diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 10 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.27-201501011217.patch) | 19 |
2 files changed, 19 insertions, 10 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index e82bdd4484..8c6556f77e 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.27-201501011217.patch + grsecurity-3.0-3.14.27-201501042018.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -167,7 +167,7 @@ dev() { md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz d79fd9ea62b9c9dd3c17ed7651a9e408 patch-3.14.27.xz -760c7d4f8a06507eddae37e3061c13f2 grsecurity-3.0-3.14.27-201501011217.patch +ca00f323d00586c39cd56cba64b53959 grsecurity-3.0-3.14.27-201501042018.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 59a78a67677e25540028414bb5eb6330 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch @@ -176,7 +176,7 @@ c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 6709c83fbbd38d40f31d39f0022d4ce9 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz 5f84a4ff394444486d1715d5283383a8461ff089ed9b9fdc5dde2ed65531d21e patch-3.14.27.xz -9136a07098a7bc9fe9da7a4ce1137097e095f8068072ac2b158a40b1d4f13b0e grsecurity-3.0-3.14.27-201501011217.patch +3ce5950b71acc8b44db2611b5c72d999352b025dbfb8c90517ce0c8ab52d2e84 grsecurity-3.0-3.14.27-201501042018.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch f04d0f6610398f3657ddb2e6926113c43ec331ae256704bca4de11f432881ec5 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch @@ -185,7 +185,7 @@ d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x 01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz 1191ef739905b2e5057c5273e5cf026baea1ea4855dca8375dbe4ecaa7e6d2d38b8103e2781554f2d9ecf9026fdad1086c6b9d8f0b41fcb8e39aca0612e208e7 patch-3.14.27.xz -7101a9c507dbd701f6371a1237616f052f6573a99e51afcbec4599e9b57cf8d460412df1e71b8da52f1d4bd9db5457d61852cc1b9736cbdc734df93b7f237f7a grsecurity-3.0-3.14.27-201501011217.patch +5af36af71741806a91f509c2b71a6e47fb678c8afb12b2c8bc5890594e90ca27e44641f510187de121a5208cf510d860e71ea1b256cf0e0daf8cf5e4ead1e674 grsecurity-3.0-3.14.27-201501042018.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch ddc32533bd519db5298895eb2da5eb95390999bd3f6d27b5eee38551387df4a43f537235d6a9be859ee1f433420f3afbf01e2c1e7ca0175b27460598c5c385f9 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch diff --git a/main/linux-grsec/grsecurity-3.0-3.14.27-201501011217.patch b/main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch index 176a326ac8..c044d3506c 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.27-201501011217.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch @@ -27991,7 +27991,7 @@ index 1c113db..287b42e 100644 static int trace_irq_vector_refcount; static DEFINE_MUTEX(irq_vector_mutex); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index f9d976e..3b48355 100644 +index f9d976e..488b635 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -66,7 +66,7 @@ @@ -28136,7 +28136,16 @@ index f9d976e..3b48355 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -410,7 +451,7 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) +@@ -404,13 +445,16 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) + container_of(task_pt_regs(current), + struct bad_iret_stack, regs); + ++ if ((current->thread.sp0 ^ (unsigned long)s) < THREAD_SIZE) ++ new_stack = s; ++ + /* Copy the IRET target to the new stack. */ + memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8); + /* Copy the remainder of the stack from the current stack. */ memmove(new_stack, s, offsetof(struct bad_iret_stack, regs.ip)); @@ -28145,7 +28154,7 @@ index f9d976e..3b48355 100644 return new_stack; } #endif -@@ -490,7 +531,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -490,7 +534,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -28154,7 +28163,7 @@ index f9d976e..3b48355 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -505,7 +546,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -505,7 +549,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -28163,7 +28172,7 @@ index f9d976e..3b48355 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -537,7 +578,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -537,7 +581,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); |