packages (LINUX_2_6_32): kernel/kernel-grsec-caps.patch, kernel/kernel-grse...

hawk hawk at pld-linux.org
Sat Feb 11 16:13:28 CET 2012 

Author: hawk                         Date: Sat Feb 11 15:13:28 2012 GMT
Module: packages                      Tag: LINUX_2_6_32
---- Log message:
- updated for 2.6.32.56

---- Files affected:
packages/kernel:
   kernel-grsec-caps.patch (1.2 -> 1.2.2.1) , kernel-grsec-common.patch (1.2 -> 1.2.4.1) , kernel-grsec.config (1.36.2.1 -> 1.36.2.2) , kernel-grsec_fixes.patch (1.7 -> 1.7.2.1) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec-caps.patch
diff -u packages/kernel/kernel-grsec-caps.patch:1.2 packages/kernel/kernel-grsec-caps.patch:1.2.2.1
--- packages/kernel/kernel-grsec-caps.patch:1.2	Tue Mar 31 14:04:37 2009
+++ packages/kernel/kernel-grsec-caps.patch	Sat Feb 11 16:13:23 2012
@@ -1,6 +1,6 @@
---- e/grsecurity/gracl_cap.c~	2008-05-18 23:53:55.000000000 +0200
-+++ e/grsecurity/gracl_cap.c	2008-05-18 23:55:05.591733291 +0200
-@@ -39,7 +39,8 @@ static const char *captab_log[] = {
+--- a/grsecurity/grsec_exec.c.orig	2012-02-11 14:25:53.000000000 +0000
++++ a/grsecurity/grsec_exec.c	2012-02-11 14:32:29.013151816 +0000
+@@ -173,7 +173,8 @@
  	"CAP_AUDIT_CONTROL",
  	"CAP_SETFCAP",
  	"CAP_MAC_OVERRIDE",
@@ -9,4 +9,4 @@
 +	"CAP_CONTEXT"
  };
  
- EXPORT_SYMBOL(gr_task_is_capable);
+ int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);

================================================================
Index: packages/kernel/kernel-grsec-common.patch
diff -u packages/kernel/kernel-grsec-common.patch:1.2 packages/kernel/kernel-grsec-common.patch:1.2.4.1
--- packages/kernel/kernel-grsec-common.patch:1.2	Tue Mar 31 14:04:38 2009
+++ packages/kernel/kernel-grsec-common.patch	Sat Feb 11 16:13:23 2012
@@ -28,9 +28,9 @@
 --- a/kernel/capability.c~	2007-12-11 00:46:02.000000000 +0100
 +++ a/kernel/capability.c	2007-12-11 01:35:00.244481500 +0100
 @@ -322,6 +322,8 @@
+ 		BUG();
+ 	}
  
- int capable_nolog(int cap)
- {
 +	if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
 +		return 0;
  	if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {

================================================================
Index: packages/kernel/kernel-grsec.config
diff -u packages/kernel/kernel-grsec.config:1.36.2.1 packages/kernel/kernel-grsec.config:1.36.2.2
--- packages/kernel/kernel-grsec.config:1.36.2.1	Tue May  4 21:50:12 2010
+++ packages/kernel/kernel-grsec.config	Sat Feb 11 16:13:23 2012
@@ -16,6 +16,7 @@
 CONFIG_GRKERNSEC_BRUTE=y
 CONFIG_GRKERNSEC_MODSTOP=y
 # CONFIG_GRKERNSEC_HIDESYM is not set
+# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
 
 CONFIG_GRKERNSEC_VM86=y
 
@@ -37,6 +38,7 @@
 CONFIG_GRKERNSEC_PROC_ADD=y
 CONFIG_GRKERNSEC_LINK=y
 CONFIG_GRKERNSEC_FIFO=y
+CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
 CONFIG_GRKERNSEC_ROFS=y
 CONFIG_GRKERNSEC_CHROOT=y
 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
@@ -76,6 +78,9 @@
 #
 CONFIG_GRKERNSEC_EXECVE=y
 CONFIG_GRKERNSEC_DMESG=y
+CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+CONFIG_GRKERNSEC_PTRACE_READEXEC=y
+CONFIG_GRKERNSEC_SETXID=y
 CONFIG_GRKERNSEC_TPE=y
 CONFIG_GRKERNSEC_TPE_ALL=y
 # CONFIG_GRKERNSEC_TPE_INVERT is not set
@@ -109,4 +114,4 @@
 CONFIG_IP_NF_MATCH_STEALTH=m
 
 # CONFIG_GRKERNSEC_MODHARDEN is not set
-CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+# CONFIG_PAX_MEMORY_STACKLEAK is not set

================================================================
Index: packages/kernel/kernel-grsec_fixes.patch
diff -u packages/kernel/kernel-grsec_fixes.patch:1.7 packages/kernel/kernel-grsec_fixes.patch:1.7.2.1
--- packages/kernel/kernel-grsec_fixes.patch:1.7	Tue Feb  2 13:58:20 2010
+++ packages/kernel/kernel-grsec_fixes.patch	Sat Feb 11 16:13:23 2012
@@ -73,9 +73,9 @@
 --- a/include/linux/grsecurity.h	2007-12-01 00:54:57.224769000 +0000
 +++ c/include/linux/grsecurity.h	2007-12-01 01:09:34.923621750 +0000
 @@ -76,6 +76,7 @@ void gr_log_semrm(const uid_t uid, const
- void gr_log_shmget(const int err, const int shmflg, const size_t size);
- void gr_log_shmrm(const uid_t uid, const uid_t cuid);
  void gr_log_textrel(struct vm_area_struct *vma);
+ void gr_log_rwxmmap(struct file *file);
+ void gr_log_rwxmprotect(struct file *file);
 +void gr_log_cap_pid(const int cap, pid_t pid);
  
  int gr_handle_follow_link(const struct inode *parent,
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec-caps.patch?r1=1.2&r2=1.2.2.1&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec-common.patch?r1=1.2&r2=1.2.4.1&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec.config?r1=1.36.2.1&r2=1.36.2.2&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_fixes.patch?r1=1.7&r2=1.7.2.1&f=u

More information about the pld-cvs-commit mailing list