From c34b15f0e56d7fce6199a0f7ed8cf7589eeb4f0c Mon Sep 17 00:00:00 2001 From: Tim Yamin Date: Wed, 2 Jun 2004 12:48:30 +0000 Subject: Added patches for the CAN-2004-0075, CAN-2004-0181, CAN-2004-0394, and CAN-2004-0427 vulnerabilities. Bug #47881. --- sys-kernel/ia64-sources/ChangeLog | 12 +++- .../files/digest-ia64-sources-2.4.24-r3 | 2 - .../files/digest-ia64-sources-2.4.24-r4 | 2 + .../files/ia64-sources-2.4.24.CAN-2004-0075.patch | 25 ++++++++ .../files/ia64-sources-2.4.24.CAN-2004-0181.patch | 38 ++++++++++++ .../files/ia64-sources-2.4.24.CAN-2004-0394.patch | 11 ++++ .../files/ia64-sources-2.4.24.CAN-2004-0427.patch | 14 +++++ .../ia64-sources/ia64-sources-2.4.24-r3.ebuild | 66 -------------------- .../ia64-sources/ia64-sources-2.4.24-r4.ebuild | 70 ++++++++++++++++++++++ 9 files changed, 170 insertions(+), 70 deletions(-) delete mode 100644 sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r3 create mode 100644 sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r4 create mode 100644 sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0075.patch create mode 100644 sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0181.patch create mode 100644 sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0394.patch create mode 100644 sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0427.patch delete mode 100644 sys-kernel/ia64-sources/ia64-sources-2.4.24-r3.ebuild create mode 100644 sys-kernel/ia64-sources/ia64-sources-2.4.24-r4.ebuild (limited to 'sys-kernel') diff --git a/sys-kernel/ia64-sources/ChangeLog b/sys-kernel/ia64-sources/ChangeLog index 2e35c7484dfe..f423a8057a11 100644 --- a/sys-kernel/ia64-sources/ChangeLog +++ b/sys-kernel/ia64-sources/ChangeLog @@ -1,10 +1,18 @@ # ChangeLog for sys-kernel/ia64-sources # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ia64-sources/ChangeLog,v 1.14 2004/04/27 22:00:40 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ia64-sources/ChangeLog,v 1.15 2004/06/02 12:48:30 plasmaroo Exp $ + +*ia64-sources-2.4.24-r4 (02 Jun 2004) + + 02 Jun 2004; -ia64-sources-2.4.24-r3.ebuild, + +ia64-sources-2.4.24-r4.ebuild, + +files/ia64-sources-2.4.24.CAN-2004-...patch: + Added patches for the CAN-2004-0075, CAN-2004-0181, CAN-2004-0394, and + CAN-2004-0427 vulnerabilities. Bug #47881. 27 Apr 2004; Aron Griffis ia64-sources-2.4.22-r1.ebuild, ia64-sources-2.4.22.ebuild: - Add inherit eutils + Add inherit eutils. *ia64-sources-2.4.24-r3 (17 Apr 2004) diff --git a/sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r3 b/sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r3 deleted file mode 100644 index 2af043964e41..000000000000 --- a/sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r3 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 -MD5 e62d6b4be335b6dbafc535c59833cd1e linux-2.4.24-ia64-040109.diff.bz2 69525 diff --git a/sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r4 b/sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r4 new file mode 100644 index 000000000000..2af043964e41 --- /dev/null +++ b/sys-kernel/ia64-sources/files/digest-ia64-sources-2.4.24-r4 @@ -0,0 +1,2 @@ +MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 +MD5 e62d6b4be335b6dbafc535c59833cd1e linux-2.4.24-ia64-040109.diff.bz2 69525 diff --git a/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0075.patch b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0075.patch new file mode 100644 index 000000000000..5c397deb9c46 --- /dev/null +++ b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0075.patch @@ -0,0 +1,25 @@ +--- linux-2.4.23/drivers/usb/vicam.c 2004-01-26 16:56:32.000000000 +0000 ++++ linux-2.4.25/drivers/usb/vicam.c 2004-04-20 18:15:53.000000000 +0100 +@@ -601,12 +601,19 @@ + case VIDIOCSWIN: + { + +- struct video_window *vw = (struct video_window *) arg; +- DBG("VIDIOCSWIN %d x %d\n", vw->width, vw->height); ++ struct video_window vw; + +- if ( vw->width != 320 || vw->height != 240 ) ++ if (copy_from_user(&vw, arg, sizeof(vw))) ++ { + retval = -EFAULT; ++ break; ++ } ++ ++ DBG("VIDIOCSWIN %d x %d\n", vw->width, vw->height); + ++ if ( vw.width != 320 || vw.height != 240 ) ++ retval = -EFAULT; ++ + break; + } + diff --git a/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0181.patch b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0181.patch new file mode 100644 index 000000000000..5f7f1441b268 --- /dev/null +++ b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0181.patch @@ -0,0 +1,38 @@ +--- linux-2.4.22/fs/jfs/jfs_logmgr.c.jfs-sec 2004-03-23 12:30:35.000000000 -0700 ++++ linux-2.4.22/fs/jfs/jfs_logmgr.c 2004-03-23 13:01:51.000000000 -0700 +@@ -1693,7 +1693,7 @@ + if (lbuf == 0) + goto error; + lbuf->l_bh.b_data = lbuf->l_ldata = +- (char *) __get_free_page(GFP_KERNEL); ++ (char *) get_zeroed_page(GFP_KERNEL); + if (lbuf->l_ldata == 0) { + kfree(lbuf); + goto error; +--- linux-2.4.22/fs/jfs/jfs_metapage.c.jfs-sec 2004-03-23 12:30:48.000000000 -0700 ++++ linux-2.4.22/fs/jfs/jfs_metapage.c 2004-03-23 13:01:51.000000000 -0700 +@@ -375,6 +375,10 @@ + } + mp->data = kmap(mp->page) + page_offset; + } ++ ++ if (new) ++ memset(mp->data, 0, PSIZE); ++ + jfs_info("__get_metapage: returning = 0x%p", mp); + return mp; + +--- linux-2.4.22/fs/jfs/super.c.jfs-sec 2004-03-23 12:31:10.000000000 -0700 ++++ linux-2.4.22/fs/jfs/super.c 2004-03-23 13:01:51.000000000 -0700 +@@ -423,10 +423,10 @@ + + if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == + SLAB_CTOR_CONSTRUCTOR) { ++ memset(jfs_ip, 0, sizeof(struct jfs_inode_info)); + INIT_LIST_HEAD(&jfs_ip->anon_inode_list); + init_rwsem(&jfs_ip->rdwrlock); + init_MUTEX(&jfs_ip->commit_sem); +- jfs_ip->atlhead = 0; + jfs_ip->active_ag = -1; + } + } diff --git a/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0394.patch b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0394.patch new file mode 100644 index 000000000000..273f1a52046f --- /dev/null +++ b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0394.patch @@ -0,0 +1,11 @@ +--- linux-2.4.22-oM3-orig/kernel/panic.c Tue Mar 30 15:37:18 2004 ++++ linux-2.4.22-oM3-mod/kernel/panic.c Mon May 17 18:44:01 2004 +@@ -51,7 +51,7 @@ + + bust_spinlocks(1); + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + printk(KERN_EMERG "Kernel panic: %s\n",buf); + if (in_interrupt()) diff --git a/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0427.patch b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0427.patch new file mode 100644 index 000000000000..ddc9610f67f8 --- /dev/null +++ b/sys-kernel/ia64-sources/files/ia64-sources-2.4.24.CAN-2004-0427.patch @@ -0,0 +1,14 @@ +diff -Nar -U 4 linux-2.4.25/kernel/fork.c linux-2.4.25-new/kernel/fork.c +--- linux-2.4.25/kernel/fork.c 2004-02-18 05:36:32.000000000 -0800 ++++ linux-2.4.25-new/kernel/fork.c 2004-04-07 17:43:29.000000000 -0700 +@@ -825,8 +825,10 @@ + bad_fork_cleanup_namespace: + exit_namespace(p); + bad_fork_cleanup_mm: + exit_mm(p); ++ if (p->active_mm) ++ mmdrop(p->active_mm); + bad_fork_cleanup_sighand: + exit_sighand(p); + bad_fork_cleanup_fs: + exit_fs(p); /* blocking */ diff --git a/sys-kernel/ia64-sources/ia64-sources-2.4.24-r3.ebuild b/sys-kernel/ia64-sources/ia64-sources-2.4.24-r3.ebuild deleted file mode 100644 index a6c51d08ae0c..000000000000 --- a/sys-kernel/ia64-sources/ia64-sources-2.4.24-r3.ebuild +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 1999-2004 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ia64-sources/ia64-sources-2.4.24-r3.ebuild,v 1.1 2004/04/17 11:44:12 plasmaroo Exp $ - -IUSE="" - -# OKV=original kernel version, KV=patched kernel version. They can be the same. - -# Kernel ebuilds using the kernel.eclass can remove any patch that you -# do not want to apply by simply setting the KERNEL_EXCLUDE shell -# variable to the string you want to exclude (for instance -# KERNEL_EXCLUDE="evms" would not patch any patches whose names match -# *evms*). Kernels are only tested in the default configuration, but -# this may be useful if you know that a particular patch is causing a -# conflict with a patch you personally want to apply, or some other -# similar situation. - -ETYPE="sources" - -inherit kernel eutils -OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" -EXTRAVERSION="-${PN/-*/}" -[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" -KV="${OKV}${EXTRAVERSION}" - -S=${WORKDIR}/linux-${KV} - -# Documentation on the patches contained in this kernel will be installed -# to /usr/share/doc/gentoo-sources-${PV}/patches.txt.gz - -#MYCSET="1.1063.2.37-to-1.1088" -MYSNAPSHOT="040109" -DESCRIPTION="Full sources for the Gentoo Kernel." -SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 -mirror://kernel/linux/kernel/ports/ia64/v2.4/linux-${OKV}-ia64-${MYSNAPSHOT}.diff.bz2" - -HOMEPAGE="http://www.gentoo.org/ http://www.kernel.org/" -LICENSE="GPL-2" -KEYWORDS="-* ~ia64" -SLOT="${KV}" - -src_unpack() { - - unpack linux-${OKV}.tar.bz2 - cd ${WORKDIR} - mv linux-${OKV} linux-${KV} || die "Error moving kernel source tree to linux-${KV}" - cd ${WORKDIR}/linux-${KV} -# [ ! -e ${DISTDIR}/cset-${MYCSET}.txt.gz ] && die "patch file not found" -# cat ${DISTDIR}/cset-${MYCSET}.txt.gz | gzip -d | patch -f -p1 - [ ! -e ${DISTDIR}/linux-${OKV}-ia64-${MYSNAPSHOT}.diff.bz2 ] && die "patch not found" - cat ${DISTDIR}/linux-${OKV}-ia64-${MYSNAPSHOT}.diff.bz2 | bzip2 -d | patch -f -p1 - - # 2.4.24 includes the do_brk, mremap and rtc fixes, so those - # patches aren't needed (29 Jan 2004 agriffis) - - epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0010.patch || die "Failed to add the CAN-2004-0010 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!" - epatch ${FILESDIR}/${P}.CAN-2004-0177.patch || die "Failed to add the CAN-2004-0177 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0178.patch || die "Failed to add the CAN-2004-0178 patch!" - kernel_universal_unpack -} - -pkg_postinst() { - kernel_pkg_postinst -} diff --git a/sys-kernel/ia64-sources/ia64-sources-2.4.24-r4.ebuild b/sys-kernel/ia64-sources/ia64-sources-2.4.24-r4.ebuild new file mode 100644 index 000000000000..a6830b2fb9f8 --- /dev/null +++ b/sys-kernel/ia64-sources/ia64-sources-2.4.24-r4.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ia64-sources/ia64-sources-2.4.24-r4.ebuild,v 1.1 2004/06/02 12:48:30 plasmaroo Exp $ + +IUSE="" + +# OKV=original kernel version, KV=patched kernel version. They can be the same. + +# Kernel ebuilds using the kernel.eclass can remove any patch that you +# do not want to apply by simply setting the KERNEL_EXCLUDE shell +# variable to the string you want to exclude (for instance +# KERNEL_EXCLUDE="evms" would not patch any patches whose names match +# *evms*). Kernels are only tested in the default configuration, but +# this may be useful if you know that a particular patch is causing a +# conflict with a patch you personally want to apply, or some other +# similar situation. + +ETYPE="sources" + +inherit kernel eutils +OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" +EXTRAVERSION="-${PN/-*/}" +[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" +KV="${OKV}${EXTRAVERSION}" + +S=${WORKDIR}/linux-${KV} + +# Documentation on the patches contained in this kernel will be installed +# to /usr/share/doc/gentoo-sources-${PV}/patches.txt.gz + +#MYCSET="1.1063.2.37-to-1.1088" +MYSNAPSHOT="040109" +DESCRIPTION="Full sources for the Gentoo Kernel." +SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 +mirror://kernel/linux/kernel/ports/ia64/v2.4/linux-${OKV}-ia64-${MYSNAPSHOT}.diff.bz2" + +HOMEPAGE="http://www.gentoo.org/ http://www.kernel.org/" +LICENSE="GPL-2" +KEYWORDS="-* ~ia64" +SLOT="${KV}" + +src_unpack() { + + unpack linux-${OKV}.tar.bz2 + cd ${WORKDIR} + mv linux-${OKV} linux-${KV} || die "Error moving kernel source tree to linux-${KV}" + cd ${WORKDIR}/linux-${KV} +# [ ! -e ${DISTDIR}/cset-${MYCSET}.txt.gz ] && die "patch file not found" +# cat ${DISTDIR}/cset-${MYCSET}.txt.gz | gzip -d | patch -f -p1 + [ ! -e ${DISTDIR}/linux-${OKV}-ia64-${MYSNAPSHOT}.diff.bz2 ] && die "patch not found" + cat ${DISTDIR}/linux-${OKV}-ia64-${MYSNAPSHOT}.diff.bz2 | bzip2 -d | patch -f -p1 + + # 2.4.24 includes the do_brk, mremap and rtc fixes, so those + # patches aren't needed (29 Jan 2004 agriffis) + + epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0010.patch || die "Failed to add the CAN-2004-0010 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0075.patch || die "Failed to add the CAN-2004-0075 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0109.patch || die "Failed to add the CAN-2004-0109 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0177.patch || die "Failed to add the CAN-2004-0177 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0178.patch || die "Failed to add the CAN-2004-0178 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0181.patch || die "Failed to add the CAN-2004-0181 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0427.patch || die "Failed to add the CAN-2004-0427 patch!" + kernel_universal_unpack +} + +pkg_postinst() { + kernel_pkg_postinst +} -- cgit v1.2.3-65-gdbad