summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch)29
-rw-r--r--2.6.32/4437-grsec-kconfig-proc-user.patch4
-rw-r--r--2.6.32/4440_selinux-avc_audit-log-curr_ip.patch2
-rw-r--r--3.0.4/0000_README2
-rw-r--r--3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch (renamed from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch)57
-rw-r--r--3.0.4/4425_grsec-pax-without-grsec.patch2
-rw-r--r--3.0.4/4437-grsec-kconfig-proc-user.patch4
-rw-r--r--3.0.4/4440_selinux-avc_audit-log-curr_ip.patch2
9 files changed, 59 insertions, 45 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 8013d69..e3aa423 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
index bcff015..0d9b6ae 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
@@ -55474,8 +55474,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_chroot.c linux-2.6.32.46/grsecurity/
+}
diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurity/grsec_disabled.c
--- linux-2.6.32.46/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-2.6.32.46/grsecurity/grsec_disabled.c 2011-09-24 08:13:29.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -55643,18 +55643,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -55915,8 +55903,6 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_disabled.c linux-2.6.32.46/grsecurit
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -73067,7 +73053,16 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c
diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
--- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/slub.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400
+@@ -201,7 +201,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SLUB_DEBUG
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -410,7 +410,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch
index 34d8596..368d10c 100644
--- a/2.6.32/4437-grsec-kconfig-proc-user.patch
+++ b/2.6.32/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-hardened-r54/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400
-@@ -668,7 +668,7 @@
+@@ -665,7 +665,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-harde
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -676,7 +676,7 @@
+@@ -673,7 +673,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
index b582401..003d903 100644
--- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
--- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400
+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400
-@@ -1267,6 +1267,27 @@
+@@ -1264,6 +1264,27 @@
menu "Logging Options"
depends on GRKERNSEC
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index a44f871..6cdadcb 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-3.0.4-201109190917.patch
+Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
index ec88fda..5e86d2b 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
@@ -50694,8 +50694,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+}
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,447 @@
++++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-09-24 08:13:01.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50863,18 +50863,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return 0;
+}
+
-+int
-+gr_is_capable(const int cap)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_is_capable_nolog(const int cap)
-+{
-+ return 1;
-+}
-+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
@@ -51135,8 +51123,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return dentry->d_inode->i_sb->s_dev;
+}
+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
@@ -55798,7 +55784,7 @@ diff -urNp linux-3.0.4/include/linux/grdefs.h linux-3.0.4/include/linux/grdefs.h
+#endif
diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grinternal.h
--- linux-3.0.4/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/include/linux/grinternal.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/include/linux/grinternal.h 2011-09-24 08:43:45.000000000 -0400
@@ -0,0 +1,219 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -55924,7 +55910,7 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin
+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
-+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
++ CAP_TO_MASK(CAP_IPC_OWNER) , CAP_TO_MASK(CAP_SYSLOG) }}
+
+#define security_learn(normal_msg,args...) \
+({ \
@@ -67520,7 +67506,16 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/slub.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400
+@@ -200,7 +200,7 @@ struct track {
+
+ enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *);
+ static int sysfs_slab_alias(struct kmem_cache *, const char *);
+ static void sysfs_slab_remove(struct kmem_cache *);
@@ -442,7 +442,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
@@ -67671,6 +67666,30 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
goto err;
}
up_write(&slub_lock);
+@@ -3545,7 +3586,7 @@ void *__kmalloc_node_track_caller(size_t
+ }
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int count_inuse(struct page *page)
+ {
+ return page->inuse;
+@@ -3935,12 +3976,12 @@ static void resiliency_test(void)
+ validate_slab_cache(kmalloc_caches[9]);
+ }
+ #else
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static void resiliency_test(void) {};
+ #endif
+ #endif
+
+-#ifdef CONFIG_SYSFS
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ enum slab_stat_type {
+ SL_ALL, /* All slabs */
+ SL_PARTIAL, /* Only partially allocated slabs */
@@ -4150,7 +4191,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
diff --git a/3.0.4/4425_grsec-pax-without-grsec.patch b/3.0.4/4425_grsec-pax-without-grsec.patch
index cdc33f2..41be0d0 100644
--- a/3.0.4/4425_grsec-pax-without-grsec.patch
+++ b/3.0.4/4425_grsec-pax-without-grsec.patch
@@ -77,7 +77,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c
diff -Naur a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2011-04-17 19:05:03.000000000 -0400
+++ b/security/Kconfig 2011-04-17 19:20:30.000000000 -0400
-@@ -26,7 +26,7 @@
+@@ -29,7 +29,7 @@
config PAX
bool "Enable various PaX features"
diff --git a/3.0.4/4437-grsec-kconfig-proc-user.patch b/3.0.4/4437-grsec-kconfig-proc-user.patch
index 4e5acda..c588683 100644
--- a/3.0.4/4437-grsec-kconfig-proc-user.patch
+++ b/3.0.4/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre
diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400
-@@ -669,7 +669,7 @@
+@@ -666,7 +666,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
-@@ -677,7 +677,7 @@
+@@ -674,7 +674,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
diff --git a/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch b/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
index 3a991fb..0fd5d2d 100644
--- a/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/3.0.4/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig
--- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1268,6 +1268,27 @@
+@@ -1265,6 +1265,27 @@
menu "Logging Options"
depends on GRKERNSEC