packages (LINUX_2_6_32): kernel/kernel-grsec-caps.patch, kernel/kernel-grse...

Sat, 11 Feb 2012 07:13:34 -0800 

Author: hawk                         Date: Sat Feb 11 15:13:28 2012 GMT
Module: packages                      Tag: LINUX_2_6_32
---- Log message:
- updated for 2.6.32.56

---- Files affected:
packages/kernel:
   kernel-grsec-caps.patch (1.2 -> 1.2.2.1) , kernel-grsec-common.patch (1.2 -> 
1.2.4.1) , kernel-grsec.config (1.36.2.1 -> 1.36.2.2) , 
kernel-grsec_fixes.patch (1.7 -> 1.7.2.1) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec-caps.patch
diff -u packages/kernel/kernel-grsec-caps.patch:1.2 
packages/kernel/kernel-grsec-caps.patch:1.2.2.1
--- packages/kernel/kernel-grsec-caps.patch:1.2 Tue Mar 31 14:04:37 2009
+++ packages/kernel/kernel-grsec-caps.patch     Sat Feb 11 16:13:23 2012
@@ -1,6 +1,6 @@
---- e/grsecurity/gracl_cap.c~  2008-05-18 23:53:55.000000000 +0200
-+++ e/grsecurity/gracl_cap.c   2008-05-18 23:55:05.591733291 +0200
-@@ -39,7 +39,8 @@ static const char *captab_log[] = {
+--- a/grsecurity/grsec_exec.c.orig     2012-02-11 14:25:53.000000000 +0000
++++ a/grsecurity/grsec_exec.c  2012-02-11 14:32:29.013151816 +0000
+@@ -173,7 +173,8 @@
        "CAP_AUDIT_CONTROL",
        "CAP_SETFCAP",
        "CAP_MAC_OVERRIDE",
@@ -9,4 +9,4 @@
 +      "CAP_CONTEXT"
  };
  
- EXPORT_SYMBOL(gr_task_is_capable);
+ int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);

================================================================
Index: packages/kernel/kernel-grsec-common.patch
diff -u packages/kernel/kernel-grsec-common.patch:1.2 
packages/kernel/kernel-grsec-common.patch:1.2.4.1
--- packages/kernel/kernel-grsec-common.patch:1.2       Tue Mar 31 14:04:38 2009
+++ packages/kernel/kernel-grsec-common.patch   Sat Feb 11 16:13:23 2012
@@ -28,9 +28,9 @@
 --- a/kernel/capability.c~     2007-12-11 00:46:02.000000000 +0100
 +++ a/kernel/capability.c      2007-12-11 01:35:00.244481500 +0100
 @@ -322,6 +322,8 @@
+               BUG();
+       }
  
- int capable_nolog(int cap)
- {
 +      if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
 +              return 0;
        if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {

================================================================
Index: packages/kernel/kernel-grsec.config
diff -u packages/kernel/kernel-grsec.config:1.36.2.1 
packages/kernel/kernel-grsec.config:1.36.2.2
--- packages/kernel/kernel-grsec.config:1.36.2.1        Tue May  4 21:50:12 2010
+++ packages/kernel/kernel-grsec.config Sat Feb 11 16:13:23 2012
@@ -16,6 +16,7 @@
 CONFIG_GRKERNSEC_BRUTE=y
 CONFIG_GRKERNSEC_MODSTOP=y
 # CONFIG_GRKERNSEC_HIDESYM is not set
+# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
 
 CONFIG_GRKERNSEC_VM86=y
 
@@ -37,6 +38,7 @@
 CONFIG_GRKERNSEC_PROC_ADD=y
 CONFIG_GRKERNSEC_LINK=y
 CONFIG_GRKERNSEC_FIFO=y
+CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
 CONFIG_GRKERNSEC_ROFS=y
 CONFIG_GRKERNSEC_CHROOT=y
 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
@@ -76,6 +78,9 @@
 #
 CONFIG_GRKERNSEC_EXECVE=y
 CONFIG_GRKERNSEC_DMESG=y
+CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+CONFIG_GRKERNSEC_PTRACE_READEXEC=y
+CONFIG_GRKERNSEC_SETXID=y
 CONFIG_GRKERNSEC_TPE=y
 CONFIG_GRKERNSEC_TPE_ALL=y
 # CONFIG_GRKERNSEC_TPE_INVERT is not set
@@ -109,4 +114,4 @@
 CONFIG_IP_NF_MATCH_STEALTH=m
 
 # CONFIG_GRKERNSEC_MODHARDEN is not set
-CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+# CONFIG_PAX_MEMORY_STACKLEAK is not set

================================================================
Index: packages/kernel/kernel-grsec_fixes.patch
diff -u packages/kernel/kernel-grsec_fixes.patch:1.7 
packages/kernel/kernel-grsec_fixes.patch:1.7.2.1
--- packages/kernel/kernel-grsec_fixes.patch:1.7        Tue Feb  2 13:58:20 2010
+++ packages/kernel/kernel-grsec_fixes.patch    Sat Feb 11 16:13:23 2012
@@ -73,9 +73,9 @@
 --- a/include/linux/grsecurity.h       2007-12-01 00:54:57.224769000 +0000
 +++ c/include/linux/grsecurity.h       2007-12-01 01:09:34.923621750 +0000
 @@ -76,6 +76,7 @@ void gr_log_semrm(const uid_t uid, const
- void gr_log_shmget(const int err, const int shmflg, const size_t size);
- void gr_log_shmrm(const uid_t uid, const uid_t cuid);
  void gr_log_textrel(struct vm_area_struct *vma);
+ void gr_log_rwxmmap(struct file *file);
+ void gr_log_rwxmprotect(struct file *file);
 +void gr_log_cap_pid(const int cap, pid_t pid);
  
  int gr_handle_follow_link(const struct inode *parent,
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec-caps.patch?r1=1.2&r2=1.2.2.1&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec-common.patch?r1=1.2&r2=1.2.4.1&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec.config?r1=1.36.2.1&r2=1.36.2.2&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_fixes.patch?r1=1.7&r2=1.7.2.1&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to