Fixes CAN 097, #56479

6 files changed, 82 insertions, 9 deletions

diff --git a/sys-kernel/rsbac-sources/ChangeLog b/sys-kernel/rsbac-sources/ChangeLog
index d843a8b45883..6123e913d0c7 100644
--- a/sys-kernel/rsbac-sources/ChangeLog
+++ b/sys-kernel/rsbac-sources/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-kernel/rsbac-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.11 2004/07/15 01:01:34 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.12 2004/07/16 17:08:06 kang Exp $
+
+*rsbac-sources-2.4.26-r3 (16 Jul 2004)
+
+  16 Jul 2004; Guillaume Destuynder <kang@gentoo.org>:
+  +files/rsbac-sources-CAN-2004-0497.patch,
+  ++rsbac-sources-2.4.26-r3.ebuild,
+  -rsbac-sources-2.4.26-r2.ebuild,
+  -rsbac-sources-2.4.26-r1.ebuild:
+  Fixes CAN 0497 and #56479
 
 *rsbac-sources-2.4.26-r2 (30 Jun 2004)
 
diff --git a/sys-kernel/rsbac-sources/Manifest b/sys-kernel/rsbac-sources/Manifest
index e9f98fa6aa5b..c7aa9795d869 100644
--- a/sys-kernel/rsbac-sources/Manifest
+++ b/sys-kernel/rsbac-sources/Manifest
@@ -1,9 +1,10 @@
-MD5 99e5dd8d006e354060a8191d2d98b481 rsbac-sources-2.4.26-r2.ebuild 1359
-MD5 c74ba989ea26d7bc7ff36cedad0046a2 rsbac-sources-2.4.26-r1.ebuild 1323
-MD5 59499208fa798185c78c5487907c053d ChangeLog 959
 MD5 fee9abc7797fef753c42454679bae9a7 metadata.xml 456
-MD5 0f66013f643c79c97fda489618a4e2fd files/rsbac-sources-2.4.CAN-2004-0535.patch 476
-MD5 dc18e982f8149588a291956481885a8c files/rsbac-sources-2.4.CAN-2004-0495.patch 17549
+MD5 661ea164c68ada28c6c7da72a8fbb028 rsbac-sources-2.4.26-r3.ebuild 1398
+MD5 c4c8690ebc8d445fc2172a54b7fa5400 ChangeLog 1233
 MD5 6f7531a1113b6ecc54c506b918d40e95 files/digest-rsbac-sources-2.4.26-r1 207
 MD5 6f7531a1113b6ecc54c506b918d40e95 files/digest-rsbac-sources-2.4.26-r2 207
+MD5 dc18e982f8149588a291956481885a8c files/rsbac-sources-2.4.CAN-2004-0495.patch 17549
+MD5 0f66013f643c79c97fda489618a4e2fd files/rsbac-sources-2.4.CAN-2004-0535.patch 476
 MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-sources-v1.2.3-3.patch 557
+MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/rsbac-sources-CAN-2004-0497.patch 707
+MD5 6f7531a1113b6ecc54c506b918d40e95 files/digest-rsbac-sources-2.4.26-r3 207
diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r2 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r2
deleted file mode 100644
index 2d70a2ab07f6..000000000000
--- a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r2
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389
-MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127
-MD5 26604fdd9cc696510c65b5db124c7527 rsbac-patches-2.4-26.7.tar.bz2 294589
diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r1 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r3
index 2d70a2ab07f6..2d70a2ab07f6 100644
--- a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r1
+++ b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r3
diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch
new file mode 100644
index 000000000000..9503e9efe57b
--- /dev/null
+++ b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch
@@ -0,0 +1,23 @@
+# ChangeSet
+#
+# fs/attr.c
+#   2004/07/03 18:28:30-03:00 marcelo@logos.cnet +1 -0
+#   Thomas Biege: Fix missing DAC check on sys_chown
+# 
+# fs/attr.c
+#   2004/07/03 19:28:29-03:00 marcelo@logos.cnet +1 -1
+#   Add missing bracket to inode_change_ok() fix
+# 
+diff -Nru a/fs/attr.c b.plasmaroo/fs/attr.c
+--- a/fs/attr.c	2004-07-08 17:05:20 -07:00
++++ b.plasmaroo/fs/attr.c	2004-07-08 17:05:20 -07:00
+@@ -35,7 +35,8 @@
+ 
+ 	/* Make sure caller can chgrp. */
+ 	if ((ia_valid & ATTR_GID) &&
+-	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
++	    (current->fsuid != inode->i_uid ||
++	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
+ 	    !capable(CAP_CHOWN))
+ 		goto error;
+ 
diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r3.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r3.ebuild
new file mode 100644
index 000000000000..a0bd563baefc
--- /dev/null
+++ b/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r3.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r3.ebuild,v 1.1 2004/07/16 17:08:06 kang Exp $
+
+IUSE=""
+ETYPE="sources"
+inherit kernel-2
+detect_version
+
+# rsbac 
+RSBACV=1.2.3
+RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2"
+
+# rsbac kernel patches
+RGPV=26.7
+RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 http://dev.gentoo.org/~zhware/rsbac/v${RSBACV}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2"
+
+UNIPATCH_STRICTORDER="yes"
+UNIPATCH_LIST="	${FILESDIR}/${PN}-2.4.CAN-2004-0495.patch
+	${FILESDIR}/${PN}-2.4.CAN-2004-0535.patch
+	${FILESDIR}/${PN}-CAN-2004-0497.patch
+	${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2
+	${FILESDIR}/${PN}-v1.2.3-3.patch"
+UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README"
+
+HOMEPAGE="http://hardened.gentoo.org/rsbac"
+DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
+
+SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC}"
+KEYWORDS="~x86"
+
+
+src_unpack() {
+	universal_unpack
+	cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2
+	unipatch "${UNIPATCH_LIST}"
+	[ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion
+	unpack_2_4
+}
+
+pkg_postinst() {
+	postinst_sources
+}