Grsec/PaX: 2.9-{2.6.32.59,3.2.14,3.3.1}-20120406202020120406

author: Anthony G. Basile <blueness@gentoo.org> 2012-04-09 09:34:00 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2012-04-09 09:34:00 -0400
commit: 33d9ea8ab4e59b5354557b11833732bcc6b5abbd (patch)
tree: 0c54b57ee69a262b62393c0176a6998e9b8232f0
parent: Grsec/PaX: 2.9-{2.6.32.59-201204010910,3.2.14-201204021757,3.3.1-201204021758} (diff)
download: hardened-patchset-33d9ea8ab4e59b5354557b11833732bcc6b5abbd.tar.gz
hardened-patchset-33d9ea8ab4e59b5354557b11833732bcc6b5abbd.tar.bz2
hardened-patchset-33d9ea8ab4e59b5354557b11833732bcc6b5abbd.zip
9 files changed, 20 insertions, 20 deletions
diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch
index 495638e..e578aa6 100644
--- a/2.6.32/4455_grsec-kconfig-gentoo.patch
+++ b/2.6.32/4455_grsec-kconfig-gentoo.patch
@@ -293,7 +293,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 diff -Naur a/security/Kconfig b/security/Kconfig
 --- a/security/Kconfig	2011-12-26 12:23:44.000000000 -0500
 +++ b/security/Kconfig	2011-12-26 11:14:27.000000000 -0500
-@@ -361,9 +361,10 @@
+@@ -360,9 +360,10 @@
  
  config PAX_KERNEXEC
  	bool "Enforce non-executable kernel pages"
@@ -305,7 +305,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
  	help
  	  This is the kernel land equivalent of PAGEEXEC and MPROTECT,
  	  that is, enabling this option will make it harder to inject
-@@ -374,30 +375,30 @@
+@@ -373,30 +374,30 @@
  
  choice
  	prompt "Return Address Instrumentation Method"
@@ -344,7 +344,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
  	default ""
  
  config PAX_KERNEXEC_MODULE_TEXT
-@@ -554,8 +555,9 @@
+@@ -553,8 +554,9 @@
  
  config PAX_MEMORY_UDEREF
  	bool "Prevent invalid userland pointer dereference"
diff --git a/2.6.32/4460-grsec-kconfig-proc-user.patch b/2.6.32/4460-grsec-kconfig-proc-user.patch
index b94ee69..8409e87 100644
--- a/2.6.32/4460-grsec-kconfig-proc-user.patch
+++ b/2.6.32/4460-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019.  This patch should eventually go upstre
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-06-29 07:46:02.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-06-29 07:47:20.000000000 -0400
-@@ -676,7 +676,7 @@
+@@ -679,7 +679,7 @@
  
  config GRKERNSEC_PROC_USER
  	bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  If you say Y here, non-root users will only be able to view their own
  	  processes, and restricts them from viewing network-related information,
-@@ -684,7 +684,7 @@
+@@ -687,7 +687,7 @@
  
  config GRKERNSEC_PROC_USERGROUP
  	bool "Allow special group"
diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
index 11d9263..43147a7 100644
--- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 18:47:02.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 18:51:15.000000000 -0400
-@@ -1305,6 +1305,27 @@
+@@ -1308,6 +1308,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.2.14/4455_grsec-kconfig-gentoo.patch b/3.2.14/4455_grsec-kconfig-gentoo.patch
index ef59341..2527bad 100644
--- a/3.2.14/4455_grsec-kconfig-gentoo.patch
+++ b/3.2.14/4455_grsec-kconfig-gentoo.patch
@@ -293,7 +293,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 diff -Naur a/security/Kconfig b/security/Kconfig
 --- a/security/Kconfig	2011-12-26 12:23:44.000000000 -0500
 +++ b/security/Kconfig	2011-12-26 11:14:27.000000000 -0500
-@@ -363,9 +363,10 @@
+@@ -362,9 +362,10 @@
  
  config PAX_KERNEXEC
  	bool "Enforce non-executable kernel pages"
@@ -305,7 +305,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
  	help
  	  This is the kernel land equivalent of PAGEEXEC and MPROTECT,
  	  that is, enabling this option will make it harder to inject
-@@ -376,30 +377,30 @@
+@@ -375,30 +376,30 @@
  
  choice
  	prompt "Return Address Instrumentation Method"
@@ -344,7 +344,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig
  	default ""
  
  config PAX_KERNEXEC_MODULE_TEXT
-@@ -556,8 +557,9 @@
+@@ -555,8 +556,9 @@
  
  config PAX_MEMORY_UDEREF
  	bool "Prevent invalid userland pointer dereference"
diff --git a/3.2.14/4460-grsec-kconfig-proc-user.patch b/3.2.14/4460-grsec-kconfig-proc-user.patch
index 2261051..b2b3188 100644
--- a/3.2.14/4460-grsec-kconfig-proc-user.patch
+++ b/3.2.14/4460-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019.  This patch should eventually go upstre
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-06-29 10:02:56.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-06-29 10:08:07.000000000 -0400
-@@ -677,7 +677,7 @@
+@@ -680,7 +680,7 @@
  
  config GRKERNSEC_PROC_USER
  	bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  If you say Y here, non-root users will only be able to view their own
  	  processes, and restricts them from viewing network-related information,
-@@ -685,7 +685,7 @@
+@@ -688,7 +688,7 @@
  
  config GRKERNSEC_PROC_USERGROUP
  	bool "Allow special group"
diff --git a/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch
index af8b7b8..5a9d80c 100644
--- a/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 19:32:53.000000000 -0400
-@@ -1306,6 +1306,27 @@
+@@ -1309,6 +1309,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.3.1/4445_grsec-pax-without-grsec.patch b/3.3.1/4445_grsec-pax-without-grsec.patch
index 58301c0..35255c2 100644
--- a/3.3.1/4445_grsec-pax-without-grsec.patch
+++ b/3.3.1/4445_grsec-pax-without-grsec.patch
@@ -1,7 +1,7 @@
-From: Anthony G. Basile <blueness@gentoo.org>
+ny G. Basile <blueness@gentoo.org>
 
 With grsecurity-2.2.2-2.6.32.38-201104171745, the functions pax_report_leak_to_user and
-pax_report_overflow_from_user in fs/exec.c were consolidated into pax_report_usercopy.
+pax_report_om_user in fs/exec.c were consolidated into pax_report_usercopy.
 This patch has been updated to reflect that change.
 
 With grsecurity-2.9-2.6.32.58-201203131839, NORET_TYPE has been replaced by __noreturn.
@@ -39,7 +39,7 @@ diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
 diff -Naur a/fs/exec.c b/fs/exec.c
 --- a/fs/exec.c	2011-04-17 19:05:03.000000000 -0400
 +++ b/fs/exec.c	2011-04-17 19:20:30.000000000 -0400
-@@ -2048,9 +2048,11 @@
+@@ -2052,9 +2052,11 @@
  		}
  		up_read(&mm->mmap_sem);
  	}
@@ -51,7 +51,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c
  		printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
  	printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
  			"PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
-@@ -2065,10 +2067,12 @@
+@@ -2069,10 +2071,12 @@
  #ifdef CONFIG_PAX_REFCOUNT
  void pax_report_refcount_overflow(struct pt_regs *regs)
  {
@@ -64,7 +64,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c
  		printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
  				 current->comm, task_pid_nr(current), current_uid(), current_euid());
  	print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-@@ -2127,10 +2131,12 @@
+@@ -2131,10 +2135,12 @@
  
  __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
  {
diff --git a/3.3.1/4460-grsec-kconfig-proc-user.patch b/3.3.1/4460-grsec-kconfig-proc-user.patch
index 2261051..b2b3188 100644
--- a/3.3.1/4460-grsec-kconfig-proc-user.patch
+++ b/3.3.1/4460-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019.  This patch should eventually go upstre
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-06-29 10:02:56.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-06-29 10:08:07.000000000 -0400
-@@ -677,7 +677,7 @@
+@@ -680,7 +680,7 @@
  
  config GRKERNSEC_PROC_USER
  	bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  If you say Y here, non-root users will only be able to view their own
  	  processes, and restricts them from viewing network-related information,
-@@ -685,7 +685,7 @@
+@@ -688,7 +688,7 @@
  
  config GRKERNSEC_PROC_USERGROUP
  	bool "Allow special group"
diff --git a/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch
index af8b7b8..5a9d80c 100644
--- a/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 19:32:53.000000000 -0400
-@@ -1306,6 +1306,27 @@
+@@ -1309,6 +1309,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
author	Anthony G. Basile <blueness@gentoo.org>	2012-04-09 09:34:00 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2012-04-09 09:34:00 -0400
commit	33d9ea8ab4e59b5354557b11833732bcc6b5abbd (patch)
tree	0c54b57ee69a262b62393c0176a6998e9b8232f0
parent	Grsec/PaX: 2.9-{2.6.32.59-201204010910,3.2.14-201204021757,3.3.1-201204021758} (diff)
download	hardened-patchset-33d9ea8ab4e59b5354557b11833732bcc6b5abbd.tar.gz hardened-patchset-33d9ea8ab4e59b5354557b11833732bcc6b5abbd.tar.bz2 hardened-patchset-33d9ea8ab4e59b5354557b11833732bcc6b5abbd.zip