diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-02-19 22:43:51 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-02-19 22:43:51 +0000 |
commit | 4371f8ac827cfe6590d246c4333844fb71ec90c5 (patch) | |
tree | 1d3b87d28e52e9429017309d4c942698ed3b87b6 /sys-kernel | |
parent | stable on alpha and ia64 (Manifest recommit) (diff) | |
download | gentoo-2-4371f8ac827cfe6590d246c4333844fb71ec90c5.tar.gz gentoo-2-4371f8ac827cfe6590d246c4333844fb71ec90c5.tar.bz2 gentoo-2-4371f8ac827cfe6590d246c4333844fb71ec90c5.zip |
Added the patch for the mremap/munmap vulnerability. Bug #42024.
Diffstat (limited to 'sys-kernel')
4 files changed, 117 insertions, 2 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index a856611b46fa..b1b42bca904d 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-kernel/grsec-sources -# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.14 2004/01/11 05:45:02 solar Exp $ +# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.15 2004/02/19 22:43:51 plasmaroo Exp $ + +*grsec-sources-2.4.24.1.9.13-r1 (19 Feb 2004) + + 19 Feb 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.24.1.9.13-r1.ebuild, + files/grsec-sources-2.4.24.1.9.13.munmap.patch: + Added the patch for the mremap/munmap vulnerability. Bug #42024. *grsec-sources-2.4.24.1.9.13 (11 Jan 2004) diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13-r1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13-r1 new file mode 100644 index 000000000000..a91dc769c3b0 --- /dev/null +++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13-r1 @@ -0,0 +1,3 @@ +MD5 6274da753115c640b2fd7a2665aa7c92 grsecurity-1.9.13-2.4.24.patch 525670 +MD5 7a6f55ce9faae283eb33e1c1fac05f5a grsecurity-1.9.13-2.4.24.patch.sign 189 +MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 diff --git a/sys-kernel/grsec-sources/files/grsec-sources-2.4.24.1.9.13.munmap.patch b/sys-kernel/grsec-sources/files/grsec-sources-2.4.24.1.9.13.munmap.patch new file mode 100644 index 000000000000..e120b35b7adb --- /dev/null +++ b/sys-kernel/grsec-sources/files/grsec-sources-2.4.24.1.9.13.munmap.patch @@ -0,0 +1,27 @@ +diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c +--- linux-2.4.25-rc3/mm/mremap.c 2004-02-18 13:56:01.000000000 +0000 ++++ linux-2.4.25-rc4/mm/mremap.c 2004-02-18 13:49:08.000000000 +0000 +@@ -258,16 +258,20 @@ + if ((addr <= new_addr) && (addr+old_len) > new_addr) + goto out; + +- do_munmap(current->mm, new_addr, new_len); ++ ret = do_munmap(current->mm, new_addr, new_len); ++ if (ret && new_len) ++ goto out; + } + + /* + * Always allow a shrinking remap: that just unmaps + * the unnecessary pages.. + */ +- ret = addr; + if (old_len >= new_len) { +- do_munmap(current->mm, addr+new_len, old_len - new_len); ++ ret = do_munmap(current->mm, addr+new_len, old_len - new_len); ++ if (ret && old_len != new_len) ++ goto out; ++ ret = addr; + if (!(flags & MREMAP_FIXED) || (new_addr == addr)) + goto out; + } diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild new file mode 100644 index 000000000000..2cf6f6e08114 --- /dev/null +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild @@ -0,0 +1,79 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild,v 1.1 2004/02/19 22:43:51 plasmaroo Exp $ + +# We control what versions of what we download based on the KEYWORDS we +# are using for the various arches. Thus if we want grsec1 stable we run +# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the +# grsec-2.0-preX which has alot more features. + +# the only thing that should ever differ in one of these 1.9.x ebuilds +# and 2.x of the same kernel version is the KEYWORDS and header. +# shame cvs symlinks don't exist + +ETYPE="sources" +IUSE="" + +inherit eutils +inherit kernel + +[ "$OKV" == "" ] && OKV="2.4.24" + +PATCH_BASE="${PV/${OKV}./}" +PATCH_BASE="${PATCH_BASE/_/-}" +EXTRAVER="-grsec-${PATCH_BASE}" +EXTRAVERSION="-grsec-${PATCH_BASE}-${PR}" +KV="${OKV}${EXTRAVERSION}" + +PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch" + +# hppa takes a special patch and usually has play catch up between +# versions of this package we. + +HPPA_SRC_URI="" +if [ "${ARCH}" == "hppa" ]; then + PARISC_KERNEL_VERSION="pa1" + KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVER}" + HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVER}.gz" + HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC__BASE}" + PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}" +fi + +DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" + +SRC_URI="hppa? ( $HPPA_SRC_URI ) \ + !hppa? ( http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \ + http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign ) \ + http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2" + +HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" + +[ ${PATCH_BASE/.*/} == 1 ] && KEYWORDS="x86 -hppa" || KEYWORDS="~x86 ~sparc ~ppc ~alpha -hppa" + +SLOT="${OKV}" +S="${WORKDIR}/linux-${KV}" + +src_unpack() { + unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel" + mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel" + cd linux-"${KV}" || die "unable to cd into the kernel source tree" + + [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File does not exist?" + + # users are often confused by what settings should be set so + # here lets them an example of what a P4 desktop would look like. + cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config + + ebegin "Patching the kernel with ${PATCH_SRC_BASE}" + case "${ARCH}" in + hppa) zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; + *) cat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; + esac + [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}" + eend 0 + epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!" + + mkdir docs + touch docs/patches.txt + kernel_universal_unpack +} |