summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoshua Brindle <method@gentoo.org>2004-11-01 14:03:44 +0000
committerJoshua Brindle <method@gentoo.org>2004-11-01 14:03:44 +0000
commit528fee913572c9cc034e5a8025a8744fa55505b5 (patch)
treeaab8491cd3c6c0dce41811640c1ce0ff76bd2873 /sys-kernel/hardened-dev-sources
parent[5~add security fix on 64bit platforms, bug #69662 (Manifest recommit) (diff)
downloadgentoo-2-528fee913572c9cc034e5a8025a8744fa55505b5.tar.gz
gentoo-2-528fee913572c9cc034e5a8025a8744fa55505b5.tar.bz2
gentoo-2-528fee913572c9cc034e5a8025a8744fa55505b5.zip
version bump for CAN-2004-0816
Diffstat (limited to 'sys-kernel/hardened-dev-sources')
-rw-r--r--sys-kernel/hardened-dev-sources/ChangeLog9
-rw-r--r--sys-kernel/hardened-dev-sources/Manifest11
-rw-r--r--sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r10 (renamed from sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r9)0
-rw-r--r--sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch44
-rw-r--r--sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild (renamed from sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild)5
5 files changed, 62 insertions, 7 deletions
diff --git a/sys-kernel/hardened-dev-sources/ChangeLog b/sys-kernel/hardened-dev-sources/ChangeLog
index 84943e802d5e..a4e4b566c4a6 100644
--- a/sys-kernel/hardened-dev-sources/ChangeLog
+++ b/sys-kernel/hardened-dev-sources/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-kernel/hardened-dev-sources
# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.40 2004/10/16 19:15:51 method Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.41 2004/11/01 14:03:44 method Exp $
+
+*hardened-dev-sources-2.6.7-r10 (01 Nov 2004)
+
+ 01 Nov 2004; Joshua Brindle <method@gentoo.org>
+ hardened-dev-sources-2.6.7-r10.ebuild, hardened-dev-sources-2.6.7-r9.ebuild,
+ files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch:
+ Add CAN-2004-0816 iptables patch
*hardened-dev-sources-2.6.7-r9 (16 Oct 2004)
diff --git a/sys-kernel/hardened-dev-sources/Manifest b/sys-kernel/hardened-dev-sources/Manifest
index c3ef914d4252..1331e966fbb1 100644
--- a/sys-kernel/hardened-dev-sources/Manifest
+++ b/sys-kernel/hardened-dev-sources/Manifest
@@ -1,9 +1,12 @@
-MD5 daa20bf7db5ecf989bdc9af98c9865fe ChangeLog 6863
-MD5 6ceac5877bbf8ffb6523d3d671031b73 hardened-dev-sources-2.6.7-r7.ebuild 1089
-MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092
MD5 acc96490301c95a056b351e566342103 hardened-dev-sources-2.6.7-r9.ebuild 1085
+MD5 82fb2e488cf74ed7bdb51f1f521c1fe4 hardened-dev-sources-2.6.7-r8.ebuild 1092
+MD5 90036b29f8c2adb1ac2814c79a8eb489 hardened-dev-sources-2.6.7-r10.ebuild 1158
+MD5 daa20bf7db5ecf989bdc9af98c9865fe ChangeLog 6863
MD5 73174f8e07b82c5df563b7196f87611c metadata.xml 299
+MD5 6ceac5877bbf8ffb6523d3d671031b73 hardened-dev-sources-2.6.7-r7.ebuild 1089
+MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r10 219
+MD5 bc48c226344f94535c3ba2e0ce55bf24 files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch 1694
+MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033
MD5 efbbfbed471c50333a8c2fd2f2b0b061 files/digest-hardened-dev-sources-2.6.7-r7 219
MD5 0f763833ebbcbf0f2a8ac151454c3b29 files/digest-hardened-dev-sources-2.6.7-r8 219
MD5 8add7d7ef69d9ff384b7d4f5a0356cc3 files/digest-hardened-dev-sources-2.6.7-r9 219
-MD5 8204afea1d572b49a4a80d8da4eef0c9 files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch 1033
diff --git a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r9 b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r10
index 3ac31c5a42bf..3ac31c5a42bf 100644
--- a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r9
+++ b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.7-r10
diff --git a/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch b/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch
new file mode 100644
index 000000000000..2cf3599efc47
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch
@@ -0,0 +1,44 @@
+Subject: Prevent ICMP crash in netfilter logging
+From: Olaf Kirch <okir@suse.de>
+References: 46016
+
+This patch fixes a remotely triggerable crash in the netfilter code
+when looking at ICMP unreachables. It dies when trying to copy
+BIGNUM bytes...
+
+Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c 2004-02-19 11:36:37.000000000 +0100
++++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c 2004-09-24 15:48:54.000000000 +0200
+@@ -71,7 +71,7 @@
+ printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);
+
+ if ((info->logflags & IPT_LOG_IPOPT)
+- && iph.ihl * 4 != sizeof(struct iphdr)) {
++ && iph.ihl * 4 > sizeof(struct iphdr)) {
+ unsigned char opt[4 * 15 - sizeof(struct iphdr)];
+ unsigned int i, optsize;
+
+@@ -138,7 +138,7 @@
+ printk("URGP=%u ", ntohs(tcph.urg_ptr));
+
+ if ((info->logflags & IPT_LOG_TCPOPT)
+- && tcph.doff * 4 != sizeof(struct tcphdr)) {
++ && tcph.doff * 4 > sizeof(struct tcphdr)) {
+ unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
+ unsigned int i, optsize;
+
+Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:47:00.000000000 +0200
++++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:48:35.000000000 +0200
+@@ -188,7 +188,7 @@
+ printk("URGP=%u ", ntohs(tcph->urg_ptr));
+
+ if ((info->logflags & IP6T_LOG_TCPOPT)
+- && tcph->doff * 4 != sizeof(struct tcphdr)) {
++ && tcph->doff * 4 > sizeof(struct tcphdr)) {
+ unsigned int i;
+
+ /* Max length: 127 "OPT (" 15*4*2chars ") " */
+
diff --git a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild
index f0c000249998..e174101a2430 100644
--- a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild
+++ b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r9.ebuild,v 1.2 2004/10/31 04:18:43 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.7-r10.ebuild,v 1.1 2004/11/01 14:03:44 method Exp $
IUSE=""
ETYPE="sources"
@@ -17,7 +17,8 @@ HGPV_SRC="http://dev.gentoo.org/~tseng/kernel/hardened-patches-${KV_MAJOR}.${KV_
UNIPATCH_STRICTORDER="yes"
UNIPATCH_EXCLUDE="1315_alpha"
UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2
- ${DISTDIR}/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2"
+ ${DISTDIR}/genpatches-${KV_MAJOR}.${KV_MINOR}-${GPV}-base.tar.bz2
+ ${FILESDIR}/hardened-dev-sources-2.6.7.CAN-2004-0816.patch"
UNIPATCH_DOCS="${WORKDIR}/patches/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}/0000_README"
DESCRIPTION="Hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"