Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-kernel/uclinux-sources
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2004-10-21 18:26:55 +0000
committerTim Yamin <plasmaroo@gentoo.org>2004-10-21 18:26:55 +0000
commitca1e478f2abdddb9b65366271159ac074d389a65 (patch)
tree7b4ed65bb8b43d632d9ba83b1f4d3c1d1f89de67 /sys-kernel/uclinux-sources
parentVersion bump - closes bug #68278. Old version removed due to security issues,... (diff)
downloadgentoo-2-ca1e478f2abdddb9b65366271159ac074d389a65.tar.gz
gentoo-2-ca1e478f2abdddb9b65366271159ac074d389a65.tar.bz2
gentoo-2-ca1e478f2abdddb9b65366271159ac074d389a65.zip
Version bumped to address CAN-2004-0816; bug #68375.
Diffstat (limited to 'sys-kernel/uclinux-sources')
-rw-r--r--sys-kernel/uclinux-sources/ChangeLog9
-rw-r--r--sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r6 (renamed from sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r5)0
-rw-r--r--sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch43
-rw-r--r--sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild (renamed from sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r5.ebuild)3
4 files changed, 53 insertions, 2 deletions
diff --git a/sys-kernel/uclinux-sources/ChangeLog b/sys-kernel/uclinux-sources/ChangeLog
index 2b935e8f8a2b..250804f32f5d 100644
--- a/sys-kernel/uclinux-sources/ChangeLog
+++ b/sys-kernel/uclinux-sources/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-kernel/uclinux-sources
# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.18 2004/08/10 00:21:58 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.19 2004/10/21 18:26:55 plasmaroo Exp $
+
+*uclinux-sources-2.6.7_p0-r6 (21 Oct 2004)
+
+ 21 Oct 2004; <plasmaroo@gentoo.org> -uclinux-sources-2.6.7_p0-r5.ebuild,
+ +uclinux-sources-2.6.7_p0-r6.ebuild,
+ +files/uclinux-sources-2.6.CAN-2004-0816.patch:
+ Version bumped to address CAN-2004-0816; bug #68375.
*uclinux-sources-2.6.7_p0-r5 (10 Aug 2004)
diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r5 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r6
index 2f8ad3b4942c..2f8ad3b4942c 100644
--- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r5
+++ b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r6
diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch
new file mode 100644
index 000000000000..13a9ea2f5aa4
--- /dev/null
+++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch
@@ -0,0 +1,43 @@
+Subject: Prevent ICMP crash in netfilter logging
+From: Olaf Kirch <okir@suse.de>
+References: 46016
+
+This patch fixes a remotely triggerable crash in the netfilter code
+when looking at ICMP unreachables. It dies when trying to copy
+BIGNUM bytes...
+
+Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c 2004-02-19 11:36:37.000000000 +0100
++++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c 2004-09-24 15:48:54.000000000 +0200
+@@ -71,7 +71,7 @@
+ printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);
+
+ if ((info->logflags & IPT_LOG_IPOPT)
+- && iph.ihl * 4 != sizeof(struct iphdr)) {
++ && iph.ihl * 4 > sizeof(struct iphdr)) {
+ unsigned char opt[4 * 15 - sizeof(struct iphdr)];
+ unsigned int i, optsize;
+
+@@ -138,7 +138,7 @@
+ printk("URGP=%u ", ntohs(tcph.urg_ptr));
+
+ if ((info->logflags & IPT_LOG_TCPOPT)
+- && tcph.doff * 4 != sizeof(struct tcphdr)) {
++ && tcph.doff * 4 > sizeof(struct tcphdr)) {
+ unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
+ unsigned int i, optsize;
+
+Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:47:00.000000000 +0200
++++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:48:35.000000000 +0200
+@@ -188,7 +188,7 @@
+ printk("URGP=%u ", ntohs(tcph->urg_ptr));
+
+ if ((info->logflags & IP6T_LOG_TCPOPT)
+- && tcph->doff * 4 != sizeof(struct tcphdr)) {
++ && tcph->doff * 4 > sizeof(struct tcphdr)) {
+ unsigned int i;
+
+ /* Max length: 127 "OPT (" 15*4*2chars ") " */
diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r5.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild
index 3d8674d5f61b..45a52b61a43b 100644
--- a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r5.ebuild
+++ b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r5.ebuild,v 1.1 2004/08/10 00:21:58 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild,v 1.1 2004/10/21 18:26:55 plasmaroo Exp $
IUSE=""
@@ -46,6 +46,7 @@ src_unpack() {
epatch ${FILESDIR}/${PN}-2.6.IPTables-RDoS.patch || die "Failed to apply the IPTables RDoS security patch!"
epatch ${FILESDIR}/${PN}-2.6.ProcPerms.patch || die "Failed to apply the /proc permissions security patch!"
epatch ${FILESDIR}/${PN}-2.6.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
+ epatch ${FILESDIR}/${PN}-2.6.CAN-2004-0816.patch || die "Failed to apply the CAN-2004-0816 patch!"
set MY_ARCH=${ARCH}
unset ARCH