summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2004-01-05 23:06:36 +0000
committerTim Yamin <plasmaroo@gentoo.org>2004-01-05 23:06:36 +0000
commit8ed3571798cdec29fb650070fe5b4d20c76fdc46 (patch)
treeaeaf61d1b68e6ef61833e68761a78b3b967d87b2 /sys-kernel
parentremove obsolete package. (diff)
downloadgentoo-2-8ed3571798cdec29fb650070fe5b4d20c76fdc46.tar.gz
gentoo-2-8ed3571798cdec29fb650070fe5b4d20c76fdc46.tar.bz2
gentoo-2-8ed3571798cdec29fb650070fe5b4d20c76fdc46.zip
Added the 2.4.24 security patches. Please see bugs #37292 and #37317.
Diffstat (limited to 'sys-kernel')
-rw-r--r--sys-kernel/grsec-sources/ChangeLog8
-rw-r--r--sys-kernel/grsec-sources/Manifest10
-rw-r--r--sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch13
-rw-r--r--sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch180
-rw-r--r--sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild11
-rw-r--r--sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild13
6 files changed, 216 insertions, 19 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index b31052de21f8..866be771d500 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,12 +1,16 @@
# ChangeLog for sys-kernel/grsec-sources
# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.11 2004/01/05 22:17:35 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.12 2004/01/05 23:06:16 plasmaroo Exp $
+
+ 05 Jan 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.23.1.9.13.ebuild,
+ files/grsec-sources-2.4.23.1.9.13.*.patch:
+ Added the 2.4.24 security patches. Please see bugs #37292 and #37317.
05 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.21.1.9.11.ebuild,
grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.1.9.12-r1.ebuild,
grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3-r1.ebuild,
grsec-sources-2.4.22.2.0_rc3.ebuild:
- removed old versions of kernels
+ Removed old versions of kernels...
*grsec-sources-2.4.23.2.0_rc4 (02 Jan 2004)
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index aaaceddcdb31..30225a891f83 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,7 +1,9 @@
+MD5 115d5708cd2f1246ed4bb00301631f93 ChangeLog 2490
+MD5 e25e7b4597928e400fa332fd789d51df grsec-sources-2.4.23.1.9.13.ebuild 2753
MD5 225cb9e370f4e7d3bc1a98549377249e metadata.xml 484
-MD5 d7e69a4d5b341375bbf96576128cdc26 ChangeLog 2291
-MD5 9f568adf761b880688a48358febf458e grsec-sources-2.4.23.1.9.13.ebuild 2690
-MD5 21332b215e1b2568de209c564305f1a8 grsec-sources-2.4.23.2.0_rc4.ebuild 1746
+MD5 a5cf20df275181fdde364ffba9c7356e grsec-sources-2.4.23.2.0_rc4.ebuild 1896
+MD5 f9e7dad4cb849b2dfdc91ebe070df7d5 files/digest-grsec-sources-2.4.23.2.0_rc4 221
MD5 731f6330c2bea90d170172a1189bd327 files/digest-grsec-sources-2.4.23.1.9.13 304
+MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/grsec-sources-2.4.23.rtc_fix.patch 7073
+MD5 d641cd49ae63ca2989672d2209691bb5 files/grsec-sources-2.4.23.CAN-2003-0985.patch 414
MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242
-MD5 f9e7dad4cb849b2dfdc91ebe070df7d5 files/digest-grsec-sources-2.4.23.2.0_rc4 221
diff --git a/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch
new file mode 100644
index 000000000000..bacef69f02f8
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000
+@@ -315,6 +315,10 @@
+ old_len = PAGE_ALIGN(old_len);
+ new_len = PAGE_ALIGN(new_len);
+
++ /* Don't allow the degenerate cases */
++ if (!(old_len | new_len))
++ goto out;
++
+ /* new_addr is only valid if MREMAP_FIXED is specified */
+ if (flags & MREMAP_FIXED) {
+ if (new_addr & ~PAGE_MASK)
diff --git a/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch
new file mode 100644
index 000000000000..76a663c6e89d
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch
@@ -0,0 +1,180 @@
+diff -urN linux-2.4.23/arch/cris/drivers/ds1302.c linux-2.4.24/arch/cris/drivers/ds1302.c
+--- linux-2.4.23/arch/cris/drivers/ds1302.c 2003-08-25 04:44:39.000000000 -0700
++++ linux-2.4.24/arch/cris/drivers/ds1302.c 2004-01-05 05:53:56.000000000 -0800
+@@ -346,6 +346,7 @@
+ {
+ struct rtc_time rtc_tm;
+
++ memset(&rtc_tm, 0, sizeof (struct rtc_time));
+ get_rtc_time(&rtc_tm);
+ if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+ return -EFAULT;
+diff -urN linux-2.4.23/arch/cris/drivers/pcf8563.c linux-2.4.24/arch/cris/drivers/pcf8563.c
+--- linux-2.4.23/arch/cris/drivers/pcf8563.c 2003-08-25 04:44:39.000000000 -0700
++++ linux-2.4.24/arch/cris/drivers/pcf8563.c 2004-01-05 05:53:56.000000000 -0800
+@@ -220,6 +220,7 @@
+ {
+ struct rtc_time tm;
+
++ memset(&tm, 0, sizeof (struct rtc_time));
+ get_rtc_time(&tm);
+
+ if (copy_to_user((struct rtc_time *) arg, &tm, sizeof tm)) {
+diff -urN linux-2.4.23/arch/m68k/bvme6000/rtc.c linux-2.4.24/arch/m68k/bvme6000/rtc.c
+--- linux-2.4.23/arch/m68k/bvme6000/rtc.c 2003-06-13 07:51:31.000000000 -0700
++++ linux-2.4.24/arch/m68k/bvme6000/rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -54,6 +54,7 @@
+ /* Ensure clock and real-time-mode-register are accessible */
+ msr = rtc->msr & 0xc0;
+ rtc->msr = 0x40;
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ do {
+ wtime.tm_sec = BCD2BIN(rtc->bcd_sec);
+ wtime.tm_min = BCD2BIN(rtc->bcd_min);
+diff -urN linux-2.4.23/arch/m68k/mvme16x/rtc.c linux-2.4.24/arch/m68k/mvme16x/rtc.c
+--- linux-2.4.23/arch/m68k/mvme16x/rtc.c 2003-06-13 07:51:31.000000000 -0700
++++ linux-2.4.24/arch/m68k/mvme16x/rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -52,6 +52,7 @@
+ cli();
+ /* Ensure clock and real-time-mode-register are accessible */
+ rtc->ctrl = RTC_READ;
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ wtime.tm_sec = BCD2BIN(rtc->bcd_sec);
+ wtime.tm_min = BCD2BIN(rtc->bcd_min);
+ wtime.tm_hour = BCD2BIN(rtc->bcd_hr);
+diff -urN linux-2.4.23/arch/ppc64/kernel/rtc.c linux-2.4.24/arch/ppc64/kernel/rtc.c
+--- linux-2.4.23/arch/ppc64/kernel/rtc.c 2003-06-13 07:51:32.000000000 -0700
++++ linux-2.4.24/arch/ppc64/kernel/rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -96,6 +96,7 @@
+ switch (cmd) {
+ case RTC_RD_TIME: /* Read the time/date from RTC */
+ {
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ ppc_md.get_rtc_time(&wtime);
+ break;
+ }
+diff -urN linux-2.4.23/drivers/acorn/char/i2c.c linux-2.4.24/drivers/acorn/char/i2c.c
+--- linux-2.4.23/drivers/acorn/char/i2c.c 2003-08-25 04:44:40.000000000 -0700
++++ linux-2.4.24/drivers/acorn/char/i2c.c 2004-01-05 05:53:56.000000000 -0800
+@@ -166,6 +166,7 @@
+ break;
+
+ case RTC_RD_TIME:
++ memset(&rtctm, 0, sizeof(struct rtc_time));
+ get_rtc_time(&rtc_raw, &year);
+ rtctm.tm_sec = rtc_raw.secs;
+ rtctm.tm_min = rtc_raw.mins;
+diff -urN linux-2.4.23/drivers/char/ds1286.c linux-2.4.24/drivers/char/ds1286.c
+--- linux-2.4.23/drivers/char/ds1286.c 2003-08-25 04:44:41.000000000 -0700
++++ linux-2.4.24/drivers/char/ds1286.c 2004-01-05 05:53:56.000000000 -0800
+@@ -173,7 +173,7 @@
+ * means "don't care" or "match all". Only the tm_hour,
+ * tm_min, and tm_sec values are filled in.
+ */
+-
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ ds1286_get_alm_time(&wtime);
+ break;
+ }
+@@ -216,6 +216,7 @@
+ }
+ case RTC_RD_TIME: /* Read the time/date from RTC */
+ {
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ ds1286_get_time(&wtime);
+ break;
+ }
+diff -urN linux-2.4.23/drivers/char/efirtc.c linux-2.4.24/drivers/char/efirtc.c
+--- linux-2.4.23/drivers/char/efirtc.c 2003-06-13 07:51:32.000000000 -0700
++++ linux-2.4.24/drivers/char/efirtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -118,6 +118,7 @@
+ static void
+ convert_from_efi_time(efi_time_t *eft, struct rtc_time *wtime)
+ {
++ memset(wtime, 0, sizeof(struct rtc_time));
+ wtime->tm_sec = eft->second;
+ wtime->tm_min = eft->minute;
+ wtime->tm_hour = eft->hour;
+diff -urN linux-2.4.23/drivers/char/ip27-rtc.c linux-2.4.24/drivers/char/ip27-rtc.c
+--- linux-2.4.23/drivers/char/ip27-rtc.c 2003-08-25 04:44:41.000000000 -0700
++++ linux-2.4.24/drivers/char/ip27-rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -83,6 +83,7 @@
+ switch (cmd) {
+ case RTC_RD_TIME: /* Read the time/date from RTC */
+ {
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ get_rtc_time(&wtime);
+ break;
+ }
+diff -urN linux-2.4.23/drivers/char/mips_rtc.c linux-2.4.24/drivers/char/mips_rtc.c
+--- linux-2.4.23/drivers/char/mips_rtc.c 2003-08-25 04:44:41.000000000 -0700
++++ linux-2.4.24/drivers/char/mips_rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -82,6 +82,7 @@
+
+ switch (cmd) {
+ case RTC_RD_TIME: /* Read the time/date from RTC */
++ memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ curr_time = rtc_get_time();
+ to_tm(curr_time, &rtc_tm);
+ rtc_tm.tm_year -= 1900;
+diff -urN linux-2.4.23/drivers/char/rtc.c linux-2.4.24/drivers/char/rtc.c
+--- linux-2.4.23/drivers/char/rtc.c 2003-11-28 10:26:20.000000000 -0800
++++ linux-2.4.24/drivers/char/rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -362,7 +362,7 @@
+ * means "don't care" or "match all". Only the tm_hour,
+ * tm_min, and tm_sec values are filled in.
+ */
+-
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ get_rtc_alm_time(&wtime);
+ break;
+ }
+@@ -406,6 +406,7 @@
+ }
+ case RTC_RD_TIME: /* Read the time/date from RTC */
+ {
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ get_rtc_time(&wtime);
+ break;
+ }
+diff -urN linux-2.4.23/drivers/hil/hp_sdc_rtc.c linux-2.4.24/drivers/hil/hp_sdc_rtc.c
+--- linux-2.4.23/drivers/hil/hp_sdc_rtc.c 2003-06-13 07:51:33.000000000 -0700
++++ linux-2.4.24/drivers/hil/hp_sdc_rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -561,6 +561,7 @@
+ }
+ case RTC_ALM_READ: /* Read the present alarm time */
+ {
++ memset(&ttime, 0, sizeof(struct timeval));
+ if (hp_sdc_rtc_read_mt(&ttime)) return -EFAULT;
+ break;
+ }
+@@ -609,6 +610,7 @@
+ }
+ case RTC_RD_TIME: /* Read the time/date from RTC */
+ {
++ memset(&wtime, 0, sizeof(struct rtc_time));
+ if (hp_sdc_rtc_read_bbrtc(&wtime)) return -EFAULT;
+ break;
+ }
+diff -urN linux-2.4.23/drivers/macintosh/rtc.c linux-2.4.24/drivers/macintosh/rtc.c
+--- linux-2.4.23/drivers/macintosh/rtc.c 2002-02-25 11:37:58.000000000 -0800
++++ linux-2.4.24/drivers/macintosh/rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -64,6 +64,7 @@
+ case RTC_RD_TIME:
+ if (ppc_md.get_rtc_time)
+ {
++ memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ get_rtc_time(&rtc_tm);
+
+ if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+diff -urN linux-2.4.23/drivers/sbus/char/rtc.c linux-2.4.24/drivers/sbus/char/rtc.c
+--- linux-2.4.23/drivers/sbus/char/rtc.c 2001-10-10 23:42:47.000000000 -0700
++++ linux-2.4.24/drivers/sbus/char/rtc.c 2004-01-05 05:53:56.000000000 -0800
+@@ -89,6 +89,7 @@
+ switch (cmd)
+ {
+ case RTCGET:
++ memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ get_rtc_time(&rtc_tm);
+
+ if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild
index 5564a6980d0b..c7fc50c196e4 100644
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild,v 1.3 2004/01/05 22:10:53 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild,v 1.4 2004/01/05 23:06:16 plasmaroo Exp $
# Documentation on the patch contained in this kernel will be installed someday
@@ -25,8 +25,7 @@ SRC_URI="
hppa? ( http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz ) \
http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 \
http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
- http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign
-"
+ http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign"
HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
@@ -71,10 +70,10 @@ src_unpack() {
kernel_universal_unpack
fi
+ epatch ${FILESDIR}/${PN}-${OKV}.CAN-2003-0985.patch
+ epatch ${FILESDIR}/${PN}-${OKV}.rtc_fix.patch
+
# kernel_universal_unpack
# kernel_src_unpack
}
-#src_install() {
-# kernel_src_install
-#}
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild
index 957c4e60e296..26e2d5730609 100644
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild,v 1.1 2004/01/05 22:10:53 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild,v 1.2 2004/01/05 23:06:16 plasmaroo Exp $
# Documentation on the patch contained in this kernel will be installed someday
@@ -29,6 +29,7 @@ S=${WORKDIR}/linux-${KV}
###################
src_unpack() {
+
unpack linux-${OKV}.tar.bz2 || die "Unable to unpack the kernel"
mv linux-${OKV} linux-${KV} || die "Unable to move the kernel"
cd linux-${KV} || die "Unable to cd into the kernel source tree"
@@ -40,15 +41,13 @@ src_unpack() {
die "Unable to the kernel patch"
fi
- epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln"
+ epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch for do_brk() vulnerability!"
+ epatch ${FILESDIR}/${PN}-${OKV}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+ epatch ${FILESDIR}/${PN}-${OKV}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
mkdir -p docs
touch docs/patches.txt
kernel_universal_unpack
- # kernel_src_unpack
-}
-#src_install() {
-# kernel_src_install
-#}
+}