packages (LINUX_2_6_31): kernel/kernel-grsec_full.patch, kernel/kernel.spec...

mguevara mguevara at pld-linux.org
Sun Dec 6 02:30:10 CET 2009 

Author: mguevara                     Date: Sun Dec  6 01:30:10 2009 GMT
Module: packages                      Tag: LINUX_2_6_31
---- Log message:
- 2.6.31.6-5, updated kernel-grsec_full.patch to 
  grsecurity-2.1.14-2.6.31.6-200912051443.patch
- fixed log/desc for commit 1.727.2.2, added remote DoS note. 

---- Files affected:
packages/kernel:
   kernel-grsec_full.patch (1.21.2.1 -> 1.21.2.2) , kernel.spec (1.727.2.2 -> 1.727.2.3) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.21.2.1 packages/kernel/kernel-grsec_full.patch:1.21.2.2
--- packages/kernel/kernel-grsec_full.patch:1.21.2.1	Sat Dec  5 02:13:34 2009
+++ packages/kernel/kernel-grsec_full.patch	Sun Dec  6 02:30:04 2009
@@ -47167,7 +47167,7 @@
  #endif
  
  static struct ctl_table kern_table[] = {
-+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
++#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
 +	{
 +		.ctl_name	= CTL_UNNUMBERED,
 +		.procname	= "grsecurity",
@@ -50170,7 +50170,7 @@
 +	    (n > ((unsigned long)task_stack_page(current) + THREAD_SIZE -
 +	     (unsigned long)ptr)))
 +		goto report;
-+	else
++	else if (!PageSlab(page))
 +		return;
 +
 +	cachep = page_get_cache(page);
@@ -50383,7 +50383,7 @@
 +	    (n > ((unsigned long)task_stack_page(current) + THREAD_SIZE -
 +	     (unsigned long)ptr)))
 +		goto report;
-+	else
++	else if (!PageSlobPage((struct page*)sp))
 +		return;
 +
 +	if (sp->size) {
@@ -50578,7 +50578,7 @@
 +	    (n > ((unsigned long)task_stack_page(current) + THREAD_SIZE -
 +	     (unsigned long)ptr)))
 +		goto report;
-+	else
++	else if (!page)
 +		return;
 +
 +	s = page->slab;
@@ -52782,6 +52782,16 @@
  }
  
  /*
+@@ -35,6 +35,9 @@
+ {
+ 	int ret;
+ 
++	if (!capable(CAP_SYS_RAWIO))
++		return -EPERM;
++
+ 	ret = proc_doulongvec_minmax(table, write, filp, buffer, lenp, ppos);
+ 
+ 	update_mmap_min_addr();
 diff -urNp linux-2.6.31.6/security/smack/smackfs.c linux-2.6.31.6/security/smack/smackfs.c
 --- linux-2.6.31.6/security/smack/smackfs.c	2009-11-10 18:45:25.000000000 -0500
 +++ linux-2.6.31.6/security/smack/smackfs.c	2009-11-12 17:18:17.000000000 -0500

================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.727.2.2 packages/kernel/kernel.spec:1.727.2.3
--- packages/kernel/kernel.spec:1.727.2.2	Sat Dec  5 02:13:34 2009
+++ packages/kernel/kernel.spec	Sun Dec  6 02:30:04 2009
@@ -113,7 +113,7 @@
 
 %define		basever		2.6.31
 %define		postver		.6
-%define		rel		4
+%define		rel		5
 
 %define		_enable_debug_packages			0
 
@@ -325,7 +325,7 @@
 # based on http://ftp.leg.uct.ac.za/pub/linux/rip/inittmpfs-2.6.14.diff.gz
 Patch7000:	kernel-inittmpfs.patch
 
-# based on http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.31.6-200912040944.patch" kernel-grsec_full.patch
+# based on http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.31.6-200912051443.patch" kernel-grsec_full.patch
 # NOTE: put raw upstream patches on kernel-grsec_full.patch:GRSECURITY_RAW for reference
 #       (since upstream deletes older patches)
 Patch9999:	kernel-grsec_full.patch
@@ -1584,9 +1584,16 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.727.2.3  2009/12/06 01:30:04  mguevara
+- 2.6.31.6-5, updated kernel-grsec_full.patch to
+  grsecurity-2.1.14-2.6.31.6-200912051443.patch
+- fixed log/desc for commit 1.727.2.2, added remote DoS note.
+
 Revision 1.727.2.2  2009/12/05 01:13:34  mguevara
 - 2.6.31.6-4, updated kernel-grsec_full.patch to
-  grsecurity-2.1.14-2.6.31.6-200911151724.patch
+  grsecurity-2.1.14-2.6.31.6-200912040944.patch
+  fixes remote DoS condition introduced in 2.6.29
+  some details: http://twitter.com/spendergrsec/status/6339560349 
 
 Revision 1.727.2.1  2009/12/04 23:19:11  mguevara
 - added CONFIG_PHYSICAL_ALIGN=0x1000000 to the pax config procedure
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.21.2.1&r2=1.21.2.2&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.727.2.2&r2=1.727.2.3&f=u

More information about the pld-cvs-commit mailing list