diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-12-12 17:21:00 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-12-12 17:21:00 -0500 |
| commit | f39a108ed9d2a8f3cac4585bc7364cb25791dd87 (patch) | |
| tree | 8b086afd4eaef07172b07040d4fb9a9f998a920b | |
| parent | Grsec/PaX: 2.6.32.49-201112082138 + 2.2.2-3.1.5-201112101853 (diff) | |
| download | hardened-patchset-f39a108ed9d2a8f3cac4585bc7364cb25791dd87.tar.gz hardened-patchset-f39a108ed9d2a8f3cac4585bc7364cb25791dd87.tar.bz2 hardened-patchset-f39a108ed9d2a8f3cac4585bc7364cb25791dd87.zip | |
Clean up line numbers20111210
| -rw-r--r-- | 2.6.32/4422_grsec-mute-warnings.patch | 6 | ||||
| -rw-r--r-- | 2.6.32/4425_grsec-pax-without-grsec.patch | 20 | ||||
| -rw-r--r-- | 2.6.32/4430_grsec-kconfig-default-gids.patch | 20 | ||||
| -rw-r--r-- | 2.6.32/4435_grsec-kconfig-gentoo.patch | 4 | ||||
| -rw-r--r-- | 2.6.32/4437-grsec-kconfig-proc-user.patch | 6 | ||||
| -rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 14 | ||||
| -rw-r--r-- | 3.1.5/0000_README | 4 | ||||
| -rw-r--r-- | 3.1.5/1003_linux-3.1.4.patch | 45 | ||||
| -rw-r--r-- | 3.1.5/4425_grsec-pax-without-grsec.patch | 2 | ||||
| -rw-r--r-- | 3.1.5/4430_grsec-kconfig-default-gids.patch | 20 | ||||
| -rw-r--r-- | 3.1.5/4435_grsec-kconfig-gentoo.patch | 4 | ||||
| -rw-r--r-- | 3.1.5/4437-grsec-kconfig-proc-user.patch | 4 | ||||
| -rw-r--r-- | 3.1.5/4440_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.1.5/4445_disable-compat_vdso.patch | 2 |
14 files changed, 52 insertions, 101 deletions
diff --git a/2.6.32/4422_grsec-mute-warnings.patch b/2.6.32/4422_grsec-mute-warnings.patch index 0c9c69a..127d90d 100644 --- a/2.6.32/4422_grsec-mute-warnings.patch +++ b/2.6.32/4422_grsec-mute-warnings.patch @@ -29,8 +29,8 @@ warning flags of vanilla kernel versions. Acked-by: Christian Heim <phreak@gentoo.org> --- ---- a/Makefile 2011-06-05 20:27:54.000000000 -0400 -+++ b/Makefile 2011-06-05 20:28:46.000000000 -0400 +--- a/Makefile 2011-12-12 15:01:59.000000000 -0500 ++++ b/Makefile 2011-12-12 15:03:19.000000000 -0500 @@ -221,7 +221,7 @@ HOSTCC = gcc @@ -38,5 +38,5 @@ Acked-by: Christian Heim <phreak@gentoo.org> -HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks +HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks HOSTCFLAGS += $(call cc-option, -Wno-empty-body) - HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks + HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4425_grsec-pax-without-grsec.patch index 96b85a3..b5929f0 100644 --- a/2.6.32/4425_grsec-pax-without-grsec.patch +++ b/2.6.32/4425_grsec-pax-without-grsec.patch @@ -17,10 +17,10 @@ Allow PaX options to be selected without first selecting CONFIG_GRKERNSEC. This patch has been updated to keep current with newer kernel versions. The original version of this patch contained no credits/description. -diff -Naur linux-2.6.32-hardened-r44.orig/arch/x86/mm/fault.c linux-2.6.32-hardened-r44/arch/x86/mm/fault.c ---- linux-2.6.32-hardened-r44.orig/arch/x86/mm/fault.c 2011-04-17 18:15:54.000000000 -0400 -+++ linux-2.6.32-hardened-r44/arch/x86/mm/fault.c 2011-04-17 18:28:11.000000000 -0400 -@@ -658,10 +658,12 @@ +diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c +--- a/arch/x86/mm/fault.c 2011-04-17 18:15:54.000000000 -0400 ++++ b/arch/x86/mm/fault.c 2011-04-17 18:28:11.000000000 -0400 +@@ -662,10 +662,12 @@ #ifdef CONFIG_PAX_KERNEXEC if (init_mm.start_code <= address && address < init_mm.end_code) { @@ -33,9 +33,9 @@ diff -Naur linux-2.6.32-hardened-r44.orig/arch/x86/mm/fault.c linux-2.6.32-harde printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); } -diff -Naur linux-2.6.32-hardened-r44.orig/fs/exec.c linux-2.6.32-hardened-r44/fs/exec.c ---- linux-2.6.32-hardened-r44.orig/fs/exec.c 2011-04-17 18:15:55.000000000 -0400 -+++ linux-2.6.32-hardened-r44/fs/exec.c 2011-04-17 18:29:40.000000000 -0400 +diff -Naur a/fs/exec.c b/fs/exec.c +--- a/fs/exec.c 2011-04-17 18:15:55.000000000 -0400 ++++ b/fs/exec.c 2011-04-17 18:29:40.000000000 -0400 @@ -1803,9 +1803,11 @@ } up_read(&mm->mmap_sem); @@ -74,9 +74,9 @@ diff -Naur linux-2.6.32-hardened-r44.orig/fs/exec.c linux-2.6.32-hardened-r44/fs printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); -diff -Naur linux-2.6.32-hardened-r44.orig/security/Kconfig linux-2.6.32-hardened-r44/security/Kconfig ---- linux-2.6.32-hardened-r44.orig/security/Kconfig 2011-04-17 18:15:55.000000000 -0400 -+++ linux-2.6.32-hardened-r44/security/Kconfig 2011-04-17 18:28:11.000000000 -0400 +diff -Naur a/security/Kconfig b/security/Kconfig +--- a/security/Kconfig 2011-04-17 18:15:55.000000000 -0400 ++++ b/security/Kconfig 2011-04-17 18:28:11.000000000 -0400 @@ -29,7 +29,7 @@ config PAX diff --git a/2.6.32/4430_grsec-kconfig-default-gids.patch b/2.6.32/4430_grsec-kconfig-default-gids.patch index b173bab..2cd1c5a 100644 --- a/2.6.32/4430_grsec-kconfig-default-gids.patch +++ b/2.6.32/4430_grsec-kconfig-default-gids.patch @@ -9,10 +9,10 @@ attention to the finer points of kernel configuration, it is probably wise to specify some reasonable defaults so as to stop careless users from shooting themselves in the foot. -diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig ---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400 -+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400 -@@ -432,7 +432,7 @@ +diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig +--- a/grsecurity/Kconfig 2011-12-12 15:11:47.000000000 -0500 ++++ b/grsecurity/Kconfig 2011-12-12 15:13:17.000000000 -0500 +@@ -431,7 +431,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -21,7 +21,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -656,7 +656,7 @@ +@@ -655,7 +655,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -30,7 +30,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -834,7 +834,7 @@ +@@ -833,7 +833,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -39,7 +39,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -843,7 +843,7 @@ +@@ -842,7 +842,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -48,7 +48,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -916,7 +916,7 @@ +@@ -915,7 +915,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -57,7 +57,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -937,7 +937,7 @@ +@@ -936,7 +936,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -66,7 +66,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -955,7 +955,7 @@ +@@ -954,7 +954,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch index 0bb8941..b9e9d3a 100644 --- a/2.6.32/4435_grsec-kconfig-gentoo.patch +++ b/2.6.32/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -191,6 +191,258 @@ +@@ -190,6 +190,258 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -301,7 +301,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -487,8 +488,9 @@ +@@ -515,8 +516,9 @@ config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch index 368d10c..a8ad5ac 100644 --- a/2.6.32/4437-grsec-kconfig-proc-user.patch +++ b/2.6.32/4437-grsec-kconfig-proc-user.patch @@ -3,10 +3,10 @@ From: Anthony G. Basile <blueness@gentoo.org> Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP in a different way to avoid bug #366019. This patch should eventually go upstream. -diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-hardened-r54/grsecurity/Kconfig +diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -665,7 +665,7 @@ +@@ -664,7 +664,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-harde help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -673,7 +673,7 @@ +@@ -672,7 +672,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index 003d903..fa1d60d 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -25,10 +25,10 @@ provided by grSecurity patch to be applied before. Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> --- -diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig ---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 -+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1264,6 +1264,27 @@ +diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig +--- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 ++++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 +@@ -1263,6 +1263,27 @@ menu "Logging Options" depends on GRKERNSEC @@ -56,9 +56,9 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden config GRKERNSEC_FLOODTIME int "Seconds in between log messages (minimum)" default 10 -diff -Naur linux-2.6.32-hardened-r44.orig/security/selinux/avc.c linux-2.6.32-hardened-r44/security/selinux/avc.c ---- linux-2.6.32-hardened-r44.orig/security/selinux/avc.c 2009-12-02 22:51:21.000000000 -0500 -+++ linux-2.6.32-hardened-r44/security/selinux/avc.c 2011-04-17 18:51:15.000000000 -0400 +diff -Naur a/security/selinux/avc.c b/security/selinux/avc.c +--- a/security/selinux/avc.c 2009-12-02 22:51:21.000000000 -0500 ++++ b/security/selinux/avc.c 2011-04-17 18:51:15.000000000 -0400 @@ -203,6 +203,11 @@ char *scontext; u32 scontext_len; diff --git a/3.1.5/0000_README b/3.1.5/0000_README index 24e612d..613b71d 100644 --- a/3.1.5/0000_README +++ b/3.1.5/0000_README @@ -3,10 +3,6 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1003_linux-3.1.4.patch -From: http://www.kernel.org -Desc: Linux 3.1.4 - Patch: 4420_grsecurity-2.2.2-3.1.5-201112101853.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.1.5/1003_linux-3.1.4.patch b/3.1.5/1003_linux-3.1.4.patch deleted file mode 100644 index f995031..0000000 --- a/3.1.5/1003_linux-3.1.4.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/Makefile b/Makefile -index d614254..7f8a93b 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 1 --SUBLEVEL = 3 -+SUBLEVEL = 4 - EXTRAVERSION = - NAME = "Divemaster Edition" - -diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c -index afef3df..29bec34 100644 ---- a/drivers/usb/host/ehci-sched.c -+++ b/drivers/usb/host/ehci-sched.c -@@ -1480,15 +1480,10 @@ iso_stream_schedule ( - - /* NOTE: assumes URB_ISO_ASAP, to limit complexity/bugs */ - -- /* find a uframe slot with enough bandwidth. -- * Early uframes are more precious because full-speed -- * iso IN transfers can't use late uframes, -- * and therefore they should be allocated last. -- */ -- next = start; -- start += period; -- do { -- start--; -+ /* find a uframe slot with enough bandwidth */ -+ next = start + period; -+ for (; start < next; start++) { -+ - /* check schedule: enough space? */ - if (stream->highspeed) { - if (itd_slot_ok(ehci, mod, start, -@@ -1501,7 +1496,7 @@ iso_stream_schedule ( - start, sched, period)) - break; - } -- } while (start > next); -+ } - - /* no room in the schedule */ - if (start == next) { diff --git a/3.1.5/4425_grsec-pax-without-grsec.patch b/3.1.5/4425_grsec-pax-without-grsec.patch index 8304192..97e8837 100644 --- a/3.1.5/4425_grsec-pax-without-grsec.patch +++ b/3.1.5/4425_grsec-pax-without-grsec.patch @@ -61,7 +61,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -2079,10 +2083,12 @@ +@@ -2078,10 +2082,12 @@ NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) { diff --git a/3.1.5/4430_grsec-kconfig-default-gids.patch b/3.1.5/4430_grsec-kconfig-default-gids.patch index 6a448bf..453cb8d 100644 --- a/3.1.5/4430_grsec-kconfig-default-gids.patch +++ b/3.1.5/4430_grsec-kconfig-default-gids.patch @@ -9,10 +9,10 @@ attention to the finer points of kernel configuration, it is probably wise to specify some reasonable defaults so as to stop careless users from shooting themselves in the foot. -diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig ---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400 -+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400 -@@ -433,7 +433,7 @@ +diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig +--- a/grsecurity/Kconfig 2011-12-12 16:54:30.000000000 -0500 ++++ b/grsecurity/Kconfig 2011-12-12 16:55:09.000000000 -0500 +@@ -432,7 +432,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -21,7 +21,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -657,7 +657,7 @@ +@@ -656,7 +656,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -30,7 +30,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -835,7 +835,7 @@ +@@ -834,7 +834,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -39,7 +39,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -844,7 +844,7 @@ +@@ -843,7 +843,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -48,7 +48,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -917,7 +917,7 @@ +@@ -916,7 +916,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -57,7 +57,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -938,7 +938,7 @@ +@@ -937,7 +937,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -66,7 +66,7 @@ diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-harden help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -956,7 +956,7 @@ +@@ -955,7 +955,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.1.5/4435_grsec-kconfig-gentoo.patch b/3.1.5/4435_grsec-kconfig-gentoo.patch index 1bc9742..d9083f4 100644 --- a/3.1.5/4435_grsec-kconfig-gentoo.patch +++ b/3.1.5/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -191,6 +191,258 @@ +@@ -190,6 +190,258 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -301,7 +301,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -487,8 +488,9 @@ +@@ -515,8 +516,9 @@ config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" diff --git a/3.1.5/4437-grsec-kconfig-proc-user.patch b/3.1.5/4437-grsec-kconfig-proc-user.patch index c588683..fb20d59 100644 --- a/3.1.5/4437-grsec-kconfig-proc-user.patch +++ b/3.1.5/4437-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -666,7 +666,7 @@ +@@ -665,7 +665,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -674,7 +674,7 @@ +@@ -673,7 +673,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch index 0fd5d2d..56c8ef1 100644 --- a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig --- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1265,6 +1265,27 @@ +@@ -1264,6 +1264,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.1.5/4445_disable-compat_vdso.patch b/3.1.5/4445_disable-compat_vdso.patch index 3b76b6c..737dcca 100644 --- a/3.1.5/4445_disable-compat_vdso.patch +++ b/3.1.5/4445_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1638,17 +1638,8 @@ +@@ -1639,17 +1639,8 @@ config COMPAT_VDSO def_bool n |