diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-02-01 12:18:55 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-02-01 12:18:55 -0500 |
commit | c2144d560a97fdad96c84200e9b45a564409b42e (patch) | |
tree | 34b9e1dfd06e8486b5c712b92c55bbf5f1389f3f | |
parent | Grsec/PaX: 3.0-{3.2.54,3.13.0}-201401281850 (diff) | |
download | hardened-patchset-c2144d560a97fdad96c84200e9b45a564409b42e.tar.gz hardened-patchset-c2144d560a97fdad96c84200e9b45a564409b42e.tar.bz2 hardened-patchset-c2144d560a97fdad96c84200e9b45a564409b42e.zip |
Grsec/PaX: 3.0-3.13.1-20140130165720140130
-rw-r--r-- | 3.13.1/0000_README (renamed from 3.13.0/0000_README) | 2 | ||||
-rw-r--r-- | 3.13.1/4420_grsecurity-3.0-3.13.1-201401301657.patch (renamed from 3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch) | 75 | ||||
-rw-r--r-- | 3.13.1/4425_grsec_remove_EI_PAX.patch (renamed from 3.13.0/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.13.0/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4430_grsec-remove-localversion-grsec.patch (renamed from 3.13.0/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4435_grsec-mute-warnings.patch (renamed from 3.13.0/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4440_grsec-remove-protected-paths.patch (renamed from 3.13.0/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4450_grsec-kconfig-default-gids.patch (renamed from 3.13.0/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.13.0/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4470_disable-compat_vdso.patch (renamed from 3.13.0/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.13.1/4475_emutramp_default_on.patch (renamed from 3.13.0/4475_emutramp_default_on.patch) | 0 |
11 files changed, 46 insertions, 31 deletions
diff --git a/3.13.0/0000_README b/3.13.1/0000_README index d5c2b2c..a830d5a 100644 --- a/3.13.0/0000_README +++ b/3.13.1/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.13.0-201401281848.patch +Patch: 4420_grsecurity-3.0-3.13.1-201401301657.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch b/3.13.1/4420_grsecurity-3.0-3.13.1-201401301657.patch index 93699a6..08da283 100644 --- a/3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch +++ b/3.13.1/4420_grsecurity-3.0-3.13.1-201401301657.patch @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index b8b7f74..1f3d7c8 100644 +index de4cda9..d1183df 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -19178,7 +19178,7 @@ index 3c03a5d..1071638 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 190413d..bf69468 100644 +index 190413d..8a80c2a 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -19457,7 +19457,7 @@ index 190413d..bf69468 100644 +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) { - return __copy_from_user_nocheck(dst, (__force const void *)src, size); -+ return __copy_from_user_nocheck(dst, ____m(src), size); ++ return __copy_from_user_nocheck(dst, src, size); } -static __must_check __always_inline int @@ -19466,7 +19466,7 @@ index 190413d..bf69468 100644 +__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) { - return __copy_to_user_nocheck((__force void *)dst, src, size); -+ return __copy_to_user_nocheck(____m(dst), src, size); ++ return __copy_to_user_nocheck(dst, src, size); } -extern long __copy_user_nocache(void *dst, const void __user *src, @@ -43411,7 +43411,7 @@ index 06eeb99..770613e 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index cbb1571..47952f5 100644 +index 03f82ab..374bb38 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error) @@ -78741,7 +78741,7 @@ index 9fe426b..8148be6 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index 3552717..658aae0 100644 +index 9fac6dd..158ca43 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp); @@ -78775,7 +78775,7 @@ index 3552717..658aae0 100644 struct mmu_gather; struct inode; -@@ -1061,8 +1067,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -1064,8 +1070,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -78786,7 +78786,7 @@ index 3552717..658aae0 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1101,9 +1107,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1104,9 +1110,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -78799,7 +78799,7 @@ index 3552717..658aae0 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1135,34 +1141,6 @@ int set_page_dirty(struct page *page); +@@ -1138,34 +1144,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -78834,7 +78834,7 @@ index 3552717..658aae0 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1262,6 +1240,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1265,6 +1243,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -78850,7 +78850,7 @@ index 3552717..658aae0 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1280,8 +1267,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1283,8 +1270,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -78866,7 +78866,7 @@ index 3552717..658aae0 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1290,8 +1284,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1293,8 +1287,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -78882,7 +78882,7 @@ index 3552717..658aae0 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1309,11 +1310,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1312,11 +1313,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -78906,7 +78906,7 @@ index 3552717..658aae0 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1691,7 +1704,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1694,7 +1707,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -78915,7 +78915,7 @@ index 3552717..658aae0 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1699,6 +1712,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1702,6 +1715,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -78923,7 +78923,7 @@ index 3552717..658aae0 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1727,10 +1741,11 @@ struct vm_unmapped_area_info { +@@ -1730,10 +1744,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -78937,7 +78937,7 @@ index 3552717..658aae0 100644 /* * Search for an unmapped address range. -@@ -1742,7 +1757,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1745,7 +1760,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -78946,7 +78946,7 @@ index 3552717..658aae0 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1805,6 +1820,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1808,6 +1823,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -78957,7 +78957,7 @@ index 3552717..658aae0 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1833,15 +1852,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1836,15 +1855,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -78973,7 +78973,7 @@ index 3552717..658aae0 100644 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1893,6 +1903,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1896,6 +1906,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -78985,7 +78985,7 @@ index 3552717..658aae0 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1974,7 +1989,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1977,7 +1992,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -78994,7 +78994,7 @@ index 3552717..658aae0 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -2011,5 +2026,11 @@ void __init setup_nr_node_ids(void); +@@ -2014,5 +2029,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -95456,7 +95456,7 @@ index 4a5df7b..9ad1f1d 100644 switch (ss->ss_family) { diff --git a/net/compat.c b/net/compat.c -index dd32e34..0529c9c 100644 +index dd32e34..94fa415 100644 --- a/net/compat.c +++ b/net/compat.c @@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) @@ -95586,16 +95586,31 @@ index dd32e34..0529c9c 100644 struct group_filter __user *kgf; int __user *koptlen; u32 interface, fmode, numsrc; -@@ -783,7 +783,7 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, - if (COMPAT_USE_64BIT_TIME) - return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, -- (struct timespec *) timeout); -+ (struct timespec __force_kernel *) timeout); +@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, + if (flags & MSG_CMSG_COMPAT) + return -EINVAL; +- if (COMPAT_USE_64BIT_TIME) +- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, +- flags | MSG_CMSG_COMPAT, +- (struct timespec *) timeout); +- if (timeout == NULL) return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, -@@ -808,7 +808,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) + flags | MSG_CMSG_COMPAT, NULL); + +- if (get_compat_timespec(&ktspec, timeout)) ++ if (compat_get_timespec(&ktspec, timeout)) + return -EFAULT; + + datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, + flags | MSG_CMSG_COMPAT, &ktspec); +- if (datagrams > 0 && put_compat_timespec(&ktspec, timeout)) ++ if (datagrams > 0 && compat_put_timespec(&ktspec, timeout)) + datagrams = -EFAULT; + + return datagrams; +@@ -808,7 +803,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) if (call < SYS_SOCKET || call > SYS_SENDMMSG) return -EINVAL; diff --git a/3.13.0/4425_grsec_remove_EI_PAX.patch b/3.13.1/4425_grsec_remove_EI_PAX.patch index cf65d90..cf65d90 100644 --- a/3.13.0/4425_grsec_remove_EI_PAX.patch +++ b/3.13.1/4425_grsec_remove_EI_PAX.patch diff --git a/3.13.0/4427_force_XATTR_PAX_tmpfs.patch b/3.13.1/4427_force_XATTR_PAX_tmpfs.patch index 23e60cd..23e60cd 100644 --- a/3.13.0/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.13.1/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.13.0/4430_grsec-remove-localversion-grsec.patch b/3.13.1/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.13.0/4430_grsec-remove-localversion-grsec.patch +++ b/3.13.1/4430_grsec-remove-localversion-grsec.patch diff --git a/3.13.0/4435_grsec-mute-warnings.patch b/3.13.1/4435_grsec-mute-warnings.patch index cb51a05..cb51a05 100644 --- a/3.13.0/4435_grsec-mute-warnings.patch +++ b/3.13.1/4435_grsec-mute-warnings.patch diff --git a/3.13.0/4440_grsec-remove-protected-paths.patch b/3.13.1/4440_grsec-remove-protected-paths.patch index 05710b1..05710b1 100644 --- a/3.13.0/4440_grsec-remove-protected-paths.patch +++ b/3.13.1/4440_grsec-remove-protected-paths.patch diff --git a/3.13.0/4450_grsec-kconfig-default-gids.patch b/3.13.1/4450_grsec-kconfig-default-gids.patch index 207c450..207c450 100644 --- a/3.13.0/4450_grsec-kconfig-default-gids.patch +++ b/3.13.1/4450_grsec-kconfig-default-gids.patch diff --git a/3.13.0/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.1/4465_selinux-avc_audit-log-curr_ip.patch index ddabda7..ddabda7 100644 --- a/3.13.0/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.13.1/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.13.0/4470_disable-compat_vdso.patch b/3.13.1/4470_disable-compat_vdso.patch index a25c029..a25c029 100644 --- a/3.13.0/4470_disable-compat_vdso.patch +++ b/3.13.1/4470_disable-compat_vdso.patch diff --git a/3.13.0/4475_emutramp_default_on.patch b/3.13.1/4475_emutramp_default_on.patch index cfde6f8..cfde6f8 100644 --- a/3.13.0/4475_emutramp_default_on.patch +++ b/3.13.1/4475_emutramp_default_on.patch |