diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-08-01 19:41:42 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-08-01 19:41:42 -0400 |
| commit | 514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1 (patch) | |
| tree | 22ac72ecd01526e38247cef82b4d3665d4e2a5f2 /2.6.32 | |
| parent | Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201207311908 (diff) | |
| download | hardened-patchset-514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.tar.gz hardened-patchset-514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.tar.bz2 hardened-patchset-514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.zip | |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201208011848
Diffstat (limited to '2.6.32')
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch) | 27 |
2 files changed, 28 insertions, 1 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 3010d85..ae80b1d 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch index a17194d..4d11792 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch @@ -105356,6 +105356,33 @@ index 30b3189..e2e4b55 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 8df3477..797ae6d 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1298,6 +1298,10 @@ err_proto: + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) + #define DYING_NULLS_VAL ((1<<30)+1) + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int nf_conntrack_init_net(struct net *net) + { + int ret; +@@ -1311,7 +1315,11 @@ static int nf_conntrack_init_net(struct net *net) + goto err_stat; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id)); ++#else + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); ++#endif + if (!net->ct.slabname) { + ret = -ENOMEM; + goto err_slabname; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index d521718..d0fd7a1 100644 --- a/net/netfilter/nf_conntrack_netlink.c |