diff options
author | Marcin Deranek <marcin.deranek@slonko.net> | 2021-06-18 12:42:55 +0200 |
---|---|---|
committer | Marcin Deranek <marcin.deranek@slonko.net> | 2021-06-18 12:42:55 +0200 |
commit | c5a2aece1a46ff4e57886ab5b5351995cf493e6c (patch) | |
tree | 2c29b1f5d4f6791a5ef88de974eeca1353f02a05 /sys-kernel/hardened-sources/files | |
parent | 66429900e4f73eec6713a0193db2706bb1481c7f (diff) | |
download | portage-c5a2aece1a46ff4e57886ab5b5351995cf493e6c.tar.gz portage-c5a2aece1a46ff4e57886ab5b5351995cf493e6c.tar.bz2 portage-c5a2aece1a46ff4e57886ab5b5351995cf493e6c.zip |
hardened-sources version bump
Added a few patches to accomodate for conflicting changes between Gentoo
and linux-hardened. First we revert conflicting changes
(9999_revert-conflicts.patch) and re-apply relevant changes with
slightly modified patch (linux-hardened-gentoo.patch).
Diffstat (limited to 'sys-kernel/hardened-sources/files')
-rw-r--r-- | sys-kernel/hardened-sources/files/9999_revert-conflicts.patch | 27 | ||||
-rw-r--r-- | sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch | 11 |
2 files changed, 38 insertions, 0 deletions
diff --git a/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch b/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch new file mode 100644 index 0000000..b46aa1c --- /dev/null +++ b/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch @@ -0,0 +1,27 @@ +Reverse conflicting patches + +diff --git a/mm/Kconfig b/mm/Kconfig +index 24c045b24..e13fc740c 100644 +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -321,8 +321,6 @@ config KSM + config DEFAULT_MMAP_MIN_ADDR + int "Low address space to protect from user allocation" + depends on MMU +- default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && GENTOO_KERNEL_SELF_PROTECTION +- default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION + default 4096 + help + This is the portion of low virtual memory which should be protected +diff --git a/security/Kconfig b/security/Kconfig +index 7561f6f99..01f0bf73f 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -166,7 +166,6 @@ config HARDENED_USERCOPY + config HARDENED_USERCOPY_FALLBACK + bool "Allow usercopy whitelist violations to fallback to object size" + depends on HARDENED_USERCOPY +- depends on !GENTOO_KERNEL_SELF_PROTECTION + default y + help + This is a temporary option that allows missing usercopy whitelists diff --git a/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch b/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch new file mode 100644 index 0000000..5bd9820 --- /dev/null +++ b/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch @@ -0,0 +1,11 @@ +diff --git a/security/Kconfig b/security/Kconfig +index 7561f6f99..01f0bf73f 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -166,5 +166,6 @@ config HARDENED_USERCOPY + config HARDENED_USERCOPY_FALLBACK + bool "Allow usercopy whitelist violations to fallback to object size" + depends on HARDENED_USERCOPY ++ depends on !GENTOO_KERNEL_SELF_PROTECTION + help + This is a temporary option that allows missing usercopy whitelists |