27.xz
-760c7d4f8a06507eddae37e3061c13f2  grsecurity-3.0-3.14.27-201501011217.patch
+ca00f323d00586c39cd56cba64b53959  grsecurity-3.0-3.14.27-201501042018.patch
 c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
 1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
 59a78a67677e25540028414bb5eb6330  gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
@@ -176,7 +176,7 @@ c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
 6709c83fbbd38d40f31d39f0022d4ce9  kernelconfig.armhf"
 sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa  linux-3.14.tar.xz
 5f84a4ff394444486d1715d5283383a8461ff089ed9b9fdc5dde2ed65531d21e  patch-3.14.27.xz
-9136a07098a7bc9fe9da7a4ce1137097e095f8068072ac2b158a40b1d4f13b0e  grsecurity-3.0-3.14.27-201501011217.patch
+3ce5950b71acc8b44db2611b5c72d999352b025dbfb8c90517ce0c8ab52d2e84  grsecurity-3.0-3.14.27-201501042018.patch
 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
 f04d0f6610398f3657ddb2e6926113c43ec331ae256704bca4de11f432881ec5  gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
@@ -185,7 +185,7 @@ d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6  kernelconfig.x
 01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc  kernelconfig.armhf"
 sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e  linux-3.14.tar.xz
 1191ef739905b2e5057c5273e5cf026baea1ea4855dca8375dbe4ecaa7e6d2d38b8103e2781554f2d9ecf9026fdad1086c6b9d8f0b41fcb8e39aca0612e208e7  patch-3.14.27.xz
-7101a9c507dbd701f6371a1237616f052f6573a99e51afcbec4599e9b57cf8d460412df1e71b8da52f1d4bd9db5457d61852cc1b9736cbdc734df93b7f237f7a  grsecurity-3.0-3.14.27-201501011217.patch
+5af36af71741806a91f509c2b71a6e47fb678c8afb12b2c8bc5890594e90ca27e44641f510187de121a5208cf510d860e71ea1b256cf0e0daf8cf5e4ead1e674  grsecurity-3.0-3.14.27-201501042018.patch
 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
 ddc32533bd519db5298895eb2da5eb95390999bd3f6d27b5eee38551387df4a43f537235d6a9be859ee1f433420f3afbf01e2c1e7ca0175b27460598c5c385f9  gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.27-201501011217.patch b/main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch
index 176a326ac8..c044d3506c 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.27-201501011217.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch
@@ -27991,7 +27991,7 @@ index 1c113db..287b42e 100644
  static int trace_irq_vector_refcount;
  static DEFINE_MUTEX(irq_vector_mutex);
 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index f9d976e..3b48355 100644
+index f9d976e..488b635 100644
 --- a/arch/x86/kernel/traps.c
 +++ b/arch/x86/kernel/traps.c
 @@ -66,7 +66,7 @@
@@ -28136,7 +28136,16 @@ index f9d976e..3b48355 100644
  	tsk->thread.error_code = error_code;
  	tsk->thread.trap_nr = X86_TRAP_GP;
  
-@@ -410,7 +451,7 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
+@@ -404,13 +445,16 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
+ 		container_of(task_pt_regs(current),
+ 			     struct bad_iret_stack, regs);
+ 
++	if ((current->thread.sp0 ^ (unsigned long)s) < THREAD_SIZE)
++		new_stack = s;
++
+ 	/* Copy the IRET target to the new stack. */
+ 	memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8);
+ 
  	/* Copy the remainder of the stack from the current stack. */
  	memmove(new_stack, s, offsetof(struct bad_iret_stack, regs.ip));
  
@@ -28145,7 +28154,7 @@ index f9d976e..3b48355 100644
  	return new_stack;
  }
  #endif
-@@ -490,7 +531,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -490,7 +534,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
  	/* It's safe to allow irq's after DR6 has been saved */
  	preempt_conditional_sti(regs);
  
@@ -28154,7 +28163,7 @@ index f9d976e..3b48355 100644
  		handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code,
  					X86_TRAP_DB);
  		preempt_conditional_cli(regs);
-@@ -505,7 +546,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -505,7 +549,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
  	 * We already checked v86 mode above, so we can check for kernel mode
  	 * by just checking the CPL of CS.
  	 */
@@ -28163,7 +28172,7 @@ index f9d976e..3b48355 100644
  		tsk->thread.debugreg6 &= ~DR_STEP;
  		set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
  		regs->flags &= ~X86_EFLAGS_TF;
-@@ -537,7 +578,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
+@@ -537,7 +581,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
  		return;
  	conditional_sti(regs);
author	Natanael Copa <ncopa@alpinelinux.org>	2015-01-06 07:18:05 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-01-06 07:43:48 +0000
commit	3a5a1bb4eecd7714f16faf170f9abb436a16e4be (patch)
tree	4cc7ed0c0f18738049d27c236d73f19d600d6697
parent	6ed16f4025c8bca5fe91c83683f96095bd372835 (diff)
download	aports-3a5a1bb4eecd7714f16faf170f9abb436a16e4be.tar.bz2 aports-3a5a1bb4eecd7714f16faf170f9abb436a16e4be.tar.xz