diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 8 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908281917.patch) | 54 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig | 17 |
3 files changed, 52 insertions, 27 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 9543b3465..f40d03b43 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.30.5 _kernver=2.6.30 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs" @@ -13,7 +13,7 @@ _config=${config:-kernelconfig} install="$pkgname.post-install $pkgname.post-upgrade" source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.1.14-2.6.30.5-200908281917.patch + grsecurity-2.1.14-2.6.30.5-200908311711.patch net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch $_config " @@ -112,6 +112,6 @@ dev() { md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2 47841c7ff5c81a7b349a79f2fa8e9138 patch-2.6.30.5.bz2 -dee5a6292fb12018eb3bd3d014f89407 grsecurity-2.1.14-2.6.30.5-200908281917.patch +105d22bfc672508d6ed94a4f823a3e24 grsecurity-2.1.14-2.6.30.5-200908311711.patch ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch -ede34b2613f54cf1eae8f37a61d0e085 kernelconfig" +35d29ea012d4b009ce2bd37b7540903e kernelconfig" diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908281917.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch index cc232fbe5..a5179ccbb 100644 --- a/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908281917.patch +++ b/main/linux-grsec/grsecurity-2.1.14-2.6.30.5-200908311711.patch @@ -38765,7 +38765,7 @@ diff -urNp linux-2.6.30.5/kernel/lockdep_proc.c linux-2.6.30.5/kernel/lockdep_pr .stop = ls_stop, diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c --- linux-2.6.30.5/kernel/module.c 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.5/kernel/module.c 2009-08-04 17:52:34.401055170 -0400 ++++ linux-2.6.30.5/kernel/module.c 2009-08-31 17:10:48.583705296 -0400 @@ -46,6 +46,11 @@ #include <linux/rculist.h> #include <asm/uaccess.h> @@ -39045,26 +39045,26 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c - mod->module_core = ptr; + memset(ptr, 0, mod->core_size_rw); + mod->module_core_rw = ptr; -+ -+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw); -+ if (!ptr && mod->init_size_rw) { -+ err = -ENOMEM; -+ goto free_core_rw; -+ } -+ memset(ptr, 0, mod->init_size_rw); -+ mod->module_init_rw = ptr; - ptr = module_alloc_update_bounds(mod->init_size); - if (!ptr && mod->init_size) { -+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx); -+ if (!ptr) { ++ ptr = module_alloc_update_bounds_rw(mod->init_size_rw); ++ if (!ptr && mod->init_size_rw) { err = -ENOMEM; - goto free_core; -+ goto free_init_rw; ++ goto free_core_rw; } - memset(ptr, 0, mod->init_size); - mod->module_init = ptr; ++ memset(ptr, 0, mod->init_size_rw); ++ mod->module_init_rw = ptr; ++ ptr = module_alloc_update_bounds_rx(mod->core_size_rx); ++ if (!ptr) { ++ err = -ENOMEM; ++ goto free_init_rw; ++ } ++ +#ifdef CONFIG_PAX_KERNEXEC + pax_open_kernel(cr0); +#endif @@ -39121,7 +39121,10 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c + } + + if (sechdrs[i].sh_type != SHT_NOBITS) { -+ + +- if (sechdrs[i].sh_type != SHT_NOBITS) +- memcpy(dest, (void *)sechdrs[i].sh_addr, +- sechdrs[i].sh_size); +#ifdef CONFIG_PAX_KERNEXEC + if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) { + pax_open_kernel(cr0); @@ -39129,10 +39132,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c + pax_close_kernel(cr0); + } else +#endif - -- if (sechdrs[i].sh_type != SHT_NOBITS) -- memcpy(dest, (void *)sechdrs[i].sh_addr, -- sechdrs[i].sh_size); ++ + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size); + } /* Update sh_addr to point to copy in image. */ @@ -39287,7 +39287,23 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c /* Taints info */ if (mod->taints) -@@ -2781,12 +2929,12 @@ struct module *__module_address(unsigned +@@ -2722,7 +2870,15 @@ static const struct file_operations proc + + static int __init proc_modules_init(void) + { ++#ifndef CONFIG_GRKERNSEC_HIDESYM ++#ifdef CONFIG_GRKERNSEC_PROC_USER ++ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations); ++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++ proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations); ++#else + proc_create("modules", 0, NULL, &proc_modules_operations); ++#endif ++#endif + return 0; + } + module_init(proc_modules_init); +@@ -2781,12 +2937,12 @@ struct module *__module_address(unsigned { struct module *mod; @@ -39303,7 +39319,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c return mod; return NULL; } -@@ -2820,11 +2968,20 @@ bool is_module_text_address(unsigned lon +@@ -2820,11 +2976,20 @@ bool is_module_text_address(unsigned lon */ struct module *__module_text_address(unsigned long addr) { diff --git a/main/linux-grsec/kernelconfig b/main/linux-grsec/kernelconfig index 3fc9a5752..5dbe3c2e5 100644 --- a/main/linux-grsec/kernelconfig +++ b/main/linux-grsec/kernelconfig @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.30.5 -# Thu Aug 27 08:08:50 2009 +# Wed Sep 2 06:25:44 2009 # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -2302,12 +2302,21 @@ CONFIG_NOZOMI=m CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_FIX_EARLYCON_MEM=y -CONFIG_SERIAL_8250_PCI=m -CONFIG_SERIAL_8250_PNP=m +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_CS=m CONFIG_SERIAL_8250_NR_UARTS=16 CONFIG_SERIAL_8250_RUNTIME_UARTS=4 -# CONFIG_SERIAL_8250_EXTENDED is not set +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_MANY_PORTS=y +CONFIG_SERIAL_8250_FOURPORT=m +CONFIG_SERIAL_8250_ACCENT=m +CONFIG_SERIAL_8250_BOCA=m +CONFIG_SERIAL_8250_EXAR_ST16C554=m +CONFIG_SERIAL_8250_HUB6=m +CONFIG_SERIAL_8250_SHARE_IRQ=y +# CONFIG_SERIAL_8250_DETECT_IRQ is not set +CONFIG_SERIAL_8250_RSA=y # # Non-8250 serial port support |