Added patches to address the security vulnerabilities in bugs #37292 and #37317.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-01-08 18:50:58 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-01-08 18:50:58 +0000
commit: 6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337 (patch)
tree: 826b005ef461f59408eb6d118ee885f48c0aaad9 /sys-kernel/ppc-sources
parent: Added patches to address the security vulnerabilities in bugs #37292 and #37317. (diff)
download: gentoo-2-6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337.tar.gz
gentoo-2-6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337.tar.bz2
gentoo-2-6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337.zip
6 files changed, 288 insertions, 3 deletions
diff --git a/sys-kernel/ppc-sources/ChangeLog b/sys-kernel/ppc-sources/ChangeLog
index b6d0bd89f75e..aa87cdd0d79d 100644
--- a/sys-kernel/ppc-sources/ChangeLog
+++ b/sys-kernel/ppc-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-kernel/ppc-sources
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ppc-sources/ChangeLog,v 1.33 2004/01/08 06:22:58 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ppc-sources/ChangeLog,v 1.34 2004/01/08 18:50:38 plasmaroo Exp $
+
+*ppc-sources-2.4.23-r1 (08 Jan 2004)
+
+  08 Jan 2004; <plasmaroo@gentoo.org> ppc-sources-2.4.23-r1.ebuild,
+  files/ppc-sources-2.4.23.CAN-2003-0985.patch,
+  files/ppc-sources-2.4.23.rtc_fix.patch:
+  Added patches to address the security vulnerabilities in bugs #37292 and
+  #37317.
 
   08 Jan 2004; Brian Jackson <iggy@gentoo.org> ppc-sources-2.4.19-r3.ebuild,
   ppc-sources-2.4.19-r4.ebuild, ppc-sources-2.4.19-r5.ebuild,
diff --git a/sys-kernel/ppc-sources/Manifest b/sys-kernel/ppc-sources/Manifest
index 73ec48c1ff22..3b46ae61ee65 100644
--- a/sys-kernel/ppc-sources/Manifest
+++ b/sys-kernel/ppc-sources/Manifest
@@ -1,6 +1,6 @@
 MD5 d37db3528f6b0dbd97bfa20445d3b405 ppc-sources-2.4.21-r2.ebuild 2296
 MD5 3eb8aa8dc939aec206b54ce23327e690 ppc-sources-2.4.22-r3.ebuild 1558
-MD5 eafec7467707aabab43f92f7821c0b31 ChangeLog 6578
+MD5 13eabeb9f8a256d878073de166b7496c ChangeLog 6583
 MD5 97d392b240106d997db8a43f8c85dda4 ppc-sources-2.4.20-r4.ebuild 1796
 MD5 a19258ab16aeeb0eeb4db4c76ad2d3a8 ppc-sources-2.4.23.ebuild 2728
 MD5 c82da7f4afb43d26dfecd57abf3db054 ppc-sources-2.4.19-r3.ebuild 3277
@@ -9,7 +9,7 @@ MD5 f978892f6d9dd3e70c979bf6f39e587e ppc-sources-2.4.20-r2.ebuild 1786
 MD5 fe945af4911b04acd2c0f473c7c64f35 metadata.xml 267
 MD5 a2662c3627acdf5de3051e84612ccc19 ppc-sources-2.4.19-r4.ebuild 3433
 MD5 e067af7bf5f5e3601087820c4396f186 ppc-sources-2.4.22-r2.ebuild 1546
-MD5 89e38390f32c12bccc25aa9561672b3e ppc-sources-2.4.23-r1.ebuild 2986
+MD5 7239e3446cc8bd358cc2d4a7310b9d1f ppc-sources-2.4.23-r1.ebuild 2994
 MD5 e953754cd19954d599b33d19b88bd8b9 ppc-sources-2.4.22-r1.ebuild 1638
 MD5 03e6bd9e5b006cf33107865925e24d8d ppc-sources-2.4.20-r1.ebuild 3111
 MD5 22c490110a93d6c863712bc726399b94 ppc-sources-2.4.19-r6.ebuild 3266
diff --git a/sys-kernel/ppc-sources/files/digest-ppc-sources-2.4.23-r1 b/sys-kernel/ppc-sources/files/digest-ppc-sources-2.4.23-r1
new file mode 100644
index 000000000000..8d5631b3e2c7
--- /dev/null
+++ b/sys-kernel/ppc-sources/files/digest-ppc-sources-2.4.23-r1
@@ -0,0 +1,2 @@
+MD5 642af5ab5e1fc63685fde85e9ae601e4 linux-2.4.23.tar.bz2 29832609
+MD5 b58c1dcf48922ea184e5506dc6efebda patch-2.4.23-benh0.bz2 213844
diff --git a/sys-kernel/ppc-sources/files/ppc-sources-2.4.23.CAN-2003-0985.patch b/sys-kernel/ppc-sources/files/ppc-sources-2.4.23.CAN-2003-0985.patch
new file mode 100644
index 000000000000..dacf6ed810f9
--- /dev/null
+++ b/sys-kernel/ppc-sources/files/ppc-sources-2.4.23.CAN-2003-0985.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig	2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c	2004-01-05 17:15:25.689749848 +0000
+@@ -315,6 +315,10 @@
+ 	old_len = PAGE_ALIGN(old_len);
+ 	new_len = PAGE_ALIGN(new_len);
+ 
++	/* Don't allow the degenerate cases */
++	if (!old_len || !new_len)
++		goto out;
++
+ 	/* new_addr is only valid if MREMAP_FIXED is specified */
+ 	if (flags & MREMAP_FIXED) {
+ 		if (new_addr & ~PAGE_MASK)
diff --git a/sys-kernel/ppc-sources/files/ppc-sources-2.4.23.rtc_fix.patch b/sys-kernel/ppc-sources/files/ppc-sources-2.4.23.rtc_fix.patch
new file mode 100644
index 000000000000..76a663c6e89d
--- /dev/null
+++ b/sys-kernel/ppc-sources/files/ppc-sources-2.4.23.rtc_fix.patch
@@ -0,0 +1,180 @@
+diff -urN linux-2.4.23/arch/cris/drivers/ds1302.c linux-2.4.24/arch/cris/drivers/ds1302.c
+--- linux-2.4.23/arch/cris/drivers/ds1302.c	2003-08-25 04:44:39.000000000 -0700
++++ linux-2.4.24/arch/cris/drivers/ds1302.c	2004-01-05 05:53:56.000000000 -0800
+@@ -346,6 +346,7 @@
+ 		{
+ 			struct rtc_time rtc_tm;
+ 						
++			memset(&rtc_tm, 0, sizeof (struct rtc_time));
+ 			get_rtc_time(&rtc_tm);						
+ 			if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+ 				return -EFAULT;	
+diff -urN linux-2.4.23/arch/cris/drivers/pcf8563.c linux-2.4.24/arch/cris/drivers/pcf8563.c
+--- linux-2.4.23/arch/cris/drivers/pcf8563.c	2003-08-25 04:44:39.000000000 -0700
++++ linux-2.4.24/arch/cris/drivers/pcf8563.c	2004-01-05 05:53:56.000000000 -0800
+@@ -220,6 +220,7 @@
+ 		{
+ 			struct rtc_time tm;
+ 
++			memset(&tm, 0, sizeof (struct rtc_time));
+ 			get_rtc_time(&tm);
+ 
+ 			if (copy_to_user((struct rtc_time *) arg, &tm, sizeof tm)) {
+diff -urN linux-2.4.23/arch/m68k/bvme6000/rtc.c linux-2.4.24/arch/m68k/bvme6000/rtc.c
+--- linux-2.4.23/arch/m68k/bvme6000/rtc.c	2003-06-13 07:51:31.000000000 -0700
++++ linux-2.4.24/arch/m68k/bvme6000/rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -54,6 +54,7 @@
+ 		/* Ensure clock and real-time-mode-register are accessible */
+ 		msr = rtc->msr & 0xc0;
+ 		rtc->msr = 0x40;
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		do {
+ 			wtime.tm_sec =  BCD2BIN(rtc->bcd_sec);
+ 			wtime.tm_min =  BCD2BIN(rtc->bcd_min);
+diff -urN linux-2.4.23/arch/m68k/mvme16x/rtc.c linux-2.4.24/arch/m68k/mvme16x/rtc.c
+--- linux-2.4.23/arch/m68k/mvme16x/rtc.c	2003-06-13 07:51:31.000000000 -0700
++++ linux-2.4.24/arch/m68k/mvme16x/rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -52,6 +52,7 @@
+ 		cli();
+ 		/* Ensure clock and real-time-mode-register are accessible */
+ 		rtc->ctrl = RTC_READ;
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		wtime.tm_sec =  BCD2BIN(rtc->bcd_sec);
+ 		wtime.tm_min =  BCD2BIN(rtc->bcd_min);
+ 		wtime.tm_hour = BCD2BIN(rtc->bcd_hr);
+diff -urN linux-2.4.23/arch/ppc64/kernel/rtc.c linux-2.4.24/arch/ppc64/kernel/rtc.c
+--- linux-2.4.23/arch/ppc64/kernel/rtc.c	2003-06-13 07:51:32.000000000 -0700
++++ linux-2.4.24/arch/ppc64/kernel/rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -96,6 +96,7 @@
+ 	switch (cmd) {
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		ppc_md.get_rtc_time(&wtime);
+ 		break;
+ 	}
+diff -urN linux-2.4.23/drivers/acorn/char/i2c.c linux-2.4.24/drivers/acorn/char/i2c.c
+--- linux-2.4.23/drivers/acorn/char/i2c.c	2003-08-25 04:44:40.000000000 -0700
++++ linux-2.4.24/drivers/acorn/char/i2c.c	2004-01-05 05:53:56.000000000 -0800
+@@ -166,6 +166,7 @@
+ 		break;
+ 
+ 	case RTC_RD_TIME:
++		memset(&rtctm, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&rtc_raw, &year);
+ 		rtctm.tm_sec  = rtc_raw.secs;
+ 		rtctm.tm_min  = rtc_raw.mins;
+diff -urN linux-2.4.23/drivers/char/ds1286.c linux-2.4.24/drivers/char/ds1286.c
+--- linux-2.4.23/drivers/char/ds1286.c	2003-08-25 04:44:41.000000000 -0700
++++ linux-2.4.24/drivers/char/ds1286.c	2004-01-05 05:53:56.000000000 -0800
+@@ -173,7 +173,7 @@
+ 		 * means "don't care" or "match all". Only the tm_hour,
+ 		 * tm_min, and tm_sec values are filled in.
+ 		 */
+-
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		ds1286_get_alm_time(&wtime);
+ 		break;
+ 	}
+@@ -216,6 +216,7 @@
+ 	}
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		ds1286_get_time(&wtime);
+ 		break;
+ 	}
+diff -urN linux-2.4.23/drivers/char/efirtc.c linux-2.4.24/drivers/char/efirtc.c
+--- linux-2.4.23/drivers/char/efirtc.c	2003-06-13 07:51:32.000000000 -0700
++++ linux-2.4.24/drivers/char/efirtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -118,6 +118,7 @@
+ static void
+ convert_from_efi_time(efi_time_t *eft, struct rtc_time *wtime)
+ {
++	memset(wtime, 0, sizeof(struct rtc_time));
+ 	wtime->tm_sec  = eft->second;
+ 	wtime->tm_min  = eft->minute;
+ 	wtime->tm_hour = eft->hour;
+diff -urN linux-2.4.23/drivers/char/ip27-rtc.c linux-2.4.24/drivers/char/ip27-rtc.c
+--- linux-2.4.23/drivers/char/ip27-rtc.c	2003-08-25 04:44:41.000000000 -0700
++++ linux-2.4.24/drivers/char/ip27-rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -83,6 +83,7 @@
+ 	switch (cmd) {
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&wtime);
+ 		break;
+ 	}
+diff -urN linux-2.4.23/drivers/char/mips_rtc.c linux-2.4.24/drivers/char/mips_rtc.c
+--- linux-2.4.23/drivers/char/mips_rtc.c	2003-08-25 04:44:41.000000000 -0700
++++ linux-2.4.24/drivers/char/mips_rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -82,6 +82,7 @@
+ 
+ 	switch (cmd) {
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC  */
++		memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 		curr_time = rtc_get_time();
+ 		to_tm(curr_time, &rtc_tm);
+ 		rtc_tm.tm_year -= 1900;
+diff -urN linux-2.4.23/drivers/char/rtc.c linux-2.4.24/drivers/char/rtc.c
+--- linux-2.4.23/drivers/char/rtc.c	2003-11-28 10:26:20.000000000 -0800
++++ linux-2.4.24/drivers/char/rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -362,7 +362,7 @@
+ 		 * means "don't care" or "match all". Only the tm_hour,
+ 		 * tm_min, and tm_sec values are filled in.
+ 		 */
+-
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_alm_time(&wtime);
+ 		break; 
+ 	}
+@@ -406,6 +406,7 @@
+ 	}
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&wtime);
+ 		break;
+ 	}
+diff -urN linux-2.4.23/drivers/hil/hp_sdc_rtc.c linux-2.4.24/drivers/hil/hp_sdc_rtc.c
+--- linux-2.4.23/drivers/hil/hp_sdc_rtc.c	2003-06-13 07:51:33.000000000 -0700
++++ linux-2.4.24/drivers/hil/hp_sdc_rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -561,6 +561,7 @@
+         }
+         case RTC_ALM_READ:      /* Read the present alarm time */
+         {
++		memset(&ttime, 0, sizeof(struct timeval));
+ 		if (hp_sdc_rtc_read_mt(&ttime)) return -EFAULT;
+                 break;
+         }
+@@ -609,6 +610,7 @@
+         }
+         case RTC_RD_TIME:       /* Read the time/date from RTC  */
+         {
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		if (hp_sdc_rtc_read_bbrtc(&wtime)) return -EFAULT;
+                 break;
+         }
+diff -urN linux-2.4.23/drivers/macintosh/rtc.c linux-2.4.24/drivers/macintosh/rtc.c
+--- linux-2.4.23/drivers/macintosh/rtc.c	2002-02-25 11:37:58.000000000 -0800
++++ linux-2.4.24/drivers/macintosh/rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -64,6 +64,7 @@
+ 	case RTC_RD_TIME:
+ 		if (ppc_md.get_rtc_time)
+ 		{
++			memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 			get_rtc_time(&rtc_tm);
+ 
+ 			if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+diff -urN linux-2.4.23/drivers/sbus/char/rtc.c linux-2.4.24/drivers/sbus/char/rtc.c
+--- linux-2.4.23/drivers/sbus/char/rtc.c	2001-10-10 23:42:47.000000000 -0700
++++ linux-2.4.24/drivers/sbus/char/rtc.c	2004-01-05 05:53:56.000000000 -0800
+@@ -89,6 +89,7 @@
+ 	switch (cmd)
+ 	{
+ 	case RTCGET:
++		memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&rtc_tm);
+ 
+ 		if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
diff --git a/sys-kernel/ppc-sources/ppc-sources-2.4.23-r1.ebuild b/sys-kernel/ppc-sources/ppc-sources-2.4.23-r1.ebuild
new file mode 100644
index 000000000000..2b8af4272a49
--- /dev/null
+++ b/sys-kernel/ppc-sources/ppc-sources-2.4.23-r1.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ppc-sources/ppc-sources-2.4.23-r1.ebuild,v 1.1 2004/01/08 18:50:38 plasmaroo Exp $
+
+# Whats in this kernel?
+#
+# Includes
+#
+# In addition to the standard feature set of kernel.org's 2.4.23, this
+# tree includes fixes/updates that didn't make it into 2.4.23, including all
+# of what was present as of 2.4.22-ben2. Some of the major additions are:
+#
+# - G5 support (though 2.6 is recommended on G5s anyway)
+# - Laptop mode patch (Jens Axboe). See Documentation/laptop_mode.sh script
+# - Andrea Arcangeli's silent-stack-overflow patch
+# - CPU Frequency switching support on some laptops
+# - Support for UniNorth AGP in the agpgart driver
+# - Support for blinking the laptop LED on internal HD activity
+# - Improved support for lba48 capable disks (Jens Axboe)
+# - Updated rivafb with support for more cards & eMac
+# - Updated sungem driver, supports more chips & recent PHYs
+# - Updated dmasound driver to support tumbler & snapper
+# - Add reporting of OF device path of IDE interfaces in /proc/ide
+# - Fixes for CompactFlash cards
+# - Fixes to vmlinux.coff oldworld wrapper
+# - Better TB sync code for 2 CPU machines from Samuel Rydth
+# - Hardware TB sync on core99 (dual G4s)
+# - Initial support for iBook G4
+# - Fix for Promise IDE controller on Xserve's
+
+IUSE=""
+
+ETYPE="sources"
+inherit kernel
+
+# OKV=original kernel version, KV=patched kernel version.  They can be the same.
+OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`"
+
+EXTRAVERSION="-${PN/-*/}"
+[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}"
+KV="${OKV}${EXTRAVERSION}"
+
+S=${WORKDIR}/linux-${KV}
+
+MY_R=`echo $PR | sed "s:r:benh:g" | sed "s:1:0:"`
+
+DESCRIPTION="PowerPC kernel tree based on benh's patches, -r corresponds to ben{r} versioning"
+SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2
+	 http://www.kernel.org/pub/linux/kernel/people/benh/patch-${OKV}-${MY_R}.bz2"
+HOMEPAGE="http://www.kernel.org/pub/linux/kernel/people/benh/"
+KEYWORDS="-x86 ~ppc -sparc -alpha"
+PROVIDE="virtual/linux-sources"
+LICENSE="GPL-2"
+SLOT="${KV}"
+DEPEND=">=sys-devel/binutils-2.11.90.0.31"
+RDEPEND=">=sys-libs/ncurses-5.2 dev-lang/perl virtual/modutils sys-devel/make"
+
+src_unpack() {
+	unpack ${A}
+	mv linux-${OKV} ${PF} || die
+
+	cd ${PF}
+	patch -p1 < ${WORKDIR}/patch-${OKV}-${MY_R} || die "patch failed"
+
+	epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch do_brk() vulnerability!"
+	epatch ${FILESDIR}/${P}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+	epatch ${FILESDIR}/${P}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
+
+	use xfs && ( ewarn "XFS is no longer included!" )
+
+	EXTRAVERSION="-ben${PR/r1/0}-${PR}" && kernel_universal_unpack
+}
+
+src_install() {
+
+	dodir /usr/src
+	cd ${S}
+	rm ${WORKDIR}/patch-${OKV}-${MY_R}
+	echo ">>> Copying sources..."
+	mv ${WORKDIR}/* ${D}/usr/src
+
+}
author	Tim Yamin <plasmaroo@gentoo.org>	2004-01-08 18:50:58 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-01-08 18:50:58 +0000
commit	6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337 (patch)
tree	826b005ef461f59408eb6d118ee885f48c0aaad9 /sys-kernel/ppc-sources
parent	Added patches to address the security vulnerabilities in bugs #37292 and #37317. (diff)
download	gentoo-2-6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337.tar.gz gentoo-2-6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337.tar.bz2 gentoo-2-6e3ad9fa9a65e88fc5c3557262b6a0ae19b09337.zip