diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-02-18 18:07:50 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-02-18 18:07:50 +0000 |
commit | d9aeac6a9654ab935ccba8e87cfe0942454ae51b (patch) | |
tree | 143956d203069af0f3c355b2d35075642e9d84b0 | |
parent | added ~amd64 keyword. (Manifest recommit) (diff) | |
download | gentoo-2-d9aeac6a9654ab935ccba8e87cfe0942454ae51b.tar.gz gentoo-2-d9aeac6a9654ab935ccba8e87cfe0942454ae51b.tar.bz2 gentoo-2-d9aeac6a9654ab935ccba8e87cfe0942454ae51b.zip |
Added the patch for the mremap/munmap vulnerability. Bug #42024.
4 files changed, 113 insertions, 1 deletions
diff --git a/sys-kernel/alpha-sources/ChangeLog b/sys-kernel/alpha-sources/ChangeLog index f0e1603b3bc5..b5806bc6b767 100644 --- a/sys-kernel/alpha-sources/ChangeLog +++ b/sys-kernel/alpha-sources/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-kernel/alpha-sources # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/ChangeLog,v 1.19 2004/02/06 17:25:17 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/ChangeLog,v 1.20 2004/02/18 18:07:49 plasmaroo Exp $ + +*alpha-sources-2.4.21-r4 (18 Feb 2004) + + 18 Feb 2004; <plasmaroo@gentoo.org> alpha-sources-2.4.21-r4.ebuild, + files/alpha-sources.munmap.patch: + Added the patch for the mremap/munmap vulnerability. Bug #42024. *alpha-sources-2.4.21-r3 (06 Feb 2004) diff --git a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r4.ebuild b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r4.ebuild new file mode 100644 index 000000000000..cf953919fb6d --- /dev/null +++ b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r4.ebuild @@ -0,0 +1,77 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/alpha-sources-2.4.21-r4.ebuild,v 1.1 2004/02/18 18:07:49 plasmaroo Exp $ + +#OKV=original kernel version, KV=patched kernel version. They can be the same. + +IUSE="build crypt usagi" +ETYPE="sources" +inherit kernel +OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" +EXTRAVERSION="-${PN/-*/}" +[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" +KV="${OKV}${EXTRAVERSION}" + +S=${WORKDIR}/linux-${KV} + +DESCRIPTION="Full sources for the Gentoo Linux Alpha kernel" +SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 + mirror://gentoo/patches-${KV/r4/r3}.tar.bz2" +SLOT="${KV}" +KEYWORDS="alpha -sparc -x86 -ppc -hppa -mips -arm" + +src_unpack() { + unpack ${A} + mv linux-${OKV} linux-${KV} || die + cd ${WORKDIR}/${KV/r4/r1} + + # This is the crypt USE flag, keeps {USAGI/superfreeswan/patch-int/loop-jari} + if [ -z "`use crypt`" ]; then + einfo "No Cryptographic support, dropping patches..." + for file in 6* 8* ;do + einfo "Dropping ${file}..." + rm -f ${file} + done + else + einfo "Cryptographic patches will be applied" + fi + + # This is the usagi USE flag, keeps USAGI, drops + # {superfreeswan/patch-int/loop-jari} + # Using USAGI will also cause you to drop all iptables ipv6 + # patches. + if [ -z "`use usagi`" ]; then + einfo "Keeping {superfreeswan/patch-int/loop-jari} patches, dropping USAGI" + for file in 6* ;do + einfo "Dropping ${file}..." + rm -f ${file} + done + else + einfo "Keeping USAGI patch, dropping {superfreeswan/patch-int/loop-jari}" + for file in *.ipv6 8* ;do + einfo "Dropping ${file}..." + rm -f ${file} + done + fi + + kernel_src_unpack + + cd ${S} + epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch the do_brk() vulnerability!" + epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!" + epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!" + epatch ${FILESDIR}/${PN}.munmap.patch || die "Failed to apply munmap patch!" + + # Fix multi-line literal in include/asm-alpha/xor.h -- see bug 38354 + # If this script "dies" then that means it's no longer applicable. + mv include/asm-alpha/xor.h{,.multiline} + awk 'BEGIN { addnl=0; exitstatus=1 } + /^asm\("/ { addnl=1 } + /^"\)/ { addnl=0 } + addnl && !/\\n\\$/ { sub("$", " \\n\\", $0); exitstatus=0 } + { print } + END { exit exitstatus }' \ + <include/asm-alpha/xor.h.multiline >include/asm-alpha/xor.h + assert "awk script failed, probably doesn't apply to ${KV}" + rm -f include/asm-alpha/xor.h.multiline +} diff --git a/sys-kernel/alpha-sources/files/alpha-sources.munmap.patch b/sys-kernel/alpha-sources/files/alpha-sources.munmap.patch new file mode 100644 index 000000000000..e120b35b7adb --- /dev/null +++ b/sys-kernel/alpha-sources/files/alpha-sources.munmap.patch @@ -0,0 +1,27 @@ +diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c +--- linux-2.4.25-rc3/mm/mremap.c 2004-02-18 13:56:01.000000000 +0000 ++++ linux-2.4.25-rc4/mm/mremap.c 2004-02-18 13:49:08.000000000 +0000 +@@ -258,16 +258,20 @@ + if ((addr <= new_addr) && (addr+old_len) > new_addr) + goto out; + +- do_munmap(current->mm, new_addr, new_len); ++ ret = do_munmap(current->mm, new_addr, new_len); ++ if (ret && new_len) ++ goto out; + } + + /* + * Always allow a shrinking remap: that just unmaps + * the unnecessary pages.. + */ +- ret = addr; + if (old_len >= new_len) { +- do_munmap(current->mm, addr+new_len, old_len - new_len); ++ ret = do_munmap(current->mm, addr+new_len, old_len - new_len); ++ if (ret && old_len != new_len) ++ goto out; ++ ret = addr; + if (!(flags & MREMAP_FIXED) || (new_addr == addr)) + goto out; + } diff --git a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r4 b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r4 new file mode 100644 index 000000000000..a17dcc489c19 --- /dev/null +++ b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r4 @@ -0,0 +1,2 @@ +MD5 f51e12efa18bb828cf57d9d4a81b2fb1 linux-2.4.21.tar.bz2 28533733 +MD5 28094d6a3d68f228bda98af459ad1310 patches-2.4.21-alpha-r3.tar.bz2 1696825 |