[arch-commits] Commit in linux-grsec/trunk (PKGBUILD sysctl.conf)

Daniel Micay thestinger at nymeria.archlinux.org
Mon May 26 03:52:04 UTC 2014 

    Date: Monday, May 26, 2014 @ 05:52:03
  Author: thestinger
Revision: 111869

upgpkg: linux-grsec 3.14.4.201405252047-1

bump to 201405252047 and update the sysctl configuration file to mention paxd

Modified:
  linux-grsec/trunk/PKGBUILD
  linux-grsec/trunk/sysctl.conf

-------------+
 PKGBUILD    |    6 +++---
 sysctl.conf |   12 +++++++-----
 2 files changed, 10 insertions(+), 8 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-05-26 03:30:18 UTC (rev 111868)
+++ PKGBUILD	2014-05-26 03:52:03 UTC (rev 111869)
@@ -8,7 +8,7 @@
 _srcname=linux-3.14
 _pkgver=3.14.4
 _grsecver=3.0
-_timestamp=201405141623
+_timestamp=201405252047
 _grsec_patch="grsecurity-$_grsecver-$_pkgver-$_timestamp.patch"
 pkgver=$_pkgver.$_timestamp
 pkgrel=1
@@ -41,7 +41,7 @@
         )
 sha256sums=('61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa'
             'af640ea64e923d525a8238832e8452381e6dc76a3bf28046411cadd67c408114'
-            'e41e5dea54db4311655ccc68b371ac15dcc48f8767ca0a02150af70e831d2e4d'
+            'dceb3a6aeb9ba71e68835e37d2add6c6d4c60f6e253b4bd9c20b6a8e82ec0a96'
             'SKIP'
             '7ae000eaa1df8809cc5e27427e3ee5962bfd15d32cea3c9367321a9ea9a1f28c'
             '63dd010c2ad0df4279ee00f1530850560b722235a3430df5efd5cffcb045b203'
@@ -58,7 +58,7 @@
             '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
             'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be'
             '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4'
-            'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f')
+            '19e59be36d3649fa72f93dc2a942df711935e7cb695632c4818f983363806eca')
 
 _kernelname=${pkgbase#linux}
 

Modified: sysctl.conf
===================================================================
--- sysctl.conf	2014-05-26 03:30:18 UTC (rev 111868)
+++ sysctl.conf	2014-05-26 03:52:03 UTC (rev 111869)
@@ -1,11 +1,13 @@
-# All features in the kernel.grsecurity namespace are disabled by default.
+# All features in the kernel.grsecurity namespace are disabled by default in
+# the kernel and must be enabled here.
 
 #
-# Disable PaX enforcement by default, due to lacking integration with packages.
+# Disable PaX enforcement by default.
 #
-# This is considered a major flaw in this package and will be corrected in the
-# future. Many binaries need to be flagged as requiring an exception from the
-# PaX rules.
+# The `paxd` package sets softmode back to 0 in a configuration file loaded
+# after this one. It automatically handles setting exceptions from the PaX
+# exploit mitigations after Pacman operations. Altering the setting here rather
+# than using `paxd` is not recommended.
 #
 
 kernel.pax.softmode = 1

More information about the arch-commits mailing list