mempo · 0x20c24 · Aug 11, 2015 · Aug 11, 2015
diff --git a/changelog b/changelog
@@ -1,3 +1,9 @@
+linux-image (linux-3.2.70-mempo-0.2.137) UNRELEASED; urgency=medium
+  * linux: rds: fix an integer overflow test in rds_info_getsockopt()
+  * linux: Backport virtio-net security fix by Jason Wang
+  * grsec: merge 'linux-3.2.y' into pax-stable, 'pax-stable' into grsec-stable 
+
+ -- mempo <mempo@mempo.org>  Sun, 11 Aug 2015 10:17:00 +0200
 
 linux-image (linux-3.2.69-mempo-0.2.136) UNRELEASED; urgency=high
   * linux: kzalloc md kernel mem infoleak!!

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-desk.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-desk.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.desk.0.2.136"
+CONFIG_LOCALVERSION="-mempo.desk.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-deskmax.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-deskmax.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.deskmax.0.2.136"
+CONFIG_LOCALVERSION="-mempo.deskmax.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-deskmaxdbg.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-deskmaxdbg.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.deskmaxdbg.0.2.136"
+CONFIG_LOCALVERSION="-mempo.deskmaxdbg.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-insecuregrsoff.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-insecuregrsoff.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.insecuregrsoff.0.2.136"
+CONFIG_LOCALVERSION="-mempo.insecuregrsoff.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-serv.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-serv.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.serv.0.2.136"
+CONFIG_LOCALVERSION="-mempo.serv.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-servmax.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-servmax.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.servmax.0.2.136"
+CONFIG_LOCALVERSION="-mempo.servmax.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-servmaxdbg.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-servmaxdbg.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.servmaxdbg.0.2.136"
+CONFIG_LOCALVERSION="-mempo.servmaxdbg.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-vanilladbg.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-vanilladbg.kernel-config
@@ -62,7 +62,7 @@ CONFIG_IRQ_WORK=y
 CONFIG_EXPERIMENTAL=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.vanilladbg.0.2.136"
+CONFIG_LOCALVERSION="-mempo.vanilladbg.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/configs-kernel/deb7-zero.kernel-config b/kernel-build/linux-mempo/configs-kernel/deb7-zero.kernel-config
@@ -58,7 +58,7 @@ CONFIG_EXPERIMENTAL=y
 CONFIG_BROKEN_ON_SMP=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
-CONFIG_LOCALVERSION="-mempo.zero.0.2.136"
+CONFIG_LOCALVERSION="-mempo.zero.0.2.137"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y

diff --git a/kernel-build/linux-mempo/env-data.sh b/kernel-build/linux-mempo/env-data.sh
@@ -1,5 +1,5 @@
 # place for STATIC settings for release. [autogenerated] 
-export kernel_general_version="3.2.69" # base version (should match the one is sourcecode.list)
-export KERNEL_DATE='2015-08-02 00:16:17' # UTC time of mempo version. This is > then max(kernel,grsec,patches) times
-export CURRENT_SEED='1184c4861ddd73b5adb31adf2ccd02251f80958d3c8a13461e234667edb94e62' #  block 826275 (*)
+export kernel_general_version="3.2.70" # base version (should match the one is sourcecode.list)
+export KERNEL_DATE='2015-08-11 10:12:02' # UTC time of mempo version. This is > then max(kernel,grsec,patches) times
+export CURRENT_SEED='36cc0c0b00fefda5b8376bdf142bc6d0a9d6718302dce9bc5ed30163b79edeb9' #  block 831687 (*)
 export DEBIAN_REVISION='001' # see README.md how to update it on git tag, on rc and final releases
diff --git a/kernel-build/linux-mempo/sourcecode.list b/kernel-build/linux-mempo/sourcecode.list
@@ -1,4 +1,4 @@
-V,ID_kernel_vanilla_ID,x,kernel,linux-3.2.69.tar,sha256,c574b6872e329ede400d4e413c4add4cc59bb81b327de02dc6e4c10e47c31dc2,./
-P,ID_grsecurity_main_ID,x,grsecurity,grsecurity-3.1-3.2.69-201508011610.patch,sha256,5ce8af9f0aafa510a8835120b1f36e319ec31a48284ddd1f55ca167bd2637565,./tmp-path/
+V,ID_kernel_vanilla_ID,x,kernel,linux-3.2.70.tar,sha256,0cbac3ea8d97946e7d184f21cce888e113701934b7a5b4f0a6714819efdad473,./
+P,ID_grsecurity_main_ID,x,grsecurity,grsecurity-3.1-3.2.70-201508102127.patch,sha256,,./tmp-path/
 P,ID_mempo_grsec_ID,x,mempo,grsecurity-3.0-3.2.55-201402152203-mempo-extra.patch,sha256,a8e81062e44ea899af688a326aaebcfd86d759da69b39f6ed66b7a8e7bcf9a8d,./tmp-path/
 P,ID_mempo_determ_ID,x,mempo,linux-3.2.57-grsec-deterministic-build.patch,sha256,aca4001855c4c822c78aee90acc8706a3ffb3b5e4d42f07b4ffe827190d77d59,./tmp-path/
diff --git a/kernel-sources/grsecurity/changelog-stable.txt b/kernel-sources/grsecurity/changelog-stable.txt
@@ -1,3 +1,69 @@
+commit 13e09e261792b1cdb577d89af5cdf7dafe6403b1
+Author: Dan Carpenter <dan.carpenter@oracle.com>
+Date:   Sat Aug 1 15:33:26 2015 +0300
+
+    rds: fix an integer overflow test in rds_info_getsockopt()
+
+    "len" is a signed integer.  We check that len is not negative, so it
+    goes from zero to INT_MAX.  PAGE_SIZE is unsigned long so the comparison
+    is type promoted to unsigned long.  ULONG_MAX - 4095 is a higher than
+    INT_MAX so the condition can never be true.
+
+    I don't know if this is harmful but it seems safe to limit "len" to
+    INT_MAX - 4095.
+
+    Fixes: a8c879a7ee98 ('RDS: Info and stats')
+    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+    Signed-off-by: David S. Miller <davem@davemloft.net>
+
+ net/rds/info.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+commit 5f71a17e4b3f406474055ef8723e55f82118517c
+Author: Brad Spengler <spender@grsecurity.net>
+Date:   Mon Aug 10 02:39:35 2015 -0400
+
+    Backport virtio-net security fix by Jason Wang from:
+    http://marc.info/?l=linux-netdev&m=143868216724068&w=2
+
+ drivers/net/virtio_net.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+commit 655452be4ba3abe1864d157001723762498432f7
+Merge: a6667a3 92efcfe
+Author: Brad Spengler <spender@grsecurity.net>
+Date:   Mon Aug 10 01:50:01 2015 -0400
+
+    Merge branch 'pax-stable' into grsec-stable
+
+    Conflicts:
+    	arch/mips/kernel/irq.c
+    	kernel/trace/trace_events_filter.c
+
+commit 92efcfeca5be11a36c8a089a374d9396764e397d
+Merge: 16c1a7a 058fbb1
+Author: Brad Spengler <spender@grsecurity.net>
+Date:   Mon Aug 10 01:48:25 2015 -0400
+
+    Update to pax-linux-3.2.70-test179.patch:
+
+    Merge branch 'linux-3.2.y' into pax-stable
+
+    Conflicts:
+    	arch/arm/include/asm/elf.h
+    	arch/powerpc/mm/mmap_64.c
+    	fs/binfmt_elf.c
+
+commit a6667a39ecfc62cad6ae68e7f38f7b40f6dd559f
+Author: Brad Spengler <spender@grsecurity.net>
+Date:   Sun Aug 2 08:26:16 2015 -0400
+
+    Update plugins from 4.1 tree to fix reported compilation errors
+
+ tools/gcc/kernexec_plugin.c  |    8 ++++++--
+ tools/gcc/stackleak_plugin.c |    8 ++++++--
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
 commit 5088787d1a19583ff0a46387a108e3b99c11bf92
 Author: Benjamin Randazzo <benjamin@randazzo.fr>
 Date:   Sat Jul 25 16:36:50 2015 +0200

diff --git a/kernel-sources/grsecurity/grsecurity-3.1-3.2.69-201508011610.patch.sig b/kernel-sources/grsecurity/grsecurity-3.1-3.2.69-201508011610.patch.sig