diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-08-01 19:41:42 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-08-01 19:41:42 -0400 |
commit | 514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1 (patch) | |
tree | 22ac72ecd01526e38247cef82b4d3665d4e2a5f2 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201207311908 (diff) | |
download | hardened-patchset-514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.tar.gz hardened-patchset-514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.tar.bz2 hardened-patchset-514be5c53d9181c227ebe4371a4ac0f1bdfcbcf1.zip |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201208011848
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch) | 27 | ||||
-rw-r--r-- | 3.2.24/0000_README | 2 | ||||
-rw-r--r-- | 3.2.24/4420_grsecurity-2.9.1-3.2.24-201208011849.patch (renamed from 3.2.24/4420_grsecurity-2.9.1-3.2.24-201207311909.patch) | 27 | ||||
-rw-r--r-- | 3.4.6/0000_README | 2 | ||||
-rw-r--r-- | 3.4.6/4420_grsecurity-2.9.1-3.4.7-201208011850.patch (renamed from 3.4.6/4420_grsecurity-2.9.1-3.4.7-201207311909.patch) | 27 |
6 files changed, 84 insertions, 3 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 3010d85..ae80b1d 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch index a17194d..4d11792 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208011848.patch @@ -105356,6 +105356,33 @@ index 30b3189..e2e4b55 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 8df3477..797ae6d 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1298,6 +1298,10 @@ err_proto: + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) + #define DYING_NULLS_VAL ((1<<30)+1) + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int nf_conntrack_init_net(struct net *net) + { + int ret; +@@ -1311,7 +1315,11 @@ static int nf_conntrack_init_net(struct net *net) + goto err_stat; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id)); ++#else + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); ++#endif + if (!net->ct.slabname) { + ret = -ENOMEM; + goto err_slabname; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index d521718..d0fd7a1 100644 --- a/net/netfilter/nf_conntrack_netlink.c diff --git a/3.2.24/0000_README b/3.2.24/0000_README index e45dbd8..5b9308c 100644 --- a/3.2.24/0000_README +++ b/3.2.24/0000_README @@ -14,7 +14,7 @@ Patch: 1023_linux-3.2.24.patch From: http://www.kernel.org Desc: Linux 3.2.24 -Patch: 4420_grsecurity-2.9.1-3.2.24-201207311909.patch +Patch: 4420_grsecurity-2.9.1-3.2.24-201208011849.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.24/4420_grsecurity-2.9.1-3.2.24-201207311909.patch b/3.2.24/4420_grsecurity-2.9.1-3.2.24-201208011849.patch index 4c10305..c4edc06 100644 --- a/3.2.24/4420_grsecurity-2.9.1-3.2.24-201207311909.patch +++ b/3.2.24/4420_grsecurity-2.9.1-3.2.24-201208011849.patch @@ -78633,6 +78633,33 @@ index aa2d720..d8aa111 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 1d15193..1062656 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1485,6 +1485,10 @@ err_proto: + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) + #define DYING_NULLS_VAL ((1<<30)+1) + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int nf_conntrack_init_net(struct net *net) + { + int ret; +@@ -1498,7 +1502,11 @@ static int nf_conntrack_init_net(struct net *net) + goto err_stat; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id)); ++#else + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); ++#endif + if (!net->ct.slabname) { + ret = -ENOMEM; + goto err_slabname; diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 66b2c54..c7884e3 100644 --- a/net/netfilter/nfnetlink_log.c diff --git a/3.4.6/0000_README b/3.4.6/0000_README index 14b45fc..2236f0c 100644 --- a/3.4.6/0000_README +++ b/3.4.6/0000_README @@ -6,7 +6,7 @@ Patch: 1005_linux-3.4.6.patch From: http://www.kernel.org Desc: Linux 3.4.6 -Patch: 4420_grsecurity-2.9.1-3.4.7-201207311909.patch +Patch: 4420_grsecurity-2.9.1-3.4.7-201208011850.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.4.6/4420_grsecurity-2.9.1-3.4.7-201207311909.patch b/3.4.6/4420_grsecurity-2.9.1-3.4.7-201208011850.patch index 9da1ccd..23880cf 100644 --- a/3.4.6/4420_grsecurity-2.9.1-3.4.7-201207311909.patch +++ b/3.4.6/4420_grsecurity-2.9.1-3.4.7-201208011850.patch @@ -76824,6 +76824,33 @@ index 7fd66de..e6fb361 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 729f157..08edc6c 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1538,6 +1538,10 @@ err_proto: + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) + #define DYING_NULLS_VAL ((1<<30)+1) + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int nf_conntrack_init_net(struct net *net) + { + int ret; +@@ -1551,7 +1555,11 @@ static int nf_conntrack_init_net(struct net *net) + goto err_stat; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return(&conntrack_cache_id)); ++#else + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); ++#endif + if (!net->ct.slabname) { + ret = -ENOMEM; + goto err_slabname; diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 66b2c54..c7884e3 100644 --- a/net/netfilter/nfnetlink_log.c |