summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD8
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-3.0.14-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch)96
2 files changed, 52 insertions, 52 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 3bb5a31c0..e16e6af24 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,9 +2,9 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.0.13
+pkgver=3.0.14
_kernver=3.0
-pkgrel=1
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -143,8 +143,8 @@ dev() {
}
md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2
-bf47382f0c923b8dc2b5e8e456c59cc9 patch-3.0.13.bz2
-d5c9b286a5a947fa25ccd386e5cd2387 grsecurity-2.2.2-3.0.13-unofficial.patch
+f2745bd4dcb3267414713adff403b54c patch-3.0.14.bz2
+3c0fcf923a27a963ae86a3e694cb6bbd grsecurity-2.2.2-3.0.14-unofficial.patch
c41cf0ee9794f393423c6b2093072260 grsec-timblogiw-noconst.patch
ebb99ef6ad8cd2d9fd8f49d5c5849057 0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.14-unofficial.patch
index a63a19122..c4c0b6ef4 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.0.14-unofficial.patch
@@ -158,7 +158,7 @@ index aa47be7..1fbd18f 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 5ccc962..f6e640e 100644
+index f4f577b..9e9b120 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -21096,10 +21096,10 @@ index 2dbf6bf..4a744ee 100644
+ return ret ? -EFAULT : 0;
+}
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index ea30585..b5e1508 100644
+index dd74e46..7d26398 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
-@@ -253,7 +253,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
addr = start;
len = (unsigned long) nr_pages << PAGE_SHIFT;
end = start + len;
@@ -30610,7 +30610,7 @@ index 17cb6ab..f448b35 100644
r10_bio->devs[sl].addr +
sect,
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index cbb50d3..6e20094 100644
+index 1f6c68d..c384765 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -550,7 +550,7 @@ static void ops_run_io(struct stripe_head *sh, struct stripe_head_state *s)
@@ -36394,7 +36394,7 @@ index 179063d..7baed53 100644
core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 4b9b716..ec411b3 100644
+index 1340ffd..610981a 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1681,7 +1681,7 @@ struct se_device *transport_add_device_to_core_hba(
@@ -36436,7 +36436,7 @@ index 4b9b716..ec411b3 100644
T_TASK(cmd)->t_task_cdbs)
atomic_set(&cmd->transport_sent, 1);
-@@ -5568,7 +5568,7 @@ static void transport_generic_wait_for_tasks(
+@@ -5573,7 +5573,7 @@ static void transport_generic_wait_for_tasks(
atomic_set(&T_TASK(cmd)->transport_lun_stop, 0);
}
if (!atomic_read(&T_TASK(cmd)->t_transport_active) ||
@@ -36445,7 +36445,7 @@ index 4b9b716..ec411b3 100644
goto remove;
atomic_set(&T_TASK(cmd)->t_transport_stop, 1);
-@@ -5797,7 +5797,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
+@@ -5802,7 +5802,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
{
int ret = 0;
@@ -36454,7 +36454,7 @@ index 4b9b716..ec411b3 100644
if (!(send_status) ||
(cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS))
return 1;
-@@ -5825,7 +5825,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
+@@ -5830,7 +5830,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
*/
if (cmd->data_direction == DMA_TO_DEVICE) {
if (CMD_TFO(cmd)->write_pending_status(cmd) != 0) {
@@ -36463,7 +36463,7 @@ index 4b9b716..ec411b3 100644
smp_mb__after_atomic_inc();
cmd->scsi_status = SAM_STAT_TASK_ABORTED;
transport_new_cmd_failure(cmd);
-@@ -5949,7 +5949,7 @@ static void transport_processing_shutdown(struct se_device *dev)
+@@ -5954,7 +5954,7 @@ static void transport_processing_shutdown(struct se_device *dev)
CMD_TFO(cmd)->get_task_tag(cmd),
T_TASK(cmd)->t_task_cdbs,
atomic_read(&T_TASK(cmd)->t_task_cdbs_left),
@@ -42335,10 +42335,10 @@ index 9a37a9b..35792b6 100644
/*
* We'll have a dentry and an inode for
diff --git a/fs/dcache.c b/fs/dcache.c
-index fbdcbca..ab87fb6 100644
+index d2f8feb..f2a208a 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -3089,7 +3089,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3106,7 +3106,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -44974,7 +44974,7 @@ index b6cca47..ec782c3 100644
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
-index 5cb8614..6865b11 100644
+index 2aaf3ea..8e50863 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
@@ -45847,10 +45847,10 @@ index f7593c0..581e14f 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index 537dd96..672cd58 100644
+index edc1c4a..b208120 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1329,6 +1329,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
+@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
@@ -45860,7 +45860,7 @@ index 537dd96..672cd58 100644
return retval;
}
-@@ -1348,6 +1351,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
+@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
br_write_unlock(vfsmount_lock);
up_write(&namespace_sem);
release_mounts(&umount_list);
@@ -45870,7 +45870,7 @@ index 537dd96..672cd58 100644
return retval;
}
-@@ -2339,6 +2345,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
+@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -45887,7 +45887,7 @@ index 537dd96..672cd58 100644
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2353,6 +2369,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
+@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
dev_name, data_page);
dput_out:
path_put(&path);
@@ -45897,7 +45897,7 @@ index 537dd96..672cd58 100644
return retval;
}
-@@ -2576,6 +2595,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2573,6 +2592,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -47335,7 +47335,7 @@ index d245cb2..7e645bd 100644
return -EPERM;
if (kcore_need_update)
diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
-index ed257d1..dda1954 100644
+index a962827..2963d5b 100644
--- a/fs/proc/meminfo.c
+++ b/fs/proc/meminfo.c
@@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
@@ -47347,7 +47347,7 @@ index ed257d1..dda1954 100644
/*
* display in kilobytes.
*/
-@@ -157,7 +159,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
+@@ -158,7 +160,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
vmi.used >> 10,
vmi.largest_chunk >> 10
#ifdef CONFIG_MEMORY_FAILURE
@@ -47958,7 +47958,7 @@ index d33418f..f8e06bc 100644
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index 05d6b0e..ee96362 100644
+index dba43c3..a99fb63 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -76,7 +76,8 @@ static int traverse(struct seq_file *m, loff_t offset)
@@ -48428,7 +48428,7 @@ index f5b697b..a8de28d 100644
if (!IS_ERR(s))
kfree(s);
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
-index e546a33..08583b8 100644
+index a175933..36cd8dd 100644
--- a/fs/xfs/xfs_bmap.c
+++ b/fs/xfs/xfs_bmap.c
@@ -253,7 +253,7 @@ xfs_bmap_validate_ret(
@@ -59352,7 +59352,7 @@ index 5e6f427..953d4f8 100644
};
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index b5b9792..caf64ce 100644
+index 7b17db7..f586116 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -109,6 +109,11 @@ struct inodes_stat_t {
@@ -67851,7 +67851,7 @@ index 4e4932a..be244da 100644
(table->proc_handler == proc_dointvec_minmax) ||
(table->proc_handler == proc_dointvec_jiffies) ||
diff --git a/kernel/taskstats.c b/kernel/taskstats.c
-index fc0f220..c3b11a1 100644
+index 8d597b1..6eab856 100644
--- a/kernel/taskstats.c
+++ b/kernel/taskstats.c
@@ -27,9 +27,12 @@
@@ -67894,7 +67894,7 @@ index d776062..fa8d186 100644
sys_tz = *tz;
update_vsyscall_tz();
diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
-index ea5e1a9..8b8df07 100644
+index 8b70c76..923e9f5 100644
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
@@ -693,7 +693,7 @@ static int __init alarmtimer_init(void)
@@ -68739,10 +68739,10 @@ index cc5acf9..fd56cc0 100644
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 2b57cd9..8c89c5e 100644
+index 80936a1..c060d53 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2339,6 +2339,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2340,6 +2340,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -68770,7 +68770,7 @@ index 2b57cd9..8c89c5e 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
*/
-@@ -2442,6 +2463,11 @@ retry_avoidcopy:
+@@ -2443,6 +2464,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -68782,7 +68782,7 @@ index 2b57cd9..8c89c5e 100644
/* Make the old page be freed below */
new_page = old_page;
mmu_notifier_invalidate_range_end(mm,
-@@ -2593,6 +2619,10 @@ retry:
+@@ -2594,6 +2620,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -68793,7 +68793,7 @@ index 2b57cd9..8c89c5e 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2622,6 +2652,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2623,6 +2653,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -68804,7 +68804,7 @@ index 2b57cd9..8c89c5e 100644
ptep = huge_pte_offset(mm, address);
if (ptep) {
entry = huge_ptep_get(ptep);
-@@ -2633,6 +2667,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2634,6 +2668,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(h - hstates);
}
@@ -71474,7 +71474,7 @@ index 9edc897..955be3d 100644
new->vm_region = region;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 0f50cdb..df4b678 100644
+index 8439d2a..b5e8c8c 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -340,7 +340,7 @@ out:
@@ -71545,11 +71545,11 @@ index 0f50cdb..df4b678 100644
}
return 0;
diff --git a/mm/percpu.c b/mm/percpu.c
-index bf80e55..c7c3f9a 100644
+index 93b5a7c..28d642c 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
-@@ -121,7 +121,7 @@ static unsigned int pcpu_first_unit_cpu __read_mostly;
- static unsigned int pcpu_last_unit_cpu __read_mostly;
+@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
+ static unsigned int pcpu_high_unit_cpu __read_mostly;
/* the address of the first chunk which starts with the kernel static area */
-void *pcpu_base_addr __read_mostly;
@@ -72567,7 +72567,7 @@ index 88ea1bd..0f1dfdb 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 65d5fd2..4f14696 100644
+index 43b44db..5361145 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -72716,7 +72716,7 @@ index 65d5fd2..4f14696 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
-@@ -1686,6 +1748,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
+@@ -1688,6 +1750,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
gfp_mask, prot, node, caller);
}
@@ -72724,7 +72724,7 @@ index 65d5fd2..4f14696 100644
void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
{
return __vmalloc_node(size, 1, gfp_mask, prot, -1,
-@@ -1709,6 +1772,7 @@ static inline void *__vmalloc_node_flags(unsigned long size,
+@@ -1711,6 +1774,7 @@ static inline void *__vmalloc_node_flags(unsigned long size,
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -72732,7 +72732,7 @@ index 65d5fd2..4f14696 100644
void *vmalloc(unsigned long size)
{
return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM);
-@@ -1725,6 +1789,7 @@ EXPORT_SYMBOL(vmalloc);
+@@ -1727,6 +1791,7 @@ EXPORT_SYMBOL(vmalloc);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -72740,7 +72740,7 @@ index 65d5fd2..4f14696 100644
void *vzalloc(unsigned long size)
{
return __vmalloc_node_flags(size, -1,
-@@ -1739,6 +1804,7 @@ EXPORT_SYMBOL(vzalloc);
+@@ -1741,6 +1806,7 @@ EXPORT_SYMBOL(vzalloc);
* The resulting memory area is zeroed so it can be mapped to userspace
* without leaking data.
*/
@@ -72748,7 +72748,7 @@ index 65d5fd2..4f14696 100644
void *vmalloc_user(unsigned long size)
{
struct vm_struct *area;
-@@ -1766,6 +1832,7 @@ EXPORT_SYMBOL(vmalloc_user);
+@@ -1768,6 +1834,7 @@ EXPORT_SYMBOL(vmalloc_user);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -72756,7 +72756,7 @@ index 65d5fd2..4f14696 100644
void *vmalloc_node(unsigned long size, int node)
{
return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
-@@ -1785,6 +1852,7 @@ EXPORT_SYMBOL(vmalloc_node);
+@@ -1787,6 +1854,7 @@ EXPORT_SYMBOL(vmalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc_node() instead.
*/
@@ -72764,7 +72764,7 @@ index 65d5fd2..4f14696 100644
void *vzalloc_node(unsigned long size, int node)
{
return __vmalloc_node_flags(size, node,
-@@ -1807,10 +1875,10 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1809,10 +1877,10 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -72777,7 +72777,7 @@ index 65d5fd2..4f14696 100644
-1, __builtin_return_address(0));
}
-@@ -1829,6 +1897,7 @@ void *vmalloc_exec(unsigned long size)
+@@ -1831,6 +1899,7 @@ void *vmalloc_exec(unsigned long size)
* Allocate enough 32bit PA addressable pages to cover @size from the
* page level allocator and map them into contiguous kernel virtual space.
*/
@@ -72785,7 +72785,7 @@ index 65d5fd2..4f14696 100644
void *vmalloc_32(unsigned long size)
{
return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
-@@ -1843,6 +1912,7 @@ EXPORT_SYMBOL(vmalloc_32);
+@@ -1845,6 +1914,7 @@ EXPORT_SYMBOL(vmalloc_32);
* The resulting memory area is 32bit addressable and zeroed so it can be
* mapped to userspace without leaking data.
*/
@@ -72793,7 +72793,7 @@ index 65d5fd2..4f14696 100644
void *vmalloc_32_user(unsigned long size)
{
struct vm_struct *area;
-@@ -2105,6 +2175,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2107,6 +2177,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -78680,7 +78680,7 @@ index c94c051..be0abd1 100644
chip->pci = pci;
chip->irq = -1;
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
-index 59abd84..74a3744 100644
+index 493ae7c..c0f5892 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -1021,7 +1021,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream)
@@ -78692,7 +78692,7 @@ index 59abd84..74a3744 100644
.open = soc_pcm_open,
.close = soc_codec_close,
.hw_params = soc_pcm_hw_params,
-@@ -2128,6 +2128,7 @@ static int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
+@@ -2129,6 +2129,7 @@ static int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
rtd->pcm = pcm;
pcm->private_data = rtd;
if (platform->driver->ops) {