Author: glen Date: Mon Jan 25 22:06:02 2010 GMT
Module: packages Tag: LINUX_2_6_27
---- Log message:
- up to 2.6.27.44
---- Files affected:
packages/kernel:
kernel-grsec_fixes.patch (1.1.4.8.2.1 -> 1.1.4.8.2.2) , kernel.spec
(1.441.2.2036.2.54 -> 1.441.2.2036.2.55) , linux-2.6-grsec_full.patch
(1.1.2.51.2.8 -> 1.1.2.51.2.9)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_fixes.patch
diff -u packages/kernel/kernel-grsec_fixes.patch:1.1.4.8.2.1
packages/kernel/kernel-grsec_fixes.patch:1.1.4.8.2.2
--- packages/kernel/kernel-grsec_fixes.patch:1.1.4.8.2.1 Sun Jan 4
23:19:20 2009
+++ packages/kernel/kernel-grsec_fixes.patch Mon Jan 25 23:05:53 2010
@@ -95,55 +95,3 @@
return 0;
}
-===
-=== cap_dac_ succession with capable_nolog
-===
-diff -upr a/fs./namei.c a/fs/namei.c
---- a/fs./namei.c 2008-04-05 01:23:49.741310000 +0200
-+++ a/fs/namei.c 2008-04-05 14:36:39.350275977 +0200
-@@ -215,6 +215,13 @@ int generic_permission(struct inode *ino
-
- check_capabilities:
- /*
-+ * Searching includes executable on directories, else just read.
-+ */
-+ if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
-+ if (capable_nolog(CAP_DAC_OVERRIDE) ||
capable(CAP_DAC_READ_SEARCH))
-+ return 0;
-+
-+ /*
- * Read/write DACs are always overridable.
- * Executable DACs are overridable if at least one exec bit is set.
- */
-@@ -223,13 +230,6 @@ int generic_permission(struct inode *ino
- if (capable(CAP_DAC_OVERRIDE))
- return 0;
-
-- /*
-- * Searching includes executable on directories, else just read.
-- */
-- if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
-- if (capable(CAP_DAC_READ_SEARCH))
-- return 0;
--
- return -EACCES;
- }
-
-@@ -498,13 +498,13 @@ static int exec_permission_lite(struct i
- if (mode & MAY_EXEC)
- goto ok;
-
-- if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
-+ if (S_ISDIR(inode->i_mode) && capable_nolog(CAP_DAC_OVERRIDE))
- goto ok;
-
-- if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
-+ if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
- goto ok;
-
-- if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
-+ if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
- goto ok;
-
- return -EACCES;
-
================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.441.2.2036.2.54
packages/kernel/kernel.spec:1.441.2.2036.2.55
--- packages/kernel/kernel.spec:1.441.2.2036.2.54 Sat Dec 19 09:46:48 2009
+++ packages/kernel/kernel.spec Mon Jan 25 23:05:53 2010
@@ -103,7 +103,7 @@
%endif
%define basever 2.6.27
-%define postver .42
+%define postver .44
%define rel 1
%define _enable_debug_packages 0
@@ -148,7 +148,7 @@
# Source0-md5: b3e78977aa79d3754cb7f8143d7ddabd
%if "%{postver}" != "%{nil}"
Source1: http://www.kernel.org/pub/linux/kernel/v2.6/patch-%{version}.bz2
-# Source1-md5: 79782ebd9672c39dd7303d7442756556
+# Source1-md5: da09ddd041a3fb35d236d37ec6de88e9
%endif
Source3: kernel-autoconf.h
@@ -1677,6 +1677,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.441.2.2036.2.55 2010/01/25 22:05:53 glen
+- up to 2.6.27.44
+
Revision 1.441.2.2036.2.54 2009/12/19 08:46:48 arekm
- up to 2.6.27.42
================================================================
Index: packages/kernel/linux-2.6-grsec_full.patch
diff -u packages/kernel/linux-2.6-grsec_full.patch:1.1.2.51.2.8
packages/kernel/linux-2.6-grsec_full.patch:1.1.2.51.2.9
--- packages/kernel/linux-2.6-grsec_full.patch:1.1.2.51.2.8 Tue Oct 13
15:47:32 2009
+++ packages/kernel/linux-2.6-grsec_full.patch Mon Jan 25 23:05:54 2010
@@ -32795,17 +32795,6 @@
return security_task_kill(t, info, sig, 0);
}
-@@ -884,8 +888,8 @@ static void print_fatal_signal(struct pt
- for (i = 0; i < 16; i++) {
- unsigned char insn;
-
-- __get_user(insn, (unsigned char *)(regs->ip + i));
-- printk("%02x ", insn);
-+ if (!get_user(insn, (unsigned char __user *)(regs->ip +
i)))
-+ printk("%02x ", insn);
- }
- }
- #endif
@@ -908,7 +912,7 @@ __group_send_sig_info(int sig, struct si
return send_signal(sig, info, p, 1);
}
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_fixes.patch?r1=1.1.4.8.2.1&r2=1.1.4.8.2.2&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.441.2.2036.2.54&r2=1.441.2.2036.2.55&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/linux-2.6-grsec_full.patch?r1=1.1.2.51.2.8&r2=1.1.2.51.2.9&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
