summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2004-04-17 12:02:54 +0000
committerTim Yamin <plasmaroo@gentoo.org>2004-04-17 12:02:54 +0000
commit10307796087406f3f0b82d93a5e029c0a7010e8a (patch)
tree607bfae3cf4b62813624b3823463911db0bfe8cf /sys-kernel/pac-sources
parentnew alpha version (Manifest recommit) (Manifest recommit) (diff)
downloadgentoo-2-10307796087406f3f0b82d93a5e029c0a7010e8a.tar.gz
gentoo-2-10307796087406f3f0b82d93a5e029c0a7010e8a.tar.bz2
gentoo-2-10307796087406f3f0b82d93a5e029c0a7010e8a.zip
Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178 vulnerabilities.
Diffstat (limited to 'sys-kernel/pac-sources')
-rw-r--r--sys-kernel/pac-sources/ChangeLog11
-rw-r--r--sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r5 (renamed from sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r4)0
-rw-r--r--sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch200
-rw-r--r--sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch10
-rw-r--r--sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch11
-rw-r--r--sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild (renamed from sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild)10
6 files changed, 237 insertions, 5 deletions
diff --git a/sys-kernel/pac-sources/ChangeLog b/sys-kernel/pac-sources/ChangeLog
index 23adbe7a8190..a00abc9955af 100644
--- a/sys-kernel/pac-sources/ChangeLog
+++ b/sys-kernel/pac-sources/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for sys-kernel/pac-sources
# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/ChangeLog,v 1.5 2004/04/15 09:33:16 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/ChangeLog,v 1.6 2004/04/17 12:02:54 plasmaroo Exp $
+
+*pac-sources-2.4.23-r5 (17 Apr 2004)
+
+ 17 Apr 2004; <plasmaroo@gentoo.org> +files/pac-sources.CAN-2004-0010.patch,
+ +files/pac-sources.CAN-2004-0177.patch,
+ +files/pac-sources.CAN-2004-0178.patch, -pac-sources-2.4.23-r4.ebuild,
+ +pac-sources-2.4.23-r5.ebuild:
+ Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
+ vulnerabilities. Old revision removed.
*pac-sources-2.4.23-r4 (15 Apr 2004)
diff --git a/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r4 b/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r5
index 75e05aae1086..75e05aae1086 100644
--- a/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r4
+++ b/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r5
diff --git a/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch
new file mode 100644
index 000000000000..6b4b1cefa49e
--- /dev/null
+++ b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch
@@ -0,0 +1,200 @@
+diff -urN linux-2.4.25-pre6/fs/ncpfs/dir.c linux-2.4.25-pre7/fs/ncpfs/dir.c
+--- linux-2.4.25-pre6/fs/ncpfs/dir.c 2002-11-28 15:53:15.000000000 -0800
++++ linux-2.4.25-pre7/fs/ncpfs/dir.c 2004-01-23 10:53:26.000000000 -0800
+@@ -266,8 +266,8 @@
+ struct ncp_server *server;
+ struct inode *dir = dentry->d_parent->d_inode;
+ struct ncp_entry_info finfo;
+- int res, val = 0, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int res, val = 0, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ if (!dentry->d_inode || !dir)
+ goto finished;
+@@ -291,14 +291,15 @@
+ dentry->d_parent->d_name.name, dentry->d_name.name,
+ NCP_GET_AGE(dentry));
+
++ len = sizeof(__name);
+ if (ncp_is_server_root(dir)) {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, 1);
++ dentry->d_name.len, 1);
+ if (!res)
+ res = ncp_lookup_volume(server, __name, &(finfo.i));
+ } else {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (!res)
+ res = ncp_obtain_info(server, dir, __name, &(finfo.i));
+ }
+@@ -548,9 +549,9 @@
+ int valid = 0;
+ int hashed = 0;
+ ino_t ino = 0;
+- __u8 __name[256];
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+- qname.len = 256;
++ qname.len = sizeof(__name);
+ if (ncp_vol2io(NCP_SERVER(inode), __name, &qname.len,
+ entry->i.entryName, entry->i.nameLen,
+ !ncp_preserve_entry_case(inode, entry->i.NSCreator)))
+@@ -705,16 +706,19 @@
+ {
+ struct ncp_server* server = NCP_SBP(sb);
+ struct nw_info_struct i;
+- int result, len = strlen(server->m.mounted_vol) + 1;
+- __u8 __name[len];
++ int result;
+
+ if (ncp_single_volume(server)) {
++ int len;
+ struct dentry* dent;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+- result = -ENOENT;
+- if (ncp_io2vol(server, __name, &len, server->m.mounted_vol,
+- len-1, 1))
++ len = sizeof(__name);
++ result = ncp_io2vol(server, __name, &len, server->m.mounted_vol,
++ strlen(server->m.mounted_vol), 1);
++ if (result)
+ goto out;
++ result = -ENOENT;
+ if (ncp_lookup_volume(server, __name, &i)) {
+ PPRINTK("ncp_conn_logged_in: %s not found\n",
+ server->m.mounted_vol);
+@@ -745,8 +749,8 @@
+ struct ncp_server *server = NCP_SERVER(dir);
+ struct inode *inode = NULL;
+ struct ncp_entry_info finfo;
+- int error, res, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int error, res, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ error = -EIO;
+ if (!ncp_conn_valid(server))
+@@ -755,14 +759,15 @@
+ PPRINTK("ncp_lookup: server lookup for %s/%s\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name);
+
++ len = sizeof(__name);
+ if (ncp_is_server_root(dir)) {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, 1);
++ dentry->d_name.len, 1);
+ if (!res)
+ res = ncp_lookup_volume(server, __name, &(finfo.i));
+ } else {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (!res)
+ res = ncp_obtain_info(server, dir, __name, &(finfo.i));
+ }
+@@ -825,9 +830,9 @@
+ {
+ struct ncp_server *server = NCP_SERVER(dir);
+ struct ncp_entry_info finfo;
+- int error, result, len = dentry->d_name.len + 1;
++ int error, result, len;
+ int opmode;
+- __u8 __name[len];
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name, mode);
+@@ -836,8 +841,9 @@
+ goto out;
+
+ ncp_age_dentry(server, dentry);
++ len = sizeof(__name);
+ error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (error)
+ goto out;
+
+@@ -880,8 +886,8 @@
+ {
+ struct ncp_entry_info finfo;
+ struct ncp_server *server = NCP_SERVER(dir);
+- int error, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int error, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ DPRINTK("ncp_mkdir: making %s/%s\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name);
+@@ -890,8 +896,9 @@
+ goto out;
+
+ ncp_age_dentry(server, dentry);
++ len = sizeof(__name);
+ error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (error)
+ goto out;
+
+@@ -909,8 +916,8 @@
+ static int ncp_rmdir(struct inode *dir, struct dentry *dentry)
+ {
+ struct ncp_server *server = NCP_SERVER(dir);
+- int error, result, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int error, result, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ DPRINTK("ncp_rmdir: removing %s/%s\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name);
+@@ -923,8 +930,9 @@
+ if (!d_unhashed(dentry))
+ goto out;
+
++ len = sizeof(__name);
+ error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (error)
+ goto out;
+
+@@ -1022,9 +1030,8 @@
+ {
+ struct ncp_server *server = NCP_SERVER(old_dir);
+ int error;
+- int old_len = old_dentry->d_name.len + 1;
+- int new_len = new_dentry->d_name.len + 1;
+- __u8 __old_name[old_len], __new_name[new_len];
++ int old_len, new_len;
++ __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1];
+
+ DPRINTK("ncp_rename: %s/%s to %s/%s\n",
+ old_dentry->d_parent->d_name.name, old_dentry->d_name.name,
+@@ -1037,15 +1044,17 @@
+ ncp_age_dentry(server, old_dentry);
+ ncp_age_dentry(server, new_dentry);
+
++ old_len = sizeof(__old_name);
+ error = ncp_io2vol(server, __old_name, &old_len,
+- old_dentry->d_name.name, old_len-1,
+- !ncp_preserve_case(old_dir));
++ old_dentry->d_name.name, old_dentry->d_name.len,
++ !ncp_preserve_case(old_dir));
+ if (error)
+ goto out;
+
++ new_len = sizeof(__new_name);
+ error = ncp_io2vol(server, __new_name, &new_len,
+- new_dentry->d_name.name, new_len-1,
+- !ncp_preserve_case(new_dir));
++ new_dentry->d_name.name, new_dentry->d_name.len,
++ !ncp_preserve_case(new_dir));
+ if (error)
+ goto out;
+
+
diff --git a/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch
new file mode 100644
index 000000000000..da6b7e190685
--- /dev/null
+++ b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch
@@ -0,0 +1,10 @@
+--- linux-2.4.26-pre3/fs/jbd/journal.c 2004-02-18 05:36:31.000000000 -0800
++++ linux-2.4.26-pre4/fs/jbd/journal.c 2004-03-16 09:59:36.000000000 -0800
+@@ -671,6 +671,7 @@
+
+ bh = getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ lock_buffer(bh);
++ memset(bh->b_data, 0, journal->j_blocksize);
+ BUFFER_TRACE(bh, "return this buffer");
+ return journal_add_journal_head(bh);
+ }
diff --git a/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch
new file mode 100644
index 000000000000..19e57268c2fa
--- /dev/null
+++ b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch
@@ -0,0 +1,11 @@
+--- linux-2.4.26-pre2/drivers/sound/sb_audio.c 2002-02-25 11:38:06.000000000 -0800
++++ linux-2.4.26-pre3/drivers/sound/sb_audio.c 2004-03-13 07:43:23.000000000 -0800
+@@ -879,7 +879,7 @@
+ c -= locallen; p += locallen;
+ }
+ /* used = ( samples * 16 bits size ) */
+- *used = len << 1;
++ *used = max_in > ( max_out << 1) ? (max_out << 1) : max_in;
+ /* returned = ( samples * 8 bits size ) */
+ *returned = len;
+ }
diff --git a/sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild b/sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild
index cf04f7382e71..bbeef010c47d 100644
--- a/sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild
+++ b/sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild,v 1.2 2004/04/15 10:03:51 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild,v 1.1 2004/04/17 12:02:54 plasmaroo Exp $
IUSE="build"
@@ -57,10 +57,12 @@ src_unpack() {
fi
bzcat ${DISTDIR}/patch-${KV}.bz2|patch -p1 || die "-pac patch failed"
- epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
- epatch ${FILESDIR}/${PN}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!"
epatch ${FILESDIR}/${PN}.munmap.patch || die "Failed to apply munmap patch!"
epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
-
+ epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+ epatch ${FILESDIR}/${PN}.CAN-2004-0010.patch || die "Failed to add the CAN-2004-0010 patch!"
+ epatch ${FILESDIR}/${PN}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!"
+ epatch ${FILESDIR}/${PN}.CAN-2004-0177.patch || die "Failed to add the CAN-2004-0177 patch!"
+ epatch ${FILESDIR}/${PN}.CAN-2004-0178.patch || die "Failed to add the CAN-2004-0178 patch!"
kernel_universal_unpack
}