aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD10
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.29-201501211943.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.29-201501182217.patch)173
2 files changed, 170 insertions, 13 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 63072add3b..4170d3e0f1 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.29-201501182217.patch
+ grsecurity-3.0-3.14.29-201501211943.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -167,7 +167,7 @@ dev() {
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
27e0d59e4348d87fba25db6cda180092 patch-3.14.29.xz
-a11c1fe1e8077d8573802df0c56ae3a4 grsecurity-3.0-3.14.29-201501182217.patch
+9d10500dc6750d112fe1ac777c62ea72 grsecurity-3.0-3.14.29-201501211943.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
1ced4011e09c6e0a72101d65670f0b5c net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
@@ -176,7 +176,7 @@ c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
6709c83fbbd38d40f31d39f0022d4ce9 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
38b6a77a0364f0045e2006bbc3638db298d92e8d02bd7daef302d21c5fdc029b patch-3.14.29.xz
-3f22ab2bdba95d82bf186670fd6b2dfa77d6d9863eb9b13b149132ca329771bc grsecurity-3.0-3.14.29-201501182217.patch
+cd446eff1c316bb82373d05c7da556c0f30855851da76f1ed0b40dbdff1de34d grsecurity-3.0-3.14.29-201501211943.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
2c8158a2a4042ac1bcbfa046eb1c7966de56d3797eee99d153d2b176dfff165c net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
@@ -185,7 +185,7 @@ d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x
01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
e95d0ec8bb426a3517c72189007c2bd004320d2b53b01db4d9f88da7523517047f84716252d8e8400233304f0bcae326a517d6c7f8b893e102e2a48a9c21b8bf patch-3.14.29.xz
-fa2ea9e14327977dd3e97301dedc2e4b9f9c405ab1d8f28b8a03386a047b592dbc87b5a6a3ddd835a59e6c197532eadbb78ba064cb76f48fec4bf44ba58afb56 grsecurity-3.0-3.14.29-201501182217.patch
+fb1dec4af46aa5a36dcb57c0b7afe5475582a7dcc7d6617ef173f8fce36da22a75dd04fdcabf2569c64f4180b38ef405911815f27731849c388c2ead40b426d6 grsecurity-3.0-3.14.29-201501211943.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
ce0429ba660fa010252e09fc812680b8dafb7b6b213c8eabde89e289f3db536253b81841ec1a73de5408e5556dd5e99c3536dc48457750bfdf7845a3df2b9a79 net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.29-201501182217.patch b/main/linux-grsec/grsecurity-3.0-3.14.29-201501211943.patch
index 6a5071f9a0..5df869a127 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.29-201501182217.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.29-201501211943.patch
@@ -43956,7 +43956,7 @@ index 1946101..09766d2 100644
#include "qib_common.h"
#include "qib_verbs.h"
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
-index ce953d8..da10215 100644
+index ce953d8..1469995 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -422,7 +422,7 @@ static int evdev_open(struct inode *inode, struct file *file)
@@ -43968,6 +43968,43 @@ index ce953d8..da10215 100644
return error;
}
+@@ -757,20 +757,23 @@ static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
+ */
+ static int evdev_handle_get_val(struct evdev_client *client,
+ struct input_dev *dev, unsigned int type,
+- unsigned long *bits, unsigned int max,
+- unsigned int size, void __user *p, int compat)
++ unsigned long *bits, unsigned int maxbit,
++ unsigned int maxlen, void __user *p,
++ int compat)
+ {
+ int ret;
+ unsigned long *mem;
++ size_t len;
+
+- mem = kmalloc(sizeof(unsigned long) * max, GFP_KERNEL);
++ len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long);
++ mem = kmalloc(len, GFP_KERNEL);
+ if (!mem)
+ return -ENOMEM;
+
+ spin_lock_irq(&dev->event_lock);
+ spin_lock(&client->buffer_lock);
+
+- memcpy(mem, bits, sizeof(unsigned long) * max);
++ memcpy(mem, bits, len);
+
+ spin_unlock(&dev->event_lock);
+
+@@ -778,7 +781,7 @@ static int evdev_handle_get_val(struct evdev_client *client,
+
+ spin_unlock_irq(&client->buffer_lock);
+
+- ret = bits_to_user(mem, max, size, p, compat);
++ ret = bits_to_user(mem, maxbit, maxlen, p, compat);
+ if (ret < 0)
+ evdev_queue_syn_dropped(client);
+
diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c
index 24c41ba..102d71f 100644
--- a/drivers/input/gameport/gameport.c
@@ -47941,6 +47978,42 @@ index dff0977..6df4b1d 100644
adapter->vfinfo[vf].spoofchk_enabled = setting;
regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));
+diff --git a/drivers/net/ethernet/neterion/s2io.c b/drivers/net/ethernet/neterion/s2io.c
+index 9eeddbd..6d9e10d 100644
+--- a/drivers/net/ethernet/neterion/s2io.c
++++ b/drivers/net/ethernet/neterion/s2io.c
+@@ -6992,7 +6992,9 @@ static int s2io_add_isr(struct s2io_nic *sp)
+ if (sp->s2io_entries[i].in_use == MSIX_FLG) {
+ if (sp->s2io_entries[i].type ==
+ MSIX_RING_TYPE) {
+- sprintf(sp->desc[i], "%s:MSI-X-%d-RX",
++ snprintf(sp->desc[i],
++ sizeof(sp->desc[i]),
++ "%s:MSI-X-%d-RX",
+ dev->name, i);
+ err = request_irq(sp->entries[i].vector,
+ s2io_msix_ring_handle,
+@@ -7001,7 +7003,9 @@ static int s2io_add_isr(struct s2io_nic *sp)
+ sp->s2io_entries[i].arg);
+ } else if (sp->s2io_entries[i].type ==
+ MSIX_ALARM_TYPE) {
+- sprintf(sp->desc[i], "%s:MSI-X-%d-TX",
++ snprintf(sp->desc[i],
++ sizeof(sp->desc[i]),
++ "%s:MSI-X-%d-TX",
+ dev->name, i);
+ err = request_irq(sp->entries[i].vector,
+ s2io_msix_fifo_handle,
+@@ -8159,7 +8163,8 @@ s2io_init_nic(struct pci_dev *pdev, const struct pci_device_id *pre)
+ "%s: UDP Fragmentation Offload(UFO) enabled\n",
+ dev->name);
+ /* Initialize device name */
+- sprintf(sp->name, "%s Neterion %s", dev->name, sp->product_name);
++ snprintf(sp->name, sizeof(sp->name), "%s Neterion %s", dev->name,
++ sp->product_name);
+
+ if (vlan_tag_strip)
+ sp->vlan_strip_flag = 1;
diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c
index 089b713..28d87ae 100644
--- a/drivers/net/ethernet/neterion/vxge/vxge-config.c
@@ -92333,6 +92406,28 @@ index 1f4bcb3..99cf7ab 100644
goto out_put_task_struct;
}
+diff --git a/kernel/range.c b/kernel/range.c
+index 322ea8e..82cfc28 100644
+--- a/kernel/range.c
++++ b/kernel/range.c
+@@ -113,12 +113,12 @@ static int cmp_range(const void *x1, const void *x2)
+ {
+ const struct range *r1 = x1;
+ const struct range *r2 = x2;
+- s64 start1, start2;
+
+- start1 = r1->start;
+- start2 = r2->start;
+-
+- return start1 - start2;
++ if (r1->start < r2->start)
++ return -1;
++ if (r1->start > r2->start)
++ return 1;
++ return 0;
+ }
+
+ int clean_sort_range(struct range *range, int az)
diff --git a/kernel/rcu/srcu.c b/kernel/rcu/srcu.c
index 3318d82..1a5b2d1 100644
--- a/kernel/rcu/srcu.c
@@ -103089,10 +103184,29 @@ index 3d4da2c..40f9c29 100644
ICMP_PROT_UNREACH, 0);
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 580dd96..9fcef7e 100644
+index 580dd96..41e9720 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
-@@ -1171,7 +1171,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -426,15 +426,12 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
+
+ memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
+ sin = &errhdr.offender;
+- sin->sin_family = AF_UNSPEC;
++ memset(sin, 0, sizeof(*sin));
++
+ if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) {
+- struct inet_sock *inet = inet_sk(sk);
+-
+ sin->sin_family = AF_INET;
+ sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
+- sin->sin_port = 0;
+- memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
+- if (inet->cmsg_flags)
++ if (inet_sk(sk)->cmsg_flags)
+ ip_cmsg_recv(msg, skb);
+ }
+
+@@ -1171,7 +1168,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
len = min_t(unsigned int, len, opt->optlen);
if (put_user(len, optlen))
return -EFAULT;
@@ -103102,7 +103216,7 @@ index 580dd96..9fcef7e 100644
return -EFAULT;
return 0;
}
-@@ -1302,7 +1303,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1302,7 +1300,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
if (sk->sk_type != SOCK_STREAM)
return -ENOPROTOOPT;
@@ -104140,10 +104254,38 @@ index d935889..2f64330 100644
err = ipv6_init_mibs(net);
if (err)
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
-index c3bf2d2..1f00573 100644
+index c3bf2d2..c85df82 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
-@@ -938,5 +938,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
+@@ -382,11 +382,10 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
+
+ memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
+ sin = &errhdr.offender;
+- sin->sin6_family = AF_UNSPEC;
++ memset(sin, 0, sizeof(*sin));
++
+ if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) {
+ sin->sin6_family = AF_INET6;
+- sin->sin6_flowinfo = 0;
+- sin->sin6_port = 0;
+ if (np->rxopt.all)
+ ip6_datagram_recv_common_ctl(sk, msg, skb);
+ if (skb->protocol == htons(ETH_P_IPV6)) {
+@@ -397,12 +396,9 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
+ ipv6_iface_scope_id(&sin->sin6_addr,
+ IP6CB(skb)->iif);
+ } else {
+- struct inet_sock *inet = inet_sk(sk);
+-
+ ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr,
+ &sin->sin6_addr);
+- sin->sin6_scope_id = 0;
+- if (inet->cmsg_flags)
++ if (inet_sk(sk)->cmsg_flags)
+ ip_cmsg_recv(msg, skb);
+ }
+ }
+@@ -938,5 +934,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
0,
sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -104554,10 +104696,25 @@ index cc85a9b..526a133 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 7cc1102..7785931 100644
+index 7cc1102..50e95c7 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -2973,7 +2973,7 @@ struct ctl_table ipv6_route_table_template[] = {
+@@ -1160,12 +1160,9 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
+ struct net *net = dev_net(dst->dev);
+
+ rt6->rt6i_flags |= RTF_MODIFIED;
+- if (mtu < IPV6_MIN_MTU) {
+- u32 features = dst_metric(dst, RTAX_FEATURES);
++ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+- features |= RTAX_FEATURE_ALLFRAG;
+- dst_metric_set(dst, RTAX_FEATURES, features);
+- }
++
+ dst_metric_set(dst, RTAX_MTU, mtu);
+ rt6_update_expires(rt6, net->ipv6.sysctl.ip6_rt_mtu_expires);
+ }
+@@ -2973,7 +2970,7 @@ struct ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-07 14:49:26 +0000