diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-02-19 22:24:21 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-02-19 22:24:21 +0000 |
commit | 3a67f77b5cfe38a58090f1f7df95850a0aa569d6 (patch) | |
tree | 7bc9d04a666a8e6417731d927379f4fd0873645d /sys-kernel | |
parent | Update version. (Manifest recommit) (diff) | |
download | gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.tar.gz gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.tar.bz2 gentoo-2-3a67f77b5cfe38a58090f1f7df95850a0aa569d6.zip |
Added the patch for the mremap/munmap vulnerability. Bug #42024.
Diffstat (limited to 'sys-kernel')
4 files changed, 91 insertions, 1 deletions
diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-sources/ChangeLog index d40e76811d22..ee36c3bef7dd 100644 --- a/sys-kernel/hardened-sources/ChangeLog +++ b/sys-kernel/hardened-sources/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-kernel/hardened-sources # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.21 2004/02/07 02:43:20 scox Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.22 2004/02/19 22:24:21 plasmaroo Exp $ + +*hardened-sources-2.4.24-r1 (19 Feb 2004) + + 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild, + files/hardened-sources-2.4.24.munmap.patch: + Added the patch for the mremap/munmap vulnerability. Bug #42024. *hardened-sources-2.4.24 (06 Feb 2004) 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org> diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r1 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r1 new file mode 100644 index 000000000000..0b06ea890fb4 --- /dev/null +++ b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r1 @@ -0,0 +1,4 @@ +MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 +MD5 ecf37e9bd868f2fa3fc581569ab724e0 hardened-sources-2.4.24-base.patch.bz2 1670068 +MD5 9f581b1bedf236bec48b43127ee79b33 hardened-sources-2.4.24-grsec.patch.bz2 100207 +MD5 d8a2e8fff78e272378e5c8d13b344550 hardened-sources-2.4.24-selinux.patch.bz2 219034 diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch new file mode 100644 index 000000000000..e120b35b7adb --- /dev/null +++ b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch @@ -0,0 +1,27 @@ +diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c +--- linux-2.4.25-rc3/mm/mremap.c 2004-02-18 13:56:01.000000000 +0000 ++++ linux-2.4.25-rc4/mm/mremap.c 2004-02-18 13:49:08.000000000 +0000 +@@ -258,16 +258,20 @@ + if ((addr <= new_addr) && (addr+old_len) > new_addr) + goto out; + +- do_munmap(current->mm, new_addr, new_len); ++ ret = do_munmap(current->mm, new_addr, new_len); ++ if (ret && new_len) ++ goto out; + } + + /* + * Always allow a shrinking remap: that just unmaps + * the unnecessary pages.. + */ +- ret = addr; + if (old_len >= new_len) { +- do_munmap(current->mm, addr+new_len, old_len - new_len); ++ ret = do_munmap(current->mm, addr+new_len, old_len - new_len); ++ if (ret && old_len != new_len) ++ goto out; ++ ret = addr; + if (!(flags & MREMAP_FIXED) || (new_addr == addr)) + goto out; + } diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild new file mode 100644 index 000000000000..5a4e9f9cb406 --- /dev/null +++ b/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.24-r1.ebuild,v 1.1 2004/02/19 22:24:21 plasmaroo Exp $ + +IUSE="selinux" +ETYPE="sources" + +inherit kernel || die + +OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" +EXTRAVERSION="-${PN/-*/}-${PR}" +KV=${OKV}${EXTRAVERSION} + +S=${WORKDIR}/linux-${KV} +DESCRIPTION="Special Security Hardened Gentoo Linux Kernel" + +BASE_URI="http://dev.gentoo.org/~scox/kernels/v2.4" +SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 + ${BASE_URI}/hardened-sources-${OKV}-base.patch.bz2 + selinux? ( ${BASE_URI}/hardened-sources-${OKV}-selinux.patch.bz2 ) + !selinux? ( ${BASE_URI}/hardened-sources-${OKV}-grsec.patch.bz2 )" + + +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" +KEYWORDS="~x86" +SLOT="${KV}" + +src_unpack() { + unpack ${A} + + mv linux-${OKV} linux-${KV} || die + cd linux-${KV} + + bzcat ${DISTDIR}/hardened-sources-${OKV}-base.patch.bz2 | patch -p1 + + if [ "`use selinux`" ]; then + bzcat ${DISTDIR}/hardened-sources-${OKV}-selinux.patch.bz2 | patch -p1 + else + bzcat ${DISTDIR}/hardened-sources-${OKV}-grsec.patch.bz2 | patch -p1 + fi + + epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!" + kernel_src_unpack +} + +pkg_postinst() { + einfo "This kernel contains LSM/SElinux or GRSecurity" + einfo "Also included are various other security related patches." + echo + einfo "If there are issues with this kernel, search http://bugs.gentoo.org/ for an" + einfo "existing bug. Only create a new bug if you have not found one that matches" + einfo "your issue. Please assign your bugs to scox@gentoo.org." +} |