diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-08-06 11:04:23 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-08-06 11:04:23 -0400 |
commit | a7ea37ca51d54b42ca3293bc5cb1522d0b9081d1 (patch) | |
tree | dab261f11623f2d2a61c776f946c3ec212a46c88 /2.6.32 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.61,3.2.50.3.10.4}-201308030031 (diff) | |
download | hardened-patchset-a7ea37ca51d54b42ca3293bc5cb1522d0b9081d1.tar.gz hardened-patchset-a7ea37ca51d54b42ca3293bc5cb1522d0b9081d1.tar.bz2 hardened-patchset-a7ea37ca51d54b42ca3293bc5cb1522d0b9081d1.zip |
Grsec/PaX: 2.9.1-{2.6.32.61,3.2.50.3.10.5}-20130805215420130805
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201308052140.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201308030029.patch) | 20 |
2 files changed, 17 insertions, 5 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index a0fb57e..53f88d5 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch From: http://www.kernel.org Desc: Linux 2.6.32.61 -Patch: 4420_grsecurity-2.9.1-2.6.32.61-201308030029.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.61-201308052140.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201308030029.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201308052140.patch index d228405..7620046 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201308030029.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201308052140.patch @@ -86564,7 +86564,7 @@ index 0000000..36845aa +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..38b465b +index 0000000..1276b13 --- /dev/null +++ b/grsecurity/gracl.c @@ -0,0 +1,4309 @@ @@ -89754,7 +89754,7 @@ index 0000000..38b465b + unsigned char *sprole_sum = NULL; + int error = 0; + int error2 = 0; -+ size_t req_count; ++ size_t req_count = 0; + + mutex_lock(&gr_dev_mutex); + @@ -118626,6 +118626,18 @@ index 713ac59..306f6ae 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c +index ab82f14..b022c59 100644 +--- a/net/sched/sch_atm.c ++++ b/net/sched/sch_atm.c +@@ -628,6 +628,7 @@ static int atm_tc_dump_class(struct Qdisc *sch, unsigned long cl, + struct sockaddr_atmpvc pvc; + int state; + ++ memset(&pvc, 0, sizeof(pvc)); + pvc.sap_family = AF_ATMPVC; + pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1; + pvc.sap_addr.vpi = flow->vcc->vpi; diff --git a/net/sctp/auth.c b/net/sctp/auth.c index 7363b9f..1b055b5 100644 --- a/net/sctp/auth.c @@ -120087,7 +120099,7 @@ index d52f7a0..b66cdd9 100755 rm -f tags xtags ctags diff --git a/security/Kconfig b/security/Kconfig -index fb363cd..55a557a 100644 +index fb363cd..a869a1d 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,896 @@ @@ -120764,7 +120776,7 @@ index fb363cd..55a557a 100644 + +config PAX_RANDKSTACK + bool "Randomize kernel stack base" -+ default y if GRKERNSEC_CONFIG_AUTO ++ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) + depends on X86_TSC && X86 + help + By saying Y here the kernel will randomize every task's kernel |