summaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD8
-rw-r--r--main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908281917.patch)54
-rw-r--r--main/linux-grsec/kernelconfig17
3 files changed, 52 insertions, 27 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 9543b3465..f40d03b43 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.5
_kernver=2.6.30
-pkgrel=1
+pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
@@ -13,7 +13,7 @@ _config=${config:-kernelconfig}
install="$pkgname.post-install $pkgname.post-upgrade"
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.1.14-2.6.30.5-200908281917.patch
+ grsecurity-2.1.14-2.6.30.5-200908311711.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
@@ -112,6 +112,6 @@ dev() {
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
47841c7ff5c81a7b349a79f2fa8e9138 patch-2.6.30.5.bz2
-dee5a6292fb12018eb3bd3d014f89407 grsecurity-2.1.14-2.6.30.5-200908281917.patch
+105d22bfc672508d6ed94a4f823a3e24 grsecurity-2.1.14-2.6.30.5-200908311711.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
-ede34b2613f54cf1eae8f37a61d0e085 kernelconfig"
+35d29ea012d4b009ce2bd37b7540903e kernelconfig"
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908281917.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch
index cc232fbe5..a5179ccbb 100644
--- a/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908281917.patch
+++ b/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch
@@ -38765,7 +38765,7 @@ diff -urNp linux-2.6.30.5/kernel/lockdep_proc.c linux-2.6.30.5/kernel/lockdep_pr
.stop = ls_stop,
diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
--- linux-2.6.30.5/kernel/module.c 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.5/kernel/module.c 2009-08-04 17:52:34.401055170 -0400
++++ linux-2.6.30.5/kernel/module.c 2009-08-31 17:10:48.583705296 -0400
@@ -46,6 +46,11 @@
#include <linux/rculist.h>
#include <asm/uaccess.h>
@@ -39045,26 +39045,26 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
- mod->module_core = ptr;
+ memset(ptr, 0, mod->core_size_rw);
+ mod->module_core_rw = ptr;
-+
-+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
-+ if (!ptr && mod->init_size_rw) {
-+ err = -ENOMEM;
-+ goto free_core_rw;
-+ }
-+ memset(ptr, 0, mod->init_size_rw);
-+ mod->module_init_rw = ptr;
- ptr = module_alloc_update_bounds(mod->init_size);
- if (!ptr && mod->init_size) {
-+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
-+ if (!ptr) {
++ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
++ if (!ptr && mod->init_size_rw) {
err = -ENOMEM;
- goto free_core;
-+ goto free_init_rw;
++ goto free_core_rw;
}
- memset(ptr, 0, mod->init_size);
- mod->module_init = ptr;
++ memset(ptr, 0, mod->init_size_rw);
++ mod->module_init_rw = ptr;
++ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
++ if (!ptr) {
++ err = -ENOMEM;
++ goto free_init_rw;
++ }
++
+#ifdef CONFIG_PAX_KERNEXEC
+ pax_open_kernel(cr0);
+#endif
@@ -39121,7 +39121,10 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
+ }
+
+ if (sechdrs[i].sh_type != SHT_NOBITS) {
-+
+
+- if (sechdrs[i].sh_type != SHT_NOBITS)
+- memcpy(dest, (void *)sechdrs[i].sh_addr,
+- sechdrs[i].sh_size);
+#ifdef CONFIG_PAX_KERNEXEC
+ if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) {
+ pax_open_kernel(cr0);
@@ -39129,10 +39132,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
+ pax_close_kernel(cr0);
+ } else
+#endif
-
-- if (sechdrs[i].sh_type != SHT_NOBITS)
-- memcpy(dest, (void *)sechdrs[i].sh_addr,
-- sechdrs[i].sh_size);
++
+ memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
+ }
/* Update sh_addr to point to copy in image. */
@@ -39287,7 +39287,23 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
/* Taints info */
if (mod->taints)
-@@ -2781,12 +2929,12 @@ struct module *__module_address(unsigned
+@@ -2722,7 +2870,15 @@ static const struct file_operations proc
+
+ static int __init proc_modules_init(void)
+ {
++#ifndef CONFIG_GRKERNSEC_HIDESYM
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
++#else
+ proc_create("modules", 0, NULL, &proc_modules_operations);
++#endif
++#endif
+ return 0;
+ }
+ module_init(proc_modules_init);
+@@ -2781,12 +2937,12 @@ struct module *__module_address(unsigned
{
struct module *mod;
@@ -39303,7 +39319,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
return mod;
return NULL;
}
-@@ -2820,11 +2968,20 @@ bool is_module_text_address(unsigned lon
+@@ -2820,11 +2976,20 @@ bool is_module_text_address(unsigned lon
*/
struct module *__module_text_address(unsigned long addr)
{
diff --git a/main/linux-grsec/kernelconfig b/main/linux-grsec/kernelconfig
index 3fc9a5752..5dbe3c2e5 100644
--- a/main/linux-grsec/kernelconfig
+++ b/main/linux-grsec/kernelconfig
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.30.5
-# Thu Aug 27 08:08:50 2009
+# Wed Sep 2 06:25:44 2009
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -2302,12 +2302,21 @@ CONFIG_NOZOMI=m
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_FIX_EARLYCON_MEM=y
-CONFIG_SERIAL_8250_PCI=m
-CONFIG_SERIAL_8250_PNP=m
+CONFIG_SERIAL_8250_PCI=y
+CONFIG_SERIAL_8250_PNP=y
CONFIG_SERIAL_8250_CS=m
CONFIG_SERIAL_8250_NR_UARTS=16
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
-# CONFIG_SERIAL_8250_EXTENDED is not set
+CONFIG_SERIAL_8250_EXTENDED=y
+CONFIG_SERIAL_8250_MANY_PORTS=y
+CONFIG_SERIAL_8250_FOURPORT=m
+CONFIG_SERIAL_8250_ACCENT=m
+CONFIG_SERIAL_8250_BOCA=m
+CONFIG_SERIAL_8250_EXAR_ST16C554=m
+CONFIG_SERIAL_8250_HUB6=m
+CONFIG_SERIAL_8250_SHARE_IRQ=y
+# CONFIG_SERIAL_8250_DETECT_IRQ is not set
+CONFIG_SERIAL_8250_RSA=y
#
# Non-8250 serial port support