diff options
-rw-r--r-- | 3.14.40/0000_README | 2 | ||||
-rw-r--r-- | 3.14.40/4420_grsecurity-3.1-3.14.40-201505021012.patch (renamed from 3.14.40/4420_grsecurity-3.1-3.14.40-201504302118.patch) | 24 | ||||
-rw-r--r-- | 3.19.6/0000_README | 2 | ||||
-rw-r--r-- | 3.19.6/4420_grsecurity-3.1-3.19.6-201505021013.patch (renamed from 3.19.6/4420_grsecurity-3.1-3.19.6-201504302119.patch) | 39 | ||||
-rw-r--r-- | 3.2.68/0000_README | 2 | ||||
-rw-r--r-- | 3.2.68/4420_grsecurity-3.1-3.2.68-201505021011.patch (renamed from 3.2.68/4420_grsecurity-3.1-3.2.68-201504302116.patch) | 18 |
6 files changed, 47 insertions, 40 deletions
diff --git a/3.14.40/0000_README b/3.14.40/0000_README index 4907942..5a5e724 100644 --- a/3.14.40/0000_README +++ b/3.14.40/0000_README @@ -6,7 +6,7 @@ Patch: 1039_linux-3.14.40.patch From: http://www.kernel.org Desc: Linux 3.14.40 -Patch: 4420_grsecurity-3.1-3.14.40-201504302118.patch +Patch: 4420_grsecurity-3.1-3.14.40-201505021012.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.40/4420_grsecurity-3.1-3.14.40-201504302118.patch b/3.14.40/4420_grsecurity-3.1-3.14.40-201505021012.patch index 59db1dc..b34880f 100644 --- a/3.14.40/4420_grsecurity-3.1-3.14.40-201504302118.patch +++ b/3.14.40/4420_grsecurity-3.1-3.14.40-201505021012.patch @@ -105006,7 +105006,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index b94002a..f13b8c2 100644 +index b94002a..53e0bff 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -105018,7 +105018,15 @@ index b94002a..f13b8c2 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -259,10 +259,9 @@ int ping_init_sock(struct sock *sk) +@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk) + if (sk_hashed(sk)) { + write_lock_bh(&ping_table.lock); + hlist_nulls_del(&sk->sk_nulls_node); ++ sk_nulls_node_init(&sk->sk_nulls_node); + sock_put(sk); + isk->inet_num = 0; + isk->inet_sport = 0; +@@ -259,10 +260,9 @@ int ping_init_sock(struct sock *sk) kgid_t low, high; int ret = 0; @@ -105031,7 +105039,7 @@ index b94002a..f13b8c2 100644 inet_get_ping_group_range_net(net, &low, &high); if (gid_lte(low, group) && gid_lte(group, high)) return 0; -@@ -359,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -359,7 +359,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -105040,7 +105048,7 @@ index b94002a..f13b8c2 100644 scoped); rcu_read_unlock(); -@@ -567,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -567,7 +567,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -105049,7 +105057,7 @@ index b94002a..f13b8c2 100644 #endif } -@@ -585,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -585,7 +585,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -105058,7 +105066,7 @@ index b94002a..f13b8c2 100644 info, (u8 *)icmph); #endif } -@@ -869,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -869,7 +869,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, return ip_recv_error(sk, msg, len, addr_len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -105067,7 +105075,7 @@ index b94002a..f13b8c2 100644 addr_len); #endif } -@@ -927,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -927,10 +927,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -105080,7 +105088,7 @@ index b94002a..f13b8c2 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1125,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1125,7 +1125,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, diff --git a/3.19.6/0000_README b/3.19.6/0000_README index db4d6ad..a40b535 100644 --- a/3.19.6/0000_README +++ b/3.19.6/0000_README @@ -6,7 +6,7 @@ Patch: 1005_linux-3.19.6.patch From: http://www.kernel.org Desc: Linux 3.19.6 -Patch: 4420_grsecurity-3.1-3.19.6-201504302119.patch +Patch: 4420_grsecurity-3.1-3.19.6-201505021013.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.19.6/4420_grsecurity-3.1-3.19.6-201504302119.patch b/3.19.6/4420_grsecurity-3.1-3.19.6-201505021013.patch index 8de6fff..7e681c9 100644 --- a/3.19.6/4420_grsecurity-3.1-3.19.6-201504302119.patch +++ b/3.19.6/4420_grsecurity-3.1-3.19.6-201505021013.patch @@ -42163,23 +42163,6 @@ index 8b63879..a5a5e72 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); -diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c -index 5bc6d80..e47b55a 100644 ---- a/drivers/hid/hid-logitech-dj.c -+++ b/drivers/hid/hid-logitech-dj.c -@@ -853,6 +853,12 @@ static int logi_dj_dj_event(struct hid_device *hdev, - * case we forward it to the correct hid device (via hid_input_report() - * ) and return 1 so hid-core does not anything else with it. - */ -+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -+ dev_err(&hdev->dev, "%s: invalid device index:%d\n", -+ __func__, dj_report->device_index); -+ return false; -+ } - - if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || - (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c index c13fb5b..55a3802 100644 --- a/drivers/hid/hid-wiimote-debug.c @@ -85236,7 +85219,7 @@ index d9d7e7e..86f47ac 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h -index ed8f9e7..999bc96 100644 +index ed8f9e70..999bc96 100644 --- a/include/linux/scatterlist.h +++ b/include/linux/scatterlist.h @@ -1,6 +1,7 @@ @@ -103448,7 +103431,7 @@ index e90f83a..3e6acca 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 0ae28f5..d32b565 100644 +index 0ae28f5..bacfcd5 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -103460,7 +103443,15 @@ index 0ae28f5..d32b565 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -358,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk) + if (sk_hashed(sk)) { + write_lock_bh(&ping_table.lock); + hlist_nulls_del(&sk->sk_nulls_node); ++ sk_nulls_node_init(&sk->sk_nulls_node); + sock_put(sk); + isk->inet_num = 0; + isk->inet_sport = 0; +@@ -358,7 +359,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -103469,7 +103460,7 @@ index 0ae28f5..d32b565 100644 scoped); rcu_read_unlock(); -@@ -566,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -566,7 +567,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -103478,7 +103469,7 @@ index 0ae28f5..d32b565 100644 #endif } -@@ -584,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -584,7 +585,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -103487,7 +103478,7 @@ index 0ae28f5..d32b565 100644 info, (u8 *)icmph); #endif } -@@ -919,10 +919,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -919,10 +920,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -103500,7 +103491,7 @@ index 0ae28f5..d32b565 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1117,7 +1117,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1117,7 +1118,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, diff --git a/3.2.68/0000_README b/3.2.68/0000_README index bd504a3..fc115bd 100644 --- a/3.2.68/0000_README +++ b/3.2.68/0000_README @@ -190,7 +190,7 @@ Patch: 1067_linux-3.2.68.patch From: http://www.kernel.org Desc: Linux 3.2.68 -Patch: 4420_grsecurity-3.1-3.2.68-201504302116.patch +Patch: 4420_grsecurity-3.1-3.2.68-201505021011.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.68/4420_grsecurity-3.1-3.2.68-201504302116.patch b/3.2.68/4420_grsecurity-3.1-3.2.68-201505021011.patch index bf41e91..e21a5c6 100644 --- a/3.2.68/4420_grsecurity-3.1-3.2.68-201504302116.patch +++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201505021011.patch @@ -105858,10 +105858,18 @@ index a639967..8f44480 100644 pr_err("Unable to proc dir entry\n"); ret = -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index d495d4b..b601824 100644 +index d495d4b..31e741e 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -257,6 +257,11 @@ static int ping_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) +@@ -139,6 +139,7 @@ static void ping_v4_unhash(struct sock *sk) + if (sk_hashed(sk)) { + write_lock_bh(&ping_table.lock); + hlist_nulls_del(&sk->sk_nulls_node); ++ sk_nulls_node_init(&sk->sk_nulls_node); + sock_put(sk); + isk->inet_num = isk->inet_sport = 0; + sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); +@@ -257,6 +258,11 @@ static int ping_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) if (addr_len < sizeof(struct sockaddr_in)) return -EINVAL; @@ -105873,7 +105881,7 @@ index d495d4b..b601824 100644 pr_debug("ping_v4_bind(sk=%p,sa_addr=%08x,sa_port=%d)\n", sk, addr->sin_addr.s_addr, ntohs(addr->sin_port)); -@@ -504,7 +509,7 @@ static int ping_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -504,7 +510,7 @@ static int ping_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, if (msg->msg_namelen < sizeof(*usin)) return -EINVAL; if (usin->sin_family != AF_INET) @@ -105882,7 +105890,7 @@ index d495d4b..b601824 100644 daddr = usin->sin_addr.s_addr; /* no remote port */ } else { -@@ -716,8 +721,11 @@ void ping_rcv(struct sk_buff *skb) +@@ -716,8 +722,11 @@ void ping_rcv(struct sk_buff *skb) sk = ping_v4_lookup(net, saddr, daddr, ntohs(icmph->un.echo.id), skb->dev->ifindex); if (sk != NULL) { @@ -105895,7 +105903,7 @@ index d495d4b..b601824 100644 sock_put(sk); return; } -@@ -842,7 +850,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, +@@ -842,7 +851,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, |