diff options
Diffstat (limited to '3.2.64')
| -rw-r--r-- | 3.2.64/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch (renamed from 3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch) | 127 |
2 files changed, 98 insertions, 31 deletions
diff --git a/3.2.64/0000_README b/3.2.64/0000_README index c5a1f90..d632471 100644 --- a/3.2.64/0000_README +++ b/3.2.64/0000_README @@ -174,7 +174,7 @@ Patch: 1063_linux-3.2.64.patch From: http://www.kernel.org Desc: Linux 3.2.64 -Patch: 4420_grsecurity-3.0-3.2.64-201411220952.patch +Patch: 4420_grsecurity-3.0-3.2.64-201411260105.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch index d9f5bed..206ef20 100644 --- a/3.2.64/4420_grsecurity-3.0-3.2.64-201411220952.patch +++ b/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch @@ -1727,6 +1727,20 @@ index e51b1e8..32a3113 100644 KM_TYPE_NR }; +diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h +index a8997d7..f0a29154 100644 +--- a/arch/arm/include/asm/memory.h ++++ b/arch/arm/include/asm/memory.h +@@ -268,7 +268,8 @@ static inline __deprecated void *bus_to_virt(unsigned long x) + #define ARCH_PFN_OFFSET PHYS_PFN_OFFSET + + #define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT) +-#define virt_addr_valid(kaddr) ((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory) ++#define virt_addr_valid(kaddr) (((unsigned long)(kaddr) >= PAGE_OFFSET && (unsigned long)(kaddr) < (unsigned long)high_memory) \ ++ && pfn_valid(__pa(kaddr) >> PAGE_SHIFT) ) + + /* + * Optional coherency support. Currently used only by selected diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h index 53426c6..c7baff3 100644 --- a/arch/arm/include/asm/outercache.h @@ -103176,10 +103190,30 @@ index 59a7041..060976d 100644 return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index e41c40f..fbed7a7 100644 +index e41c40f..f476dfd6 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c -@@ -827,9 +827,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg) +@@ -68,7 +68,8 @@ + + static struct ipv4_devconf ipv4_devconf = { + .data = { +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, +@@ -77,7 +78,8 @@ static struct ipv4_devconf ipv4_devconf = { + + static struct ipv4_devconf ipv4_devconf_dflt = { + .data = { +- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, ++ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0, ++ [IPV4_DEVCONF_RP_FILTER - 1] = 1, + [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, + [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, + [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, +@@ -827,9 +829,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg) if (!ifa) { ret = -ENOBUFS; ifa = inet_alloc_ifa(); @@ -103191,7 +103225,7 @@ index e41c40f..fbed7a7 100644 if (colon) memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ); else -@@ -1584,7 +1584,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, +@@ -1584,7 +1586,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) @@ -103200,7 +103234,7 @@ index e41c40f..fbed7a7 100644 struct ctl_table_header *sysctl_header; struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; char *dev_name; -@@ -1729,7 +1729,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -1729,7 +1731,7 @@ static __net_init int devinet_init_net(struct net *net) int err; struct ipv4_devconf *all, *dflt; #ifdef CONFIG_SYSCTL @@ -103209,7 +103243,7 @@ index e41c40f..fbed7a7 100644 struct ctl_table_header *forw_hdr; #endif -@@ -1747,7 +1747,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -1747,7 +1749,7 @@ static __net_init int devinet_init_net(struct net *net) goto err_alloc_dflt; #ifdef CONFIG_SYSCTL @@ -103218,7 +103252,7 @@ index e41c40f..fbed7a7 100644 if (tbl == NULL) goto err_alloc_ctl; -@@ -1767,7 +1767,10 @@ static __net_init int devinet_init_net(struct net *net) +@@ -1767,7 +1769,10 @@ static __net_init int devinet_init_net(struct net *net) goto err_reg_dflt; err = -ENOMEM; @@ -103230,7 +103264,7 @@ index e41c40f..fbed7a7 100644 if (forw_hdr == NULL) goto err_reg_ctl; net->ipv4.forw_hdr = forw_hdr; -@@ -1783,8 +1786,7 @@ err_reg_ctl: +@@ -1783,8 +1788,7 @@ err_reg_ctl: err_reg_dflt: __devinet_sysctl_unregister(all); err_reg_all: @@ -103240,7 +103274,7 @@ index e41c40f..fbed7a7 100644 err_alloc_ctl: #endif if (dflt != &ipv4_devconf_dflt) -@@ -1811,7 +1813,7 @@ static __net_exit void devinet_exit_net(struct net *net) +@@ -1811,7 +1815,7 @@ static __net_exit void devinet_exit_net(struct net *net) kfree(net->ipv4.devconf_all); } @@ -104614,9 +104648,27 @@ index a0b4c5d..a5818a1 100644 } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 3afdd78..cf4a70f 100644 +index 3afdd78..2f630fb 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c +@@ -169,7 +169,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { + .hop_limit = IPV6_DEFAULT_HOPLIMIT, + .mtu6 = IPV6_MIN_MTU, + .accept_ra = 1, +- .accept_redirects = 1, ++ .accept_redirects = 0, + .autoconf = 1, + .force_mld_version = 0, + .dad_transmits = 1, +@@ -204,7 +204,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { + .hop_limit = IPV6_DEFAULT_HOPLIMIT, + .mtu6 = IPV6_MIN_MTU, + .accept_ra = 1, +- .accept_redirects = 1, ++ .accept_redirects = 0, + .autoconf = 1, + .dad_transmits = 1, + .rtr_solicits = MAX_RTR_SOLICITATIONS, @@ -2160,7 +2160,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; @@ -109662,6 +109714,19 @@ index 0865b3e..7235dd4 100644 __ksymtab : { *(SORT(___ksymtab+*)) } __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } +diff --git a/scripts/package/Makefile b/scripts/package/Makefile +index bc6aa00..51086c8 100644 +--- a/scripts/package/Makefile ++++ b/scripts/package/Makefile +@@ -45,7 +45,7 @@ rpm-pkg rpm: $(objtree)/kernel.spec FORCE + $(MAKE) clean + $(PREV) ln -sf $(srctree) $(KERNELPATH) + $(CONFIG_SHELL) $(srctree)/scripts/setlocalversion --save-scmversion +- $(PREV) tar -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/. ++ $(PREV) tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(KERNELPATH).tar.gz $(KERNELPATH)/. + $(PREV) rm $(KERNELPATH) + rm -f $(objtree)/.scmversion + set -e; \ diff --git a/scripts/package/builddeb b/scripts/package/builddeb index bee55f6..4108c4b 100644 --- a/scripts/package/builddeb @@ -109675,7 +109740,7 @@ index bee55f6..4108c4b 100644 mkdir -p "$destdir" (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -) diff --git a/scripts/package/mkspec b/scripts/package/mkspec -index 4bf17dd..e4f4ac4 100755 +index 4bf17dd..6ceef68 100755 --- a/scripts/package/mkspec +++ b/scripts/package/mkspec @@ -1,7 +1,7 @@ @@ -109703,20 +109768,10 @@ index 4bf17dd..e4f4ac4 100755 if ! $PREBUILT; then echo "%prep" -@@ -74,15 +82,27 @@ echo "" +@@ -74,15 +82,17 @@ echo "" fi echo "%install" -+echo 'chmod -f 0500 /boot' -+echo 'if [ -d /lib/modules ]; then' -+echo 'chmod -f 0500 /lib/modules' -+echo 'fi' -+echo 'if [ -d /lib32/modules ]; then' -+echo 'chmod -f 0500 /lib32/modules' -+echo 'fi' -+echo 'if [ -d /lib64/modules ]; then' -+echo 'chmod -f 0500 /lib64/modules' -+echo 'fi' +echo 'KBUILD_IMAGE=$(make image_name)' echo "%ifarch ia64" echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' @@ -109734,7 +109789,7 @@ index 4bf17dd..e4f4ac4 100755 echo "%ifarch ia64" echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/efi/vmlinuz-$KERNELRELEASE" echo 'ln -s '"efi/vmlinuz-$KERNELRELEASE" '$RPM_BUILD_ROOT'"/boot/" -@@ -95,7 +115,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE" +@@ -95,7 +105,7 @@ echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/vmlinuz-$KERNELRELEASE" echo "%endif" echo "%endif" @@ -109743,7 +109798,7 @@ index 4bf17dd..e4f4ac4 100755 echo 'cp System.map $RPM_BUILD_ROOT'"/boot/System.map-$KERNELRELEASE" echo 'cp .config $RPM_BUILD_ROOT'"/boot/config-$KERNELRELEASE" -@@ -107,18 +127,43 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2" +@@ -107,18 +117,55 @@ echo 'mv vmlinux.bz2 $RPM_BUILD_ROOT'"/boot/vmlinux-$KERNELRELEASE.bz2" echo 'mv vmlinux.orig vmlinux' echo "%endif" @@ -109751,14 +109806,27 @@ index 4bf17dd..e4f4ac4 100755 +echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE" +echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\"" +echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)" -+echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE" -+echo "ln -sf /usr/src/kernels/$KERNELRELEASE build" -+echo "ln -sf /usr/src/kernels/$KERNELRELEASE source" + echo "" echo "%clean" echo 'rm -rf $RPM_BUILD_ROOT' echo "" ++echo "%pre" ++echo 'chmod -f 0500 /boot' ++echo 'if [ -d /lib/modules ]; then' ++echo 'chmod -f 0500 /lib/modules' ++echo 'fi' ++echo 'if [ -d /lib32/modules ]; then' ++echo 'chmod -f 0500 /lib32/modules' ++echo 'fi' ++echo 'if [ -d /lib64/modules ]; then' ++echo 'chmod -f 0500 /lib64/modules' ++echo 'fi' ++echo "" ++echo "%post devel" ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build" ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source" ++echo "" +echo "%post" +echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then" +echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm" @@ -109772,10 +109840,10 @@ index 4bf17dd..e4f4ac4 100755 -echo '%defattr (-, root, root)' +echo '%defattr (400, root, root, 500)' echo "%dir /lib/modules" - echo "/lib/modules/$KERNELRELEASE" --echo "/lib/firmware" +echo "%exclude /lib/modules/$KERNELRELEASE/build" +echo "%exclude /lib/modules/$KERNELRELEASE/source" + echo "/lib/modules/$KERNELRELEASE" +-echo "/lib/firmware" +echo "/lib/firmware/$KERNELRELEASE" echo "/boot/*" echo "" @@ -109785,9 +109853,8 @@ index 4bf17dd..e4f4ac4 100755 echo "" +echo "%files devel" +echo '%defattr (400, root, root, 500)' ++echo "%dir /lib/modules/$KERNELRELEASE" +echo "/usr/src/kernels/$KERNELRELEASE" -+echo "/lib/modules/$KERNELRELEASE/build" -+echo "/lib/modules/$KERNELRELEASE/source" +echo "" diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c index 5c11312..72742b5 100644 |