diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-06-29 10:37:32 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-06-29 10:37:43 -0400 |
commit | 7013e899f6294835d95a1c3e309412c990bad2aa (patch) | |
tree | ea974b12f1218046c7e3c3658ef426f8338b8860 /2.6.39 | |
parent | Update Grsec/PaX (diff) | |
download | hardened-patchset-7013e899f6294835d95a1c3e309412c990bad2aa.tar.gz hardened-patchset-7013e899f6294835d95a1c3e309412c990bad2aa.tar.bz2 hardened-patchset-7013e899f6294835d95a1c3e309412c990bad2aa.zip |
Update Grsec/PaX and address bug #36601920110628
2.2.2-2.6.32.42-201106281648
2.2.2-2.6.39.2-201106281648
Diffstat (limited to '2.6.39')
-rw-r--r-- | 2.6.39/0000_README | 2 | ||||
-rw-r--r-- | 2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch (renamed from 2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106251302.patch) | 33 | ||||
-rw-r--r-- | 2.6.39/4437-grsec-kconfig-proc-user.patch | 26 |
3 files changed, 39 insertions, 22 deletions
diff --git a/2.6.39/0000_README b/2.6.39/0000_README index 339b393..b6b1a96 100644 --- a/2.6.39/0000_README +++ b/2.6.39/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.39.2-201106251302.patch +Patch: 4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106251302.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch index 9451ea7..8495f8b 100644 --- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106251302.patch +++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch @@ -28599,27 +28599,6 @@ diff -urNp linux-2.6.39.2/drivers/char/xilinx_hwicap/xilinx_hwicap.c linux-2.6.3 .get_configuration = fifo_icap_get_configuration, .set_configuration = fifo_icap_set_configuration, .get_status = fifo_icap_get_status, -diff -urNp linux-2.6.39.2/drivers/connector/Kconfig linux-2.6.39.2/drivers/connector/Kconfig ---- linux-2.6.39.2/drivers/connector/Kconfig 2011-05-19 00:06:34.000000000 -0400 -+++ linux-2.6.39.2/drivers/connector/Kconfig 2011-06-20 17:54:16.000000000 -0400 -@@ -1,7 +1,7 @@ - - menuconfig CONNECTOR - tristate "Connector - unified userspace <-> kernelspace linker" -- depends on NET -+ depends on NET && !GRKERNSEC - ---help--- - This is unified userspace <-> kernelspace connector working on top - of the netlink socket protocol. -@@ -13,7 +13,7 @@ if CONNECTOR - - config PROC_EVENTS - boolean "Report process events to userspace" -- depends on CONNECTOR=y -+ depends on CONNECTOR=y && !GRKERNSEC - default y - ---help--- - Provide a connector that reports process events to userspace. Send diff -urNp linux-2.6.39.2/drivers/crypto/hifn_795x.c linux-2.6.39.2/drivers/crypto/hifn_795x.c --- linux-2.6.39.2/drivers/crypto/hifn_795x.c 2011-05-19 00:06:34.000000000 -0400 +++ linux-2.6.39.2/drivers/crypto/hifn_795x.c 2011-05-22 19:36:31.000000000 -0400 @@ -75786,6 +75765,18 @@ diff -urNp linux-2.6.39.2/net/batman-adv/unicast.c linux-2.6.39.2/net/batman-adv frag1->seqno = htons(seqno - 1); frag2->seqno = htons(seqno); +diff -urNp linux-2.6.39.2/net/bluetooth/l2cap_core.c linux-2.6.39.2/net/bluetooth/l2cap_core.c +--- linux-2.6.39.2/net/bluetooth/l2cap_core.c 2011-05-19 00:06:34.000000000 -0400 ++++ linux-2.6.39.2/net/bluetooth/l2cap_core.c 2011-06-25 14:32:21.000000000 -0400 +@@ -2202,7 +2202,7 @@ static inline int l2cap_config_req(struc + + /* Reject if config buffer is too small. */ + len = cmd_len - sizeof(*req); +- if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { ++ if (len < 0 || l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { + l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, + l2cap_build_conf_rsp(sk, rsp, + L2CAP_CONF_REJECT, flags), rsp); diff -urNp linux-2.6.39.2/net/bluetooth/l2cap_sock.c linux-2.6.39.2/net/bluetooth/l2cap_sock.c --- linux-2.6.39.2/net/bluetooth/l2cap_sock.c 2011-05-19 00:06:34.000000000 -0400 +++ linux-2.6.39.2/net/bluetooth/l2cap_sock.c 2011-06-12 06:36:08.000000000 -0400 diff --git a/2.6.39/4437-grsec-kconfig-proc-user.patch b/2.6.39/4437-grsec-kconfig-proc-user.patch new file mode 100644 index 0000000..372507c --- /dev/null +++ b/2.6.39/4437-grsec-kconfig-proc-user.patch @@ -0,0 +1,26 @@ +From: Anthony G. Basile <blueness@gentoo.org> + +Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP +in a different way to avoid bug #366019. This patch should eventually go upstream. + +diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig +--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 ++++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 +@@ -670,7 +670,7 @@ + + config GRKERNSEC_PROC_USER + bool "Restrict /proc to user only" +- depends on GRKERNSEC_PROC ++ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USERGROUP + help + If you say Y here, non-root users will only be able to view their own + processes, and restricts them from viewing network-related information, +@@ -678,7 +678,7 @@ + + config GRKERNSEC_PROC_USERGROUP + bool "Allow special group" +- depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER ++ depends on GRKERNSEC_PROC + help + If you say Y here, you will be able to select a group that will be + able to view all processes and network-related information. If you've |