Author: zbyniu Date: Mon Feb 25 23:01:10 2008 GMT
Module: SPECS Tag: LINUX_2_6
---- Log message:
- grsec_full.patch is ready; PaX config magic cleanup; rel 0.4
---- Files affected:
SPECS:
kernel.spec (1.441.2.1842 -> 1.441.2.1843)
---- Diffs:
================================================================
Index: SPECS/kernel.spec
diff -u SPECS/kernel.spec:1.441.2.1842 SPECS/kernel.spec:1.441.2.1843
--- SPECS/kernel.spec:1.441.2.1842 Thu Feb 21 14:00:44 2008
+++ SPECS/kernel.spec Tue Feb 26 00:01:04 2008
@@ -7,7 +7,6 @@
#
# TODO:
# - benchmark NO_HZ & HZ=1000 vs HZ=300 on i686
-# - grsec_full (waiting for author)
# - vserver 2.3 (waiting for authors)
# - apparmor (no future?)
#
@@ -103,7 +102,7 @@
%define _prepatch %{nil}
%define _pre_rc %{nil}
%define _rc %{nil}
-%define _rel 0.3
+%define _rel 0.4
%define subname
%{?with_pax:-pax}%{?with_grsec_full:-grsecurity}%{?with_xen0:-xen0}%{?with_xenU:-xenU}
%define _enable_debug_packages 0
@@ -341,8 +340,7 @@
# based on http://www.grsecurity.net/~paxguy1/pax-linux-2.6.24-test8.patch
Patch9998: kernel-pax.patch
-# based on
http://www.grsecurity.net/~spender/grsecurity-2.1.11-2.6.23-200710111225.patch
-# todo
+# based on
http://www.grsecurity.net/~spender/grsecurity-2.1.11-2.6.24.2-200802192340.patch
Patch9999: linux-2.6-grsec_full.patch
Patch10000: linux-2.6-grsec-caps.patch
Patch10001: linux-2.6-grsec-common.patch
@@ -999,11 +997,8 @@
set -x
%ifarch %{ix86}
sed -i 's:# CONFIG_PAX_SEGMEXEC is not
set:CONFIG_PAX_SEGMEXEC=y:' $1
- sed -i 's:# CONFIG_PAX_DEFAULT_SEGMEXEC is not
set:CONFIG_PAX_DEFAULT_SEGMEXEC=y:' $1
- %ifnarch i386 i486
- sed -i 's:# CONFIG_PAX_NOVSYSCALL is not
set:CONFIG_PAX_NOVSYSCALL=y:' $1
- %endif
-
+ # performance impact on CPUs without NX bit
+ sed -i 's:# CONFIG_PAX_PAGEEXEC=y:# CONFIG_PAX_PAGEEXEC is not
set:' $1
# Testing KERNEXEC
# sed -i 's:CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM=y:#
CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set:' $1
@@ -1024,10 +1019,6 @@
sed -i 's:# CONFIG_PAX_EMUPLT is not set:CONFIG_PAX_EMUPLT=y:'
$1
%endif
- %ifarch %{ix8664}
- sed -i 's:# CONFIG_PAX_MEMORY_UDEREF is not
set:CONFIG_PAX_MEMORY_UDEREF=y:' $1
- %endif
-
# Now we have to check MAC system integration. Grsecurity (full) uses
PAX_HAVE_ACL_FLAGS
# setting (direct acces). grsec_minimal probably have no idea about PaX
so we probably
# could use PAX_NO_ACL_FLAGS, but for testing the hooks setting will be
used
@@ -1603,6 +1594,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.441.2.1843 2008-02-25 23:01:04 zbyniu
+- grsec_full.patch is ready; PaX config magic cleanup; rel 0.4
+
Revision 1.441.2.1842 2008-02-21 13:00:44 mguevara
- 2.6.24.2-0.3 aka "iptables doesn't hang my machine"
- updated patch300 kernel-routes-2.6.24-15.diff
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/kernel.spec?r1=1.441.2.1842&r2=1.441.2.1843&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
