Added the patch for the mremap/munmap vulnerability. Bug #42024.

4 files changed, 117 insertions, 2 deletions

diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index a856611b46fa..b1b42bca904d 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-kernel/grsec-sources
-# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.14 2004/01/11 05:45:02 solar Exp $
+# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.15 2004/02/19 22:43:51 plasmaroo Exp $
+
+*grsec-sources-2.4.24.1.9.13-r1 (19 Feb 2004)
+
+  19 Feb 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.24.1.9.13-r1.ebuild,
+  files/grsec-sources-2.4.24.1.9.13.munmap.patch:
+  Added the patch for the mremap/munmap vulnerability. Bug #42024.
 
 *grsec-sources-2.4.24.1.9.13 (11 Jan 2004)
 
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13-r1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13-r1
new file mode 100644
index 000000000000..a91dc769c3b0
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13-r1
@@ -0,0 +1,3 @@
+MD5 6274da753115c640b2fd7a2665aa7c92 grsecurity-1.9.13-2.4.24.patch 525670
+MD5 7a6f55ce9faae283eb33e1c1fac05f5a grsecurity-1.9.13-2.4.24.patch.sign 189
+MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818
diff --git a/sys-kernel/grsec-sources/files/grsec-sources-2.4.24.1.9.13.munmap.patch b/sys-kernel/grsec-sources/files/grsec-sources-2.4.24.1.9.13.munmap.patch
new file mode 100644
index 000000000000..e120b35b7adb
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/grsec-sources-2.4.24.1.9.13.munmap.patch
@@ -0,0 +1,27 @@
+diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c
+--- linux-2.4.25-rc3/mm/mremap.c	2004-02-18 13:56:01.000000000 +0000
++++ linux-2.4.25-rc4/mm/mremap.c	2004-02-18 13:49:08.000000000 +0000
+@@ -258,16 +258,20 @@
+ 		if ((addr <= new_addr) && (addr+old_len) > new_addr)
+ 			goto out;
+ 
+-		do_munmap(current->mm, new_addr, new_len);
++		ret = do_munmap(current->mm, new_addr, new_len);
++		if (ret && new_len)
++			goto out;
+ 	}
+ 
+ 	/*
+ 	 * Always allow a shrinking remap: that just unmaps
+ 	 * the unnecessary pages..
+ 	 */
+-	ret = addr;
+ 	if (old_len >= new_len) {
+-		do_munmap(current->mm, addr+new_len, old_len - new_len);
++		ret = do_munmap(current->mm, addr+new_len, old_len - new_len);
++		if (ret && old_len != new_len)
++			goto out;
++		ret = addr;
+ 		if (!(flags & MREMAP_FIXED) || (new_addr == addr))
+ 			goto out;
+ 	}
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild
new file mode 100644
index 000000000000..2cf6f6e08114
--- /dev/null
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13-r1.ebuild,v 1.1 2004/02/19 22:43:51 plasmaroo Exp $
+
+# We control what versions of what we download based on the KEYWORDS we
+# are using for the various arches. Thus if we want grsec1 stable we run
+# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the
+# grsec-2.0-preX which has alot more features.
+
+# the only thing that should ever differ in one of these 1.9.x ebuilds
+# and 2.x of the same kernel version is the KEYWORDS and header. 
+# shame cvs symlinks don't exist
+
+ETYPE="sources"
+IUSE=""
+
+inherit eutils
+inherit kernel
+
+[ "$OKV" == "" ] && OKV="2.4.24"
+
+PATCH_BASE="${PV/${OKV}./}"
+PATCH_BASE="${PATCH_BASE/_/-}"
+EXTRAVER="-grsec-${PATCH_BASE}"
+EXTRAVERSION="-grsec-${PATCH_BASE}-${PR}"
+KV="${OKV}${EXTRAVERSION}"
+
+PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch"
+
+# hppa takes a special patch and usually has play catch up between
+# versions of this package we.
+
+HPPA_SRC_URI=""
+if [ "${ARCH}" == "hppa" ]; then
+	PARISC_KERNEL_VERSION="pa1"
+	KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVER}"
+	HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVER}.gz"
+	HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC__BASE}"
+	PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}"
+fi
+
+DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
+
+SRC_URI="hppa? ( $HPPA_SRC_URI ) \
+	!hppa? ( http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
+		http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign ) \
+	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
+
+HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
+
+[ ${PATCH_BASE/.*/} == 1 ] && KEYWORDS="x86 -hppa" || KEYWORDS="~x86 ~sparc ~ppc ~alpha -hppa"
+
+SLOT="${OKV}"
+S="${WORKDIR}/linux-${KV}"
+
+src_unpack() {
+	unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel"
+	mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel"
+	cd linux-"${KV}" || die "unable to cd into the kernel source tree"
+
+	[ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File does not exist?"
+
+	# users are often confused by what settings should be set so
+	# here lets them an example of what a P4 desktop would look like.
+	cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config
+
+	ebegin "Patching the kernel with ${PATCH_SRC_BASE}"
+	case "${ARCH}" in
+		hppa)	zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;;
+		*)	cat  ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;;
+	esac
+	[ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}"
+	eend 0
+	epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!"
+
+	mkdir docs
+	touch docs/patches.txt
+	kernel_universal_unpack
+}