Commit 7fa2377e authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to 2.2.2-3.0.4-201109261052

parent 356b15c1
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.0.4
_kernver=3.0
pkgrel=6
pkgrel=7
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
grsecurity-2.2.2-3.0.4-201109190917.patch
grsecurity-2.2.2-3.0.4-201109261052.patch
0004-arp-flush-arp-cache-on-device-change.patch
......@@ -138,7 +138,7 @@ dev() {
md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2
62ca5f3caed233617127b2b3b7a87d15 patch-3.0.4.bz2
475c1129df5aca0d82587640b878109d grsecurity-2.2.2-3.0.4-201109190917.patch
a7729608516e45657d47a0a458117ca1 grsecurity-2.2.2-3.0.4-201109261052.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
9a2c88b20d296158cdcd01f843898415 kernelconfig.x86
6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64"
......@@ -50694,8 +50694,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_ch
+}
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
@@ -0,0 +1,447 @@
+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-09-24 08:13:01.000000000 -0400
@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
......@@ -50863,18 +50863,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return 0;
+}
+
+int
+gr_is_capable(const int cap)
+{
+ return 1;
+}
+
+int
+gr_is_capable_nolog(const int cap)
+{
+ return 1;
+}
+
+void
+gr_handle_alertkill(struct task_struct *task)
+{
......@@ -51135,8 +51123,6 @@ diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_
+ return dentry->d_inode->i_sb->s_dev;
+}
+
+EXPORT_SYMBOL(gr_is_capable);
+EXPORT_SYMBOL(gr_is_capable_nolog);
+EXPORT_SYMBOL(gr_learn_resource);
+EXPORT_SYMBOL(gr_set_kernel_label);
+#ifdef CONFIG_SECURITY
......@@ -51669,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link
+}
diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
--- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400
@@ -0,0 +1,313 @@
+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-26 10:46:21.000000000 -0400
@@ -0,0 +1,315 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
......@@ -51723,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
+#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
+ unsigned long curr_secs = get_seconds();
+
+ if (audit == GR_DO_AUDIT)
......@@ -51731,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
+ if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
+ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet = 0;
+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
+ grsec_alert_fyet++;
+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
+ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet++;
+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
+ return FLOODING;
+ }
+ } else return FLOODING;
+ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
+ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
+ grsec_alert_fyet++;
+ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
+ grsec_alert_wtime = curr_secs;
+ grsec_alert_fyet++;
+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
+ return FLOODING;
+ }
+ else return FLOODING;
+
+set_fmt:
+#endif
+ memset(buf, 0, PAGE_SIZE);
+ if (current->signal->curr_ip && gr_acl_is_enabled()) {
+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
......@@ -55798,7 +55786,7 @@ diff -urNp linux-3.0.4/include/linux/grdefs.h linux-3.0.4/include/linux/grdefs.h
+#endif
diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grinternal.h
--- linux-3.0.4/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/include/linux/grinternal.h 2011-08-23 21:48:14.000000000 -0400
+++ linux-3.0.4/include/linux/grinternal.h 2011-09-24 08:43:45.000000000 -0400
@@ -0,0 +1,219 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
......@@ -55924,7 +55912,7 @@ diff -urNp linux-3.0.4/include/linux/grinternal.h linux-3.0.4/include/linux/grin
+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
+ CAP_TO_MASK(CAP_IPC_OWNER) , CAP_TO_MASK(CAP_SYSLOG) }}
+
+#define security_learn(normal_msg,args...) \
+({ \
......@@ -67520,7 +67508,16 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
--- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/mm/slub.c 2011-08-23 21:48:14.000000000 -0400
+++ linux-3.0.4/mm/slub.c 2011-09-25 22:15:40.000000000 -0400
@@ -200,7 +200,7 @@ struct track {
enum track_item { TRACK_ALLOC, TRACK_FREE };
-#ifdef CONFIG_SYSFS
+#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
static int sysfs_slab_add(struct kmem_cache *);
static int sysfs_slab_alias(struct kmem_cache *, const char *);
static void sysfs_slab_remove(struct kmem_cache *);
@@ -442,7 +442,7 @@ static void print_track(const char *s, s
if (!t->addr)
return;
......@@ -67671,6 +67668,30 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
goto err;
}
up_write(&slub_lock);
@@ -3545,7 +3586,7 @@ void *__kmalloc_node_track_caller(size_t
}
#endif
-#ifdef CONFIG_SYSFS
+#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
static int count_inuse(struct page *page)
{
return page->inuse;
@@ -3935,12 +3976,12 @@ static void resiliency_test(void)
validate_slab_cache(kmalloc_caches[9]);
}
#else
-#ifdef CONFIG_SYSFS
+#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
static void resiliency_test(void) {};
#endif
#endif
-#ifdef CONFIG_SYSFS
+#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
enum slab_stat_type {
SL_ALL, /* All slabs */
SL_PARTIAL, /* Only partially allocated slabs */
@@ -4150,7 +4191,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
......@@ -67680,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
}
SLAB_ATTR_RO(aliases);
@@ -4894,7 +4935,13 @@ static const struct file_operations proc
@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme
return name;
}
+#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
+#endif
/*
* Need to buffer aliases during bootup until sysfs becomes
@@ -4737,6 +4780,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
+#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_
alias_list = al;
return 0;
}
+#endif
static int __init slab_sysfs_init(void)
{
@@ -4894,7 +4939,13 @@ static const struct file_operations proc
static int __init slab_proc_init(void)
{
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment