commit: b53b5ea6a935c2b949f6b778b0bac0640a1111ec
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun May 3 14:58:39 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun May 3 14:58:39 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=b53b5ea6
Grsec/PaX: 3.1-{3.2.68,3.14.40,3.19.6}-201505021013
3.14.40/0000_README | 2 +-
...4420_grsecurity-3.1-3.14.40-201505021012.patch} | 24 ++++++++-----
3.19.6/0000_README | 2 +-
... 4420_grsecurity-3.1-3.19.6-201505021013.patch} | 39 +++++++++-------------
3.2.68/0000_README | 2 +-
... 4420_grsecurity-3.1-3.2.68-201505021011.patch} | 18 +++++++---
6 files changed, 47 insertions(+), 40 deletions(-)
diff --git a/3.14.40/0000_README b/3.14.40/0000_README
index 4907942..5a5e724 100644
--- a/3.14.40/0000_README
+++ b/3.14.40/0000_README
@@ -6,7 +6,7 @@ Patch: 1039_linux-3.14.40.patch
From: http://www.kernel.org
Desc: Linux 3.14.40
-Patch: 4420_grsecurity-3.1-3.14.40-201504302118.patch
+Patch: 4420_grsecurity-3.1-3.14.40-201505021012.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.40/4420_grsecurity-3.1-3.14.40-201504302118.patch
b/3.14.40/4420_grsecurity-3.1-3.14.40-201505021012.patch
similarity index 99%
rename from 3.14.40/4420_grsecurity-3.1-3.14.40-201504302118.patch
rename to 3.14.40/4420_grsecurity-3.1-3.14.40-201505021012.patch
index 59db1dc..b34880f 100644
--- a/3.14.40/4420_grsecurity-3.1-3.14.40-201504302118.patch
+++ b/3.14.40/4420_grsecurity-3.1-3.14.40-201505021012.patch
@@ -105006,7 +105006,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index b94002a..f13b8c2 100644
+index b94002a..53e0bff 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -105018,7 +105018,15 @@ index b94002a..f13b8c2 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -259,10 +259,9 @@ int ping_init_sock(struct sock *sk)
+@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk)
+ if (sk_hashed(sk)) {
+ write_lock_bh(&ping_table.lock);
+ hlist_nulls_del(&sk->sk_nulls_node);
++ sk_nulls_node_init(&sk->sk_nulls_node);
+ sock_put(sk);
+ isk->inet_num = 0;
+ isk->inet_sport = 0;
+@@ -259,10 +260,9 @@ int ping_init_sock(struct sock *sk)
kgid_t low, high;
int ret = 0;
@@ -105031,7 +105039,7 @@ index b94002a..f13b8c2 100644
inet_get_ping_group_range_net(net, &low, &high);
if (gid_lte(low, group) && gid_lte(group, high))
return 0;
-@@ -359,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct
inet_sock *isk,
+@@ -359,7 +359,7 @@ static int ping_check_bind_addr(struct sock *sk, struct
inet_sock *isk,
return -ENODEV;
}
}
@@ -105040,7 +105048,7 @@ index b94002a..f13b8c2 100644
scoped);
rcu_read_unlock();
-@@ -567,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -567,7 +567,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -105049,7 +105057,7 @@ index b94002a..f13b8c2 100644
#endif
}
-@@ -585,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -585,7 +585,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -105058,7 +105066,7 @@ index b94002a..f13b8c2 100644
info, (u8 *)icmph);
#endif
}
-@@ -869,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk,
struct msghdr *msg,
+@@ -869,7 +869,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk,
struct msghdr *msg,
return ip_recv_error(sk, msg, len, addr_len);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -105067,7 +105075,7 @@ index b94002a..f13b8c2 100644
addr_len);
#endif
}
-@@ -927,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk,
struct msghdr *msg,
+@@ -927,10 +927,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk,
struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -105080,7 +105088,7 @@ index b94002a..f13b8c2 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1125,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct
seq_file *f,
+@@ -1125,7 +1125,7 @@ static void ping_v4_format_sock(struct sock *sp, struct
seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
diff --git a/3.19.6/0000_README b/3.19.6/0000_README
index db4d6ad..a40b535 100644
--- a/3.19.6/0000_README
+++ b/3.19.6/0000_README
@@ -6,7 +6,7 @@ Patch: 1005_linux-3.19.6.patch
From: http://www.kernel.org
Desc: Linux 3.19.6
-Patch: 4420_grsecurity-3.1-3.19.6-201504302119.patch
+Patch: 4420_grsecurity-3.1-3.19.6-201505021013.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.19.6/4420_grsecurity-3.1-3.19.6-201504302119.patch
b/3.19.6/4420_grsecurity-3.1-3.19.6-201505021013.patch
similarity index 99%
rename from 3.19.6/4420_grsecurity-3.1-3.19.6-201504302119.patch
rename to 3.19.6/4420_grsecurity-3.1-3.19.6-201505021013.patch
index 8de6fff..7e681c9 100644
--- a/3.19.6/4420_grsecurity-3.1-3.19.6-201504302119.patch
+++ b/3.19.6/4420_grsecurity-3.1-3.19.6-201505021013.patch
@@ -42163,23 +42163,6 @@ index 8b63879..a5a5e72 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
-index 5bc6d80..e47b55a 100644
---- a/drivers/hid/hid-logitech-dj.c
-+++ b/drivers/hid/hid-logitech-dj.c
-@@ -853,6 +853,12 @@ static int logi_dj_dj_event(struct hid_device *hdev,
- * case we forward it to the correct hid device (via hid_input_report()
- * ) and return 1 so hid-core does not anything else with it.
- */
-+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
-+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
-+ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
-+ __func__, dj_report->device_index);
-+ return false;
-+ }
-
- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index c13fb5b..55a3802 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -85236,7 +85219,7 @@ index d9d7e7e..86f47ac 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h
-index ed8f9e7..999bc96 100644
+index ed8f9e70..999bc96 100644
--- a/include/linux/scatterlist.h
+++ b/include/linux/scatterlist.h
@@ -1,6 +1,7 @@
@@ -103448,7 +103431,7 @@ index e90f83a..3e6acca 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 0ae28f5..d32b565 100644
+index 0ae28f5..bacfcd5 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -103460,7 +103443,15 @@ index 0ae28f5..d32b565 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -358,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct
inet_sock *isk,
+@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk)
+ if (sk_hashed(sk)) {
+ write_lock_bh(&ping_table.lock);
+ hlist_nulls_del(&sk->sk_nulls_node);
++ sk_nulls_node_init(&sk->sk_nulls_node);
+ sock_put(sk);
+ isk->inet_num = 0;
+ isk->inet_sport = 0;
+@@ -358,7 +359,7 @@ static int ping_check_bind_addr(struct sock *sk, struct
inet_sock *isk,
return -ENODEV;
}
}
@@ -103469,7 +103460,7 @@ index 0ae28f5..d32b565 100644
scoped);
rcu_read_unlock();
-@@ -566,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -566,7 +567,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -103478,7 +103469,7 @@ index 0ae28f5..d32b565 100644
#endif
}
-@@ -584,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -584,7 +585,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -103487,7 +103478,7 @@ index 0ae28f5..d32b565 100644
info, (u8 *)icmph);
#endif
}
-@@ -919,10 +919,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk,
struct msghdr *msg,
+@@ -919,10 +920,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk,
struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -103500,7 +103491,7 @@ index 0ae28f5..d32b565 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1117,7 +1117,7 @@ static void ping_v4_format_sock(struct sock *sp, struct
seq_file *f,
+@@ -1117,7 +1118,7 @@ static void ping_v4_format_sock(struct sock *sp, struct
seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
diff --git a/3.2.68/0000_README b/3.2.68/0000_README
index bd504a3..fc115bd 100644
--- a/3.2.68/0000_README
+++ b/3.2.68/0000_README
@@ -190,7 +190,7 @@ Patch: 1067_linux-3.2.68.patch
From: http://www.kernel.org
Desc: Linux 3.2.68
-Patch: 4420_grsecurity-3.1-3.2.68-201504302116.patch
+Patch: 4420_grsecurity-3.1-3.2.68-201505021011.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.68/4420_grsecurity-3.1-3.2.68-201504302116.patch
b/3.2.68/4420_grsecurity-3.1-3.2.68-201505021011.patch
similarity index 99%
rename from 3.2.68/4420_grsecurity-3.1-3.2.68-201504302116.patch
rename to 3.2.68/4420_grsecurity-3.1-3.2.68-201505021011.patch
index bf41e91..e21a5c6 100644
--- a/3.2.68/4420_grsecurity-3.1-3.2.68-201504302116.patch
+++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201505021011.patch
@@ -105858,10 +105858,18 @@ index a639967..8f44480 100644
pr_err("Unable to proc dir entry\n");
ret = -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index d495d4b..b601824 100644
+index d495d4b..31e741e 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
-@@ -257,6 +257,11 @@ static int ping_bind(struct sock *sk, struct sockaddr
*uaddr, int addr_len)
+@@ -139,6 +139,7 @@ static void ping_v4_unhash(struct sock *sk)
+ if (sk_hashed(sk)) {
+ write_lock_bh(&ping_table.lock);
+ hlist_nulls_del(&sk->sk_nulls_node);
++ sk_nulls_node_init(&sk->sk_nulls_node);
+ sock_put(sk);
+ isk->inet_num = isk->inet_sport = 0;
+ sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
+@@ -257,6 +258,11 @@ static int ping_bind(struct sock *sk, struct sockaddr
*uaddr, int addr_len)
if (addr_len < sizeof(struct sockaddr_in))
return -EINVAL;
@@ -105873,7 +105881,7 @@ index d495d4b..b601824 100644
pr_debug("ping_v4_bind(sk=%p,sa_addr=%08x,sa_port=%d)\n",
sk, addr->sin_addr.s_addr, ntohs(addr->sin_port));
-@@ -504,7 +509,7 @@ static int ping_sendmsg(struct kiocb *iocb, struct sock
*sk, struct msghdr *msg,
+@@ -504,7 +510,7 @@ static int ping_sendmsg(struct kiocb *iocb, struct sock
*sk, struct msghdr *msg,
if (msg->msg_namelen < sizeof(*usin))
return -EINVAL;
if (usin->sin_family != AF_INET)
@@ -105882,7 +105890,7 @@ index d495d4b..b601824 100644
daddr = usin->sin_addr.s_addr;
/* no remote port */
} else {
-@@ -716,8 +721,11 @@ void ping_rcv(struct sk_buff *skb)
+@@ -716,8 +722,11 @@ void ping_rcv(struct sk_buff *skb)
sk = ping_v4_lookup(net, saddr, daddr, ntohs(icmph->un.echo.id),
skb->dev->ifindex);
if (sk != NULL) {
@@ -105895,7 +105903,7 @@ index d495d4b..b601824 100644
sock_put(sk);
return;
}
-@@ -842,7 +850,7 @@ static void ping_format_sock(struct sock *sp, struct
seq_file *f,
+@@ -842,7 +851,7 @@ static void ping_format_sock(struct sock *sp, struct
seq_file *f,
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
