aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD10
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.10-201407052031.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch)70
2 files changed, 74 insertions, 6 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index a9dad4e95e..e91d727238 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=1
+pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.10-201407012152.patch
+ grsecurity-3.0-3.14.10-201407052031.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -166,7 +166,7 @@ dev() {
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
13d435d77d719cd845fb82627aa07974 patch-3.14.10.xz
-e43935611420bfaa55f68ba32d43be58 grsecurity-3.0-3.14.10-201407012152.patch
+08c26e89d09fb4cc0d41c159ea17bb24 grsecurity-3.0-3.14.10-201407052031.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
83f0e1b1d2413bcb2dddcf87a10dc42b kernelconfig.x86
@@ -174,7 +174,7 @@ c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
887980f603af6a1ac6f67edeae2e0d07 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
e93bcbbd4568449e771f420ddd281a797b8df92ff265d59f849c3f53172fd95e patch-3.14.10.xz
-a16bb425114a1e19296d6daed4daed821df3177881de17f2e529cf4f09012984 grsecurity-3.0-3.14.10-201407012152.patch
+238f1499e7b6669b199e85cc334e01c9240665d65647b2ea0c30c230b88ac714 grsecurity-3.0-3.14.10-201407052031.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
5431d66b9c1af413b4dc6f91de00a6e830e3d780a79c5f85d2d8b013b151c169 kernelconfig.x86
@@ -182,7 +182,7 @@ a16bb425114a1e19296d6daed4daed821df3177881de17f2e529cf4f09012984 grsecurity-3.0
ab3e07f85f4dd090b2d22b485881031bd479a1c34fc9a2e9707cb8cdebfcfda4 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
807783caa9ff492b936b1deef2da96bfb4af5429adc4810de66fbc709ab1a707e26c03edb66a10e429ad5038697c0d522d7f63075382db5d65f622f727be5452 patch-3.14.10.xz
-1d12d3ee7d37ecc5eafefa5866c2910f53be22019c1de538de279527c63e0c4855c07c29d4b55dfdb9aacd9c9d830cfae8acef456c04566ff1967d593d15d377 grsecurity-3.0-3.14.10-201407012152.patch
+194d0b023eb9841c2784220ecd80eedd61b62ce1f971a8e5a4fe2f7dcc7a1cff304a4e1bbd7a69aaf5ac2dc9fe112e3d4618bfa8e9541770c8fd3c0dcfe1a358 grsecurity-3.0-3.14.10-201407052031.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
03f817222bf5812fa8363542e4ab108767212c67efe3994ea8fe9d0751215d9c3f166ce41de41f9070c855db6c04606828dc61265a1738920b984a24077347c4 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch b/main/linux-grsec/grsecurity-3.0-3.14.10-201407052031.patch
index ba8d0ddfdd..5cd674b923 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.10-201407052031.patch
@@ -18734,7 +18734,7 @@ index fdedd38..95c02c2 100644
void df_debug(struct pt_regs *regs, long error_code);
#endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 14fd6fd..6740420 100644
+index 14fd6fd..b31a4a4 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
@@ -18807,6 +18807,29 @@ index 14fd6fd..6740420 100644
#endif
return *(unsigned long *)((unsigned long)regs + offset);
}
+@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
+
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO
+
++/*
++ * When hitting ptrace_stop(), we cannot return using SYSRET because
++ * that does not restore the full CPU state, only a minimal set. The
++ * ptracer can change arbitrary register values, which is usually okay
++ * because the usual ptrace stops run off the signal delivery path which
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
++ * in the kernel and don't force IRET path.
++ *
++ * So force IRET path after a ptrace stop.
++ */
++#define arch_ptrace_stop_needed(code, info) \
++({ \
++ set_thread_flag(TIF_NOTIFY_RESUME); \
++ false; \
++})
++
+ struct user_desc;
+ extern int do_get_thread_area(struct task_struct *p, int idx,
+ struct user_desc __user *info);
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 9c6b890..5305f53 100644
--- a/arch/x86/include/asm/realmode.h
@@ -82077,6 +82100,20 @@ index 34a1e10..70f6bde 100644
struct proc_ns {
void *ns;
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
+index 077904c..cc79eff 100644
+--- a/include/linux/ptrace.h
++++ b/include/linux/ptrace.h
+@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk,
+ * calling arch_ptrace_stop() when it would be superfluous. For example,
+ * if the thread has not been back to user mode since the last stop, the
+ * thread state might indicate that nothing needs to be done.
++ *
++ * This is guaranteed to be invoked once before a task stops for ptrace and
++ * may include arch-specific operations necessary prior to a ptrace stop.
+ */
+ #define arch_ptrace_stop_needed(code, info) (0)
+ #endif
diff --git a/include/linux/quota.h b/include/linux/quota.h
index cc7494a..1e27036 100644
--- a/include/linux/quota.h
@@ -92405,6 +92442,37 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
+diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
+index b74da44..7a85967 100644
+--- a/lib/lz4/lz4_decompress.c
++++ b/lib/lz4/lz4_decompress.c
+@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
+ int s = 255;
+ while ((ip < iend) && (s == 255)) {
+ s = *ip++;
++ if (unlikely(length > (size_t)(length + s)))
++ goto _output_error;
+ length += s;
+ }
+ }
+@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
+ if (length == ML_MASK) {
+ while (ip < iend) {
+ int s = *ip++;
++ if (unlikely(length > (size_t)(length + s)))
++ goto _output_error;
+ length += s;
+ if (s == 255)
+ continue;
+@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
+
+ /* write overflow error detected */
+ _output_error:
+- return (int) (-(((char *) ip) - source));
++ return -1;
+ }
+
+ int lz4_decompress(const unsigned char *src, size_t *src_len,
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 963b703..438bc51 100644
--- a/lib/percpu-refcount.c