packages (LINUX_3_0): kernel/kernel-grsec_full.patch, kernel/kernel-vserver...
arekm
arekm at pld-linux.org
Thu Jan 26 09:30:23 CET 2012
Author: arekm Date: Thu Jan 26 08:30:23 2012 GMT
Module: packages Tag: LINUX_3_0
---- Log message:
- up to 3.0.18; SECURITY fix - https://lwn.net/Articles/476684/
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.85.2.7 -> 1.85.2.8) , kernel-vserver-2.3.patch (1.83.2.7 -> 1.83.2.8) , kernel.spec (1.987.2.25 -> 1.987.2.26)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.85.2.7 packages/kernel/kernel-grsec_full.patch:1.85.2.8
--- packages/kernel/kernel-grsec_full.patch:1.85.2.7 Fri Dec 9 21:20:43 2011
+++ packages/kernel/kernel-grsec_full.patch Thu Jan 26 09:30:14 2012
@@ -45589,16 +45589,23 @@
#define NOD(NAME, MODE, IOP, FOP, OP) { \
.name = (NAME), \
.len = sizeof(NAME) - 1, \
-@@ -209,6 +225,9 @@ static struct mm_struct *__check_mem_per
- if (task == current)
- return mm;
+@@ -222,10 +222,12 @@
+ return ERR_PTR(err);
+
+ mm = get_task_mm(task);
+- if (mm && mm != current->mm &&
+- !ptrace_may_access(task, mode)) {
+- mmput(mm);
+- mm = ERR_PTR(-EACCES);
++ if (mm) {
++ if ((mm != current->mm && !ptrace_may_access(task, mode)) ||
++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task)))) {
++ mmput(mm);
++ mm = ERR_PTR(-EACCES);
++ }
+ }
+ mutex_unlock(&task->signal->cred_guard_mutex);
-+ if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))
-+ return ERR_PTR(-EPERM);
-+
- /*
- * If current is actively ptrace'ing, and would also be
- * permitted to freshly attach with ptrace now, permit it.
@@ -282,6 +301,9 @@ static int proc_pid_cmdline(struct task_
if (!mm->arg_end)
goto out_mm; /* Shh! No looking before we're done */
================================================================
Index: packages/kernel/kernel-vserver-2.3.patch
diff -u packages/kernel/kernel-vserver-2.3.patch:1.83.2.7 packages/kernel/kernel-vserver-2.3.patch:1.83.2.8
--- packages/kernel/kernel-vserver-2.3.patch:1.83.2.7 Thu Jan 26 09:29:02 2012
+++ packages/kernel/kernel-vserver-2.3.patch Thu Jan 26 09:30:15 2012
@@ -156,18 +156,6 @@
+ m 2^m "vx_acc_page[%5d,%s,%2d]: %5d%s"
+ "vx_acc_pages[%5d,%s,%2d]: %5d += %5d"
+ "vx_pages_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
-diff -NurpP --minimal linux-3.0.17/Makefile linux-3.0.17-vs2.3.2.1/Makefile
---- linux-3.0.17/Makefile 2012-01-18 02:55:56.000000000 +0100
-+++ linux-3.0.17-vs2.3.2.1/Makefile 2012-01-18 03:23:37.000000000 +0100
-@@ -1,7 +1,7 @@
- VERSION = 3
- PATCHLEVEL = 0
- SUBLEVEL = 17
--EXTRAVERSION =
-+EXTRAVERSION = -vs2.3.2.1
- NAME = Sneaky Weasel
-
- # *DOCUMENTATION*
diff -NurpP --minimal linux-3.0.17/arch/alpha/Kconfig linux-3.0.17-vs2.3.2.1/arch/alpha/Kconfig
--- linux-3.0.17/arch/alpha/Kconfig 2011-07-22 11:17:32.000000000 +0200
+++ linux-3.0.17-vs2.3.2.1/arch/alpha/Kconfig 2011-06-10 22:11:24.000000000 +0200
@@ -6813,28 +6801,19 @@
diff -NurpP --minimal linux-3.0.17/fs/proc/uptime.c linux-3.0.17-vs2.3.2.1/fs/proc/uptime.c
--- linux-3.0.17/fs/proc/uptime.c 2009-12-03 20:02:53.000000000 +0100
+++ linux-3.0.17-vs2.3.2.1/fs/proc/uptime.c 2011-06-10 22:11:24.000000000 +0200
-@@ -4,22 +4,22 @@
- #include <linux/sched.h>
+@@ -5,6 +5,7 @@
#include <linux/seq_file.h>
#include <linux/time.h>
--#include <linux/kernel_stat.h>
+ #include <linux/kernel_stat.h>
+#include <linux/vserver/cvirt.h>
#include <asm/cputime.h>
static int uptime_proc_show(struct seq_file *m, void *v)
- {
- struct timespec uptime;
- struct timespec idle;
-- int i;
-- cputime_t idletime = cputime_zero;
--
-- for_each_possible_cpu(i)
-- idletime = cputime64_add(idletime, kstat_cpu(i).cpustat.idle);
-+ cputime_t idletime = cputime_add(init_task.utime, init_task.stime);
-
- do_posix_clock_monotonic_gettime(&uptime);
+@@ -16,7 +16,11 @@
monotonic_to_bootbased(&uptime);
- cputime_to_timespec(idletime, &idle);
+ nsec = cputime64_to_jiffies64(idletime) * TICK_NSEC;
+ idle.tv_sec = div_u64_rem(nsec, NSEC_PER_SEC, &rem);
+ idle.tv_nsec = rem;
+
+ if (vx_flags(VXF_VIRT_UPTIME, 0))
+ vx_vsi_uptime(&uptime, &idle);
================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.987.2.25 packages/kernel/kernel.spec:1.987.2.26
--- packages/kernel/kernel.spec:1.987.2.25 Sat Jan 21 18:27:24 2012
+++ packages/kernel/kernel.spec Thu Jan 26 09:30:15 2012
@@ -94,8 +94,8 @@
%endif
%define basever 3.0
-%define postver .17
-%define rel 2
+%define postver .18
+%define rel 1
%define _enable_debug_packages 0
@@ -143,7 +143,7 @@
# Source0-md5: ecf932280e2441bdd992423ef3d55f8f
%if "%{postver}" != ".0"
Patch0: http://www.kernel.org/pub/linux/kernel/v3.x/patch-%{version}.bz2
-# Patch0-md5: 8beef6d04bfa8b26446378682b332cfe
+# Patch0-md5: 3508052ae2d9799b78fae05895909279
%endif
Source3: kernel-autoconf.h
@@ -241,7 +241,7 @@
# http://patches.aircrack-ng.org/hostap-kernel-2.6.18.patch
Patch85: kernel-hostap.patch
-# http://vserver.13thfloor.at/Experimental/patch-3.0.14-vs2.3.2.1.diff
+# http://vserver.13thfloor.at/Experimental/patch-3.0.17-vs2.3.2.1.diff
Patch100: kernel-vserver-2.3.patch
Patch101: kernel-vserver-fixes.patch
@@ -1535,6 +1535,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.987.2.26 2012/01/26 08:30:15 arekm
+- up to 3.0.18; SECURITY fix - https://lwn.net/Articles/476684/
+
Revision 1.987.2.25 2012/01/21 17:27:24 pluto
- release 2 for rebuild without buggy grsec constify plugin.
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.85.2.7&r2=1.85.2.8&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-vserver-2.3.patch?r1=1.83.2.7&r2=1.83.2.8&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.987.2.25&r2=1.987.2.26&f=u
More information about the pld-cvs-commit
mailing list