diff options
| author |   Travis Tilley <lv@gentoo.org> | 2004-11-11 00:18:19 +0000 |
|---|---|---|
| committer | Travis Tilley <lv@gentoo.org> | 2004-11-11 00:18:19 +0000 |
| commit | defdcc139adf8bb37ef16f4cc0db8a4f880f5f24 (patch) | |
| tree | 53cd2f8aeaa6605eb81c21053666eb376bd6564f /sys-kernel/hardened-dev-sources | |
| parent | fixup the patch a little (Manifest recommit) (diff) | |
| download | gentoo-2-defdcc139adf8bb37ef16f4cc0db8a4f880f5f24.tar.gz gentoo-2-defdcc139adf8bb37ef16f4cc0db8a4f880f5f24.tar.bz2 gentoo-2-defdcc139adf8bb37ef16f4cc0db8a4f880f5f24.zip | |
Removed a chunk of code that makes read imply exec for 32bit on amd64. If you get the error "cannot apply additional memory protection after relocation: Permission denied" when running 32bit binaries, this should fix it. Note that there are still bugs in handling 32bit in PaX on amd64, and that 32bit libraries with text relocations simply will not work at all. Also note that this update is -only- important for amd64 users.
Diffstat (limited to 'sys-kernel/hardened-dev-sources')
5 files changed, 92 insertions, 17 deletions
diff --git a/sys-kernel/hardened-dev-sources/ChangeLog b/sys-kernel/hardened-dev-sources/ChangeLog index a4e4b566c4a6..bed3f2f7e33a 100644 --- a/sys-kernel/hardened-dev-sources/ChangeLog +++ b/sys-kernel/hardened-dev-sources/ChangeLog @@ -1,6 +1,18 @@ # ChangeLog for sys-kernel/hardened-dev-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.41 2004/11/01 14:03:44 method Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.42 2004/11/11 00:18:19 lv Exp $ + +*hardened-dev-sources-2.6.7-r11 (10 Nov 2004) + + 10 Nov 2004; Travis Tilley <lv@gentoo.org> + +files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch, + +hardened-dev-sources-2.6.7-r11.ebuild: + Removed a chunk of code that makes read imply exec for 32bit on amd64. If + you get the error "cannot apply additional memory protection after + relocation: Permission denied" when running 32bit binaries, this should fix + it. Note that there are still bugs in handling 32bit in PaX on amd64, and + that 32bit libraries with text relocations simply will not work at all. Also + note that this update is -only- important for amd64 users. *hardened-dev-sources-2.6.7-r10 (01 Nov 2004) diff --git a/sys-kernel/hardened-dev-sources/Manifest b/sys-kernel/hardened-dev-sources/Manifest index c657df3991b8..984ece83bfdc 100644 --- a/sys-kernel/hardened-dev-sources/Manifest +++ b/sys-kernel/hardened-dev-sources/Manifest @@ -1,20 +1,13 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092 -MD5 0b8ab20736a2b68476718b12a797d7ff hardened-dev-sources-2.6.7-r10.ebuild 1163 MD5 80eac19822330fc7aa7083f482ff3209 ChangeLog 7131 -MD5 73174f8e07b82c5df563b7196f87611c metadata.xml 299 MD5 6ceac5877bbf8ffb6523d3d671031b73 hardened-dev-sources-2.6.7-r7.ebuild 1089 -MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r10 219 -MD5 bc48c226344f94535c3ba2e0ce55bf24 files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch 1694 -MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033 +MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092 +MD5 73174f8e07b82c5df563b7196f87611c metadata.xml 299 +MD5 0b8ab20736a2b68476718b12a797d7ff hardened-dev-sources-2.6.7-r10.ebuild 1163 +MD5 26bdd227208edc71be27abf53e773484 hardened-dev-sources-2.6.7-r11.ebuild 1226 MD5 efbbfbed471c50333a8c2fd2f2b0b061 files/digest-hardened-dev-sources-2.6.7-r7 219 MD5 0f763833ebbcbf0f2a8ac151454c3b29 files/digest-hardened-dev-sources-2.6.7-r8 219 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQFBhkFvI9RrrOsOLvcRAoFNAKCMpGB2M/KuUUBEQLzPTamjJYm8MACfRIBh -8UQ1yRKB8QcbIApuHZUibGQ= -=ZynH ------END PGP SIGNATURE----- +MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033 +MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r10 219 +MD5 bc48c226344f94535c3ba2e0ce55bf24 files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch 1694 +MD5 7e3d1d44b244b238ff3e36bfe1f05c80 files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch 871 +MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r11 219 diff --git a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r11 b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r11 new file mode 100644 index 000000000000..3ac31c5a42bf --- /dev/null +++ b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r11 @@ -0,0 +1,3 @@ +MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228 +MD5 ecdbe38dbae9c1b628636951658fab7a hardened-patches-2.6-7.8.tar.bz2 151973 +MD5 d289935571088e5c55b3833063a967b1 genpatches-2.6-7.46-base.tar.bz2 63281 diff --git a/sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch b/sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch new file mode 100644 index 000000000000..42f7b7fe2dc6 --- /dev/null +++ b/sys-kernel/hardened-dev-sources/files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch @@ -0,0 +1,35 @@ +--- arch/x86_64/ia32/sys_ia32.c.orig 2004-10-05 08:02:13.989209448 -0400 ++++ arch/x86_64/ia32/sys_ia32.c 2004-10-05 08:06:51.533016376 -0400 +@@ -223,8 +223,8 @@ + return -EBADF; + } + +- if (a.prot & PROT_READ) +- a.prot |= vm_force_exec32; ++// if (a.prot & PROT_READ) ++// a.prot |= vm_force_exec32; + + mm = current->mm; + down_write(&mm->mmap_sem); +@@ -240,8 +240,8 @@ + asmlinkage long + sys32_mprotect(unsigned long start, size_t len, unsigned long prot) + { +- if (prot & PROT_READ) +- prot |= vm_force_exec32; ++// if (prot & PROT_READ) ++// prot |= vm_force_exec32; + return sys_mprotect(start,len,prot); + } + +@@ -1054,8 +1054,8 @@ + return -EBADF; + } + +- if (prot & PROT_READ) +- prot |= vm_force_exec32; ++// if (prot & PROT_READ) ++// prot |= vm_force_exec32; + + down_write(&mm->mmap_sem); + error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); diff --git a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild new file mode 100644 index 000000000000..7ffe3eecacac --- /dev/null +++ b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild @@ -0,0 +1,32 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r11.ebuild,v 1.1 2004/11/11 00:18:19 lv Exp $ + +IUSE="" +ETYPE="sources" +inherit kernel-2 +detect_version + +GPV=7.46 +GPV_SRC="mirror://gentoo/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2" + +HGPV=7.8 +#HGPV_SRC="mirror://gentoo/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2" +HGPV_SRC="http://dev.gentoo.org/~tseng/kernel/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2" + +UNIPATCH_STRICTORDER="yes" +UNIPATCH_EXCLUDE="1315_alpha" +UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2 + ${DISTDIR}/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2 + ${FILESDIR}/hardened-dev-sources-2.6.7.CAN-2004-0816.patch + ${FILESDIR}/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch" +UNIPATCH_DOCS="${WORKDIR}/patches/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}/0000_README" + +DESCRIPTION="Hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" + +SRC_URI="${KERNEL_URI} ${HGPV_SRC} ${GPV_SRC}" +KEYWORDS="~x86 ~ppc amd64" + +pkg_postinst() { + postinst_sources +} |