From 3703edd536023a0ef59466190c8442472b3da170 Mon Sep 17 00:00:00 2001
From: Guillaume Destuynder <kang@gentoo.org>
Date: Tue, 10 Aug 2004 10:01:50 +0000
Subject: Fixes #59905, cmdline security bug

---
 sys-kernel/rsbac-dev-sources/ChangeLog             |  9 ++++-
 sys-kernel/rsbac-dev-sources/Manifest              |  7 ++--
 .../rsbac-dev-sources/files/2.6.7-cmdline.patch    | 11 ++++++
 .../files/digest-rsbac-dev-sources-2.6.7-r4        |  4 --
 .../files/digest-rsbac-dev-sources-2.6.7-r5        |  4 ++
 .../rsbac-dev-sources-2.6.7-r4.ebuild              | 45 ---------------------
 .../rsbac-dev-sources-2.6.7-r5.ebuild              | 46 ++++++++++++++++++++++
 7 files changed, 73 insertions(+), 53 deletions(-)
 create mode 100644 sys-kernel/rsbac-dev-sources/files/2.6.7-cmdline.patch
 delete mode 100644 sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r4
 create mode 100644 sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r5
 delete mode 100644 sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r4.ebuild
 create mode 100644 sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild

(limited to 'sys-kernel/rsbac-dev-sources')

diff --git a/sys-kernel/rsbac-dev-sources/ChangeLog b/sys-kernel/rsbac-dev-sources/ChangeLog
index 62b0ac42b902..899d7b0a7c31 100644
--- a/sys-kernel/rsbac-dev-sources/ChangeLog
+++ b/sys-kernel/rsbac-dev-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-kernel/rsbac-dev-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.9 2004/08/05 01:44:37 kang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.10 2004/08/10 10:01:50 kang Exp $
+
+*rsbac-dev-sources-2.6.7-r5 (10 Aug 2004)
+
+  10 Aug 2004; Guillaume Destuynder <kang@gentoo.org>
+  -rsbac-dev-sources-2.6.7-r4.ebuild,
+  +rsbac-dev-sources-2.6.7-r5.ebuild:
+  Fixes #59905 - cmdline security bug
 
 *rsbac-dev-sources-2.6.7-r4 (05 Aug 2004)
 
diff --git a/sys-kernel/rsbac-dev-sources/Manifest b/sys-kernel/rsbac-dev-sources/Manifest
index 87ec45193041..ad23ac3bdc73 100644
--- a/sys-kernel/rsbac-dev-sources/Manifest
+++ b/sys-kernel/rsbac-dev-sources/Manifest
@@ -1,8 +1,9 @@
 MD5 fee9abc7797fef753c42454679bae9a7 metadata.xml 456
-MD5 26dcc385a147182bccc4b9215cd07f8c rsbac-dev-sources-2.6.7-r4.ebuild 1554
-MD5 d5d26591a5ec7223a12f97fa2b7ebaf3 ChangeLog 2657
+MD5 56ff3e024168afffdde71a8420b7cc6a rsbac-dev-sources-2.6.7-r5.ebuild 1588
+MD5 104e35b5988880349c8790288c154f2c ChangeLog 2869
 MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-dev-sources-v1.2.3-3.patch 557
 MD5 6451bd210935a3978fd3a3edac673591 files/rsbac-dev-sources-iptables-dos.patch 389
 MD5 b6e38b41c8a79943df2ab2642149d06f files/rsbac-dev-sources-CAN-2004-0497.patch 2214
 MD5 f0e12ba218f53c2694a91259bdc2fdc7 files/rsbac-dev-sources-CAN-2004-0596.patch 494
-MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r4 281
+MD5 706d7794a822074aaf31502d7a7e48d3 files/2.6.7-cmdline.patch 455
+MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r5 281
diff --git a/sys-kernel/rsbac-dev-sources/files/2.6.7-cmdline.patch b/sys-kernel/rsbac-dev-sources/files/2.6.7-cmdline.patch
new file mode 100644
index 000000000000..3f0edd1b1af8
--- /dev/null
+++ b/sys-kernel/rsbac-dev-sources/files/2.6.7-cmdline.patch
@@ -0,0 +1,11 @@
+diff -puN fs/proc/base.c~proc_pid_cmdline-race-fix fs/proc/base.c
+--- 25/fs/proc/base.c~proc_pid_cmdline-race-fix	2004-08-05 11:28:21.915442360 -0700
++++ 25-akpm/fs/proc/base.c	2004-08-05 11:28:21.919441752 -0700
+@@ -340,6 +340,8 @@ static int proc_pid_cmdline(struct task_
+ 	struct mm_struct *mm = get_task_mm(task);
+ 	if (!mm)
+ 		goto out;
++	if (!mm->arg_end)
++		goto out;	/* Shh! No looking before we're done */
+ 
+  	len = mm->arg_end - mm->arg_start;
diff --git a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r4 b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r4
deleted file mode 100644
index 354ef30ca678..000000000000
--- a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r4
+++ /dev/null
@@ -1,4 +0,0 @@
-MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228
-MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127
-MD5 60fb38c61d8d8cc913d81ab93ff74972 rsbac-patches-2.6-7.1.tar.bz2 107363
-MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612
diff --git a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r5 b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r5
new file mode 100644
index 000000000000..354ef30ca678
--- /dev/null
+++ b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r5
@@ -0,0 +1,4 @@
+MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228
+MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127
+MD5 60fb38c61d8d8cc913d81ab93ff74972 rsbac-patches-2.6-7.1.tar.bz2 107363
+MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612
diff --git a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r4.ebuild b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r4.ebuild
deleted file mode 100644
index e5331acbef3e..000000000000
--- a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r4.ebuild
+++ /dev/null
@@ -1,45 +0,0 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r4.ebuild,v 1.1 2004/08/05 01:44:37 kang Exp $
-
-IUSE=""
-ETYPE="sources"
-inherit kernel-2
-detect_version
-
-# rsbac 
-RSBACV=1.2.3
-RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2"
-CAN_SRC="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.6.7-CAN-2004-0415.patch"
-
-# rsbac kernel patches
-RGPV=7.1
-RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2"
-
-UNIPATCH_STRICTORDER="yes"
-UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch
-	${FILESDIR}/${PN}-CAN-2004-0497.patch
-	${FILESDIR}/${PN}-CAN-2004-0596.patch
-	${DISTDIR}/linux-2.6.7-CAN-2004-0415.patch
-	${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2
-	${FILESDIR}/${PN}-v1.2.3-3.patch"
-UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README"
-
-HOMEPAGE="http://hardened.gentoo.org/rsbac/"
-DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
-
-SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC} ${CAN_SRC}"
-KEYWORDS="x86"
-
-
-src_unpack() {
-	universal_unpack
-	(cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2)
-	unipatch "${UNIPATCH_LIST_DEFAULT} ${UNIPATCH_LIST}"
-	[ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion
-}
-
-pkg_postinst() {
-	postinst_sources
-	ewarn "Please configure and compile your RSBAC kernel before installing rsbac-admin tools"
-}
diff --git a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild
new file mode 100644
index 000000000000..7daa7efae1b4
--- /dev/null
+++ b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild,v 1.1 2004/08/10 10:01:50 kang Exp $
+
+IUSE=""
+ETYPE="sources"
+inherit kernel-2
+detect_version
+
+# rsbac 
+RSBACV=1.2.3
+RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2"
+CAN_SRC="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.6.7-CAN-2004-0415.patch"
+
+# rsbac kernel patches
+RGPV=7.1
+RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2"
+
+UNIPATCH_STRICTORDER="yes"
+UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch
+	${FILESDIR}/${PN}-CAN-2004-0497.patch
+	${FILESDIR}/${PN}-CAN-2004-0596.patch
+	${FILESDIR}/${OKV}-cmdline.patch
+	${DISTDIR}/linux-2.6.7-CAN-2004-0415.patch
+	${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2
+	${FILESDIR}/${PN}-v1.2.3-3.patch"
+UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README"
+
+HOMEPAGE="http://hardened.gentoo.org/rsbac/"
+DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
+
+SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC} ${CAN_SRC}"
+KEYWORDS="x86"
+
+
+src_unpack() {
+	universal_unpack
+	(cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2)
+	unipatch "${UNIPATCH_LIST_DEFAULT} ${UNIPATCH_LIST}"
+	[ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion
+}
+
+pkg_postinst() {
+	postinst_sources
+	ewarn "Please configure and compile your RSBAC kernel before installing rsbac-admin tools"
+}
-- 
cgit v1.2.3-65-gdbad