SPECS (LINUX_2_6): kernel.spec - grsec_full.patch is ready; PaX co...

zbyniu zbyniu at pld-linux.org
Tue Feb 26 00:01:10 CET 2008 

Author: zbyniu                       Date: Mon Feb 25 23:01:10 2008 GMT
Module: SPECS                         Tag: LINUX_2_6
---- Log message:
- grsec_full.patch is ready; PaX config magic cleanup; rel 0.4

---- Files affected:
SPECS:
   kernel.spec (1.441.2.1842 -> 1.441.2.1843) 

---- Diffs:

================================================================
Index: SPECS/kernel.spec
diff -u SPECS/kernel.spec:1.441.2.1842 SPECS/kernel.spec:1.441.2.1843
--- SPECS/kernel.spec:1.441.2.1842	Thu Feb 21 14:00:44 2008
+++ SPECS/kernel.spec	Tue Feb 26 00:01:04 2008
@@ -7,7 +7,6 @@
 #
 # TODO:
 # - benchmark NO_HZ & HZ=1000 vs HZ=300 on i686
-# - grsec_full (waiting for author)
 # - vserver 2.3 (waiting for authors)
 # - apparmor (no future?)
 #
@@ -103,7 +102,7 @@
 %define		_prepatch		%{nil}
 %define		_pre_rc			%{nil}
 %define		_rc			%{nil}
-%define		_rel			0.3
+%define		_rel			0.4
 %define		subname			%{?with_pax:-pax}%{?with_grsec_full:-grsecurity}%{?with_xen0:-xen0}%{?with_xenU:-xenU}
 
 %define		_enable_debug_packages			0
@@ -341,8 +340,7 @@
 # based on http://www.grsecurity.net/~paxguy1/pax-linux-2.6.24-test8.patch
 Patch9998:	kernel-pax.patch
 
-# based on http://www.grsecurity.net/~spender/grsecurity-2.1.11-2.6.23-200710111225.patch
-# todo
+# based on http://www.grsecurity.net/~spender/grsecurity-2.1.11-2.6.24.2-200802192340.patch
 Patch9999:	linux-2.6-grsec_full.patch
 Patch10000:	linux-2.6-grsec-caps.patch
 Patch10001:	linux-2.6-grsec-common.patch
@@ -999,11 +997,8 @@
 	set -x
 	%ifarch %{ix86}
 		sed -i 's:# CONFIG_PAX_SEGMEXEC is not set:CONFIG_PAX_SEGMEXEC=y:' $1
-		sed -i 's:# CONFIG_PAX_DEFAULT_SEGMEXEC is not set:CONFIG_PAX_DEFAULT_SEGMEXEC=y:' $1
-		%ifnarch i386 i486
-			sed -i 's:# CONFIG_PAX_NOVSYSCALL is not set:CONFIG_PAX_NOVSYSCALL=y:' $1
-		%endif
-
+		# performance impact on CPUs without NX bit
+		sed -i 's:# CONFIG_PAX_PAGEEXEC=y:# CONFIG_PAX_PAGEEXEC is not set:' $1
 		# Testing KERNEXEC
 
 		# sed -i 's:CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM=y:# CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set:' $1
@@ -1024,10 +1019,6 @@
 		sed -i 's:# CONFIG_PAX_EMUPLT is not set:CONFIG_PAX_EMUPLT=y:' $1
 	%endif
 
-	%ifarch %{ix8664}
-		sed -i 's:# CONFIG_PAX_MEMORY_UDEREF is not set:CONFIG_PAX_MEMORY_UDEREF=y:' $1
-	%endif
-
 	# Now we have to check MAC system integration. Grsecurity (full) uses PAX_HAVE_ACL_FLAGS
 	# setting (direct acces). grsec_minimal probably have no idea about PaX so we probably
 	# could use PAX_NO_ACL_FLAGS, but for testing the hooks setting will be used
@@ -1603,6 +1594,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.441.2.1843  2008-02-25 23:01:04  zbyniu
+- grsec_full.patch is ready; PaX config magic cleanup; rel 0.4
+
 Revision 1.441.2.1842  2008-02-21 13:00:44  mguevara
 - 2.6.24.2-0.3 aka "iptables doesn't hang my machine"
 - updated patch300 kernel-routes-2.6.24-15.diff
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/kernel.spec?r1=1.441.2.1842&r2=1.441.2.1843&f=u

More information about the pld-cvs-commit mailing list