Author: mguevara Date: Sun Dec 6 01:30:10 2009 GMT
Module: packages Tag: LINUX_2_6_31
---- Log message:
- 2.6.31.6-5, updated kernel-grsec_full.patch to
grsecurity-2.1.14-2.6.31.6-200912051443.patch
- fixed log/desc for commit 1.727.2.2, added remote DoS note.
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.21.2.1 -> 1.21.2.2) , kernel.spec (1.727.2.2 ->
1.727.2.3)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.21.2.1
packages/kernel/kernel-grsec_full.patch:1.21.2.2
--- packages/kernel/kernel-grsec_full.patch:1.21.2.1 Sat Dec 5 02:13:34 2009
+++ packages/kernel/kernel-grsec_full.patch Sun Dec 6 02:30:04 2009
@@ -47167,7 +47167,7 @@
#endif
static struct ctl_table kern_table[] = {
-+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
++#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
+ {
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "grsecurity",
@@ -50170,7 +50170,7 @@
+ (n > ((unsigned long)task_stack_page(current) + THREAD_SIZE -
+ (unsigned long)ptr)))
+ goto report;
-+ else
++ else if (!PageSlab(page))
+ return;
+
+ cachep = page_get_cache(page);
@@ -50383,7 +50383,7 @@
+ (n > ((unsigned long)task_stack_page(current) + THREAD_SIZE -
+ (unsigned long)ptr)))
+ goto report;
-+ else
++ else if (!PageSlobPage((struct page*)sp))
+ return;
+
+ if (sp->size) {
@@ -50578,7 +50578,7 @@
+ (n > ((unsigned long)task_stack_page(current) + THREAD_SIZE -
+ (unsigned long)ptr)))
+ goto report;
-+ else
++ else if (!page)
+ return;
+
+ s = page->slab;
@@ -52782,6 +52782,16 @@
}
/*
+@@ -35,6 +35,9 @@
+ {
+ int ret;
+
++ if (!capable(CAP_SYS_RAWIO))
++ return -EPERM;
++
+ ret = proc_doulongvec_minmax(table, write, filp, buffer, lenp, ppos);
+
+ update_mmap_min_addr();
diff -urNp linux-2.6.31.6/security/smack/smackfs.c
linux-2.6.31.6/security/smack/smackfs.c
--- linux-2.6.31.6/security/smack/smackfs.c 2009-11-10 18:45:25.000000000
-0500
+++ linux-2.6.31.6/security/smack/smackfs.c 2009-11-12 17:18:17.000000000
-0500
================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.727.2.2
packages/kernel/kernel.spec:1.727.2.3
--- packages/kernel/kernel.spec:1.727.2.2 Sat Dec 5 02:13:34 2009
+++ packages/kernel/kernel.spec Sun Dec 6 02:30:04 2009
@@ -113,7 +113,7 @@
%define basever 2.6.31
%define postver .6
-%define rel 4
+%define rel 5
%define _enable_debug_packages 0
@@ -325,7 +325,7 @@
# based on http://ftp.leg.uct.ac.za/pub/linux/rip/inittmpfs-2.6.14.diff.gz
Patch7000: kernel-inittmpfs.patch
-# based on
http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.31.6-200912040944.patch";
kernel-grsec_full.patch
+# based on
http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.31.6-200912051443.patch";
kernel-grsec_full.patch
# NOTE: put raw upstream patches on kernel-grsec_full.patch:GRSECURITY_RAW for
reference
# (since upstream deletes older patches)
Patch9999: kernel-grsec_full.patch
@@ -1584,9 +1584,16 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.727.2.3 2009/12/06 01:30:04 mguevara
+- 2.6.31.6-5, updated kernel-grsec_full.patch to
+ grsecurity-2.1.14-2.6.31.6-200912051443.patch
+- fixed log/desc for commit 1.727.2.2, added remote DoS note.
+
Revision 1.727.2.2 2009/12/05 01:13:34 mguevara
- 2.6.31.6-4, updated kernel-grsec_full.patch to
- grsecurity-2.1.14-2.6.31.6-200911151724.patch
+ grsecurity-2.1.14-2.6.31.6-200912040944.patch
+ fixes remote DoS condition introduced in 2.6.29
+ some details: http://twitter.com/spendergrsec/status/6339560349
Revision 1.727.2.1 2009/12/04 23:19:11 mguevara
- added CONFIG_PHYSICAL_ALIGN=0x1000000 to the pax config procedure
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.21.2.1&r2=1.21.2.2&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.727.2.2&r2=1.727.2.3&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
