packages (LINUX_2_6_27): kernel/kernel-grsec_fixes.patch, kernel/kernel.spe...

glen glen at pld-linux.org
Mon Jan 25 23:06:02 CET 2010 

Author: glen                         Date: Mon Jan 25 22:06:02 2010 GMT
Module: packages                      Tag: LINUX_2_6_27
---- Log message:
- up to 2.6.27.44

---- Files affected:
packages/kernel:
   kernel-grsec_fixes.patch (1.1.4.8.2.1 -> 1.1.4.8.2.2) , kernel.spec (1.441.2.2036.2.54 -> 1.441.2.2036.2.55) , linux-2.6-grsec_full.patch (1.1.2.51.2.8 -> 1.1.2.51.2.9) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec_fixes.patch
diff -u packages/kernel/kernel-grsec_fixes.patch:1.1.4.8.2.1 packages/kernel/kernel-grsec_fixes.patch:1.1.4.8.2.2
--- packages/kernel/kernel-grsec_fixes.patch:1.1.4.8.2.1	Sun Jan  4 23:19:20 2009
+++ packages/kernel/kernel-grsec_fixes.patch	Mon Jan 25 23:05:53 2010
@@ -95,55 +95,3 @@
  	return 0;
  }
  
-===
-=== cap_dac_ succession with capable_nolog
-===
-diff -upr a/fs./namei.c a/fs/namei.c
---- a/fs./namei.c	2008-04-05 01:23:49.741310000 +0200
-+++ a/fs/namei.c	2008-04-05 14:36:39.350275977 +0200
-@@ -215,6 +215,13 @@ int generic_permission(struct inode *ino
- 
-  check_capabilities:
- 	/*
-+	 * Searching includes executable on directories, else just read.
-+	 */
-+	if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
-+		if (capable_nolog(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
-+			return 0;
-+
-+	/*
- 	 * Read/write DACs are always overridable.
- 	 * Executable DACs are overridable if at least one exec bit is set.
- 	 */
-@@ -223,13 +230,6 @@ int generic_permission(struct inode *ino
- 		if (capable(CAP_DAC_OVERRIDE))
- 			return 0;
- 
--	/*
--	 * Searching includes executable on directories, else just read.
--	 */
--	if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
--		if (capable(CAP_DAC_READ_SEARCH))
--			return 0;
--
- 	return -EACCES;
- }
- 
-@@ -498,13 +498,13 @@ static int exec_permission_lite(struct i
- 	if (mode & MAY_EXEC)
- 		goto ok;
- 
--	if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
-+	if (S_ISDIR(inode->i_mode) && capable_nolog(CAP_DAC_OVERRIDE))
- 		goto ok;
- 
--	if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
-+	if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
- 		goto ok;
- 
--	if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
-+	if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
- 		goto ok;
- 
- 	return -EACCES;
-

================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.441.2.2036.2.54 packages/kernel/kernel.spec:1.441.2.2036.2.55
--- packages/kernel/kernel.spec:1.441.2.2036.2.54	Sat Dec 19 09:46:48 2009
+++ packages/kernel/kernel.spec	Mon Jan 25 23:05:53 2010
@@ -103,7 +103,7 @@
 %endif
 
 %define		basever		2.6.27
-%define		postver		.42
+%define		postver		.44
 %define		rel			1
 
 %define		_enable_debug_packages			0
@@ -148,7 +148,7 @@
 # Source0-md5:	b3e78977aa79d3754cb7f8143d7ddabd
 %if "%{postver}" != "%{nil}"
 Source1:	http://www.kernel.org/pub/linux/kernel/v2.6/patch-%{version}.bz2
-# Source1-md5:	79782ebd9672c39dd7303d7442756556
+# Source1-md5:	da09ddd041a3fb35d236d37ec6de88e9
 %endif
 
 Source3:	kernel-autoconf.h
@@ -1677,6 +1677,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.441.2.2036.2.55  2010/01/25 22:05:53  glen
+- up to 2.6.27.44
+
 Revision 1.441.2.2036.2.54  2009/12/19 08:46:48  arekm
 - up to 2.6.27.42
 

================================================================
Index: packages/kernel/linux-2.6-grsec_full.patch
diff -u packages/kernel/linux-2.6-grsec_full.patch:1.1.2.51.2.8 packages/kernel/linux-2.6-grsec_full.patch:1.1.2.51.2.9
--- packages/kernel/linux-2.6-grsec_full.patch:1.1.2.51.2.8	Tue Oct 13 15:47:32 2009
+++ packages/kernel/linux-2.6-grsec_full.patch	Mon Jan 25 23:05:54 2010
@@ -32795,17 +32795,6 @@
  	return security_task_kill(t, info, sig, 0);
  }
  
-@@ -884,8 +888,8 @@ static void print_fatal_signal(struct pt
- 		for (i = 0; i < 16; i++) {
- 			unsigned char insn;
- 
--			__get_user(insn, (unsigned char *)(regs->ip + i));
--			printk("%02x ", insn);
-+			if (!get_user(insn, (unsigned char __user *)(regs->ip + i)))
-+				printk("%02x ", insn);
- 		}
- 	}
- #endif
 @@ -908,7 +912,7 @@ __group_send_sig_info(int sig, struct si
  	return send_signal(sig, info, p, 1);
  }
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_fixes.patch?r1=1.1.4.8.2.1&r2=1.1.4.8.2.2&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.441.2.2036.2.54&r2=1.441.2.2036.2.55&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/linux-2.6-grsec_full.patch?r1=1.1.2.51.2.8&r2=1.1.2.51.2.9&f=u

More information about the pld-cvs-commit mailing list