Fix for the kNFSd security vulnerability, bug #62524 and the CAN-2004-0814 vulnerability, bug #68421.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-11-06 22:13:08 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-11-06 22:13:08 +0000
commit: 529937533f7a00e15023c6dc347fb48999b7bc8d (patch)
tree: d9f3b55175162c8d28eab4f36e57aa032bbdd4c6 /sys-kernel
parent: Removed dnsmasq-2.16 mask (diff)
download: historical-529937533f7a00e15023c6dc347fb48999b7bc8d.tar.gz
historical-529937533f7a00e15023c6dc347fb48999b7bc8d.tar.bz2
historical-529937533f7a00e15023c6dc347fb48999b7bc8d.zip
5 files changed, 72 insertions, 19 deletions
diff --git a/sys-kernel/ck-sources/ChangeLog b/sys-kernel/ck-sources/ChangeLog
index f2a82c9f4d13..959a1d5453bc 100644
--- a/sys-kernel/ck-sources/ChangeLog
+++ b/sys-kernel/ck-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-kernel/ck-sources
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.62 2004/10/29 20:57:55 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.63 2004/11/06 22:13:08 plasmaroo Exp $
+
+*ck-sources-2.4.27-r1 (06 Nov 2004)
+
+  06 Nov 2004; <plasmaroo@gentoo.org> +ck-sources-2.4.27-r1.ebuild,
+  -ck-sources-2.4.27.ebuild, +files/ck-sources-2.4.27.XDRWrapFix.patch:
+  Fix for the kNFSd security vulnerability, bug #62524 and the CAN-2004-0814
+  vulnerability, bug #68421.
 
   29 Oct 2004; Sven Wegener <swegener@gentoo.org> :
   Removed stray digest.
diff --git a/sys-kernel/ck-sources/Manifest b/sys-kernel/ck-sources/Manifest
index 3be4e4d5c126..0021af130967 100644
--- a/sys-kernel/ck-sources/Manifest
+++ b/sys-kernel/ck-sources/Manifest
@@ -1,18 +1,9 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 5d2c91997803f88393f6e4cac7abf1fb ChangeLog 11844
-MD5 7187b8c28501f454a2412c9e4a7fcf53 metadata.xml 421
-MD5 530dc5ea30a7af47c529ecb328cec60b ck-sources-2.4.27.ebuild 748
+MD5 a591f55a7ed17620d5aac3e4c06fe639 ChangeLog 12129
 MD5 96b134cb2ba3fa0249b9774778dcc9ed ck-sources-2.6.9-r2.ebuild 1102
-MD5 d4a740ae56c2049247083af387a22a85 files/ck-sources-2.4.27.CAN-2004-0394.patch 350
+MD5 7187b8c28501f454a2412c9e4a7fcf53 metadata.xml 421
+MD5 fb6921791ef540d1bc7acc720aaa2432 ck-sources-2.4.27-r1.ebuild 942
+MD5 2b3ddb8b8b15f8da35ade38544b57857 files/ck-sources-2.4.27.XDRWrapFix.patch 1499
 MD5 d1ccc2047be533c992f67270a150a210 files/ck-sources-2.4.27.cmdlineLeak.patch 388
-MD5 9871695c91e35f1c48144f407ce4a119 files/digest-ck-sources-2.4.27 133
+MD5 6c1f4ba5770479e58572d37b03b89930 files/digest-ck-sources-2.4.27-r1 214
 MD5 6c6bc9269b5a3cddd6786805a04e40a1 files/digest-ck-sources-2.6.9-r2 129
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
-
-iD8DBQFBgq7dI1lqEGTUzyQRAjPeAKDFMoKSndij+xvuVrWOd8MGuxqh0gCgrvT1
-VdAJ9813IeX7eEhnYaid+sU=
-=ekO9
------END PGP SIGNATURE-----
+MD5 d4a740ae56c2049247083af387a22a85 files/ck-sources-2.4.27.CAN-2004-0394.patch 350
diff --git a/sys-kernel/ck-sources/ck-sources-2.4.27.ebuild b/sys-kernel/ck-sources/ck-sources-2.4.27-r1.ebuild
index 0e6ed96d584b..5f0cda3fa69d 100644
--- a/sys-kernel/ck-sources/ck-sources-2.4.27.ebuild
+++ b/sys-kernel/ck-sources/ck-sources-2.4.27-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.27.ebuild,v 1.1 2004/10/13 21:12:28 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.27-r1.ebuild,v 1.1 2004/11/06 22:13:08 plasmaroo Exp $
 
 ETYPE="sources"
 inherit kernel-2
@@ -11,11 +11,15 @@ CKV="1"
 
 KEYWORDS="~x86 -ppc"
 IUSE=""
+UNIPATCH_STRICTORDER='Y'
 UNIPATCH_LIST="${DISTDIR}/patch-${PV}-lck${CKV}.bz2
+	${DISTDIR}/${P}-CAN-2004-0814.patch
 	${FILESDIR}/${P}.CAN-2004-0394.patch
-	${FILESDIR}/${P}.cmdlineLeak.patch"
+	${FILESDIR}/${P}.cmdlineLeak.patch
+	${FILESDIR}/${P}.XDRWrapFix.patch"
 
 DESCRIPTION="Full sources for the Stock Linux kernel Con Kolivas's high performance patchset"
 HOMEPAGE="http://members.optusnet.com.au/ckolivas/kernel/"
 SRC_URI="${KERNEL_URI}
-	http://www.plumlocosoft.com/kernel/patches/2.4/${PV}/${PV}-lck${CKV}/patch-${PV}-lck${CKV}.bz2"
+	http://www.plumlocosoft.com/kernel/patches/2.4/${PV}/${PV}-lck${CKV}/patch-${PV}-lck${CKV}.bz2
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${P}-CAN-2004-0814.patch"
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.4.27.XDRWrapFix.patch b/sys-kernel/ck-sources/files/ck-sources-2.4.27.XDRWrapFix.patch
new file mode 100644
index 000000000000..9a336ab7876a
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.4.27.XDRWrapFix.patch
@@ -0,0 +1,48 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/08/16 14:50:04-03:00 neilb@cse.unsw.edu.au 
+#   [PATCH] Fixed possibly xdr parsing error if write size exceed 2^31
+#   
+#   xdr_argsize_check needs to cope with the possibility that the
+#   pointer has wrapped and could be below buf->base.
+#   
+#   Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
+#   
+#   ### Diffstat output
+#    ./fs/nfsd/nfs3xdr.c         |    2 +-
+#    ./include/linux/nfsd/xdr3.h |    2 +-
+#    2 files changed, 2 insertions(+), 2 deletions(-)
+# 
+# fs/nfsd/nfs3xdr.c
+#   2004/08/14 00:23:06-03:00 neilb@cse.unsw.edu.au +1 -1
+#   Fixed possibly xdr parsing error if write size exceed 2^31
+# 
+# include/linux/nfsd/xdr3.h
+#   2004/08/15 20:48:43-03:00 neilb@cse.unsw.edu.au +1 -1
+#   Fixed possibly xdr parsing error if write size exceed 2^31
+# 
+diff -Nru a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
+--- a/fs/nfsd/nfs3xdr.c	2004-09-06 11:20:28 -07:00
++++ b/fs/nfsd/nfs3xdr.c	2004-09-06 11:20:28 -07:00
+@@ -273,7 +273,7 @@
+ {
+ 	struct svc_buf	*buf = &rqstp->rq_argbuf;
+ 
+-	return p - buf->base <= buf->buflen;
++	return p >= buf->base && p <= buf->base + buf->buflen ;
+ }
+ 
+ static inline int
+diff -Nru a/include/linux/nfsd/xdr3.h b/include/linux/nfsd/xdr3.h
+--- a/include/linux/nfsd/xdr3.h	2004-09-06 11:20:28 -07:00
++++ b/include/linux/nfsd/xdr3.h	2004-09-06 11:20:28 -07:00
+@@ -41,7 +41,7 @@
+ 	__u32			count;
+ 	int			stable;
+ 	__u8 *			data;
+-	int			len;
++	__u32			len;
+ };
+ 
+ struct nfsd3_createargs {
diff --git a/sys-kernel/ck-sources/files/digest-ck-sources-2.4.27-r1 b/sys-kernel/ck-sources/files/digest-ck-sources-2.4.27-r1
new file mode 100644
index 000000000000..5948d7ba8f77
--- /dev/null
+++ b/sys-kernel/ck-sources/files/digest-ck-sources-2.4.27-r1
@@ -0,0 +1,3 @@
+MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453
+MD5 8c9411ff7fe5653ea1b1680df6bc44af patch-2.4.27-lck1.bz2 382759
+MD5 4bba6b55e45458231bce97b887549916 ck-sources-2.4.27-CAN-2004-0814.patch 82130
author	Tim Yamin <plasmaroo@gentoo.org>	2004-11-06 22:13:08 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-11-06 22:13:08 +0000
commit	529937533f7a00e15023c6dc347fb48999b7bc8d (patch)
tree	d9f3b55175162c8d28eab4f36e57aa032bbdd4c6 /sys-kernel
parent	Removed dnsmasq-2.16 mask (diff)
download	historical-529937533f7a00e15023c6dc347fb48999b7bc8d.tar.gz historical-529937533f7a00e15023c6dc347fb48999b7bc8d.tar.bz2 historical-529937533f7a00e15023c6dc347fb48999b7bc8d.zip