diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2009-08-13 15:49:06 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2009-08-13 15:49:06 +0000 |
commit | f966169b52b77682d48ba83333b96f00e16e487a (patch) | |
tree | fcca5682e759e7b6584a46f5df78cefd6c333be3 | |
parent | d7c0aed5ab029a04cd60356126d7feede60bfc0a (diff) | |
download | aports-f966169b52b77682d48ba83333b96f00e16e487a.tar.bz2 aports-f966169b52b77682d48ba83333b96f00e16e487a.tar.xz |
main/linux-grsec: upgrade to grsecurity patch 200908090749
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908122115.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908090749.patch) | 27 |
2 files changed, 20 insertions, 13 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 625989df1..6d88c138a 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.30.4 _kernver=2.6.30 -pkgrel=3 +pkgrel=4 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs" @@ -13,7 +13,7 @@ _config=${config:-kernelconfig} install="$pkgname.post-install $pkgname.post-upgrade" source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.1.14-2.6.30.4-200908090749.patch + grsecurity-2.1.14-2.6.30.4-200908122115.patch linux-nbma-mroute-v4-2.6.30.diff net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch $_config @@ -113,7 +113,7 @@ dev() { md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2 d0fc44b54ba5953140b3f2aa9a1f2580 patch-2.6.30.4.bz2 -78f3778d96c03006ba0b4c96ed885cd6 grsecurity-2.1.14-2.6.30.4-200908090749.patch +8b90a9def6800972fd09685bb73c5945 grsecurity-2.1.14-2.6.30.4-200908122115.patch 7420c0b1095335990313656b114e1379 linux-nbma-mroute-v4-2.6.30.diff ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch 60adb085be0ab268c0f27279ae2b2bab kernelconfig diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908090749.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908122115.patch index 3fff0bbb8..6f697a13f 100644 --- a/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908090749.patch +++ b/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908122115.patch @@ -8320,7 +8320,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/efi_stub_32.S linux-2.6.30.4/arch/x86/ efi_rt_function_ptr: diff -urNp linux-2.6.30.4/arch/x86/kernel/entry_32.S linux-2.6.30.4/arch/x86/kernel/entry_32.S --- linux-2.6.30.4/arch/x86/kernel/entry_32.S 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/kernel/entry_32.S 2009-07-30 09:48:09.945662533 -0400 ++++ linux-2.6.30.4/arch/x86/kernel/entry_32.S 2009-08-12 21:15:21.098460043 -0400 @@ -192,7 +192,7 @@ #endif /* CONFIG_X86_32_LAZY_GS */ @@ -8525,11 +8525,11 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/entry_32.S linux-2.6.30.4/arch/x86/ker /* since we are on a wrong stack, we cant make it a C code :( */ - PER_CPU(gdt_page, %ebx) +#ifdef CONFIG_SMP -+ movl PER_CPU_VAR(cpu_number), %ebx; -+ shll $PAGE_SHIFT_asm, %ebx; -+ addl $cpu_gdt_table, %ebx; ++ movl PER_CPU_VAR(cpu_number), %ebx ++ shll $PAGE_SHIFT_asm, %ebx ++ addl $cpu_gdt_table, %ebx +#else -+ movl $cpu_gdt_table, %ebx; ++ movl $cpu_gdt_table, %ebx +#endif GET_DESC_BASE(GDT_ENTRY_ESPFIX_SS, %ebx, %eax, %ax, %al, %ah) addl %esp, %eax @@ -8595,14 +8595,18 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/entry_32.S linux-2.6.30.4/arch/x86/ker CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-2.6.30.4/arch/x86/kernel/entry_64.S linux-2.6.30.4/arch/x86/kernel/entry_64.S --- linux-2.6.30.4/arch/x86/kernel/entry_64.S 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/kernel/entry_64.S 2009-07-30 09:48:09.945662533 -0400 -@@ -1073,7 +1073,8 @@ ENTRY(\sym) ++++ linux-2.6.30.4/arch/x86/kernel/entry_64.S 2009-08-12 21:15:21.099483377 -0400 +@@ -1073,7 +1073,12 @@ ENTRY(\sym) TRACE_IRQS_OFF movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ - PER_CPU(init_tss, %rbp) ++#ifdef CONFIG_SMP + imul $TSS_size, PER_CPU_VAR(cpu_number), %ebp + lea init_tss(%rbp), %rbp ++#else ++ lea init_tss(%rip), %rbp ++#endif subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) call \do_sym addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) @@ -11088,7 +11092,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/vm86_32.c linux-2.6.30.4/arch/x86/kern tsk->thread.sysenter_cs = 0; diff -urNp linux-2.6.30.4/arch/x86/kernel/vmi_32.c linux-2.6.30.4/arch/x86/kernel/vmi_32.c --- linux-2.6.30.4/arch/x86/kernel/vmi_32.c 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/kernel/vmi_32.c 2009-07-30 09:48:09.962543704 -0400 ++++ linux-2.6.30.4/arch/x86/kernel/vmi_32.c 2009-08-12 21:15:21.104308164 -0400 @@ -102,18 +102,43 @@ static unsigned patch_internal(int call, { u64 reloc; @@ -11149,7 +11153,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/vmi_32.c linux-2.6.30.4/arch/x86/kerne vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD); } #endif -@@ -438,8 +463,8 @@ vmi_startup_ipi_hook(int phys_apicid, un +@@ -438,10 +463,10 @@ vmi_startup_ipi_hook(int phys_apicid, un ap.ss = __KERNEL_DS; ap.esp = (unsigned long) start_esp; @@ -11158,7 +11162,10 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/vmi_32.c linux-2.6.30.4/arch/x86/kerne + ap.ds = __KERNEL_DS; + ap.es = __KERNEL_DS; ap.fs = __KERNEL_PERCPU; - ap.gs = 0; +- ap.gs = 0; ++ ap.gs = __KERNEL_STACK_CANARY; + + ap.eflags = 0; @@ -634,12 +659,20 @@ static inline int __init activate_vmi(vo u64 reloc; |