commit: 4bff175b49380f941e6d1434a6ab0fb250b2e280 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Tue Jun 21 10:21:03 2016 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Tue Jun 21 10:21:03 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=4bff175b
grsecurity-3.1-4.5.7-201606202152 4.5.7/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.5.7-201606202152.patch} | 23 +++++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/4.5.7/0000_README b/4.5.7/0000_README index 7dd453b..068b4c9 100644 --- a/4.5.7/0000_README +++ b/4.5.7/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.5.7-201606142010.patch +Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch similarity index 99% rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch index b46e7cf..5ac1e8a 100644 --- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch +++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch @@ -115435,7 +115435,7 @@ index ec0e239..ab85b22 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..f172760 +index 0000000..821601d --- /dev/null +++ b/grsecurity/Kconfig @@ -0,0 +1,1205 @@ @@ -115582,14 +115582,14 @@ index 0000000..f172760 +config GRKERNSEC_KSTACKOVERFLOW + bool "Prevent kernel stack overflows" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on !IA64 && 64BIT ++ depends on X86_64 + help + If you say Y here, the kernel's process stacks will be allocated + with vmalloc instead of the kernel's default allocator. This + introduces guard pages that in combination with the alloca checking -+ of the STACKLEAK feature prevents all forms of kernel process stack -+ overflow abuse. Note that this is different from kernel stack -+ buffer overflows. ++ of the STACKLEAK feature and removal of thread_info from the kernel ++ stack prevents all forms of kernel process stack overflow abuse. ++ Note that this is different from kernel stack buffer overflows. + +config GRKERNSEC_BRUTE + bool "Deter exploit bruteforcing" @@ -156888,7 +156888,7 @@ index f2280f7..c0a006f 100644 struct irlap_cb *self = (struct irlap_cb *) data; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index fc3598a..03a184e 100644 +index fc3598a..03a184e3 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -685,10 +685,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv) @@ -211999,7 +211999,7 @@ index 5105c2c..a5010e6 100644 extern struct key_type key_type_request_key_auth; extern struct key *request_key_auth_new(struct key *target, diff --git a/security/keys/key.c b/security/keys/key.c -index 09ef276..ab2894f 100644 +index 09ef276..357db79 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, @@ -212011,6 +212011,15 @@ index 09ef276..ab2894f 100644 key->index_key.type = type; key->user = user; key->quotalen = quotalen; +@@ -582,7 +582,7 @@ int key_reject_and_link(struct key *key, + + mutex_unlock(&key_construction_mutex); + +- if (keyring) ++ if (keyring && link_ret == 0) + __key_link_end(keyring, &key->index_key, edit); + + /* wake up anyone waiting for a key to be constructed */ @@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype) struct key_type *p; int ret;
