aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2010-11-03 15:53:10 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2010-11-03 15:53:10 +0000
commitf4dbbef2987efe748a576eec670614b5132a97ee (patch)
treebaa69bff510a566647566d9fe0370aa46cff49a0
parentb21263b3339301e8cccbef9fba6b7321cf843fab (diff)
downloadaports-f4dbbef2987efe748a576eec670614b5132a97ee.tar.bz2
aports-f4dbbef2987efe748a576eec670614b5132a97ee.tar.xz
main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.35.8-201011022021
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201011022021.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201010311944.patch)121
2 files changed, 106 insertions, 21 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index bd25e8bef0..c46238b233 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.35.8
_kernver=2.6.35
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.2.0-2.6.35.8-201010311944.patch
+ grsecurity-2.2.0-2.6.35.8-201011022021.patch
0004-arp-flush-arp-cache-on-device-change.patch
r8169-fix-rx-checksum-offload.patch
r8169-add-gro-support.patch
@@ -140,7 +140,7 @@ firmware() {
md5sums="091abeb4684ce03d1d936851618687b6 linux-2.6.35.tar.bz2
198e4e72ea9cc7f9f25bb5881167aa2e patch-2.6.35.8.bz2
-3ad2911a6009758d1df3fff0bce11405 grsecurity-2.2.0-2.6.35.8-201010311944.patch
+ec3743cf416ebdc47dbc088aaf33e8e8 grsecurity-2.2.0-2.6.35.8-201011022021.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
0ccecafd4123dcad0b0cd7787553d734 r8169-fix-rx-checksum-offload.patch
139b39da44ecb577275be53d7d365949 r8169-add-gro-support.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201010311944.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201011022021.patch
index 25d1ccbc21..ed9ad022f8 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201010311944.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201011022021.patch
@@ -11753,7 +11753,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/head32.c linux-2.6.35.8/arch/x86/kerne
/* Reserve INITRD */
diff -urNp linux-2.6.35.8/arch/x86/kernel/head_32.S linux-2.6.35.8/arch/x86/kernel/head_32.S
--- linux-2.6.35.8/arch/x86/kernel/head_32.S 2010-10-31 17:13:58.000000000 -0400
-+++ linux-2.6.35.8/arch/x86/kernel/head_32.S 2010-10-31 17:21:20.000000000 -0400
++++ linux-2.6.35.8/arch/x86/kernel/head_32.S 2010-11-02 19:22:48.000000000 -0400
@@ -25,6 +25,12 @@
/* Physical address */
#define pa(X) ((X) - __PAGE_OFFSET)
@@ -12045,7 +12045,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/head_32.S linux-2.6.35.8/arch/x86/kern
ENTRY(swapper_pg_dir)
.fill 1024,4,0
#endif
-+
++.section .swapper_pg_fixmap,"a",@progbits
swapper_pg_fixmap:
.fill 1024,4,0
#ifdef CONFIG_X86_TRAMPOLINE
@@ -14567,7 +14567,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmi_32.c linux-2.6.35.8/arch/x86/kerne
local_irq_save(flags);
diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S
--- linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S 2010-08-26 19:47:12.000000000 -0400
-+++ linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S 2010-09-17 20:12:09.000000000 -0400
++++ linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S 2010-11-02 19:23:16.000000000 -0400
@@ -26,6 +26,13 @@
#include <asm/page_types.h>
#include <asm/cache.h>
@@ -14653,7 +14653,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
HEAD_TEXT
#ifdef CONFIG_X86_32
. = ALIGN(PAGE_SIZE);
-@@ -108,13 +130,50 @@ SECTIONS
+@@ -108,13 +130,52 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
@@ -14695,8 +14695,10 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
+ *(.idt)
+ . = ALIGN(PAGE_SIZE);
+ *(.empty_zero_page)
++ *(.swapper_pg_fixmap)
+ *(.swapper_pg_pmd)
+ *(.swapper_pg_dir)
++ *(.trampoline_pg_dir)
+ } :rodata
+#endif
+
@@ -14708,7 +14710,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
X64_ALIGN_DEBUG_RODATA_BEGIN
RO_DATA(PAGE_SIZE)
-@@ -122,16 +181,20 @@ SECTIONS
+@@ -122,16 +183,20 @@ SECTIONS
/* Data */
.data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -14732,7 +14734,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
PAGE_ALIGNED_DATA(PAGE_SIZE)
-@@ -194,12 +257,6 @@ SECTIONS
+@@ -194,12 +259,6 @@ SECTIONS
}
vgetcpu_mode = VVIRT(.vgetcpu_mode);
@@ -14745,7 +14747,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
.vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
*(.vsyscall_3)
}
-@@ -215,12 +272,19 @@ SECTIONS
+@@ -215,12 +274,19 @@ SECTIONS
#endif /* CONFIG_X86_64 */
/* Init code and data - will be freed after init */
@@ -14768,7 +14770,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
/*
* percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
* output PHDR, so the next output section - .init.text - should
-@@ -229,12 +293,27 @@ SECTIONS
+@@ -229,12 +295,27 @@ SECTIONS
PERCPU_VADDR(0, :percpu)
#endif
@@ -14801,7 +14803,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
__x86_cpu_dev_start = .;
-@@ -260,19 +339,11 @@ SECTIONS
+@@ -260,19 +341,11 @@ SECTIONS
*(.altinstr_replacement)
}
@@ -14822,7 +14824,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
PERCPU(PAGE_SIZE)
#endif
-@@ -291,16 +362,10 @@ SECTIONS
+@@ -291,16 +364,10 @@ SECTIONS
.smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
__smp_locks = .;
*(.smp_locks)
@@ -14840,7 +14842,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
/* BSS */
. = ALIGN(PAGE_SIZE);
.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -316,6 +381,7 @@ SECTIONS
+@@ -316,6 +383,7 @@ SECTIONS
__brk_base = .;
. += 64 * 1024; /* 64k alignment slop space */
*(.brk_reservation) /* areas brk users have reserved */
@@ -14848,7 +14850,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
__brk_limit = .;
}
-@@ -342,13 +408,12 @@ SECTIONS
+@@ -342,13 +410,12 @@ SECTIONS
* for the boot processor.
*/
#define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
@@ -54778,6 +54780,25 @@ diff -urNp linux-2.6.35.8/net/atm/resources.c linux-2.6.35.8/net/atm/resources.c
__AAL_STAT_ITEMS
#undef __HANDLE_ITEM
}
+diff -urNp linux-2.6.35.8/net/ax25/af_ax25.c linux-2.6.35.8/net/ax25/af_ax25.c
+--- linux-2.6.35.8/net/ax25/af_ax25.c 2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.8/net/ax25/af_ax25.c 2010-11-02 19:44:50.000000000 -0400
+@@ -1392,6 +1392,7 @@ static int ax25_getname(struct socket *s
+ ax25_cb *ax25;
+ int err = 0;
+
++ memset(fsa, 0, sizeof(*fsa));
+ lock_sock(sk);
+ ax25 = ax25_sk(sk);
+
+@@ -1403,7 +1404,6 @@ static int ax25_getname(struct socket *s
+
+ fsa->fsa_ax25.sax25_family = AF_AX25;
+ fsa->fsa_ax25.sax25_call = ax25->dest_addr;
+- fsa->fsa_ax25.sax25_ndigis = 0;
+
+ if (ax25->digipeat != NULL) {
+ ndigi = ax25->digipeat->ndigi;
diff -urNp linux-2.6.35.8/net/bridge/br_multicast.c linux-2.6.35.8/net/bridge/br_multicast.c
--- linux-2.6.35.8/net/bridge/br_multicast.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/bridge/br_multicast.c 2010-10-11 22:41:44.000000000 -0400
@@ -55753,9 +55774,28 @@ diff -urNp linux-2.6.35.8/net/netlink/af_netlink.c linux-2.6.35.8/net/netlink/af
atomic_read(&s->sk_refcnt),
atomic_read(&s->sk_drops),
sock_i_ino(s)
+diff -urNp linux-2.6.35.8/net/netrom/af_netrom.c linux-2.6.35.8/net/netrom/af_netrom.c
+--- linux-2.6.35.8/net/netrom/af_netrom.c 2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.8/net/netrom/af_netrom.c 2010-11-02 19:46:20.000000000 -0400
+@@ -840,6 +840,7 @@ static int nr_getname(struct socket *soc
+ struct sock *sk = sock->sk;
+ struct nr_sock *nr = nr_sk(sk);
+
++ memset(sax, 0, sizeof(*sax));
+ lock_sock(sk);
+ if (peer != 0) {
+ if (sk->sk_state != TCP_ESTABLISHED) {
+@@ -854,7 +855,6 @@ static int nr_getname(struct socket *soc
+ *uaddr_len = sizeof(struct full_sockaddr_ax25);
+ } else {
+ sax->fsa_ax25.sax25_family = AF_NETROM;
+- sax->fsa_ax25.sax25_ndigis = 0;
+ sax->fsa_ax25.sax25_call = nr->source_addr;
+ *uaddr_len = sizeof(struct sockaddr_ax25);
+ }
diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_packet.c
--- linux-2.6.35.8/net/packet/af_packet.c 2010-08-26 19:47:12.000000000 -0400
-+++ linux-2.6.35.8/net/packet/af_packet.c 2010-10-11 22:41:44.000000000 -0400
++++ linux-2.6.35.8/net/packet/af_packet.c 2010-11-02 19:42:44.000000000 -0400
@@ -1595,8 +1595,9 @@ static int packet_recvmsg(struct kiocb *
err = -EINVAL;
@@ -55767,7 +55807,24 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
if (skb_is_gso(skb)) {
struct skb_shared_info *sinfo = skb_shinfo(skb);
-@@ -2093,7 +2094,7 @@ static int packet_getsockopt(struct sock
+@@ -1704,7 +1705,7 @@ static int packet_getname_spkt(struct so
+ rcu_read_lock();
+ dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
+ if (dev)
+- strlcpy(uaddr->sa_data, dev->name, 15);
++ strncpy(uaddr->sa_data, dev->name, 14);
+ else
+ memset(uaddr->sa_data, 0, 14);
+ rcu_read_unlock();
+@@ -1727,6 +1728,7 @@ static int packet_getname(struct socket
+ sll->sll_family = AF_PACKET;
+ sll->sll_ifindex = po->ifindex;
+ sll->sll_protocol = po->num;
++ sll->sll_pkttype = 0;
+ rcu_read_lock();
+ dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex);
+ if (dev) {
+@@ -2093,7 +2095,7 @@ static int packet_getsockopt(struct sock
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -55776,7 +55833,7 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -2125,7 +2126,7 @@ static int packet_getsockopt(struct sock
+@@ -2125,7 +2127,7 @@ static int packet_getsockopt(struct sock
if (put_user(len, optlen))
return -EFAULT;
@@ -55785,7 +55842,7 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
return -EFAULT;
return 0;
}
-@@ -2604,7 +2605,11 @@ static int packet_seq_show(struct seq_fi
+@@ -2604,7 +2606,11 @@ static int packet_seq_show(struct seq_fi
seq_printf(seq,
"%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
@@ -56080,8 +56137,16 @@ diff -urNp linux-2.6.35.8/net/sysctl_net.c linux-2.6.35.8/net/sysctl_net.c
}
diff -urNp linux-2.6.35.8/net/tipc/socket.c linux-2.6.35.8/net/tipc/socket.c
--- linux-2.6.35.8/net/tipc/socket.c 2010-08-26 19:47:12.000000000 -0400
-+++ linux-2.6.35.8/net/tipc/socket.c 2010-09-17 20:12:09.000000000 -0400
-@@ -1451,8 +1451,9 @@ static int connect(struct socket *sock,
++++ linux-2.6.35.8/net/tipc/socket.c 2010-11-02 19:49:48.000000000 -0400
+@@ -395,6 +395,7 @@ static int get_name(struct socket *sock,
+ struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr;
+ struct tipc_sock *tsock = tipc_sk(sock->sk);
+
++ memset(addr, 0, sizeof(*addr));
+ if (peer) {
+ if ((sock->state != SS_CONNECTED) &&
+ ((peer != 2) || (sock->state != SS_DISCONNECTING)))
+@@ -1451,8 +1452,9 @@ static int connect(struct socket *sock,
} else {
if (res == 0)
res = -ETIMEDOUT;
@@ -56213,6 +56278,26 @@ diff -urNp linux-2.6.35.8/net/wireless/wext-core.c linux-2.6.35.8/net/wireless/w
err = handler(dev, info, (union iwreq_data *) iwp, extra);
iwp->length += essid_compat;
+diff -urNp linux-2.6.35.8/net/x25/x25_facilities.c linux-2.6.35.8/net/x25/x25_facilities.c
+--- linux-2.6.35.8/net/x25/x25_facilities.c 2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.8/net/x25/x25_facilities.c 2010-11-02 19:50:35.000000000 -0400
+@@ -134,14 +134,14 @@ int x25_parse_facilities(struct sk_buff
+ case X25_FAC_CLASS_D:
+ switch (*p) {
+ case X25_FAC_CALLING_AE:
+- if (p[1] > X25_MAX_DTE_FACIL_LEN)
++ if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] == 0)
+ break;
+ dte_facs->calling_len = p[2];
+ memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
+ *vc_fac_mask |= X25_MASK_CALLING_AE;
+ break;
+ case X25_FAC_CALLED_AE:
+- if (p[1] > X25_MAX_DTE_FACIL_LEN)
++ if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] == 0)
+ break;
+ dte_facs->called_len = p[2];
+ memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
diff -urNp linux-2.6.35.8/net/xfrm/xfrm_policy.c linux-2.6.35.8/net/xfrm/xfrm_policy.c
--- linux-2.6.35.8/net/xfrm/xfrm_policy.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/xfrm/xfrm_policy.c 2010-09-17 20:12:09.000000000 -0400