diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 8 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.2.5-201202061800.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch) | 52 |
2 files changed, 43 insertions, 17 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 500e8b4c42..7b618c1743 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.2.4 +pkgver=3.2.5 _kernver=3.2 pkgrel=0 pkgdesc="Linux kernel with grsecurity" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.2.2-3.2.4-201202051927.patch + grsecurity-2.2.2-3.2.5-201202061800.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -140,8 +140,8 @@ dev() { } md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2 -02adf3e0450969dec6219ca52ff2a68a patch-3.2.4.bz2 -87a8ebc1d936b51263e09f0ba95ca0ad grsecurity-2.2.2-3.2.4-201202051927.patch +fb4d0b76b4c9a42977d75c4b2f3948d0 patch-3.2.5.bz2 +ea0ecef24bf10a8c0f9c4b705a10daf8 grsecurity-2.2.2-3.2.5-201202061800.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch 62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch diff --git a/main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch b/main/linux-grsec/grsecurity-2.2.2-3.2.5-201202061800.patch index b2dcf41b69..8adfe9cc59 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.2.5-201202061800.patch @@ -186,7 +186,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index c8e187e..c445af7 100644 +index e9dd0ff..e4c0733 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -23734,7 +23734,7 @@ index 6687022..ceabcfa 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 7c1b765..180e3b2 100644 +index 7c1b765..3d8ea45 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end) @@ -23759,7 +23759,23 @@ index 7c1b765..180e3b2 100644 /* Before first pass, make a rough estimation of addrs[] * each bpf instruction is translated to less than 64 bytes */ -@@ -592,11 +600,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -476,7 +484,7 @@ void bpf_jit_compile(struct sk_filter *fp) + func = sk_load_word; + common_load: seen |= SEEN_DATAREF; + if ((int)K < 0) +- goto out; ++ goto error; + t_offset = func - (image + addrs[i]); + EMIT1_off32(0xbe, K); /* mov imm32,%esi */ + EMIT1_off32(0xe8, t_offset); /* call */ +@@ -586,17 +594,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; + break; + default: + /* hmm, too complex filter, give up with jit compiler */ +- goto out; ++ goto error; + } + ilen = prog - temp; if (image) { if (unlikely(proglen + ilen > oldproglen)) { pr_err("bpb_jit_compile fatal error\n"); @@ -23767,7 +23783,7 @@ index 7c1b765..180e3b2 100644 - module_free(NULL, image); - return; + module_free_exec(NULL, image); -+ goto out; ++ goto error; } + pax_open_kernel(); memcpy(image + proglen, temp, ilen); @@ -23775,23 +23791,33 @@ index 7c1b765..180e3b2 100644 } proglen += ilen; addrs[i] = proglen; -@@ -617,7 +626,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -617,11 +626,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { - image = module_alloc(max_t(unsigned int, -+ image = module_alloc_exec(max_t(unsigned int, - proglen, - sizeof(struct work_struct))); +- proglen, +- sizeof(struct work_struct))); ++ image = module_alloc_exec(proglen); if (!image) -@@ -639,24 +648,27 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; - fp->bpf_func = (void *)image; +- goto out; ++ goto error; + } + oldproglen = proglen; } +@@ -637,7 +644,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; + bpf_flush_icache(image, image + proglen); + + fp->bpf_func = (void *)image; +- } ++ } else ++error: ++ kfree(fp->work); ++ out: -+ kfree(fp->work); kfree(addrs); return; - } +@@ -645,18 +655,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -33547,7 +33573,7 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index cbfbab1..6a9fced 100644 +index 1cfbf22..be96487 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ |