diff options
Diffstat (limited to 'sys-kernel/rsbac-sources')
17 files changed, 516 insertions, 851 deletions
diff --git a/sys-kernel/rsbac-sources/ChangeLog b/sys-kernel/rsbac-sources/ChangeLog index 4001a2c67411..bc06afed7115 100644 --- a/sys-kernel/rsbac-sources/ChangeLog +++ b/sys-kernel/rsbac-sources/ChangeLog @@ -1,10 +1,18 @@ # ChangeLog for sys-kernel/rsbac-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.17 2004/12/02 18:43:52 kang Exp $ - - 02 Dec 2004; Guillaume Destuynder <kang@gentoo.org> - rsbac-sources-2.4.28.ebuild: - marked 2.4.28 stable, 2.4.26 to be orphaned soon. +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.18 2004/12/08 20:17:09 kang Exp $ + +*rsbac-sources-2.4.28-r1 (08 Dec 2004) + + 08 Dec 2004; Guillaume Destuynder <kang@gentoo.org> + +files/rsbac-sources-2.4.28-dos_mem_disc.patch, + -files/rsbac-sources-CAN-2004-0497.patch, + +files/rsbac-sources-v1.2.3-1.patch, +files/rsbac-sources-v1.2.3-2.patch, + +files/rsbac-sources-v1.2.3-4.patch, +files/rsbac-sources-v1.2.3-5.patch, + +files/rsbac-sources-v1.2.3-6.patch, -rsbac-sources-2.4.26-r5.ebuild, + +rsbac-sources-2.4.28-r1.ebuild, -rsbac-sources-2.4.28.ebuild: + Security fix bug #72452: Linux Kernel Local DoS and Memory Content + Disclosure Vulnerabilities *rsbac-sources-2.4.28 (29 Nov 2004) diff --git a/sys-kernel/rsbac-sources/Manifest b/sys-kernel/rsbac-sources/Manifest index e61269a93181..a679662c9085 100644 --- a/sys-kernel/rsbac-sources/Manifest +++ b/sys-kernel/rsbac-sources/Manifest @@ -1,12 +1,11 @@ MD5 fee9abc7797fef753c42454679bae9a7 metadata.xml 456 -MD5 6f025797b464fe4ea441136f6cd10d41 ChangeLog 2137 -MD5 8447db1a09bcba858e410c6b3f06af05 rsbac-sources-2.4.26-r5.ebuild 1581 -MD5 886d3e17a675983871039be4006cbd2f rsbac-sources-2.4.28.ebuild 1217 -MD5 dc18e982f8149588a291956481885a8c files/rsbac-sources-2.4.CAN-2004-0495.patch 17549 -MD5 0f66013f643c79c97fda489618a4e2fd files/rsbac-sources-2.4.CAN-2004-0535.patch 476 +MD5 9fd78076e9e3c9888c664c25a4552b7f rsbac-sources-2.4.28-r1.ebuild 1448 +MD5 d0d4813e9906984737680b1b4245e1e1 ChangeLog 2384 MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-sources-v1.2.3-3.patch 557 -MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/rsbac-sources-CAN-2004-0497.patch 707 -MD5 d1ccc2047be533c992f67270a150a210 files/2.4.26-cmdline-race.patch 388 -MD5 60d25ff310fc6abfdce39ec9e47345af files/2.4.26-CAN-2004-685.patch 2809 -MD5 665832a4660ee3c3d531dfc2568cc495 files/digest-rsbac-sources-2.4.28 207 -MD5 ed937dbb278198dc190e96cd3e8e4f80 files/digest-rsbac-sources-2.4.26-r5 283 +MD5 b9a94233e1457787352e5f85e3e3582d files/rsbac-sources-2.4.28-dos_mem_disc.patch 2009 +MD5 305a7a9407bd311f3b58d0b7ae505506 files/rsbac-sources-v1.2.3-1.patch 1784 +MD5 d41d8cd98f00b204e9800998ecf8427e files/rsbac-sources-v1.2.3-2.patch 0 +MD5 c1c64783ddf4cce2b21b0b6f96f329d7 files/rsbac-sources-v1.2.3-4.patch 1018 +MD5 ffea7c6daada6d0033ed3996d45fd7ca files/rsbac-sources-v1.2.3-5.patch 625 +MD5 6197e52bf5742c3f61716fe6a681055c files/rsbac-sources-v1.2.3-6.patch 13068 +MD5 665832a4660ee3c3d531dfc2568cc495 files/digest-rsbac-sources-2.4.28-r1 207 diff --git a/sys-kernel/rsbac-sources/files/2.4.26-CAN-2004-685.patch b/sys-kernel/rsbac-sources/files/2.4.26-CAN-2004-685.patch deleted file mode 100644 index d1be834cc8a5..000000000000 --- a/sys-kernel/rsbac-sources/files/2.4.26-CAN-2004-685.patch +++ /dev/null @@ -1,83 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/26 19:14:16-03:00 mjc@redhat.com -# [PATCH] USB: more sparse fixes -# -# Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the -# usb drivers: -# http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ -# -# The corresponding changes have not been commited to 2.4, or included in -# the previous sparse fixes. -# -# drivers/usb/audio.c -# 2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0 -# USB: more sparse fixes -# -# drivers/usb/brlvger.c -# 2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -# drivers/usb/serial/io_edgeport.c -# 2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -# drivers/usb/vicam.c -# 2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c ---- a/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 -@@ -2141,6 +2141,8 @@ - - if (cmd == SOUND_MIXER_INFO) { - mixer_info info; -+ -+ memset(&info, 0, sizeof(info)); - strncpy(info.id, "USB_AUDIO", sizeof(info.id)); - strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); - info.modify_counter = ms->modcnt; -@@ -2150,6 +2152,8 @@ - } - if (cmd == SOUND_OLD_MIXER_INFO) { - _old_mixer_info info; -+ -+ memset(&info, 0, sizeof(info)); - strncpy(info.id, "USB_AUDIO", sizeof(info.id)); - strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); - if (copy_to_user((void *)arg, &info, sizeof(info))) -diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c ---- a/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 -@@ -743,6 +743,7 @@ - case BRLVGER_GET_INFO: { - struct brlvger_info vi; - -+ memset(&vi, 0, sizeof(vi)); - strncpy(vi.driver_version, DRIVER_VERSION, - sizeof(vi.driver_version)); - vi.driver_version[sizeof(vi.driver_version)-1] = 0; -diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c ---- a/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 -@@ -1913,6 +1913,7 @@ - - case TIOCGICOUNT: - cnow = edge_port->icount; -+ memset(&icount, 0, sizeof(icount)); - icount.cts = cnow.cts; - icount.dsr = cnow.dsr; - icount.rng = cnow.rng; -diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c ---- a/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 -@@ -481,6 +481,7 @@ - struct video_capability b; - - DBG("VIDIOCGCAP\n"); -+ memset(&b, 0, sizeof(b)); - strcpy(b.name, "ViCam-based Camera"); - b.type = VID_TYPE_CAPTURE; - b.channels = 1; diff --git a/sys-kernel/rsbac-sources/files/2.4.26-cmdline-race.patch b/sys-kernel/rsbac-sources/files/2.4.26-cmdline-race.patch deleted file mode 100644 index 5f26f7f388f6..000000000000 --- a/sys-kernel/rsbac-sources/files/2.4.26-cmdline-race.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100 -+++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100 -@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_ - if (mm) - atomic_inc(&mm->mm_users); - task_unlock(task); -- if (mm) { -+ if (mm && mm->arg_end) { - int len = mm->arg_end - mm->arg_start; - if (len > PAGE_SIZE) - len = PAGE_SIZE; diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r5 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r5 deleted file mode 100644 index 24173616eac3..000000000000 --- a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r5 +++ /dev/null @@ -1,4 +0,0 @@ -MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389 -MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127 -MD5 26604fdd9cc696510c65b5db124c7527 rsbac-patches-2.4-26.7.tar.bz2 294589 -MD5 8f8f2412aacf9a01b5549bf2a9a3bff8 linux-2.4.26-CAN-2004-0415.patch 90145 diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.28-r1 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.28-r1 new file mode 100644 index 000000000000..010465e18d9b --- /dev/null +++ b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.28-r1 @@ -0,0 +1,3 @@ +MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046 +MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127 +MD5 aba31540a309b27201ca821510014b8f rsbac-patches-2.4-28.1.tar.bz2 288671 diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.28-dos_mem_disc.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.28-dos_mem_disc.patch new file mode 100644 index 000000000000..4644ae28bce4 --- /dev/null +++ b/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.28-dos_mem_disc.patch @@ -0,0 +1,63 @@ +diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c +--- linux-2.4.28/fs/exec.c 2004-04-15 10:44:45 -07:00 ++++ linux-2.4.28.plasmaroo/fs/exec.c 2004-11-12 12:02:40 -08:00 +@@ -342,6 +342,7 @@ int setup_arg_pages(struct linux_binprm + + down_write(¤t->mm->mmap_sem); + { ++ struct vm_area_struct *vma; + mpnt->vm_mm = current->mm; + mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; + mpnt->vm_end = STACK_TOP; +@@ -351,6 +352,12 @@ int setup_arg_pages(struct linux_binprm + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; ++ vma = find_vma(current->mm, mpnt->vm_start); ++ if (vma) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return -ENOMEM; ++ } + insert_vm_struct(current->mm, mpnt); + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } +diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c +--- linux-2.4.28/fs/binfmt_aout.c 2002-02-04 23:54:04 -08:00 ++++ linux-2.4.28.plasmaroo/fs/binfmt_aout.c 2004-11-12 11:55:14 -08:00 +@@ -39,13 +39,18 @@ static struct linux_binfmt aout_format = + NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE + }; + +-static void set_brk(unsigned long start, unsigned long end) ++#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) ++ ++static int set_brk(unsigned long start, unsigned long end) + { + start = PAGE_ALIGN(start); + end = PAGE_ALIGN(end); +- if (end <= start) +- return; +- do_brk(start, end - start); ++ if (end > start) { ++ unsigned long addr = do_brk(start, end - start); ++ if (BAD_ADDR(addr)) ++ return addr; ++ } ++ return 0; + } + + /* +@@ -405,7 +410,11 @@ static int load_aout_binary(struct linux + beyond_if: + set_binfmt(&aout_format); + +- set_brk(current->mm->start_brk, current->mm->brk); ++ retval = set_brk(current->mm->start_brk, current->mm->brk); ++ if (retval < 0) { ++ send_sig(SIGKILL, current, 0); ++ return retval; ++ } + + retval = setup_arg_pages(bprm); + if (retval < 0) { diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.CAN-2004-0495.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.CAN-2004-0495.patch deleted file mode 100644 index bea80eac69a9..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.CAN-2004-0495.patch +++ /dev/null @@ -1,655 +0,0 @@ ---- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004 -@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev, - { - struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr; - struct dn_ifaddr *ifa; -- struct ifreq *ifr = (struct ifreq *)buf; -+ char buffer[DN_IFREQ_SIZE]; -+ struct ifreq *ifr = (struct ifreq *)buffer; -+ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr; - int done = 0; - - if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL)) - return 0; - - for(; ifa; ifa = ifa->ifa_next) { -- if (!ifr) { -+ if (!buf) { - done += sizeof(DN_IFREQ_SIZE); - continue; - } - if (len < DN_IFREQ_SIZE) - return done; -- memset(ifr, 0, DN_IFREQ_SIZE); -+ memset(buffer, 0, DN_IFREQ_SIZE); - - if (ifa->ifa_label) - strcpy(ifr->ifr_name, ifa->ifa_label); - else - strcpy(ifr->ifr_name, dev->name); - -- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet; -- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2; -- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local; -+ addr->sdn_family = AF_DECnet; -+ addr->sdn_add.a_len = 2; -+ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local, -+ sizeof(dn_address)); - -- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE); -+ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) { -+ done = -EFAULT; -+ break; -+ } -+ -+ buf += DN_IFREQ_SIZE; - len -= DN_IFREQ_SIZE; - done += DN_IFREQ_SIZE; - } ---- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100 -+++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100 -@@ -3012,19 +3012,22 @@ - size_t len, - loff_t *offset ) - { -- int i; -- int pos; -+ loff_t pos = *offset; - struct proc_data *priv = (struct proc_data*)file->private_data; - -- if( !priv->rbuffer ) return -EINVAL; -+ if (!priv->rbuffer) -+ return -EINVAL; - -- pos = *offset; -- for( i = 0; i+pos < priv->readlen && i < len; i++ ) { -- if (put_user( priv->rbuffer[i+pos], buffer+i )) -- return -EFAULT; -- } -- *offset += i; -- return i; -+ if (pos < 0) -+ return -EINVAL; -+ if (pos >= priv->readlen) -+ return 0; -+ if (len > priv->readlen - pos) -+ len = priv->readlen - pos; -+ if (copy_to_user(buffer, priv->rbuffer + pos, len)) -+ return -EFAULT; -+ *offset = pos + len; -+ return len; - } - - /* -@@ -3036,24 +3039,24 @@ - size_t len, - loff_t *offset ) - { -- int i; -- int pos; -+ loff_t pos = *offset; - struct proc_data *priv = (struct proc_data*)file->private_data; - -- if ( !priv->wbuffer ) { -+ if (!priv->wbuffer) - return -EINVAL; -- } -- -- pos = *offset; - -- for( i = 0; i + pos < priv->maxwritelen && -- i < len; i++ ) { -- if (get_user( priv->wbuffer[i+pos], buffer + i )) -- return -EFAULT; -- } -- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos; -- *offset += i; -- return i; -+ if (pos < 0) -+ return -EINVAL; -+ if (pos >= priv->maxwritelen) -+ return 0; -+ if (len > priv->maxwritelen - pos) -+ len = priv->maxwritelen - pos; -+ if (copy_from_user(priv->wbuffer + pos, buffer, len)) -+ return -EFAULT; -+ if (pos + len > priv->writelen) -+ priv->writelen = pos + len; -+ *offset = pos + len; -+ return len; - } - - static int proc_status_open( struct inode *inode, struct file *file ) { ---- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004 -@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time( - static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg) - { - int midi_dev = sound_timer_devs[dev]->devlink; -+ int *p = (int *)arg; - - switch (command) - { - case SNDCTL_TMR_SOURCE: - { - int parm; -- -- parm = *(int *) arg; -+ -+ if (get_user(parm, p)) -+ return -EFAULT; - parm &= timer_caps; - - if (parm != 0) -@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi - else if (timer_mode & TMR_MODE_SMPTE) - mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */ - } -- return (*(int *) arg = timer_mode); -+ if (put_user(timer_mode, p)) -+ return -EFAULT; -+ return timer_mode; - } - break; - -@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi - { - int val; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - if (val) - set_timebase(midi_dev, val); -- return (*(int *) arg = curr_timebase); -+ if (put_user(curr_timebase, p)) -+ return -EFAULT; -+ return curr_timebase; - } - break; - -@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi - int val; - int ret; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - - if (val) - { -@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi - } - curr_tempo = val; - } -- return (*(int *) arg = curr_tempo); -+ if (put_user(curr_tempo, p)) -+ return -EFAULT; -+ return curr_tempo; - } - break; - -@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi - { - int val; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - if (val != 0) /* Can't change */ - return -EINVAL; -- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60); -+ val = (curr_tempo * curr_timebase + 30) / 60; -+ if (put_user(val, p)) -+ return -EFAULT; -+ return val; - } - break; - - case SNDCTL_SEQ_GETTIME: -- return (*(int *) arg = curr_ticks); -+ if (put_user(curr_ticks, p)) -+ return -EFAULT; -+ return curr_ticks; - - case SNDCTL_TMR_METRONOME: -- metronome_mode = *(int *) arg; -+ if (get_user(metronome_mode, p)) -+ return -EFAULT; - setup_metronome(midi_dev); - return 0; - ---- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004 -@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f) - f->len = f->tail = f->head = 0; - } - --int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user) -+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len) - { - int count = 0; - -- if (f->len == f->n) -- return 0; -- - while ((count < len) && (f->len != f->n)) { - - int nwritten; -@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const - nwritten = len - count; - } - -- if (user) { -- if (copy_from_user(f->data + f->tail, buf, nwritten)) -- return -EFAULT; -- } else -- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); -+ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); - - count += nwritten; - buf += nwritten; -@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const - return count; - } - --int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user) -+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len) - { - int count = 0; - -- if (f->len == 0) -- return f->len; -- - while ((count < len) && (f->len > 0)) { - - int nread; -@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b - nread = len - count; - } - -- if (user) { -- if (copy_to_user(buf, f->data + f->head, nread)) -- return -EFAULT; -- } else -- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); -+ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); - - count += nread; - buf += nread; ---- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004 -@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f); - void msnd_fifo_free(msnd_fifo *f); - int msnd_fifo_alloc(msnd_fifo *f, size_t n); - void msnd_fifo_make_empty(msnd_fifo *f); --int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user); --int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user); -+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len); -+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len); - - int msnd_wait_TXDE(multisound_dev_t *dev); - int msnd_wait_HC0(multisound_dev_t *dev); ---- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004 -@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino - - static __inline__ int pack_DARQ_to_DARF(register int bank) - { -- register int size, n, timeout = 3; -+ register int size, timeout = 3; - register WORD wTmp; - LPDAQD DAQD; - -@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF( - /* Read data from the head (unprotected bank 1 access okay - since this is only called inside an interrupt) */ - outb(HPBLKSEL_1, dev.io + HP_BLKS); -- if ((n = msnd_fifo_write( -+ msnd_fifo_write( - &dev.DARF, - (char *)(dev.base + bank * DAR_BUFF_SIZE), -- size, 0)) <= 0) { -- outb(HPBLKSEL_0, dev.io + HP_BLKS); -- return n; -- } -+ size); - outb(HPBLKSEL_0, dev.io + HP_BLKS); - - return 1; -@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ( - if (protect) { - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_read( -+ n = msnd_fifo_read( - &dev.DAPF, - (char *)(dev.base + bank_num * DAP_BUFF_SIZE), -- DAP_BUFF_SIZE, 0)) < 0) { -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ DAP_BUFF_SIZE); - spin_unlock_irqrestore(&dev.lock, flags); - } else { -- if ((n = msnd_fifo_read( -+ n = msnd_fifo_read( - &dev.DAPF, - (char *)(dev.base + bank_num * DAP_BUFF_SIZE), -- DAP_BUFF_SIZE, 0)) < 0) { -- return n; -- } -+ DAP_BUFF_SIZE); - } - if (!n) - break; -@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ( - static int dsp_read(char *buf, size_t len) - { - int count = len; -+ char *page = (char *)__get_free_page(PAGE_SIZE); -+ -+ if (!page) -+ return -ENOMEM; - - while (count > 0) { -- int n; -+ int n, k; - unsigned long flags; - -+ k = PAGE_SIZE; -+ if (k > count) -+ k = count; -+ - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) { -- printk(KERN_WARNING LOGNAME ": FIFO read error\n"); -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ n = msnd_fifo_read(&dev.DARF, page, k); - spin_unlock_irqrestore(&dev.lock, flags); -+ if (copy_to_user(buf, page, n)) { -+ free_page((unsigned long)page); -+ return -EFAULT; -+ } - buf += n; - count -= n; - -+ if (n == k && count) -+ continue; -+ - if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) { - dev.last_recbank = -1; - if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0) - set_bit(F_READING, &dev.flags); - } - -- if (dev.rec_ndelay) -+ if (dev.rec_ndelay) { -+ free_page((unsigned long)page); - return count == len ? -EAGAIN : len - count; -+ } - - if (count > 0) { - set_bit(F_READBLOCK, &dev.flags); -@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le - get_rec_delay_jiffies(DAR_BUFF_SIZE))) - clear_bit(F_READING, &dev.flags); - clear_bit(F_READBLOCK, &dev.flags); -- if (signal_pending(current)) -+ if (signal_pending(current)) { -+ free_page((unsigned long)page); - return -EINTR; -+ } - } - } -- -+ free_page((unsigned long)page); - return len - count; - } - - static int dsp_write(const char *buf, size_t len) - { - int count = len; -+ char *page = (char *)__get_free_page(GFP_KERNEL); -+ -+ if (!page) -+ return -ENOMEM; - - while (count > 0) { -- int n; -+ int n, k; - unsigned long flags; - -+ k = PAGE_SIZE; -+ if (k > count) -+ k = count; -+ -+ if (copy_from_user(page, buf, k)) { -+ free_page((unsigned long)page); -+ return -EFAULT; -+ } -+ - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) { -- printk(KERN_WARNING LOGNAME ": FIFO write error\n"); -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ n = msnd_fifo_write(&dev.DAPF, page, k); - spin_unlock_irqrestore(&dev.lock, flags); - buf += n; - count -= n; - -+ if (count && n == k) -+ continue; -+ - if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) { - dev.last_playbank = -1; - if (pack_DAPF_to_DAPQ(1) > 0) - set_bit(F_WRITING, &dev.flags); - } - -- if (dev.play_ndelay) -+ if (dev.play_ndelay) { -+ free_page((unsigned long)page); - return count == len ? -EAGAIN : len - count; -+ } - - if (count > 0) { - set_bit(F_WRITEBLOCK, &dev.flags); -@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si - &dev.writeblock, - get_play_delay_jiffies(DAP_BUFF_SIZE)); - clear_bit(F_WRITEBLOCK, &dev.flags); -- if (signal_pending(current)) -+ if (signal_pending(current)) { -+ free_page((unsigned long)page); - return -EINTR; -+ } - } - } - -+ free_page((unsigned long)page); - return len - count; - } - ---- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004 -@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata - } - } - --static void arg_to_volume_mono(unsigned int volume, int *aleft) -+static int set_volume_mono(caddr_t p, int *aleft) - { - int left; -+ unsigned volume; -+ if (get_user(volume, (unsigned *)p)) -+ return -EFAULT; - -- left = volume & 0x00ff; -+ left = volume & 0xff; - if (left > 100) - left = 100; - *aleft = left; -+ return 0; - } - --static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright) -+static int set_volume_stereo(caddr_t p, int *aleft, int *aright) - { -- arg_to_volume_mono(volume, aleft); -- arg_to_volume_mono(volume >> 8, aright); -+ int left, right; -+ unsigned volume; -+ if (get_user(volume, (unsigned *)p)) -+ return -EFAULT; -+ -+ left = volume & 0xff; -+ if (left > 100) -+ left = 100; -+ right = (volume >> 8) & 0xff; -+ if (right > 100) -+ right = 100; -+ *aleft = left; -+ *aright = right; -+ return 0; - } - - static int ret_vol_mono(int left) -@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns - return call_ad_mixer(devc, cmd, arg); - else - { -- if (*(int *)arg != 0) -+ int v; -+ if (get_user(v, (int *)arg)) -+ return -EFAULT; -+ if (v != 0) - return -EINVAL; - return 0; - } - case SOUND_MIXER_VOLUME: -- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l, -- &devc->mixer.volume_r); -+ if (set_volume_stereo(arg, -+ &devc->mixer.volume_l, -+ &devc->mixer.volume_r)) -+ return -EFAULT; - set_master_volume(devc, devc->mixer.volume_l, - devc->mixer.volume_r); - return ret_vol_stereo(devc->mixer.volume_l, - devc->mixer.volume_r); - - case SOUND_MIXER_BASS: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.bass); -+ if (set_volume_mono(arg, &devc->mixer.bass)) -+ return -EFAULT; - set_bass(devc, devc->mixer.bass); - return ret_vol_mono(devc->mixer.bass); - - case SOUND_MIXER_TREBLE: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.treble); -+ if (set_volume_mono(arg, &devc->mixer.treble)) -+ return -EFAULT; - set_treble(devc, devc->mixer.treble); - return ret_vol_mono(devc->mixer.treble); - - case SOUND_MIXER_SYNTH: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.synth); -+ if (set_volume_mono(arg, &devc->mixer.synth)) -+ return -EFAULT; - set_synth_volume(devc, devc->mixer.synth); - return ret_vol_mono(devc->mixer.synth); - -@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns - } - else - { -+ int val, and_mask = 0, or_mask = 0; - /* - * Return parameters - */ - switch (cmdf) - { -- - case SOUND_MIXER_DEVMASK: - if (call_ad_mixer(devc, cmd, arg) == -EINVAL) -- *(int *)arg = 0; /* no mixer devices */ -- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH); -+ break; -+ and_mask = ~0; -+ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH; -+ break; - - case SOUND_MIXER_STEREODEVS: - if (call_ad_mixer(devc, cmd, arg) == -EINVAL) -- *(int *)arg = 0; /* no stereo devices */ -- return (*(int *)arg |= SOUND_MASK_VOLUME); -+ break; -+ and_mask = ~0; -+ or_mask = SOUND_MASK_VOLUME; -+ break; - - case SOUND_MIXER_RECMASK: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = 0); /* no record devices */ -+ break; - - case SOUND_MIXER_CAPS: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = SOUND_CAP_EXCL_INPUT); -+ or_mask = SOUND_CAP_EXCL_INPUT; -+ break; - - case SOUND_MIXER_RECSRC: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = 0); /* no record source */ -+ break; - - case SOUND_MIXER_VOLUME: -- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r)); -+ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r); -+ break; - - case SOUND_MIXER_BASS: -- return (*(int *)arg = ret_vol_mono(devc->mixer.bass)); -+ or_mask = ret_vol_mono(devc->mixer.bass); -+ break; - - case SOUND_MIXER_TREBLE: -- return (*(int *)arg = ret_vol_mono(devc->mixer.treble)); -+ or_mask = ret_vol_mono(devc->mixer.treble); -+ break; - - case SOUND_MIXER_SYNTH: -- return (*(int *)arg = ret_vol_mono(devc->mixer.synth)); -+ or_mask = ret_vol_mono(devc->mixer.synth); -+ break; - default: - return -EINVAL; - } -+ if (get_user(val, (int *)arg)) -+ return -EFAULT; -+ val &= and_mask; -+ val |= or_mask; -+ if (put_user(val, (int *)arg)) -+ return -EFAULT; -+ return val; - } - } - diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.CAN-2004-0535.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.CAN-2004-0535.patch deleted file mode 100644 index 669fc5fd32fb..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.4.CAN-2004-0535.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100 -+++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100 -@@ -468,6 +468,9 @@ - - if(copy_from_user(®s, addr, sizeof(regs))) - return -EFAULT; -+ memset(regs_buff, 0, sizeof(regs_buff)); -+ if (regs.len > E1000_REGS_LEN) -+ regs.len = E1000_REGS_LEN; - e1000_ethtool_gregs(adapter, ®s, regs_buff); - if(copy_to_user(addr, ®s, sizeof(regs))) - return -EFAULT; diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch deleted file mode 100644 index 9503e9efe57b..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch +++ /dev/null @@ -1,23 +0,0 @@ -# ChangeSet -# -# fs/attr.c -# 2004/07/03 18:28:30-03:00 marcelo@logos.cnet +1 -0 -# Thomas Biege: Fix missing DAC check on sys_chown -# -# fs/attr.c -# 2004/07/03 19:28:29-03:00 marcelo@logos.cnet +1 -1 -# Add missing bracket to inode_change_ok() fix -# -diff -Nru a/fs/attr.c b.plasmaroo/fs/attr.c ---- a/fs/attr.c 2004-07-08 17:05:20 -07:00 -+++ b.plasmaroo/fs/attr.c 2004-07-08 17:05:20 -07:00 -@@ -35,7 +35,8 @@ - - /* Make sure caller can chgrp. */ - if ((ia_valid & ATTR_GID) && -- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && -+ (current->fsuid != inode->i_uid || -+ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && - !capable(CAP_CHOWN)) - goto error; - diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-1.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-1.patch new file mode 100644 index 000000000000..3b0262a7cccb --- /dev/null +++ b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-1.patch @@ -0,0 +1,35 @@ +--- linux-2.6.7-rsbac-v1.2.3/rsbac/adf/ff/ff_main.c~ 2004-06-24 12:48:07.000000000 +0200 ++++ linux-2.6.7-rsbac-v1.2.3/rsbac/adf/ff/ff_main.c 2004-06-24 12:48:07.000000000 +0200 +@@ -396,6 +396,9 @@ + #ifdef CONFIG_RSBAC_SOFTMODE + && (attr_val.switch_target != SOFTMODE) + #endif ++ #ifdef CONFIG_RSBAC_FF_AUTH_PROT ++ && (attr_val.switch_target != AUTH) ++ #endif + ) + return(DO_NOT_CARE); + /* test owner's ff_role */ +--- linux-2.6.7-rsbac-v1.2.3/rsbac/adf/rc/rc_main.c~ 2004-06-24 12:45:06.000000000 +0200 ++++ linux-2.6.7-rsbac-v1.2.3/rsbac/adf/rc/rc_main.c 2004-06-24 12:45:06.000000000 +0200 +@@ -1366,6 +1366,9 @@ + #ifdef CONFIG_RSBAC_SOFTMODE + && (attr_val.switch_target != SOFTMODE) + #endif ++ #ifdef CONFIG_RSBAC_RC_AUTH_PROT ++ && (attr_val.switch_target != AUTH) ++ #endif + ) + return(DO_NOT_CARE); + return(check_comp_rc_scd(ST_other, request, caller_pid)); +--- linux-2.6.7-rsbac-v1.2.3/rsbac/adf/acl/acl_main.c~ 2004-06-24 12:49:01.000000000 +0200 ++++ linux-2.6.7-rsbac-v1.2.3/rsbac/adf/acl/acl_main.c 2004-06-24 12:49:01.000000000 +0200 +@@ -510,6 +510,9 @@ + #ifdef CONFIG_RSBAC_SOFTMODE + && (attr_val.switch_target != SOFTMODE) + #endif ++ #ifdef CONFIG_RSBAC_ACL_AUTH_PROT ++ && (attr_val.switch_target != AUTH) ++ #endif + ) + return(DO_NOT_CARE); diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-2.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-2.patch new file mode 100644 index 000000000000..e69de29bb2d1 --- /dev/null +++ b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-2.patch diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-4.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-4.patch new file mode 100644 index 000000000000..a8938bd9397f --- /dev/null +++ b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-4.patch @@ -0,0 +1,30 @@ +--- linux-2.4.26-rsbac-v1.2.3/include/asm-x86_64/unistd.h~ 2004-07-21 09:07:21.000000000 +0200 ++++ linux-2.4.26-rsbac-v1.2.3/include/asm-x86_64/unistd.h 2004-07-21 09:07:21.000000000 +0200 +@@ -427,7 +427,13 @@ + __SYSCALL(__NR_tuxcall, sys_ni_syscall) + + #define __NR_security 185 /* reserved for security */ ++/* RSBAC */ ++#ifdef CONFIG_RSBAC ++#define __NR_rsbac 185 /* reserved for security */ ++__SYSCALL(__NR_rsbac, sys_rsbac) ++#else + __SYSCALL(__NR_security, sys_ni_syscall) ++#endif + + #define __NR_gettid 186 + __SYSCALL(__NR_gettid, sys_gettid) +--- linux-2.4.26-rsbac-v1.2.3/include/asm-x86_64/ia32_unistd.h~ 2004-07-21 09:08:41.000000000 +0200 ++++ linux-2.4.26-rsbac-v1.2.3/include/asm-x86_64/ia32_unistd.h 2004-07-21 09:08:41.000000000 +0200 +@@ -250,6 +250,11 @@ + #define __NR_ia32_sched_setaffinity 241 + #define __NR_ia32_sched_getaffinity 242 + ++/* RSBAC */ ++#ifdef CONFIG_RSBAC ++#define __NR_ia32_rsbac __NR_ia32_security ++#endif ++ + #define IA32_NR_syscalls 245 + + #endif /* _ASM_X86_64_IA32_UNISTD_H_ */ diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-5.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-5.patch new file mode 100644 index 000000000000..fea819e62dfb --- /dev/null +++ b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-5.patch @@ -0,0 +1,15 @@ +Index: rsbac-admin-v1.2.3/src/attr_set_fd.c +=================================================================== +--- rsbac-admin-v1.2.3/src/attr_set_fd.c (revision 19) ++++ rsbac-admin-v1.2.3/src/attr_set_fd.c (working copy) +@@ -202,6 +202,10 @@ + case A_res_max: + fprintf(stderr, gettext("%s: Attribute %s not supported\n"), progname, argv[3]); + exit(1); ++ case A_pax_flags: ++ value.pax_flags = pax_strtoflags(argv[3], RSBAC_PAX_DEF_FLAGS); ++ break; ++ + case A_log_array_low: + case A_log_array_high: + if(strlen(argv[3]) != R_NONE) diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-6.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-6.patch new file mode 100644 index 000000000000..e87509f12cde --- /dev/null +++ b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-6.patch @@ -0,0 +1,339 @@ +Index: linux-2.4.27-rsbac-v1.2.3/include/rsbac/aci_data_structures.h +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/include/rsbac/aci_data_structures.h (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/include/rsbac/aci_data_structures.h (working copy) +@@ -1134,7 +1134,7 @@ + #endif + + +-#define RSBAC_USER_NR_ATTRIBUTES 28 ++#define RSBAC_USER_NR_ATTRIBUTES 24 + #define RSBAC_USER_ATTR_LIST { \ + A_pseudo, \ + A_log_user_based, \ +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/help/syscalls.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/help/syscalls.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/help/syscalls.c (working copy) +@@ -1405,7 +1405,7 @@ + + int sys_rsbac_switch(enum rsbac_switch_target_t target, int value) + { +-#ifdef CONFIG_RSBAC_SWITCH ++#if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE) + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + char * switch_name; +@@ -1509,6 +1509,7 @@ + case SOFTMODE: rsbac_softmode = value; + break; + #endif ++#ifdef CONFIG_RSBAC_SWITCH + #ifdef CONFIG_RSBAC_MAC + case MAC: rsbac_switch_mac = value; + break; +@@ -1557,6 +1558,7 @@ + case RES: rsbac_switch_res = value; + break; + #endif ++#endif /* SWITCH */ + default: + return (-RSBAC_EINVALIDMODULE); + } +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_syscalls.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_syscalls.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_syscalls.c (working copy) +@@ -41,8 +41,10 @@ + /* Externally visible functions */ + /************************************************* */ + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + extern long sys_chroot(const char * filename); + extern long sys_chdir(const char * filename); ++#endif + + /* Create a jail for current process */ + /* Note: It is allowed to create jails within jails, but with restrictions */ +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (working copy) +@@ -333,6 +333,14 @@ + && (sb_p->s_magic == PIPEFS_MAGIC) + ) + return DO_NOT_CARE; ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ /* No decision on pseudo sockfs */ ++ if( (target == T_FILE) ++ && (!RSBAC_MAJOR(tid.file.device)) ++ && (!RSBAC_MINOR(tid.file.device)) ++ ) ++ return DO_NOT_CARE; ++#endif + switch(request) + { + case R_GET_STATUS_DATA: +@@ -1008,6 +1016,7 @@ + rsbac_pid_t parent_pid = 0; + + /* Get owner's logging pseudo */ ++ i_tid.user = owner; + if (rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE)) + { + rsbac_ds_get_error("rsbac_adf_request()", A_pseudo); +@@ -2448,6 +2457,7 @@ + #endif /* SECDEL */ + + #ifdef CONFIG_RSBAC_SYM_REDIR ++EXPORT_SYMBOL(rsbac_symlink_redirect); + void rsbac_symlink_redirect(struct dentry * dentry_p, char * name) + { + int err; +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_check.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_check.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_check.c (working copy) +@@ -439,6 +439,7 @@ + { + case T_DIR: + case T_SCD: ++ case T_IPC: + #ifdef CONFIG_RSBAC_RW + case T_FILE: + case T_FIFO: +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c (working copy) +@@ -146,7 +146,7 @@ + off_t pos = 0; + off_t begin = 0; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "stats_rc_proc_info(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -1540,7 +1540,7 @@ + + int rsbac_stats_rc(void) + { +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c (working copy) +@@ -9504,10 +9504,11 @@ + /* All functions return 0, if no error occurred, and a negative error code */ + /* otherwise. The error codes are defined in rsbac_error.h. */ + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + /* declare sys_kill */ + extern long sys_kill(int pid, int sig); ++#endif + +- + #ifdef CONFIG_RSBAC_INIT_DELAY + int rsbac_init(kdev_t root_dev) + #else +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/pm_data_structures.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/pm_data_structures.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/pm_data_structures.c (working copy) +@@ -90,7 +90,7 @@ + union rsbac_attribute_value_t rsbac_attribute_value; + #endif + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "stats_pm_proc_info(): RSBAC not initialized\n"); +@@ -1661,7 +1661,7 @@ + u_long all_member_count = 0; + u_long all_count = 0; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "rsbac_stats_pm(): RSBAC not initialized\n"); +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/acl_data_structures.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/acl_data_structures.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/acl_data_structures.c (working copy) +@@ -539,7 +539,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "stats_acl_proc_info(): RSBAC not initialized\n"); +@@ -759,7 +759,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "acl_acllist_proc_info(): RSBAC not initialized\n"); +@@ -1697,7 +1697,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "acl_grouplist_proc_info(): RSBAC not initialized\n"); +@@ -3057,7 +3057,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_stats_acl(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/mac_data_structures.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/mac_data_structures.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/mac_data_structures.c (working copy) +@@ -483,7 +483,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "stats_mac_proc_info(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -587,7 +587,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "mac_trulist_proc_info(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -1174,7 +1174,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "rsbac_stats_mac(): RSBAC not initialized\n"); +@@ -1771,7 +1771,7 @@ + struct rsbac_mac_device_list_item_t * device_p; + int err=0; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -1822,7 +1822,7 @@ + int rsbac_mac_copy_pp_truset(rsbac_pid_t old_p_set_id, + rsbac_pid_t new_p_set_id) + { +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -1850,7 +1850,7 @@ + struct rsbac_mac_device_list_item_t * device_p; + long count; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_mac_get_f_trulist(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -1904,7 +1904,7 @@ + rsbac_uid_t **trulist_p, + rsbac_time_t **ttllist_p) + { +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_mac_get_p_trulist(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/auth_data_structures.c +=================================================================== +--- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/auth_data_structures.c (revision 16) ++++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/auth_data_structures.c (working copy) +@@ -770,7 +770,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "stats_auth_proc_info(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -940,7 +940,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "auth_caplist_proc_info(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -1908,7 +1908,7 @@ + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + #ifdef CONFIG_RSBAC_RMSG + rsbac_printk(KERN_WARNING "rsbac_stats_auth(): RSBAC not initialized\n"); +@@ -2940,7 +2940,7 @@ + struct rsbac_auth_device_list_item_t * device_p; + int err=0; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -2991,7 +2991,7 @@ + int rsbac_auth_copy_pp_capset(rsbac_pid_t old_p_set_id, + rsbac_pid_t new_p_set_id) + { +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -3020,7 +3020,7 @@ + struct rsbac_auth_device_list_item_t * device_p; + long count; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_auth_get_f_caplist(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); +@@ -3098,7 +3098,7 @@ + { + long count; + +- if (!rsbac_is_initialized) ++ if (!rsbac_is_initialized()) + { + printk(KERN_WARNING "rsbac_auth_get_p_caplist(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r5.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r5.ebuild deleted file mode 100644 index 66e63c241d1f..000000000000 --- a/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r5.ebuild +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r5.ebuild,v 1.1 2004/08/10 09:37:58 kang Exp $ - -IUSE="" -ETYPE="sources" -inherit kernel-2 -detect_version - -# rsbac -RSBACV=1.2.3 -RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2" -CAN_SRC="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch" - -# rsbac kernel patches -RGPV=26.7 -RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 http://dev.gentoo.org/~zhware/rsbac/v${RSBACV}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" - -UNIPATCH_STRICTORDER="yes" -UNIPATCH_LIST=" ${FILESDIR}/${PN}-2.4.CAN-2004-0495.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-0535.patch - ${FILESDIR}/${PN}-CAN-2004-0497.patch - ${FILESDIR}/${OKV}-*.patch - ${DISTDIR}/linux-2.4.26-CAN-2004-0415.patch - ${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 - ${FILESDIR}/${PN}-v1.2.3-3.patch" -UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README" - -HOMEPAGE="http://hardened.gentoo.org/rsbac" -DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" - -SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC} ${CAN_SRC}" -KEYWORDS="x86" - - -src_unpack() { - universal_unpack - cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2 - unipatch "${UNIPATCH_LIST}" - [ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion - unpack_2_4 -} - -pkg_postinst() { - postinst_sources -} diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.4.28.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.4.28-r1.ebuild index e3753439b46e..47004a721132 100644 --- a/sys-kernel/rsbac-sources/rsbac-sources-2.4.28.ebuild +++ b/sys-kernel/rsbac-sources/rsbac-sources-2.4.28-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.4.28.ebuild,v 1.2 2004/12/02 18:43:52 kang Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.4.28-r1.ebuild,v 1.1 2004/12/08 20:17:09 kang Exp $ IUSE="" ETYPE="sources" @@ -17,7 +17,14 @@ RGPV=28.1 RGPV_SRC="http://dev.gentoo.org/~kang/rsbac/patches/${RSBACV}/${KV_MAJOR}.${KV_MINOR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" UNIPATCH_STRICTORDER="yes" -UNIPATCH_LIST="${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" +UNIPATCH_LIST=" + ${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 + ${FILESDIR}/${PN}-v1.2.3-1.patch + ${FILESDIR}/${PN}-v1.2.3-2.patch + ${FILESDIR}/${PN}-v1.2.3-3.patch + ${FILESDIR}/${PN}-v1.2.3-4.patch + ${FILESDIR}/${PN}-v1.2.3-6.patch + ${FILESDIR}/${PN}-${OKV}-dos_mem_disc.patch" UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README" HOMEPAGE="http://hardened.gentoo.org/rsbac" |