aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-3.0.4-201109261052.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch)117
2 files changed, 88 insertions, 35 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 77438b0742..b4f4cd5ef7 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.0.4
_kernver=3.0
-pkgrel=6
+pkgrel=7
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
- grsecurity-2.2.2-3.0.4-201109190917.patch
+ grsecurity-2.2.2-3.0.4-201109261052.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -138,7 +138,7 @@ dev() {
md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2
62ca5f3caed233617127b2b3b7a87d15 patch-3.0.4.bz2
-475c1129df5aca0d82587640b878109d grsecurity-2.2.2-3.0.4-201109190917.patch
+a7729608516e45657d47a0a458117ca1 grsecurity-2.2.2-3.0.4-201109261052.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
9a2c88b20d296158cdcd01f843898415 kernelconfig.x86
6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109261052.patch
index ec88fda16b..cce98cf9ed 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109261052.patch
@@ -50694,8 +50694,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+}
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-09-24 08:13:01.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50863,18 +50863,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -51135,8 +51123,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -51669,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link
+}
diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
--- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400
-@@ -0,0 +1,313 @@
++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-26 10:46:21.000000000 -0400
+@@ -0,0 +1,315 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -51723,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
+ unsigned long curr_secs = get_seconds();
+
+ if (audit == GR_DO_AUDIT)
@@ -51731,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
+ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet = 0;
-+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
-+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_fyet++;
-+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+ grsec_alert_wtime = curr_secs;
-+ grsec_alert_fyet++;
-+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+ return FLOODING;
-+ }
-+ } else return FLOODING;
++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
++ grsec_alert_fyet++;
++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++ grsec_alert_wtime = curr_secs;
++ grsec_alert_fyet++;
++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++ return FLOODING;
++ }
++ else return FLOODING;
+
+set_fmt:
++#endif
+ memset(buf, 0, PAGE_SIZE);
+ if (current->signal->curr_ip && gr_acl_is_enabled()) {
+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
@@ -55798,7 +55786,7 @@ diff -urNp linux-3.0.4/include/linux/grdefs.h linux-3.0.4/include/linux/grdefs.h
+#endif
diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grinternal.h
--- linux-3.0.4/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/include/linux/grinternal.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/include/linux/grinternal.h 2011-09-24 08:43:45.000000000 -0400
@@ -0,0 +1,219 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -55924,7 +55912,7 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin
+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
-+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
++ CAP_TO_MASK(CAP_IPC_OWNER) , CAP_TO_MASK(CAP_SYSLOG) }}
+
+#define security_learn(normal_msg,args...) \
+({ \
@@ -67520,7 +67508,16 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/slub.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/mm/slub.c 2011-09-25 22:15:40.000000000 -0400
+@@ -200,7 +200,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -442,7 +442,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
@@ -67671,6 +67668,30 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
goto err;
}
up_write(&slub_lock);
+@@ -3545,7 +3586,7 @@ void *__kmalloc_node_track_caller(size_t
+ }
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int count_inuse(struct page *page)
+ {
+ return page->inuse;
+@@ -3935,12 +3976,12 @@ static void resiliency_test(void)
+ validate_slab_cache(kmalloc_caches[9]);
+ }
+ #else
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static void resiliency_test(void) {};
+ #endif
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ enum slab_stat_type {
+ SL_ALL, /* All slabs */
+ SL_PARTIAL, /* Only partially allocated slabs */
@@ -4150,7 +4191,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
@@ -67680,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
}
SLAB_ATTR_RO(aliases);
-@@ -4894,7 +4935,13 @@ static const struct file_operations proc
+@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme
+ return name;
+ }
+
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *s)
+ {
+ int err;
+@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme
+ kobject_del(&s->kobj);
+ kobject_put(&s->kobj);
+ }
++#endif
+
+ /*
+ * Need to buffer aliases during bootup until sysfs becomes
+@@ -4737,6 +4780,7 @@ struct saved_alias {
+
+ static struct saved_alias *alias_list;
+
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+ {
+ struct saved_alias *al;
+@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_
+ alias_list = al;
+ return 0;
+ }
++#endif
+
+ static int __init slab_sysfs_init(void)
+ {
+@@ -4894,7 +4939,13 @@ static const struct file_operations proc
static int __init slab_proc_init(void)
{