summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Manison <amanison@anselsystems.com>2010-07-02 08:08:13 +0000
committerAndrew Manison <amanison@anselsystems.com>2010-07-02 08:08:13 +0000
commit79765211f6541090c4f8e629a34732e9ccaa24fd (patch)
tree6c392c706ba919497e641f14595e8aae4ca375f3
parent00630fd78516f529daf3005c7defcd6baf4b95f9 (diff)
parent2da022a8f0642c8990ba999256fc8b9ccada29f2 (diff)
downloadaports-79765211f6541090c4f8e629a34732e9ccaa24fd.tar.bz2
aports-79765211f6541090c4f8e629a34732e9ccaa24fd.tar.xz
Merge remote branch 'alpine/master'; fixes for build problems.
Conflicts: main/abuild/APKBUILD
-rw-r--r--main/abuild/APKBUILD24
-rw-r--r--main/abuild/abuild-conflict-message.patch30
-rw-r--r--main/apk-tools/APKBUILD9
-rw-r--r--main/apk-tools/apk-tools-static.patch65
-rw-r--r--main/apr-util/APKBUILD2
-rw-r--r--main/cmake/APKBUILD6
-rw-r--r--main/cracklib/APKBUILD18
-rw-r--r--main/cracklib/cracklib-nls.patch12
-rw-r--r--main/dialog/APKBUILD12
-rw-r--r--main/gcc/APKBUILD8
-rw-r--r--main/gcc/PR32219.patch101
-rw-r--r--main/git/APKBUILD12
-rw-r--r--main/git/git-do-not-dump-core-when-iconv-fails.patch43
-rw-r--r--main/gmp/APKBUILD39
-rw-r--r--main/gmp/gmp-4.1.4-noexecstack.patch20
-rw-r--r--main/gmp5/APKBUILD6
-rw-r--r--main/guile/APKBUILD4
-rw-r--r--main/iscsitarget-grsec/APKBUILD7
-rw-r--r--main/libc0.9.32/APKBUILD6
-rw-r--r--main/libc0.9.32/uclibc-gcc-workaround.patch58
-rw-r--r--main/libconfig/APKBUILD4
-rw-r--r--main/libevent/APKBUILD6
-rw-r--r--main/libowfat/APKBUILD (renamed from testing/libowfat/APKBUILD)0
-rw-r--r--main/libpng/APKBUILD4
-rw-r--r--main/lighttpd/APKBUILD2
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch)577
-rw-r--r--main/lua-uuid/APKBUILD2
-rw-r--r--main/lvm2/APKBUILD4
-rw-r--r--main/mlmmj/APKBUILD6
-rw-r--r--main/mpfr3/APKBUILD4
-rw-r--r--main/opentracker/APKBUILD (renamed from testing/opentracker/APKBUILD)2
-rw-r--r--main/opentracker/opentracker.initd (renamed from testing/opentracker/opentracker.initd)0
-rw-r--r--main/opentracker/opentracker.pre-install5
-rw-r--r--main/pax-utils/APKBUILD2
-rw-r--r--main/php/APKBUILD4
-rw-r--r--main/syslinux/APKBUILD11
-rw-r--r--main/uiconv/APKBUILD2
-rwxr-xr-xrebuild-alpine.sh15
-rw-r--r--testing/opentracker/opentracker.pre-install5
-rw-r--r--testing/py-crypto/APKBUILD4
41 files changed, 745 insertions, 402 deletions
diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD
index 8c684d6b9..4ad26188c 100644
--- a/main/abuild/APKBUILD
+++ b/main/abuild/APKBUILD
@@ -2,13 +2,27 @@
pkgdesc="Script to build Alpine Packages"
pkgname=abuild
pkgver=2.3
-pkgrel=0
+pkgrel=1
url=http://git.alpinelinux.org/cgit/abuild/
-source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2"
-depends="fakeroot file sudo pax-utils apk-tools"
+source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2
+ abuild-conflict-message.patch
+ "
+depends="fakeroot file sudo pax-utils openssl apk-tools"
makedepends="openssl-dev pkgconfig"
license=GPL-2
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ for i in $source; do
+ case $i in
+ *.patch)
+ msg "Applying $i"
+ patch -p1 -i "$srcdir"/$i || return 1
+ ;;
+ esac
+ done
+}
+
build() {
cd "$srcdir/$pkgname-$pkgver"
make
@@ -19,4 +33,6 @@ package() {
make install DESTDIR="$pkgdir"
install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf
}
-md5sums="7c738e0018202160366b8329ec693502 abuild-2.3.tar.bz2"
+
+md5sums="7c738e0018202160366b8329ec693502 abuild-2.3.tar.bz2
+45ee7aa6e00732a8c36d7740fb8d2aeb abuild-conflict-message.patch"
diff --git a/main/abuild/abuild-conflict-message.patch b/main/abuild/abuild-conflict-message.patch
new file mode 100644
index 000000000..b560634ad
--- /dev/null
+++ b/main/abuild/abuild-conflict-message.patch
@@ -0,0 +1,30 @@
+commit c30c346362223658980275d54d5b7911a3a7486c
+Author: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed Jun 30 14:59:07 2010 +0000
+
+ abuild: detect and report conflicting dependencies properly
+
+diff --git a/abuild.in b/abuild.in
+index 0c94653..4034a86 100755
+--- a/abuild.in
++++ b/abuild.in
+@@ -841,15 +841,16 @@ builddeps() {
+ # find which deps are missing
+ for i in $deps; do
+ if [ "${i#\!}" != "$i" ]; then
+- list_has ${i#\!} $installed_deps \
++ $APK info -q -e "${i#\!}" \
+ && conflicts="$conflicts ${i#\!}"
+ elif ! deplist_has $i $installed_deps || [ -n "$upgrade" ]; then
+ missing="$missing $i"
+ fi
+ done
+-
++
+ if [ -n "$conflicts" ]; then
+- die "Conflicting package(s) installed:$conflics"
++ error "Conflicting package(s) installed:$conflicts"
++ return 1
+ fi
+
+ if [ -z "$install_deps" ] && [ -z "$recursive" ]; then
diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD
index 2c96805b4..90cff68dc 100644
--- a/main/apk-tools/APKBUILD
+++ b/main/apk-tools/APKBUILD
@@ -1,13 +1,14 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
pkgver=2.0.5
-pkgrel=0
+pkgrel=1
pkgdesc="Alpine Package Keeper - package manager for alpine"
subpackages="$pkgname-static"
depends=
makedepends="zlib-dev openssl-dev pkgconfig"
source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch
+ apk-tools-static.patch
"
url="http://git.alpinelinux.org/cgit/apk-tools/"
@@ -21,6 +22,9 @@ prepare() {
*.patch) patch -p1 -i "$srcdir"/$i || return 1
esac
done
+ # the patch includes a symlink
+ rm -f src/apk-static.c
+ ln -s apk.c src/apk-static.c
}
build() {
@@ -49,4 +53,5 @@ static() {
}
md5sums="7f9234ab210557b064d7bd9b42833f0a apk-tools-2.0.5.tar.bz2
-f63d483b724e8e9344ce8cb965d5ed22 0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch"
+f63d483b724e8e9344ce8cb965d5ed22 0001-Makefile-do-not-require-lua-pkgconfig-unless-you-int.patch
+3c1f21719a6c4aba51333cf0d88c5600 apk-tools-static.patch"
diff --git a/main/apk-tools/apk-tools-static.patch b/main/apk-tools/apk-tools-static.patch
new file mode 100644
index 000000000..c122964b4
--- /dev/null
+++ b/main/apk-tools/apk-tools-static.patch
@@ -0,0 +1,65 @@
+commit dd6008995a8e8509d71ffa906c837e7a320e8a15
+Author: Timo Teräs <timo.teras@iki.fi>
+Date: Wed Jun 30 16:53:56 2010 +0300
+
+ static build: do not use openssl engines
+
+ We want minimal static build. And this now also breaks with our openssl
+ since it tries to automatically dlopen some of the engine modules.
+
+diff --git a/.gitignore b/.gitignore
+index f6f9cf6..2b22f52 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -1,4 +1,5 @@
+ apk
++apk.static
+ *.o
+ *.d
+ *.cmd
+diff --git a/src/Makefile b/src/Makefile
+index bea288e..c9cda6a 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -41,9 +41,10 @@ endif
+
+ CFLAGS_ALL += -D_ATFILE_SOURCE
+ CFLAGS_apk.o := -DAPK_VERSION=\"$(FULL_VERSION)\"
++CFLAGS_apk-static.o := -DAPK_VERSION=\"$(FULL_VERSION)\" -DOPENSSL_NO_ENGINE
+
+ progs-$(STATIC) += apk.static
+-apk.static-objs := $(apk-objs)
++apk.static-objs := $(filter-out apk.o,$(apk-objs)) apk-static.o
+ LDFLAGS_apk.static := -static
+ LDFLAGS_apk += -nopie -L$(obj)
+
+diff --git a/src/apk-static.c b/src/apk-static.c
+new file mode 120000
+index 0000000..bf745af
+--- /dev/null
++++ b/src/apk-static.c
+@@ -0,0 +1 @@
++apk.c
+\ No newline at end of file
+diff --git a/src/apk.c b/src/apk.c
+index 81bb950..4196f74 100644
+--- a/src/apk.c
++++ b/src/apk.c
+@@ -12,13 +12,17 @@
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <ctype.h>
++#include <errno.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <getopt.h>
+ #include <sys/stat.h>
+
++#include <openssl/crypto.h>
++#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
++#endif
+
+ #include "apk_defines.h"
+ #include "apk_database.h"
diff --git a/main/apr-util/APKBUILD b/main/apr-util/APKBUILD
index 45133a2c2..8730607a5 100644
--- a/main/apr-util/APKBUILD
+++ b/main/apr-util/APKBUILD
@@ -7,7 +7,7 @@ url="http://apr.apache.org/"
license="APACHE"
depends=
subpackages="$pkgname-dev"
-makedepends="apr-dev expat-dev e2fsprogs-dev"
+makedepends="apr-dev expat-dev e2fsprogs-dev bash"
source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2"
build() {
diff --git a/main/cmake/APKBUILD b/main/cmake/APKBUILD
index bbd1b5885..64faab3cf 100644
--- a/main/cmake/APKBUILD
+++ b/main/cmake/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cmake
-pkgver=2.8.1
-pkgrel=1
+pkgver=2.8.2
+pkgrel=0
pkgdesc="CMake is a cross-platform open-source make system"
url="http://www.cmake.org"
license="CMake"
@@ -42,4 +42,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-md5sums="a92ad653f9ccc1595d16cd9707f49acc cmake-2.8.1.tar.gz"
+md5sums="8c967d5264657a798f22ee23976ff0d9 cmake-2.8.2.tar.gz"
diff --git a/main/cracklib/APKBUILD b/main/cracklib/APKBUILD
index f7fda7960..c82e9038f 100644
--- a/main/cracklib/APKBUILD
+++ b/main/cracklib/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=cracklib
-pkgver=2.8.13
-pkgrel=1
+pkgver=2.8.16
+pkgrel=0
pkgdesc="A library used to enforce strong passwords"
url="http://sourceforge.net/projects/cracklib"
license="GPL"
@@ -11,7 +11,14 @@ makedepends=""
install=
subpackages="$pkgname-dev"
source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+ cracklib-nls.patch
"
+
+prepare() {
+ cd "$srcdir"/$pkgname-$pkgver
+ patch -p1 -i "$srcdir"/cracklib-nls.patch
+}
+
build() {
cd "$srcdir/$pkgname-$pkgver"
@@ -24,8 +31,13 @@ build() {
--disable-nls \
--with-default-dict
make -j1 all || return 1
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
make -j1 DESTDIR="$pkgdir" install
}
-md5sums="5beb4c6b3c31c83fc98c4c225b25cd94 cracklib-2.8.13.tar.gz"
+md5sums="3bfb22db8fcffd019463ee415a1b25b7 cracklib-2.8.16.tar.gz
+239b1b7b59bee4dee7577aa9df18ba46 cracklib-nls.patch"
diff --git a/main/cracklib/cracklib-nls.patch b/main/cracklib/cracklib-nls.patch
new file mode 100644
index 000000000..3792b741c
--- /dev/null
+++ b/main/cracklib/cracklib-nls.patch
@@ -0,0 +1,12 @@
+--- ./util/check.c.orig
++++ ./util/check.c
+@@ -22,7 +22,9 @@
+ int i;
+
+ setlocale(LC_ALL, "");
++#if defined(ENABLE_NLS)
+ textdomain(PACKAGE);
++#endif
+
+ while (fgets(buf, sizeof(buf), stdin) != NULL) {
+ while (((i = strlen(buf)) > 0) && (i > 0)) {
diff --git a/main/dialog/APKBUILD b/main/dialog/APKBUILD
index b17527f69..1035f0d44 100644
--- a/main/dialog/APKBUILD
+++ b/main/dialog/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dialog
-pkgver=1.1.20100119
-_ver=${pkgver%.*}-${pkgver##*.}
+pkgver=1.1.20100428
+_pkgver=1.1-20100428
pkgrel=1
pkgdesc="A script-interpreter which provides a set of curses"
url="http://invisible-island.net/dialog/dialog.html"
@@ -11,10 +11,10 @@ depends=
makedepends="ncurses-dev"
install=
subpackages="$pkgname-doc"
-source="ftp://invisible-island.net/dialog/$pkgname.tar.gz"
+source="ftp://ftp.us.debian.org/debian/pool/main/d/$pkgname/dialog_$_pkgver.orig.tar.gz"
build() {
- cd "$srcdir/$pkgname-$_ver"
+ cd "$srcdir/$pkgname-$_pkgver"
./configure --prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
@@ -23,8 +23,8 @@ build() {
}
package() {
- cd "$srcdir/$pkgname-$_ver"
+ cd "$srcdir/$pkgname-$_pkgver"
make DESTDIR="$pkgdir" install
}
-md5sums="3d62219658fdddf3c6247fb45831a5d0 dialog.tar.gz"
+md5sums="519c0a0cbac28ddb992111ec2c3f82aa dialog_1.1-20100428.orig.tar.gz"
diff --git a/main/gcc/APKBUILD b/main/gcc/APKBUILD
index a5fb49a92..da7f66248 100644
--- a/main/gcc/APKBUILD
+++ b/main/gcc/APKBUILD
@@ -6,12 +6,12 @@ _specsver=0.1.7
_espfver=0.3.6
_uclibc_abiver=0.9.32
-pkgrel=2
+pkgrel=3
pkgdesc="The GNU Compiler Collection"
url="http://gcc.gnu.org"
license="GPL LGPL"
depends="binutils libgcc libgomp"
-makedepends="bison flex gmp5-dev mpfr-dev texinfo"
+makedepends="bison flex gmp-dev mpfr-dev texinfo"
subpackages="$pkgname-doc libstdc++:libcxx g++:gpp libgcc libgomp"
source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2
ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-g++-$pkgver.tar.bz2
@@ -21,6 +21,7 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2
pt_gnu_eh_frame.patch
uclibc-getipinfo.patch
gcc-dynamic-linker.patch
+ PR32219.patch
"
# ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-objc-$pkgver.tar.bz2
build ()
@@ -133,4 +134,5 @@ d51a6ec3eac1a90e7fc280d976ce7f80 gcc-g++-4.4.4.tar.bz2
c4045bfa85d8be780affd465be9d8ca8 gcc-spec-env.patch
2db1e3482c5dd59dab70f701afa2ca80 pt_gnu_eh_frame.patch
6cc2385c5bbd6d0da6eaedd53c8bf547 uclibc-getipinfo.patch
-6db5c87887beee75cde3cce86625b9ed gcc-dynamic-linker.patch"
+6db5c87887beee75cde3cce86625b9ed gcc-dynamic-linker.patch
+6c866c7fb8d56deb8f6d652bee64e228 PR32219.patch"
diff --git a/main/gcc/PR32219.patch b/main/gcc/PR32219.patch
new file mode 100644
index 000000000..b926e941f
--- /dev/null
+++ b/main/gcc/PR32219.patch
@@ -0,0 +1,101 @@
+From gcc-patches-return-258497-listarch-gcc-patches=gcc dot gnu dot org at gcc dot gnu dot org Tue Mar 16 13:32:55 2010
+Return-Path: <gcc-patches-return-258497-listarch-gcc-patches=gcc dot gnu dot org at gcc dot gnu dot org>
+Delivered-To: listarch-gcc-patches at gcc dot gnu dot org
+Received: (qmail 25550 invoked by alias); 16 Mar 2010 13:32:54 -0000
+Received: (qmail 25534 invoked by uid 22791); 16 Mar 2010 13:32:53 -0000
+X-SWARE-Spam-Status: No, hits=-1.1 required=5.0 tests=AWL,BAYES_00,SUBJ_ALL_CAPS
+X-Spam-Check-By: sourceware.org
+Received: from mail-bw0-f210.google.com (HELO mail-bw0-f210.google.com) (209.85.218.210) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 16 Mar 2010 13:32:48 +0000
+Received: by bwz2 with SMTP id 2so4002140bwz.30 for <multiple recipients>; Tue, 16 Mar 2010 06:32:45 -0700 (PDT)
+Received: by 10.204.14.84 with SMTP id f20mr2900449bka.209.1268746365293; Tue, 16 Mar 2010 06:32:45 -0700 (PDT)
+Received: from s42.loc (85-127-85-230.dynamic.xdsl-line.inode.at [85.127.85.230]) by mx.google.com with ESMTPS id 14sm3626793bwz.14.2010.03.16.06.32.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 16 Mar 2010 06:32:44 -0700 (PDT)
+Received: from cow by s42.loc with local (Exim 4.71) (envelope-from <rep.dot.nop@gmail.com>) id 1NrX2W-0008Nj-5o; Tue, 16 Mar 2010 14:42:32 +0100
+From: Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com>
+To: gcc-patches at gcc dot gnu dot org
+Cc: rguenth at gcc dot gnu dot org, Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com>
+Subject: [PATCH] PR32219
+Date: Tue, 16 Mar 2010 14:42:27 +0100
+Message-Id: <1268746947-32108-1-git-send-email-rep.dot.nop@gmail.com>
+Mailing-List: contact gcc-patches-help at gcc dot gnu dot org; run by ezmlm
+Precedence: bulk
+List-Id: <gcc-patches.gcc.gnu.org>
+List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
+List-Post: <mailto:gcc-patches at gcc dot gnu dot org>
+List-Help: <mailto:gcc-patches-help at gcc dot gnu dot org>
+Sender: gcc-patches-owner at gcc dot gnu dot org
+Delivered-To: mailing list gcc-patches at gcc dot gnu dot org
+
+Hi,
+
+As suggested by richi.
+regtested on i686-linux-gnu with all default languages and no regressions.
+Ok for trunk?
+
+gcc/ChangeLog
+2010-03-15 Bernhard Reutner-Fischer <aldot@gcc.gnu.org>
+
+ PR target/32219
+ * varasm.c (default_binds_local_p_1): Weak data is not local.
+
+gcc/testsuite/ChangeLog
+2010-03-15 Bernhard Reutner-Fischer <aldot@gcc.gnu.org>
+
+ PR target/32219
+ * gcc.dg/visibility-21.c: New test.
+
+Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
+---
+ gcc/testsuite/gcc.dg/visibility-21.c | 14 ++++++++++++++
+ gcc/varasm.c | 8 ++++----
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.dg/visibility-21.c
+
+diff --git a/gcc/testsuite/gcc.dg/visibility-21.c b/gcc/testsuite/gcc.dg/visibility-21.c
+new file mode 100644
+index 0000000..be7deda
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/visibility-21.c
+@@ -0,0 +1,14 @@
++/* PR target/32219 */
++/* { dg-do run } */
++/* { dg-require-visibility "" } */
++/* { dg-options "-fPIC" { target fpic } } */
++
++extern void f() __attribute__((weak,visibility("hidden")));
++extern int puts( char const* );
++int main()
++{
++ if (f)
++ f();
++ return 0;
++}
++
+diff --git a/gcc/varasm.c b/gcc/varasm.c
+index 6b8222f..6b9269a 100644
+--- a/gcc/varasm.c
++++ b/gcc/varasm.c
+@@ -6613,6 +6613,10 @@ default_binds_local_p_1 (const_tree exp, int shlib)
+ /* Static variables are always local. */
+ else if (! TREE_PUBLIC (exp))
+ local_p = true;
++ /* Weak data can be overridden by a strong symbol
++ in another module and so are not local. */
++ else if (DECL_WEAK (exp))
++ local_p = false;
+ /* A variable is local if the user has said explicitly that it will
+ be. */
+ else if (DECL_VISIBILITY_SPECIFIED (exp)
+@@ -6625,10 +6629,6 @@ default_binds_local_p_1 (const_tree exp, int shlib)
+ local. */
+ else if (DECL_VISIBILITY (exp) != VISIBILITY_DEFAULT)
+ local_p = true;
+- /* Default visibility weak data can be overridden by a strong symbol
+- in another module and so are not local. */
+- else if (DECL_WEAK (exp))
+- local_p = false;
+ /* If PIC, then assume that any global name can be overridden by
+ symbols resolved from other modules, unless we are compiling with
+ -fwhole-program, which assumes that names are local. */
+--
+1.7.0
+
diff --git a/main/git/APKBUILD b/main/git/APKBUILD
index f8d9e8bb0..0e2b7e1ef 100644
--- a/main/git/APKBUILD
+++ b/main/git/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=git
-pkgver=1.7.1
-pkgrel=2
+pkgver=1.7.1.1
+pkgrel=0
pkgdesc="GIT - the stupid content tracker"
url="http://git.or.cz/"
license="GPL2"
@@ -10,7 +10,6 @@ subpackages="$pkgname-doc $pkgname-perl"
makedepends="zlib-dev openssl-dev curl-dev expat-dev perl-dev python-dev"
source="http://kernel.org/pub/software/scm/git/git-$pkgver.tar.bz2
bb-tar.patch
- git-do-not-dump-core-when-iconv-fails.patch
"
_makeopts="NO_ICONV=YesPlease
@@ -21,8 +20,6 @@ _makeopts="NO_ICONV=YesPlease
build() {
cd "$srcdir"/$pkgname-$pkgver
patch -p1 -i "$srcdir"/bb-tar.patch || return 1
- patch -p1 -i "$srcdir"/git-do-not-dump-core-when-iconv-fails.patch \
- || return 1
make prefix=/usr DESTDIR="$pkgdir" $_makeopts || return 1
}
@@ -45,6 +42,5 @@ perl() {
}
-md5sums="3da231dbe82ad103373cb530ae7475d5 git-1.7.1.tar.bz2
-e63a201556c4f089de790805c09a2e5b bb-tar.patch
-7c660517316261b383a094ef03aad0aa git-do-not-dump-core-when-iconv-fails.patch"
+md5sums="1b116a3e2ecce46a89e4272abf0de955 git-1.7.1.1.tar.bz2
+e63a201556c4f089de790805c09a2e5b bb-tar.patch"
diff --git a/main/git/git-do-not-dump-core-when-iconv-fails.patch b/main/git/git-do-not-dump-core-when-iconv-fails.patch
deleted file mode 100644
index b338ee480..000000000
--- a/main/git/git-do-not-dump-core-when-iconv-fails.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-commit 43acff34b902c38808ac0f326090f2516250e1f0
-Author: Jonathan Nieder <jrnieder@gmail.com>
-Date: Sat May 8 18:17:29 2010 -0500
-
- cherry-pick: do not dump core when iconv fails
-
- When cherry-picking, usually the new and old commit encodings are both
- UTF-8. Most old iconv implementations do not support this trivial
- conversion, so on old platforms, out->message remains NULL, and later
- attempts to read it segfault.
-
- Fix this by noticing the input and output encodings match and skipping
- the iconv step, like the other reencode_string() call sites already do.
- Also stop segfaulting on other iconv failures: if iconv fails for some
- other reason, the best we can do is to pass the old message through.
-
- This fixes a regression introduced in v1.7.1-rc0~15^2~2 (revert:
- clarify label on conflict hunks, 2010-03-20).
-
- Reported-by: Andreas Krey <a.krey@gmx.de>
- Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
- Signed-off-by: Junio C Hamano <gitster@pobox.com>
-
-diff --git a/builtin/revert.c b/builtin/revert.c
-index 778a56e..7d68ef7 100644
---- a/builtin/revert.c
-+++ b/builtin/revert.c
-@@ -109,8 +109,13 @@ static int get_message(const char *raw_message, struct commit_message *out)
- encoding = "UTF-8";
- if (!git_commit_encoding)
- git_commit_encoding = "UTF-8";
-- if ((out->reencoded_message = reencode_string(raw_message,
-- git_commit_encoding, encoding)))
-+
-+ out->reencoded_message = NULL;
-+ out->message = raw_message;
-+ if (strcmp(encoding, git_commit_encoding))
-+ out->reencoded_message = reencode_string(raw_message,
-+ git_commit_encoding, encoding);
-+ if (out->reencoded_message)
- out->message = out->reencoded_message;
-
- abbrev = find_unique_abbrev(commit->object.sha1, DEFAULT_ABBREV);
diff --git a/main/gmp/APKBUILD b/main/gmp/APKBUILD
deleted file mode 100644
index 36ad708d4..000000000
--- a/main/gmp/APKBUILD
+++ /dev/null
@@ -1,39 +0,0 @@
-# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
-pkgname=gmp
-pkgver=4.3.2
-pkgrel=1
-pkgdesc="A free library for arbitrary precision arithmetic"
-url="http://gmplib.org/"
-license="LGPL3"
-makedepends="m4 texinfo"
-depends=
-subpackages="$pkgname-doc $pkgname-dev"
-source="ftp://ftp.gnu.org/gnu/gmp/gmp-$pkgver.tar.bz2
- gmp-4.1.4-noexecstack.patch
- "
-
-_builddir="$srcdir"/$pkgname-$pkgver
-build() {
- cd "$_builddir"
- patch -p1 < ../gmp-4.1.4-noexecstack.patch || return 1
-
- ABI="32" ./configure --prefix=/usr \
- --build=${CHOST} \
- --infodir=/usr/share/info \
- --mandir=/usr/share/man \
- --localstatedir=/var/state/gmp \
- --disable-mpfr \
- --disable-mpbsd \
- --disable-cxx \
- --with-pic \
- || return 1
-
- make || return 1
-}
-
-package() {
- cd "$_builddir"
- make -j1 DESTDIR="${pkgdir}" install || return 1
-}
-md5sums="dd60683d7057917e34630b4a787932e8 gmp-4.3.2.tar.bz2
-13c34f00e77ded6673270cfea06c35c3 gmp-4.1.4-noexecstack.patch"
diff --git a/main/gmp/gmp-4.1.4-noexecstack.patch b/main/gmp/gmp-4.1.4-noexecstack.patch
deleted file mode 100644
index 093bec1a5..000000000
--- a/main/gmp/gmp-4.1.4-noexecstack.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-fixed executable stack
-
-http://bugs.gentoo.org/115038
-
---- gmp-4.1.4/configure
-+++ gmp-4.1.4/configure
-@@ -21689,6 +21689,13 @@
- fi
- echo "')" >> $gmp_configm4
- echo "define(\`__CONFIG_M4_INCLUDED__')" >> $gmp_configm4
-+# Gentoo hack
-+case $host_os in
-+ *linux*)
-+ echo '.section .note.GNU-stack,"",%progbits' >> $gmp_configm4
-+ echo '.previous' >> $gmp_configm4
-+ ;;
-+esac
-
- # Create Makefiles
- # FIXME: Upcoming version of autoconf/automake may not like broken lines.
diff --git a/main/gmp5/APKBUILD b/main/gmp5/APKBUILD
index c2a4ad6f4..e07bff62c 100644
--- a/main/gmp5/APKBUILD
+++ b/main/gmp5/APKBUILD
@@ -3,13 +3,13 @@ _name=gmp
pkgname=${_name}5
pkgver=5.0.1
-pkgrel=0
+pkgrel=1
pkgdesc="A free library for arbitrary precision arithmetic"
url="http://gmplib.org/"
license="LGPL3"
makedepends="m4 texinfo"
depends=
-subpackages="$pkgname-doc $pkgname-dev"
+subpackages="$pkgname-doc gmp-dev:dev"
source="ftp://ftp.gnu.org/gnu/gmp/gmp-$pkgver.tar.bz2
gmp-4.1.4-noexecstack.patch
"
@@ -39,7 +39,7 @@ package() {
}
dev() {
- replaces="gmp"
+ replaces="gmp gmp5-dev"
default_dev
}
diff --git a/main/guile/APKBUILD b/main/guile/APKBUILD
index 8850b0f1f..6283d7e34 100644
--- a/main/guile/APKBUILD
+++ b/main/guile/APKBUILD
@@ -1,12 +1,12 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=guile
pkgver=1.8.7
-pkgrel=2
+pkgrel=3
pkgdesc="Guile is a portable, embeddable Scheme implementation written in C"
url="http://www.gnu.org/software/guile/"
license="GPL"
subpackages="$pkgname-dev $pkgname-doc"
-makedepends="gmp5-dev libtool ncurses-dev texinfo"
+makedepends="gmp-dev libtool ncurses-dev texinfo"
depends=
install=
source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
diff --git a/main/iscsitarget-grsec/APKBUILD b/main/iscsitarget-grsec/APKBUILD
index b59304420..184f8701b 100644
--- a/main/iscsitarget-grsec/APKBUILD
+++ b/main/iscsitarget-grsec/APKBUILD
@@ -27,6 +27,7 @@ subpackages=
source="http://downloads.sourceforge.net/$_realname/$_realname-$_iscsiver.tar.gz
iscsitarget-1.4.18+linux-2.6.32.patch
"
+_ksrc=/usr/src/linux-headers-${_abi_release}
prepare() {
cd "$srcdir"/$_realname-$_iscsiver
@@ -39,14 +40,12 @@ prepare() {
build() {
cd "$srcdir"/$_realname-$_iscsiver
unset ARCH
- local ksrc=/usr/src/linux-headers-${_abi_release}
- make KSRC="$ksrc" kernel || return 1
+ make KSRC="$_ksrc" kernel || return 1
}
package() {
cd "$srcdir"/$_realname-$_iscsiver
- local ksrc=/usr/src/linux-headers-${_abi_release}
- make KSRC="$ksrc" DISTDIR="$pkgdir" install-kernel || return 1
+ make KSRC="$_ksrc" DISTDIR="$pkgdir" install-kernel || return 1
}
md5sums="9beca214c28949cce1716b49fec57de4 iscsitarget-1.4.19.tar.gz
diff --git a/main/libc0.9.32/APKBUILD b/main/libc0.9.32/APKBUILD
index accdcaf3a..328368895 100644
--- a/main/libc0.9.32/APKBUILD
+++ b/main/libc0.9.32/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_abiver=0.9.32
pkgname=libc$_abiver
-_gitver=1006041126
+_gitver=1006300816
pkgver=${_abiver}_alpha0_git$_gitver
pkgrel=1
pkgdesc="C library for developing embedded Linux systems"
@@ -20,6 +20,7 @@ source="http://build.alpinelinux.org:8010/distfiles/$_snapfile
uclibc-libm-pic.patch
uclibc-lutimes.patch
uclibc-resolv-tls.patch
+ uclibc-gcc-workaround.patch
uclibcconfig.x86
uclibcconfig.i486
"
@@ -96,10 +97,11 @@ utils() {
mv "$pkgdir"/usr/bin/* "$subpkgdir"/usr/bin/
}
-md5sums="048f92606460621d9402c43417392992 libc0.9.32-0.9.32_alpha0_git1006041126.tar.bz2
+md5sums="b7af86c013378888fbd345c47ad21c3a libc0.9.32-0.9.32_alpha0_git1006300816.tar.bz2
4d408f72142ce55a0754948cc9cfe447 compat-stack-guard.patch
2f9739a980be24a842c57516155c7885 uclibc-libm-pic.patch
4d0b8170e6580b47bf5775e65a6f081e uclibc-lutimes.patch
d08831b452acdeaa3037525ee617edab uclibc-resolv-tls.patch
+a88b7f394c86dc7aa606c9e338e35515 uclibc-gcc-workaround.patch
e2eb3bb00a0fe4d6f3d5b5c56b027bab uclibcconfig.x86
e2eb3bb00a0fe4d6f3d5b5c56b027bab uclibcconfig.i486"
diff --git a/main/libc0.9.32/uclibc-gcc-workaround.patch b/main/libc0.9.32/uclibc-gcc-workaround.patch
new file mode 100644
index 000000000..f698ecb79
--- /dev/null
+++ b/main/libc0.9.32/uclibc-gcc-workaround.patch
@@ -0,0 +1,58 @@
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+To: uclibc@uclibc.org
+Subject: [PATCH] more workarounds for GCC PR32219
+Date: Wed, 30 Jun 2010 14:46:37 +0300
+Message-Id: <1277898397-10643-1-git-send-email-timo.teras@iki.fi>
+X-Mailer: git-send-email 1.7.0.4
+MIME-Version: 1.0
+X-BeenThere: uclibc@uclibc.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: "Discussion and development of uClibc \(the embedded C library\)"
+ <uclibc.uclibc.org>
+List-Unsubscribe: <http://lists.busybox.net/mailman/options/uclibc>,
+ <mailto:uclibc-request@uclibc.org?subject=unsubscribe>
+List-Archive: <http://lists.busybox.net/pipermail/uclibc>
+List-Post: <mailto:uclibc@uclibc.org>
+List-Help: <mailto:uclibc-request@uclibc.org?subject=help>
+List-Subscribe: <http://lists.busybox.net/mailman/listinfo/uclibc>,
+ <mailto:uclibc-request@uclibc.org?subject=subscribe>
+Content-Type: text/plain; charset="utf-8"
+Sender: uclibc-bounces@uclibc.org
+Errors-To: uclibc-bounces@uclibc.org
+
+Commit 2e53dd645d5348f207cec7f8595969dc566c5a55 workarounds GCC
+bug when accessing _locale_init and _stdio_init. We need the same
+fix for __errno_location and __h_errno_location otherwise we crash
+calling null with static and non-threaded builds.
+
+Signed-off-by: Timo TerĂƒÂ¤s <timo.teras@iki.fi>
+---
+ libc/misc/internals/__uClibc_main.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libc/misc/internals/__uClibc_main.c b/libc/misc/internals/__uClibc_main.c
+index 44d1620..e8c470b 100644
+--- a/libc/misc/internals/__uClibc_main.c
++++ b/libc/misc/internals/__uClibc_main.c
+@@ -447,11 +447,11 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
+ * have resulted in errno being set nonzero, so set it to 0 before
+ * we call main.
+ */
+- if (likely(__errno_location!=NULL))
++ if (likely(not_null_ptr(__errno_location)))
+ *(__errno_location()) = 0;
+
+ /* Set h_errno to 0 as well */
+- if (likely(__h_errno_location!=NULL))
++ if (likely(not_null_ptr(__h_errno_location)))
+ *(__h_errno_location()) = 0;
+
+ #if defined HAVE_CLEANUP_JMP_BUF && defined __UCLIBC_HAS_THREADS_NATIVE__
+--
+1.7.0.4
+
+_______________________________________________
+uClibc mailing list
+uClibc@uclibc.org
+http://lists.busybox.net/mailman/listinfo/uclibc
diff --git a/main/libconfig/APKBUILD b/main/libconfig/APKBUILD
index e4bf50072..db88ca1ca 100644
--- a/main/libconfig/APKBUILD
+++ b/main/libconfig/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libconfig
-pkgver=1.4.3
+pkgver=1.4.5
pkgrel=0
pkgdesc="a simple library for manipulating structured configuration files"
url="http://www.hyperrealm.com/libconfig/"
@@ -24,4 +24,4 @@ package() {
make -j1 DESTDIR="$pkgdir/" install
}
-md5sums="295f580a7bc3a03a44d520d6ace55ee6 libconfig-1.4.3.tar.gz"
+md5sums="f2219e1b2501e7296a7d3e971c63666a libconfig-1.4.5.tar.gz"
diff --git a/main/libevent/APKBUILD b/main/libevent/APKBUILD
index f74477985..4a627408f 100644
--- a/main/libevent/APKBUILD
+++ b/main/libevent/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libevent
-pkgver=1.4.13
-pkgrel=1
+pkgver=1.4.14b
+pkgrel=0
pkgdesc="An event notification library"
url="http://www.monkey.org/~provos/libevent/"
license="GPL-2"
@@ -20,4 +20,4 @@ package() {
cd $srcdir/$pkgname-$pkgver-stable
make -j1 DESTDIR=$pkgdir install || return 1
}
-md5sums="0b3ea18c634072d12b3c1ee734263664 libevent-1.4.13-stable.tar.gz"
+md5sums="a00e037e4d3f9e4fe9893e8a2d27918c libevent-1.4.14b-stable.tar.gz"
diff --git a/testing/libowfat/APKBUILD b/main/libowfat/APKBUILD
index 8e3ee0eca..8e3ee0eca 100644
--- a/testing/libowfat/APKBUILD
+++ b/main/libowfat/APKBUILD
diff --git a/main/libpng/APKBUILD b/main/libpng/APKBUILD
index 39a12f7cd..db52574fb 100644
--- a/main/libpng/APKBUILD
+++ b/main/libpng/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Carlo Landmeter <clandmeter at gmail>
# Maintainer: Carlo Landmeter <clandmeter at gmail>
pkgname=libpng
-pkgver=1.4.2
+pkgver=1.4.3
pkgrel=0
pkgdesc="Portable Network Graphics library"
url="http://www.libpng.org/"
@@ -27,4 +27,4 @@ package() {
install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE || return 1
}
-md5sums="89fd334dc5fc84ff146b9269c4fa452f libpng-1.4.2.tar.gz"
+md5sums="df3521f61a1b8b69489d297c0ca8c1f8 libpng-1.4.3.tar.gz"
diff --git a/main/lighttpd/APKBUILD b/main/lighttpd/APKBUILD
index 5c03ed55a..f229887b2 100644
--- a/main/lighttpd/APKBUILD
+++ b/main/lighttpd/APKBUILD
@@ -2,7 +2,7 @@
pkgname=lighttpd
pkgver=1.4.26
_streamver=2.2.0
-pkgrel=4
+pkgrel=5
pkgdesc="a secure, fast, compliant and very flexible web-server"
url="http://www.lighttpd.net/"
license="custom"
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index cb94b0136..ef73e4958 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.15
_kernver=2.6.32
-pkgrel=8
+pkgrel=9
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.1.14-2.6.32.15-201006011506.patch
+ grsecurity-2.2.0-2.6.32.15-201006271253.patch
0001-grsec-revert-conflicting-flow-cache-changes.patch
0002-gre-fix-hard-header-destination-address-checking.patch
0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -148,7 +148,7 @@ firmware() {
md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
5c9251844c2819eddee4dba1293bd46d patch-2.6.32.15.bz2
-7f61d0de3d703c465bff03a20b2dbd30 grsecurity-2.1.14-2.6.32.15-201006011506.patch
+98a8ab1e328d67e40657ef5e4b9d1b37 grsecurity-2.2.0-2.6.32.15-201006271253.patch
1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch
index 215c62b4e..722e01f37 100644
--- a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch
@@ -7562,7 +7562,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/page_64_types.h linux-2.6.32.15/
#define __VIRTUAL_MASK_SHIFT 47
diff -urNp linux-2.6.32.15/arch/x86/include/asm/paravirt.h linux-2.6.32.15/arch/x86/include/asm/paravirt.h
--- linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-05-28 21:27:14.915041226 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-06-19 10:03:50.008525890 -0400
@@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
@@ -7765,7 +7765,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32.
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-05-28 21:27:14.915041226 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-06-19 10:03:50.008525890 -0400
@@ -38,12 +38,16 @@ static inline void native_set_pte_atomic
static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
@@ -7785,7 +7785,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15
/*
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-05-28 21:27:14.915041226 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-06-19 10:03:50.008525890 -0400
@@ -16,10 +16,13 @@
extern pud_t level3_kernel_pgt[512];
@@ -7812,7 +7812,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc
}
static inline void native_pmd_clear(pmd_t *pmd)
-@@ -94,12 +99,18 @@ static inline void native_pud_clear(pud_
+@@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_
static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
{
@@ -7822,15 +7822,6 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc
}
static inline void native_pgd_clear(pgd_t *pgd)
- {
-+
-+#ifndef CONFIG_PAX_PER_CPU_PGD
- native_set_pgd(pgd, native_make_pgd(0));
-+#endif
-+
- }
-
- /*
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-05-28 21:27:14.915041226 -0400
@@ -7844,7 +7835,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.
#endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x86/include/asm/pgtable.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-05-28 21:27:14.918896182 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-06-19 10:03:50.008525890 -0400
@@ -74,12 +74,51 @@ extern struct list_head pgd_list;
#define arch_end_context_switch(prev) do {} while(0)
@@ -7988,7 +7979,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -611,11 +698,18 @@ static inline void ptep_set_wrprotect(st
+@@ -611,11 +698,23 @@ static inline void ptep_set_wrprotect(st
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -8004,7 +7995,12 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x
+#ifdef CONFIG_PAX_PER_CPU_PGD
+extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count);
++#endif
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count);
++#else
++static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {}
+#endif
#include <asm-generic/pgtable.h>
@@ -9301,16 +9297,8 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/xsave.h linux-2.6.32.15/arch/x86
".section .fixup,\"ax\"\n"
diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
--- linux-2.6.32.15/arch/x86/Kconfig 2010-05-15 13:20:18.407099662 -0400
-+++ linux-2.6.32.15/arch/x86/Kconfig 2010-05-28 21:27:14.922894828 -0400
-@@ -531,6 +531,7 @@ source "arch/x86/lguest/Kconfig"
-
- config PARAVIRT
- bool "Enable paravirtualization code"
-+ depends on !PAX_PER_CPU_PGD
- ---help---
- This changes the kernel so it can modify itself when it is run
- under a hypervisor, potentially improving performance significantly
-@@ -1083,7 +1084,7 @@ config PAGE_OFFSET
++++ linux-2.6.32.15/arch/x86/Kconfig 2010-06-19 11:15:06.486972627 -0400
+@@ -1083,7 +1083,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -9319,7 +9307,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1414,7 +1415,7 @@ config ARCH_USES_PG_UNCACHED
+@@ -1414,7 +1414,7 @@ config ARCH_USES_PG_UNCACHED
config EFI
bool "EFI runtime service support"
@@ -9328,7 +9316,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
---help---
This enables the kernel to use EFI runtime services that are
available (such as the EFI variable services).
-@@ -1501,6 +1502,7 @@ config KEXEC_JUMP
+@@ -1501,6 +1501,7 @@ config KEXEC_JUMP
config PHYSICAL_START
hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
default "0x1000000"
@@ -9336,7 +9324,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
---help---
This gives the physical address where the kernel is loaded.
-@@ -1565,6 +1567,7 @@ config PHYSICAL_ALIGN
+@@ -1565,6 +1566,7 @@ config PHYSICAL_ALIGN
hex
prompt "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -9344,7 +9332,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1596,9 +1599,10 @@ config HOTPLUG_CPU
+@@ -1596,9 +1598,10 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
config COMPAT_VDSO
@@ -10503,7 +10491,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/efi_stub_32.S linux-2.6.32.15/arch/x8
efi_rt_function_ptr:
diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/kernel/entry_32.S
--- linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-05-28 21:27:15.031137412 -0400
++++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-06-19 10:03:50.008525890 -0400
@@ -191,7 +191,67 @@
#endif /* CONFIG_X86_32_LAZY_GS */
@@ -10780,15 +10768,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k
#include "syscall_table_32.S"
syscall_table_size=(.-sys_call_table)
-@@ -1250,12 +1366,15 @@ error_code:
- movl %ecx, %fs
- UNWIND_ESPFIX_STACK
- GS_TO_REG %ecx
-+
-+ PAX_ENTER_KERNEL
-+
- movl PT_GS(%esp), %edi # get the function address
- movl PT_ORIG_EAX(%esp), %edx # get the error code
+@@ -1255,9 +1371,12 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -10796,7 +10776,12 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k
+ movl $(__KERNEL_DS), %ecx
movl %ecx, %ds
movl %ecx, %es
++
++ PAX_ENTER_KERNEL
++
TRACE_IRQS_OFF
+ movl %esp,%eax # pt_regs pointer
+ call *%edi
@@ -1351,6 +1470,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
@@ -11367,7 +11352,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head32.c linux-2.6.32.15/arch/x86/ker
/* Reserve INITRD */
diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/kernel/head_32.S
--- linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-05-28 21:27:15.039159907 -0400
++++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-06-19 10:03:50.008525890 -0400
@@ -19,10 +19,17 @@
#include <asm/setup.h>
#include <asm/processor-flags.h>
@@ -11658,7 +11643,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -608,27 +679,45 @@ ENTRY(initial_code)
+@@ -608,27 +679,38 @@ ENTRY(initial_code)
/*
* BSS section
*/
@@ -11699,17 +11684,22 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
- .align PAGE_SIZE_asm
+.section .swapper_pg_dir,"a",@progbits
+
+ ENTRY(swapper_pg_dir)
+ .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
+ # if KPMDS == 3
+@@ -647,15 +729,24 @@ ENTRY(swapper_pg_dir)
+ # error "Kernel PMDs should be 1, 2 or 3"
+ # endif
+ .align PAGE_SIZE_asm /* needs to be page-sized too */
++
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ENTRY(cpu_pgd)
+ .rept NR_CPUS
-+ .fill 512,8,0
++ .fill 4,8,0
+ .endr
+#endif
+
- ENTRY(swapper_pg_dir)
- .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
- # if KPMDS == 3
-@@ -651,11 +740,12 @@ ENTRY(swapper_pg_dir)
+ #endif
.data
ENTRY(stack_start)
@@ -11723,7 +11713,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
early_recursion_flag:
.long 0
-@@ -691,7 +781,7 @@ fault_msg:
+@@ -691,7 +782,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -11732,7 +11722,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -702,7 +792,7 @@ idt_descr:
+@@ -702,7 +793,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -11741,7 +11731,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -711,5 +801,65 @@ ENTRY(early_gdt_descr)
+@@ -711,5 +802,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -11809,23 +11799,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
+ /* Be sure this is zeroed to avoid false validations in Xen */
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
-diff -urNp linux-2.6.32.15/arch/x86/kernel/head64.c linux-2.6.32.15/arch/x86/kernel/head64.c
---- linux-2.6.32.15/arch/x86/kernel/head64.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/head64.c 2010-05-28 21:27:15.039159907 -0400
-@@ -29,7 +29,13 @@
- static void __init zap_identity_mappings(void)
- {
- pgd_t *pgd = pgd_offset_k(0UL);
-+
-+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ set_pgd(pgd, native_make_pgd(0));
-+#else
- pgd_clear(pgd);
-+#endif
-+
- __flush_tlb_all();
- }
-
diff -urNp linux-2.6.32.15/arch/x86/kernel/head_64.S linux-2.6.32.15/arch/x86/kernel/head_64.S
--- linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-05-28 21:27:15.039159907 -0400
@@ -12136,7 +12109,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/init_task.c linux-2.6.32.15/arch/x86/
+EXPORT_SYMBOL(init_tss);
diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/kernel/ioport.c
--- linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-05-28 21:27:15.039159907 -0400
++++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-06-19 21:48:03.327550760 -0400
@@ -6,6 +6,7 @@
#include <linux/sched.h>
#include <linux/kernel.h>
@@ -12150,7 +12123,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
+#ifdef CONFIG_GRKERNSEC_IO
-+ if (turn_on) {
++ if (turn_on && grsec_disable_privio) {
+ gr_handle_ioperm();
+ return -EPERM;
+ }
@@ -12167,20 +12140,19 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker
set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
-@@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s
+@@ -111,6 +118,12 @@ static int do_iopl(unsigned int level, s
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
+#ifdef CONFIG_GRKERNSEC_IO
-+ gr_handle_iopl();
-+ return -EPERM;
-+#else
++ if (grsec_disable_privio) {
++ gr_handle_iopl();
++ return -EPERM;
++ }
++#endif
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
-+#endif
}
- regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
-
diff -urNp linux-2.6.32.15/arch/x86/kernel/irq_32.c linux-2.6.32.15/arch/x86/kernel/irq_32.c
--- linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-05-28 21:27:15.039159907 -0400
@@ -12406,23 +12378,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.15/ar
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
-diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c
---- linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-05-28 21:27:15.043064911 -0400
-@@ -126,7 +126,13 @@ static int init_level4_page(struct kimag
- }
- /* clear the unused entries */
- while (addr < end_addr) {
-+
-+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ set_pgd(level4p++, native_make_pgd(0));
-+#else
- pgd_clear(level4p++);
-+#endif
-+
- addr += PGDIR_SIZE;
- }
- out:
diff -urNp linux-2.6.32.15/arch/x86/kernel/microcode_amd.c linux-2.6.32.15/arch/x86/kernel/microcode_amd.c
--- linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-05-28 21:27:15.043064911 -0400
@@ -16982,7 +16937,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/extable.c linux-2.6.32.15/arch/x86/mm/ext
pnp_bios_is_utter_crap = 1;
diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault.c
--- linux-2.6.32.15/arch/x86/mm/fault.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-05-28 21:27:15.107152206 -0400
++++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-06-19 10:03:50.012498759 -0400
@@ -11,10 +11,19 @@
#include <linux/kprobes.h> /* __kprobes, ... */
#include <linux/mmiotrace.h> /* kmmio_handler, ... */
@@ -17069,17 +17024,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
break;
}
spin_unlock_irqrestore(&pgd_lock, flags);
-@@ -257,6 +303,9 @@ static noinline int vmalloc_fault(unsign
- * Do _not_ use "current" here. We might be inside
+@@ -258,6 +304,11 @@ static noinline int vmalloc_fault(unsign
* an interrupt in the middle of a task switch..
*/
+ pgd_paddr = read_cr3();
++
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK));
++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK));
+#endif
- pgd_paddr = read_cr3();
++
pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
if (!pmd_k)
-@@ -332,15 +381,27 @@ void vmalloc_sync_all(void)
+ return -1;
+@@ -332,15 +383,27 @@ void vmalloc_sync_all(void)
const pgd_t *pgd_ref = pgd_offset_k(address);
unsigned long flags;
@@ -17107,7 +17064,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
if (pgd_none(*pgd))
set_pgd(pgd, *pgd_ref);
else
-@@ -373,7 +434,14 @@ static noinline int vmalloc_fault(unsign
+@@ -373,7 +436,14 @@ static noinline int vmalloc_fault(unsign
* happen within a race in page table update. In the later
* case just flush:
*/
@@ -17122,7 +17079,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
pgd_ref = pgd_offset_k(address);
if (pgd_none(*pgd_ref))
return -1;
-@@ -535,7 +603,7 @@ static int is_errata93(struct pt_regs *r
+@@ -535,7 +605,7 @@ static int is_errata93(struct pt_regs *r
static int is_errata100(struct pt_regs *regs, unsigned long address)
{
#ifdef CONFIG_X86_64
@@ -17131,7 +17088,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
return 1;
#endif
return 0;
-@@ -562,7 +630,7 @@ static int is_f00f_bug(struct pt_regs *r
+@@ -562,7 +632,7 @@ static int is_f00f_bug(struct pt_regs *r
}
static const char nx_warning[] = KERN_CRIT
@@ -17140,7 +17097,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
static void
show_fault_oops(struct pt_regs *regs, unsigned long error_code,
-@@ -571,15 +639,26 @@ show_fault_oops(struct pt_regs *regs, un
+@@ -571,15 +641,26 @@ show_fault_oops(struct pt_regs *regs, un
if (!oops_may_print())
return;
@@ -17169,7 +17126,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -704,6 +783,68 @@ __bad_area_nosemaphore(struct pt_regs *r
+@@ -704,6 +785,68 @@ __bad_area_nosemaphore(struct pt_regs *r
unsigned long address, int si_code)
{
struct task_struct *tsk = current;
@@ -17238,7 +17195,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
/* User mode accesses just cause a SIGSEGV */
if (error_code & PF_USER) {
-@@ -848,6 +989,106 @@ static int spurious_fault_check(unsigned
+@@ -848,6 +991,106 @@ static int spurious_fault_check(unsigned
return 1;
}
@@ -17345,7 +17302,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -914,6 +1155,9 @@ int show_unhandled_signals = 1;
+@@ -914,6 +1157,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, int write, struct vm_area_struct *vma)
{
@@ -17355,7 +17312,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
if (write) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -947,17 +1191,31 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -947,17 +1193,31 @@ do_page_fault(struct pt_regs *regs, unsi
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -17391,7 +17348,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1017,7 +1275,7 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1017,7 +1277,7 @@ do_page_fault(struct pt_regs *regs, unsi
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
@@ -17400,7 +17357,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1071,6 +1329,11 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1071,6 +1331,11 @@ do_page_fault(struct pt_regs *regs, unsi
might_sleep();
}
@@ -17412,7 +17369,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1082,18 +1345,24 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1082,18 +1347,24 @@ do_page_fault(struct pt_regs *regs, unsi
bad_area(regs, error_code, address);
return;
}
@@ -17436,19 +17393,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
+ if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
+ bad_area(regs, error_code, address);
+ return;
-+ }
+ }
+
+#ifdef CONFIG_PAX_SEGMEXEC
+ if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
+ bad_area(regs, error_code, address);
+ return;
- }
++ }
+#endif
+
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1137,3 +1406,199 @@ good_area:
+@@ -1137,3 +1408,199 @@ good_area:
up_read(&mm->mmap_sem);
}
@@ -18182,7 +18139,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init_64.c linux-2.6.32.15/arch/x86/mm/ini
return "[vsyscall]";
diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c
--- linux-2.6.32.15/arch/x86/mm/init.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/init.c 2010-05-28 21:27:15.114903294 -0400
++++ linux-2.6.32.15/arch/x86/mm/init.c 2010-06-19 10:03:50.012498759 -0400
@@ -69,11 +69,7 @@ static void __init find_early_table_spac
* cause a hotspot and fill up ZONE_DMA. The page tables
* need roughly 0.5KB per GB.
@@ -18211,7 +18168,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c
return 1;
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
-@@ -379,6 +381,87 @@ void free_init_pages(char *what, unsigne
+@@ -379,6 +381,89 @@ void free_init_pages(char *what, unsigne
void free_initmem(void)
{
@@ -18250,12 +18207,14 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c
+*/
+#ifdef CONFIG_X86_PAE
+ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
++/*
+ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
+ pgd = pgd_offset_k(addr);
+ pud = pud_offset(pgd, addr);
+ pmd = pmd_offset(pud, addr);
+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
+ }
++*/
+#endif
+
+#ifdef CONFIG_MODULES
@@ -18475,38 +18434,83 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/numa_32.c linux-2.6.32.15/arch/x86/mm/num
#define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr.c linux-2.6.32.15/arch/x86/mm/pageattr.c
--- linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-05-28 21:27:15.118897735 -0400
-@@ -268,9 +268,10 @@ static inline pgprot_t static_protection
++++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-06-19 10:03:50.012498759 -0400
+@@ -261,16 +261,17 @@ static inline pgprot_t static_protection
+ * PCI BIOS based config access (CONFIG_PCI_GOBIOS) support.
+ */
+ if (within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
+- pgprot_val(forbidden) |= _PAGE_NX;
++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
+
+ /*
+ * The kernel text needs to be executable for obvious reasons
* Does not cover __inittext since that is gone later on. On
* 64bit we do not enforce !NX on the low mapping
*/
- if (within(address, (unsigned long)_text, (unsigned long)_etext))
+- pgprot_val(forbidden) |= _PAGE_NX;
+ if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
- pgprot_val(forbidden) |= _PAGE_NX;
++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
+#ifdef CONFIG_DEBUG_RODATA
/*
* The .rodata section needs to be read-only. Using the pfn
* catches all aliases.
-@@ -278,6 +279,7 @@ static inline pgprot_t static_protection
+@@ -278,6 +279,14 @@ static inline pgprot_t static_protection
if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
__pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
pgprot_val(forbidden) |= _PAGE_RW;
+#endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++ if (within(pfn, __pa((unsigned long)&_text), __pa((unsigned long)&_sdata))) {
++ pgprot_val(forbidden) |= _PAGE_RW;
++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
++ }
++#endif
prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
-@@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address);
+@@ -331,23 +340,37 @@ EXPORT_SYMBOL_GPL(lookup_address);
static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
{
/* change init_mm */
+ pax_open_kernel();
set_pte_atomic(kpte, pte);
-+ pax_close_kernel();
+
#ifdef CONFIG_X86_32
if (!SHARED_KERNEL_PMD) {
++
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ unsigned long cpu;
++#else
struct page *page;
++#endif
+
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ for (cpu = 0; cpu < NR_CPUS; ++cpu) {
++ pgd_t *pgd = get_cpu_pgd(cpu);
++#else
+ list_for_each_entry(page, &pgd_list, lru) {
+- pgd_t *pgd;
++ pgd_t *pgd = (pgd_t *)page_address(page);;
++#endif
++
+ pud_t *pud;
+ pmd_t *pmd;
+
+- pgd = (pgd_t *)page_address(page) + pgd_index(address);
++ pgd += pgd_index(address);
+ pud = pud_offset(pgd, address);
+ pmd = pmd_offset(pud, address);
+ set_pte_atomic((pte_t *)pmd, pte);
+ }
+ }
+ #endif
++ pax_close_kernel();
+ }
+
+ static int
diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr-test.c linux-2.6.32.15/arch/x86/mm/pageattr-test.c
--- linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-05-28 21:27:15.118897735 -0400
@@ -18577,28 +18581,22 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable_32.c linux-2.6.32.15/arch/x86/mm/
* It's enough to flush this one mapping.
diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgtable.c
--- linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-05-28 21:27:15.118897735 -0400
-@@ -63,8 +63,12 @@ void ___pmd_free_tlb(struct mmu_gather *
- #if PAGETABLE_LEVELS > 3
- void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud)
- {
-+
-+#ifndef CONFIG_PAX_PER_CPU_PGD
- paravirt_release_pud(__pa(pud) >> PAGE_SHIFT);
- tlb_remove_page(tlb, virt_to_page(pud));
-+#endif
-+
- }
- #endif /* PAGETABLE_LEVELS > 3 */
- #endif /* PAGETABLE_LEVELS > 2 */
-@@ -83,8 +87,62 @@ static inline void pgd_list_del(pgd_t *p
++++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-06-19 10:03:50.012498759 -0400
+@@ -83,8 +83,59 @@ static inline void pgd_list_del(pgd_t *p
list_del(&page->lru);
}
-#define UNSHARED_PTRS_PER_PGD \
- (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+pteval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT;
++pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT;
++
++void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count)
++{
++ while (count--)
++ *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER);
++
++}
+#endif
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
@@ -18613,16 +18611,6 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
+#endif
+
+}
-+
-+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count)
-+{
-+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ while (count--)
-+ *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER);
-+#endif
-+
-+}
+#endif
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
@@ -18656,7 +18644,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
static void pgd_ctor(pgd_t *pgd)
{
-@@ -119,6 +177,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -119,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd)
pgd_list_del(pgd);
spin_unlock_irqrestore(&pgd_lock, flags);
}
@@ -18664,7 +18652,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
-@@ -131,7 +190,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -131,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd)
* -- wli
*/
@@ -18673,7 +18661,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
/*
* In PAE mode, we need to do a cr3 reload (=tlb flush) when
* updating the top-level pagetable entries to guarantee the
-@@ -143,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -143,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd)
* not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
* and initialize the kernel pmds here.
*/
@@ -18682,7 +18670,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
{
-@@ -162,36 +221,38 @@ void pud_populate(struct mm_struct *mm,
+@@ -162,36 +214,38 @@ void pud_populate(struct mm_struct *mm,
if (mm == current->active_mm)
write_cr3(read_cr3());
}
@@ -18732,7 +18720,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
return -ENOMEM;
}
-@@ -204,51 +265,56 @@ static int preallocate_pmds(pmd_t *pmds[
+@@ -204,51 +258,56 @@ static int preallocate_pmds(pmd_t *pmds[
* preallocate which never got a corresponding vma will need to be
* freed manually.
*/
@@ -18806,7 +18794,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
unsigned long flags;
pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
-@@ -258,11 +324,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -258,11 +317,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
mm->pgd = pgd;
@@ -18820,7 +18808,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
/*
* Make sure that pre-populating the pmds is atomic with
-@@ -272,14 +338,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -272,14 +331,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
spin_lock_irqsave(&pgd_lock, flags);
pgd_ctor(pgd);
@@ -18838,7 +18826,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
out_free_pgd:
free_page((unsigned long)pgd);
out:
-@@ -288,7 +354,7 @@ out:
+@@ -288,7 +347,7 @@ out:
void pgd_free(struct mm_struct *mm, pgd_t *pgd)
{
@@ -20109,6 +20097,18 @@ diff -urNp linux-2.6.32.15/Documentation/kernel-parameters.txt linux-2.6.32.15/D
pcbit= [HW,ISDN]
pcd. [PARIDE]
+diff -urNp linux-2.6.32.15/drivers/acpi/acpi_pad.c linux-2.6.32.15/drivers/acpi/acpi_pad.c
+--- linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-03-15 11:52:04.000000000 -0400
++++ linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-06-19 10:03:45.704801524 -0400
+@@ -30,7 +30,7 @@
+ #include <acpi/acpi_bus.h>
+ #include <acpi/acpi_drivers.h>
+
+-#define ACPI_PROCESSOR_AGGREGATOR_CLASS "processor_aggregator"
++#define ACPI_PROCESSOR_AGGREGATOR_CLASS "acpi_pad"
+ #define ACPI_PROCESSOR_AGGREGATOR_DEVICE_NAME "Processor Aggregator"
+ #define ACPI_PROCESSOR_AGGREGATOR_NOTIFY 0x80
+ static DEFINE_MUTEX(isolated_cpus_lock);
diff -urNp linux-2.6.32.15/drivers/acpi/battery.c linux-2.6.32.15/drivers/acpi/battery.c
--- linux-2.6.32.15/drivers/acpi/battery.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/drivers/acpi/battery.c 2010-05-28 21:27:15.179152446 -0400
@@ -27801,6 +27801,18 @@ diff -urNp linux-2.6.32.15/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.15/drive
.owner = THIS_MODULE,
.open = blkvsc_open,
.release = blkvsc_release,
+diff -urNp linux-2.6.32.15/drivers/staging/hv/Hv.c linux-2.6.32.15/drivers/staging/hv/Hv.c
+--- linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-05-15 13:20:18.963900073 -0400
++++ linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-06-19 10:03:50.012498759 -0400
+@@ -161,7 +161,7 @@ static u64 HvDoHypercall(u64 Control, vo
+ u64 outputAddress = (Output) ? virt_to_phys(Output) : 0;
+ u32 outputAddressHi = outputAddress >> 32;
+ u32 outputAddressLo = outputAddress & 0xFFFFFFFF;
+- volatile void *hypercallPage = gHvContext.HypercallPage;
++ volatile void *hypercallPage = ktva_ktla(gHvContext.HypercallPage);
+
+ DPRINT_DBG(VMBUS, "Hypercall <control %llx input %p output %p>",
+ Control, Input, Output);
diff -urNp linux-2.6.32.15/drivers/staging/panel/panel.c linux-2.6.32.15/drivers/staging/panel/panel.c
--- linux-2.6.32.15/drivers/staging/panel/panel.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/drivers/staging/panel/panel.c 2010-05-28 21:27:15.842942312 -0400
@@ -34413,8 +34425,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_alloc.c linux-2.6.32.15/grsecurity/g
+}
diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
--- linux-2.6.32.15/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/gracl.c 2010-05-28 21:27:16.327077893 -0400
-@@ -0,0 +1,3897 @@
++++ linux-2.6.32.15/grsecurity/gracl.c 2010-06-26 14:00:02.982610280 -0400
+@@ -0,0 +1,3899 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -38202,6 +38214,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
+ who have the 'view' subject flag if the RBAC system is enabled
+ */
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+ task = find_task_by_vpid(pid);
+ if (task) {
@@ -38230,6 +38243,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
+ ret = -ENOENT;
+
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+
+ return ret;
+}
@@ -38314,8 +38328,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
+
diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gracl_cap.c
--- linux-2.6.32.15/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-05-28 21:27:16.327077893 -0400
-@@ -0,0 +1,131 @@
++++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-06-19 21:06:17.097881201 -0400
+@@ -0,0 +1,138 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -38370,6 +38384,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+ const struct cred *cred = current_cred();
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
++ kernel_cap_t cap_audit = __cap_empty_set;
+
+ if (!gr_acl_is_enabled())
+ return 1;
@@ -38378,6 +38393,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+
+ cap_drop = curracl->cap_lower;
+ cap_mask = curracl->cap_mask;
++ cap_audit = curracl->cap_invert_audit;
+
+ while ((curracl = curracl->parent_subject)) {
+ /* if the cap isn't specified in the current computed mask but is specified in the
@@ -38389,11 +38405,16 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+ cap_raise(cap_mask, cap);
+ if (cap_raised(curracl->cap_lower, cap))
+ cap_raise(cap_drop, cap);
++ if (cap_raised(curracl->cap_invert_audit, cap))
++ cap_raise(cap_audit, cap);
+ }
+ }
+
-+ if (!cap_raised(cap_drop, cap))
++ if (!cap_raised(cap_drop, cap)) {
++ if (cap_raised(cap_audit, cap))
++ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
+ return 1;
++ }
+
+ curracl = task->acl;
+
@@ -38409,7 +38430,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+ return 1;
+ }
+
-+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap))
++ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
+ return 0;
+}
@@ -39818,8 +39839,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_segv.c linux-2.6.32.15/grsecurity/gr
+}
diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gracl_shm.c
--- linux-2.6.32.15/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,37 @@
++++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-06-26 14:01:55.746591444 -0400
+@@ -0,0 +1,40 @@
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <linux/sched.h>
@@ -39838,6 +39859,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra
+ if (!gr_acl_is_enabled())
+ return 1;
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+
+ task = find_task_by_vpid(shm_cprid);
@@ -39850,10 +39872,12 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra
+ (task->acl->mode & GR_PROTSHM) &&
+ (task->acl != current->acl))) {
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
+ return 0;
+ }
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+
+ return 1;
+}
@@ -39882,8 +39906,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chdir.c linux-2.6.32.15/grsecurity/g
+}
diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/grsec_chroot.c
--- linux-2.6.32.15/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,348 @@
++++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-06-26 14:05:26.054819575 -0400
+@@ -0,0 +1,355 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -39907,6 +39931,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (likely(!proc_is_chrooted(current)))
+ return 1;
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+
+ spid = find_vpid(pid);
@@ -39917,12 +39942,14 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (unlikely(!have_same_root(current, p))) {
+ gr_fs_read_unlock(p);
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
+ return 0;
+ }
+ gr_fs_read_unlock(p);
+ }
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+#endif
+ return 1;
+}
@@ -40065,6 +40092,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (likely(!proc_is_chrooted(current)))
+ return 1;
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+
+ pid = find_vpid(shm_cprid);
@@ -40077,6 +40105,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
+ gr_fs_read_unlock(p);
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
+ return 0;
+ }
@@ -40090,6 +40119,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (unlikely(!have_same_root(current, p))) {
+ gr_fs_read_unlock(p);
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
+ return 0;
+ }
@@ -40098,6 +40128,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ }
+
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+#endif
+ return 1;
+}
@@ -40804,8 +40835,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_fork.c linux-2.6.32.15/grsecurity/gr
+}
diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/grsec_init.c
--- linux-2.6.32.15/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,241 @@
++++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-06-27 12:52:54.615758098 -0400
+@@ -0,0 +1,258 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -40814,6 +40845,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+#include <linux/slab.h>
+#include <linux/vmalloc.h>
+#include <linux/percpu.h>
++#include <linux/module.h>
+
+int grsec_enable_link;
+int grsec_enable_dmesg;
@@ -40848,6 +40880,9 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+int grsec_enable_tpe;
+int grsec_tpe_gid;
+int grsec_enable_blackhole;
++#ifdef CONFIG_IPV6_MODULE
++EXPORT_SYMBOL(grsec_enable_blackhole);
++#endif
+int grsec_lastack_retries;
+int grsec_enable_tpe_all;
+int grsec_enable_socket_all;
@@ -40857,6 +40892,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+int grsec_enable_socket_server;
+int grsec_socket_server_gid;
+int grsec_resource_logging;
++int grsec_disable_privio;
+int grsec_lock;
+
+DEFINE_SPINLOCK(grsec_alert_lock);
@@ -40928,10 +40964,22 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+ return;
+ }
+
++
++#ifdef CONFIG_GRKERNSEC_IO
++#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
++ grsec_disable_privio = 1;
++#elif defined(CONFIG_GRKERNSEC_SYSCTL_ON)
++ grsec_disable_privio = 1;
++#else
++ grsec_disable_privio = 0;
++#endif
++#endif
++
+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
+#ifndef CONFIG_GRKERNSEC_SYSCTL
+ grsec_lock = 1;
+#endif
++
+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
+ grsec_enable_audit_textrel = 1;
+#endif
@@ -41913,8 +41961,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sock.c linux-2.6.32.15/grsecurity/gr
+}
diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/grsec_sysctl.c
--- linux-2.6.32.15/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,447 @@
++++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-06-19 21:32:37.093947224 -0400
+@@ -0,0 +1,459 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/sysctl.h>
@@ -41940,6 +41988,18 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/
+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
+ctl_table grsecurity_table[] = {
+#ifdef CONFIG_GRKERNSEC_SYSCTL
++#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO
++#ifdef CONFIG_GRKERNSEC_IO
++ {
++ .ctl_name = CTL_UNNUMBERED,
++ .procname = "disable_priv_io",
++ .data = &grsec_disable_privio,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++#endif
+#ifdef CONFIG_GRKERNSEC_LINK
+ {
+ .ctl_name = CTL_UNNUMBERED,
@@ -42443,8 +42503,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_tpe.c linux-2.6.32.15/grsecurity/grs
+}
diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c
--- linux-2.6.32.15/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsum.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,59 @@
++++ linux-2.6.32.15/grsecurity/grsum.c 2010-06-26 13:55:39.510774424 -0400
+@@ -0,0 +1,61 @@
+#include <linux/err.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -42470,6 +42530,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c
+ volatile int dummy = 0;
+ unsigned int i;
+
++ sg_init_table(&sg, 1);
++
+ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(tfm)) {
+ /* should never happen, since sha256 should be built in */
@@ -42506,8 +42568,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c
+}
diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig
--- linux-2.6.32.15/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/Kconfig 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,965 @@
++++ linux-2.6.32.15/grsecurity/Kconfig 2010-06-26 14:17:55.584309817 -0400
+@@ -0,0 +1,981 @@
+#
+# grecurity configuration
+#
@@ -43342,7 +43404,7 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig
+ all servers it connects to have this option enabled, consider
+ disabling this feature on the haproxy host.
+
-+ If this option is enabled, two sysctl options with names
++ If the sysctl option is enabled, two sysctl options with names
+ "ip_blackhole" and "lastack_retries" will be created.
+ While "ip_blackhole" takes the standard zero/non-zero on/off
+ toggle, "lastack_retries" uses the same kinds of values as
@@ -43434,6 +43496,22 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig
+ be set to a non-zero value after all the options are set.
+ *THIS IS EXTREMELY IMPORTANT*
+
++config GRKERNSEC_SYSCTL_DISTRO
++ bool "Extra sysctl support for distro makers (READ HELP)"
++ depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO
++ help
++ If you say Y here, additional sysctl options will be created
++ for features that affect processes running as root. Therefore,
++ it is critical when using this option that the grsec_lock entry be
++ enabled after boot. Only distros with prebuilt kernel packages
++ with this option enabled that can ensure grsec_lock is enabled
++ after boot should use this option.
++ *Failure to set grsec_lock after boot makes all grsec features
++ this option covers useless*
++
++ Currently this option creates the following sysctl entries:
++ "Disable Privileged I/O": "disable_priv_io"
++
+config GRKERNSEC_SYSCTL_ON
+ bool "Turn on features by default"
+ depends on GRKERNSEC_SYSCTL
@@ -44679,8 +44757,8 @@ diff -urNp linux-2.6.32.15/include/linux/genhd.h linux-2.6.32.15/include/linux/g
struct blk_integrity *integrity;
diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/gracl.h
--- linux-2.6.32.15/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/gracl.h 2010-05-28 21:27:16.355225759 -0400
-@@ -0,0 +1,309 @@
++++ linux-2.6.32.15/include/linux/gracl.h 2010-06-19 21:06:17.097881201 -0400
+@@ -0,0 +1,310 @@
+#ifndef GR_ACL_H
+#define GR_ACL_H
+
@@ -44692,8 +44770,8 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g
+
+/* Major status information */
+
-+#define GR_VERSION "grsecurity 2.1.14"
-+#define GRSECURITY_VERSION 0x2114
++#define GR_VERSION "grsecurity 2.2.0"
++#define GRSECURITY_VERSION 0x2200
+
+enum {
+ GR_SHUTDOWN = 0,
@@ -44784,6 +44862,7 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g
+ __u32 mode;
+ kernel_cap_t cap_mask;
+ kernel_cap_t cap_lower;
++ kernel_cap_t cap_invert_audit;
+
+ struct rlimit res[GR_NLIMITS];
+ __u32 resmask;
@@ -45145,7 +45224,7 @@ diff -urNp linux-2.6.32.15/include/linux/grdefs.h linux-2.6.32.15/include/linux/
+#endif
diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/linux/grinternal.h
--- linux-2.6.32.15/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/grinternal.h 2010-05-28 21:27:16.355225759 -0400
++++ linux-2.6.32.15/include/linux/grinternal.h 2010-06-19 21:46:05.111766483 -0400
@@ -0,0 +1,215 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -45364,8 +45443,8 @@ diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/li
+#endif
diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/grmsg.h
--- linux-2.6.32.15/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/grmsg.h 2010-05-28 21:27:16.355225759 -0400
-@@ -0,0 +1,107 @@
++++ linux-2.6.32.15/include/linux/grmsg.h 2010-06-19 21:06:17.097881201 -0400
+@@ -0,0 +1,108 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -45461,6 +45540,7 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g
+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
+#define GR_CAP_ACL_MSG "use of %s denied for "
++#define GR_CAP_ACL_MSG2 "use of %s permitted for "
+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
+#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
@@ -45475,8 +45555,8 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g
+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/linux/grsecurity.h
--- linux-2.6.32.15/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/grsecurity.h 2010-05-28 21:27:16.355225759 -0400
-@@ -0,0 +1,199 @@
++++ linux-2.6.32.15/include/linux/grsecurity.h 2010-06-19 21:45:41.506145931 -0400
+@@ -0,0 +1,200 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -45673,6 +45753,7 @@ diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/li
+ struct vm_area_struct *vma);
+
+extern int grsec_enable_dmesg;
++extern int grsec_disable_privio;
+#endif
+
+#endif
@@ -47637,7 +47718,7 @@ diff -urNp linux-2.6.32.15/init/Kconfig linux-2.6.32.15/init/Kconfig
also breaks ancient binaries (including anything libc5 based).
diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c
--- linux-2.6.32.15/init/main.c 2010-04-04 20:41:50.060586306 -0400
-+++ linux-2.6.32.15/init/main.c 2010-05-28 21:27:16.427051097 -0400
++++ linux-2.6.32.15/init/main.c 2010-06-19 10:03:39.368801195 -0400
@@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void)
#ifdef CONFIG_TC
extern void tc_init(void);
@@ -47653,7 +47734,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+extern void pax_enter_kernel_user(void);
+extern void pax_exit_kernel_user(void);
-+extern pteval_t clone_pgd_mask;
++extern pgdval_t clone_pgd_mask;
+#endif
+
+#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -47675,7 +47756,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c
+ *p = 0xc3;
+ p = (char *)pax_exit_kernel_user;
+ *p = 0xc3;
-+ clone_pgd_mask = ~(pteval_t)0UL;
++ clone_pgd_mask = ~(pgdval_t)0UL;
+#endif
+
+ return 0;
@@ -50620,7 +50701,7 @@ diff -urNp linux-2.6.32.15/mm/madvise.c linux-2.6.32.15/mm/madvise.c
goto out;
diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
--- linux-2.6.32.15/mm/memory.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/mm/memory.c 2010-05-28 21:27:16.487251224 -0400
++++ linux-2.6.32.15/mm/memory.c 2010-06-19 10:03:50.012498759 -0400
@@ -48,6 +48,7 @@
#include <linux/ksm.h>
#include <linux/rmap.h>
@@ -50629,7 +50710,33 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
#include <linux/delayacct.h>
#include <linux/init.h>
#include <linux/writeback.h>
-@@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct
+@@ -187,8 +188,12 @@ static inline void free_pmd_range(struct
+ return;
+
+ pmd = pmd_offset(pud, start);
++
++#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_PER_CPU_PGD)
+ pud_clear(pud);
+ pmd_free_tlb(tlb, pmd, start);
++#endif
++
+ }
+
+ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -220,8 +225,12 @@ static inline void free_pud_range(struct
+ return;
+
+ pud = pud_offset(pgd, start);
++
++#if !defined(CONFIG_X86_64) || !defined(CONFIG_PAX_PER_CPU_PGD)
+ pgd_clear(pgd);
+ pud_free_tlb(tlb, pud, start);
++#endif
++
+ }
+
+ /*
+@@ -1251,10 +1260,10 @@ int __get_user_pages(struct task_struct
(VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
i = 0;
@@ -50642,7 +50749,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
if (!vma && in_gate_area(tsk, start)) {
unsigned long pg = start & PAGE_MASK;
struct vm_area_struct *gate_vma = get_gate_vma(tsk);
-@@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct
+@@ -1296,7 +1305,7 @@ int __get_user_pages(struct task_struct
continue;
}
@@ -50651,7 +50758,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct
+@@ -1371,7 +1380,7 @@ int __get_user_pages(struct task_struct
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
@@ -50660,7 +50767,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
return i;
}
-@@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct
+@@ -1967,6 +1976,186 @@ static inline void cow_user_page(struct
copy_user_highpage(dst, src, va, vma);
}
@@ -50847,7 +50954,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2146,6 +2327,12 @@ gotten:
+@@ -2146,6 +2335,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -50860,7 +50967,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter(mm, file_rss);
-@@ -2197,6 +2384,10 @@ gotten:
+@@ -2197,6 +2392,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -50871,7 +50978,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct
+@@ -2594,6 +2793,11 @@ static int do_swap_page(struct mm_struct
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -50883,7 +50990,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock_page(page);
if (flags & FAULT_FLAG_WRITE) {
-@@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct
+@@ -2605,6 +2809,11 @@ static int do_swap_page(struct mm_struct
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, pte);
@@ -50895,7 +51002,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s
+@@ -2628,7 +2837,7 @@ static int do_anonymous_page(struct mm_s
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -50904,7 +51011,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
spinlock_t *ptl;
pte_t entry;
-@@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s
+@@ -2663,6 +2872,11 @@ static int do_anonymous_page(struct mm_s
if (!pte_none(*page_table))
goto release;
@@ -50916,7 +51023,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
inc_mm_counter(mm, anon_rss);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -2670,6 +2876,12 @@ setpte:
+@@ -2670,6 +2884,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, entry);
@@ -50929,7 +51036,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct *
+@@ -2812,6 +3032,12 @@ static int __do_fault(struct mm_struct *
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -50942,7 +51049,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct *
+@@ -2831,6 +3057,14 @@ static int __do_fault(struct mm_struct *
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, entry);
@@ -50957,7 +51064,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
} else {
if (charged)
mem_cgroup_uncharge_page(page);
-@@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc
+@@ -2978,6 +3212,12 @@ static inline int handle_pte_fault(struc
if (flags & FAULT_FLAG_WRITE)
flush_tlb_page(vma, address);
}
@@ -50970,7 +51077,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm
+@@ -2994,6 +3234,10 @@ int handle_mm_fault(struct mm_struct *mm
pmd_t *pmd;
pte_t *pte;
@@ -50981,7 +51088,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm
+@@ -3001,6 +3245,34 @@ int handle_mm_fault(struct mm_struct *mm
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -51016,7 +51123,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void)
+@@ -3098,7 +3370,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -54054,36 +54161,72 @@ diff -urNp linux-2.6.32.15/net/ipv6/raw.c linux-2.6.32.15/net/ipv6/raw.c
{
diff -urNp linux-2.6.32.15/net/ipv6/tcp_ipv6.c linux-2.6.32.15/net/ipv6/tcp_ipv6.c
--- linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-05-28 21:27:16.624385427 -0400
-@@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk
- return 0;
++++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-06-26 14:14:12.642949877 -0400
+@@ -88,6 +88,10 @@ static struct tcp_md5sig_key *tcp_v6_md5
+ }
+ #endif
- reset:
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-+ if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
++extern int grsec_enable_blackhole;
+#endif
- tcp_v6_send_reset(sk, skb);
- discard:
- if (opt_skb)
-@@ -1700,6 +1703,9 @@ no_tcp_socket:
++
+ static void tcp_v6_hash(struct sock *sk)
+ {
+ if (sk->sk_state != TCP_CLOSE) {
+@@ -1655,12 +1659,20 @@ static int tcp_v6_rcv(struct sk_buff *sk
+ TCP_SKB_CB(skb)->sacked = 0;
+
+ sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
+- if (!sk)
++ if (!sk) {
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++ ret = 1;
++#endif
+ goto no_tcp_socket;
++ }
+
+ process:
+- if (sk->sk_state == TCP_TIME_WAIT)
++ if (sk->sk_state == TCP_TIME_WAIT) {
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++ ret = 2;
++#endif
+ goto do_time_wait;
++ }
+
+ if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
+ goto discard_and_relse;
+@@ -1700,6 +1712,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-+ if (skb->dev->flags & IFF_LOOPBACK)
++ if (!grsec_enable_blackhole || (ret == 1 &&
++ (skb->dev->flags & IFF_LOOPBACK)))
+#endif
tcp_v6_send_reset(NULL, skb);
}
diff -urNp linux-2.6.32.15/net/ipv6/udp.c linux-2.6.32.15/net/ipv6/udp.c
--- linux-2.6.32.15/net/ipv6/udp.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/net/ipv6/udp.c 2010-05-28 21:27:16.631258014 -0400
-@@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
++++ linux-2.6.32.15/net/ipv6/udp.c 2010-06-26 14:15:10.978789054 -0400
+@@ -49,6 +49,10 @@
+ #include <linux/seq_file.h>
+ #include "udp_impl.h"
+
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++extern int grsec_enable_blackhole;
++#endif
++
+ int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
+ {
+ const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
+@@ -587,6 +591,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
proto == IPPROTO_UDPLITE);
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-+ if (skb->dev->flags & IFF_LOOPBACK)
++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK))
+#endif
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
@@ -55299,7 +55442,7 @@ diff -urNp linux-2.6.32.15/security/Kconfig linux-2.6.32.15/security/Kconfig
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
-+ select PAX_PER_CPU_PGD if X86_64
++ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ help
+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
+ that is, enabling this option will make it harder to inject
diff --git a/main/lua-uuid/APKBUILD b/main/lua-uuid/APKBUILD
index 6e760893c..82f00bf3a 100644
--- a/main/lua-uuid/APKBUILD
+++ b/main/lua-uuid/APKBUILD
@@ -28,4 +28,4 @@ package() {
install -Dm755 uuid.so "$pkgdir"/usr/lib/lua/5.1/uuid.so
}
-md5sums="e5bd7c2cf563ac4192b793934f545f49 luuid.tar.gz"
+md5sums="75f2e8c808c0fb375d9ec5255fd5d4de luuid.tar.gz"
diff --git a/main/lvm2/APKBUILD b/main/lvm2/APKBUILD
index 4be2a3f9b..4316aadea 100644
--- a/main/lvm2/APKBUILD
+++ b/main/lvm2/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=lvm2
-pkgver=2.02.66
+pkgver=2.02.68
pkgrel=0
pkgdesc="Logical Volume Manager 2 utilities"
url="http://sourceware.org/lvm2/"
@@ -47,6 +47,6 @@ dm() {
mv "$pkgdir"/sbin/dm* "$subpkgdir"/sbin/
}
-md5sums="59766571610a4298f8bedf9f73839050 LVM2.2.02.66.tgz
+md5sums="20357ea7918c4e967e558de53ec74969 LVM2.2.02.68.tgz
6f65f902cf19f144a42b8d6aceadf395 lvm.initd
ec36d5fe4561220304e406c5c797e71f lvm.confd"
diff --git a/main/mlmmj/APKBUILD b/main/mlmmj/APKBUILD
index 1a8e30b50..fecf39625 100644
--- a/main/mlmmj/APKBUILD
+++ b/main/mlmmj/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mlmmj
-pkgver=1.2.16
-pkgrel=2
+pkgver=1.2.17
+pkgrel=0
pkgdesc="Mailing list managing made joyful"
url="http://mlmmj.org/"
license="MIT"
@@ -23,4 +23,4 @@ package() {
install -d "$pkgdir"/usr/share/mlmmj/texts
cp -r listtexts/* "$pkgdir"/usr/share/mlmmj/texts/
}
-md5sums="9ea7ba91ccb55b9edf3e5148537364e3 mlmmj-1.2.16.tar.bz2"
+md5sums="bff8050f14f2084d661421135be685ad mlmmj-1.2.17.tar.bz2"
diff --git a/main/mpfr3/APKBUILD b/main/mpfr3/APKBUILD
index 54e07b283..31d912402 100644
--- a/main/mpfr3/APKBUILD
+++ b/main/mpfr3/APKBUILD
@@ -1,12 +1,12 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mpfr3
pkgver=3.0.0
-pkgrel=0
+pkgrel=1
pkgdesc="multiple-precision floating-point library"
url="http://www.mpfr.org/"
license="GPL LGPL"
depends=
-makedepends="gmp5-dev texinfo"
+makedepends="gmp-dev texinfo"
source="http://www.mpfr.org/mpfr-current/mpfr-$pkgver.tar.bz2"
subpackages="$pkgname-doc mpfr-dev:dev"
diff --git a/testing/opentracker/APKBUILD b/main/opentracker/APKBUILD
index 642b0d0b5..681d55263 100644
--- a/testing/opentracker/APKBUILD
+++ b/main/opentracker/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=opentracker
pkgver=0_cvs20100625
-pkgrel=0
+pkgrel=1
pkgdesc="an open and free bittorrent tracker"
url="http://erdgeist.org/arts/software/opentracker/"
license="GPL"
diff --git a/testing/opentracker/opentracker.initd b/main/opentracker/opentracker.initd
index 33d281778..33d281778 100644
--- a/testing/opentracker/opentracker.initd
+++ b/main/opentracker/opentracker.initd
diff --git a/main/opentracker/opentracker.pre-install b/main/opentracker/opentracker.pre-install
new file mode 100644
index 000000000..c6fc95ed1
--- /dev/null
+++ b/main/opentracker/opentracker.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -D -S -H -h /var/empty -s /sbin/false opentracker 2>/dev/null
+exit 0
+
diff --git a/main/pax-utils/APKBUILD b/main/pax-utils/APKBUILD
index b01ea58cd..4a7069bc0 100644
--- a/main/pax-utils/APKBUILD
+++ b/main/pax-utils/APKBUILD
@@ -17,4 +17,4 @@ build() {
make DESTDIR="$pkgdir/" install
}
-md5sums="a2097463fd5a34dd707b2d72d84aea89 pax-utils-0.2.tar.bz2"
+md5sums="15a6f2ddadedac0ab6cd4b0683b767b9 pax-utils-0.2.tar.bz2"
diff --git a/main/php/APKBUILD b/main/php/APKBUILD
index 7c044c8c2..707829484 100644
--- a/main/php/APKBUILD
+++ b/main/php/APKBUILD
@@ -3,7 +3,7 @@
pkgname=php
pkgver=5.3.2
_suhosinver=${pkgver}-0.9.9.1
-pkgrel=6
+pkgrel=7
pkgdesc="The PHP language runtime engine"
url="http://www.php.net/"
license="PHP-3"
@@ -12,7 +12,7 @@ install="$pkgname.post-upgrade"
makedepends="pcre-dev libxml2-dev libiconv-dev openssl-dev zlib-dev bzip2-dev
curl-dev libpng-dev jpeg-dev freetype-dev libmcrypt-dev mysql-dev
sqlite-dev libtool libltdl postgresql-dev db-dev unixodbc-dev icu-dev
- gd-dev gmp5-dev gettext-dev imap-dev aspell-dev
+ gd-dev gmp-dev gettext-dev imap-dev aspell-dev
net-snmp-dev libxslt-dev cyrus-sasl-dev openldap-dev pkgconfig
libgcrypt-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear
diff --git a/main/syslinux/APKBUILD b/main/syslinux/APKBUILD
index d4d8ca000..bc55a97ec 100644
--- a/main/syslinux/APKBUILD
+++ b/main/syslinux/APKBUILD
@@ -1,21 +1,19 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=syslinux
-pkgver=3.86
-pkgrel=1
+pkgver=4.00
+pkgrel=0
pkgdesc="a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem."
url="http://syslinux.org"
license="GPL"
makedepends="nasm perl"
depends="mtools"
-source="http://www.kernel.org/pub/linux/utils/boot/syslinux/3.xx/$pkgname-$pkgver.tar.bz2
- $pkgname-3.86-nopie.patch
+source="http://www.kernel.org/pub/linux/utils/boot/syslinux/${pkgver%%.*}.xx/$pkgname-$pkgver.tar.bz2
"
subpackages="$pkgname-doc"
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
- patch -p1 < ../$pkgname-3.86-nopie.patch || return 1
}
build() {
@@ -29,5 +27,4 @@ package() {
make INSTALLROOT="$pkgdir" MANDIR=/usr/share/man local-install
}
-md5sums="d6fb0231e82190b4932b2aa20274911a syslinux-3.86.tar.bz2
-5852d62ba0772cf967156a75451e6066 syslinux-3.86-nopie.patch"
+md5sums="5a475dc9a37ecf7b0beec93eca474f5c syslinux-4.00.tar.bz2"
diff --git a/main/uiconv/APKBUILD b/main/uiconv/APKBUILD
index ec563413d..1e4aac3b4 100644
--- a/main/uiconv/APKBUILD
+++ b/main/uiconv/APKBUILD
@@ -14,4 +14,4 @@ build() {
make DESTDIR="$pkgdir" PREFIX=/usr/uiconv install
}
-md5sums="de2ce8da53f32bdec578e1f0270fa15d uiconv-0.3.tar.bz2"
+md5sums="5cd7f80085324d08cb976fec674cd98d uiconv-0.3.tar.bz2"
diff --git a/rebuild-alpine.sh b/rebuild-alpine.sh
index a163e8a70..5f975dd15 100755
--- a/rebuild-alpine.sh
+++ b/rebuild-alpine.sh
@@ -1,9 +1,11 @@
-rootdir=$(pwd)
+rootdir=$(pwd -P)
distclean () {
+ echo "Removing traces of previous builds from $rootdir"
local allpkgs=$(find $rootdir -maxdepth 3 -name APKBUILD -print | sed -e 's/\/APKBUILD//g' | sort)
for p in $allpkgs ; do
cd $p
+ pwd
abuild clean 2>&1
abuild cleanoldpkg 2>&1
abuild cleanpkg 2>&1
@@ -16,7 +18,7 @@ build () {
local maintainer
local pkgno
local failed
- pkgs=$(./aport.lua deplist $rootdir $1)
+ pkgs=$($rootdir/aport.lua deplist $rootdir $1)
pktcnt=$(echo $pkgs | wc -w)
pkgno=0
failed=0
@@ -42,14 +44,19 @@ build () {
touch START_OF_BUILD.txt
-if [ "$1" != "noclean" ] ; then
- echo "Removing traces of previous builds"
+if [ "$1" = "clean" ] ; then
+ echo "Invoked with 'clean' option. This will take a while ..."
tmp=$(distclean)
+ echo "Done"
fi
echo "Refresh aports tree"
git pull
+#cd main/build-base
+#abuild -Ru
+#cd $rootdir
+
for s in main testing unstable ; do
echo "Building packages in $s"
build $s
diff --git a/testing/opentracker/opentracker.pre-install b/testing/opentracker/opentracker.pre-install
deleted file mode 100644
index 942fcd670..000000000
--- a/testing/opentracker/opentracker.pre-install
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-adduser -D -S -h /var/empty -s /sbin/false opentracker 2>/dev/null
-exit 0
-
diff --git a/testing/py-crypto/APKBUILD b/testing/py-crypto/APKBUILD
index 75f31dd65..a1beecb8f 100644
--- a/testing/py-crypto/APKBUILD
+++ b/testing/py-crypto/APKBUILD
@@ -1,12 +1,12 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=py-crypto
pkgver=2.0.1
-pkgrel=2
+pkgrel=3
pkgdesc="A collection of cryptographic algorithms and protocols, implemented for use from Python."
url="http://www.amk.ca/python/code/crypto.html"
license="GPL"
depends="python"
-makedepends="gmp5-dev python-dev"
+makedepends="gmp-dev python-dev"
source="http://www.amk.ca/files/python/crypto/pycrypto-$pkgver.tar.gz"
_builddir="$srcdir"/pycrypto-$pkgver