diff options
author | Joshua Brindle <method@gentoo.org> | 2004-11-01 14:03:44 +0000 |
---|---|---|
committer | Joshua Brindle <method@gentoo.org> | 2004-11-01 14:03:44 +0000 |
commit | 528fee913572c9cc034e5a8025a8744fa55505b5 (patch) | |
tree | aab8491cd3c6c0dce41811640c1ce0ff76bd2873 /sys-kernel/hardened-dev-sources | |
parent | [5~add security fix on 64bit platforms, bug #69662 (Manifest recommit) (diff) | |
download | gentoo-2-528fee913572c9cc034e5a8025a8744fa55505b5.tar.gz gentoo-2-528fee913572c9cc034e5a8025a8744fa55505b5.tar.bz2 gentoo-2-528fee913572c9cc034e5a8025a8744fa55505b5.zip |
version bump for CAN-2004-0816
Diffstat (limited to 'sys-kernel/hardened-dev-sources')
-rw-r--r-- | sys-kernel/hardened-dev-sources/ChangeLog | 9 | ||||
-rw-r--r-- | sys-kernel/hardened-dev-sources/Manifest | 11 | ||||
-rw-r--r-- | sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r10 (renamed from sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r9) | 0 | ||||
-rw-r--r-- | sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch | 44 | ||||
-rw-r--r-- | sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild (renamed from sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild) | 5 |
5 files changed, 62 insertions, 7 deletions
diff --git a/sys-kernel/hardened-dev-sources/ChangeLog b/sys-kernel/hardened-dev-sources/ChangeLog index 84943e802d5e..a4e4b566c4a6 100644 --- a/sys-kernel/hardened-dev-sources/ChangeLog +++ b/sys-kernel/hardened-dev-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/hardened-dev-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.40 2004/10/16 19:15:51 method Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.41 2004/11/01 14:03:44 method Exp $ + +*hardened-dev-sources-2.6.7-r10 (01 Nov 2004) + + 01 Nov 2004; Joshua Brindle <method@gentoo.org> + hardened-dev-sources-2.6.7-r10.ebuild, hardened-dev-sources-2.6.7-r9.ebuild, + files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch: + Add CAN-2004-0816 iptables patch *hardened-dev-sources-2.6.7-r9 (16 Oct 2004) diff --git a/sys-kernel/hardened-dev-sources/Manifest b/sys-kernel/hardened-dev-sources/Manifest index c3ef914d4252..1331e966fbb1 100644 --- a/sys-kernel/hardened-dev-sources/Manifest +++ b/sys-kernel/hardened-dev-sources/Manifest @@ -1,9 +1,12 @@ -MD5 daa20bf7db5ecf989bdc9af98c9865fe ChangeLog 6863 -MD5 6ceac5877bbf8ffb6523d3d671031b73 hardened-dev-sources-2.6.7-r7.ebuild 1089 -MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092 MD5 acc96490301c95a056b351e566342103 hardened-dev-sources-2.6.7-r9.ebuild 1085 +MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092 +MD5 90036b29f8c2adb1ac2814c79a8eb489 hardened-dev-sources-2.6.7-r10.ebuild 1158 +MD5 daa20bf7db5ecf989bdc9af98c9865fe ChangeLog 6863 MD5 73174f8e07b82c5df563b7196f87611c metadata.xml 299 +MD5 6ceac5877bbf8ffb6523d3d671031b73 hardened-dev-sources-2.6.7-r7.ebuild 1089 +MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r10 219 +MD5 bc48c226344f94535c3ba2e0ce55bf24 files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch 1694 +MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033 MD5 efbbfbed471c50333a8c2fd2f2b0b061 files/digest-hardened-dev-sources-2.6.7-r7 219 MD5 0f763833ebbcbf0f2a8ac151454c3b29 files/digest-hardened-dev-sources-2.6.7-r8 219 MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r9 219 -MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033 diff --git a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r9 b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r10 index 3ac31c5a42bf..3ac31c5a42bf 100644 --- a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r9 +++ b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r10 diff --git a/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch b/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch new file mode 100644 index 000000000000..2cf3599efc47 --- /dev/null +++ b/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch @@ -0,0 +1,44 @@ +Subject: Prevent ICMP crash in netfilter logging +From: Olaf Kirch <okir@suse.de> +References: 46016 + +This patch fixes a remotely triggerable crash in the netfilter code +when looking at ICMP unreachables. It dies when trying to copy +BIGNUM bytes... + +Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c +=================================================================== +--- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c 2004-02-19 11:36:37.000000000 +0100 ++++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c 2004-09-24 15:48:54.000000000 +0200 +@@ -71,7 +71,7 @@ + printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET); + + if ((info->logflags & IPT_LOG_IPOPT) +- && iph.ihl * 4 != sizeof(struct iphdr)) { ++ && iph.ihl * 4 > sizeof(struct iphdr)) { + unsigned char opt[4 * 15 - sizeof(struct iphdr)]; + unsigned int i, optsize; + +@@ -138,7 +138,7 @@ + printk("URGP=%u ", ntohs(tcph.urg_ptr)); + + if ((info->logflags & IPT_LOG_TCPOPT) +- && tcph.doff * 4 != sizeof(struct tcphdr)) { ++ && tcph.doff * 4 > sizeof(struct tcphdr)) { + unsigned char opt[4 * 15 - sizeof(struct tcphdr)]; + unsigned int i, optsize; + +Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c +=================================================================== +--- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:47:00.000000000 +0200 ++++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:48:35.000000000 +0200 +@@ -188,7 +188,7 @@ + printk("URGP=%u ", ntohs(tcph->urg_ptr)); + + if ((info->logflags & IP6T_LOG_TCPOPT) +- && tcph->doff * 4 != sizeof(struct tcphdr)) { ++ && tcph->doff * 4 > sizeof(struct tcphdr)) { + unsigned int i; + + /* Max length: 127 "OPT (" 15*4*2chars ") " */ + diff --git a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild index f0c000249998..e174101a2430 100644 --- a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild +++ b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild,v 1.2 2004/10/31 04:18:43 lv Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild,v 1.1 2004/11/01 14:03:44 method Exp $ IUSE="" ETYPE="sources" @@ -17,7 +17,8 @@ HGPV_SRC="http://dev.gentoo.org/~tseng/kernel/hardened-patches-${KV_MAJOR}.${KV_ UNIPATCH_STRICTORDER="yes" UNIPATCH_EXCLUDE="1315_alpha" UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2 - ${DISTDIR}/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2" + ${DISTDIR}/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2 + ${FILESDIR}/hardened-dev-sources-2.6.7.CAN-2004-0816.patch" UNIPATCH_DOCS="${WORKDIR}/patches/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}/0000_README" DESCRIPTION="Hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" |