main/linux-grsec: enable analog TV and upgrade to grsecurity-2.9.1-3.6.6-201211122213

author: Natanael Copa <ncopa@alpinelinux.org> 2012-11-14 10:15:00 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2012-11-14 10:15:00 +0000
commit: 7f54fb99e478b38a77c221867ce348da26c7309c (patch)
tree: 4c67944b2c648cb3933fd421c5c8529f53081d7d /main/linux-grsec
parent: 9cfa4cfb7a822621a413fad08aeac66149eae30c (diff)
download: aports-7f54fb99e478b38a77c221867ce348da26c7309c.tar.bz2
aports-7f54fb99e478b38a77c221867ce348da26c7309c.tar.xz
3 files changed, 130 insertions, 31 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index f8c132b16..ec1f358aa 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=3.6.6
 _kernver=3.6
-pkgrel=1
+pkgrel=2
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	grsecurity-2.9.1-3.6.6-201211051957.patch
+	grsecurity-2.9.1-3.6.6-201211122213.patch
 	
 	0004-arp-flush-arp-cache-on-device-change.patch
 
@@ -140,7 +140,7 @@ dev() {
 
 md5sums="1a1760420eac802c541a20ab51a093d1  linux-3.6.tar.xz
 11d6d8749d4612a77f43f0531c0f2824  patch-3.6.6.xz
-562292d1cfaca88f4a78e15779fdb3e6  grsecurity-2.9.1-3.6.6-201211051957.patch
+eeadecd13caac8e41b567b21b5d42c80  grsecurity-2.9.1-3.6.6-201211122213.patch
 776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
-cc8ed3919b54bb676ea6ed9f9d0d14a7  kernelconfig.x86
+0b4abb6b3e32cc7ba656c24e30581349  kernelconfig.x86
 0971129c59c7fe0011b3ec46982d9f5c  kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.6.6-201211051957.patch b/main/linux-grsec/grsecurity-2.9.1-3.6.6-201211122213.patch
index b18fa6094..164e8e916 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.6.6-201211051957.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.6.6-201211122213.patch
@@ -24594,10 +24594,18 @@ index b91e485..d00e7c9 100644
  	}
  	if (mm->get_unmapped_area == arch_get_unmapped_area)
 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index d7aea41..f753ad2 100644
+index d7aea41..0fc945b 100644
 --- a/arch/x86/mm/init.c
 +++ b/arch/x86/mm/init.c
-@@ -16,6 +16,8 @@
+@@ -4,6 +4,7 @@
+ #include <linux/swap.h>
+ #include <linux/memblock.h>
+ #include <linux/bootmem.h>	/* for max_low_pfn */
++#include <linux/tboot.h>
+ 
+ #include <asm/cacheflush.h>
+ #include <asm/e820.h>
+@@ -16,6 +17,8 @@
  #include <asm/tlb.h>
  #include <asm/proto.h>
  #include <asm/dma.h>		/* for MAX_DMA_PFN */
@@ -24606,7 +24614,7 @@ index d7aea41..f753ad2 100644
  
  unsigned long __initdata pgt_buf_start;
  unsigned long __meminitdata pgt_buf_end;
-@@ -44,7 +46,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range)
+@@ -44,7 +47,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range)
  {
  	int i;
  	unsigned long puds = 0, pmds = 0, ptes = 0, tables;
@@ -24615,7 +24623,7 @@ index d7aea41..f753ad2 100644
  	phys_addr_t base;
  
  	for (i = 0; i < nr_range; i++) {
-@@ -321,10 +323,37 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
+@@ -321,10 +324,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
   * Access has to be given to non-kernel-ram areas as well, these contain the PCI
   * mmio resources as well as potential bios/acpi data regions.
   */
@@ -24635,6 +24643,9 @@ index d7aea41..f753ad2 100644
 +	/* allow EBDA */
 +	if (pagenr >= ebda_start && pagenr < ebda_end)
 +		return 1;
++	/* if tboot is in use, allow access to its hardcoded serial log range */
++	if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
++		return 1;
 +#else
 +	if (!pagenr)
 +		return 1;
@@ -24654,7 +24665,7 @@ index d7aea41..f753ad2 100644
  	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
  		return 0;
  	if (!page_is_ram(pagenr))
-@@ -381,8 +410,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -381,8 +414,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
  #endif
  }
  
@@ -42746,6 +42757,23 @@ index 89f7625..ac72702 100644
  		/* On error, dump existing buffer */
  		u->len = 0;
  		rc = -EINVAL;
+diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
+index fef20db..d28b1ab 100644
+--- a/drivers/xen/xenfs/xenstored.c
++++ b/drivers/xen/xenfs/xenstored.c
+@@ -24,7 +24,12 @@ static int xsd_release(struct inode *inode, struct file *file)
+ static int xsd_kva_open(struct inode *inode, struct file *file)
+ {
+ 	file->private_data = (void *)kasprintf(GFP_KERNEL, "0x%p",
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++					       NULL);
++#else
+ 					       xen_store_interface);
++#endif
++
+ 	if (!file->private_data)
+ 		return -ENOMEM;
+ 	return 0;
 diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
 index cbf9dbb..35c3af7 100644
 --- a/fs/9p/vfs_inode.c
@@ -51713,10 +51741,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..3d58260
+index 0000000..b736032
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4029 @@
+@@ -0,0 +1,4040 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -52781,7 +52809,7 @@ index 0000000..3d58260
 +}
 +
 +static struct acl_subject_label *
-+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
 +
 +static int
 +copy_user_glob(struct acl_object_label *obj)
@@ -52867,13 +52895,18 @@ index 0000000..3d58260
 +			return ret;
 +
 +		if (o_tmp->nested) {
-+			o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
++			int already_copied;
++
++			o_tmp->nested = do_copy_user_subj(o_tmp->nested, role, &already_copied);
 +			if (IS_ERR(o_tmp->nested))
 +				return PTR_ERR(o_tmp->nested);
 +
-+			/* insert into nested subject list */
-+			o_tmp->nested->next = role->hash->first;
-+			role->hash->first = o_tmp->nested;
++			/* insert into nested subject list if we haven't copied this one yet
++			   to prevent duplicate entries */
++			if (!already_copied) {
++				o_tmp->nested->next = role->hash->first;
++				role->hash->first = o_tmp->nested;
++			}
 +		}
 +	}
 +
@@ -52992,7 +53025,7 @@ index 0000000..3d58260
 +}
 +
 +static struct acl_subject_label *
-+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
 +{
 +	struct acl_subject_label *s_tmp = NULL, *s_tmp2;
 +	unsigned int len;
@@ -53004,13 +53037,19 @@ index 0000000..3d58260
 +	unsigned int i_num;
 +	int err;
 +
++	if (already_copied != NULL)
++		*already_copied = 0;
++
 +	s_tmp = lookup_subject_map(userp);
 +
 +	/* we've already copied this subject into the kernel, just return
 +	   the reference to it, and don't copy it over again
 +	*/
-+	if (s_tmp)
++	if (s_tmp) {
++		if (already_copied != NULL)
++			*already_copied = 1;
 +		return(s_tmp);
++	}
 +
 +	if ((s_tmp = (struct acl_subject_label *)
 +	    acl_alloc(sizeof (struct acl_subject_label))) == NULL)
@@ -53096,7 +53135,7 @@ index 0000000..3d58260
 +
 +	/* set pointer for parent subject */
 +	if (s_tmp->parent_subject) {
-+		s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
++		s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role, NULL);
 +
 +		if (IS_ERR(s_tmp2))
 +			return s_tmp2;
@@ -53180,7 +53219,7 @@ index 0000000..3d58260
 +			continue;
 +		}
 +
-+		ret = do_copy_user_subj(userp, role);
++		ret = do_copy_user_subj(userp, role, NULL);
 +
 +		err = PTR_ERR(ret);
 +		if (IS_ERR(ret))
@@ -68184,7 +68223,7 @@ index 91c32a0..7b88d63 100644
  		seq_printf(m, "%40s %14lu %29s %pS\n",
  			   name, stats->contending_point[i],
 diff --git a/kernel/module.c b/kernel/module.c
-index 9ad9ee9..de7a157 100644
+index 9ad9ee9..f6e05c2 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -58,6 +58,7 @@
@@ -68365,7 +68404,7 @@ index 9ad9ee9..de7a157 100644
 +
 +	p = strstr(mod->args, "grsec_modharden_fs");
 +	if (p) {
-+		char *endptr = p + strlen("grsec_modharden_fs");
++		char *endptr = p + sizeof("grsec_modharden_fs") - 1;
 +		/* copy \0 as well */
 +		memmove(p, endptr, strlen(mod->args) - (unsigned int)(endptr - mod->args) + 1);
 +		is_fs_load = 1;
@@ -68775,7 +68814,7 @@ index 9ad9ee9..de7a157 100644
 +			err = -EPERM;
 +			goto free_modinfo;
 +		} else if ((p = strstr(mod->args, "grsec_modharden_normal"))) {
-+			p += strlen("grsec_modharden_normal");
++			p += sizeof("grsec_modharden_normal") - 1;
 +			p2 = strstr(p, "_");
 +			if (p2) {
 +				*p2 = '\0';
@@ -78644,7 +78683,7 @@ index 5cfb5be..217c6d8 100644
  	if (data_len) {
 diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c
 new file mode 100644
-index 0000000..6905327
+index 0000000..c566332
 --- /dev/null
 +++ b/net/netfilter/xt_gradm.c
 @@ -0,0 +1,51 @@
@@ -78683,13 +78722,13 @@ index 0000000..6905327
 +};
 +
 +static int __init gradm_mt_init(void)
-+{       
-+	        return xt_register_match(&gradm_mt_reg);
++{
++	return xt_register_match(&gradm_mt_reg);
 +}
 +
 +static void __exit gradm_mt_exit(void)
-+{       
-+	        xt_unregister_match(&gradm_mt_reg);
++{
++	xt_unregister_match(&gradm_mt_reg);
 +}
 +
 +module_init(gradm_mt_init);
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 43e6f8694..327e915fa 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1568,7 +1568,7 @@ CONFIG_SENSORS_LIS3_I2C=m
 #
 # Altera FPGA firmware download module
 #
-# CONFIG_ALTERA_STAPL is not set
+CONFIG_ALTERA_STAPL=m
 # CONFIG_INTEL_MEI is not set
 CONFIG_HAVE_IDE=y
 # CONFIG_IDE is not set
@@ -2920,7 +2920,6 @@ CONFIG_GPIO_ADP5588=m
 # PCI GPIO expanders:
 #
 CONFIG_GPIO_CS5535=m
-CONFIG_GPIO_BT8XX=m
 CONFIG_GPIO_AMD8111=m
 # CONFIG_GPIO_LANGWELL is not set
 CONFIG_GPIO_PCH=m
@@ -3223,7 +3222,7 @@ CONFIG_MEDIA_SUPPORT=m
 # Multimedia core support
 #
 CONFIG_MEDIA_CAMERA_SUPPORT=y
-# CONFIG_MEDIA_ANALOG_TV_SUPPORT is not set
+CONFIG_MEDIA_ANALOG_TV_SUPPORT=y
 CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y
 # CONFIG_MEDIA_RADIO_SUPPORT is not set
 CONFIG_MEDIA_RC_SUPPORT=y
@@ -3266,10 +3265,14 @@ CONFIG_IR_IGUANA=m
 CONFIG_RC_LOOPBACK=m
 CONFIG_IR_GPIO_CIR=m
 CONFIG_MEDIA_ATTACH=y
+CONFIG_MEDIA_TUNER=m
+# CONFIG_MEDIA_TUNER_CUSTOMISE is not set
 CONFIG_MEDIA_TUNER_SIMPLE=m
+CONFIG_MEDIA_TUNER_TDA8290=m
 CONFIG_MEDIA_TUNER_TDA827X=m
 CONFIG_MEDIA_TUNER_TDA18271=m
 CONFIG_MEDIA_TUNER_TDA9887=m
+CONFIG_MEDIA_TUNER_MT20XX=m
 CONFIG_MEDIA_TUNER_MT2060=m
 CONFIG_MEDIA_TUNER_MT2063=m
 CONFIG_MEDIA_TUNER_MT2266=m
@@ -3292,6 +3295,8 @@ CONFIG_VIDEO_V4L2=m
 CONFIG_VIDEOBUF_GEN=m
 CONFIG_VIDEOBUF_DMA_SG=m
 CONFIG_VIDEOBUF_VMALLOC=m
+CONFIG_VIDEOBUF_DVB=m
+CONFIG_VIDEO_BTCX=m
 CONFIG_VIDEO_TVEEPROM=m
 CONFIG_VIDEO_TUNER=m
 CONFIG_V4L2_MEM2MEM_DEV=m
@@ -3471,6 +3476,51 @@ CONFIG_VIDEO_EM28XX=m
 CONFIG_VIDEO_EM28XX_ALSA=m
 # CONFIG_VIDEO_EM28XX_DVB is not set
 CONFIG_VIDEO_EM28XX_RC=m
+
+#
+# TV USB devices
+#
+# CONFIG_VIDEO_AU0828 is not set
+# CONFIG_VIDEO_PVRUSB2 is not set
+# CONFIG_VIDEO_HDPVR is not set
+# CONFIG_VIDEO_TLG2300 is not set
+# CONFIG_VIDEO_CX231XX is not set
+# CONFIG_VIDEO_TM6000 is not set
+# CONFIG_VIDEO_USBVISION is not set
+CONFIG_V4L_PCI_DRIVERS=y
+CONFIG_VIDEO_BT848=m
+CONFIG_VIDEO_BT848_DVB=y
+CONFIG_VIDEO_CX18=m
+CONFIG_VIDEO_CX18_ALSA=m
+CONFIG_VIDEO_CX23885=m
+CONFIG_MEDIA_ALTERA_CI=m
+CONFIG_VIDEO_CX25821=m
+CONFIG_VIDEO_CX25821_ALSA=m
+CONFIG_VIDEO_CX88=m
+CONFIG_VIDEO_CX88_ALSA=m
+CONFIG_VIDEO_CX88_BLACKBIRD=m
+CONFIG_VIDEO_CX88_DVB=m
+CONFIG_VIDEO_CX88_VP3054=m
+CONFIG_VIDEO_CX88_MPEG=m
+CONFIG_VIDEO_HEXIUM_GEMINI=m
+CONFIG_VIDEO_HEXIUM_ORION=m
+CONFIG_VIDEO_IVTV=m
+CONFIG_VIDEO_FB_IVTV=m
+CONFIG_VIDEO_MEYE=m
+CONFIG_VIDEO_MXB=m
+CONFIG_VIDEO_SAA7134=m
+CONFIG_VIDEO_SAA7134_ALSA=m
+CONFIG_VIDEO_SAA7134_RC=y
+CONFIG_VIDEO_SAA7134_DVB=m
+CONFIG_VIDEO_SAA7164=m
+CONFIG_VIDEO_ZORAN=m
+CONFIG_VIDEO_ZORAN_DC30=m
+CONFIG_VIDEO_ZORAN_ZR36060=m
+CONFIG_VIDEO_ZORAN_BUZ=m
+CONFIG_VIDEO_ZORAN_DC10=m
+CONFIG_VIDEO_ZORAN_LML33=m
+CONFIG_VIDEO_ZORAN_LML33R10=m
+CONFIG_VIDEO_ZORAN_AVS6EYES=m
 # CONFIG_V4L_ISA_PARPORT_DRIVERS is not set
 # CONFIG_V4L_PLATFORM_DRIVERS is not set
 CONFIG_V4L_MEM2MEM_DRIVERS=y
@@ -3554,6 +3604,7 @@ CONFIG_DVB_B2C2_FLEXCOP_USB=m
 #
 # Supported BT878 Adapters
 #
+CONFIG_DVB_BT8XX=m
 
 #
 # Supported Pluto2 Adapters
@@ -3615,8 +3666,10 @@ CONFIG_DVB_TDA18271C2DD=m
 #
 # DVB-S (satellite) frontends
 #
+CONFIG_DVB_CX24110=m
 CONFIG_DVB_CX24123=m
 CONFIG_DVB_MT312=m
+CONFIG_DVB_ZL10036=m
 CONFIG_DVB_ZL10039=m
 CONFIG_DVB_S5H1420=m
 CONFIG_DVB_STV0288=m
@@ -3641,6 +3694,7 @@ CONFIG_DVB_MB86A16=m
 # DVB-T (terrestrial) frontends
 #
 CONFIG_DVB_SP8870=m
+CONFIG_DVB_SP887X=m
 CONFIG_DVB_CX22700=m
 CONFIG_DVB_CX22702=m
 CONFIG_DVB_L64781=m
@@ -3652,8 +3706,10 @@ CONFIG_DVB_DIB3000MB=m
 CONFIG_DVB_DIB3000MC=m
 CONFIG_DVB_DIB7000M=m
 CONFIG_DVB_DIB7000P=m
+CONFIG_DVB_TDA10048=m
 CONFIG_DVB_AF9013=m
 CONFIG_DVB_EC100=m
+CONFIG_DVB_STV0367=m
 CONFIG_DVB_CXD2820R=m
 CONFIG_DVB_RTL2830=m
 CONFIG_DVB_RTL2832=m
@@ -3670,10 +3726,13 @@ CONFIG_DVB_STV0297=m
 # ATSC (North American/Korean Terrestrial/Cable DTV) frontends
 #
 CONFIG_DVB_NXT200X=m
+CONFIG_DVB_OR51211=m
+CONFIG_DVB_OR51132=m
 CONFIG_DVB_BCM3510=m
 CONFIG_DVB_LGDT330X=m
 CONFIG_DVB_LGDT3305=m
 CONFIG_DVB_LG2160=m
+CONFIG_DVB_S5H1409=m
 CONFIG_DVB_S5H1411=m
 
 #
@@ -3693,6 +3752,7 @@ CONFIG_DVB_TUNER_DIB0090=m
 #
 CONFIG_DVB_LNBP21=m
 CONFIG_DVB_LNBP22=m
+CONFIG_DVB_ISL6405=m
 CONFIG_DVB_ISL6421=m
 CONFIG_DVB_ISL6423=m
 CONFIG_DVB_LGS8GXX=m
author	Natanael Copa <ncopa@alpinelinux.org>	2012-11-14 10:15:00 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2012-11-14 10:15:00 +0000
commit	7f54fb99e478b38a77c221867ce348da26c7309c (patch)
tree	4c67944b2c648cb3933fd421c5c8529f53081d7d /main/linux-grsec
parent	9cfa4cfb7a822621a413fad08aeac66149eae30c (diff)
download	aports-7f54fb99e478b38a77c221867ce348da26c7309c.tar.bz2 aports-7f54fb99e478b38a77c221867ce348da26c7309c.tar.xz