Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys-kernel/hardened-dev-sources/ChangeLog14
-rw-r--r--sys-kernel/hardened-dev-sources/Manifest25
-rw-r--r--sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r113
-rw-r--r--sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch35
-rw-r--r--sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild32
5 files changed, 92 insertions, 17 deletions
diff --git a/sys-kernel/hardened-dev-sources/ChangeLog b/sys-kernel/hardened-dev-sources/ChangeLog
index a4e4b566c4a6..bed3f2f7e33a 100644
--- a/sys-kernel/hardened-dev-sources/ChangeLog
+++ b/sys-kernel/hardened-dev-sources/ChangeLog
@@ -1,6 +1,18 @@
# ChangeLog for sys-kernel/hardened-dev-sources
# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.41 2004/11/01 14:03:44 method Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.42 2004/11/11 00:18:19 lv Exp $
+
+*hardened-dev-sources-2.6.7-r11 (10 Nov 2004)
+
+ 10 Nov 2004; Travis Tilley <lv@gentoo.org>
+ +files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch,
+ +hardened-dev-sources-2.6.7-r11.ebuild:
+ Removed a chunk of code that makes read imply exec for 32bit on amd64. If
+ you get the error "cannot apply additional memory protection after
+ relocation: Permission denied" when running 32bit binaries, this should fix
+ it. Note that there are still bugs in handling 32bit in PaX on amd64, and
+ that 32bit libraries with text relocations simply will not work at all. Also
+ note that this update is -only- important for amd64 users.
*hardened-dev-sources-2.6.7-r10 (01 Nov 2004)
diff --git a/sys-kernel/hardened-dev-sources/Manifest b/sys-kernel/hardened-dev-sources/Manifest
index c657df3991b8..984ece83bfdc 100644
--- a/sys-kernel/hardened-dev-sources/Manifest
+++ b/sys-kernel/hardened-dev-sources/Manifest
@@ -1,20 +1,13 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092
-MD5 0b8ab20736a2b68476718b12a797d7ff hardened-dev-sources-2.6.7-r10.ebuild 1163
MD5 80eac19822330fc7aa7083f482ff3209 ChangeLog 7131
-MD5 73174f8e07b82c5df563b7196f87611c metadata.xml 299
MD5 6ceac5877bbf8ffb6523d3d671031b73 hardened-dev-sources-2.6.7-r7.ebuild 1089
-MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r10 219
-MD5 bc48c226344f94535c3ba2e0ce55bf24 files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch 1694
-MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033
+MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092
+MD5 73174f8e07b82c5df563b7196f87611c metadata.xml 299
+MD5 0b8ab20736a2b68476718b12a797d7ff hardened-dev-sources-2.6.7-r10.ebuild 1163
+MD5 26bdd227208edc71be27abf53e773484 hardened-dev-sources-2.6.7-r11.ebuild 1226
MD5 efbbfbed471c50333a8c2fd2f2b0b061 files/digest-hardened-dev-sources-2.6.7-r7 219
MD5 0f763833ebbcbf0f2a8ac151454c3b29 files/digest-hardened-dev-sources-2.6.7-r8 219
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.4 (GNU/Linux)
-
-iD8DBQFBhkFvI9RrrOsOLvcRAoFNAKCMpGB2M/KuUUBEQLzPTamjJYm8MACfRIBh
-8UQ1yRKB8QcbIApuHZUibGQ=
-=ZynH
------END PGP SIGNATURE-----
+MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033
+MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r10 219
+MD5 bc48c226344f94535c3ba2e0ce55bf24 files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch 1694
+MD5 7e3d1d44b244b238ff3e36bfe1f05c80 files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch 871
+MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r11 219
diff --git a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r11 b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r11
new file mode 100644
index 000000000000..3ac31c5a42bf
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r11
@@ -0,0 +1,3 @@
+MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228
+MD5 ecdbe38dbae9c1b628636951658fab7a hardened-patches-2.6-7.8.tar.bz2 151973
+MD5 d289935571088e5c55b3833063a967b1 genpatches-2.6-7.46-base.tar.bz2 63281
diff --git a/sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch b/sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch
new file mode 100644
index 000000000000..42f7b7fe2dc6
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch
@@ -0,0 +1,35 @@
+--- arch/x86_64/ia32/sys_ia32.c.orig 2004-10-05 08:02:13.989209448 -0400
++++ arch/x86_64/ia32/sys_ia32.c 2004-10-05 08:06:51.533016376 -0400
+@@ -223,8 +223,8 @@
+ return -EBADF;
+ }
+
+- if (a.prot & PROT_READ)
+- a.prot |= vm_force_exec32;
++// if (a.prot & PROT_READ)
++// a.prot |= vm_force_exec32;
+
+ mm = current->mm;
+ down_write(&mm->mmap_sem);
+@@ -240,8 +240,8 @@
+ asmlinkage long
+ sys32_mprotect(unsigned long start, size_t len, unsigned long prot)
+ {
+- if (prot & PROT_READ)
+- prot |= vm_force_exec32;
++// if (prot & PROT_READ)
++// prot |= vm_force_exec32;
+ return sys_mprotect(start,len,prot);
+ }
+
+@@ -1054,8 +1054,8 @@
+ return -EBADF;
+ }
+
+- if (prot & PROT_READ)
+- prot |= vm_force_exec32;
++// if (prot & PROT_READ)
++// prot |= vm_force_exec32;
+
+ down_write(&mm->mmap_sem);
+ error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
diff --git a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild
new file mode 100644
index 000000000000..7ffe3eecacac
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild,v 1.1 2004/11/11 00:18:19 lv Exp $
+
+IUSE=""
+ETYPE="sources"
+inherit kernel-2
+detect_version
+
+GPV=7.46
+GPV_SRC="mirror://gentoo/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2"
+
+HGPV=7.8
+#HGPV_SRC="mirror://gentoo/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2"
+HGPV_SRC="http://dev.gentoo.org/~tseng/kernel/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2"
+
+UNIPATCH_STRICTORDER="yes"
+UNIPATCH_EXCLUDE="1315_alpha"
+UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2
+ ${DISTDIR}/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2
+ ${FILESDIR}/hardened-dev-sources-2.6.7.CAN-2004-0816.patch
+ ${FILESDIR}/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch"
+UNIPATCH_DOCS="${WORKDIR}/patches/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}/0000_README"
+
+DESCRIPTION="Hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
+
+SRC_URI="${KERNEL_URI} ${HGPV_SRC} ${GPV_SRC}"
+KEYWORDS="~x86 ~ppc amd64"
+
+pkg_postinst() {
+ postinst_sources
+}