Modified 4435_grsec-kconfig-gentoo.patch - bug #331551

Added 4450_check_ssp_fix.patch - bug #312335

6 files changed, 45 insertions, 11 deletions

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 6e24f10..bccacc7 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -6,7 +6,7 @@ Individual Patch Descriptions:
 Patch:	4420_grsecurity-2.2.0-2.6.32.21-201009032133.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
-	
+
 Patch:	4421_grsec-remove-localversion-grsec.patch
 From:	Kerin Millar <kerframil@gmail.com>
 Desc:	Removes grsecurity's localversion-grsec file
@@ -44,4 +44,7 @@ Patch:	4445_disable-compat_vdso.patch
 From:	Gordon Malm <gengor@gentoo.org>
 	Kerin Millar <kerframil@gmail.com>
 Desc:	Disables VDSO_COMPAT operation completely
- 
+
+Patch:	4450_check_ssp_fix.patch
+From:	Magnus Granberg <zorry@gentoo.org>
+Desc:	Fixes kernel check script for ssp
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch
index 924dd79..c9fbc5f 100644
--- a/2.6.32/4435_grsec-kconfig-gentoo.patch
+++ b/2.6.32/4435_grsec-kconfig-gentoo.patch
@@ -25,7 +25,7 @@ Ned Ludd <solar@gentoo.org>
  
  config GRKERNSEC_LOW
  	bool "Low"
-@@ -191,6 +191,418 @@
+@@ -191,6 +191,416 @@
  	  - Ptrace restrictions
  	  - Restricted vm86 mode
  
@@ -265,7 +265,6 @@ Ned Ludd <solar@gentoo.org>
 +	select GRKERNSEC_KMEM
 +	select GRKERNSEC_RESLOG
 +	select GRKERNSEC_RANDNET
-+	select GRKERNSEC_PROC_ADD
 +	select GRKERNSEC_CHROOT_CHMOD
 +	select GRKERNSEC_CHROOT_NICE
 +	select GRKERNSEC_AUDIT_MOUNT
@@ -367,7 +366,6 @@ Ned Ludd <solar@gentoo.org>
 +	select GRKERNSEC_KMEM
 +	select GRKERNSEC_RESLOG
 +	select GRKERNSEC_RANDNET
-+	select GRKERNSEC_PROC_ADD
 +	select GRKERNSEC_CHROOT_CHMOD
 +	select GRKERNSEC_CHROOT_NICE
 +	select GRKERNSEC_AUDIT_MOUNT
@@ -444,4 +442,3 @@ Ned Ludd <solar@gentoo.org>
  config GRKERNSEC_CUSTOM
  	bool "Custom"
  	help
-
diff --git a/2.6.32/4450_check_ssp_fix.patch b/2.6.32/4450_check_ssp_fix.patch
new file mode 100644
index 0000000..b22bc77
--- /dev/null
+++ b/2.6.32/4450_check_ssp_fix.patch
@@ -0,0 +1,17 @@
+2010-03-31		Magnus Granberg <zorry@gentoo.org>
+
+		#312335
+		arch/x86/Makefile:		Add KBUILD_CPPFLAGS to the SSP test
+		commandline for else it build that file with -fPIE
+
+--- a/arch/x86/Makefile	2010-03-31 16:39:32.000000000 +0200
++++ b/arch/x86/Makefile	2010-03-31 16:36:53.000000000 +0200
+@@ -74,7 +74,7 @@
+ 
+ ifdef CONFIG_CC_STACKPROTECTOR
+ 	cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
+-        ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y)
++        ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
+                 stackp-y := -fstack-protector
+                 KBUILD_CFLAGS += $(stackp-y)
+         else
diff --git a/2.6.34/0000_README b/2.6.34/0000_README
index 8f83677..5c9d859 100644
--- a/2.6.34/0000_README
+++ b/2.6.34/0000_README
@@ -44,4 +44,7 @@ Patch:	4445_disable-compat_vdso.patch
 From:	Gordon Malm <gengor@gentoo.org>
 	Kerin Millar <kerframil@gmail.com>
 Desc:	Disables VDSO_COMPAT operation completely
- 
+
+Patch:	4450_check_ssp_fix.patch
+From:	Magnus Granberg <zorry@gentoo.org>
+Desc:	Fixes kernel check script for ssp
diff --git a/2.6.34/4435_grsec-kconfig-gentoo.patch b/2.6.34/4435_grsec-kconfig-gentoo.patch
index 924dd79..c9fbc5f 100644
--- a/2.6.34/4435_grsec-kconfig-gentoo.patch
+++ b/2.6.34/4435_grsec-kconfig-gentoo.patch
@@ -25,7 +25,7 @@ Ned Ludd <solar@gentoo.org>
  
  config GRKERNSEC_LOW
  	bool "Low"
-@@ -191,6 +191,418 @@
+@@ -191,6 +191,416 @@
  	  - Ptrace restrictions
  	  - Restricted vm86 mode
  
@@ -265,7 +265,6 @@ Ned Ludd <solar@gentoo.org>
 +	select GRKERNSEC_KMEM
 +	select GRKERNSEC_RESLOG
 +	select GRKERNSEC_RANDNET
-+	select GRKERNSEC_PROC_ADD
 +	select GRKERNSEC_CHROOT_CHMOD
 +	select GRKERNSEC_CHROOT_NICE
 +	select GRKERNSEC_AUDIT_MOUNT
@@ -367,7 +366,6 @@ Ned Ludd <solar@gentoo.org>
 +	select GRKERNSEC_KMEM
 +	select GRKERNSEC_RESLOG
 +	select GRKERNSEC_RANDNET
-+	select GRKERNSEC_PROC_ADD
 +	select GRKERNSEC_CHROOT_CHMOD
 +	select GRKERNSEC_CHROOT_NICE
 +	select GRKERNSEC_AUDIT_MOUNT
@@ -444,4 +442,3 @@ Ned Ludd <solar@gentoo.org>
  config GRKERNSEC_CUSTOM
  	bool "Custom"
  	help
-
diff --git a/2.6.34/4450_check_ssp_fix.patch b/2.6.34/4450_check_ssp_fix.patch
new file mode 100644
index 0000000..b22bc77
--- /dev/null
+++ b/2.6.34/4450_check_ssp_fix.patch
@@ -0,0 +1,17 @@
+2010-03-31		Magnus Granberg <zorry@gentoo.org>
+
+		#312335
+		arch/x86/Makefile:		Add KBUILD_CPPFLAGS to the SSP test
+		commandline for else it build that file with -fPIE
+
+--- a/arch/x86/Makefile	2010-03-31 16:39:32.000000000 +0200
++++ b/arch/x86/Makefile	2010-03-31 16:36:53.000000000 +0200
+@@ -74,7 +74,7 @@
+ 
+ ifdef CONFIG_CC_STACKPROTECTOR
+ 	cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
+-        ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y)
++        ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
+                 stackp-y := -fstack-protector
+                 KBUILD_CFLAGS += $(stackp-y)
+         else