grsecurity: 4.3.4 -> 4.4.2

pkgs/build-support/grsecurity/default.nix

@@ -33,7 +33,7 @@ let
 
     grKernel = if cfg.stable
                then mkKernel pkgs.linux_3_14 stable-patch
-               else mkKernel pkgs.linux_4_3 test-patch;
+               else mkKernel pkgs.linux_4_4 test-patch;
 
     ## -- grsecurity configuration ---------------------------------------------
 

pkgs/os-specific/linux/kernel/grsec-path.patch

@@ -2,13 +2,14 @@ diff --git a/kernel/kmod.c b/kernel/kmod.c
 index a689506..30747b4 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -294,10 +294,8 @@ static int ____call_usermodehelper(void *data)
+@@ -294,11 +294,8 @@ static int ____call_usermodehelper(void *data)
  	   out the path to be used prior to this point and are now operating
  	   on that copy
  	*/
 -	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
 -	     strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
 -	     strncmp(sub_info->path, "/usr/libexec/", 13) && strncmp(sub_info->path, "/usr/bin/", 9) &&
+-	     strncmp(sub_info->path, "/usr/sbin/", 10) &&
 -	     strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
 +	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
 +	     strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) || strstr(sub_info->path, "..")) {

pkgs/os-specific/linux/kernel/patches.nix

@@ -87,10 +87,10 @@ rec {
     };
 
   grsecurity_unstable = grsecPatch
-    { kversion  = "4.3.4";
+    { kversion  = "4.4.2";
-      revision  = "201601231215";
+      revision  = "201602182048";
       branch    = "test";
-      sha256    = "1dacld4zlp8mk6ykc0f1v5crppvq3znbdw9rwfrf6qi90984x0mr";
+      sha256    = "0dm0nzzja6ynzdz2k5h0ckys7flw307i3w0k1lwjxfj80civ73wr";
     };
 
   grsec_fix_path =