Commit f4dbbef2 authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.35.8-201011022021

parent b21263b3
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.35.8
_kernver=2.6.35
pkgrel=0
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.2.0-2.6.35.8-201010311944.patch
grsecurity-2.2.0-2.6.35.8-201011022021.patch
0004-arp-flush-arp-cache-on-device-change.patch
r8169-fix-rx-checksum-offload.patch
r8169-add-gro-support.patch
......@@ -140,7 +140,7 @@ firmware() {
md5sums="091abeb4684ce03d1d936851618687b6 linux-2.6.35.tar.bz2
198e4e72ea9cc7f9f25bb5881167aa2e patch-2.6.35.8.bz2
3ad2911a6009758d1df3fff0bce11405 grsecurity-2.2.0-2.6.35.8-201010311944.patch
ec3743cf416ebdc47dbc088aaf33e8e8 grsecurity-2.2.0-2.6.35.8-201011022021.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
0ccecafd4123dcad0b0cd7787553d734 r8169-fix-rx-checksum-offload.patch
139b39da44ecb577275be53d7d365949 r8169-add-gro-support.patch
......
......@@ -11753,7 +11753,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/head32.c linux-2.6.35.8/arch/x86/kerne
/* Reserve INITRD */
diff -urNp linux-2.6.35.8/arch/x86/kernel/head_32.S linux-2.6.35.8/arch/x86/kernel/head_32.S
--- linux-2.6.35.8/arch/x86/kernel/head_32.S 2010-10-31 17:13:58.000000000 -0400
+++ linux-2.6.35.8/arch/x86/kernel/head_32.S 2010-10-31 17:21:20.000000000 -0400
+++ linux-2.6.35.8/arch/x86/kernel/head_32.S 2010-11-02 19:22:48.000000000 -0400
@@ -25,6 +25,12 @@
/* Physical address */
#define pa(X) ((X) - __PAGE_OFFSET)
......@@ -12045,7 +12045,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/head_32.S linux-2.6.35.8/arch/x86/kern
ENTRY(swapper_pg_dir)
.fill 1024,4,0
#endif
+
+.section .swapper_pg_fixmap,"a",@progbits
swapper_pg_fixmap:
.fill 1024,4,0
#ifdef CONFIG_X86_TRAMPOLINE
......@@ -14567,7 +14567,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmi_32.c linux-2.6.35.8/arch/x86/kerne
local_irq_save(flags);
diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S
--- linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S 2010-09-17 20:12:09.000000000 -0400
+++ linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S 2010-11-02 19:23:16.000000000 -0400
@@ -26,6 +26,13 @@
#include <asm/page_types.h>
#include <asm/cache.h>
......@@ -14653,7 +14653,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
HEAD_TEXT
#ifdef CONFIG_X86_32
. = ALIGN(PAGE_SIZE);
@@ -108,13 +130,50 @@ SECTIONS
@@ -108,13 +130,52 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
......@@ -14695,8 +14695,10 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
+ *(.idt)
+ . = ALIGN(PAGE_SIZE);
+ *(.empty_zero_page)
+ *(.swapper_pg_fixmap)
+ *(.swapper_pg_pmd)
+ *(.swapper_pg_dir)
+ *(.trampoline_pg_dir)
+ } :rodata
+#endif
+
......@@ -14708,7 +14710,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
X64_ALIGN_DEBUG_RODATA_BEGIN
RO_DATA(PAGE_SIZE)
@@ -122,16 +181,20 @@ SECTIONS
@@ -122,16 +183,20 @@ SECTIONS
/* Data */
.data : AT(ADDR(.data) - LOAD_OFFSET) {
......@@ -14732,7 +14734,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
PAGE_ALIGNED_DATA(PAGE_SIZE)
@@ -194,12 +257,6 @@ SECTIONS
@@ -194,12 +259,6 @@ SECTIONS
}
vgetcpu_mode = VVIRT(.vgetcpu_mode);
......@@ -14745,7 +14747,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
.vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
*(.vsyscall_3)
}
@@ -215,12 +272,19 @@ SECTIONS
@@ -215,12 +274,19 @@ SECTIONS
#endif /* CONFIG_X86_64 */
/* Init code and data - will be freed after init */
......@@ -14768,7 +14770,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
/*
* percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
* output PHDR, so the next output section - .init.text - should
@@ -229,12 +293,27 @@ SECTIONS
@@ -229,12 +295,27 @@ SECTIONS
PERCPU_VADDR(0, :percpu)
#endif
......@@ -14801,7 +14803,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
__x86_cpu_dev_start = .;
@@ -260,19 +339,11 @@ SECTIONS
@@ -260,19 +341,11 @@ SECTIONS
*(.altinstr_replacement)
}
......@@ -14822,7 +14824,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
PERCPU(PAGE_SIZE)
#endif
@@ -291,16 +362,10 @@ SECTIONS
@@ -291,16 +364,10 @@ SECTIONS
.smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
__smp_locks = .;
*(.smp_locks)
......@@ -14840,7 +14842,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
/* BSS */
. = ALIGN(PAGE_SIZE);
.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
@@ -316,6 +381,7 @@ SECTIONS
@@ -316,6 +383,7 @@ SECTIONS
__brk_base = .;
. += 64 * 1024; /* 64k alignment slop space */
*(.brk_reservation) /* areas brk users have reserved */
......@@ -14848,7 +14850,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
__brk_limit = .;
}
@@ -342,13 +408,12 @@ SECTIONS
@@ -342,13 +410,12 @@ SECTIONS
* for the boot processor.
*/
#define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
......@@ -54778,6 +54780,25 @@ diff -urNp linux-2.6.35.8/net/atm/resources.c linux-2.6.35.8/net/atm/resources.c
__AAL_STAT_ITEMS
#undef __HANDLE_ITEM
}
diff -urNp linux-2.6.35.8/net/ax25/af_ax25.c linux-2.6.35.8/net/ax25/af_ax25.c
--- linux-2.6.35.8/net/ax25/af_ax25.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/ax25/af_ax25.c 2010-11-02 19:44:50.000000000 -0400
@@ -1392,6 +1392,7 @@ static int ax25_getname(struct socket *s
ax25_cb *ax25;
int err = 0;
+ memset(fsa, 0, sizeof(*fsa));
lock_sock(sk);
ax25 = ax25_sk(sk);
@@ -1403,7 +1404,6 @@ static int ax25_getname(struct socket *s
fsa->fsa_ax25.sax25_family = AF_AX25;
fsa->fsa_ax25.sax25_call = ax25->dest_addr;
- fsa->fsa_ax25.sax25_ndigis = 0;
if (ax25->digipeat != NULL) {
ndigi = ax25->digipeat->ndigi;
diff -urNp linux-2.6.35.8/net/bridge/br_multicast.c linux-2.6.35.8/net/bridge/br_multicast.c
--- linux-2.6.35.8/net/bridge/br_multicast.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/bridge/br_multicast.c 2010-10-11 22:41:44.000000000 -0400
......@@ -55753,9 +55774,28 @@ diff -urNp linux-2.6.35.8/net/netlink/af_netlink.c linux-2.6.35.8/net/netlink/af
atomic_read(&s->sk_refcnt),
atomic_read(&s->sk_drops),
sock_i_ino(s)
diff -urNp linux-2.6.35.8/net/netrom/af_netrom.c linux-2.6.35.8/net/netrom/af_netrom.c
--- linux-2.6.35.8/net/netrom/af_netrom.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/netrom/af_netrom.c 2010-11-02 19:46:20.000000000 -0400
@@ -840,6 +840,7 @@ static int nr_getname(struct socket *soc
struct sock *sk = sock->sk;
struct nr_sock *nr = nr_sk(sk);
+ memset(sax, 0, sizeof(*sax));
lock_sock(sk);
if (peer != 0) {
if (sk->sk_state != TCP_ESTABLISHED) {
@@ -854,7 +855,6 @@ static int nr_getname(struct socket *soc
*uaddr_len = sizeof(struct full_sockaddr_ax25);
} else {
sax->fsa_ax25.sax25_family = AF_NETROM;
- sax->fsa_ax25.sax25_ndigis = 0;
sax->fsa_ax25.sax25_call = nr->source_addr;
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_packet.c
--- linux-2.6.35.8/net/packet/af_packet.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/packet/af_packet.c 2010-10-11 22:41:44.000000000 -0400
+++ linux-2.6.35.8/net/packet/af_packet.c 2010-11-02 19:42:44.000000000 -0400
@@ -1595,8 +1595,9 @@ static int packet_recvmsg(struct kiocb *
err = -EINVAL;
......@@ -55767,7 +55807,24 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
if (skb_is_gso(skb)) {
struct skb_shared_info *sinfo = skb_shinfo(skb);
@@ -2093,7 +2094,7 @@ static int packet_getsockopt(struct sock
@@ -1704,7 +1705,7 @@ static int packet_getname_spkt(struct so
rcu_read_lock();
dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
if (dev)
- strlcpy(uaddr->sa_data, dev->name, 15);
+ strncpy(uaddr->sa_data, dev->name, 14);
else
memset(uaddr->sa_data, 0, 14);
rcu_read_unlock();
@@ -1727,6 +1728,7 @@ static int packet_getname(struct socket
sll->sll_family = AF_PACKET;
sll->sll_ifindex = po->ifindex;
sll->sll_protocol = po->num;
+ sll->sll_pkttype = 0;
rcu_read_lock();
dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex);
if (dev) {
@@ -2093,7 +2095,7 @@ static int packet_getsockopt(struct sock
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
......@@ -55776,7 +55833,7 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
return -EFAULT;
switch (val) {
case TPACKET_V1:
@@ -2125,7 +2126,7 @@ static int packet_getsockopt(struct sock
@@ -2125,7 +2127,7 @@ static int packet_getsockopt(struct sock
if (put_user(len, optlen))
return -EFAULT;
......@@ -55785,7 +55842,7 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
return -EFAULT;
return 0;
}
@@ -2604,7 +2605,11 @@ static int packet_seq_show(struct seq_fi
@@ -2604,7 +2606,11 @@ static int packet_seq_show(struct seq_fi
seq_printf(seq,
"%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
......@@ -56080,8 +56137,16 @@ diff -urNp linux-2.6.35.8/net/sysctl_net.c linux-2.6.35.8/net/sysctl_net.c
}
diff -urNp linux-2.6.35.8/net/tipc/socket.c linux-2.6.35.8/net/tipc/socket.c
--- linux-2.6.35.8/net/tipc/socket.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/tipc/socket.c 2010-09-17 20:12:09.000000000 -0400
@@ -1451,8 +1451,9 @@ static int connect(struct socket *sock,
+++ linux-2.6.35.8/net/tipc/socket.c 2010-11-02 19:49:48.000000000 -0400
@@ -395,6 +395,7 @@ static int get_name(struct socket *sock,
struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr;
struct tipc_sock *tsock = tipc_sk(sock->sk);
+ memset(addr, 0, sizeof(*addr));
if (peer) {
if ((sock->state != SS_CONNECTED) &&
((peer != 2) || (sock->state != SS_DISCONNECTING)))
@@ -1451,8 +1452,9 @@ static int connect(struct socket *sock,
} else {
if (res == 0)
res = -ETIMEDOUT;
......@@ -56213,6 +56278,26 @@ diff -urNp linux-2.6.35.8/net/wireless/wext-core.c linux-2.6.35.8/net/wireless/w
err = handler(dev, info, (union iwreq_data *) iwp, extra);
iwp->length += essid_compat;
diff -urNp linux-2.6.35.8/net/x25/x25_facilities.c linux-2.6.35.8/net/x25/x25_facilities.c
--- linux-2.6.35.8/net/x25/x25_facilities.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/x25/x25_facilities.c 2010-11-02 19:50:35.000000000 -0400
@@ -134,14 +134,14 @@ int x25_parse_facilities(struct sk_buff
case X25_FAC_CLASS_D:
switch (*p) {
case X25_FAC_CALLING_AE:
- if (p[1] > X25_MAX_DTE_FACIL_LEN)
+ if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] == 0)
break;
dte_facs->calling_len = p[2];
memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
*vc_fac_mask |= X25_MASK_CALLING_AE;
break;
case X25_FAC_CALLED_AE:
- if (p[1] > X25_MAX_DTE_FACIL_LEN)
+ if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] == 0)
break;
dte_facs->called_len = p[2];
memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
diff -urNp linux-2.6.35.8/net/xfrm/xfrm_policy.c linux-2.6.35.8/net/xfrm/xfrm_policy.c
--- linux-2.6.35.8/net/xfrm/xfrm_policy.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.8/net/xfrm/xfrm_policy.c 2010-09-17 20:12:09.000000000 -0400
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment