- version bump for security bug #77666 and removed some older unneeded ebuilds.

(Portage version: 2.0.51-r13)
author: Ned Ludd <solar@gentoo.org> 2005-01-18 17:37:35 +0000
committer: Ned Ludd <solar@gentoo.org> 2005-01-18 17:37:35 +0000
commit: 4e0248261a8754160e44ede9c52e6f83a812845f (patch)
tree: 15f425ffd8cdf2538845a29341f20ee6c85943cb /sys-kernel/grsec-sources
parent: removed junit test to fix bug #71952. (diff)
download: gentoo-2-4e0248261a8754160e44ede9c52e6f83a812845f.tar.gz
gentoo-2-4e0248261a8754160e44ede9c52e6f83a812845f.tar.bz2
gentoo-2-4e0248261a8754160e44ede9c52e6f83a812845f.zip
8 files changed, 77 insertions, 65 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index 1d00c3319609..cd7a792f6fcb 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-kernel/grsec-sources
 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.45 2005/01/11 22:47:21 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.46 2005/01/18 17:37:35 solar Exp $
+
+*grsec-sources-2.4.28.2.1.0-r1 (18 Jan 2005)
+
+  18 Jan 2005; <solar@gentoo.org> +files/2.4.29-CAN-2005-0001.patch,
+  -grsec-sources-2.4.28.2.0.2-r1.ebuild,
+  -grsec-sources-2.4.28.2.0.2-r2.ebuild,
+  +grsec-sources-2.4.28.2.1.0-r1.ebuild:
+  - version bump for security bug #77666 and removed some older unneeded ebuilds.
 
   11 Jan 2005; <solar@gentoo.org> grsec-sources-2.4.28.2.1.0.ebuild:
   - marking grsec-sources stable
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index 0091ce3a0e93..545eb0edcc25 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,32 +1,19 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 14e92bfd64bcdc6704d67c60641a9896 grsec-sources-2.4.28.2.0.2-r1.ebuild 1253
 MD5 24764b94c52b15c33321df855d74ef1a grsec-sources-2.4.28.2.0.2-r3.ebuild 1353
-MD5 28f7057c915a09df4936882fd7088f05 grsec-sources-2.4.28.2.0.2-r2.ebuild 1281
+MD5 79685930b19db6f9b5d580b4d82c1548 grsec-sources-2.4.28.2.1.0-r1.ebuild 1779
 MD5 de2ab50796577ef947a9cbe845a22dae grsec-sources-2.4.28.2.1.0.ebuild 1737
-MD5 6f7a32898265e1949ad24dbbc77134f5 ChangeLog 9877
+MD5 f08c4ceffee4a66f31a0513b742370e0 ChangeLog 10198
 MD5 0b2ea9b53b5d526e39afbdc5040ff07a metadata.xml 487
 MD5 0adbefda5e0d752b23dd2f930e6f6bbf files/linux-2.4.28-random-poolsize.patch 452
 MD5 8c35751caf824a9dacb02e80d6189b2e files/gentoo-sources-2.4.CAN-2004-1137.patch 1764
 MD5 4263daf594b58ea0c0b59e87afe3a7c9 files/CAN-2004-1074.patch 11121
 MD5 757ee1239c3f14645ccea3640d551e11 files/CAN-2004-1056.patch 11249
 MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319
+MD5 1efe4024e443e60db5fd9b21b22fabd2 files/2.4.29-CAN-2005-0001.patch 1724
 MD5 29e531cdd3f2effce5e31a1f2afb5b5d files/2.4.28-uselib4pax.patch 8912
 MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397
 MD5 8c7a1adf3e5ca3b4cfd6a75f5704d2fc files/digest-grsec-sources-2.4.28.2.1.0 231
 MD5 4a0215139f9aebfe2cc2747743763f08 files/2.4.28-binfmt_a.out.patch 1887
-MD5 c829ff92477a5a9e4fcbc370303217f8 files/digest-grsec-sources-2.4.28.2.0.2-r1 144
-MD5 c829ff92477a5a9e4fcbc370303217f8 files/digest-grsec-sources-2.4.28.2.0.2-r2 144
 MD5 c829ff92477a5a9e4fcbc370303217f8 files/digest-grsec-sources-2.4.28.2.0.2-r3 144
+MD5 8c7a1adf3e5ca3b4cfd6a75f5704d2fc files/digest-grsec-sources-2.4.28.2.1.0-r1 231
 MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/CAN-2004-1016.patch 2835
 MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.4 (GNU/Linux)
-
-iQCVAwUBQeRW0J4WFLgrx1GWAQIw1gQAy5+CyVhfS9sRfoNUSdDgsAO7y7Khi77/
-AGWlmYmy5ZaKwkLKfGE9BWVqzUSNXozZ7bkk4qaaFnmPLkqrJ50U4Mv40w44+IlG
-n/G0pAuT1N96twoz9llhwEMg9hbvhRiVAS0qhtuT8AuVsqx46WPiGsh1WvS9Zq5K
-d4fwJY6Mbew=
-=Qu/f
------END PGP SIGNATURE-----
diff --git a/sys-kernel/grsec-sources/files/2.4.29-CAN-2005-0001.patch b/sys-kernel/grsec-sources/files/2.4.29-CAN-2005-0001.patch
new file mode 100644
index 000000000000..6b687788f912
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/2.4.29-CAN-2005-0001.patch
@@ -0,0 +1,44 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2005/01/12 09:14:50-02:00 marcelo.tosatti@cyclades.com 
+#   [PATCH] Fix expand_stack() SMP race
+#   
+#   Description: Fix expand_stack() SMP race
+#   
+#   Two threads sharing the same VMA can race in expand_stack, resulting in incorrect VMA
+#   size accounting and possibly a "uncovered-by-VMA" pte leak.
+#   
+#   Fix is to check if the stack has already been expanded after acquiring a lock which
+#   guarantees exclusivity (page_table_lock in v2.4 and vma_anon lock in v2.6).
+# 
+# include/linux/mm.h
+#   2005/01/07 14:51:21-02:00 marcelo.tosatti@cyclades.com +10 -3
+#   Fix expand_stack() SMP race
+# 
+diff -Nru a/include/linux/mm.h b/include/linux/mm.h
+--- a/include/linux/mm.h	2005-01-13 04:59:30 -08:00
++++ b/include/linux/mm.h	2005-01-13 04:59:30 -08:00
+@@ -648,12 +648,19 @@
+ 	unsigned long grow;
+ 
+ 	/*
+-	 * vma->vm_start/vm_end cannot change under us because the caller is required
+-	 * to hold the mmap_sem in write mode. We need to get the spinlock only
+-	 * before relocating the vma range ourself.
++	 * vma->vm_start/vm_end cannot change under us because the caller
++	 * is required to hold the mmap_sem in read mode.  We need the
++	 * page_table_lock lock to serialize against concurrent expand_stacks.
+ 	 */
+ 	address &= PAGE_MASK;
+  	spin_lock(&vma->vm_mm->page_table_lock);
++
++	/* already expanded while we were spinning? */
++	if (vma->vm_start <= address) {
++		spin_unlock(&vma->vm_mm->page_table_lock);
++		return 0;
++	}
++
+ 	grow = (vma->vm_start - address) >> PAGE_SHIFT;
+ 	if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
+ 	    ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) {
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r1
deleted file mode 100644
index 04b30398565d..000000000000
--- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r1
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 2f2e5e29772fdacd04129ba16a24afcf grsecurity-2.0.2-2.4.28.patch.gz 141933
-MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r2 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r2
deleted file mode 100644
index 04b30398565d..000000000000
--- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r2
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 2f2e5e29772fdacd04129ba16a24afcf grsecurity-2.0.2-2.4.28.patch.gz 141933
-MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.1.0-r1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.1.0-r1
new file mode 100644
index 000000000000..c85fde9d5a55
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.1.0-r1
@@ -0,0 +1,3 @@
+MD5 afbd071ae702af4668b2aea32868a698 grsecurity-2.1.0-2.4.28-200501051112.patch 691305
+MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046
+MD5 3fa09a0d8ea8def546b840bde027d61b linux-2.4.28-CAN-2004-0814.patch 145009
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild
deleted file mode 100644
index 18d3ef15fb8c..000000000000
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild,v 1.2 2005/01/08 05:21:39 solar Exp $
-
-ETYPE="sources"
-UNIPATCH_STRICTORDER="yes"
-inherit kernel-2
-detect_version
-
-OKV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH/.*/}"
-PATCH_BASE="${PV/${OKV}./}"
-PATCH_BASE="${PATCH_BASE/_/-}"
-EXTRAVERSION="-grsec-${PATCH_BASE}"
-KV_FULL="${OKV}${EXTRAVERSION}"
-
-PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch.gz"
-DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
-SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.gz \
-	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
-
-HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
-KEYWORDS="x86 sparc ppc alpha amd64 -hppa"
-RESTRICT="buildpkg"
-IUSE=""
-
-UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE} \
-	${FILESDIR}/2.4.28-binfmt_a.out.patch
-	${FILESDIR}/CAN-2004-1016.patch"
-
-src_unpack() {
-	kernel-2_src_unpack
-
-	# users are often confused by what settings should be set.
-	# so we provide an  example of what a P4 desktop would look like.
-	cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.2x-x86.config
-}
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r1.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.1.0-r1.ebuild
index cb2eddb9a0d6..a30de499363b 100644
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r1.ebuild
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.1.0-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r1.ebuild,v 1.2 2005/01/08 05:21:39 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.1.0-r1.ebuild,v 1.1 2005/01/18 17:37:35 solar Exp $
 
 ETYPE="sources"
 UNIPATCH_STRICTORDER="yes"
@@ -11,20 +11,30 @@ OKV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH/.*/}"
 PATCH_BASE="${PV/${OKV}./}"
 PATCH_BASE="${PATCH_BASE/_/-}"
 EXTRAVERSION="-grsec-${PATCH_BASE}"
+PATCH_STAMP=200501051112
 KV_FULL="${OKV}${EXTRAVERSION}"
-
-PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch.gz"
+PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}-${PATCH_STAMP}.patch"
 DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
-SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.gz \
-	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
+SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}-${PATCH_STAMP}.patch \
+	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 \
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.28-CAN-2004-0814.patch"
 
 HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
 KEYWORDS="x86 sparc ppc alpha amd64 -hppa"
 RESTRICT="buildpkg"
 IUSE=""
-
+RDEPEND=""
 UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE} \
-			   ${FILESDIR}/2.4.28-binfmt_a.out.patch"
+	${FILESDIR}/2.4.28-binfmt_a.out.patch \
+	${FILESDIR}/CAN-2004-1016.patch \
+	${FILESDIR}/CAN-2004-1074.patch \
+	${FILESDIR}/CAN-2004-1056.patch \
+	${DISTDIR}/linux-2.4.28-CAN-2004-0814.patch \
+	${FILESDIR}/linux-2.4.28-random-poolsize.patch \
+	${FILESDIR}/2.4.27-cmdline-race.patch \
+	${FILESDIR}/2.4.28-uselib4pax.patch \
+	${FILESDIR}/gentoo-sources-2.4.CAN-2004-1137.patch \
+	${FILESDIR}/2.4.29-CAN-2005-0001.patch"
 
 src_unpack() {
 	kernel-2_src_unpack
author	Ned Ludd <solar@gentoo.org>	2005-01-18 17:37:35 +0000
committer	Ned Ludd <solar@gentoo.org>	2005-01-18 17:37:35 +0000
commit	4e0248261a8754160e44ede9c52e6f83a812845f (patch)
tree	15f425ffd8cdf2538845a29341f20ee6c85943cb /sys-kernel/grsec-sources
parent	removed junit test to fix bug #71952. (diff)
download	gentoo-2-4e0248261a8754160e44ede9c52e6f83a812845f.tar.gz gentoo-2-4e0248261a8754160e44ede9c52e6f83a812845f.tar.bz2 gentoo-2-4e0248261a8754160e44ede9c52e6f83a812845f.zip