Added the patch for the mremap/munmap vulnerability. Bug #42024.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-02-19 22:24:21 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-02-19 22:24:21 +0000
commit: 3a67f77b5cfe38a58090f1f7df95850a0aa569d6 (patch)
tree: 7bc9d04a666a8e6417731d927379f4fd0873645d
parent: Update version. (Manifest recommit) (diff)
download: gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.tar.gz
gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.tar.bz2
gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.zip
4 files changed, 91 insertions, 1 deletions
diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-sources/ChangeLog
index d40e76811d22..ee36c3bef7dd 100644
--- a/sys-kernel/hardened-sources/ChangeLog
+++ b/sys-kernel/hardened-sources/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-kernel/hardened-sources
 # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.21 2004/02/07 02:43:20 scox Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.22 2004/02/19 22:24:21 plasmaroo Exp $
+
+*hardened-sources-2.4.24-r1 (19 Feb 2004)
+
+  19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
+  files/hardened-sources-2.4.24.munmap.patch:
+  Added the patch for the mremap/munmap vulnerability. Bug #42024.
 
 *hardened-sources-2.4.24 (06 Feb 2004)
   06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r1 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r1
new file mode 100644
index 000000000000..0b06ea890fb4
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r1
@@ -0,0 +1,4 @@
+MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818
+MD5 ecf37e9bd868f2fa3fc581569ab724e0 hardened-sources-2.4.24-base.patch.bz2 1670068
+MD5 9f581b1bedf236bec48b43127ee79b33 hardened-sources-2.4.24-grsec.patch.bz2 100207
+MD5 d8a2e8fff78e272378e5c8d13b344550 hardened-sources-2.4.24-selinux.patch.bz2 219034
diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch
new file mode 100644
index 000000000000..e120b35b7adb
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch
@@ -0,0 +1,27 @@
+diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c
+--- linux-2.4.25-rc3/mm/mremap.c	2004-02-18 13:56:01.000000000 +0000
++++ linux-2.4.25-rc4/mm/mremap.c	2004-02-18 13:49:08.000000000 +0000
+@@ -258,16 +258,20 @@
+ 		if ((addr <= new_addr) && (addr+old_len) > new_addr)
+ 			goto out;
+ 
+-		do_munmap(current->mm, new_addr, new_len);
++		ret = do_munmap(current->mm, new_addr, new_len);
++		if (ret && new_len)
++			goto out;
+ 	}
+ 
+ 	/*
+ 	 * Always allow a shrinking remap: that just unmaps
+ 	 * the unnecessary pages..
+ 	 */
+-	ret = addr;
+ 	if (old_len >= new_len) {
+-		do_munmap(current->mm, addr+new_len, old_len - new_len);
++		ret = do_munmap(current->mm, addr+new_len, old_len - new_len);
++		if (ret && old_len != new_len)
++			goto out;
++		ret = addr;
+ 		if (!(flags & MREMAP_FIXED) || (new_addr == addr))
+ 			goto out;
+ 	}
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild
new file mode 100644
index 000000000000..5a4e9f9cb406
--- /dev/null
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild,v 1.1 2004/02/19 22:24:21 plasmaroo Exp $
+
+IUSE="selinux"
+ETYPE="sources"
+
+inherit kernel || die
+
+OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`"
+EXTRAVERSION="-${PN/-*/}-${PR}"
+KV=${OKV}${EXTRAVERSION}
+
+S=${WORKDIR}/linux-${KV}
+DESCRIPTION="Special Security Hardened Gentoo Linux Kernel"
+
+BASE_URI="http://dev.gentoo.org/~scox/kernels/v2.4"
+SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2
+	${BASE_URI}/hardened-sources-${OKV}-base.patch.bz2
+	selinux?  ( ${BASE_URI}/hardened-sources-${OKV}-selinux.patch.bz2 )
+	!selinux? ( ${BASE_URI}/hardened-sources-${OKV}-grsec.patch.bz2 )"
+
+
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/"
+KEYWORDS="~x86"
+SLOT="${KV}"
+
+src_unpack() {
+	unpack ${A}
+
+	mv linux-${OKV} linux-${KV} || die
+	cd linux-${KV}
+
+	bzcat ${DISTDIR}/hardened-sources-${OKV}-base.patch.bz2 | patch -p1
+
+	if [ "`use selinux`" ]; then
+		bzcat ${DISTDIR}/hardened-sources-${OKV}-selinux.patch.bz2 | patch -p1
+	else
+		bzcat ${DISTDIR}/hardened-sources-${OKV}-grsec.patch.bz2 | patch -p1
+	fi
+
+	epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!"
+	kernel_src_unpack
+}
+
+pkg_postinst() {
+	einfo "This kernel contains LSM/SElinux or GRSecurity"
+	einfo "Also included are various other security related patches."
+	echo
+	einfo "If there are issues with this kernel, search http://bugs.gentoo.org/ for an"
+	einfo "existing bug. Only create a new bug if you have not found one that matches"
+	einfo "your issue. Please assign your bugs to scox@gentoo.org."
+}
author	Tim Yamin <plasmaroo@gentoo.org>	2004-02-19 22:24:21 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-02-19 22:24:21 +0000
commit	3a67f77b5cfe38a58090f1f7df95850a0aa569d6 (patch)
tree	7bc9d04a666a8e6417731d927379f4fd0873645d
parent	Update version. (Manifest recommit) (diff)
download	gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.tar.gz gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.tar.bz2 gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.zip