diff options
author | 2004-08-04 18:41:10 +0000 | |
---|---|---|
committer | 2004-08-04 18:41:10 +0000 | |
commit | ebe50d002843c2b3ce681e523f652db8b3f610ea (patch) | |
tree | 087ed2c03a1d64ee0e75b178f8fc1d8cb03dd3b4 /sys-kernel/grsec-sources | |
parent | version bump (diff) | |
download | historical-ebe50d002843c2b3ce681e523f652db8b3f610ea.tar.gz historical-ebe50d002843c2b3ce681e523f652db8b3f610ea.tar.bz2 historical-ebe50d002843c2b3ce681e523f652db8b3f610ea.zip |
security bump - file offset pointer handling vulnerability - bug 59378
Diffstat (limited to 'sys-kernel/grsec-sources')
-rw-r--r-- | sys-kernel/grsec-sources/ChangeLog | 7 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/Manifest | 4 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 | 3 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild | 102 |
4 files changed, 114 insertions, 2 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index 3fda38c4d346..ed42ba41949d 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.28 2004/07/11 13:15:04 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.29 2004/08/04 18:41:10 solar Exp $ + +*grsec-sources-2.4.26.2.0-r7 (04 Aug 2004) + + 04 Aug 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r7.ebuild: + security bump - file offset pointer handling vulnerability - bug 59378 11 Jul 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r6.ebuild, files/2.4.26-fchown-attr.patch, files/openmosix-sources.CAN-2004-0497.patch: diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest index 6bae547f18f8..40f96f4b8264 100644 --- a/sys-kernel/grsec-sources/Manifest +++ b/sys-kernel/grsec-sources/Manifest @@ -1,7 +1,8 @@ +MD5 49c9741593c223ee98f6ce3b3d6b6ef2 grsec-sources-2.4.26.2.0-r7.ebuild 3568 MD5 b969d312ac4266769ab295c44748ffc4 grsec-sources-2.4.26.2.0-r4.ebuild 3065 MD5 22d142953a39883a2c9c839978510f9d grsec-sources-2.4.26.2.0-r6.ebuild 3331 MD5 ea8807d44eed01d93f651bd7254e3a83 grsec-sources-2.4.26.2.0-r3.ebuild 2817 -MD5 4d8a2837376522d81b68a20bd3ac70ce ChangeLog 6002 +MD5 e3749af61aed899c571a82bdb2887b46 ChangeLog 6190 MD5 140d8af1d66f9f6cd030e7d9902f38d9 metadata.xml 478 MD5 d1056a17aa337464259468e329785e46 grsec-sources-2.4.26.2.0-r5.ebuild 3181 MD5 c47b7075dd1e065b09bb08936c1901a1 files/2.4.26-signal-race.patch 365 @@ -16,3 +17,4 @@ MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r3 14 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r4 143 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r5 143 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r6 143 +MD5 2dc3a7f7f036e87ce4af63af31989311 files/digest-grsec-sources-2.4.26.2.0-r7 219 diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 new file mode 100644 index 000000000000..fcb8a32fc613 --- /dev/null +++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 @@ -0,0 +1,3 @@ +MD5 9a6adfd65720201d600bf05e884cd78a grsecurity-2.0-2.4.26.patch.bz2 104358 +MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389 +MD5 8f8f2412aacf9a01b5549bf2a9a3bff8 linux-2.4.26-CAN-2004-0415.patch 90145 diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild new file mode 100644 index 000000000000..afca710722bc --- /dev/null +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild,v 1.1 2004/08/04 18:41:10 solar Exp $ + +# We control what versions of what we download based on the KEYWORDS we +# are using for the various arches. Thus if we want grsec1 stable we run +# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the +# grsec-2.0-preX which has alot more features. + +# the only thing that should ever differ in one of these 1.9.x ebuilds +# and 2.x of the same kernel version is the KEYWORDS and header. +# shame cvs symlinks don't exist + +ETYPE="sources" +IUSE="" + +inherit eutils kernel + +[ "$OKV" == "" ] && OKV="2.4.26" + +PATCH_BASE="${PV/${OKV}./}" +PATCH_BASE="${PATCH_BASE/_/-}" +EXTRAVERSION="-grsec-${PATCH_BASE}" +KV="${OKV}${EXTRAVERSION}" + +PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch.bz2" + +# hppa takes a special patch and usually has play catch up between +# versions of this package. +HPPA_SRC_URI="" +if [ "${ARCH}" == "hppa" ]; then + PARISC_KERNEL_VERSION="pa1" + KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}" + HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz" + HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC_BASE}" + PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}" +fi + +DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" + +CAN_PATCHES="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch" + +SRC_URI="mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2 \ + http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}" + + +HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" + +KEYWORDS="x86 sparc ppc alpha amd64 -hppa" + +SLOT="${KV}" +S="${WORKDIR}/linux-${KV}" + +src_unpack() { + unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel" + mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel" + cd linux-"${KV}" || die "unable to cd into the kernel source tree" + + patch_grsec_kernel + + mkdir docs + touch docs/patches.txt + kernel_universal_unpack + +} + +patch_grsec_kernel() { + # users are often confused by what settings should be set. + # so we provide an example of what a P4 desktop would look like. + cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config + + + [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File ${PATCH_SRC_BASE} does not exist?" + ebegin "Patching the kernel with ${PATCH_SRC_BASE}" + case "${ARCH}" in + hppa) zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; + *) bzcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; + esac + [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}" + eend 0 + + # fix format string problem in panic() + epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch + # Fix local DoS bug #53804 + epatch ${FILESDIR}/2.4.26-signal-race.patch + + # i2c integer overflow vulnerability during the allocation of memory + #epatch ${FILESDIR}/2.4.26-i2cproc_bus_read.patch + + # patch to force randomization to always at least PAGE_SIZE big. + epatch ${FILESDIR}/2.4.26-pax-binfmt_elf-page-size.patch + + epatch ${FILESDIR}/gentoo-sources-2.4.CAN-2004-0495.patch + epatch ${FILESDIR}/gentoo-sources-2.4.CAN-2004-0535.patch + + # Bug 56479 - fchown-attr + epatch ${FILESDIR}/openmosix-sources.CAN-2004-0497.patch + + # file offset pointer handling vulnerability - Bug 59378 + epatch ${DISTDIR}/linux-2.4.26-CAN-2004-0415.patch +} + |