diff options
author | Timo Teräs <timo.teras@iki.fi> | 2016-05-14 12:39:31 +0000 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2016-05-14 12:39:31 +0000 |
commit | 735a11bff7cfde091a27a6a5b90608e3a5f9a2d8 (patch) | |
tree | 92bb3c7c0190896d8eaab38d0ea0f5e11f0d7cd9 /main | |
parent | bcb414cd04d0d597043ae07f2d1b77661deebbe5 (diff) | |
download | aports-735a11bff7cfde091a27a6a5b90608e3a5f9a2d8.tar.bz2 aports-735a11bff7cfde091a27a6a5b90608e3a5f9a2d8.tar.xz |
main/linux-grsec: upgrade to 4.4.10
Diffstat (limited to 'main')
-rw-r--r-- | main/linux-grsec/APKBUILD | 22 | ||||
-rw-r--r-- | main/linux-grsec/xsa174.patch | 62 |
2 files changed, 9 insertions, 75 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index ca0aea4de6..e1b7583474 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _mainflavor=grsec pkgname=linux-$_mainflavor -pkgver=4.4.8 +pkgver=4.4.10 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=2 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs" @@ -17,11 +17,10 @@ options="!strip" install= source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz - https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/test/grsecurity-3.1-4.4.8-201604252206.patch + http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-4.4.10-201604252206-alpine.patch fix-spi-nor-namespace-clash.patch imx6q-no-unclocked-sleep.patch - xsa174.patch config-grsec.x86 config-grsec.x86_64 @@ -212,33 +211,30 @@ virtgrsec_dev() { } md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz -c1d8f46e5b2ee7c925fc38f20a3726d3 patch-4.4.8.xz -c2a6b88b18bc5b54d0d7122a1c692060 grsecurity-3.1-4.4.8-201604252206.patch +1b9a296c0d0b778e8173299618f2d84f patch-4.4.10.xz +332d70ecd3eb373ce3c54888b6dbae3c grsecurity-3.1-4.4.10-201604252206-alpine.patch c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch -14a8a1826416f04ae98918145139cea6 xsa174.patch af91f128ddf9407bb212cbaebca79354 config-grsec.x86 503656217c0cfb0c481b3804285f0166 config-grsec.x86_64 a453b5ddc5ce5b1ed487747ae785d615 config-grsec.armhf ff753181afb1538d9d3d14fe65f834c8 config-virtgrsec.x86 807a5cc9253c26d96243cc3188f7ea8c config-virtgrsec.x86_64" sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz -11ec99ae0600bd831ff8d71b77e64592f4b6918b7857fd9ff0284ea4cf267b4e patch-4.4.8.xz -b631b75cf38e08409812e9869f3a8b5b5b5085ba32ab62fd4c03d803f652a57f grsecurity-3.1-4.4.8-201604252206.patch +df66bd2532cac85dfb85d6ca9b750689e02278442652a0b047304e3322947d17 patch-4.4.10.xz +dad9b44b8c9cc7de7127fb8757213e0694df89559da5d1ef40c90772124b4949 grsecurity-3.1-4.4.10-201604252206-alpine.patch b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch 7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch -cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef xsa174.patch c247a003fb358f611d801277f89a13393d1620ad804553ada97433ef52a7706b config-grsec.x86 d2b771f67eecad71745956dc0dea40fc702f39e4caee195b11877307d5ab2622 config-grsec.x86_64 ac8407f225ff6cb6be9ccd69729262241e61455f816cdea3070e30ddf453f7db config-grsec.armhf 8b4a1927b831e94f65ec1b08f9e3bf3f64cea1e6e85e3b6b3dc1a8796e0f206d config-virtgrsec.x86 5d46d80c811d6d321569f3f4550769cd4f68b46b8fa5406e7b0f350e00eec1a6 config-virtgrsec.x86_64" sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz -d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a44655afb7d823fb94ad8d8710902367c9b12911eb2247a12f2c7 patch-4.4.8.xz -49ec328ec1a5232af1f370101a64d9b7021bd2cb7744b3db181311d6aa4886ba1ef36457fbf22b97b21b0ad313fbea780c9441778e4d5bb9f8deae76dd6e499d grsecurity-3.1-4.4.8-201604252206.patch +05277847fb0cd1ae2c488031935979964706f76fd44b2f0790ecc4c8a785e6c3e43af45213f09f07e26ab74f43b5569f6bf87fd15ef9721cf3163abfa49dda7c patch-4.4.10.xz +53c24590a97f037d1f8a1e7219bb8c422c2efbc90252dd67b69f333f0f651e0321f04376f0119685650e8f8c372cc6185ea31085334bff4a2a9af769672c8ec4 grsecurity-3.1-4.4.10-201604252206-alpine.patch 410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch 9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch -a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3 xsa174.patch d7cb2b8600bd95c25aba5fc21f27a89eb1257d003c6e98bc81989a6027536c15c4c4abbcdc16fadd84383d3e29c6814ddf0c4f8524b53b69eed8763cc2c14e92 config-grsec.x86 900d18cb27b99ca91cb48fa8fc27a74f1b700eb826ef26fcfa18a379e9b7521ddac65edc57757de766e76d1c576a4d6e80a6778afc3c34394b165ab9a707cba0 config-grsec.x86_64 97de0656bbf99b66431587fda8c914aa08950c1865de018ed7a1b5f99b98f91e2e935d2341dbab44af1ca8c2370953fbbeca58c00e201f97e1b15bbec41d52d6 config-grsec.armhf diff --git a/main/linux-grsec/xsa174.patch b/main/linux-grsec/xsa174.patch deleted file mode 100644 index 9c15d57c30..0000000000 --- a/main/linux-grsec/xsa174.patch +++ /dev/null @@ -1,62 +0,0 @@ -x86/xen: suppress hugetlbfs in PV guests - -Huge pages are not normally available to PV guests. Not suppressing -hugetlbfs use results in an endless loop of page faults when user mode -code tries to access a hugetlbfs mapped area (since the hypervisor -denies such PTEs to be created, but error indications can't be -propagated out of xen_set_pte_at(), just like for various of its -siblings), and - once killed in an oops like this: - -kernel BUG at .../fs/hugetlbfs/inode.c:428! -invalid opcode: 0000 [#1] SMP -Modules linked in: ... -Supported: Yes -CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2 -Hardware name: ... -task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000 -RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320 -RSP: e02b:ffff880803c879a8 EFLAGS: 00010202 -RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38 -RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960 -RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 -R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0 -FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000 -CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b -CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660 -Stack: - ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0 - ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000 - ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758 -Call Trace: - [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40 - [<ffffffff81167b3d>] evict+0xbd/0x1b0 - [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0 - [<ffffffff81165b0e>] dput+0x1fe/0x220 - [<ffffffff81150535>] __fput+0x155/0x200 - [<ffffffff81079fc0>] task_work_run+0x60/0xa0 - [<ffffffff81063510>] do_exit+0x160/0x400 - [<ffffffff810637eb>] do_group_exit+0x3b/0xa0 - [<ffffffff8106e8bd>] get_signal+0x1ed/0x470 - [<ffffffff8100f854>] do_signal+0x14/0x110 - [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0 - [<ffffffff814178a5>] retint_user+0x8/0x13 - -This is XSA-174. - -Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Cc: stable@vger.kernel.org ---- -v2: Make Xen-inspecific, by using cpu_has_pse. - ---- a/arch/x86/include/asm/hugetlb.h -+++ b/arch/x86/include/asm/hugetlb.h -@@ -4,6 +4,7 @@ - #include <asm/page.h> - #include <asm-generic/hugetlb.h> - -+#define hugepages_supported() cpu_has_pse - - static inline int is_hugepage_only_range(struct mm_struct *mm, - unsigned long addr, |