diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 8 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.0.14-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch) | 96 |
2 files changed, 52 insertions, 52 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 3bb5a31c0..e16e6af24 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,9 +2,9 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.0.13 +pkgver=3.0.14 _kernver=3.0 -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -143,8 +143,8 @@ dev() { } md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 -bf47382f0c923b8dc2b5e8e456c59cc9 patch-3.0.13.bz2 -d5c9b286a5a947fa25ccd386e5cd2387 grsecurity-2.2.2-3.0.13-unofficial.patch +f2745bd4dcb3267414713adff403b54c patch-3.0.14.bz2 +3c0fcf923a27a963ae86a3e694cb6bbd grsecurity-2.2.2-3.0.14-unofficial.patch c41cf0ee9794f393423c6b2093072260 grsec-timblogiw-noconst.patch ebb99ef6ad8cd2d9fd8f49d5c5849057 0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.14-unofficial.patch index a63a19122..c4c0b6ef4 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.0.14-unofficial.patch @@ -158,7 +158,7 @@ index aa47be7..1fbd18f 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 5ccc962..f6e640e 100644 +index f4f577b..9e9b120 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -21096,10 +21096,10 @@ index 2dbf6bf..4a744ee 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index ea30585..b5e1508 100644 +index dd74e46..7d26398 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c -@@ -253,7 +253,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, +@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, addr = start; len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; @@ -30610,7 +30610,7 @@ index 17cb6ab..f448b35 100644 r10_bio->devs[sl].addr + sect, diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index cbb50d3..6e20094 100644 +index 1f6c68d..c384765 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -550,7 +550,7 @@ static void ops_run_io(struct stripe_head *sh, struct stripe_head_state *s) @@ -36394,7 +36394,7 @@ index 179063d..7baed53 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 4b9b716..ec411b3 100644 +index 1340ffd..610981a 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1681,7 +1681,7 @@ struct se_device *transport_add_device_to_core_hba( @@ -36436,7 +36436,7 @@ index 4b9b716..ec411b3 100644 T_TASK(cmd)->t_task_cdbs) atomic_set(&cmd->transport_sent, 1); -@@ -5568,7 +5568,7 @@ static void transport_generic_wait_for_tasks( +@@ -5573,7 +5573,7 @@ static void transport_generic_wait_for_tasks( atomic_set(&T_TASK(cmd)->transport_lun_stop, 0); } if (!atomic_read(&T_TASK(cmd)->t_transport_active) || @@ -36445,7 +36445,7 @@ index 4b9b716..ec411b3 100644 goto remove; atomic_set(&T_TASK(cmd)->t_transport_stop, 1); -@@ -5797,7 +5797,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -5802,7 +5802,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -36454,7 +36454,7 @@ index 4b9b716..ec411b3 100644 if (!(send_status) || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -5825,7 +5825,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -5830,7 +5830,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (CMD_TFO(cmd)->write_pending_status(cmd) != 0) { @@ -36463,7 +36463,7 @@ index 4b9b716..ec411b3 100644 smp_mb__after_atomic_inc(); cmd->scsi_status = SAM_STAT_TASK_ABORTED; transport_new_cmd_failure(cmd); -@@ -5949,7 +5949,7 @@ static void transport_processing_shutdown(struct se_device *dev) +@@ -5954,7 +5954,7 @@ static void transport_processing_shutdown(struct se_device *dev) CMD_TFO(cmd)->get_task_tag(cmd), T_TASK(cmd)->t_task_cdbs, atomic_read(&T_TASK(cmd)->t_task_cdbs_left), @@ -42335,10 +42335,10 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index fbdcbca..ab87fb6 100644 +index d2f8feb..f2a208a 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3089,7 +3089,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3106,7 +3106,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -44974,7 +44974,7 @@ index b6cca47..ec782c3 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 5cb8614..6865b11 100644 +index 2aaf3ea..8e50863 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, @@ -45847,10 +45847,10 @@ index f7593c0..581e14f 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 537dd96..672cd58 100644 +index edc1c4a..b208120 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1329,6 +1329,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -45860,7 +45860,7 @@ index 537dd96..672cd58 100644 return retval; } -@@ -1348,6 +1351,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags) br_write_unlock(vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -45870,7 +45870,7 @@ index 537dd96..672cd58 100644 return retval; } -@@ -2339,6 +2345,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -45887,7 +45887,7 @@ index 537dd96..672cd58 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2353,6 +2369,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -45897,7 +45897,7 @@ index 537dd96..672cd58 100644 return retval; } -@@ -2576,6 +2595,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2573,6 +2592,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -47335,7 +47335,7 @@ index d245cb2..7e645bd 100644 return -EPERM; if (kcore_need_update) diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index ed257d1..dda1954 100644 +index a962827..2963d5b 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c @@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_file *m, void *v) @@ -47347,7 +47347,7 @@ index ed257d1..dda1954 100644 /* * display in kilobytes. */ -@@ -157,7 +159,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) +@@ -158,7 +160,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -47958,7 +47958,7 @@ index d33418f..f8e06bc 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 05d6b0e..ee96362 100644 +index dba43c3..a99fb63 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -76,7 +76,8 @@ static int traverse(struct seq_file *m, loff_t offset) @@ -48428,7 +48428,7 @@ index f5b697b..a8de28d 100644 if (!IS_ERR(s)) kfree(s); diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index e546a33..08583b8 100644 +index a175933..36cd8dd 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c @@ -253,7 +253,7 @@ xfs_bmap_validate_ret( @@ -59352,7 +59352,7 @@ index 5e6f427..953d4f8 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index b5b9792..caf64ce 100644 +index 7b17db7..f586116 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -109,6 +109,11 @@ struct inodes_stat_t { @@ -67851,7 +67851,7 @@ index 4e4932a..be244da 100644 (table->proc_handler == proc_dointvec_minmax) || (table->proc_handler == proc_dointvec_jiffies) || diff --git a/kernel/taskstats.c b/kernel/taskstats.c -index fc0f220..c3b11a1 100644 +index 8d597b1..6eab856 100644 --- a/kernel/taskstats.c +++ b/kernel/taskstats.c @@ -27,9 +27,12 @@ @@ -67894,7 +67894,7 @@ index d776062..fa8d186 100644 sys_tz = *tz; update_vsyscall_tz(); diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index ea5e1a9..8b8df07 100644 +index 8b70c76..923e9f5 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c @@ -693,7 +693,7 @@ static int __init alarmtimer_init(void) @@ -68739,10 +68739,10 @@ index cc5acf9..fd56cc0 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 2b57cd9..8c89c5e 100644 +index 80936a1..c060d53 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2339,6 +2339,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2340,6 +2340,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -68770,7 +68770,7 @@ index 2b57cd9..8c89c5e 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. */ -@@ -2442,6 +2463,11 @@ retry_avoidcopy: +@@ -2443,6 +2464,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -68782,7 +68782,7 @@ index 2b57cd9..8c89c5e 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2593,6 +2619,10 @@ retry: +@@ -2594,6 +2620,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -68793,7 +68793,7 @@ index 2b57cd9..8c89c5e 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2622,6 +2652,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2623,6 +2653,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -68804,7 +68804,7 @@ index 2b57cd9..8c89c5e 100644 ptep = huge_pte_offset(mm, address); if (ptep) { entry = huge_ptep_get(ptep); -@@ -2633,6 +2667,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2634,6 +2668,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -71474,7 +71474,7 @@ index 9edc897..955be3d 100644 new->vm_region = region; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 0f50cdb..df4b678 100644 +index 8439d2a..b5e8c8c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -340,7 +340,7 @@ out: @@ -71545,11 +71545,11 @@ index 0f50cdb..df4b678 100644 } return 0; diff --git a/mm/percpu.c b/mm/percpu.c -index bf80e55..c7c3f9a 100644 +index 93b5a7c..28d642c 100644 --- a/mm/percpu.c +++ b/mm/percpu.c -@@ -121,7 +121,7 @@ static unsigned int pcpu_first_unit_cpu __read_mostly; - static unsigned int pcpu_last_unit_cpu __read_mostly; +@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; + static unsigned int pcpu_high_unit_cpu __read_mostly; /* the address of the first chunk which starts with the kernel static area */ -void *pcpu_base_addr __read_mostly; @@ -72567,7 +72567,7 @@ index 88ea1bd..0f1dfdb 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 65d5fd2..4f14696 100644 +index 43b44db..5361145 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -72716,7 +72716,7 @@ index 65d5fd2..4f14696 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); -@@ -1686,6 +1748,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1688,6 +1750,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, gfp_mask, prot, node, caller); } @@ -72724,7 +72724,7 @@ index 65d5fd2..4f14696 100644 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) { return __vmalloc_node(size, 1, gfp_mask, prot, -1, -@@ -1709,6 +1772,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, +@@ -1711,6 +1774,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -72732,7 +72732,7 @@ index 65d5fd2..4f14696 100644 void *vmalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); -@@ -1725,6 +1789,7 @@ EXPORT_SYMBOL(vmalloc); +@@ -1727,6 +1791,7 @@ EXPORT_SYMBOL(vmalloc); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -72740,7 +72740,7 @@ index 65d5fd2..4f14696 100644 void *vzalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, -@@ -1739,6 +1804,7 @@ EXPORT_SYMBOL(vzalloc); +@@ -1741,6 +1806,7 @@ EXPORT_SYMBOL(vzalloc); * The resulting memory area is zeroed so it can be mapped to userspace * without leaking data. */ @@ -72748,7 +72748,7 @@ index 65d5fd2..4f14696 100644 void *vmalloc_user(unsigned long size) { struct vm_struct *area; -@@ -1766,6 +1832,7 @@ EXPORT_SYMBOL(vmalloc_user); +@@ -1768,6 +1834,7 @@ EXPORT_SYMBOL(vmalloc_user); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -72756,7 +72756,7 @@ index 65d5fd2..4f14696 100644 void *vmalloc_node(unsigned long size, int node) { return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1785,6 +1852,7 @@ EXPORT_SYMBOL(vmalloc_node); +@@ -1787,6 +1854,7 @@ EXPORT_SYMBOL(vmalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc_node() instead. */ @@ -72764,7 +72764,7 @@ index 65d5fd2..4f14696 100644 void *vzalloc_node(unsigned long size, int node) { return __vmalloc_node_flags(size, node, -@@ -1807,10 +1875,10 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1809,10 +1877,10 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -72777,7 +72777,7 @@ index 65d5fd2..4f14696 100644 -1, __builtin_return_address(0)); } -@@ -1829,6 +1897,7 @@ void *vmalloc_exec(unsigned long size) +@@ -1831,6 +1899,7 @@ void *vmalloc_exec(unsigned long size) * Allocate enough 32bit PA addressable pages to cover @size from the * page level allocator and map them into contiguous kernel virtual space. */ @@ -72785,7 +72785,7 @@ index 65d5fd2..4f14696 100644 void *vmalloc_32(unsigned long size) { return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, -@@ -1843,6 +1912,7 @@ EXPORT_SYMBOL(vmalloc_32); +@@ -1845,6 +1914,7 @@ EXPORT_SYMBOL(vmalloc_32); * The resulting memory area is 32bit addressable and zeroed so it can be * mapped to userspace without leaking data. */ @@ -72793,7 +72793,7 @@ index 65d5fd2..4f14696 100644 void *vmalloc_32_user(unsigned long size) { struct vm_struct *area; -@@ -2105,6 +2175,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2107,6 +2177,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -78680,7 +78680,7 @@ index c94c051..be0abd1 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c -index 59abd84..74a3744 100644 +index 493ae7c..c0f5892 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -1021,7 +1021,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream) @@ -78692,7 +78692,7 @@ index 59abd84..74a3744 100644 .open = soc_pcm_open, .close = soc_codec_close, .hw_params = soc_pcm_hw_params, -@@ -2128,6 +2128,7 @@ static int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num) +@@ -2129,6 +2129,7 @@ static int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num) rtd->pcm = pcm; pcm->private_data = rtd; if (platform->driver->ops) { |