diff options
| author |   Anthony G. Basile <basile@opensource.dyc.edu> | 2010-08-31 15:25:11 -0400 |
|---|---|---|
| committer | Anthony G. Basile <basile@opensource.dyc.edu> | 2010-08-31 15:25:11 -0400 |
| commit | ab63be51c254e612dafa2d1d3f042bfd8d7a82fe (patch) | |
| tree | e572c2eb01594c1df1c77089a023efca6e1b1063 | |
| parent | Prepared next Grsec/PaX update (diff) | |
| download | hardened-patchset-ab63be51c254e612dafa2d1d3f042bfd8d7a82fe.tar.gz hardened-patchset-ab63be51c254e612dafa2d1d3f042bfd8d7a82fe.tar.bz2 hardened-patchset-ab63be51c254e612dafa2d1d3f042bfd8d7a82fe.zip | |
Updated Grsec/PaX20100829
2.2.0-2.6.32.21-201008292122 for kernel 2.6.32.21
2.2.0-2.6.34.6-201008292122 for kernel 2.6.34.6
| -rw-r--r-- | 2.6.32/4425_grsec-pax-without-grsec.patch | 4 | ||||
| -rw-r--r-- | 2.6.32/4430_grsec-kconfig-default-gids.patch | 14 | ||||
| -rw-r--r-- | 2.6.32/4435_grsec-kconfig-gentoo.patch | 2 | ||||
| -rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 2.6.32/4445_disable-compat_vdso.patch | 2 | ||||
| -rw-r--r-- | 2.6.34/4425_grsec-pax-without-grsec.patch | 2 | ||||
| -rw-r--r-- | 2.6.34/4430_grsec-kconfig-default-gids.patch | 14 | ||||
| -rw-r--r-- | 2.6.34/4435_grsec-kconfig-gentoo.patch | 2 | ||||
| -rw-r--r-- | 2.6.34/4440_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 2.6.34/4445_disable-compat_vdso.patch | 2 |
10 files changed, 23 insertions, 23 deletions
diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4425_grsec-pax-without-grsec.patch index 4e77cc7..bed70af 100644 --- a/2.6.32/4425_grsec-pax-without-grsec.patch +++ b/2.6.32/4425_grsec-pax-without-grsec.patch @@ -81,8 +81,8 @@ The original version of this patch contained no credits/description. do_group_exit(SIGKILL); --- a/security/Kconfig +++ b/security/Kconfig -@@ -19,7 +19,7 @@ menu "PaX" - +@@ -23,7 +23,7 @@ + config PAX bool "Enable various PaX features" - depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC || SPARC || X86) diff --git a/2.6.32/4430_grsec-kconfig-default-gids.patch b/2.6.32/4430_grsec-kconfig-default-gids.patch index 2f75e87..eec0a35 100644 --- a/2.6.32/4430_grsec-kconfig-default-gids.patch +++ b/2.6.32/4430_grsec-kconfig-default-gids.patch @@ -11,7 +11,7 @@ from shooting themselves in the foot. --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -396,7 +396,7 @@ +@@ -397,7 +397,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -20,7 +20,7 @@ from shooting themselves in the foot. config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -605,7 +605,7 @@ +@@ -606,7 +606,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -29,7 +29,7 @@ from shooting themselves in the foot. config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -774,7 +774,7 @@ +@@ -775,7 +775,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -38,7 +38,7 @@ from shooting themselves in the foot. help If you have selected the "Invert GID option" above, setting this GID determines what group TPE restrictions will be *disabled* for. -@@ -786,7 +786,7 @@ +@@ -787,7 +787,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -47,7 +47,7 @@ from shooting themselves in the foot. help If you have selected the "Invert GID option" above, setting this GID determines what group TPE restrictions will be *disabled* for. -@@ -860,7 +860,7 @@ +@@ -861,7 +861,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -56,7 +56,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -881,7 +881,7 @@ +@@ -882,7 +882,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -65,7 +65,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -899,7 +899,7 @@ +@@ -900,7 +900,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch index ac50e81..924dd79 100644 --- a/2.6.32/4435_grsec-kconfig-gentoo.patch +++ b/2.6.32/4435_grsec-kconfig-gentoo.patch @@ -25,7 +25,7 @@ Ned Ludd <solar@gentoo.org> config GRKERNSEC_LOW bool "Low" -@@ -190,6 +190,418 @@ +@@ -191,6 +191,418 @@ - Ptrace restrictions - Restricted vm86 mode diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index b004fd4..f77d600 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -21,7 +21,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -1368,6 +1368,27 @@ +@@ -1369,6 +1369,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/2.6.32/4445_disable-compat_vdso.patch b/2.6.32/4445_disable-compat_vdso.patch index 2cd8cfa..89e6884 100644 --- a/2.6.32/4445_disable-compat_vdso.patch +++ b/2.6.32/4445_disable-compat_vdso.patch @@ -27,7 +27,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1599,17 +1599,8 @@ +@@ -1604,17 +1604,8 @@ config COMPAT_VDSO def_bool n diff --git a/2.6.34/4425_grsec-pax-without-grsec.patch b/2.6.34/4425_grsec-pax-without-grsec.patch index 1435dbe..42e6734 100644 --- a/2.6.34/4425_grsec-pax-without-grsec.patch +++ b/2.6.34/4425_grsec-pax-without-grsec.patch @@ -81,7 +81,7 @@ The original version of this patch contained no credits/description. do_group_exit(SIGKILL); --- a/security/Kconfig +++ b/security/Kconfig -@@ -19,7 +19,7 @@ menu "PaX" +@@ -23,7 +23,7 @@ menu "PaX" config PAX bool "Enable various PaX features" diff --git a/2.6.34/4430_grsec-kconfig-default-gids.patch b/2.6.34/4430_grsec-kconfig-default-gids.patch index 2f75e87..eec0a35 100644 --- a/2.6.34/4430_grsec-kconfig-default-gids.patch +++ b/2.6.34/4430_grsec-kconfig-default-gids.patch @@ -11,7 +11,7 @@ from shooting themselves in the foot. --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -396,7 +396,7 @@ +@@ -397,7 +397,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -20,7 +20,7 @@ from shooting themselves in the foot. config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -605,7 +605,7 @@ +@@ -606,7 +606,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -29,7 +29,7 @@ from shooting themselves in the foot. config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -774,7 +774,7 @@ +@@ -775,7 +775,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -38,7 +38,7 @@ from shooting themselves in the foot. help If you have selected the "Invert GID option" above, setting this GID determines what group TPE restrictions will be *disabled* for. -@@ -786,7 +786,7 @@ +@@ -787,7 +787,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -47,7 +47,7 @@ from shooting themselves in the foot. help If you have selected the "Invert GID option" above, setting this GID determines what group TPE restrictions will be *disabled* for. -@@ -860,7 +860,7 @@ +@@ -861,7 +861,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -56,7 +56,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -881,7 +881,7 @@ +@@ -882,7 +882,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -65,7 +65,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -899,7 +899,7 @@ +@@ -900,7 +900,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.34/4435_grsec-kconfig-gentoo.patch b/2.6.34/4435_grsec-kconfig-gentoo.patch index ac50e81..924dd79 100644 --- a/2.6.34/4435_grsec-kconfig-gentoo.patch +++ b/2.6.34/4435_grsec-kconfig-gentoo.patch @@ -25,7 +25,7 @@ Ned Ludd <solar@gentoo.org> config GRKERNSEC_LOW bool "Low" -@@ -190,6 +190,418 @@ +@@ -191,6 +191,418 @@ - Ptrace restrictions - Restricted vm86 mode diff --git a/2.6.34/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.34/4440_selinux-avc_audit-log-curr_ip.patch index face330..8b0cf65 100644 --- a/2.6.34/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.34/4440_selinux-avc_audit-log-curr_ip.patch @@ -21,7 +21,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -1368,6 +1368,27 @@ +@@ -1369,6 +1369,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/2.6.34/4445_disable-compat_vdso.patch b/2.6.34/4445_disable-compat_vdso.patch index 2195d04..b72b0fd 100644 --- a/2.6.34/4445_disable-compat_vdso.patch +++ b/2.6.34/4445_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1642,17 +1642,8 @@ +@@ -1647,17 +1647,8 @@ config COMPAT_VDSO def_bool n |