diff options
| author |   Tim Yamin <plasmaroo@gentoo.org> | 2004-07-09 13:56:32 +0000 |
|---|---|---|
| committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-07-09 13:56:32 +0000 |
| commit | b4a6c1302bfb9367e4c10c65e3b441af1aa60450 (patch) | |
| tree | 2d165750e9a31e4553dfc86f282f3b07ffb62b58 /sys-kernel/aa-sources | |
| parent | added metadata (Manifest recommit) (diff) | |
| download | gentoo-2-b4a6c1302bfb9367e4c10c65e3b441af1aa60450.tar.gz gentoo-2-b4a6c1302bfb9367e4c10c65e3b441af1aa60450.tar.bz2 gentoo-2-b4a6c1302bfb9367e4c10c65e3b441af1aa60450.zip | |
Patched for attribute vulnerabilities, bug #56479.
Diffstat (limited to 'sys-kernel/aa-sources')
5 files changed, 85 insertions, 4 deletions
diff --git a/sys-kernel/aa-sources/ChangeLog b/sys-kernel/aa-sources/ChangeLog index 2af8e1030fef..c2bcd3f84a4c 100644 --- a/sys-kernel/aa-sources/ChangeLog +++ b/sys-kernel/aa-sources/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-kernel/aa-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.43 2004/06/30 17:56:49 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.44 2004/07/09 13:56:32 plasmaroo Exp $ + + 09 Jul 2004; <plasmaroo@gentoo.org> aa-sources-2.4.23-r2.ebuild, + aa-sources-2.6.5-r5.ebuild, +files/aa-sources-2.6.5.ProcPerms.patch, + +files/aa-sources.CAN-2004-0497.patch: + Patched for attribute vulnerabilities, bug #56479. 30 Jun 2004; <plasmaroo@gentoo.org> aa-sources-2.6.5-r5.ebuild, +files/aa-sources-2.6.5.IPTables-RDoS.patch: diff --git a/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild b/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild index 33543c3db493..819b3438ad97 100644 --- a/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild +++ b/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild,v 1.10 2004/06/29 17:10:53 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild,v 1.11 2004/07/09 13:56:32 plasmaroo Exp $ IUSE="" @@ -70,6 +70,7 @@ src_unpack() { epatch ${FILESDIR}/${P}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" epatch ${FILESDIR}/${P}.CAN-2004-0427.patch || die "Failed to add the CAN-2004-0427 patch!" epatch ${FILESDIR}/${P}.CAN-2004-0495.patch || die "Failed to add the CAN-2004-0495 patch!" + epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!" epatch ${FILESDIR}/${P}.CAN-2004-0535.patch || die "Failed to add the CAN-2004-0535 patch!" epatch ${FILESDIR}/${P}.rtc_fix.patch || die "Failed to apply RTC patch!" epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!" diff --git a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild index 34577d4161c2..87eaeb02fa71 100644 --- a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild +++ b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild @@ -1,8 +1,8 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.6 2004/06/30 17:56:49 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.7 2004/07/09 13:56:32 plasmaroo Exp $ -UNIPATCH_LIST="${DISTDIR}/${KV}.bz2 ${FILESDIR}/${P}.CAN-2004-0075.patch ${FILESDIR}/${P}.CAN-2004-0228.patch ${FILESDIR}/${P}.CAN-2004-0229.patch ${FILESDIR}/${P}.CAN-2004-0427.patch ${FILESDIR}/${P}.FPULockup-53804.patch ${FILESDIR}/${P}.IPTables-RDoS.patch" +UNIPATCH_LIST="${DISTDIR}/${KV}.bz2 ${FILESDIR}/${P}.CAN-2004-0075.patch ${FILESDIR}/${P}.CAN-2004-0228.patch ${FILESDIR}/${P}.CAN-2004-0229.patch ${FILESDIR}/${P}.CAN-2004-0427.patch ${FILESDIR}/${PN}.CAN-2004-0497.patch ${FILESDIR}/${P}.FPULockup-53804.patch ${FILESDIR}/${P}.IPTables-RDoS.patch ${FILESDIR}/${P}.ProcPerms.patch" K_PREPATCHED="yes" UNIPATCH_STRICTORDER="yes" diff --git a/sys-kernel/aa-sources/files/aa-sources-2.6.5.ProcPerms.patch b/sys-kernel/aa-sources/files/aa-sources-2.6.5.ProcPerms.patch new file mode 100644 index 000000000000..d90b8d1815d4 --- /dev/null +++ b/sys-kernel/aa-sources/files/aa-sources-2.6.5.ProcPerms.patch @@ -0,0 +1,49 @@ +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2004/07/02 18:48:26-07:00 chrisw@osdl.org +# [PATCH] check attr updates in /proc +# +# Any proc entry with default proc_file_inode_operations allow unauthorized +# attribute updates. This is very dangerous for proc entries that rely +# solely on file permissions for open/read/write. +# +# Signed-off-by: Chris Wright <chrisw@osdl.org> +# Signed-off-by: Linus Torvalds <torvalds@osdl.org> +# +# fs/proc/generic.c +# 2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7 +# check attr updates in /proc +# +diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c +--- a/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 ++++ b/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 +@@ -231,14 +231,21 @@ + static int proc_notify_change(struct dentry *dentry, struct iattr *iattr) + { + struct inode *inode = dentry->d_inode; +- int error = inode_setattr(inode, iattr); +- if (!error) { +- struct proc_dir_entry *de = PDE(inode); +- de->uid = inode->i_uid; +- de->gid = inode->i_gid; +- de->mode = inode->i_mode; +- } ++ struct proc_dir_entry *de = PDE(inode); ++ int error; + ++ error = inode_change_ok(inode, iattr); ++ if (error) ++ goto out; ++ ++ error = inode_setattr(inode, iattr); ++ if (error) ++ goto out; ++ ++ de->uid = inode->i_uid; ++ de->gid = inode->i_gid; ++ de->mode = inode->i_mode; ++out: + return error; + } + diff --git a/sys-kernel/aa-sources/files/aa-sources.CAN-2004-0497.patch b/sys-kernel/aa-sources/files/aa-sources.CAN-2004-0497.patch new file mode 100644 index 000000000000..41b3196f84ea --- /dev/null +++ b/sys-kernel/aa-sources/files/aa-sources.CAN-2004-0497.patch @@ -0,0 +1,26 @@ +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2004/07/02 20:55:04-07:00 chrisw@osdl.org +# [PATCH] chown permission check fix for ATTR_GID +# +# SuSE discovered this problem with chown and ATTR_GID. Make sure user +# is authorized to change the group, CAN-2004-0497. +# +# fs/attr.c +# 2004/07/02 09:07:32-07:00 chrisw@osdl.org +2 -1 +# chown permission check fix for ATTR_GID +# +diff -Nru a/fs/attr.c b/fs/attr.c +--- a/fs/attr.c 2004-07-08 16:35:57 -07:00 ++++ b/fs/attr.c 2004-07-08 16:35:57 -07:00 +@@ -35,7 +35,8 @@ + + /* Make sure caller can chgrp. */ + if ((ia_valid & ATTR_GID) && +- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && ++ (current->fsuid != inode->i_uid || ++ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && + !capable(CAP_CHOWN)) + goto error; + |