diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-01-05 23:06:36 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-01-05 23:06:36 +0000 |
commit | 8ed3571798cdec29fb650070fe5b4d20c76fdc46 (patch) | |
tree | aeaf61d1b68e6ef61833e68761a78b3b967d87b2 /sys-kernel | |
parent | remove obsolete package. (diff) | |
download | gentoo-2-8ed3571798cdec29fb650070fe5b4d20c76fdc46.tar.gz gentoo-2-8ed3571798cdec29fb650070fe5b4d20c76fdc46.tar.bz2 gentoo-2-8ed3571798cdec29fb650070fe5b4d20c76fdc46.zip |
Added the 2.4.24 security patches. Please see bugs #37292 and #37317.
Diffstat (limited to 'sys-kernel')
6 files changed, 216 insertions, 19 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index b31052de21f8..866be771d500 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,12 +1,16 @@ # ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.11 2004/01/05 22:17:35 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.12 2004/01/05 23:06:16 plasmaroo Exp $ + + 05 Jan 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.23.1.9.13.ebuild, + files/grsec-sources-2.4.23.1.9.13.*.patch: + Added the 2.4.24 security patches. Please see bugs #37292 and #37317. 05 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.21.1.9.11.ebuild, grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.1.9.12-r1.ebuild, grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3-r1.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild: - removed old versions of kernels + Removed old versions of kernels... *grsec-sources-2.4.23.2.0_rc4 (02 Jan 2004) diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest index aaaceddcdb31..30225a891f83 100644 --- a/sys-kernel/grsec-sources/Manifest +++ b/sys-kernel/grsec-sources/Manifest @@ -1,7 +1,9 @@ +MD5 115d5708cd2f1246ed4bb00301631f93 ChangeLog 2490 +MD5 e25e7b4597928e400fa332fd789d51df grsec-sources-2.4.23.1.9.13.ebuild 2753 MD5 225cb9e370f4e7d3bc1a98549377249e metadata.xml 484 -MD5 d7e69a4d5b341375bbf96576128cdc26 ChangeLog 2291 -MD5 9f568adf761b880688a48358febf458e grsec-sources-2.4.23.1.9.13.ebuild 2690 -MD5 21332b215e1b2568de209c564305f1a8 grsec-sources-2.4.23.2.0_rc4.ebuild 1746 +MD5 a5cf20df275181fdde364ffba9c7356e grsec-sources-2.4.23.2.0_rc4.ebuild 1896 +MD5 f9e7dad4cb849b2dfdc91ebe070df7d5 files/digest-grsec-sources-2.4.23.2.0_rc4 221 MD5 731f6330c2bea90d170172a1189bd327 files/digest-grsec-sources-2.4.23.1.9.13 304 +MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/grsec-sources-2.4.23.rtc_fix.patch 7073 +MD5 d641cd49ae63ca2989672d2209691bb5 files/grsec-sources-2.4.23.CAN-2003-0985.patch 414 MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242 -MD5 f9e7dad4cb849b2dfdc91ebe070df7d5 files/digest-grsec-sources-2.4.23.2.0_rc4 221 diff --git a/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch new file mode 100644 index 000000000000..bacef69f02f8 --- /dev/null +++ b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.CAN-2003-0985.patch @@ -0,0 +1,13 @@ +--- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000 ++++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000 +@@ -315,6 +315,10 @@ + old_len = PAGE_ALIGN(old_len); + new_len = PAGE_ALIGN(new_len); + ++ /* Don't allow the degenerate cases */ ++ if (!(old_len | new_len)) ++ goto out; ++ + /* new_addr is only valid if MREMAP_FIXED is specified */ + if (flags & MREMAP_FIXED) { + if (new_addr & ~PAGE_MASK) diff --git a/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch new file mode 100644 index 000000000000..76a663c6e89d --- /dev/null +++ b/sys-kernel/grsec-sources/files/grsec-sources-2.4.23.rtc_fix.patch @@ -0,0 +1,180 @@ +diff -urN linux-2.4.23/arch/cris/drivers/ds1302.c linux-2.4.24/arch/cris/drivers/ds1302.c +--- linux-2.4.23/arch/cris/drivers/ds1302.c 2003-08-25 04:44:39.000000000 -0700 ++++ linux-2.4.24/arch/cris/drivers/ds1302.c 2004-01-05 05:53:56.000000000 -0800 +@@ -346,6 +346,7 @@ + { + struct rtc_time rtc_tm; + ++ memset(&rtc_tm, 0, sizeof (struct rtc_time)); + get_rtc_time(&rtc_tm); + if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time))) + return -EFAULT; +diff -urN linux-2.4.23/arch/cris/drivers/pcf8563.c linux-2.4.24/arch/cris/drivers/pcf8563.c +--- linux-2.4.23/arch/cris/drivers/pcf8563.c 2003-08-25 04:44:39.000000000 -0700 ++++ linux-2.4.24/arch/cris/drivers/pcf8563.c 2004-01-05 05:53:56.000000000 -0800 +@@ -220,6 +220,7 @@ + { + struct rtc_time tm; + ++ memset(&tm, 0, sizeof (struct rtc_time)); + get_rtc_time(&tm); + + if (copy_to_user((struct rtc_time *) arg, &tm, sizeof tm)) { +diff -urN linux-2.4.23/arch/m68k/bvme6000/rtc.c linux-2.4.24/arch/m68k/bvme6000/rtc.c +--- linux-2.4.23/arch/m68k/bvme6000/rtc.c 2003-06-13 07:51:31.000000000 -0700 ++++ linux-2.4.24/arch/m68k/bvme6000/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -54,6 +54,7 @@ + /* Ensure clock and real-time-mode-register are accessible */ + msr = rtc->msr & 0xc0; + rtc->msr = 0x40; ++ memset(&wtime, 0, sizeof(struct rtc_time)); + do { + wtime.tm_sec = BCD2BIN(rtc->bcd_sec); + wtime.tm_min = BCD2BIN(rtc->bcd_min); +diff -urN linux-2.4.23/arch/m68k/mvme16x/rtc.c linux-2.4.24/arch/m68k/mvme16x/rtc.c +--- linux-2.4.23/arch/m68k/mvme16x/rtc.c 2003-06-13 07:51:31.000000000 -0700 ++++ linux-2.4.24/arch/m68k/mvme16x/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -52,6 +52,7 @@ + cli(); + /* Ensure clock and real-time-mode-register are accessible */ + rtc->ctrl = RTC_READ; ++ memset(&wtime, 0, sizeof(struct rtc_time)); + wtime.tm_sec = BCD2BIN(rtc->bcd_sec); + wtime.tm_min = BCD2BIN(rtc->bcd_min); + wtime.tm_hour = BCD2BIN(rtc->bcd_hr); +diff -urN linux-2.4.23/arch/ppc64/kernel/rtc.c linux-2.4.24/arch/ppc64/kernel/rtc.c +--- linux-2.4.23/arch/ppc64/kernel/rtc.c 2003-06-13 07:51:32.000000000 -0700 ++++ linux-2.4.24/arch/ppc64/kernel/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -96,6 +96,7 @@ + switch (cmd) { + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + ppc_md.get_rtc_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/acorn/char/i2c.c linux-2.4.24/drivers/acorn/char/i2c.c +--- linux-2.4.23/drivers/acorn/char/i2c.c 2003-08-25 04:44:40.000000000 -0700 ++++ linux-2.4.24/drivers/acorn/char/i2c.c 2004-01-05 05:53:56.000000000 -0800 +@@ -166,6 +166,7 @@ + break; + + case RTC_RD_TIME: ++ memset(&rtctm, 0, sizeof(struct rtc_time)); + get_rtc_time(&rtc_raw, &year); + rtctm.tm_sec = rtc_raw.secs; + rtctm.tm_min = rtc_raw.mins; +diff -urN linux-2.4.23/drivers/char/ds1286.c linux-2.4.24/drivers/char/ds1286.c +--- linux-2.4.23/drivers/char/ds1286.c 2003-08-25 04:44:41.000000000 -0700 ++++ linux-2.4.24/drivers/char/ds1286.c 2004-01-05 05:53:56.000000000 -0800 +@@ -173,7 +173,7 @@ + * means "don't care" or "match all". Only the tm_hour, + * tm_min, and tm_sec values are filled in. + */ +- ++ memset(&wtime, 0, sizeof(struct rtc_time)); + ds1286_get_alm_time(&wtime); + break; + } +@@ -216,6 +216,7 @@ + } + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + ds1286_get_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/char/efirtc.c linux-2.4.24/drivers/char/efirtc.c +--- linux-2.4.23/drivers/char/efirtc.c 2003-06-13 07:51:32.000000000 -0700 ++++ linux-2.4.24/drivers/char/efirtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -118,6 +118,7 @@ + static void + convert_from_efi_time(efi_time_t *eft, struct rtc_time *wtime) + { ++ memset(wtime, 0, sizeof(struct rtc_time)); + wtime->tm_sec = eft->second; + wtime->tm_min = eft->minute; + wtime->tm_hour = eft->hour; +diff -urN linux-2.4.23/drivers/char/ip27-rtc.c linux-2.4.24/drivers/char/ip27-rtc.c +--- linux-2.4.23/drivers/char/ip27-rtc.c 2003-08-25 04:44:41.000000000 -0700 ++++ linux-2.4.24/drivers/char/ip27-rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -83,6 +83,7 @@ + switch (cmd) { + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + get_rtc_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/char/mips_rtc.c linux-2.4.24/drivers/char/mips_rtc.c +--- linux-2.4.23/drivers/char/mips_rtc.c 2003-08-25 04:44:41.000000000 -0700 ++++ linux-2.4.24/drivers/char/mips_rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -82,6 +82,7 @@ + + switch (cmd) { + case RTC_RD_TIME: /* Read the time/date from RTC */ ++ memset(&rtc_tm, 0, sizeof(struct rtc_time)); + curr_time = rtc_get_time(); + to_tm(curr_time, &rtc_tm); + rtc_tm.tm_year -= 1900; +diff -urN linux-2.4.23/drivers/char/rtc.c linux-2.4.24/drivers/char/rtc.c +--- linux-2.4.23/drivers/char/rtc.c 2003-11-28 10:26:20.000000000 -0800 ++++ linux-2.4.24/drivers/char/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -362,7 +362,7 @@ + * means "don't care" or "match all". Only the tm_hour, + * tm_min, and tm_sec values are filled in. + */ +- ++ memset(&wtime, 0, sizeof(struct rtc_time)); + get_rtc_alm_time(&wtime); + break; + } +@@ -406,6 +406,7 @@ + } + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + get_rtc_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/hil/hp_sdc_rtc.c linux-2.4.24/drivers/hil/hp_sdc_rtc.c +--- linux-2.4.23/drivers/hil/hp_sdc_rtc.c 2003-06-13 07:51:33.000000000 -0700 ++++ linux-2.4.24/drivers/hil/hp_sdc_rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -561,6 +561,7 @@ + } + case RTC_ALM_READ: /* Read the present alarm time */ + { ++ memset(&ttime, 0, sizeof(struct timeval)); + if (hp_sdc_rtc_read_mt(&ttime)) return -EFAULT; + break; + } +@@ -609,6 +610,7 @@ + } + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + if (hp_sdc_rtc_read_bbrtc(&wtime)) return -EFAULT; + break; + } +diff -urN linux-2.4.23/drivers/macintosh/rtc.c linux-2.4.24/drivers/macintosh/rtc.c +--- linux-2.4.23/drivers/macintosh/rtc.c 2002-02-25 11:37:58.000000000 -0800 ++++ linux-2.4.24/drivers/macintosh/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -64,6 +64,7 @@ + case RTC_RD_TIME: + if (ppc_md.get_rtc_time) + { ++ memset(&rtc_tm, 0, sizeof(struct rtc_time)); + get_rtc_time(&rtc_tm); + + if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time))) +diff -urN linux-2.4.23/drivers/sbus/char/rtc.c linux-2.4.24/drivers/sbus/char/rtc.c +--- linux-2.4.23/drivers/sbus/char/rtc.c 2001-10-10 23:42:47.000000000 -0700 ++++ linux-2.4.24/drivers/sbus/char/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -89,6 +89,7 @@ + switch (cmd) + { + case RTCGET: ++ memset(&rtc_tm, 0, sizeof(struct rtc_time)); + get_rtc_time(&rtc_tm); + + if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time))) diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild index 5564a6980d0b..c7fc50c196e4 100644 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild,v 1.3 2004/01/05 22:10:53 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.1.9.13.ebuild,v 1.4 2004/01/05 23:06:16 plasmaroo Exp $ # Documentation on the patch contained in this kernel will be installed someday @@ -25,8 +25,7 @@ SRC_URI=" hppa? ( http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz ) \ http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 \ http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \ - http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign -" + http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign" HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" @@ -71,10 +70,10 @@ src_unpack() { kernel_universal_unpack fi + epatch ${FILESDIR}/${PN}-${OKV}.CAN-2003-0985.patch + epatch ${FILESDIR}/${PN}-${OKV}.rtc_fix.patch + # kernel_universal_unpack # kernel_src_unpack } -#src_install() { -# kernel_src_install -#} diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild index 957c4e60e296..26e2d5730609 100644 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild,v 1.1 2004/01/05 22:10:53 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.23.2.0_rc4.ebuild,v 1.2 2004/01/05 23:06:16 plasmaroo Exp $ # Documentation on the patch contained in this kernel will be installed someday @@ -29,6 +29,7 @@ S=${WORKDIR}/linux-${KV} ################### src_unpack() { + unpack linux-${OKV}.tar.bz2 || die "Unable to unpack the kernel" mv linux-${OKV} linux-${KV} || die "Unable to move the kernel" cd linux-${KV} || die "Unable to cd into the kernel source tree" @@ -40,15 +41,13 @@ src_unpack() { die "Unable to the kernel patch" fi - epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln" + epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch for do_brk() vulnerability!" + epatch ${FILESDIR}/${PN}-${OKV}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!" + epatch ${FILESDIR}/${PN}-${OKV}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!" mkdir -p docs touch docs/patches.txt kernel_universal_unpack - # kernel_src_unpack -} -#src_install() { -# kernel_src_install -#} +} |