OSDN -- オープンソース・ソフトウェアの開発とダウンロード
日本語の翻訳状況 translation status for ja
  • R/O
  • SSH
  • HTTPS

caitsith: コミット


コミットメタ情報

リビジョン360 (tree)
日時2021-09-16 22:19:38
作者kumaneko

ログメッセージ

(メッセージはありません)

変更サマリ

差分

--- tags/htdocs/index.html (revision 359)
+++ tags/htdocs/index.html (revision 360)
@@ -304,12 +304,12 @@
304304 <p>Run the following commands in order to extract source code of CaitSith:</p>
305305
306306 <pre class="command">
307-# wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz'
308-# wget -O caitsith-patch-0.2-20210606.tar.gz.asc 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz.asc'
307+# wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz'
308+# wget -O caitsith-patch-0.2-20210916.tar.gz.asc 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz.asc'
309309 # wget https://tomoyo.osdn.jp/kumaneko-key
310310 # gpg --import kumaneko-key
311-# gpg caitsith-patch-0.2-20210606.tar.gz.asc
312-# tar -zxf caitsith-patch-0.2-20210606.tar.gz
311+# gpg caitsith-patch-0.2-20210916.tar.gz.asc
312+# tar -zxf caitsith-patch-0.2-20210916.tar.gz
313313 </pre>
314314
315315 <hr>
@@ -645,12 +645,12 @@
645645 Also, there are several patches which can be applied to distributor's latest kernels. For example "3.10-centos-7" if using CentOS 7's latest kernel:</p>
646646
647647 <pre class="command">
648-$ wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz'
649-$ wget -O caitsith-patch-0.2-20210606.tar.gz.asc 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz.asc'
648+$ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz'
649+$ wget -O caitsith-patch-0.2-20210916.tar.gz.asc 'https://osdn.jp/frs/redir.php?m=jaist&amp;f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz.asc'
650650 $ wget https://tomoyo.osdn.jp/kumaneko-key
651651 $ gpg --import kumaneko-key
652-$ gpg caitsith-patch-0.2-20210606.tar.gz.asc
653-$ tar -zxf caitsith-patch-0.2-20210606.tar.gz
652+$ gpg caitsith-patch-0.2-20210916.tar.gz.asc
653+$ tar -zxf caitsith-patch-0.2-20210916.tar.gz
654654 $ sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' -- patches/ccs-patch-*.diff
655655 $ patch -sp1 &lt; patches/ccs-patch-$VERSION.diff
656656 </pre>
--- trunk/caitsith-patch/patches/ccs-patch-4.18-centos-8.diff (revision 359)
+++ trunk/caitsith-patch/patches/ccs-patch-4.18-centos-8.diff (revision 360)
@@ -1,6 +1,6 @@
11 This is TOMOYO Linux patch for CentOS 8.
22
3-Source code for this patch is https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.17.1.el8_4.src.rpm
3+Source code for this patch is https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.19.1.el8_4.src.rpm
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 9 +++++-
2929 24 files changed, 148 insertions(+), 29 deletions(-)
3030
31---- linux-4.18.0-305.17.1.el8.orig/fs/exec.c
32-+++ linux-4.18.0-305.17.1.el8/fs/exec.c
31+--- linux-4.18.0-305.19.1.el8.orig/fs/exec.c
32++++ linux-4.18.0-305.19.1.el8/fs/exec.c
3333 @@ -1707,7 +1707,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.18.0-305.17.1.el8.orig/fs/open.c
43-+++ linux-4.18.0-305.17.1.el8/fs/open.c
42+--- linux-4.18.0-305.19.1.el8.orig/fs/open.c
43++++ linux-4.18.0-305.19.1.el8/fs/open.c
4444 @@ -1237,6 +1237,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.18.0-305.17.1.el8.orig/fs/proc/version.c
54-+++ linux-4.18.0-305.17.1.el8/fs/proc/version.c
53+--- linux-4.18.0-305.19.1.el8.orig/fs/proc/version.c
54++++ linux-4.18.0-305.19.1.el8/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.18.0-305.17.1.el8_4 2021/09/10\n");
62++ printk(KERN_INFO "Hook version: 4.18.0-305.19.1.el8_4 2021/09/16\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.18.0-305.17.1.el8.orig/include/linux/sched.h
67-+++ linux-4.18.0-305.17.1.el8/include/linux/sched.h
66+--- linux-4.18.0-305.19.1.el8.orig/include/linux/sched.h
67++++ linux-4.18.0-305.19.1.el8/include/linux/sched.h
6868 @@ -41,6 +41,7 @@ struct audit_context;
6969 struct backing_dev_info;
7070 struct bio_list;
@@ -84,8 +84,8 @@
8484
8585 /*
8686 * New fields for task_struct should be added above here, so that
87---- linux-4.18.0-305.17.1.el8.orig/include/linux/security.h
88-+++ linux-4.18.0-305.17.1.el8/include/linux/security.h
87+--- linux-4.18.0-305.19.1.el8.orig/include/linux/security.h
88++++ linux-4.18.0-305.19.1.el8/include/linux/security.h
8989 @@ -57,6 +57,7 @@ struct mm_struct;
9090 struct fs_context;
9191 struct fs_parameter;
@@ -306,8 +306,8 @@
306306 }
307307 #endif /* CONFIG_SECURITY_PATH */
308308
309---- linux-4.18.0-305.17.1.el8.orig/include/net/ip.h
310-+++ linux-4.18.0-305.17.1.el8/include/net/ip.h
309+--- linux-4.18.0-305.19.1.el8.orig/include/net/ip.h
310++++ linux-4.18.0-305.19.1.el8/include/net/ip.h
311311 @@ -286,6 +286,8 @@ void inet_get_local_port_range(struct ne
312312 #ifdef CONFIG_SYSCTL
313313 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -326,8 +326,8 @@
326326 return 0;
327327 }
328328
329---- linux-4.18.0-305.17.1.el8.orig/init/init_task.c
330-+++ linux-4.18.0-305.17.1.el8/init/init_task.c
329+--- linux-4.18.0-305.19.1.el8.orig/init/init_task.c
330++++ linux-4.18.0-305.19.1.el8/init/init_task.c
331331 @@ -196,6 +196,10 @@ struct task_struct init_task
332332 #ifdef CONFIG_SECURITY
333333 .security = NULL,
@@ -339,8 +339,8 @@
339339 };
340340 EXPORT_SYMBOL(init_task);
341341
342---- linux-4.18.0-305.17.1.el8.orig/kernel/kexec.c
343-+++ linux-4.18.0-305.17.1.el8/kernel/kexec.c
342+--- linux-4.18.0-305.19.1.el8.orig/kernel/kexec.c
343++++ linux-4.18.0-305.19.1.el8/kernel/kexec.c
344344 @@ -18,7 +18,7 @@
345345 #include <linux/syscalls.h>
346346 #include <linux/vmalloc.h>
@@ -359,8 +359,8 @@
359359
360360 /* Permit LSMs and IMA to fail the kexec */
361361 result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
362---- linux-4.18.0-305.17.1.el8.orig/kernel/module.c
363-+++ linux-4.18.0-305.17.1.el8/kernel/module.c
362+--- linux-4.18.0-305.19.1.el8.orig/kernel/module.c
363++++ linux-4.18.0-305.19.1.el8/kernel/module.c
364364 @@ -67,6 +67,7 @@
365365 #include <linux/audit.h>
366366 #include <uapi/linux/module.h>
@@ -387,8 +387,8 @@
387387
388388 return 0;
389389 }
390---- linux-4.18.0-305.17.1.el8.orig/kernel/ptrace.c
391-+++ linux-4.18.0-305.17.1.el8/kernel/ptrace.c
390+--- linux-4.18.0-305.19.1.el8.orig/kernel/ptrace.c
391++++ linux-4.18.0-305.19.1.el8/kernel/ptrace.c
392392 @@ -1119,6 +1119,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393393 {
394394 struct task_struct *child;
@@ -413,8 +413,8 @@
413413
414414 if (request == PTRACE_TRACEME) {
415415 ret = ptrace_traceme();
416---- linux-4.18.0-305.17.1.el8.orig/kernel/reboot.c
417-+++ linux-4.18.0-305.17.1.el8/kernel/reboot.c
416+--- linux-4.18.0-305.19.1.el8.orig/kernel/reboot.c
417++++ linux-4.18.0-305.19.1.el8/kernel/reboot.c
418418 @@ -16,6 +16,7 @@
419419 #include <linux/syscalls.h>
420420 #include <linux/syscore_ops.h>
@@ -432,8 +432,8 @@
432432
433433 /*
434434 * If pid namespaces are enabled and the current task is in a child
435---- linux-4.18.0-305.17.1.el8.orig/kernel/sched/core.c
436-+++ linux-4.18.0-305.17.1.el8/kernel/sched/core.c
435+--- linux-4.18.0-305.19.1.el8.orig/kernel/sched/core.c
436++++ linux-4.18.0-305.19.1.el8/kernel/sched/core.c
437437 @@ -4311,6 +4311,8 @@ int can_nice(const struct task_struct *p
438438 SYSCALL_DEFINE1(nice, int, increment)
439439 {
@@ -443,8 +443,8 @@
443443
444444 /*
445445 * Setpriority might change our priority at the same moment.
446---- linux-4.18.0-305.17.1.el8.orig/kernel/signal.c
447-+++ linux-4.18.0-305.17.1.el8/kernel/signal.c
446+--- linux-4.18.0-305.19.1.el8.orig/kernel/signal.c
447++++ linux-4.18.0-305.19.1.el8/kernel/signal.c
448448 @@ -3533,6 +3533,8 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, s
449449 {
450450 struct kernel_siginfo info;
@@ -490,8 +490,8 @@
490490 return do_send_specific(tgid, pid, sig, info);
491491 }
492492
493---- linux-4.18.0-305.17.1.el8.orig/kernel/sys.c
494-+++ linux-4.18.0-305.17.1.el8/kernel/sys.c
493+--- linux-4.18.0-305.19.1.el8.orig/kernel/sys.c
494++++ linux-4.18.0-305.19.1.el8/kernel/sys.c
495495 @@ -208,6 +208,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496496
497497 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -521,8 +521,8 @@
521521
522522 down_write(&uts_sem);
523523 errno = -EFAULT;
524---- linux-4.18.0-305.17.1.el8.orig/kernel/time/timekeeping.c
525-+++ linux-4.18.0-305.17.1.el8/kernel/time/timekeeping.c
524+--- linux-4.18.0-305.19.1.el8.orig/kernel/time/timekeeping.c
525++++ linux-4.18.0-305.19.1.el8/kernel/time/timekeeping.c
526526 @@ -26,6 +26,7 @@
527527 #include <linux/pvclock_gtod.h>
528528 #include <linux/compiler.h>
@@ -556,8 +556,8 @@
556556
557557 /*
558558 * Validate if a timespec/timeval used to inject a time
559---- linux-4.18.0-305.17.1.el8.orig/net/ipv4/raw.c
560-+++ linux-4.18.0-305.17.1.el8/net/ipv4/raw.c
559+--- linux-4.18.0-305.19.1.el8.orig/net/ipv4/raw.c
560++++ linux-4.18.0-305.19.1.el8/net/ipv4/raw.c
561561 @@ -781,6 +781,10 @@ static int raw_recvmsg(struct sock *sk,
562562 skb = skb_recv_datagram(sk, flags, noblock, &err);
563563 if (!skb)
@@ -569,8 +569,8 @@
569569
570570 copied = skb->len;
571571 if (len < copied) {
572---- linux-4.18.0-305.17.1.el8.orig/net/ipv4/udp.c
573-+++ linux-4.18.0-305.17.1.el8/net/ipv4/udp.c
572+--- linux-4.18.0-305.19.1.el8.orig/net/ipv4/udp.c
573++++ linux-4.18.0-305.19.1.el8/net/ipv4/udp.c
574574 @@ -1767,6 +1767,8 @@ try_again:
575575 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
576576 if (!skb)
@@ -580,8 +580,8 @@
580580
581581 ulen = udp_skb_len(skb);
582582 copied = len;
583---- linux-4.18.0-305.17.1.el8.orig/net/ipv6/raw.c
584-+++ linux-4.18.0-305.17.1.el8/net/ipv6/raw.c
583+--- linux-4.18.0-305.19.1.el8.orig/net/ipv6/raw.c
584++++ linux-4.18.0-305.19.1.el8/net/ipv6/raw.c
585585 @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk
586586 skb = skb_recv_datagram(sk, flags, noblock, &err);
587587 if (!skb)
@@ -593,8 +593,8 @@
593593
594594 copied = skb->len;
595595 if (copied > len) {
596---- linux-4.18.0-305.17.1.el8.orig/net/ipv6/udp.c
597-+++ linux-4.18.0-305.17.1.el8/net/ipv6/udp.c
596+--- linux-4.18.0-305.19.1.el8.orig/net/ipv6/udp.c
597++++ linux-4.18.0-305.19.1.el8/net/ipv6/udp.c
598598 @@ -345,6 +345,8 @@ try_again:
599599 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
600600 if (!skb)
@@ -604,8 +604,8 @@
604604
605605 ulen = udp6_skb_len(skb);
606606 copied = len;
607---- linux-4.18.0-305.17.1.el8.orig/net/socket.c
608-+++ linux-4.18.0-305.17.1.el8/net/socket.c
607+--- linux-4.18.0-305.19.1.el8.orig/net/socket.c
608++++ linux-4.18.0-305.19.1.el8/net/socket.c
609609 @@ -1715,6 +1715,10 @@ int __sys_accept4_file(struct file *file
610610 if (err < 0)
611611 goto out_fd;
@@ -617,8 +617,8 @@
617617 if (upeer_sockaddr) {
618618 len = newsock->ops->getname(newsock,
619619 (struct sockaddr *)&address, 2);
620---- linux-4.18.0-305.17.1.el8.orig/net/unix/af_unix.c
621-+++ linux-4.18.0-305.17.1.el8/net/unix/af_unix.c
620+--- linux-4.18.0-305.19.1.el8.orig/net/unix/af_unix.c
621++++ linux-4.18.0-305.19.1.el8/net/unix/af_unix.c
622622 @@ -2081,6 +2081,10 @@ static int unix_dgram_recvmsg(struct soc
623623 EPOLLOUT | EPOLLWRNORM |
624624 EPOLLWRBAND);
@@ -638,8 +638,8 @@
638638 mutex_unlock(&u->iolock);
639639 out:
640640 return err;
641---- linux-4.18.0-305.17.1.el8.orig/security/Kconfig
642-+++ linux-4.18.0-305.17.1.el8/security/Kconfig
641+--- linux-4.18.0-305.19.1.el8.orig/security/Kconfig
642++++ linux-4.18.0-305.19.1.el8/security/Kconfig
643643 @@ -315,4 +315,6 @@ config DEFAULT_SECURITY
644644
645645 source "security/Kconfig.hardening"
@@ -647,8 +647,8 @@
647647 +source security/ccsecurity/Kconfig
648648 +
649649 endmenu
650---- linux-4.18.0-305.17.1.el8.orig/security/Makefile
651-+++ linux-4.18.0-305.17.1.el8/security/Makefile
650+--- linux-4.18.0-305.19.1.el8.orig/security/Makefile
651++++ linux-4.18.0-305.19.1.el8/security/Makefile
652652 @@ -33,3 +33,6 @@ obj-$(CONFIG_INTEGRITY) += integrity/
653653
654654 # Allow the kernel to be locked down
@@ -656,8 +656,8 @@
656656 +
657657 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
658658 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
659---- linux-4.18.0-305.17.1.el8.orig/security/security.c
660-+++ linux-4.18.0-305.17.1.el8/security/security.c
659+--- linux-4.18.0-305.19.1.el8.orig/security/security.c
660++++ linux-4.18.0-305.19.1.el8/security/security.c
661661 @@ -1016,12 +1016,19 @@ int security_file_open(struct file *file
662662
663663 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
--- trunk/caitsith-patch/patches/ccs-patch-5.10.diff (revision 359)
+++ trunk/caitsith-patch/patches/ccs-patch-5.10.diff (revision 360)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 5.10.64.
1+This is TOMOYO Linux patch for kernel 5.10.66.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.10.64.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.10.66.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-5.10.64.orig/fs/exec.c
32-+++ linux-5.10.64/fs/exec.c
31+--- linux-5.10.66.orig/fs/exec.c
32++++ linux-5.10.66/fs/exec.c
3333 @@ -1817,7 +1817,7 @@ static int bprm_execve(struct linux_binp
3434 if (retval)
3535 goto out;
@@ -39,8 +39,8 @@
3939 if (retval < 0)
4040 goto out;
4141
42---- linux-5.10.64.orig/fs/open.c
43-+++ linux-5.10.64/fs/open.c
42+--- linux-5.10.66.orig/fs/open.c
43++++ linux-5.10.66/fs/open.c
4444 @@ -1339,6 +1339,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-5.10.64.orig/fs/proc/version.c
54-+++ linux-5.10.64/fs/proc/version.c
53+--- linux-5.10.66.orig/fs/proc/version.c
54++++ linux-5.10.66/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.10.64 2021/09/13\n");
62++ printk(KERN_INFO "Hook version: 5.10.66 2021/09/16\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-5.10.64.orig/include/linux/sched.h
67-+++ linux-5.10.64/include/linux/sched.h
66+--- linux-5.10.66.orig/include/linux/sched.h
67++++ linux-5.10.66/include/linux/sched.h
6868 @@ -41,6 +41,7 @@ struct backing_dev_info;
6969 struct bio_list;
7070 struct blk_plug;
@@ -84,8 +84,8 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-5.10.64.orig/include/linux/security.h
88-+++ linux-5.10.64/include/linux/security.h
87+--- linux-5.10.66.orig/include/linux/security.h
88++++ linux-5.10.66/include/linux/security.h
8989 @@ -59,6 +59,7 @@ struct fs_parameter;
9090 enum fs_value_type;
9191 struct watch;
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-5.10.64.orig/include/net/ip.h
319-+++ linux-5.10.64/include/net/ip.h
318+--- linux-5.10.66.orig/include/net/ip.h
319++++ linux-5.10.66/include/net/ip.h
320320 @@ -339,6 +339,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)
@@ -335,8 +335,8 @@
335335 return false;
336336 }
337337
338---- linux-5.10.64.orig/init/init_task.c
339-+++ linux-5.10.64/init/init_task.c
338+--- linux-5.10.66.orig/init/init_task.c
339++++ linux-5.10.66/init/init_task.c
340340 @@ -213,6 +213,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECCOMP_FILTER
342342 .seccomp = { .filter_count = ATOMIC_INIT(0) },
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-5.10.64.orig/kernel/kexec.c
352-+++ linux-5.10.64/kernel/kexec.c
351+--- linux-5.10.66.orig/kernel/kexec.c
352++++ linux-5.10.66/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);
371---- linux-5.10.64.orig/kernel/module.c
372-+++ linux-5.10.64/kernel/module.c
371+--- linux-5.10.66.orig/kernel/module.c
372++++ linux-5.10.66/kernel/module.c
373373 @@ -59,6 +59,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-5.10.64.orig/kernel/ptrace.c
400-+++ linux-5.10.64/kernel/ptrace.c
399+--- linux-5.10.66.orig/kernel/ptrace.c
400++++ linux-5.10.66/kernel/ptrace.c
401401 @@ -1254,6 +1254,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-5.10.64.orig/kernel/reboot.c
426-+++ linux-5.10.64/kernel/reboot.c
425+--- linux-5.10.66.orig/kernel/reboot.c
426++++ linux-5.10.66/kernel/reboot.c
427427 @@ -17,6 +17,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,9 +441,9 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-5.10.64.orig/kernel/sched/core.c
445-+++ linux-5.10.64/kernel/sched/core.c
446-@@ -5039,6 +5039,8 @@ int can_nice(const struct task_struct *p
444+--- linux-5.10.66.orig/kernel/sched/core.c
445++++ linux-5.10.66/kernel/sched/core.c
446+@@ -5052,6 +5052,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
449449 long nice, retval;
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-5.10.64.orig/kernel/signal.c
456-+++ linux-5.10.64/kernel/signal.c
455+--- linux-5.10.66.orig/kernel/signal.c
456++++ linux-5.10.66/kernel/signal.c
457457 @@ -3658,6 +3658,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-5.10.64.orig/kernel/sys.c
525-+++ linux-5.10.64/kernel/sys.c
524+--- linux-5.10.66.orig/kernel/sys.c
525++++ linux-5.10.66/kernel/sys.c
526526 @@ -205,6 +205,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-5.10.64.orig/kernel/time/timekeeping.c
556-+++ linux-5.10.64/kernel/time/timekeeping.c
555+--- linux-5.10.66.orig/kernel/time/timekeeping.c
556++++ linux-5.10.66/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-5.10.64.orig/net/ipv4/raw.c
591-+++ linux-5.10.64/net/ipv4/raw.c
590+--- linux-5.10.66.orig/net/ipv4/raw.c
591++++ linux-5.10.66/net/ipv4/raw.c
592592 @@ -768,6 +768,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,8 +600,8 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-5.10.64.orig/net/ipv4/udp.c
604-+++ linux-5.10.64/net/ipv4/udp.c
603+--- linux-5.10.66.orig/net/ipv4/udp.c
604++++ linux-5.10.66/net/ipv4/udp.c
605605 @@ -1801,6 +1801,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-5.10.64.orig/net/ipv6/raw.c
615-+++ linux-5.10.64/net/ipv6/raw.c
614+--- linux-5.10.66.orig/net/ipv6/raw.c
615++++ linux-5.10.66/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,8 +624,8 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-5.10.64.orig/net/ipv6/udp.c
628-+++ linux-5.10.64/net/ipv6/udp.c
627+--- linux-5.10.66.orig/net/ipv6/udp.c
628++++ linux-5.10.66/net/ipv6/udp.c
629629 @@ -343,6 +343,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-5.10.64.orig/net/socket.c
639-+++ linux-5.10.64/net/socket.c
638+--- linux-5.10.66.orig/net/socket.c
639++++ linux-5.10.66/net/socket.c
640640 @@ -1744,6 +1744,10 @@ int __sys_accept4_file(struct file *file
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-5.10.64.orig/net/unix/af_unix.c
652-+++ linux-5.10.64/net/unix/af_unix.c
651+--- linux-5.10.66.orig/net/unix/af_unix.c
652++++ linux-5.10.66/net/unix/af_unix.c
653653 @@ -2175,6 +2175,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-5.10.64.orig/security/Kconfig
673-+++ linux-5.10.64/security/Kconfig
672+--- linux-5.10.66.orig/security/Kconfig
673++++ linux-5.10.66/security/Kconfig
674674 @@ -291,5 +291,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-5.10.64.orig/security/Makefile
683-+++ linux-5.10.64/security/Makefile
682+--- linux-5.10.66.orig/security/Makefile
683++++ linux-5.10.66/security/Makefile
684684 @@ -36,3 +36,6 @@ obj-$(CONFIG_BPF_LSM) += bpf/
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-5.10.64.orig/security/security.c
692-+++ linux-5.10.64/security/security.c
691+--- linux-5.10.66.orig/security/security.c
692++++ linux-5.10.66/security/security.c
693693 @@ -1586,7 +1586,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
--- trunk/caitsith-patch/patches/ccs-patch-5.13.diff (revision 359)
+++ trunk/caitsith-patch/patches/ccs-patch-5.13.diff (revision 360)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 5.13.16.
1+This is TOMOYO Linux patch for kernel 5.13.18.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.13.16.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.13.18.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-5.13.16.orig/fs/exec.c
32-+++ linux-5.13.16/fs/exec.c
31+--- linux-5.13.18.orig/fs/exec.c
32++++ linux-5.13.18/fs/exec.c
3333 @@ -1831,7 +1831,7 @@ static int bprm_execve(struct linux_binp
3434 if (retval)
3535 goto out;
@@ -39,8 +39,8 @@
3939 if (retval < 0)
4040 goto out;
4141
42---- linux-5.13.16.orig/fs/open.c
43-+++ linux-5.13.16/fs/open.c
42+--- linux-5.13.18.orig/fs/open.c
43++++ linux-5.13.18/fs/open.c
4444 @@ -1354,6 +1354,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-5.13.16.orig/fs/proc/version.c
54-+++ linux-5.13.16/fs/proc/version.c
53+--- linux-5.13.18.orig/fs/proc/version.c
54++++ linux-5.13.18/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.13.16 2021/09/13\n");
62++ printk(KERN_INFO "Hook version: 5.13.18 2021/09/16\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-5.13.16.orig/include/linux/sched.h
67-+++ linux-5.13.16/include/linux/sched.h
66+--- linux-5.13.18.orig/include/linux/sched.h
67++++ linux-5.13.18/include/linux/sched.h
6868 @@ -43,6 +43,7 @@ struct bio_list;
6969 struct blk_plug;
7070 struct bpf_local_storage;
@@ -84,8 +84,8 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-5.13.16.orig/include/linux/security.h
88-+++ linux-5.13.16/include/linux/security.h
87+--- linux-5.13.18.orig/include/linux/security.h
88++++ linux-5.13.18/include/linux/security.h
8989 @@ -59,6 +59,7 @@ struct fs_parameter;
9090 enum fs_value_type;
9191 struct watch;
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-5.13.16.orig/include/net/ip.h
319-+++ linux-5.13.16/include/net/ip.h
318+--- linux-5.13.18.orig/include/net/ip.h
319++++ linux-5.13.18/include/net/ip.h
320320 @@ -339,6 +339,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)
@@ -335,8 +335,8 @@
335335 return false;
336336 }
337337
338---- linux-5.13.16.orig/init/init_task.c
339-+++ linux-5.13.16/init/init_task.c
338+--- linux-5.13.18.orig/init/init_task.c
339++++ linux-5.13.18/init/init_task.c
340340 @@ -213,6 +213,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECCOMP_FILTER
342342 .seccomp = { .filter_count = ATOMIC_INIT(0) },
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-5.13.16.orig/kernel/kexec.c
352-+++ linux-5.13.16/kernel/kexec.c
351+--- linux-5.13.18.orig/kernel/kexec.c
352++++ linux-5.13.18/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);
371---- linux-5.13.16.orig/kernel/module.c
372-+++ linux-5.13.16/kernel/module.c
371+--- linux-5.13.18.orig/kernel/module.c
372++++ linux-5.13.18/kernel/module.c
373373 @@ -58,6 +58,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-5.13.16.orig/kernel/ptrace.c
400-+++ linux-5.13.16/kernel/ptrace.c
399+--- linux-5.13.18.orig/kernel/ptrace.c
400++++ linux-5.13.18/kernel/ptrace.c
401401 @@ -1279,6 +1279,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-5.13.16.orig/kernel/reboot.c
426-+++ linux-5.13.16/kernel/reboot.c
425+--- linux-5.13.18.orig/kernel/reboot.c
426++++ linux-5.13.18/kernel/reboot.c
427427 @@ -17,6 +17,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,9 +441,9 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-5.13.16.orig/kernel/sched/core.c
445-+++ linux-5.13.16/kernel/sched/core.c
446-@@ -5794,6 +5794,8 @@ int can_nice(const struct task_struct *p
444+--- linux-5.13.18.orig/kernel/sched/core.c
445++++ linux-5.13.18/kernel/sched/core.c
446+@@ -5807,6 +5807,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
449449 long nice, retval;
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-5.13.16.orig/kernel/signal.c
456-+++ linux-5.13.16/kernel/signal.c
455+--- linux-5.13.18.orig/kernel/signal.c
456++++ linux-5.13.18/kernel/signal.c
457457 @@ -3699,6 +3699,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-5.13.16.orig/kernel/sys.c
525-+++ linux-5.13.16/kernel/sys.c
524+--- linux-5.13.18.orig/kernel/sys.c
525++++ linux-5.13.18/kernel/sys.c
526526 @@ -211,6 +211,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-5.13.16.orig/kernel/time/timekeeping.c
556-+++ linux-5.13.16/kernel/time/timekeeping.c
555+--- linux-5.13.18.orig/kernel/time/timekeeping.c
556++++ linux-5.13.18/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-5.13.16.orig/net/ipv4/raw.c
591-+++ linux-5.13.16/net/ipv4/raw.c
590+--- linux-5.13.18.orig/net/ipv4/raw.c
591++++ linux-5.13.18/net/ipv4/raw.c
592592 @@ -768,6 +768,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,8 +600,8 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-5.13.16.orig/net/ipv4/udp.c
604-+++ linux-5.13.16/net/ipv4/udp.c
603+--- linux-5.13.18.orig/net/ipv4/udp.c
604++++ linux-5.13.18/net/ipv4/udp.c
605605 @@ -1850,6 +1850,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-5.13.16.orig/net/ipv6/raw.c
615-+++ linux-5.13.16/net/ipv6/raw.c
614+--- linux-5.13.18.orig/net/ipv6/raw.c
615++++ linux-5.13.18/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,8 +624,8 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-5.13.16.orig/net/ipv6/udp.c
628-+++ linux-5.13.16/net/ipv6/udp.c
627+--- linux-5.13.18.orig/net/ipv6/udp.c
628++++ linux-5.13.18/net/ipv6/udp.c
629629 @@ -342,6 +342,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-5.13.16.orig/net/socket.c
639-+++ linux-5.13.16/net/socket.c
638+--- linux-5.13.18.orig/net/socket.c
639++++ linux-5.13.18/net/socket.c
640640 @@ -1727,6 +1727,10 @@ int __sys_accept4_file(struct file *file
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-5.13.16.orig/net/unix/af_unix.c
652-+++ linux-5.13.16/net/unix/af_unix.c
651+--- linux-5.13.18.orig/net/unix/af_unix.c
652++++ linux-5.13.18/net/unix/af_unix.c
653653 @@ -2176,6 +2176,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-5.13.16.orig/security/Kconfig
673-+++ linux-5.13.16/security/Kconfig
672+--- linux-5.13.18.orig/security/Kconfig
673++++ linux-5.13.18/security/Kconfig
674674 @@ -292,5 +292,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-5.13.16.orig/security/Makefile
683-+++ linux-5.13.16/security/Makefile
682+--- linux-5.13.18.orig/security/Makefile
683++++ linux-5.13.18/security/Makefile
684684 @@ -38,3 +38,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK) += land
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-5.13.16.orig/security/security.c
692-+++ linux-5.13.16/security/security.c
691+--- linux-5.13.18.orig/security/security.c
692++++ linux-5.13.18/security/security.c
693693 @@ -1644,7 +1644,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
--- trunk/caitsith-patch/patches/ccs-patch-5.14.diff (revision 359)
+++ trunk/caitsith-patch/patches/ccs-patch-5.14.diff (revision 360)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 5.14.3.
1+This is TOMOYO Linux patch for kernel 5.14.5.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.14.3.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.14.5.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-5.14.3.orig/fs/exec.c
32-+++ linux-5.14.3/fs/exec.c
31+--- linux-5.14.5.orig/fs/exec.c
32++++ linux-5.14.5/fs/exec.c
3333 @@ -1828,7 +1828,7 @@ static int bprm_execve(struct linux_binp
3434 if (retval)
3535 goto out;
@@ -39,8 +39,8 @@
3939 if (retval < 0)
4040 goto out;
4141
42---- linux-5.14.3.orig/fs/open.c
43-+++ linux-5.14.3/fs/open.c
42+--- linux-5.14.5.orig/fs/open.c
43++++ linux-5.14.5/fs/open.c
4444 @@ -1363,6 +1363,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-5.14.3.orig/fs/proc/version.c
54-+++ linux-5.14.3/fs/proc/version.c
53+--- linux-5.14.5.orig/fs/proc/version.c
54++++ linux-5.14.5/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.14.3 2021/09/13\n");
62++ printk(KERN_INFO "Hook version: 5.14.5 2021/09/16\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-5.14.3.orig/include/linux/sched.h
67-+++ linux-5.14.3/include/linux/sched.h
66+--- linux-5.14.5.orig/include/linux/sched.h
67++++ linux-5.14.5/include/linux/sched.h
6868 @@ -43,6 +43,7 @@ struct bio_list;
6969 struct blk_plug;
7070 struct bpf_local_storage;
@@ -84,8 +84,8 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-5.14.3.orig/include/linux/security.h
88-+++ linux-5.14.3/include/linux/security.h
87+--- linux-5.14.5.orig/include/linux/security.h
88++++ linux-5.14.5/include/linux/security.h
8989 @@ -59,6 +59,7 @@ struct fs_parameter;
9090 enum fs_value_type;
9191 struct watch;
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-5.14.3.orig/include/net/ip.h
319-+++ linux-5.14.3/include/net/ip.h
318+--- linux-5.14.5.orig/include/net/ip.h
319++++ linux-5.14.5/include/net/ip.h
320320 @@ -339,6 +339,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)
@@ -335,8 +335,8 @@
335335 return false;
336336 }
337337
338---- linux-5.14.3.orig/init/init_task.c
339-+++ linux-5.14.3/init/init_task.c
338+--- linux-5.14.5.orig/init/init_task.c
339++++ linux-5.14.5/init/init_task.c
340340 @@ -213,6 +213,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECCOMP_FILTER
342342 .seccomp = { .filter_count = ATOMIC_INIT(0) },
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-5.14.3.orig/kernel/kexec.c
352-+++ linux-5.14.3/kernel/kexec.c
351+--- linux-5.14.5.orig/kernel/kexec.c
352++++ linux-5.14.5/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);
371---- linux-5.14.3.orig/kernel/module.c
372-+++ linux-5.14.3/kernel/module.c
371+--- linux-5.14.5.orig/kernel/module.c
372++++ linux-5.14.5/kernel/module.c
373373 @@ -59,6 +59,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-5.14.3.orig/kernel/ptrace.c
400-+++ linux-5.14.3/kernel/ptrace.c
399+--- linux-5.14.5.orig/kernel/ptrace.c
400++++ linux-5.14.5/kernel/ptrace.c
401401 @@ -1279,6 +1279,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-5.14.3.orig/kernel/reboot.c
426-+++ linux-5.14.3/kernel/reboot.c
425+--- linux-5.14.5.orig/kernel/reboot.c
426++++ linux-5.14.5/kernel/reboot.c
427427 @@ -18,6 +18,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,9 +441,9 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-5.14.3.orig/kernel/sched/core.c
445-+++ linux-5.14.3/kernel/sched/core.c
446-@@ -6671,6 +6671,8 @@ int can_nice(const struct task_struct *p
444+--- linux-5.14.5.orig/kernel/sched/core.c
445++++ linux-5.14.5/kernel/sched/core.c
446+@@ -6684,6 +6684,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
449449 long nice, retval;
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-5.14.3.orig/kernel/signal.c
456-+++ linux-5.14.3/kernel/signal.c
455+--- linux-5.14.5.orig/kernel/signal.c
456++++ linux-5.14.5/kernel/signal.c
457457 @@ -3714,6 +3714,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-5.14.3.orig/kernel/sys.c
525-+++ linux-5.14.3/kernel/sys.c
524+--- linux-5.14.5.orig/kernel/sys.c
525++++ linux-5.14.5/kernel/sys.c
526526 @@ -211,6 +211,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-5.14.3.orig/kernel/time/timekeeping.c
556-+++ linux-5.14.3/kernel/time/timekeeping.c
555+--- linux-5.14.5.orig/kernel/time/timekeeping.c
556++++ linux-5.14.5/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-5.14.3.orig/net/ipv4/raw.c
591-+++ linux-5.14.3/net/ipv4/raw.c
590+--- linux-5.14.5.orig/net/ipv4/raw.c
591++++ linux-5.14.5/net/ipv4/raw.c
592592 @@ -768,6 +768,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,8 +600,8 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-5.14.3.orig/net/ipv4/udp.c
604-+++ linux-5.14.3/net/ipv4/udp.c
603+--- linux-5.14.5.orig/net/ipv4/udp.c
604++++ linux-5.14.5/net/ipv4/udp.c
605605 @@ -1850,6 +1850,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-5.14.3.orig/net/ipv6/raw.c
615-+++ linux-5.14.3/net/ipv6/raw.c
614+--- linux-5.14.5.orig/net/ipv6/raw.c
615++++ linux-5.14.5/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,8 +624,8 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-5.14.3.orig/net/ipv6/udp.c
628-+++ linux-5.14.3/net/ipv6/udp.c
627+--- linux-5.14.5.orig/net/ipv6/udp.c
628++++ linux-5.14.5/net/ipv6/udp.c
629629 @@ -342,6 +342,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-5.14.3.orig/net/socket.c
639-+++ linux-5.14.3/net/socket.c
638+--- linux-5.14.5.orig/net/socket.c
639++++ linux-5.14.5/net/socket.c
640640 @@ -1782,6 +1782,10 @@ int __sys_accept4_file(struct file *file
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-5.14.3.orig/net/unix/af_unix.c
652-+++ linux-5.14.3/net/unix/af_unix.c
651+--- linux-5.14.5.orig/net/unix/af_unix.c
652++++ linux-5.14.5/net/unix/af_unix.c
653653 @@ -2180,6 +2180,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-5.14.3.orig/security/Kconfig
673-+++ linux-5.14.3/security/Kconfig
672+--- linux-5.14.5.orig/security/Kconfig
673++++ linux-5.14.5/security/Kconfig
674674 @@ -292,5 +292,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-5.14.3.orig/security/Makefile
683-+++ linux-5.14.3/security/Makefile
682+--- linux-5.14.5.orig/security/Makefile
683++++ linux-5.14.5/security/Makefile
684684 @@ -38,3 +38,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK) += land
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-5.14.3.orig/security/security.c
692-+++ linux-5.14.3/security/security.c
691+--- linux-5.14.5.orig/security/security.c
692++++ linux-5.14.5/security/security.c
693693 @@ -1644,7 +1644,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
--- trunk/caitsith-patch/patches/ccs-patch-5.4.diff (revision 359)
+++ trunk/caitsith-patch/patches/ccs-patch-5.4.diff (revision 360)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 5.4.145.
1+This is TOMOYO Linux patch for kernel 5.4.147.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.4.145.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.4.147.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-5.4.145.orig/fs/exec.c
32-+++ linux-5.4.145/fs/exec.c
31+--- linux-5.4.147.orig/fs/exec.c
32++++ linux-5.4.147/fs/exec.c
3333 @@ -1730,7 +1730,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-5.4.145.orig/fs/open.c
43-+++ linux-5.4.145/fs/open.c
42+--- linux-5.4.147.orig/fs/open.c
43++++ linux-5.4.147/fs/open.c
4444 @@ -1205,6 +1205,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-5.4.145.orig/fs/proc/version.c
54-+++ linux-5.4.145/fs/proc/version.c
53+--- linux-5.4.147.orig/fs/proc/version.c
54++++ linux-5.4.147/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.4.145 2021/09/13\n");
62++ printk(KERN_INFO "Hook version: 5.4.147 2021/09/16\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-5.4.145.orig/include/linux/sched.h
67-+++ linux-5.4.145/include/linux/sched.h
66+--- linux-5.4.147.orig/include/linux/sched.h
67++++ linux-5.4.147/include/linux/sched.h
6868 @@ -38,6 +38,7 @@ struct backing_dev_info;
6969 struct bio_list;
7070 struct blk_plug;
@@ -84,8 +84,8 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-5.4.145.orig/include/linux/security.h
88-+++ linux-5.4.145/include/linux/security.h
87+--- linux-5.4.147.orig/include/linux/security.h
88++++ linux-5.4.147/include/linux/security.h
8989 @@ -57,6 +57,7 @@ struct mm_struct;
9090 struct fs_context;
9191 struct fs_parameter;
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-5.4.145.orig/include/net/ip.h
319-+++ linux-5.4.145/include/net/ip.h
318+--- linux-5.4.147.orig/include/net/ip.h
319++++ linux-5.4.147/include/net/ip.h
320320 @@ -342,6 +342,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -335,8 +335,8 @@
335335 return 0;
336336 }
337337
338---- linux-5.4.145.orig/init/init_task.c
339-+++ linux-5.4.145/init/init_task.c
338+--- linux-5.4.147.orig/init/init_task.c
339++++ linux-5.4.147/init/init_task.c
340340 @@ -183,6 +183,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECURITY
342342 .security = NULL,
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-5.4.145.orig/kernel/kexec.c
352-+++ linux-5.4.145/kernel/kexec.c
351+--- linux-5.4.147.orig/kernel/kexec.c
352++++ linux-5.4.147/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
371---- linux-5.4.145.orig/kernel/module.c
372-+++ linux-5.4.145/kernel/module.c
371+--- linux-5.4.147.orig/kernel/module.c
372++++ linux-5.4.147/kernel/module.c
373373 @@ -55,6 +55,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-5.4.145.orig/kernel/ptrace.c
400-+++ linux-5.4.145/kernel/ptrace.c
399+--- linux-5.4.147.orig/kernel/ptrace.c
400++++ linux-5.4.147/kernel/ptrace.c
401401 @@ -1254,6 +1254,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-5.4.145.orig/kernel/reboot.c
426-+++ linux-5.4.145/kernel/reboot.c
425+--- linux-5.4.147.orig/kernel/reboot.c
426++++ linux-5.4.147/kernel/reboot.c
427427 @@ -17,6 +17,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,9 +441,9 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-5.4.145.orig/kernel/sched/core.c
445-+++ linux-5.4.145/kernel/sched/core.c
446-@@ -4661,6 +4661,8 @@ int can_nice(const struct task_struct *p
444+--- linux-5.4.147.orig/kernel/sched/core.c
445++++ linux-5.4.147/kernel/sched/core.c
446+@@ -4674,6 +4674,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
449449 long nice, retval;
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-5.4.145.orig/kernel/signal.c
456-+++ linux-5.4.145/kernel/signal.c
455+--- linux-5.4.147.orig/kernel/signal.c
456++++ linux-5.4.147/kernel/signal.c
457457 @@ -3644,6 +3644,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-5.4.145.orig/kernel/sys.c
525-+++ linux-5.4.145/kernel/sys.c
524+--- linux-5.4.147.orig/kernel/sys.c
525++++ linux-5.4.147/kernel/sys.c
526526 @@ -204,6 +204,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-5.4.145.orig/kernel/time/timekeeping.c
556-+++ linux-5.4.145/kernel/time/timekeeping.c
555+--- linux-5.4.147.orig/kernel/time/timekeeping.c
556++++ linux-5.4.147/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-5.4.145.orig/net/ipv4/raw.c
591-+++ linux-5.4.145/net/ipv4/raw.c
590+--- linux-5.4.147.orig/net/ipv4/raw.c
591++++ linux-5.4.147/net/ipv4/raw.c
592592 @@ -767,6 +767,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,8 +600,8 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-5.4.145.orig/net/ipv4/udp.c
604-+++ linux-5.4.145/net/ipv4/udp.c
603+--- linux-5.4.147.orig/net/ipv4/udp.c
604++++ linux-5.4.147/net/ipv4/udp.c
605605 @@ -1744,6 +1744,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-5.4.145.orig/net/ipv6/raw.c
615-+++ linux-5.4.145/net/ipv6/raw.c
614+--- linux-5.4.147.orig/net/ipv6/raw.c
615++++ linux-5.4.147/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,8 +624,8 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-5.4.145.orig/net/ipv6/udp.c
628-+++ linux-5.4.145/net/ipv6/udp.c
627+--- linux-5.4.147.orig/net/ipv6/udp.c
628++++ linux-5.4.147/net/ipv6/udp.c
629629 @@ -291,6 +291,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-5.4.145.orig/net/socket.c
639-+++ linux-5.4.145/net/socket.c
638+--- linux-5.4.147.orig/net/socket.c
639++++ linux-5.4.147/net/socket.c
640640 @@ -1744,6 +1744,10 @@ int __sys_accept4(int fd, struct sockadd
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-5.4.145.orig/net/unix/af_unix.c
652-+++ linux-5.4.145/net/unix/af_unix.c
651+--- linux-5.4.147.orig/net/unix/af_unix.c
652++++ linux-5.4.147/net/unix/af_unix.c
653653 @@ -2142,6 +2142,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-5.4.145.orig/security/Kconfig
673-+++ linux-5.4.145/security/Kconfig
672+--- linux-5.4.147.orig/security/Kconfig
673++++ linux-5.4.147/security/Kconfig
674674 @@ -291,5 +291,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-5.4.145.orig/security/Makefile
683-+++ linux-5.4.145/security/Makefile
682+--- linux-5.4.147.orig/security/Makefile
683++++ linux-5.4.147/security/Makefile
684684 @@ -34,3 +34,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-5.4.145.orig/security/security.c
692-+++ linux-5.4.145/security/security.c
691+--- linux-5.4.147.orig/security/security.c
692++++ linux-5.4.147/security/security.c
693693 @@ -1507,7 +1507,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
--- trunk/caitsith-patch/specs/build-c6-2.6.32.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-c6-2.6.32.sh (revision 360)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.32-754.35.1.el6.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
21+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
2222 then
23- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
23+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -69,7 +69,7 @@
6969 ApplyOptionalPatch linux-kernel-test.patch
7070
7171 +# CaitSith
72-+tar -zxf %_sourcedir/caitsith-patch-0.2-20210606.tar.gz
72++tar -zxf %_sourcedir/caitsith-patch-0.2-20210916.tar.gz
7373 +sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
7474 +patch -sp1 < patches/ccs-patch-2.6.32-centos-6.diff
7575 # Any further pre-build tree manipulations happen here.
--- trunk/caitsith-patch/specs/build-c7-3.10.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-c7-3.10.sh (revision 360)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-3.10.0-1160.42.2.el7.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
21+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
2222 then
23- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
23+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -69,7 +69,7 @@
6969 ApplyOptionalPatch debrand-rh-i686-cpu.patch
7070
7171 +# CaitSith
72-+tar -zxf %_sourcedir/caitsith-patch-0.2-20210606.tar.gz
72++tar -zxf %_sourcedir/caitsith-patch-0.2-20210916.tar.gz
7373 +sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
7474 +patch -sp1 < patches/ccs-patch-3.10-centos-7.diff
7575 # Any further pre-build tree manipulations happen here.
--- trunk/caitsith-patch/specs/build-c8-4.18.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-c8-4.18.sh (revision 360)
@@ -10,17 +10,17 @@
1010
1111 cd /tmp/ || die "Can't chdir to /tmp/ ."
1212
13-if [ ! -r kernel-4.18.0-305.17.1.el8_4.src.rpm ]
13+if [ ! -r kernel-4.18.0-305.19.1.el8_4.src.rpm ]
1414 then
15- wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.17.1.el8_4.src.rpm || die "Can't download source package."
15+ wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.19.1.el8_4.src.rpm || die "Can't download source package."
1616 fi
17-LANG=C rpm --checksig kernel-4.18.0-305.17.1.el8_4.src.rpm | grep -F ': digests signatures OK' || die "Can't verify signature."
18-rpm -ivh kernel-4.18.0-305.17.1.el8_4.src.rpm || die "Can't install source package."
17+LANG=C rpm --checksig kernel-4.18.0-305.19.1.el8_4.src.rpm | grep -F ': digests signatures OK' || die "Can't verify signature."
18+rpm -ivh kernel-4.18.0-305.19.1.el8_4.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
21+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
2222 then
23- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
23+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -36,13 +36,13 @@
3636 +%define buildid _caitsith_0.2.10
3737
3838 %define rpmversion 4.18.0
39- %define pkgrelease 305.17.1.el8_4
39+ %define pkgrelease 305.19.1.el8_4
4040 @@ -1097,6 +1097,10 @@
4141
4242 # END OF PATCH APPLICATIONS
4343
4444 +# CaitSith
45-+tar -zxf %_sourcedir/caitsith-patch-0.2-20210606.tar.gz
45++tar -zxf %_sourcedir/caitsith-patch-0.2-20210916.tar.gz
4646 +sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
4747 +patch -sp1 < patches/ccs-patch-4.18-centos-8.diff
4848 # Any further pre-build tree manipulations happen here.
--- trunk/caitsith-patch/specs/build-debian_wheezy.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-debian_wheezy.sh (revision 360)
@@ -23,10 +23,10 @@
2323 # Download CaitSith patches.
2424 mkdir -p ~/rpmbuild/SOURCES/
2525 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
26-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
26+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
2727 then
2828 apt-get -y install wget
29- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
29+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
3030 fi
3131
3232 # Install kernel source packages.
@@ -38,7 +38,7 @@
3838
3939 # Apply patches and create kernel config.
4040 cd linux-source-3.2 || die "Can't chdir to linux-source-3.2/ ."
41-tar -zxf ~/rpmbuild/SOURCES/caitsith-patch-0.2-20210606.tar.gz || die "Can't extract patch."
41+tar -zxf ~/rpmbuild/SOURCES/caitsith-patch-0.2-20210916.tar.gz || die "Can't extract patch."
4242 sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
4343 patch -p1 < patches/ccs-patch-3.2-debian-wheezy.diff || die "Can't apply patch."
4444 cat /boot/config-3.2.0-$ABI_VERSION-$ORIGINAL_FLAVOUR config.caitsith > .config || die "Can't create config."
--- trunk/caitsith-patch/specs/build-ubuntu_12.04.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-ubuntu_12.04.sh (revision 360)
@@ -29,9 +29,9 @@
2929 # Download CaitSith patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
32+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
3333 then
34- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
34+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.2.0/ || die "Can't chdir to linux-3.2.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/caitsith-patch-0.2-20210606.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/caitsith-patch-0.2-20210916.tar.gz || die "Can't extract patch."
4848 sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
4949 patch -p1 < patches/ccs-patch-3.2-ubuntu-12.04.diff || die "Can't apply patch."
5050 rm -fR patches/ specs/ || die "Can't delete patch."
--- trunk/caitsith-patch/specs/build-ubuntu_14.04.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-ubuntu_14.04.sh (revision 360)
@@ -29,9 +29,9 @@
2929 # Download CaitSith patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
32+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
3333 then
34- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
34+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.13.0/ || die "Can't chdir to linux-3.13.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/caitsith-patch-0.2-20210606.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/caitsith-patch-0.2-20210916.tar.gz || die "Can't extract patch."
4848 sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
4949 patch -p1 < patches/ccs-patch-3.13-ubuntu-14.04.diff || die "Can't apply patch."
5050 rm -fR patches/ specs/ || die "Can't delete patch."
--- trunk/caitsith-patch/specs/build-vl6-4.4.sh (revision 359)
+++ trunk/caitsith-patch/specs/build-vl6-4.4.sh (revision 360)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-4.4.110-2vl6.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpm/SOURCES/ || die "Can't chdir to ~/rpm/SOURCES/ ."
21-if [ ! -r caitsith-patch-0.2-20210606.tar.gz ]
21+if [ ! -r caitsith-patch-0.2-20210916.tar.gz ]
2222 then
23- wget -O caitsith-patch-0.2-20210606.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210606.tar.gz' || die "Can't download patch."
23+ wget -O caitsith-patch-0.2-20210916.tar.gz 'https://osdn.jp/frs/redir.php?f=/caitsith/66537/caitsith-patch-0.2-20210916.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -61,7 +61,7 @@
6161 # END OF PATCH APPLICATIONS
6262
6363 +# CaitSith
64-+tar -zxf %_sourcedir/caitsith-patch-0.2-20210606.tar.gz
64++tar -zxf %_sourcedir/caitsith-patch-0.2-20210916.tar.gz
6565 +sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff
6666 +patch -sp1 < patches/ccs-patch-4.4-vine-linux-6.diff
6767 cp %{SOURCE10} Documentation/
旧リポジトリブラウザで表示