diff options
| author |   Ned Ludd <solar@gentoo.org> | 2004-11-10 08:46:04 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2004-11-10 08:46:04 +0000 |
| commit | d3fd8fa5ecc176cf2277a1c24995a84441878e49 (patch) | |
| tree | a21d4bc8550c98a8abfdf2908de24eb4766b40ac | |
| parent | Initial import (Manifest recommit) (diff) | |
| download | gentoo-2-d3fd8fa5ecc176cf2277a1c24995a84441878e49.tar.gz gentoo-2-d3fd8fa5ecc176cf2277a1c24995a84441878e49.tar.bz2 gentoo-2-d3fd8fa5ecc176cf2277a1c24995a84441878e49.zip | |
fix for remote denial-of-service in nfs3 xdr handling code. bug #62524
| -rw-r--r-- | sys-kernel/grsec-sources/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/Manifest | 8 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 | 3 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1 | 2 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r2 (renamed from sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1) | 1 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild | 102 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r2.ebuild (renamed from sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild) | 7 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1.ebuild | 68 |
8 files changed, 16 insertions, 184 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index 8c67a679617c..37fdf385a890 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.31 2004/08/10 02:32:10 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.32 2004/11/10 08:46:04 solar Exp $ + +*grsec-sources-2.4.27.2.0.1-r2 (10 Nov 2004) + + 10 Nov 2004; <solar@gentoo.org> -grsec-sources-2.4.26.2.0-r7.ebuild, + -grsec-sources-2.4.27.2.0.1-r1.ebuild, + +grsec-sources-2.4.27.2.0.1-r2.ebuild, -grsec-sources-2.4.27.2.0.1.ebuild: + fix for remote denial-of-service in nfs3 xdr handling code. bug #62524 *grsec-sources-2.4.27.2.0.1-r1 (09 Aug 2004) diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest index 92b384320780..2e8d35d2c098 100644 --- a/sys-kernel/grsec-sources/Manifest +++ b/sys-kernel/grsec-sources/Manifest @@ -1,16 +1,12 @@ -MD5 49c9741593c223ee98f6ce3b3d6b6ef2 grsec-sources-2.4.26.2.0-r7.ebuild 3568 -MD5 bc5832ac6ca39f95dd9520dbd5a2a75c grsec-sources-2.4.27.2.0.1.ebuild 2299 +MD5 3b7ddecc999dbee7bc50ae44a253d6c2 grsec-sources-2.4.27.2.0.1-r2.ebuild 2536 MD5 7a507bbac99adf0d61814d1896621488 ChangeLog 6741 MD5 140d8af1d66f9f6cd030e7d9902f38d9 metadata.xml 478 -MD5 809c905e60037f00f9f8e2223e3e2732 grsec-sources-2.4.27.2.0.1-r1.ebuild 2404 MD5 c47b7075dd1e065b09bb08936c1901a1 files/2.4.26-signal-race.patch 365 MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/openmosix-sources.CAN-2004-0497.patch 707 MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319 -MD5 f48595ebd029212cbe8db846556b93cb files/digest-grsec-sources-2.4.27.2.0.1 141 -MD5 f48595ebd029212cbe8db846556b93cb files/digest-grsec-sources-2.4.27.2.0.1-r1 141 +MD5 8de19d3c0628653407c25bbcbd00383a files/digest-grsec-sources-2.4.27.2.0.1-r2 214 MD5 36615aa14e3aed91008beeeb406693bf files/2.4.26-pax-binfmt_elf-page-size.patch 427 MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397 MD5 0f66013f643c79c97fda489618a4e2fd files/gentoo-sources-2.4.CAN-2004-0535.patch 476 MD5 dc18e982f8149588a291956481885a8c files/gentoo-sources-2.4.CAN-2004-0495.patch 17549 -MD5 2dc3a7f7f036e87ce4af63af31989311 files/digest-grsec-sources-2.4.26.2.0-r7 219 MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388 diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 deleted file mode 100644 index fcb8a32fc613..000000000000 --- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 9a6adfd65720201d600bf05e884cd78a grsecurity-2.0-2.4.26.patch.bz2 104358 -MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389 -MD5 8f8f2412aacf9a01b5549bf2a9a3bff8 linux-2.4.26-CAN-2004-0415.patch 90145 diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1 deleted file mode 100644 index 2a2cfcf855ce..000000000000 --- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 3431156a47f26a1306f69de009941c63 grsecurity-2.0.1-2.4.27.patch 638046 -MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453 diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r2 index 2a2cfcf855ce..28faf898873e 100644 --- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1 +++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r2 @@ -1,2 +1,3 @@ MD5 3431156a47f26a1306f69de009941c63 grsecurity-2.0.1-2.4.27.patch 638046 MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453 +MD5 5bbbb2201b338ebb74f0bf650b639475 linux-2.4.27-nfs3-xdr.patch.bz2 746 diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild deleted file mode 100644 index afca710722bc..000000000000 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild,v 1.1 2004/08/04 18:41:10 solar Exp $ - -# We control what versions of what we download based on the KEYWORDS we -# are using for the various arches. Thus if we want grsec1 stable we run -# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the -# grsec-2.0-preX which has alot more features. - -# the only thing that should ever differ in one of these 1.9.x ebuilds -# and 2.x of the same kernel version is the KEYWORDS and header. -# shame cvs symlinks don't exist - -ETYPE="sources" -IUSE="" - -inherit eutils kernel - -[ "$OKV" == "" ] && OKV="2.4.26" - -PATCH_BASE="${PV/${OKV}./}" -PATCH_BASE="${PATCH_BASE/_/-}" -EXTRAVERSION="-grsec-${PATCH_BASE}" -KV="${OKV}${EXTRAVERSION}" - -PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch.bz2" - -# hppa takes a special patch and usually has play catch up between -# versions of this package. -HPPA_SRC_URI="" -if [ "${ARCH}" == "hppa" ]; then - PARISC_KERNEL_VERSION="pa1" - KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}" - HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz" - HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC_BASE}" - PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}" -fi - -DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" - -CAN_PATCHES="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch" - -SRC_URI="mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2 \ - http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}" - - -HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" - -KEYWORDS="x86 sparc ppc alpha amd64 -hppa" - -SLOT="${KV}" -S="${WORKDIR}/linux-${KV}" - -src_unpack() { - unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel" - mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel" - cd linux-"${KV}" || die "unable to cd into the kernel source tree" - - patch_grsec_kernel - - mkdir docs - touch docs/patches.txt - kernel_universal_unpack - -} - -patch_grsec_kernel() { - # users are often confused by what settings should be set. - # so we provide an example of what a P4 desktop would look like. - cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config - - - [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File ${PATCH_SRC_BASE} does not exist?" - ebegin "Patching the kernel with ${PATCH_SRC_BASE}" - case "${ARCH}" in - hppa) zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; - *) bzcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; - esac - [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}" - eend 0 - - # fix format string problem in panic() - epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch - # Fix local DoS bug #53804 - epatch ${FILESDIR}/2.4.26-signal-race.patch - - # i2c integer overflow vulnerability during the allocation of memory - #epatch ${FILESDIR}/2.4.26-i2cproc_bus_read.patch - - # patch to force randomization to always at least PAGE_SIZE big. - epatch ${FILESDIR}/2.4.26-pax-binfmt_elf-page-size.patch - - epatch ${FILESDIR}/gentoo-sources-2.4.CAN-2004-0495.patch - epatch ${FILESDIR}/gentoo-sources-2.4.CAN-2004-0535.patch - - # Bug 56479 - fchown-attr - epatch ${FILESDIR}/openmosix-sources.CAN-2004-0497.patch - - # file offset pointer handling vulnerability - Bug 59378 - epatch ${DISTDIR}/linux-2.4.26-CAN-2004-0415.patch -} - diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r2.ebuild index 97cac0d4c305..be9f8c22f08a 100644 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild,v 1.1 2004/08/10 02:32:10 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r2.ebuild,v 1.1 2004/11/10 08:46:04 solar Exp $ # We control what versions of what we download based on the KEYWORDS we # are using for the various arches. Thus if we want grsec1 stable we run @@ -25,7 +25,7 @@ KV="${OKV}${EXTRAVERSION}" PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch" DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" -CAN_PATCHES="" +CAN_PATCHES="mirror://linux-2.4.27-nfs3-xdr.patch.bz2" SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \ http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}" #mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2 @@ -65,6 +65,9 @@ patch_grsec_kernel() { # Potential security issue in /proc/cmdline bug 59905 epatch ${FILESDIR}/2.4.27-cmdline-race.patch + + # remote denial-of-service. bug 62524 + epatch ${DISTDIR}/linux-2.4.27-nfs3-xdr.patch.bz2 return 0 } diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1.ebuild deleted file mode 100644 index 3ca40def2b6a..000000000000 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1.ebuild,v 1.1 2004/08/08 19:38:44 solar Exp $ - -# We control what versions of what we download based on the KEYWORDS we -# are using for the various arches. Thus if we want grsec1 stable we run -# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the -# grsec-2.0-preX which has alot more features. - -# the only thing that should ever differ in one of these 1.9.x ebuilds -# and 2.x of the same kernel version is the KEYWORDS and header. -# shame cvs symlinks don't exist - -ETYPE="sources" -IUSE="" - -inherit eutils kernel - -[ "$OKV" == "" ] && OKV="2.4.27" - -PATCH_BASE="${PV/${OKV}./}" -PATCH_BASE="${PATCH_BASE/_/-}" -EXTRAVERSION="-grsec-${PATCH_BASE}" -KV="${OKV}${EXTRAVERSION}" - -PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch" -DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" -CAN_PATCHES="" -SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \ - http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}" -#mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2 - -HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" -KEYWORDS="x86 sparc ppc alpha amd64 -hppa" - -SLOT="${KV}" -S="${WORKDIR}/linux-${KV}" - -src_unpack() { - unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel" - mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel" - cd linux-"${KV}" || die "unable to cd into the kernel source tree" - - patch_grsec_kernel - - mkdir -p docs - touch docs/patches.txt - kernel_universal_unpack -} - -patch_grsec_kernel() { - # users are often confused by what settings should be set. - # so we provide an example of what a P4 desktop would look like. - cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config - - - [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File ${PATCH_SRC_BASE} does not exist?" - ebegin "Patching the kernel with ${PATCH_SRC_BASE}" - cat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet - [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}" - eend 0 - - # fix format string problem in panic() - epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch - - return 0 -} - |