diff options
-rw-r--r-- | 2.6.32/4455_grsec-kconfig-gentoo.patch | 6 | ||||
-rw-r--r-- | 2.6.32/4460-grsec-kconfig-proc-user.patch | 4 | ||||
-rw-r--r-- | 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
-rw-r--r-- | 3.2.14/4455_grsec-kconfig-gentoo.patch | 6 | ||||
-rw-r--r-- | 3.2.14/4460-grsec-kconfig-proc-user.patch | 4 | ||||
-rw-r--r-- | 3.2.14/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
-rw-r--r-- | 3.3.1/4445_grsec-pax-without-grsec.patch | 10 | ||||
-rw-r--r-- | 3.3.1/4460-grsec-kconfig-proc-user.patch | 4 | ||||
-rw-r--r-- | 3.3.1/4465_selinux-avc_audit-log-curr_ip.patch | 2 |
9 files changed, 20 insertions, 20 deletions
diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch index 495638e..e578aa6 100644 --- a/2.6.32/4455_grsec-kconfig-gentoo.patch +++ b/2.6.32/4455_grsec-kconfig-gentoo.patch @@ -293,7 +293,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig diff -Naur a/security/Kconfig b/security/Kconfig --- a/security/Kconfig 2011-12-26 12:23:44.000000000 -0500 +++ b/security/Kconfig 2011-12-26 11:14:27.000000000 -0500 -@@ -361,9 +361,10 @@ +@@ -360,9 +360,10 @@ config PAX_KERNEXEC bool "Enforce non-executable kernel pages" @@ -305,7 +305,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -374,30 +375,30 @@ +@@ -373,30 +374,30 @@ choice prompt "Return Address Instrumentation Method" @@ -344,7 +344,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig default "" config PAX_KERNEXEC_MODULE_TEXT -@@ -554,8 +555,9 @@ +@@ -553,8 +554,9 @@ config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" diff --git a/2.6.32/4460-grsec-kconfig-proc-user.patch b/2.6.32/4460-grsec-kconfig-proc-user.patch index b94ee69..8409e87 100644 --- a/2.6.32/4460-grsec-kconfig-proc-user.patch +++ b/2.6.32/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -676,7 +676,7 @@ +@@ -679,7 +679,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -684,7 +684,7 @@ +@@ -687,7 +687,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch index 11d9263..43147a7 100644 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1305,6 +1305,27 @@ +@@ -1308,6 +1308,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.2.14/4455_grsec-kconfig-gentoo.patch b/3.2.14/4455_grsec-kconfig-gentoo.patch index ef59341..2527bad 100644 --- a/3.2.14/4455_grsec-kconfig-gentoo.patch +++ b/3.2.14/4455_grsec-kconfig-gentoo.patch @@ -293,7 +293,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig diff -Naur a/security/Kconfig b/security/Kconfig --- a/security/Kconfig 2011-12-26 12:23:44.000000000 -0500 +++ b/security/Kconfig 2011-12-26 11:14:27.000000000 -0500 -@@ -363,9 +363,10 @@ +@@ -362,9 +362,10 @@ config PAX_KERNEXEC bool "Enforce non-executable kernel pages" @@ -305,7 +305,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -376,30 +377,30 @@ +@@ -375,30 +376,30 @@ choice prompt "Return Address Instrumentation Method" @@ -344,7 +344,7 @@ diff -Naur a/security/Kconfig b/security/Kconfig default "" config PAX_KERNEXEC_MODULE_TEXT -@@ -556,8 +557,9 @@ +@@ -555,8 +556,9 @@ config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" diff --git a/3.2.14/4460-grsec-kconfig-proc-user.patch b/3.2.14/4460-grsec-kconfig-proc-user.patch index 2261051..b2b3188 100644 --- a/3.2.14/4460-grsec-kconfig-proc-user.patch +++ b/3.2.14/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -677,7 +677,7 @@ +@@ -680,7 +680,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -685,7 +685,7 @@ +@@ -688,7 +688,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch index af8b7b8..5a9d80c 100644 --- a/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.14/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1306,6 +1306,27 @@ +@@ -1309,6 +1309,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.3.1/4445_grsec-pax-without-grsec.patch b/3.3.1/4445_grsec-pax-without-grsec.patch index 58301c0..35255c2 100644 --- a/3.3.1/4445_grsec-pax-without-grsec.patch +++ b/3.3.1/4445_grsec-pax-without-grsec.patch @@ -1,7 +1,7 @@ -From: Anthony G. Basile <blueness@gentoo.org> +ny G. Basile <blueness@gentoo.org> With grsecurity-2.2.2-2.6.32.38-201104171745, the functions pax_report_leak_to_user and -pax_report_overflow_from_user in fs/exec.c were consolidated into pax_report_usercopy. +pax_report_om_user in fs/exec.c were consolidated into pax_report_usercopy. This patch has been updated to reflect that change. With grsecurity-2.9-2.6.32.58-201203131839, NORET_TYPE has been replaced by __noreturn. @@ -39,7 +39,7 @@ diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c diff -Naur a/fs/exec.c b/fs/exec.c --- a/fs/exec.c 2011-04-17 19:05:03.000000000 -0400 +++ b/fs/exec.c 2011-04-17 19:20:30.000000000 -0400 -@@ -2048,9 +2048,11 @@ +@@ -2052,9 +2052,11 @@ } up_read(&mm->mmap_sem); } @@ -51,7 +51,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -2065,10 +2067,12 @@ +@@ -2069,10 +2071,12 @@ #ifdef CONFIG_PAX_REFCOUNT void pax_report_refcount_overflow(struct pt_regs *regs) { @@ -64,7 +64,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -2127,10 +2131,12 @@ +@@ -2131,10 +2135,12 @@ __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) { diff --git a/3.3.1/4460-grsec-kconfig-proc-user.patch b/3.3.1/4460-grsec-kconfig-proc-user.patch index 2261051..b2b3188 100644 --- a/3.3.1/4460-grsec-kconfig-proc-user.patch +++ b/3.3.1/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -677,7 +677,7 @@ +@@ -680,7 +680,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -685,7 +685,7 @@ +@@ -688,7 +688,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch index af8b7b8..5a9d80c 100644 --- a/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.3.1/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1306,6 +1306,27 @@ +@@ -1309,6 +1309,27 @@ menu "Logging Options" depends on GRKERNSEC |